Commit 5d2a4174 authored by Stan Hu's avatar Stan Hu

Check credit card requirement when retrying a CI build on GitLab.com

The state of the shared runners could have changed, so we should
only create a build if we're still allowed.

Changelog: fixed
parent 72cbaea7
......@@ -25,9 +25,7 @@ module Ci
# rubocop: disable CodeReuse/ActiveRecord
def reprocess!(build)
unless can?(current_user, :update_build, build)
raise Gitlab::Access::AccessDeniedError
end
check_access!(build)
attributes = self.class.clone_accessors.to_h do |attribute|
[attribute, build.public_send(attribute)] # rubocop:disable GitlabSecurity/PublicSend
......@@ -52,6 +50,12 @@ module Ci
private
def check_access!(build)
unless can?(current_user, :update_build, build)
raise Gitlab::Access::AccessDeniedError
end
end
def create_build!(attributes)
build = project.builds.new(attributes)
build.assign_attributes(::Gitlab::Ci::Pipeline::Seed::Build.environment_attributes_for(build))
......
---
title: Check credit card requirement when retrying a CI build on GitLab.com
merge_request: 62050
author:
type: fixed
......@@ -4,6 +4,7 @@ module EE
module Ci
module RetryBuildService
extend ActiveSupport::Concern
extend ::Gitlab::Utils::Override
class_methods do
extend ::Gitlab::Utils::Override
......@@ -13,6 +14,22 @@ module EE
(super + %i[secrets]).freeze
end
end
override :check_access!
def check_access!(build)
super
if current_user && !current_user.has_required_credit_card_to_run_pipelines?(project)
::Gitlab::AppLogger.info(
message: 'Credit card required to be on file in order to retry build',
project_path: project.full_path,
user_id: current_user.id,
plan: project.root_namespace.actual_plan_name
)
raise ::Gitlab::Access::AccessDeniedError, 'Credit card required to be on file in order to retry a build'
end
end
end
end
end
......@@ -6,9 +6,13 @@ RSpec.describe Ci::RetryBuildService do
describe '#reprocess' do
context 'when user has ability to execute build' do
let(:user) { create(:user) }
let(:build) { create(:ci_build) }
let(:project) { build.project }
let_it_be(:namespace) { create(:namespace) }
let_it_be(:ultimate_plan) { create(:ultimate_plan) }
let_it_be(:plan_limits) { create(:plan_limits, plan: ultimate_plan) }
let_it_be(:user) { create(:user) }
let(:project) { create(:project, namespace: namespace, creator: user) }
let(:build) { create(:ci_build, project: project) }
subject(:service) { described_class.new(project, user) }
......@@ -45,6 +49,61 @@ RSpec.describe Ci::RetryBuildService do
expect(new_build.secrets).to eq(secrets)
end
end
describe 'credit card requirement' do
before do
create(:gitlab_subscription, namespace: namespace, hosted_plan: ultimate_plan)
end
shared_examples 'creates a retried build' do
it 'creates a retried build' do
build
expect { new_build }.to change { Ci::Build.count }.by(1)
expect(new_build.name).to eq build.name
expect(new_build).to be_latest
expect(build).to be_retried
expect(build).to be_processed
end
end
context 'when credit card is required' do
context 'when project is on free plan' do
before do
allow(::Gitlab).to receive(:com?).and_return(true)
namespace.gitlab_subscription.update!(hosted_plan: create(:free_plan))
user.created_at = ::Users::CreditCardValidation::RELEASE_DAY
end
context 'when user has credit card' do
before do
allow(user).to receive(:credit_card_validated_at).and_return(Time.current)
end
it_behaves_like 'creates a retried build'
end
context 'when user does not have credit card' do
it 'raises an exception', :aggregate_failures do
expect { new_build }.to raise_error Gitlab::Access::AccessDeniedError
end
context 'when feature flag is disabled' do
before do
stub_feature_flags(ci_require_credit_card_on_free_plan: false)
end
it_behaves_like 'creates a retried build'
end
end
end
end
context 'when credit card is not required' do
it_behaves_like 'creates a retried build'
end
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment