Merge branch '33318-make-internal-projects-poolable' into 'master'

Make internal projects poolable Closes #33318 See merge request gitlab-org/gitlab!19295

Merge branch '33318-make-internal-projects-poolable' into 'master'
Make internal projects poolable Closes #33318 See merge request gitlab-org/gitlab!19295
3431e27c · Bob Van Landuyt · 82d0b0b1 · 326d1ae5 · 3431e27c · 3431e27c
Commit 3431e27c authored Nov 29, 2019 by Bob Van Landuyt
5 changed files
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -2250,12 +2250,13 @@ class Project < ApplicationRecord
  # Git objects are only poolable when the project is or has:
  # - Hashed storage -> The object pool will have a remote to its members, using relative paths.
  #                     If the repository path changes we would have to update the remote.
-  # - Public         -> User will be able to fetch Git objects that might not exist
-  #                     in their own repository.
+  # - not private    -> The visibility level or repository access level has to be greater than private
+  #                     to prevent fetching objects that might not exist
  # - Repository     -> Else the disk path will be empty, and there's nothing to pool
  def git_objects_poolable?
    hashed_storage?(:repository) &&
-      public? &&
+      visibility_level > Gitlab::VisibilityLevel::PRIVATE &&
+      repository_access_level > ProjectFeature::PRIVATE &&
      repository_exists? &&
      Gitlab::CurrentSettings.hashed_storage_enabled
  end

--- a/changelogs/unreleased/33318-make-internal-projects-poolable.yml
+++ b/changelogs/unreleased/33318-make-internal-projects-poolable.yml
+---
+title: Make internal projects poolable
+merge_request: 19295
+author: briankabiro
+type: changed
--- a/doc/development/git_object_deduplication.md
+++ b/doc/development/git_object_deduplication.md
@@ -111,7 +111,7 @@ are as follows:
  contents of the pool repository are a Git clone of the source
  project repository.
 - The occasion for creating a pool is when an existing eligible
-  (public, hashed storage, non-forked) GitLab project gets forked and
+  (non-private, hashed storage, non-forked) GitLab project gets forked and
  this project does not belong to a pool repository yet. The fork
  parent project becomes the source project of the new pool, and both
  the fork parent and the fork child project become members of the new

--- a/spec/models/project_spec.rb
+++ b/spec/models/project_spec.rb
@@ -5088,12 +5088,24 @@ describe Project do
      it { is_expected.not_to be_git_objects_poolable }
    end

-    context 'when the project is not public' do
+    context 'when the project is private' do
      let(:project) { create(:project, :private) }

      it { is_expected.not_to be_git_objects_poolable }
    end

+    context 'when the project is public' do
+      let(:project) { create(:project, :repository, :public) }
+
+      it { is_expected.to be_git_objects_poolable }
+    end
+
+    context 'when the project is internal' do
+      let(:project) { create(:project, :repository, :internal) }
+
+      it { is_expected.to be_git_objects_poolable }
+    end
+
    context 'when objects are poolable' do
      let(:project) { create(:project, :repository, :public) }


--- a/spec/services/projects/git_deduplication_service_spec.rb
+++ b/spec/services/projects/git_deduplication_service_spec.rb
@@ -58,6 +58,65 @@ describe Projects::GitDeduplicationService do

            service.execute
          end
+
+          context 'when visibility level of the project' do
+            before do
+              allow(pool.source_project).to receive(:repository_access_level).and_return(ProjectFeature::ENABLED)
+            end
+
+            context 'is private' do
+              it 'does not call fetch' do
+                allow(pool.source_project).to receive(:visibility_level).and_return(Gitlab::VisibilityLevel::PRIVATE)
+                expect(pool.object_pool).not_to receive(:fetch)
+
+                service.execute
+              end
+            end
+
+            context 'is public' do
+              it 'calls fetch' do
+                allow(pool.source_project).to receive(:visibility_level).and_return(Gitlab::VisibilityLevel::PUBLIC)
+                expect(pool.object_pool).to receive(:fetch)
+
+                service.execute
+              end
+            end
+
+            context 'is internal' do
+              it 'calls fetch' do
+                allow(pool.source_project).to receive(:visibility_level).and_return(Gitlab::VisibilityLevel::INTERNAL)
+                expect(pool.object_pool).to receive(:fetch)
+
+                service.execute
+              end
+            end
+          end
+
+          context 'when the repository access level' do
+            before do
+              allow(pool.source_project).to receive(:visibility_level).and_return(Gitlab::VisibilityLevel::PUBLIC)
+            end
+
+            context 'is private' do
+              it 'does not call fetch' do
+                allow(pool.source_project).to receive(:repository_access_level).and_return(ProjectFeature::PRIVATE)
+
+                expect(pool.object_pool).not_to receive(:fetch)
+
+                service.execute
+              end
+            end
+
+            context 'is greater than private' do
+              it 'calls fetch' do
+                allow(pool.source_project).to receive(:repository_access_level).and_return(ProjectFeature::PUBLIC)
+
+                expect(pool.object_pool).to receive(:fetch)
+
+                service.execute
+              end
+            end
+          end
        end

        it 'links the repository to the object pool' do