Migrate clusters with no token to unmanaged63079-migrate-clusters-with-no-token-to-unmanaged

There are clusters that have Kubernetes namespaces stored which are missing a service account token. These namespaces are unable to be used for deployments, so marking the clusters as unmanaged will allow the platform credentials to be used instead.
author: Tiger <twatson@gitlab.com> 2019-06-14 10:45:31 +1000
committer: Tiger <twatson@gitlab.com> 2019-06-20 16:48:00 +1000
commit: e5c0635890ac1468be485f171c101f06cb287a3b (patch)
tree: dd43bb1481c04aa785b2b849b87d5e54c7e82aee
parent: adeccba13676b831335e2f12f779f77602298b31 (diff)
download: gitlab-ce-63079-migrate-clusters-with-no-token-to-unmanaged.tar.gz
4 files changed, 114 insertions, 1 deletions
diff --git a/changelogs/unreleased/63079-migrate-clusters-with-no-token-to-unmanaged.yml b/changelogs/unreleased/63079-migrate-clusters-with-no-token-to-unmanaged.yml
new file mode 100644
index 00000000000..92133af03f7
--- /dev/null
+++ b/changelogs/unreleased/63079-migrate-clusters-with-no-token-to-unmanaged.yml
@@ -0,0 +1,6 @@
+---
+title: Migrate GitLab managed project-level clusters to unmanaged if they are missing
+  a Kubernetes service account token
+merge_request: 29648
+author:
+type: other
diff --git a/db/post_migrate/20190613231640_migrate_managed_clusters_with_no_token_to_unmanaged.rb b/db/post_migrate/20190613231640_migrate_managed_clusters_with_no_token_to_unmanaged.rb
new file mode 100644
index 00000000000..b2914afe2cd
--- /dev/null
+++ b/db/post_migrate/20190613231640_migrate_managed_clusters_with_no_token_to_unmanaged.rb
@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+# See http://doc.gitlab.com/ce/development/migration_style_guide.html
+# for more information on how to write migrations for GitLab.
+
+class MigrateManagedClustersWithNoTokenToUnmanaged < ActiveRecord::Migration[5.1]
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  class Cluster < ActiveRecord::Base
+    include EachBatch
+
+    self.table_name = 'clusters'
+
+    has_many :kubernetes_namespaces, class_name: 'MigrateManagedClustersWithNoTokenToUnmanaged::KubernetesNamespace'
+
+    scope :managed, -> { where(managed: true) }
+
+    enum cluster_type: {
+      instance_type: 1,
+      group_type: 2,
+      project_type: 3
+    }
+  end
+
+  class KubernetesNamespace < ActiveRecord::Base
+    self.table_name = 'clusters_kubernetes_namespaces'
+
+    belongs_to :cluster, class_name: 'MigrateManagedClustersWithNoTokenToUnmanaged::Cluster'
+  end
+
+  def up
+    Cluster.managed
+      .project_type
+      .joins(:kubernetes_namespaces)
+      .where(clusters_kubernetes_namespaces: { encrypted_service_account_token: nil })
+      .where('clusters.created_at < ?', Date.new(2018, 12, 1).midnight)
+      .each_batch do |batch|
+        batch.update_all(managed: false)
+      end
+  end
+
+  def down
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 7a7319c132e..45025108242 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20190613030606) do
+ActiveRecord::Schema.define(version: 20190613231640) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
diff --git a/spec/migrations/migrate_managed_clusters_with_no_token_to_unmanaged_spec.rb b/spec/migrations/migrate_managed_clusters_with_no_token_to_unmanaged_spec.rb
new file mode 100644
index 00000000000..b73bd16cb60
--- /dev/null
+++ b/spec/migrations/migrate_managed_clusters_with_no_token_to_unmanaged_spec.rb
@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require Rails.root.join('db', 'post_migrate', '20190613231640_migrate_managed_clusters_with_no_token_to_unmanaged.rb')
+
+describe MigrateManagedClustersWithNoTokenToUnmanaged, :migration do
+  let(:cluster_type) { 'project_type' }
+  let(:created_at) { Date.new(2018, 11, 1).midnight }
+
+  let!(:cluster) do
+    table(:clusters).create!(
+      name: 'cluster',
+      cluster_type: described_class::Cluster.cluster_types[cluster_type],
+      managed: true,
+      created_at: created_at
+    )
+  end
+
+  let!(:kubernetes_namespace) do
+    table(:clusters_kubernetes_namespaces).create!(
+      cluster_id: cluster.id,
+      namespace: 'namespace'
+    )
+  end
+
+  it 'marks the cluster as unmanaged' do
+    migrate!
+    expect(cluster.reload).not_to be_managed
+  end
+
+  context 'cluster is not project type' do
+    let(:cluster_type) { 'group_type' }
+
+    it 'does not update the cluster' do
+      migrate!
+      expect(cluster.reload).to be_managed
+    end
+  end
+
+  context 'kubernetes namespace has a service account token' do
+    before do
+      kubernetes_namespace.update!(encrypted_service_account_token: "TOKEN")
+    end
+
+    it 'does not update the cluster' do
+      migrate!
+      expect(cluster.reload).to be_managed
+    end
+  end
+
+  context 'cluster was created after the cutoff' do
+    let(:created_at) { Date.new(2019, 1, 1).midnight }
+
+    it 'does not update the cluster' do
+      migrate!
+      expect(cluster.reload).to be_managed
+    end
+  end
+end
author	Tiger <twatson@gitlab.com>	2019-06-14 10:45:31 +1000
committer	Tiger <twatson@gitlab.com>	2019-06-20 16:48:00 +1000
commit	e5c0635890ac1468be485f171c101f06cb287a3b (patch)
tree	dd43bb1481c04aa785b2b849b87d5e54c7e82aee
parent	adeccba13676b831335e2f12f779f77602298b31 (diff)
download	gitlab-ce-63079-migrate-clusters-with-no-token-to-unmanaged.tar.gz