Commit 5370c442 authored by Mayra Cabrera's avatar Mayra Cabrera Committed by Kamil Trzciński

Resolve "Automatically provide a Deploy Token to projects when Auto DevOps is enabled"

parent eb75844f
...@@ -6,6 +6,8 @@ class ProjectAutoDevops < ActiveRecord::Base ...@@ -6,6 +6,8 @@ class ProjectAutoDevops < ActiveRecord::Base
validates :domain, allow_blank: true, hostname: { allow_numeric_hostname: true } validates :domain, allow_blank: true, hostname: { allow_numeric_hostname: true }
after_save :create_gitlab_deploy_token, if: :needs_to_create_deploy_token?
def instance_domain def instance_domain
Gitlab::CurrentSettings.auto_devops_domain Gitlab::CurrentSettings.auto_devops_domain
end end
...@@ -22,4 +24,23 @@ class ProjectAutoDevops < ActiveRecord::Base ...@@ -22,4 +24,23 @@ class ProjectAutoDevops < ActiveRecord::Base
end end
end end
end end
private
def create_gitlab_deploy_token
project.deploy_tokens.create!(
name: DeployToken::GITLAB_DEPLOY_TOKEN_NAME,
read_registry: true
)
end
def needs_to_create_deploy_token?
auto_devops_enabled? &&
!project.public? &&
!project.deploy_tokens.find_by(name: DeployToken::GITLAB_DEPLOY_TOKEN_NAME).present?
end
def auto_devops_enabled?
Gitlab::CurrentSettings.auto_devops_enabled? || enabled?
end
end end
---
title: Automatize Deploy Token creation for Auto Devops
merge_request: 19507
author:
type: added
...@@ -426,6 +426,15 @@ no longer be valid as soon as the deployment job finishes. This means that ...@@ -426,6 +426,15 @@ no longer be valid as soon as the deployment job finishes. This means that
Kubernetes can run the application, but in case it should be restarted or Kubernetes can run the application, but in case it should be restarted or
executed somewhere else, it cannot be accessed again. executed somewhere else, it cannot be accessed again.
> [Introduced][ce-19507] in GitLab 11.0.
For internal and private projects a [GitLab Deploy Token](../../user/project/deploy_tokens/index.md###gitlab-deploy-token)
will be automatically created, when Auto DevOps is enabled and the Auto DevOps settings are saved. This Deploy Token
can be used for permanent access to the registry.
Note: **Note**
When the GitLab Deploy Token has been manually revoked, it won't be automatically created.
### Auto Monitoring ### Auto Monitoring
NOTE: **Note:** NOTE: **Note:**
...@@ -809,3 +818,4 @@ curl --data "value=true" --header "PRIVATE-TOKEN: personal_access_token" https:/ ...@@ -809,3 +818,4 @@ curl --data "value=true" --header "PRIVATE-TOKEN: personal_access_token" https:/
[Auto DevOps template]: https://gitlab.com/gitlab-org/gitlab-ci-yml/blob/master/Auto-DevOps.gitlab-ci.yml [Auto DevOps template]: https://gitlab.com/gitlab-org/gitlab-ci-yml/blob/master/Auto-DevOps.gitlab-ci.yml
[GitLab Omnibus Helm Chart]: ../../install/kubernetes/gitlab_omnibus.md [GitLab Omnibus Helm Chart]: ../../install/kubernetes/gitlab_omnibus.md
[ee]: https://about.gitlab.com/products/ [ee]: https://about.gitlab.com/products/
[ce-19507]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/19507
...@@ -3,5 +3,9 @@ FactoryBot.define do ...@@ -3,5 +3,9 @@ FactoryBot.define do
project project
enabled true enabled true
domain "example.com" domain "example.com"
trait :disabled do
enabled false
end
end end
end end
...@@ -71,4 +71,97 @@ describe ProjectAutoDevops do ...@@ -71,4 +71,97 @@ describe ProjectAutoDevops do
{ key: 'AUTO_DEVOPS_DOMAIN', value: 'example.com', public: true } { key: 'AUTO_DEVOPS_DOMAIN', value: 'example.com', public: true }
end end
end end
describe '#set_gitlab_deploy_token' do
let(:auto_devops) { build(:project_auto_devops, project: project) }
context 'when the project is public' do
let(:project) { create(:project, :repository, :public) }
it 'should not create a gitlab deploy token' do
expect do
auto_devops.save
end.not_to change { DeployToken.count }
end
end
context 'when the project is internal' do
let(:project) { create(:project, :repository, :internal) }
it 'should create a gitlab deploy token' do
expect do
auto_devops.save
end.to change { DeployToken.count }.by(1)
end
end
context 'when the project is private' do
let(:project) { create(:project, :repository, :private) }
it 'should create a gitlab deploy token' do
expect do
auto_devops.save
end.to change { DeployToken.count }.by(1)
end
end
context 'when autodevops is enabled at project level' do
let(:project) { create(:project, :repository, :internal) }
let(:auto_devops) { build(:project_auto_devops, project: project) }
it 'should create a deploy token' do
expect do
auto_devops.save
end.to change { DeployToken.count }.by(1)
end
end
context 'when autodevops is enabled at instancel level' do
let(:project) { create(:project, :repository, :internal) }
let(:auto_devops) { build(:project_auto_devops, :disabled, project: project) }
it 'should create a deploy token' do
allow(Gitlab::CurrentSettings).to receive(:auto_devops_enabled?).and_return(true)
expect do
auto_devops.save
end.to change { DeployToken.count }.by(1)
end
end
context 'when autodevops is disabled' do
let(:project) { create(:project, :repository, :internal) }
let(:auto_devops) { build(:project_auto_devops, :disabled, project: project) }
it 'should not create a deploy token' do
expect do
auto_devops.save
end.not_to change { DeployToken.count }
end
end
context 'when the project already has an active gitlab-deploy-token' do
let(:project) { create(:project, :repository, :internal) }
let!(:deploy_token) { create(:deploy_token, :gitlab_deploy_token, projects: [project]) }
let(:auto_devops) { build(:project_auto_devops, project: project) }
it 'should not create a deploy token' do
expect do
auto_devops.save
end.not_to change { DeployToken.count }
end
end
context 'when the project already has a revoked gitlab-deploy-token' do
let(:project) { create(:project, :repository, :internal) }
let!(:deploy_token) { create(:deploy_token, :gitlab_deploy_token, :expired, projects: [project]) }
let(:auto_devops) { build(:project_auto_devops, project: project) }
it 'should not create a deploy token' do
expect do
auto_devops.save
end.not_to change { DeployToken.count }
end
end
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment