diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-02-28 22:50:46 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-02-28 22:50:46 +0000 |
commit | 3d240b44d0f87fa405c8db9ff9e4209f75975803 (patch) | |
tree | da138efad522c26eb3efd92c6bb9153e06afaf9e | |
parent | 1a642325c70eb8833fd10117cfa65e5269df9352 (diff) | |
download | gitlab-ce-3d240b44d0f87fa405c8db9ff9e4209f75975803.tar.gz |
Add latest changes from gitlab-org/security/gitlab@12-6-stable-ee
7 files changed, 141 insertions, 0 deletions
diff --git a/changelogs/unreleased/security-recalculate_project_authorizations_run_2.yml b/changelogs/unreleased/security-recalculate_project_authorizations_run_2.yml new file mode 100644 index 00000000000..ee2039806b6 --- /dev/null +++ b/changelogs/unreleased/security-recalculate_project_authorizations_run_2.yml @@ -0,0 +1,5 @@ +--- +title: Recalculate ProjectAuthorizations for all users +merge_request: +author: +type: security diff --git a/db/post_migrate/20200204113224_schedule_recalculate_project_authorizations_second_run.rb b/db/post_migrate/20200204113224_schedule_recalculate_project_authorizations_second_run.rb new file mode 100644 index 00000000000..8f4a347b5e2 --- /dev/null +++ b/db/post_migrate/20200204113224_schedule_recalculate_project_authorizations_second_run.rb @@ -0,0 +1,32 @@ +# frozen_string_literal: true + +class ScheduleRecalculateProjectAuthorizationsSecondRun < ActiveRecord::Migration[5.1] + include Gitlab::Database::MigrationHelpers + + DOWNTIME = false + + MIGRATION = 'RecalculateProjectAuthorizationsWithMinMaxUserId' + BATCH_SIZE = 2_500 + DELAY_INTERVAL = 2.minutes.to_i + + disable_ddl_transaction! + + class User < ActiveRecord::Base + include ::EachBatch + + self.table_name = 'users' + end + + def up + say "Scheduling #{MIGRATION} jobs" + + User.each_batch(of: BATCH_SIZE) do |batch, index| + delay = index * DELAY_INTERVAL + range = batch.pluck('MIN(id)', 'MAX(id)').first + BackgroundMigrationWorker.perform_in(delay, MIGRATION, range) + end + end + + def down + end +end diff --git a/lib/gitlab/background_migration/recalculate_project_authorizations_with_min_max_user_id.rb b/lib/gitlab/background_migration/recalculate_project_authorizations_with_min_max_user_id.rb new file mode 100644 index 00000000000..b66fdfd5c65 --- /dev/null +++ b/lib/gitlab/background_migration/recalculate_project_authorizations_with_min_max_user_id.rb @@ -0,0 +1,38 @@ +# frozen_string_literal: true + +module Gitlab + module BackgroundMigration + # rubocop:disable Style/Documentation + class RecalculateProjectAuthorizationsWithMinMaxUserId + def perform(min_user_id, max_user_id) + User.where(id: min_user_id..max_user_id).find_each do |user| + service = Users::RefreshAuthorizedProjectsService.new( + user, + incorrect_auth_found_callback: + ->(project_id, access_level) do + logger.info(message: 'Removing ProjectAuthorizations', + user_id: user.id, + project_id: project_id, + access_level: access_level) + end, + missing_auth_found_callback: + ->(project_id, access_level) do + logger.info(message: 'Creating ProjectAuthorizations', + user_id: user.id, + project_id: project_id, + access_level: access_level) + end + ) + + service.execute + end + end + + private + + def logger + @logger ||= Gitlab::BackgroundMigration::Logger.build + end + end + end +end diff --git a/spec/lib/gitlab/background_migration/recalculate_project_authorizations_with_min_max_user_id_spec.rb b/spec/lib/gitlab/background_migration/recalculate_project_authorizations_with_min_max_user_id_spec.rb new file mode 100644 index 00000000000..14ba57eecbf --- /dev/null +++ b/spec/lib/gitlab/background_migration/recalculate_project_authorizations_with_min_max_user_id_spec.rb @@ -0,0 +1,38 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe Gitlab::BackgroundMigration::RecalculateProjectAuthorizationsWithMinMaxUserId, :migration, schema: 20200204113224 do + let(:users_table) { table(:users) } + let(:min) { 1 } + let(:max) { 5 } + + before do + min.upto(max) do |i| + users_table.create!(id: i, email: "user#{i}@example.com", projects_limit: 10) + end + end + + describe '#perform' do + it 'initializes Users::RefreshAuthorizedProjectsService with correct users' do + min.upto(max) do |i| + user = User.find(i) + expect(Users::RefreshAuthorizedProjectsService).to( + receive(:new).with(user, any_args).and_call_original) + end + + described_class.new.perform(min, max) + end + + it 'executes Users::RefreshAuthorizedProjectsService' do + expected_call_counts = max - min + 1 + + service = instance_double(Users::RefreshAuthorizedProjectsService) + expect(Users::RefreshAuthorizedProjectsService).to( + receive(:new).exactly(expected_call_counts).times.and_return(service)) + expect(service).to receive(:execute).exactly(expected_call_counts).times + + described_class.new.perform(min, max) + end + end +end diff --git a/spec/migrations/schedule_recalculate_project_authorizations_second_run_spec.rb b/spec/migrations/schedule_recalculate_project_authorizations_second_run_spec.rb new file mode 100644 index 00000000000..16d598801f0 --- /dev/null +++ b/spec/migrations/schedule_recalculate_project_authorizations_second_run_spec.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +require 'spec_helper' +require Rails.root.join('db', 'post_migrate', '20200204113224_schedule_recalculate_project_authorizations_second_run.rb') + +describe ScheduleRecalculateProjectAuthorizationsSecondRun, :migration, :sidekiq do + let(:users_table) { table(:users) } + + before do + stub_const("#{described_class}::BATCH_SIZE", 2) + + 1.upto(4) do |i| + users_table.create!(id: i, name: "user#{i}", email: "user#{i}@example.com", projects_limit: 1) + end + end + + it 'schedules background migration' do + Sidekiq::Testing.fake! do + Timecop.freeze do + migrate! + + expect(BackgroundMigrationWorker.jobs.size).to eq(2) + expect(described_class::MIGRATION).to be_scheduled_migration(1, 2) + expect(described_class::MIGRATION).to be_scheduled_migration(3, 4) + end + end + end +end diff --git a/vendor/gitignore/C++.gitignore b/vendor/gitignore/C++.gitignore index 259148fa18f..259148fa18f 100755..100644 --- a/vendor/gitignore/C++.gitignore +++ b/vendor/gitignore/C++.gitignore diff --git a/vendor/gitignore/Java.gitignore b/vendor/gitignore/Java.gitignore index a1c2a238a96..a1c2a238a96 100755..100644 --- a/vendor/gitignore/Java.gitignore +++ b/vendor/gitignore/Java.gitignore |