Resolve "Automatically provide a Deploy Token to projects when Auto DevOps is enabled"
This commit is contained in:
parent
eb75844f2b
commit
5370c442df
|
@ -6,6 +6,8 @@ class ProjectAutoDevops < ActiveRecord::Base
|
|||
|
||||
validates :domain, allow_blank: true, hostname: { allow_numeric_hostname: true }
|
||||
|
||||
after_save :create_gitlab_deploy_token, if: :needs_to_create_deploy_token?
|
||||
|
||||
def instance_domain
|
||||
Gitlab::CurrentSettings.auto_devops_domain
|
||||
end
|
||||
|
@ -22,4 +24,23 @@ class ProjectAutoDevops < ActiveRecord::Base
|
|||
end
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def create_gitlab_deploy_token
|
||||
project.deploy_tokens.create!(
|
||||
name: DeployToken::GITLAB_DEPLOY_TOKEN_NAME,
|
||||
read_registry: true
|
||||
)
|
||||
end
|
||||
|
||||
def needs_to_create_deploy_token?
|
||||
auto_devops_enabled? &&
|
||||
!project.public? &&
|
||||
!project.deploy_tokens.find_by(name: DeployToken::GITLAB_DEPLOY_TOKEN_NAME).present?
|
||||
end
|
||||
|
||||
def auto_devops_enabled?
|
||||
Gitlab::CurrentSettings.auto_devops_enabled? || enabled?
|
||||
end
|
||||
end
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
title: Automatize Deploy Token creation for Auto Devops
|
||||
merge_request: 19507
|
||||
author:
|
||||
type: added
|
|
@ -426,6 +426,15 @@ no longer be valid as soon as the deployment job finishes. This means that
|
|||
Kubernetes can run the application, but in case it should be restarted or
|
||||
executed somewhere else, it cannot be accessed again.
|
||||
|
||||
> [Introduced][ce-19507] in GitLab 11.0.
|
||||
|
||||
For internal and private projects a [GitLab Deploy Token](../../user/project/deploy_tokens/index.md###gitlab-deploy-token)
|
||||
will be automatically created, when Auto DevOps is enabled and the Auto DevOps settings are saved. This Deploy Token
|
||||
can be used for permanent access to the registry.
|
||||
|
||||
Note: **Note**
|
||||
When the GitLab Deploy Token has been manually revoked, it won't be automatically created.
|
||||
|
||||
### Auto Monitoring
|
||||
|
||||
NOTE: **Note:**
|
||||
|
@ -809,3 +818,4 @@ curl --data "value=true" --header "PRIVATE-TOKEN: personal_access_token" https:/
|
|||
[Auto DevOps template]: https://gitlab.com/gitlab-org/gitlab-ci-yml/blob/master/Auto-DevOps.gitlab-ci.yml
|
||||
[GitLab Omnibus Helm Chart]: ../../install/kubernetes/gitlab_omnibus.md
|
||||
[ee]: https://about.gitlab.com/products/
|
||||
[ce-19507]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/19507
|
||||
|
|
|
@ -3,5 +3,9 @@ FactoryBot.define do
|
|||
project
|
||||
enabled true
|
||||
domain "example.com"
|
||||
|
||||
trait :disabled do
|
||||
enabled false
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -71,4 +71,97 @@ describe ProjectAutoDevops do
|
|||
{ key: 'AUTO_DEVOPS_DOMAIN', value: 'example.com', public: true }
|
||||
end
|
||||
end
|
||||
|
||||
describe '#set_gitlab_deploy_token' do
|
||||
let(:auto_devops) { build(:project_auto_devops, project: project) }
|
||||
|
||||
context 'when the project is public' do
|
||||
let(:project) { create(:project, :repository, :public) }
|
||||
|
||||
it 'should not create a gitlab deploy token' do
|
||||
expect do
|
||||
auto_devops.save
|
||||
end.not_to change { DeployToken.count }
|
||||
end
|
||||
end
|
||||
|
||||
context 'when the project is internal' do
|
||||
let(:project) { create(:project, :repository, :internal) }
|
||||
|
||||
it 'should create a gitlab deploy token' do
|
||||
expect do
|
||||
auto_devops.save
|
||||
end.to change { DeployToken.count }.by(1)
|
||||
end
|
||||
end
|
||||
|
||||
context 'when the project is private' do
|
||||
let(:project) { create(:project, :repository, :private) }
|
||||
|
||||
it 'should create a gitlab deploy token' do
|
||||
expect do
|
||||
auto_devops.save
|
||||
end.to change { DeployToken.count }.by(1)
|
||||
end
|
||||
end
|
||||
|
||||
context 'when autodevops is enabled at project level' do
|
||||
let(:project) { create(:project, :repository, :internal) }
|
||||
let(:auto_devops) { build(:project_auto_devops, project: project) }
|
||||
|
||||
it 'should create a deploy token' do
|
||||
expect do
|
||||
auto_devops.save
|
||||
end.to change { DeployToken.count }.by(1)
|
||||
end
|
||||
end
|
||||
|
||||
context 'when autodevops is enabled at instancel level' do
|
||||
let(:project) { create(:project, :repository, :internal) }
|
||||
let(:auto_devops) { build(:project_auto_devops, :disabled, project: project) }
|
||||
|
||||
it 'should create a deploy token' do
|
||||
allow(Gitlab::CurrentSettings).to receive(:auto_devops_enabled?).and_return(true)
|
||||
|
||||
expect do
|
||||
auto_devops.save
|
||||
end.to change { DeployToken.count }.by(1)
|
||||
end
|
||||
end
|
||||
|
||||
context 'when autodevops is disabled' do
|
||||
let(:project) { create(:project, :repository, :internal) }
|
||||
let(:auto_devops) { build(:project_auto_devops, :disabled, project: project) }
|
||||
|
||||
it 'should not create a deploy token' do
|
||||
expect do
|
||||
auto_devops.save
|
||||
end.not_to change { DeployToken.count }
|
||||
end
|
||||
end
|
||||
|
||||
context 'when the project already has an active gitlab-deploy-token' do
|
||||
let(:project) { create(:project, :repository, :internal) }
|
||||
let!(:deploy_token) { create(:deploy_token, :gitlab_deploy_token, projects: [project]) }
|
||||
let(:auto_devops) { build(:project_auto_devops, project: project) }
|
||||
|
||||
it 'should not create a deploy token' do
|
||||
expect do
|
||||
auto_devops.save
|
||||
end.not_to change { DeployToken.count }
|
||||
end
|
||||
end
|
||||
|
||||
context 'when the project already has a revoked gitlab-deploy-token' do
|
||||
let(:project) { create(:project, :repository, :internal) }
|
||||
let!(:deploy_token) { create(:deploy_token, :gitlab_deploy_token, :expired, projects: [project]) }
|
||||
let(:auto_devops) { build(:project_auto_devops, project: project) }
|
||||
|
||||
it 'should not create a deploy token' do
|
||||
expect do
|
||||
auto_devops.save
|
||||
end.not_to change { DeployToken.count }
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue