Commit f62b65ca authored by Rémy Coutable's avatar Rémy Coutable

Merge branch 'remove-group-authorized-agents-feature-flag' into 'master'

Remove group_authorized_agents feature flag

See merge request gitlab-org/gitlab!71441
parents 0aa1b867 a8cb522b
# frozen_string_literal: true
module Clusters
class DeployableAgentsFinder
def initialize(project)
@project = project
end
def execute
project.cluster_agents.ordered_by_name
end
private
attr_reader :project
end
end
...@@ -1277,11 +1277,7 @@ module Ci ...@@ -1277,11 +1277,7 @@ module Ci
def authorized_cluster_agents def authorized_cluster_agents
strong_memoize(:authorized_cluster_agents) do strong_memoize(:authorized_cluster_agents) do
if ::Feature.enabled?(:group_authorized_agents, project, default_enabled: :yaml)
::Clusters::AgentAuthorizationsFinder.new(project).execute.map(&:agent) ::Clusters::AgentAuthorizationsFinder.new(project).execute.map(&:agent)
else
::Clusters::DeployableAgentsFinder.new(project).execute
end
end end
end end
......
---
name: group_authorized_agents
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/69047
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/340166
milestone: '14.3'
type: development
group: group::configure
default_enabled: true
...@@ -153,11 +153,6 @@ gitops: ...@@ -153,11 +153,6 @@ gitops:
> [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/5784) in GitLab 14.3. > [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/5784) in GitLab 14.3.
FLAG:
On self-managed GitLab, by default this feature is available. To hide the
feature, ask an administrator to [disable the feature flag](../../../administration/feature_flags.md) named `group_authorized_agents`. On
GitLab.com, this feature is available.
If you use the same cluster across multiple projects, you can set up the CI/CD Tunnel If you use the same cluster across multiple projects, you can set up the CI/CD Tunnel
to grant the Agent access to one or more groups. This way, all the projects that belong to grant the Agent access to one or more groups. This way, all the projects that belong
to the authorized groups can access the same Agent. This enables you to save resources and to the authorized groups can access the same Agent. This enables you to save resources and
......
...@@ -189,18 +189,10 @@ module API ...@@ -189,18 +189,10 @@ module API
pipeline = current_authenticated_job.pipeline pipeline = current_authenticated_job.pipeline
project = current_authenticated_job.project project = current_authenticated_job.project
allowed_agents =
if Feature.enabled?(:group_authorized_agents, project, default_enabled: :yaml)
agent_authorizations = Clusters::AgentAuthorizationsFinder.new(project).execute agent_authorizations = Clusters::AgentAuthorizationsFinder.new(project).execute
Entities::Clusters::AgentAuthorization.represent(agent_authorizations)
else
associated_agents = Clusters::DeployableAgentsFinder.new(project).execute
Entities::Clusters::Agent.represent(associated_agents)
end
{ {
allowed_agents: allowed_agents, allowed_agents: Entities::Clusters::AgentAuthorization.represent(agent_authorizations),
job: Entities::Ci::JobRequest::JobInfo.represent(current_authenticated_job), job: Entities::Ci::JobRequest::JobInfo.represent(current_authenticated_job),
pipeline: Entities::Ci::PipelineBasic.represent(pipeline), pipeline: Entities::Ci::PipelineBasic.represent(pipeline),
project: Entities::ProjectIdentity.represent(project), project: Entities::ProjectIdentity.represent(project),
......
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Clusters::DeployableAgentsFinder do
describe '#execute' do
let_it_be(:agent) { create(:cluster_agent) }
let(:project) { agent.project }
subject { described_class.new(project).execute }
it { is_expected.to contain_exactly(agent) }
end
end
...@@ -4610,22 +4610,5 @@ RSpec.describe Ci::Pipeline, :mailer, factory_default: :keep do ...@@ -4610,22 +4610,5 @@ RSpec.describe Ci::Pipeline, :mailer, factory_default: :keep do
expect(pipeline.authorized_cluster_agents).to contain_exactly(agent) expect(pipeline.authorized_cluster_agents).to contain_exactly(agent)
expect(pipeline.authorized_cluster_agents).to contain_exactly(agent) # cached expect(pipeline.authorized_cluster_agents).to contain_exactly(agent) # cached
end end
context 'group_authorized_agents feature flag is disabled' do
let(:finder) { double(execute: [agent]) }
before do
stub_feature_flags(group_authorized_agents: false)
end
it 'retrieves agent records from the legacy finder and caches the result' do
expect(Clusters::DeployableAgentsFinder).to receive(:new).once
.with(pipeline.project)
.and_return(finder)
expect(pipeline.authorized_cluster_agents).to contain_exactly(agent)
expect(pipeline.authorized_cluster_agents).to contain_exactly(agent) # cached
end
end
end end
end end
...@@ -187,14 +187,12 @@ RSpec.describe API::Ci::Jobs do ...@@ -187,14 +187,12 @@ RSpec.describe API::Ci::Jobs do
let(:job) { create(:ci_build, :artifacts, pipeline: pipeline, user: api_user, status: job_status) } let(:job) { create(:ci_build, :artifacts, pipeline: pipeline, user: api_user, status: job_status) }
let(:job_status) { 'running' } let(:job_status) { 'running' }
let(:params) { {} } let(:params) { {} }
let(:group_authorized_agents_enabled) { true }
subject do subject do
get api('/job/allowed_agents'), headers: headers, params: params get api('/job/allowed_agents'), headers: headers, params: params
end end
before do before do
stub_feature_flags(group_authorized_agents: group_authorized_agents_enabled)
allow(Clusters::AgentAuthorizationsFinder).to receive(:new).with(project).and_return(authorizations_finder) allow(Clusters::AgentAuthorizationsFinder).to receive(:new).with(project).and_return(authorizations_finder)
subject subject
...@@ -247,30 +245,6 @@ RSpec.describe API::Ci::Jobs do ...@@ -247,30 +245,6 @@ RSpec.describe API::Ci::Jobs do
]) ])
end end
end end
context 'group_authorized_agents feature flag is disabled' do
let(:group_authorized_agents_enabled) { false }
let(:agents_finder) { double(execute: [associated_agent]) }
before do
allow(Clusters::DeployableAgentsFinder).to receive(:new).with(project).and_return(agents_finder)
end
it 'returns agent info', :aggregate_failures do
expect(response).to have_gitlab_http_status(:ok)
expect(json_response.dig('job', 'id')).to eq(job.id)
expect(json_response.dig('pipeline', 'id')).to eq(job.pipeline_id)
expect(json_response.dig('project', 'id')).to eq(job.project_id)
expect(json_response.dig('user', 'username')).to eq(api_user.username)
expect(json_response['allowed_agents']).to match_array([
{
'id' => associated_agent.id,
'config_project' => hash_including('id' => associated_agent.project_id)
}
])
end
end
end end
context 'when user is anonymous' do context 'when user is anonymous' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment