Commit 87c13b0a authored by George Koltsov's avatar George Koltsov

Add more group attrs to list of excluded attributes for Group Import

- Exclude certain attributes from Group Import/Export of
  Group Model to disallow an ability to overwrite them
parent 1a623a92
---
title: Extend the list of excluded_attributes for group on Group Import
merge_request: 25031
author:
type: fixed
...@@ -28,8 +28,15 @@ included_attributes: ...@@ -28,8 +28,15 @@ included_attributes:
excluded_attributes: excluded_attributes:
group: group:
- :id - :id
- :name
- :path
- :owner_id
- :parent_id
- :created_at
- :updated_at
- :runners_token - :runners_token
- :runners_token_encrypted - :runners_token_encrypted
- :saml_discovery_token
methods: methods:
labels: labels:
......
{ {
"name": "ymg09t5704clnxnqfgaj2h098gz4r7gyx4wc3fzmlqj1en24zf", "name": "ymg09t5704clnxnqfgaj2h098gz4r7gyx4wc3fzmlqj1en24zf",
"path": "ymg09t5704clnxnqfgaj2h098gz4r7gyx4wc3fzmlqj1en24zf", "path": "ymg09t5704clnxnqfgaj2h098gz4r7gyx4wc3fzmlqj1en24zf",
"owner_id": null, "owner_id": 123,
"created_at": "2019-11-20 17:01:53 UTC", "created_at": "2019-11-20 17:01:53 UTC",
"updated_at": "2019-11-20 17:05:44 UTC", "updated_at": "2019-11-20 17:05:44 UTC",
"description": "Group Description", "description": "Group Description",
...@@ -18,7 +18,7 @@ ...@@ -18,7 +18,7 @@
"ldap_sync_last_successful_update_at": null, "ldap_sync_last_successful_update_at": null,
"ldap_sync_last_sync_at": null, "ldap_sync_last_sync_at": null,
"lfs_enabled": null, "lfs_enabled": null,
"parent_id": null, "parent_id": 7,
"shared_runners_minutes_limit": null, "shared_runners_minutes_limit": null,
"repository_size_limit": null, "repository_size_limit": null,
"require_two_factor_authentication": false, "require_two_factor_authentication": false,
...@@ -33,6 +33,8 @@ ...@@ -33,6 +33,8 @@
"extra_shared_runners_minutes_limit": null, "extra_shared_runners_minutes_limit": null,
"last_ci_minutes_notification_at": null, "last_ci_minutes_notification_at": null,
"last_ci_minutes_usage_notification_level": null, "last_ci_minutes_usage_notification_level": null,
"runners_token": "token",
"runners_token_encrypted": "encrypted",
"subgroup_creation_level": 1, "subgroup_creation_level": 1,
"emails_disabled": null, "emails_disabled": null,
"max_pages_size": null, "max_pages_size": null,
......
...@@ -71,6 +71,44 @@ describe Gitlab::ImportExport::GroupTreeRestorer do ...@@ -71,6 +71,44 @@ describe Gitlab::ImportExport::GroupTreeRestorer do
end end
end end
context 'excluded attributes' do
let!(:source_user) { create(:user, id: 123) }
let!(:importer_user) { create(:user) }
let(:group) { create(:group) }
let(:shared) { Gitlab::ImportExport::Shared.new(group) }
let(:group_tree_restorer) { described_class.new(user: importer_user, shared: shared, group: group, group_hash: nil) }
let(:group_json) { ActiveSupport::JSON.decode(IO.read(File.join(shared.export_path, 'group.json'))) }
shared_examples 'excluded attributes' do
excluded_attributes = %w[
id
name
path
owner_id
parent_id
created_at
updated_at
runners_token
runners_token_encrypted
saml_discovery_token
]
before do
group.add_owner(importer_user)
setup_import_export_config('group_exports/complex')
end
excluded_attributes.each do |excluded_attribute|
it 'does not allow override of excluded attributes' do
expect(group_json[excluded_attribute]).not_to eq(group.public_send(excluded_attribute))
end
end
end
include_examples 'excluded attributes'
end
context 'group.json file access check' do context 'group.json file access check' do
let(:user) { create(:user) } let(:user) { create(:user) }
let!(:group) { create(:group, name: 'group2', path: 'group2') } let!(:group) { create(:group, name: 'group2', path: 'group2') }
......
...@@ -157,9 +157,28 @@ describe Gitlab::ImportExport::GroupTreeSaver do ...@@ -157,9 +157,28 @@ describe Gitlab::ImportExport::GroupTreeSaver do
end end
context 'group attributes' do context 'group attributes' do
it 'does not contain the runners token' do shared_examples 'excluded attributes' do
expect(saved_group_json).not_to include("runners_token" => 'token') excluded_attributes = %w[
id
name
path
owner_id
parent_id
created_at
updated_at
runners_token
runners_token_encrypted
saml_discovery_token
]
excluded_attributes.each do |excluded_attribute|
it 'does not contain excluded attribute' do
expect(saved_group_json).not_to include(excluded_attribute => group.public_send(excluded_attribute))
end
end
end end
include_examples 'excluded attributes'
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment