Move group creation logic to own service

* Move the logic to create the gitlab-instance-administrators group into
its own service.

* Also store the ID of the created group in application_settings table.

lib/gitlab/database_importers/instance_administrators/create_group.rb

+# frozen_string_literal: true
+
+module Gitlab
+  module DatabaseImporters
+    module InstanceAdministrators
+      class CreateGroup < ::BaseService
+        include Stepable
+
+        VISIBILITY_LEVEL = Gitlab::VisibilityLevel::INTERNAL
+
+        steps :validate_application_settings,
+          :validate_admins,
+          :create_group,
+          :save_group_id,
+          :add_group_members,
+          :track_event
+
+        def initialize
+          super(nil)
+        end
+
+        def execute
+          execute_steps
+        end
+
+        private
+
+        def validate_application_settings(result)
+          return success(result) if application_settings
+
+          log_error('No application_settings found')
+          error(_('No application_settings found'))
+        end
+
+        def validate_admins(result)
+          unless instance_admins.any?
+            log_error('No active admin user found')
+            return error(_('No active admin user found'))
+          end
+
+          success(result)
+        end
+
+        def create_group(result)
+          if group_created?
+            log_info(_('Instance administrators group already exists'))
+            result[:group] = instance_administrators_group
+            return success(result)
+          end
+
+          result[:group] = ::Groups::CreateService.new(instance_admins.first, create_group_params).execute
+
+          if result[:group].persisted?
+            success(result)
+          else
+            log_error("Could not create instance administrators group. Errors: %{errors}" % { errors: result[:group].errors.full_messages })
+            error(_('Could not create group'))
+          end
+        end
+
+        def save_group_id(result)
+          return success(result) if group_created?
+
+          response = application_settings.update(
+            instance_administrators_group_id: result[:group].id
+          )
+
+          if response
+            success(result)
+          else
+            log_error("Could not save instance administrators group ID, errors: %{errors}" % { errors: application_settings.errors.full_messages })
+            error(_('Could not save group ID'))
+          end
+        end
+
+        def add_group_members(result)
+          group = result[:group]
+          members = group.add_users(members_to_add(group), Gitlab::Access::MAINTAINER)
+          errors = members.flat_map { |member| member.errors.full_messages }
+
+          if errors.any?
+            log_error('Could not add admins as members to self-monitoring project. Errors: %{errors}' % { errors: errors })
+            error(_('Could not add admins as members'))
+          else
+            success(result)
+          end
+        end
+
+        def track_event(result)
+          ::Gitlab::Tracking.event("instance_administrators_group", "group_created")
+
+          success(result)
+        end
+
+        def group_created?
+          instance_administrators_group.present?
+        end
+
+        def application_settings
+          @application_settings ||= ApplicationSetting.current_without_cache
+        end
+
+        def instance_administrators_group
+          application_settings.instance_administrators_group
+        end
+
+        def instance_admins
+          @instance_admins ||= User.admins.active
+        end
+
+        def members_to_add(group)
+          # Exclude admins who are already members of group because
+          # `group.add_users(users)` returns an error if the users parameter contains
+          # users who are already members of the group.
+          instance_admins - group.members.collect(&:user)
+        end
+
+        def create_group_params
+          {
+            name: 'GitLab Instance Administrators',
+            visibility_level: VISIBILITY_LEVEL,
+
+            # The 8 random characters at the end are so that the path does not
+            # clash with any existing group that the user might have created.
+            path: "gitlab-instance-administrators-#{SecureRandom.hex(4)}"
+          }
+        end
+      end
+    end
+  end
+end

lib/gitlab/database_importers/self_monitoring/project/create_service.rb

@@ -12,11 +12,9 @@ module Gitlab
           PROJECT_NAME = 'GitLab Instance Administration'
 
           steps :validate_application_settings,
-            :validate_admins,
             :create_group,
             :create_project,
             :save_project_id,
-            :add_group_members,
             :add_prometheus_manual_configuration,
             :track_event
 
@@ -37,28 +35,14 @@ module Gitlab
             error(_('No application_settings found'))
           end
 
-          def validate_admins(result)
-            unless instance_admins.any?
-              log_error('No active admin user found')
-              return error(_('No active admin user found'))
-            end
-
-            success(result)
-          end
-
           def create_group(result)
-            if project_created?
-              log_info(_('Instance administrators group already exists'))
-              result[:group] = self_monitoring_project.owner
-              return success(result)
-            end
-
-            result[:group] = ::Groups::CreateService.new(group_owner, create_group_params).execute
+            create_group_response =
+              Gitlab::DatabaseImporters::InstanceAdministrators::CreateGroup.new.execute
 
-            if result[:group].persisted?
-              success(result)
+            if create_group_response[:status] == :success
+              success(result.merge(create_group_response))
             else
-              error(_('Could not create group'))
+              error(create_group_response[:message])
             end
           end
 
@@ -69,7 +53,9 @@ module Gitlab
               return success(result)
             end
 
-            result[:project] = ::Projects::CreateService.new(group_owner, create_project_params(result[:group])).execute
+            owner = result[:group].owners.first
+
+            result[:project] = ::Projects::CreateService.new(owner, create_project_params(result[:group])).execute
 
             if result[:project].persisted?
               success(result)
@@ -94,19 +80,6 @@ module Gitlab
             end
           end
 
-          def add_group_members(result)
-            group = result[:group]
-            members = group.add_users(members_to_add(group), Gitlab::Access::MAINTAINER)
-            errors = members.flat_map { |member| member.errors.full_messages }
-
-            if errors.any?
-              log_error('Could not add admins as members to self-monitoring project. Errors: %{errors}' % { errors: errors })
-              error(_('Could not add admins as members'))
-            else
-              success(result)
-            end
-          end
-
           def add_prometheus_manual_configuration(result)
             return success(result) unless prometheus_enabled?
             return success(result) unless prometheus_listen_address.present?
@@ -140,29 +113,6 @@ module Gitlab
             ::Gitlab::Prometheus::Internal.listen_address
           end
 
-          def instance_admins
-            @instance_admins ||= User.admins.active
-          end
-
-          def group_owner
-            instance_admins.first
-          end
-
-          def members_to_add(group)
-            # Exclude admins who are already members of group because
-            # `group.add_users(users)` returns an error if the users parameter contains
-            # users who are already members of the group.
-            instance_admins - group.members.collect(&:user)
-          end
-
-          def create_group_params
-            {
-              name: 'GitLab Instance Administrators',
-              path: "gitlab-instance-administrators-#{SecureRandom.hex(4)}",
-              visibility_level: VISIBILITY_LEVEL
-            }
-          end
-
           def docs_path
             Rails.application.routes.url_helpers.help_page_path(
               'administration/monitoring/gitlab_instance_administration_project/index'

locale/gitlab.pot

@@ -5202,6 +5202,9 @@ msgstr ""
 msgid "Could not revoke personal access token %{personal_access_token_name}."
 msgstr ""
 
+msgid "Could not save group ID"
+msgstr ""
+
 msgid "Could not save project ID"
 msgstr ""
 

spec/lib/gitlab/database_importers/instance_administrators/create_group_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Gitlab::DatabaseImporters::InstanceAdministrators::CreateGroup do
+  describe '#execute' do
+    let(:result) { subject.execute }
+
+    context 'without application_settings' do
+      it 'returns error' do
+        expect(subject).to receive(:log_error).and_call_original
+        expect(result).to eq(
+          status: :error,
+          message: 'No application_settings found',
+          last_step: :validate_application_settings
+        )
+
+        expect(Group.count).to eq(0)
+      end
+    end
+
+    context 'without admin users' do
+      let(:application_setting) { Gitlab::CurrentSettings.current_application_settings }
+
+      before do
+        allow(ApplicationSetting).to receive(:current_without_cache) { application_setting }
+      end
+
+      it 'returns error' do
+        expect(subject).to receive(:log_error).and_call_original
+        expect(result).to eq(
+          status: :error,
+          message: 'No active admin user found',
+          last_step: :validate_admins
+        )
+
+        expect(Group.count).to eq(0)
+      end
+    end
+
+    context 'with application settings and admin users' do
+      let(:group) { result[:group] }
+      let(:application_setting) { Gitlab::CurrentSettings.current_application_settings }
+
+      let!(:user) { create(:user, :admin) }
+
+      before do
+        allow(ApplicationSetting).to receive(:current_without_cache) { application_setting }
+      end
+
+      it 'returns correct keys' do
+        expect(result.keys).to contain_exactly(
+          :status, :group
+        )
+      end
+
+      it "tracks successful install" do
+        expect(::Gitlab::Tracking).to receive(:event).with(
+          'instance_administrators_group', 'group_created'
+        )
+
+        result
+      end
+
+      it 'creates group' do
+        expect(result[:status]).to eq(:success)
+        expect(group).to be_persisted
+        expect(group.name).to eq('GitLab Instance Administrators')
+        expect(group.path).to start_with('gitlab-instance-administrators')
+        expect(group.path.split('-').last.length).to eq(8)
+        expect(group.visibility_level).to eq(described_class::VISIBILITY_LEVEL)
+      end
+
+      it 'adds all admins as maintainers' do
+        admin1 = create(:user, :admin)
+        admin2 = create(:user, :admin)
+        create(:user)
+
+        expect(result[:status]).to eq(:success)
+        expect(group.members.collect(&:user)).to contain_exactly(user, admin1, admin2)
+        expect(group.members.collect(&:access_level)).to contain_exactly(
+          Gitlab::Access::OWNER,
+          Gitlab::Access::MAINTAINER,
+          Gitlab::Access::MAINTAINER
+        )
+      end
+
+      it 'saves the group id' do
+        expect(result[:status]).to eq(:success)
+        expect(application_setting.instance_administrators_group_id).to eq(group.id)
+      end
+
+      it 'returns error when saving group ID fails' do
+        allow(application_setting).to receive(:save) { false }
+
+        expect(result).to eq(
+          status: :error,
+          message: 'Could not save group ID',
+          last_step: :save_group_id
+        )
+      end
+
+      context 'when group already exists' do
+        let(:existing_group) { create(:group) }
+
+        before do
+          admin1 = create(:user, :admin)
+          admin2 = create(:user, :admin)
+
+          existing_group.add_owner(user)
+          existing_group.add_users([admin1, admin2], Gitlab::Access::MAINTAINER)
+
+          application_setting.instance_administrators_group_id = existing_group.id
+        end
+
+        it 'returns success' do
+          expect(result).to eq(
+            status: :success,
+            group: existing_group
+          )
+
+          expect(Group.count).to eq(1)
+        end
+      end
+
+      context 'when group cannot be created' do
+        let(:group) { build(:group) }
+
+        before do
+          group.errors.add(:base, "Test error")
+
+          expect_next_instance_of(::Groups::CreateService) do |group_create_service|
+            expect(group_create_service).to receive(:execute)
+              .and_return(group)
+          end
+        end
+
+        it 'returns error' do
+          expect(subject).to receive(:log_error).and_call_original
+          expect(result).to eq(
+            status: :error,
+            message: 'Could not create group',
+            last_step: :create_group
+          )
+        end
+      end
+
+      context 'when user cannot be added to group' do
+        before do
+          subject.instance_variable_set(:@instance_admins, [user, build(:user, :admin)])
+        end
+
+        it 'returns error' do
+          expect(subject).to receive(:log_error).and_call_original
+          expect(result).to eq(
+            status: :error,
+            message: 'Could not add admins as members',
+            last_step: :add_group_members
+          )
+        end
+      end
+    end
+  end
+end

spec/lib/gitlab/database_importers/self_monitoring/project/create_service_spec.rb

@@ -39,11 +39,10 @@ describe Gitlab::DatabaseImporters::SelfMonitoring::Project::CreateService do
       end
 
       it 'returns error' do
-        expect(subject).to receive(:log_error).and_call_original
         expect(result).to eq(
           status: :error,
           message: 'No active admin user found',
-          last_step: :validate_admins
+          last_step: :create_group
         )
 
         expect(Project.count).to eq(0)
@@ -78,8 +77,8 @@ describe Gitlab::DatabaseImporters::SelfMonitoring::Project::CreateService do
       it_behaves_like 'has prometheus service', 'http://localhost:9090'
 
       it "tracks successful install" do
-        expect(::Gitlab::Tracking).to receive(:event)
-        expect(::Gitlab::Tracking).to receive(:event).with("self_monitoring", "project_created")
+        expect(::Gitlab::Tracking).to receive(:event).twice
+        expect(::Gitlab::Tracking).to receive(:event).with('self_monitoring', 'project_created')
 
         result
       end
@@ -87,10 +86,6 @@ describe Gitlab::DatabaseImporters::SelfMonitoring::Project::CreateService do
       it 'creates group' do
         expect(result[:status]).to eq(:success)
         expect(group).to be_persisted
-        expect(group.name).to eq('GitLab Instance Administrators')
-        expect(group.path).to start_with('gitlab-instance-administrators')
-        expect(group.path.split('-').last.length).to eq(8)
-        expect(group.visibility_level).to eq(described_class::VISIBILITY_LEVEL)
       end
 
       it 'creates project with internal visibility' do
@@ -120,19 +115,9 @@ describe Gitlab::DatabaseImporters::SelfMonitoring::Project::CreateService do
         expect(File).to exist("doc/#{path}.md")
       end
 
-      it 'adds all admins as maintainers' do
-        admin1 = create(:user, :admin)
-        admin2 = create(:user, :admin)
-        create(:user)
-
+      it 'creates project with group as owner' do
         expect(result[:status]).to eq(:success)
         expect(project.owner).to eq(group)
-        expect(group.members.collect(&:user)).to contain_exactly(user, admin1, admin2)
-        expect(group.members.collect(&:access_level)).to contain_exactly(
-          Gitlab::Access::OWNER,
-          Gitlab::Access::MAINTAINER,
-          Gitlab::Access::MAINTAINER
-        )
       end
 
       it 'saves the project id' do
@@ -141,7 +126,10 @@ describe Gitlab::DatabaseImporters::SelfMonitoring::Project::CreateService do
       end
 
       it 'returns error when saving project ID fails' do
-        allow(application_setting).to receive(:save) { false }
+        allow(application_setting).to receive(:update).and_call_original
+        allow(application_setting).to receive(:update)
+          .with(instance_administration_project_id: anything)
+          .and_return(false)
 
         expect(result).to eq(
           status: :error,
@@ -155,12 +143,7 @@ describe Gitlab::DatabaseImporters::SelfMonitoring::Project::CreateService do
         let(:existing_project) { create(:project, namespace: existing_group) }
 
         before do
-          admin1 = create(:user, :admin)
-          admin2 = create(:user, :admin)
-
-          existing_group.add_owner(user)
-          existing_group.add_users([admin1, admin2], Gitlab::Access::MAINTAINER)
-
+          application_setting.instance_administrators_group_id = existing_group.id
           application_setting.instance_administration_project_id = existing_project.id
         end
 
@@ -272,21 +255,6 @@ describe Gitlab::DatabaseImporters::SelfMonitoring::Project::CreateService do
         end
       end
 
-      context 'when user cannot be added to project' do
-        before do
-          subject.instance_variable_set(:@instance_admins, [user, build(:user, :admin)])
-        end
-
-        it 'returns error' do
-          expect(subject).to receive(:log_error).and_call_original
-          expect(result).to eq(
-            status: :error,
-            message: 'Could not add admins as members',
-            last_step: :add_group_members
-          )
-        end
-      end
-
       context 'when prometheus manual configuration cannot be saved' do
         let(:prometheus_settings) do
           {