Commit 438b8ef4 authored by Andreas Brandl's avatar Andreas Brandl

Merge branch '33494-delete-stale-deploy-access-levels-by-group' into 'master'

Delete any stale deploy access levels  by group

See merge request gitlab-org/gitlab!20689
parents 973c75d7 285499c2
# frozen_string_literal: true
class CleanupDeployAccessLevelsForRemovedGroups < ActiveRecord::Migration[5.2]
DOWNTIME = false
def up
return unless Gitlab.ee?
delete = <<~SQL
DELETE FROM protected_environment_deploy_access_levels d
USING protected_environments p
WHERE d.protected_environment_id=p.id
AND d.group_id IS NOT NULL
AND NOT EXISTS (SELECT 1 FROM project_group_links WHERE project_id=p.project_id AND group_id=d.group_id)
RETURNING *
SQL
# At the time of writing there are 4 such records on GitLab.com,
# execution time is expected to be around 15ms.
records = execute(delete)
logger = Gitlab::BackgroundMigration::Logger.build
records.to_a.each do |record|
logger.info record.as_json.merge(message: "protected_environments_deploy_access_levels was deleted")
end
end
def down
# There is no pragmatic way to restore
# the records deleted in the `#up` method above.
end
end
---
title: Delete any stale deploy access levels by group
merge_request: 20689
author:
type: other
# frozen_string_literal: true
require 'spec_helper'
require Rails.root.join('db', 'post_migrate', '20191125024005_cleanup_deploy_access_levels_for_removed_groups.rb')
describe CleanupDeployAccessLevelsForRemovedGroups, :migration do
let(:namespaces) { table(:namespaces) }
let(:projects) { table(:projects) }
let(:groups) { table(:namespaces) }
let(:project_group_links) { table(:project_group_links) }
let(:protected_environments) { table(:protected_environments) }
let(:deploy_access_levels) { table(:protected_environment_deploy_access_levels) }
it 'removes deploy access levels for removed groups and keeps the rest' do
namespace = namespaces.create!(name: 'gitlab', path: 'gitlab')
project = projects.create!(namespace_id: namespace.id)
protected_environment = protected_environments.create!(project_id: project.id, name: 'production')
removed_group = namespaces.create!(name: 'removed-group', path: 'removed-group', type: 'Group')
legit_group = namespaces.create!(name: 'legit-group', path: 'legit-group', type: 'Group')
project_group_links.create!(project_id: project.id, group_id: legit_group.id)
deploy_access_level_for_removed_group = deploy_access_levels.create!(protected_environment_id: protected_environment.id, group_id: removed_group.id)
deploy_access_level_for_legit_group = deploy_access_levels.create!(protected_environment_id: protected_environment.id, group_id: legit_group.id)
deploy_access_level_for_access_level = deploy_access_levels.create!(protected_environment_id: protected_environment.id, access_level: Gitlab::Access::MAINTAINER)
expect { migrate! }.to change { deploy_access_levels.count }.from(3).to(2)
expect(deploy_access_levels.where(protected_environment_id: protected_environment.id))
.to contain_exactly(deploy_access_level_for_legit_group, deploy_access_level_for_access_level)
expect(deploy_access_levels.find_by_id(deploy_access_level_for_removed_group.id)).to be_nil
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment