Allowlist various callsites for cross-database queries

Together these callsites are called about 500 times in CI

Allowlist various callsites for cross-database queries
Together these callsites are called about 500 times in CI
e5f50a66 · Thong Kuah · f599cd82 · e5f50a66 · e5f50a66 · e5f50a66
Commit e5f50a66 authored Sep 22, 2021 by Thong Kuah
6 changed files
--- a/app/controllers/groups/runners_controller.rb
+++ b/app/controllers/groups/runners_controller.rb
@@ -10,8 +10,10 @@ class Groups::RunnersController < Groups::ApplicationController
  feature_category :runner

  def index
-    finder = Ci::RunnersFinder.new(current_user: current_user, params: { group: @group })
-    @group_runners_limited_count = finder.execute.except(:limit, :offset).page.total_count_with_limit(:all, limit: 1000)
+    ::Gitlab::Database.allow_cross_joins_across_databases(url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/336433') do
+      finder = Ci::RunnersFinder.new(current_user: current_user, params: { group: @group })
+      @group_runners_limited_count = finder.execute.except(:limit, :offset).page.total_count_with_limit(:all, limit: 1000)
+    end
  end

  def runner_list_group_view_vue_ui_enabled
@@ -61,9 +63,11 @@ class Groups::RunnersController < Groups::ApplicationController
  private

  def runner
-    @runner ||= Ci::RunnersFinder.new(current_user: current_user, params: { group: @group }).execute
-                                                                                            .except(:limit, :offset)
-                                                                                            .find(params[:id])
+    ::Gitlab::Database.allow_cross_joins_across_databases(url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/336433') do
+      @runner ||= Ci::RunnersFinder.new(current_user: current_user, params: { group: @group }).execute
+        .except(:limit, :offset)
+        .find(params[:id])
+    end
  end

  def runner_params

--- a/app/controllers/groups/settings/ci_cd_controller.rb
+++ b/app/controllers/groups/settings/ci_cd_controller.rb
@@ -23,6 +23,11 @@ module Groups
        @group_runners = runners_finder.execute.page(params[:page]).per(NUMBER_OF_RUNNERS_PER_PAGE)

        @sort = runners_finder.sort_key
+
+        # Allow sql generated by the two relations above, @all_group_runners and @group_runners
+        ::Gitlab::Database.allow_cross_joins_across_databases(url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/336433') do
+          render
+        end
      end

      def update

--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -192,15 +192,17 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo

    Gitlab::PollingInterval.set_header(response, interval: 10_000)

-    render json: {
-      pipelines: PipelineSerializer
-        .new(project: @project, current_user: @current_user)
-        .with_pagination(request, response)
-        .represent(@pipelines),
-      count: {
-        all: @pipelines.count
+    ::Gitlab::Database.allow_cross_joins_across_databases(url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/336891') do
+      render json: {
+        pipelines: PipelineSerializer
+          .new(project: @project, current_user: @current_user)
+          .with_pagination(request, response)
+          .represent(@pipelines),
+        count: {
+            all: @pipelines.count
+          }
      }
-    }
+    end
  end

  def sast_reports

--- a/app/controllers/projects/settings/ci_cd_controller.rb
+++ b/app/controllers/projects/settings/ci_cd_controller.rb
@@ -25,6 +25,11 @@ module Projects
            @project.triggers, current_user: current_user, project: @project
          ).to_json
        end
+
+        # @assignable_runners is using ci_owned_runners
+        ::Gitlab::Database.allow_cross_joins_across_databases(url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/336436') do
+          render
+        end
      end

      def update

--- a/app/models/ci/runner.rb
+++ b/app/models/ci/runner.rb
@@ -280,7 +280,9 @@ module Ci
    end

    def belongs_to_more_than_one_project?
-      self.projects.limit(2).count(:all) > 1
+      ::Gitlab::Database.allow_cross_joins_across_databases(url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/338659') do
+        self.projects.limit(2).count(:all) > 1
+      end
    end

    def assigned_to_group?
@@ -309,7 +311,9 @@ module Ci
    end

    def only_for?(project)
-      projects == [project]
+      ::Gitlab::Database.allow_cross_joins_across_databases(url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/338659') do
+        projects == [project]
+      end
    end

    def short_sha
@@ -444,14 +448,18 @@ module Ci
    end

    def any_project
-      unless projects.any?
-        errors.add(:runner, 'needs to be assigned to at least one project')
+      ::Gitlab::Database.allow_cross_joins_across_databases(url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/338659') do
+        unless projects.any?
+          errors.add(:runner, 'needs to be assigned to at least one project')
+        end
      end
    end

    def exactly_one_group
-      unless groups.one?
-        errors.add(:runner, 'needs to be assigned to exactly one group')
+      ::Gitlab::Database.allow_cross_joins_across_databases(url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/338659') do
+        unless groups.one?
+          errors.add(:runner, 'needs to be assigned to exactly one group')
+        end
      end
    end


--- a/spec/support/database/cross-join-allowlist.yml
+++ b/spec/support/database/cross-join-allowlist.yml
@@ -67,7 +67,6 @@
 - "./spec/features/projects/pipelines/pipeline_spec.rb"
 - "./spec/features/projects/pipelines/pipelines_spec.rb"
 - "./spec/features/projects/settings/pipelines_settings_spec.rb"
- "./spec/features/runners_spec.rb"
 - "./spec/features/security/project/internal_access_spec.rb"
 - "./spec/features/security/project/private_access_spec.rb"
 - "./spec/features/security/project/public_access_spec.rb"