Merge branch '212162-move-statuspagesetting-code-under-statuspage-namespace' into 'master'

Resolve "Move StatusPageSetting code under `StatusPage` namespace"

Closes #212162

See merge request gitlab-org/gitlab!29655

ee/app/models/ee/project.rb

@@ -47,7 +47,7 @@ module EE
       has_one :service_desk_setting, class_name: 'ServiceDeskSetting'
       has_one :tracing_setting, class_name: 'ProjectTracingSetting'
       has_one :feature_usage, class_name: 'ProjectFeatureUsage'
-      has_one :status_page_setting, inverse_of: :project
+      has_one :status_page_setting, inverse_of: :project, class_name: 'StatusPage::ProjectSetting'
       has_one :compliance_framework_setting, class_name: 'ComplianceManagement::ComplianceFramework::ProjectSettings', inverse_of: :project
 
       has_many :reviews, inverse_of: :project

ee/app/models/status_page/project_setting.rb

+# frozen_string_literal: true
+
+module StatusPage
+  class ProjectSetting < ApplicationRecord
+    # AWS validations. See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/25863#note_295772553
+    AWS_BUCKET_NAME_REGEXP = /\A[a-z0-9][a-z0-9\-.]*\z/.freeze
+    AWS_ACCESS_KEY_REGEXP  = /\A[A-Z0-9]{20}\z/.freeze
+    AWS_SECRET_KEY_REGEXP  = /\A[A-Za-z0-9\/+=]{40}\z/.freeze
+
+    self.table_name = 'status_page_settings'
+
+    belongs_to :project
+
+    attr_encrypted :aws_secret_key,
+      mode:      :per_attribute_iv,
+      algorithm: 'aes-256-gcm',
+      key:       Settings.attr_encrypted_db_key_base_32
+
+    before_validation :check_secret_changes
+
+    validates :aws_s3_bucket_name,
+              length: { minimum: 3, maximum: 63 },
+              presence: true,
+              format: { with: AWS_BUCKET_NAME_REGEXP }
+    validates :aws_access_key,
+              presence: true,
+              format: { with: AWS_ACCESS_KEY_REGEXP }
+    validates :aws_secret_key,
+              presence: true,
+              format: { with: AWS_SECRET_KEY_REGEXP }
+    validates :project, :aws_region, :encrypted_aws_secret_key,
+              presence: true
+    validates :enabled, inclusion: { in: [true, false] }
+
+    scope :enabled, -> { where(enabled: true) }
+
+    def masked_aws_secret_key
+      return if aws_secret_key.blank?
+
+      '*' * 40
+    end
+
+    def enabled?
+      super &&
+        project&.feature_available?(:status_page) &&
+        project&.beta_feature_available?(:status_page)
+    end
+
+    def storage_client
+      return unless enabled?
+
+      StatusPage::Storage::S3Client.new(
+        region: aws_region,
+        bucket_name: aws_s3_bucket_name,
+        access_key_id: aws_access_key,
+        secret_access_key: aws_secret_key
+      )
+    end
+
+    private
+
+    def check_secret_changes
+      return unless masked_aws_secret_key == aws_secret_key
+
+      restore_attributes [:aws_secret_key, :encrypted_aws_secret_key, :encrypted_aws_secret_key_iv]
+    end
+  end
+end

ee/lib/ee/gitlab/usage_data.rb

@@ -158,7 +158,7 @@ module EE
                 projects_reporting_ci_cd_back_to_github: count(::GithubService.without_defaults.active),
                 projects_with_packages: distinct_count(::Packages::Package, :project_id),
                 projects_with_tracing_enabled: count(ProjectTracingSetting),
-                status_page_projects: count(::StatusPageSetting.enabled),
+                status_page_projects: count(::StatusPage::ProjectSetting.enabled),
                 status_page_issues: count(::Issue.on_status_page),
                 template_repositories: count(::Project.with_repos_templates) + count(::Project.with_groups_level_repos_templates)
               },

ee/spec/controllers/projects/settings/operations_controller_spec.rb

@@ -295,7 +295,7 @@ describe Projects::Settings::OperationsController do
           project.status_page_setting
         end
 
-        it { is_expected.to be_a(StatusPageSetting) }
+        it { is_expected.to be_a(StatusPage::ProjectSetting) }
 
         context 'when feature flag is disabled' do
           before do

ee/spec/factories/status_page_settings.rb

 # frozen_string_literal: true
 
 FactoryBot.define do
-  factory :status_page_setting, class: 'StatusPageSetting' do
+  factory :status_page_setting, class: 'StatusPage::ProjectSetting' do
     project
     aws_s3_bucket_name { 'bucket-name' }
     aws_region { 'ap-southeast-2' }
-    aws_access_key { FFaker::String.from_regexp(StatusPageSetting::AWS_ACCESS_KEY_REGEXP) }
-    aws_secret_key { FFaker::String.from_regexp(StatusPageSetting::AWS_SECRET_KEY_REGEXP) }
+    aws_access_key { FFaker::String.from_regexp(StatusPage::ProjectSetting::AWS_ACCESS_KEY_REGEXP) }
+    aws_secret_key { FFaker::String.from_regexp(StatusPage::ProjectSetting::AWS_SECRET_KEY_REGEXP) }
     enabled { false }
 
     trait :enabled do

ee/spec/models/project_spec.rb

@@ -23,7 +23,7 @@ describe Project do
 
     it { is_expected.to have_one(:import_state).class_name('ProjectImportState') }
     it { is_expected.to have_one(:repository_state).class_name('ProjectRepositoryState').inverse_of(:project) }
-    it { is_expected.to have_one(:status_page_setting).class_name('StatusPageSetting') }
+    it { is_expected.to have_one(:status_page_setting).class_name('StatusPage::ProjectSetting') }
     it { is_expected.to have_one(:compliance_framework_setting).class_name('ComplianceManagement::ComplianceFramework::ProjectSettings') }
 
     it { is_expected.to have_many(:reviews).inverse_of(:project) }

ee/spec/models/status_page_setting_spec.rb → ee/spec/models/status_page/project_setting_spec.rb

@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe StatusPageSetting do
+describe StatusPage::ProjectSetting do
   describe 'associations' do
     it { is_expected.to belong_to(:project) }
   end
@@ -63,7 +63,7 @@ describe StatusPageSetting do
   end
 
   describe 'attribute encryption' do
-    let(:new_secret) { FFaker::String.from_regexp(StatusPageSetting::AWS_SECRET_KEY_REGEXP) }
+    let(:new_secret) { FFaker::String.from_regexp(StatusPage::ProjectSetting::AWS_SECRET_KEY_REGEXP) }
 
     subject(:status_page_setting) { create(:status_page_setting, aws_secret_key: new_secret) }
 

ee/spec/services/status_page/unpublish_details_service_spec.rb

@@ -17,7 +17,7 @@ describe StatusPage::UnpublishDetailsService do
     let(:storage_client) { instance_double(StatusPage::Storage::S3Client) }
 
     let(:status_page_setting) do
-      instance_double(StatusPageSetting, enabled?: status_page_setting_enabled,
+      instance_double(StatusPage::ProjectSetting, enabled?: status_page_setting_enabled,
                       storage_client: storage_client)
     end
 

ee/spec/support/shared_contexts/status_page/status_page_enabled_context.rb

@@ -9,6 +9,7 @@ RSpec.shared_context 'status page enabled' do
 
     unless project.status_page_setting
       create(:status_page_setting, :enabled, project: project)
+      project.reload
     end
   end
 end

ee/spec/support/shared_examples/status_page/publish_shared_examples.rb

@@ -7,7 +7,7 @@ RSpec.shared_examples 'publish incidents' do
   let(:content_json) { content.to_json }
 
   let(:status_page_setting) do
-    instance_double(StatusPageSetting, enabled?: status_page_setting_enabled,
+    instance_double(StatusPage::ProjectSetting, enabled?: status_page_setting_enabled,
                     storage_client: storage_client)
   end