diff options
-rw-r--r-- | app/models/concerns/runners_token_prefixable.rb | 14 | ||||
-rw-r--r-- | app/models/group.rb | 12 | ||||
-rw-r--r-- | app/models/project.rb | 10 | ||||
-rw-r--r-- | config/feature_flags/development/groups_runners_token_prefix.yml | 8 | ||||
-rw-r--r-- | config/feature_flags/development/projects_runners_token_prefix.yml | 8 | ||||
-rw-r--r-- | spec/models/concerns/runners_token_prefixable_spec.rb | 20 | ||||
-rw-r--r-- | spec/models/concerns/token_authenticatable_spec.rb | 35 | ||||
-rw-r--r-- | spec/models/group_spec.rb | 2 | ||||
-rw-r--r-- | spec/models/project_spec.rb | 2 | ||||
-rw-r--r-- | spec/support/shared_examples/models/runners_token_prefix_shared_examples.rb | 34 |
10 files changed, 53 insertions, 92 deletions
diff --git a/app/models/concerns/runners_token_prefixable.rb b/app/models/concerns/runners_token_prefixable.rb new file mode 100644 index 00000000000..1aea874337e --- /dev/null +++ b/app/models/concerns/runners_token_prefixable.rb @@ -0,0 +1,14 @@ +# frozen_string_literal: true + +module RunnersTokenPrefixable + extend ActiveSupport::Concern + + # Prefix for runners_token which can be used to invalidate existing tokens. + # The value chosen here is GR (for Gitlab Runner) combined with the rotation + # date (20220225) decimal to hex encoded. + RUNNERS_TOKEN_PREFIX = 'GR1348941' + + def runners_token_prefix + RUNNERS_TOKEN_PREFIX + end +end diff --git a/app/models/group.rb b/app/models/group.rb index a395861fbb6..1d6a3a14450 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -19,14 +19,10 @@ class Group < Namespace include BulkMemberAccessLoad include ChronicDurationAttribute include RunnerTokenExpirationInterval + include RunnersTokenPrefixable extend ::Gitlab::Utils::Override - # Prefix for runners_token which can be used to invalidate existing tokens. - # The value chosen here is GR (for Gitlab Runner) combined with the rotation - # date (20220225) decimal to hex encoded. - RUNNERS_TOKEN_PREFIX = 'GR1348941' - def self.sti_name 'Group' end @@ -124,7 +120,7 @@ class Group < Namespace add_authentication_token_field :runners_token, encrypted: -> { Feature.enabled?(:groups_tokens_optional_encryption, default_enabled: true) ? :optional : :required }, - prefix: ->(instance) { instance.runners_token_prefix } + prefix: RunnersTokenPrefixable::RUNNERS_TOKEN_PREFIX after_create :post_create_hook after_destroy :post_destroy_hook @@ -678,10 +674,6 @@ class Group < Namespace ensure_runners_token! end - def runners_token_prefix - Feature.enabled?(:groups_runners_token_prefix, self, default_enabled: :yaml) ? RUNNERS_TOKEN_PREFIX : '' - end - override :format_runners_token def format_runners_token(token) "#{runners_token_prefix}#{token}" diff --git a/app/models/project.rb b/app/models/project.rb index de7dd42866f..f89e616a5ca 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -38,6 +38,7 @@ class Project < ApplicationRecord include GitlabRoutingHelper include BulkMemberAccessLoad include RunnerTokenExpirationInterval + include RunnersTokenPrefixable extend Gitlab::Cache::RequestCache extend Gitlab::Utils::Override @@ -89,11 +90,6 @@ class Project < ApplicationRecord DEFAULT_SQUASH_COMMIT_TEMPLATE = '%{title}' - # Prefix for runners_token which can be used to invalidate existing tokens. - # The value chosen here is GR (for Gitlab Runner) combined with the rotation - # date (20220225) decimal to hex encoded. - RUNNERS_TOKEN_PREFIX = 'GR1348941' - cache_markdown_field :description, pipeline: :description default_value_for :packages_enabled, true @@ -116,7 +112,7 @@ class Project < ApplicationRecord add_authentication_token_field :runners_token, encrypted: -> { Feature.enabled?(:projects_tokens_optional_encryption, default_enabled: true) ? :optional : :required }, - prefix: ->(instance) { instance.runners_token_prefix } + prefix: RunnersTokenPrefixable::RUNNERS_TOKEN_PREFIX before_validation :mark_remote_mirrors_for_removal, if: -> { RemoteMirror.table_exists? } @@ -1881,7 +1877,7 @@ class Project < ApplicationRecord end def runners_token_prefix - Feature.enabled?(:projects_runners_token_prefix, self, default_enabled: :yaml) ? RUNNERS_TOKEN_PREFIX : '' + RUNNERS_TOKEN_PREFIX end override :format_runners_token diff --git a/config/feature_flags/development/groups_runners_token_prefix.yml b/config/feature_flags/development/groups_runners_token_prefix.yml deleted file mode 100644 index 87b87266673..00000000000 --- a/config/feature_flags/development/groups_runners_token_prefix.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -name: groups_runners_token_prefix -introduced_by_url: -rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/353805 -milestone: '14.9' -type: development -group: group::database -default_enabled: true diff --git a/config/feature_flags/development/projects_runners_token_prefix.yml b/config/feature_flags/development/projects_runners_token_prefix.yml deleted file mode 100644 index 5dd21d115f6..00000000000 --- a/config/feature_flags/development/projects_runners_token_prefix.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -name: projects_runners_token_prefix -introduced_by_url: -rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/353805 -milestone: '14.9' -type: development -group: group::database -default_enabled: true diff --git a/spec/models/concerns/runners_token_prefixable_spec.rb b/spec/models/concerns/runners_token_prefixable_spec.rb new file mode 100644 index 00000000000..6127203987f --- /dev/null +++ b/spec/models/concerns/runners_token_prefixable_spec.rb @@ -0,0 +1,20 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe RunnersTokenPrefixable do + before do + stub_const('DummyModel', Class.new) + DummyModel.class_eval do + include RunnersTokenPrefixable + end + end + + describe '.runners_token_prefix' do + subject { DummyModel.new } + + it 'returns RUNNERS_TOKEN_PREFIX' do + expect(subject.runners_token_prefix).to eq(RunnersTokenPrefixable::RUNNERS_TOKEN_PREFIX) + end + end +end diff --git a/spec/models/concerns/token_authenticatable_spec.rb b/spec/models/concerns/token_authenticatable_spec.rb index 8a9e0248ed3..4534fd3664e 100644 --- a/spec/models/concerns/token_authenticatable_spec.rb +++ b/spec/models/concerns/token_authenticatable_spec.rb @@ -435,7 +435,7 @@ RSpec.shared_examples 'prefixed token rotation' do context 'token is not set' do it 'generates a new token' do - expect(subject).to match(/^#{instance.class::RUNNERS_TOKEN_PREFIX}/) + expect(subject).to match(/^#{RunnersTokenPrefixable::RUNNERS_TOKEN_PREFIX}/) expect(instance).not_to be_persisted end end @@ -446,26 +446,14 @@ RSpec.shared_examples 'prefixed token rotation' do end it 'generates a new token' do - expect(subject).to match(/^#{instance.class::RUNNERS_TOKEN_PREFIX}/) + expect(subject).to match(/^#{RunnersTokenPrefixable::RUNNERS_TOKEN_PREFIX}/) expect(instance).not_to be_persisted end - - context 'feature flag is disabled' do - before do - flag = "#{described_class.name.downcase.pluralize}_runners_token_prefix" - stub_feature_flags(flag => false) - end - - it 'leaves the token unchanged' do - expect { subject }.not_to change(instance, :runners_token) - expect(instance).not_to be_persisted - end - end end context 'token is set and matches prefix' do before do - instance.set_runners_token(instance.class::RUNNERS_TOKEN_PREFIX + '-abcdef') + instance.set_runners_token(RunnersTokenPrefixable::RUNNERS_TOKEN_PREFIX + '-abcdef') end it 'leaves the token unchanged' do @@ -480,7 +468,7 @@ RSpec.shared_examples 'prefixed token rotation' do context 'token is not set' do it 'generates a new token' do - expect(subject).to match(/^#{instance.class::RUNNERS_TOKEN_PREFIX}/) + expect(subject).to match(/^#{RunnersTokenPrefixable::RUNNERS_TOKEN_PREFIX}/) expect(instance).to be_persisted end end @@ -491,25 +479,14 @@ RSpec.shared_examples 'prefixed token rotation' do end it 'generates a new token' do - expect(subject).to match(/^#{instance.class::RUNNERS_TOKEN_PREFIX}/) + expect(subject).to match(/^#{RunnersTokenPrefixable::RUNNERS_TOKEN_PREFIX}/) expect(instance).to be_persisted end - - context 'feature flag is disabled' do - before do - flag = "#{described_class.name.downcase.pluralize}_runners_token_prefix" - stub_feature_flags(flag => false) - end - - it 'leaves the token unchanged' do - expect { subject }.not_to change(instance, :runners_token) - end - end end context 'token is set and matches prefix' do before do - instance.set_runners_token(instance.class::RUNNERS_TOKEN_PREFIX + '-abcdef') + instance.set_runners_token(RunnersTokenPrefixable::RUNNERS_TOKEN_PREFIX + '-abcdef') instance.save! end diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb index db71fa4535d..b6c7d61a291 100644 --- a/spec/models/group_spec.rb +++ b/spec/models/group_spec.rb @@ -3155,6 +3155,6 @@ RSpec.describe Group do subject { group } - it_behaves_like 'it has a prefixable runners_token', :groups_runners_token_prefix + it_behaves_like 'it has a prefixable runners_token' end end diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb index 14cc4dbbea8..1d9b38c7aa4 100644 --- a/spec/models/project_spec.rb +++ b/spec/models/project_spec.rb @@ -8002,7 +8002,7 @@ RSpec.describe Project, factory_default: :keep do subject { project } - it_behaves_like 'it has a prefixable runners_token', :projects_runners_token_prefix + it_behaves_like 'it has a prefixable runners_token' end private diff --git a/spec/support/shared_examples/models/runners_token_prefix_shared_examples.rb b/spec/support/shared_examples/models/runners_token_prefix_shared_examples.rb index bbce67ae7b9..4dce445ac73 100644 --- a/spec/support/shared_examples/models/runners_token_prefix_shared_examples.rb +++ b/spec/support/shared_examples/models/runners_token_prefix_shared_examples.rb @@ -1,35 +1,13 @@ # frozen_string_literal: true -RSpec.shared_examples 'it has a prefixable runners_token' do |feature_flag| - context 'feature flag enabled' do - before do - stub_feature_flags(feature_flag => [subject]) +RSpec.shared_examples 'it has a prefixable runners_token' do + describe '#runners_token' do + it 'has a runners_token_prefix' do + expect(subject.runners_token_prefix).not_to be_empty end - describe '#runners_token' do - it 'has a runners_token_prefix' do - expect(subject.runners_token_prefix).not_to be_empty - end - - it 'starts with the runners_token_prefix' do - expect(subject.runners_token).to start_with(subject.runners_token_prefix) - end - end - end - - context 'feature flag disabled' do - before do - stub_feature_flags(feature_flag => false) - end - - describe '#runners_token' do - it 'does not have a runners_token_prefix' do - expect(subject.runners_token_prefix).to be_empty - end - - it 'starts with the runners_token_prefix' do - expect(subject.runners_token).to start_with(subject.runners_token_prefix) - end + it 'starts with the runners_token_prefix' do + expect(subject.runners_token).to start_with(subject.runners_token_prefix) end end end |