Add new migrations

WIP

Add new migrations
WIP
c1da9df4 · Małgorzata Ksionek · 7f95f25e · c1da9df4 · c1da9df4 · c1da9df4
Commit c1da9df4 authored Nov 03, 2020 by Małgorzata Ksionek
4 changed files
--- a/db/post_migrate/20201030121314_schedule_update_existing_users_that_require_two_factor_auth.rb
+++ b/db/post_migrate/20201030121314_schedule_update_existing_users_that_require_two_factor_auth.rb
+# # frozen_string_literal: true
+
+class ScheduleUpdateExistingUsersThatRequireTwoFactorAuth < ActiveRecord::Migration[5.2]
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+  MIGRATION = 'UpdateExistingUsersThatRequireTwoFactorAuth'
+  DELAY_INTERVAL = 2.minutes
+  BATCH_SIZE = 1000
+
+  disable_ddl_transaction!
+
+  class User < ActiveRecord::Base
+    include EachBatch
+
+    self.table_name = 'users'
+  end
+
+  def up
+    relation = User.where(require_two_factor_authentication_from_group: true)
+
+    queue_background_migration_jobs_by_range_at_intervals(
+      relation, MIGRATION, DELAY_INTERVAL, batch_size: BATCH_SIZE)
+  end
+
+  def down
+    # no-op
+  end
+end
--- a/db/schema_migrations/20201030121314
+++ b/db/schema_migrations/20201030121314
+4875c1def91676d73f14c2fbff9318fc4ab1f26535503fd9700044b687e9714e
\ No newline at end of file
--- a/lib/gitlab/background_migration/update_existing_users_that_require_two_factor_auth.rb
+++ b/lib/gitlab/background_migration/update_existing_users_that_require_two_factor_auth.rb
+# frozen_string_literal: true
+# rubocop:disable Style/Documentation
+
+module Gitlab
+  module BackgroundMigration
+    class UpdateExistingUsersThatRequireTwoFactorAuth
+      class User < ActiveRecord::Base
+        self.table_name = 'users'
+      end
+
+      def perform(start_id, stop_id)
+        user_ids = User.where(id: start_id..stop_id).where(require_two_factor_authentication_from_group: true).select(:id)
+
+        ActiveRecord::Base.connection.execute <<~SQL
+          UPDATE users
+          SET require_two_factor_authentication_from_group = FALSE
+          WHERE users.id IN #{user_ids}
+          AND users.require_two_factor_authentication_from_group = TRUE
+          AND users.id NOT IN (
+          SELECT users_groups_query.user_id FROM (SELECT users.id as user_id, members.source_id as group_ids FROM users
+          LEFT JOIN members ON members.source_type = 'Namespace'
+          AND members.requested_at IS NULL AND members.user_id = users.id
+          AND members.type = 'GroupMember'
+          WHERE users.require_two_factor_authentication_from_group = TRUE
+          AND users.id IN #{user_ids}
+          ) AS users_groups_query
+          INNER JOIN LATERAL (
+          WITH RECURSIVE "base_and_ancestors" AS ((SELECT "namespaces".* FROM "namespaces" WHERE "namespaces"."type" = 'Group' AND "namespaces"."id" = users_groups_query.group_ids)
+          UNION
+          (SELECT "namespaces".* FROM "namespaces", "base_and_ancestors" WHERE "namespaces"."type" = 'Group' AND "namespaces"."id" = "base_and_ancestors"."parent_id")), "base_and_descendants" AS ((SELECT "namespaces".* FROM "namespaces" WHERE "namespaces"."type" = 'Group' AND "namespaces"."id" = users_groups_query.group_ids)
+          UNION
+          (SELECT "namespaces".* FROM "namespaces", "base_and_descendants" WHERE "namespaces"."type" = 'Group' AND "namespaces"."parent_id" = "base_and_descendants"."id")) SELECT "namespaces".* FROM ((SELECT "namespaces".* FROM "base_and_ancestors" AS "namespaces" WHERE "namespaces"."type" = 'Group')
+          UNION
+          (SELECT "namespaces".* FROM "base_and_descendants" AS "namespaces" WHERE "namespaces"."type" = 'Group')) namespaces WHERE "namespaces"."type" = 'Group' and "namespaces".require_two_factor_authentication = true
+          ) as hierarchy_tree ON TRUE);
+        SQL
+      end
+    end
+  end
+end
--- a/spec/migrations/schedule_update_existing_users_that_require_two_factor_auth_spec.rb
+++ b/spec/migrations/schedule_update_existing_users_that_require_two_factor_auth_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+require Rails.root.join('db', 'post_migrate', '20201030121314_schedule_update_existing_users_that_require_two_factor_auth.rb')
+
+RSpec.describe ScheduleUpdateExistingUsersThatRequireTwoFactorAuth do
+  let(:users) { table(:users) }
+  let!(:user_1) { users.create!(require_two_factor_authentication_from_group: true, name: "user1", email: "user1@example.com", projects_limit: 1) }
+  let!(:user_2) { users.create!(require_two_factor_authentication_from_group: false, name: "user2", email: "user2@example.com", projects_limit: 1) }
+  let!(:user_3) { users.create!(require_two_factor_authentication_from_group: true, name: "user3", email: "user3@example.com", projects_limit: 1) }
+
+  before do
+    stub_const("#{described_class.name}::BATCH_SIZE", 1)
+  end
+
+  it 'schedules jobs for users that require two factor authentication' do
+    Sidekiq::Testing.fake! do
+      freeze_time do
+        migrate!
+
+        expect(described_class::MIGRATION).to be_scheduled_delayed_migration(
+          2.minutes, user_1.id, user_1.id)
+        expect(described_class::MIGRATION).to be_scheduled_delayed_migration(
+          4.minutes, user_3.id, user_3.id)
+        expect(BackgroundMigrationWorker.jobs.size).to eq(2)
+      end
+    end
+  end
+end