diff options
author | Tiger <twatson@gitlab.com> | 2019-06-14 10:45:31 +1000 |
---|---|---|
committer | Tiger <twatson@gitlab.com> | 2019-06-21 08:30:26 +1000 |
commit | bae848418b1784be938bb670da4ffceed06f42dd (patch) | |
tree | ba3a2234dabe881760cf851375e9cae9bd9046a5 | |
parent | 2c48cb24983314ab78963d2dfb2a74b0f9104fc8 (diff) | |
download | gitlab-ce-bae848418b1784be938bb670da4ffceed06f42dd.tar.gz |
Migrate clusters with no token to unmanaged
There are clusters that have Kubernetes namespaces
stored which are missing a service account token.
These namespaces are unable to be used for deployments,
so marking the clusters as unmanaged will allow the
platform credentials to be used instead.
3 files changed, 113 insertions, 0 deletions
diff --git a/changelogs/unreleased/63079-migrate-clusters-with-no-token-to-unmanaged.yml b/changelogs/unreleased/63079-migrate-clusters-with-no-token-to-unmanaged.yml new file mode 100644 index 00000000000..92133af03f7 --- /dev/null +++ b/changelogs/unreleased/63079-migrate-clusters-with-no-token-to-unmanaged.yml @@ -0,0 +1,6 @@ +--- +title: Migrate GitLab managed project-level clusters to unmanaged if they are missing + a Kubernetes service account token +merge_request: 29648 +author: +type: other diff --git a/db/post_migrate/20190613231640_migrate_managed_clusters_with_no_token_to_unmanaged.rb b/db/post_migrate/20190613231640_migrate_managed_clusters_with_no_token_to_unmanaged.rb new file mode 100644 index 00000000000..b2914afe2cd --- /dev/null +++ b/db/post_migrate/20190613231640_migrate_managed_clusters_with_no_token_to_unmanaged.rb @@ -0,0 +1,48 @@ +# frozen_string_literal: true + +# See http://doc.gitlab.com/ce/development/migration_style_guide.html +# for more information on how to write migrations for GitLab. + +class MigrateManagedClustersWithNoTokenToUnmanaged < ActiveRecord::Migration[5.1] + include Gitlab::Database::MigrationHelpers + + DOWNTIME = false + + disable_ddl_transaction! + + class Cluster < ActiveRecord::Base + include EachBatch + + self.table_name = 'clusters' + + has_many :kubernetes_namespaces, class_name: 'MigrateManagedClustersWithNoTokenToUnmanaged::KubernetesNamespace' + + scope :managed, -> { where(managed: true) } + + enum cluster_type: { + instance_type: 1, + group_type: 2, + project_type: 3 + } + end + + class KubernetesNamespace < ActiveRecord::Base + self.table_name = 'clusters_kubernetes_namespaces' + + belongs_to :cluster, class_name: 'MigrateManagedClustersWithNoTokenToUnmanaged::Cluster' + end + + def up + Cluster.managed + .project_type + .joins(:kubernetes_namespaces) + .where(clusters_kubernetes_namespaces: { encrypted_service_account_token: nil }) + .where('clusters.created_at < ?', Date.new(2018, 12, 1).midnight) + .each_batch do |batch| + batch.update_all(managed: false) + end + end + + def down + end +end diff --git a/spec/migrations/migrate_managed_clusters_with_no_token_to_unmanaged_spec.rb b/spec/migrations/migrate_managed_clusters_with_no_token_to_unmanaged_spec.rb new file mode 100644 index 00000000000..b73bd16cb60 --- /dev/null +++ b/spec/migrations/migrate_managed_clusters_with_no_token_to_unmanaged_spec.rb @@ -0,0 +1,59 @@ +# frozen_string_literal: true + +require 'spec_helper' +require Rails.root.join('db', 'post_migrate', '20190613231640_migrate_managed_clusters_with_no_token_to_unmanaged.rb') + +describe MigrateManagedClustersWithNoTokenToUnmanaged, :migration do + let(:cluster_type) { 'project_type' } + let(:created_at) { Date.new(2018, 11, 1).midnight } + + let!(:cluster) do + table(:clusters).create!( + name: 'cluster', + cluster_type: described_class::Cluster.cluster_types[cluster_type], + managed: true, + created_at: created_at + ) + end + + let!(:kubernetes_namespace) do + table(:clusters_kubernetes_namespaces).create!( + cluster_id: cluster.id, + namespace: 'namespace' + ) + end + + it 'marks the cluster as unmanaged' do + migrate! + expect(cluster.reload).not_to be_managed + end + + context 'cluster is not project type' do + let(:cluster_type) { 'group_type' } + + it 'does not update the cluster' do + migrate! + expect(cluster.reload).to be_managed + end + end + + context 'kubernetes namespace has a service account token' do + before do + kubernetes_namespace.update!(encrypted_service_account_token: "TOKEN") + end + + it 'does not update the cluster' do + migrate! + expect(cluster.reload).to be_managed + end + end + + context 'cluster was created after the cutoff' do + let(:created_at) { Date.new(2019, 1, 1).midnight } + + it 'does not update the cluster' do + migrate! + expect(cluster.reload).to be_managed + end + end +end |