From 0903456a0704bd5c4e594c423f0325b29cd99013 Mon Sep 17 00:00:00 2001 From: Mayra Cabrera Date: Mon, 16 Apr 2018 15:47:35 -0500 Subject: [PATCH 1/7] Expose deploy token to CI/CD jobs as environment variable - If a deploy token with a name 'gitlab-deploy-token' is exists for the project, CI_DEPLOY_USER and CI_DEPLOY_PASSWORD variables will be expose --- app/models/ci/build.rb | 8 ++++++++ app/models/deploy_token.rb | 1 + app/models/project.rb | 5 +++++ spec/factories/deploy_tokens.rb | 8 ++++++++ spec/models/ci/build_spec.rb | 31 +++++++++++++++++++++++++++++++ spec/models/project_spec.rb | 27 +++++++++++++++++++++++++++ 6 files changed, 80 insertions(+) diff --git a/app/models/ci/build.rb b/app/models/ci/build.rb index b0c02cdeec7..2a652b01313 100644 --- a/app/models/ci/build.rb +++ b/app/models/ci/build.rb @@ -624,6 +624,7 @@ module Ci variables.append(key: "CI_PIPELINE_TRIGGERED", value: 'true') if trigger_request variables.append(key: "CI_JOB_MANUAL", value: 'true') if action? variables.concat(legacy_variables) + variables.concat(deploy_token_variables) if project.gitlab_deploy_token end end @@ -654,6 +655,13 @@ module Ci end end + def deploy_token_variables + Gitlab::Ci::Variables::Collection.new.tap do |variables| + variables.append(key: 'CI_DEPLOY_USER', value: DeployToken::GITLAB_DEPLOY_TOKEN) + variables.append(key: 'CI_DEPLOY_PASSWORD', value: project.gitlab_deploy_token.token) + end + end + def environment_url options&.dig(:environment, :url) || persisted_environment&.external_url end diff --git a/app/models/deploy_token.rb b/app/models/deploy_token.rb index 979e9232fda..191f07c527f 100644 --- a/app/models/deploy_token.rb +++ b/app/models/deploy_token.rb @@ -4,6 +4,7 @@ class DeployToken < ActiveRecord::Base add_authentication_token_field :token AVAILABLE_SCOPES = %i(read_repository read_registry).freeze + GITLAB_DEPLOY_TOKEN = 'gitlab-deploy-token'.freeze default_value_for(:expires_at) { Forever.date } diff --git a/app/models/project.rb b/app/models/project.rb index cec1e705aa8..a594f2df662 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -1879,6 +1879,11 @@ class Project < ActiveRecord::Base [] end + def gitlab_deploy_token + @gitlab_deploy_token ||= + deploy_tokens.active.find_by(name: DeployToken::GITLAB_DEPLOY_TOKEN) + end + private def storage diff --git a/spec/factories/deploy_tokens.rb b/spec/factories/deploy_tokens.rb index 5fea4a9d5a6..52ec588973a 100644 --- a/spec/factories/deploy_tokens.rb +++ b/spec/factories/deploy_tokens.rb @@ -10,5 +10,13 @@ FactoryBot.define do trait :revoked do revoked true end + + trait :gitlab_deploy_token do + name DeployToken::GITLAB_DEPLOY_TOKEN + end + + trait :expired do + expires_at { Date.today - 1.month } + end end end diff --git a/spec/models/ci/build_spec.rb b/spec/models/ci/build_spec.rb index fcdc31c8984..b68297bfabc 100644 --- a/spec/models/ci/build_spec.rb +++ b/spec/models/ci/build_spec.rb @@ -2035,6 +2035,37 @@ describe Ci::Build do expect(build).not_to be_persisted end end + + context 'for deploy tokens' do + let(:deploy_token) { create(:deploy_token, :gitlab_deploy_token) } + + let(:deploy_token_variables) do + [ + { key: 'CI_DEPLOY_USER', value: DeployToken::GITLAB_DEPLOY_TOKEN, public: true }, + { key: 'CI_DEPLOY_PASSWORD', value: deploy_token.token, public: true } + ] + end + + context 'when gitlab-deploy-token exist' do + before do + project.deploy_tokens << deploy_token + end + + it 'should include deploy token variables' do + deploy_token_variables.each do |deploy_token_variable| + is_expected.to include(deploy_token_variable) + end + end + end + + context 'when gitlab-deploy-token does not exist' do + it 'should not include deploy token variables' do + deploy_token_variables.each do |deploy_token_variable| + is_expected.not_to include(deploy_token_variable) + end + end + end + end end describe '#scoped_variables' do diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb index 2675c2f52c1..86ad80106af 100644 --- a/spec/models/project_spec.rb +++ b/spec/models/project_spec.rb @@ -3585,4 +3585,31 @@ describe Project do it { is_expected.not_to be_valid } end end + + describe '#gitlab_deploy_token' do + let(:project) { create(:project) } + + subject { project.gitlab_deploy_token } + + context 'when there is a gitlab deploy token associated' do + let!(:deploy_token) { create(:deploy_token, :gitlab_deploy_token, projects: [project]) } + + it { is_expected.to eq(deploy_token) } + end + + context 'when there is no a gitlab deploy token associated' do + it { is_expected.to be_nil } + end + + context 'when there is a gitlab deploy token associated but is has been revoked' do + let!(:deploy_token) { create(:deploy_token, :gitlab_deploy_token, :revoked, projects: [project]) } + it { is_expected.to be_nil } + end + + context 'when there is a gitlab deploy token associated but it has expired' do + let!(:deploy_token) { create(:deploy_token, :gitlab_deploy_token, :expired, projects: [project]) } + + it { is_expected.to be_nil } + end + end end From a6fb079ea3b2fe3981e811b5450df7dacf704a99 Mon Sep 17 00:00:00 2001 From: Mayra Cabrera Date: Mon, 16 Apr 2018 16:18:43 -0500 Subject: [PATCH 2/7] Add changelog and docs --- .../unreleased/44447-expose-deploy-token-to-ci-cd.yml | 5 +++++ doc/ci/variables/README.md | 3 +++ doc/user/project/deploy_tokens/index.md | 9 +++++++++ 3 files changed, 17 insertions(+) create mode 100644 changelogs/unreleased/44447-expose-deploy-token-to-ci-cd.yml diff --git a/changelogs/unreleased/44447-expose-deploy-token-to-ci-cd.yml b/changelogs/unreleased/44447-expose-deploy-token-to-ci-cd.yml new file mode 100644 index 00000000000..d01b797b1ff --- /dev/null +++ b/changelogs/unreleased/44447-expose-deploy-token-to-ci-cd.yml @@ -0,0 +1,5 @@ +--- +title: Expose Deploy Token data as environment varialbes on CI/CD jobs +merge_request: 18414 +author: +type: added diff --git a/doc/ci/variables/README.md b/doc/ci/variables/README.md index 4a504a98902..7338b61fe8b 100644 --- a/doc/ci/variables/README.md +++ b/doc/ci/variables/README.md @@ -87,6 +87,8 @@ future GitLab releases.** | **GITLAB_USER_LOGIN** | 10.0 | all | The login username of the user who started the job | | **GITLAB_USER_NAME** | 10.0 | all | The real name of the user who started the job | | **RESTORE_CACHE_ATTEMPTS** | 8.15 | 1.9 | Number of attempts to restore the cache running a job | +| **CI_DEPLOY_USER** | 10.8 | all | Name of the GitLab Deploy Token. Only present if the Project has a [GitLab Deploy Token][gitlab-deploy-token] related.| +| **CI_DEPLOY_PASSWORD** | 10.8 | all | Token of the Gitlab Deploy Token. Only present if the Project has a [GitLab Deploy Token][gitlab-deploy-token] related.| ## 9.0 Renaming @@ -562,3 +564,4 @@ These variables are also not supported in a contex of a [subgroups]: ../../user/group/subgroups/index.md [builds-policies]: ../yaml/README.md#only-and-except-complex [dynamic-environments]: ../environments.md#dynamic-environments +[gitlab-deploy-token]: ../../user/project/deploy_tokens/index.md diff --git a/doc/user/project/deploy_tokens/index.md b/doc/user/project/deploy_tokens/index.md index 86fc58020e8..d22ccd737c8 100644 --- a/doc/user/project/deploy_tokens/index.md +++ b/doc/user/project/deploy_tokens/index.md @@ -71,6 +71,15 @@ docker login registry.example.com -u -p Just replace `` and `` with the proper values. Then you can simply pull images from your Container Registry. +### GitLab Deploy Token + +> [Introduced][ce-18414] in GitLab 10.8. + +There's a special case when it comes to Deploy Tokens, if a user creates one +named `gitlab-deploy-token`, their information will be automatically exposed +as environment variables. + [ce-17894]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/17894 [ce-11845]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/11845 +[ce-18414]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/18414 [container registry]: ../container_registry.md From f17e83653d9befc02ac0cbfe39a5e2be62cb40ef Mon Sep 17 00:00:00 2001 From: Mayra Cabrera Date: Tue, 17 Apr 2018 15:53:02 -0500 Subject: [PATCH 3/7] Enhances documentation on gitlab-deploy-tokens --- doc/user/project/deploy_tokens/index.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/doc/user/project/deploy_tokens/index.md b/doc/user/project/deploy_tokens/index.md index d22ccd737c8..b00a55672de 100644 --- a/doc/user/project/deploy_tokens/index.md +++ b/doc/user/project/deploy_tokens/index.md @@ -76,8 +76,9 @@ pull images from your Container Registry. > [Introduced][ce-18414] in GitLab 10.8. There's a special case when it comes to Deploy Tokens, if a user creates one -named `gitlab-deploy-token`, their information will be automatically exposed -as environment variables. +named `gitlab-deploy-token`, the name and token of the Deploy Token will be +automatically exposed to the CI/CD jobs as environment variables: `CI_DEPLOY_USER` and +`CI_DEPLOY_PASSWORD`, respectively. [ce-17894]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/17894 [ce-11845]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/11845 From 0dd6d25c251beffca510094281ac8403fad6d8d0 Mon Sep 17 00:00:00 2001 From: Mayra Cabrera Date: Wed, 18 Apr 2018 12:25:57 -0500 Subject: [PATCH 4/7] Rename special deploy token to make it more descriptive Also: - Includes more specs - Improves a bit the documentation --- app/models/ci/build.rb | 2 +- app/models/deploy_token.rb | 2 +- app/models/project.rb | 2 +- doc/ci/variables/README.md | 6 +++--- spec/factories/deploy_tokens.rb | 2 +- spec/models/ci/build_spec.rb | 12 +++++------- spec/models/project_spec.rb | 6 ++++++ 7 files changed, 18 insertions(+), 14 deletions(-) diff --git a/app/models/ci/build.rb b/app/models/ci/build.rb index 2a652b01313..f3972e0cd26 100644 --- a/app/models/ci/build.rb +++ b/app/models/ci/build.rb @@ -657,7 +657,7 @@ module Ci def deploy_token_variables Gitlab::Ci::Variables::Collection.new.tap do |variables| - variables.append(key: 'CI_DEPLOY_USER', value: DeployToken::GITLAB_DEPLOY_TOKEN) + variables.append(key: 'CI_DEPLOY_USER', value: DeployToken::GITLAB_DEPLOY_TOKEN_NAME) variables.append(key: 'CI_DEPLOY_PASSWORD', value: project.gitlab_deploy_token.token) end end diff --git a/app/models/deploy_token.rb b/app/models/deploy_token.rb index 191f07c527f..4e450d0bdc8 100644 --- a/app/models/deploy_token.rb +++ b/app/models/deploy_token.rb @@ -4,7 +4,7 @@ class DeployToken < ActiveRecord::Base add_authentication_token_field :token AVAILABLE_SCOPES = %i(read_repository read_registry).freeze - GITLAB_DEPLOY_TOKEN = 'gitlab-deploy-token'.freeze + GITLAB_DEPLOY_TOKEN_NAME = 'gitlab-deploy-token'.freeze default_value_for(:expires_at) { Forever.date } diff --git a/app/models/project.rb b/app/models/project.rb index a594f2df662..2684a02caba 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -1881,7 +1881,7 @@ class Project < ActiveRecord::Base def gitlab_deploy_token @gitlab_deploy_token ||= - deploy_tokens.active.find_by(name: DeployToken::GITLAB_DEPLOY_TOKEN) + deploy_tokens.active.find_by(name: DeployToken::GITLAB_DEPLOY_TOKEN_NAME) end private diff --git a/doc/ci/variables/README.md b/doc/ci/variables/README.md index 7338b61fe8b..117918bec50 100644 --- a/doc/ci/variables/README.md +++ b/doc/ci/variables/README.md @@ -87,8 +87,8 @@ future GitLab releases.** | **GITLAB_USER_LOGIN** | 10.0 | all | The login username of the user who started the job | | **GITLAB_USER_NAME** | 10.0 | all | The real name of the user who started the job | | **RESTORE_CACHE_ATTEMPTS** | 8.15 | 1.9 | Number of attempts to restore the cache running a job | -| **CI_DEPLOY_USER** | 10.8 | all | Name of the GitLab Deploy Token. Only present if the Project has a [GitLab Deploy Token][gitlab-deploy-token] related.| -| **CI_DEPLOY_PASSWORD** | 10.8 | all | Token of the Gitlab Deploy Token. Only present if the Project has a [GitLab Deploy Token][gitlab-deploy-token] related.| +| **CI_DEPLOY_USER** | 10.8 | all | Authentication username of the [GitLab Deploy Token][gitlab-deploy-token], only present if the Project has one related.| +| **CI_DEPLOY_PASSWORD** | 10.8 | all | Authentication password of the [GitLab Deploy Token][gitlab-deploy-token], only present if the Project has one related.| ## 9.0 Renaming @@ -564,4 +564,4 @@ These variables are also not supported in a contex of a [subgroups]: ../../user/group/subgroups/index.md [builds-policies]: ../yaml/README.md#only-and-except-complex [dynamic-environments]: ../environments.md#dynamic-environments -[gitlab-deploy-token]: ../../user/project/deploy_tokens/index.md +[gitlab-deploy-token]: ../../user/project/deploy_tokens/index.md#gitlab-deploy-token diff --git a/spec/factories/deploy_tokens.rb b/spec/factories/deploy_tokens.rb index 52ec588973a..017e866e69c 100644 --- a/spec/factories/deploy_tokens.rb +++ b/spec/factories/deploy_tokens.rb @@ -12,7 +12,7 @@ FactoryBot.define do end trait :gitlab_deploy_token do - name DeployToken::GITLAB_DEPLOY_TOKEN + name DeployToken::GITLAB_DEPLOY_TOKEN_NAME end trait :expired do diff --git a/spec/models/ci/build_spec.rb b/spec/models/ci/build_spec.rb index b68297bfabc..e70f5b26440 100644 --- a/spec/models/ci/build_spec.rb +++ b/spec/models/ci/build_spec.rb @@ -2041,27 +2041,25 @@ describe Ci::Build do let(:deploy_token_variables) do [ - { key: 'CI_DEPLOY_USER', value: DeployToken::GITLAB_DEPLOY_TOKEN, public: true }, + { key: 'CI_DEPLOY_USER', value: DeployToken::GITLAB_DEPLOY_TOKEN_NAME, public: true }, { key: 'CI_DEPLOY_PASSWORD', value: deploy_token.token, public: true } ] end - context 'when gitlab-deploy-token exist' do + context 'when gitlab-deploy-token exists' do before do project.deploy_tokens << deploy_token end it 'should include deploy token variables' do - deploy_token_variables.each do |deploy_token_variable| - is_expected.to include(deploy_token_variable) - end + is_expected.to include(*deploy_token_variables) end end context 'when gitlab-deploy-token does not exist' do it 'should not include deploy token variables' do - deploy_token_variables.each do |deploy_token_variable| - is_expected.not_to include(deploy_token_variable) + %w(CI_DEPLOY_USER CI_DEPLOY_PASSWORD).each do |deploy_token_key| + expect(subject.find { |v| v[:key] == deploy_token_key}).to be_nil end end end diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb index 86ad80106af..f8b2fbf7399 100644 --- a/spec/models/project_spec.rb +++ b/spec/models/project_spec.rb @@ -3611,5 +3611,11 @@ describe Project do it { is_expected.to be_nil } end + + context 'when there is a gitlab deploy token associated with a different name' do + let!(:deploy_token) { create(:deploy_token, projects: [project]) } + + it { is_expected.to be_nil } + end end end From 800ee75aa5f65fc41f32c8d7f3519256cd37c645 Mon Sep 17 00:00:00 2001 From: Mayra Cabrera Date: Thu, 19 Apr 2018 10:31:46 -0500 Subject: [PATCH 5/7] Ensure deploy tokens variables are not available in the context of only/except --- app/models/ci/build.rb | 8 +++++--- doc/ci/environments.md | 2 ++ doc/ci/variables/README.md | 2 ++ spec/models/ci/build_spec.rb | 11 ++++++----- spec/models/project_spec.rb | 2 +- 5 files changed, 16 insertions(+), 9 deletions(-) diff --git a/app/models/ci/build.rb b/app/models/ci/build.rb index f3972e0cd26..8db07553665 100644 --- a/app/models/ci/build.rb +++ b/app/models/ci/build.rb @@ -27,6 +27,7 @@ module Ci has_one :metadata, class_name: 'Ci::BuildMetadata' delegate :timeout, to: :metadata, prefix: true, allow_nil: true + delegate :gitlab_deploy_token, to: :project ## # The "environment" field for builds is a String, and is the unexpanded name! @@ -604,6 +605,8 @@ module Ci .append(key: 'CI_REGISTRY_USER', value: CI_REGISTRY_USER) .append(key: 'CI_REGISTRY_PASSWORD', value: token, public: false) .append(key: 'CI_REPOSITORY_URL', value: repo_url, public: false) + + variables.concat(deploy_token_variables) if gitlab_deploy_token end end @@ -624,7 +627,6 @@ module Ci variables.append(key: "CI_PIPELINE_TRIGGERED", value: 'true') if trigger_request variables.append(key: "CI_JOB_MANUAL", value: 'true') if action? variables.concat(legacy_variables) - variables.concat(deploy_token_variables) if project.gitlab_deploy_token end end @@ -657,8 +659,8 @@ module Ci def deploy_token_variables Gitlab::Ci::Variables::Collection.new.tap do |variables| - variables.append(key: 'CI_DEPLOY_USER', value: DeployToken::GITLAB_DEPLOY_TOKEN_NAME) - variables.append(key: 'CI_DEPLOY_PASSWORD', value: project.gitlab_deploy_token.token) + variables.append(key: 'CI_DEPLOY_USER', value: gitlab_deploy_token.name) + variables.append(key: 'CI_DEPLOY_PASSWORD', value: gitlab_deploy_token.token) end end diff --git a/doc/ci/environments.md b/doc/ci/environments.md index b3d9f0bc96c..517e25f00f7 100644 --- a/doc/ci/environments.md +++ b/doc/ci/environments.md @@ -260,6 +260,8 @@ are unsupported in environment name context: - `CI_REGISTRY_PASSWORD` - `CI_REPOSITORY_URL` - `CI_ENVIRONMENT_URL` +- `CI_DEPLOY_USER` +- `CI_DEPLOY_PASSWORD` GitLab Runner exposes various [environment variables][variables] when a job runs, and as such, you can use them as environment names. Let's add another job in diff --git a/doc/ci/variables/README.md b/doc/ci/variables/README.md index 117918bec50..f0df8b96cab 100644 --- a/doc/ci/variables/README.md +++ b/doc/ci/variables/README.md @@ -548,6 +548,8 @@ You can find a full list of unsupported variables below: - `CI_REGISTRY_PASSWORD` - `CI_REPOSITORY_URL` - `CI_ENVIRONMENT_URL` +- `CI_DEPLOY_USER` +- `CI_DEPLOY_PASSWORD` These variables are also not supported in a contex of a [dynamic environment name][dynamic-environments]. diff --git a/spec/models/ci/build_spec.rb b/spec/models/ci/build_spec.rb index e70f5b26440..9620e644032 100644 --- a/spec/models/ci/build_spec.rb +++ b/spec/models/ci/build_spec.rb @@ -2041,7 +2041,7 @@ describe Ci::Build do let(:deploy_token_variables) do [ - { key: 'CI_DEPLOY_USER', value: DeployToken::GITLAB_DEPLOY_TOKEN_NAME, public: true }, + { key: 'CI_DEPLOY_USER', value: deploy_token.name, public: true }, { key: 'CI_DEPLOY_PASSWORD', value: deploy_token.token, public: true } ] end @@ -2058,9 +2058,8 @@ describe Ci::Build do context 'when gitlab-deploy-token does not exist' do it 'should not include deploy token variables' do - %w(CI_DEPLOY_USER CI_DEPLOY_PASSWORD).each do |deploy_token_key| - expect(subject.find { |v| v[:key] == deploy_token_key}).to be_nil - end + expect(subject.find { |v| v[:key] == 'CI_DEPLOY_USER'}).to be_nil + expect(subject.find { |v| v[:key] == 'CI_DEPLOY_PASSWORD'}).to be_nil end end end @@ -2112,7 +2111,9 @@ describe Ci::Build do CI_REGISTRY_USER CI_REGISTRY_PASSWORD CI_REPOSITORY_URL - CI_ENVIRONMENT_URL] + CI_ENVIRONMENT_URL + CI_DEPLOY_USER + CI_DEPLOY_PASSWORD] build.scoped_variables.map { |env| env[:key] }.tap do |names| expect(names).not_to include(*keys) diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb index f8b2fbf7399..bae2f1342d3 100644 --- a/spec/models/project_spec.rb +++ b/spec/models/project_spec.rb @@ -3612,7 +3612,7 @@ describe Project do it { is_expected.to be_nil } end - context 'when there is a gitlab deploy token associated with a different name' do + context 'when there is a deploy token associated with a different name' do let!(:deploy_token) { create(:deploy_token, projects: [project]) } it { is_expected.to be_nil } From cdac54e2a2abe4b93bd5a96603b9d6d8745d277e Mon Sep 17 00:00:00 2001 From: Mayra Cabrera Date: Fri, 20 Apr 2018 10:05:16 -0500 Subject: [PATCH 6/7] Refactor deploy token methods on Ci::Build Also include a class method for retriving the gitlab_deploy_token on DeployTokens --- app/models/ci/build.rb | 7 ++++--- app/models/deploy_token.rb | 4 ++++ app/models/project.rb | 3 +-- spec/models/ci/build_spec.rb | 2 +- spec/models/deploy_token_spec.rb | 19 +++++++++++++++++++ 5 files changed, 29 insertions(+), 6 deletions(-) diff --git a/app/models/ci/build.rb b/app/models/ci/build.rb index 8db07553665..9000ad860e9 100644 --- a/app/models/ci/build.rb +++ b/app/models/ci/build.rb @@ -605,8 +605,7 @@ module Ci .append(key: 'CI_REGISTRY_USER', value: CI_REGISTRY_USER) .append(key: 'CI_REGISTRY_PASSWORD', value: token, public: false) .append(key: 'CI_REPOSITORY_URL', value: repo_url, public: false) - - variables.concat(deploy_token_variables) if gitlab_deploy_token + .concat(deploy_token_variables) end end @@ -659,8 +658,10 @@ module Ci def deploy_token_variables Gitlab::Ci::Variables::Collection.new.tap do |variables| + break variables unless gitlab_deploy_token + variables.append(key: 'CI_DEPLOY_USER', value: gitlab_deploy_token.name) - variables.append(key: 'CI_DEPLOY_PASSWORD', value: gitlab_deploy_token.token) + variables.append(key: 'CI_DEPLOY_PASSWORD', value: gitlab_deploy_token.token, public: false) end end diff --git a/app/models/deploy_token.rb b/app/models/deploy_token.rb index 4e450d0bdc8..5082dc45368 100644 --- a/app/models/deploy_token.rb +++ b/app/models/deploy_token.rb @@ -18,6 +18,10 @@ class DeployToken < ActiveRecord::Base scope :active, -> { where("revoked = false AND expires_at >= NOW()") } + def self.gitlab_deploy_token + active.find_by(name: GITLAB_DEPLOY_TOKEN_NAME) + end + def revoke! update!(revoked: true) end diff --git a/app/models/project.rb b/app/models/project.rb index 2684a02caba..c293b0b8cf4 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -1880,8 +1880,7 @@ class Project < ActiveRecord::Base end def gitlab_deploy_token - @gitlab_deploy_token ||= - deploy_tokens.active.find_by(name: DeployToken::GITLAB_DEPLOY_TOKEN_NAME) + @gitlab_deploy_token ||= deploy_tokens.gitlab_deploy_token end private diff --git a/spec/models/ci/build_spec.rb b/spec/models/ci/build_spec.rb index 9620e644032..3158e006720 100644 --- a/spec/models/ci/build_spec.rb +++ b/spec/models/ci/build_spec.rb @@ -2042,7 +2042,7 @@ describe Ci::Build do let(:deploy_token_variables) do [ { key: 'CI_DEPLOY_USER', value: deploy_token.name, public: true }, - { key: 'CI_DEPLOY_PASSWORD', value: deploy_token.token, public: true } + { key: 'CI_DEPLOY_PASSWORD', value: deploy_token.token, public: false } ] end diff --git a/spec/models/deploy_token_spec.rb b/spec/models/deploy_token_spec.rb index 780b200e837..f8d51a95833 100644 --- a/spec/models/deploy_token_spec.rb +++ b/spec/models/deploy_token_spec.rb @@ -142,4 +142,23 @@ describe DeployToken do end end end + + describe '.gitlab_deploy_token' do + let(:project) { create(:project ) } + + subject { project.deploy_tokens.gitlab_deploy_token } + + context 'with a gitlab deploy token associated' do + it 'should return the gitlab deploy token' do + deploy_token = create(:deploy_token, :gitlab_deploy_token, projects: [project]) + is_expected.to eq(deploy_token) + end + end + + context 'with no gitlab deploy token associated' do + it 'should return nil' do + is_expected.to be_nil + end + end + end end From 82d66ac96d03a4caf6d4c3c86c51009e2a4fe9fb Mon Sep 17 00:00:00 2001 From: Mayra Cabrera Date: Mon, 23 Apr 2018 09:23:46 -0500 Subject: [PATCH 7/7] Increases specs examples regarding projects & deploy tokens --- spec/models/project_spec.rb | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb index bae2f1342d3..df31550044d 100644 --- a/spec/models/project_spec.rb +++ b/spec/models/project_spec.rb @@ -3606,7 +3606,7 @@ describe Project do it { is_expected.to be_nil } end - context 'when there is a gitlab deploy token associated but it has expired' do + context 'when there is a gitlab deploy token associated but it is expired' do let!(:deploy_token) { create(:deploy_token, :gitlab_deploy_token, :expired, projects: [project]) } it { is_expected.to be_nil } @@ -3617,5 +3617,12 @@ describe Project do it { is_expected.to be_nil } end + + context 'when there is a deploy token associated to a different project' do + let(:project_2) { create(:project) } + let!(:deploy_token) { create(:deploy_token, projects: [project_2]) } + + it { is_expected.to be_nil } + end end end