Commit 1f92ceef authored by Luke Duncalfe's avatar Luke Duncalfe

Merge branch 'john-mason-remove-runner-token-prefix-ff' into 'master'

Remove feature flags for runner token prefix

See merge request gitlab-org/gitlab!81839
parents 59582477 29bbf97e
# frozen_string_literal: true
module RunnersTokenPrefixable
# Prefix for runners_token which can be used to invalidate existing tokens.
# The value chosen here is GR (for Gitlab Runner) combined with the rotation
# date (20220225) decimal to hex encoded.
RUNNERS_TOKEN_PREFIX = 'GR1348941'
end
...@@ -22,11 +22,6 @@ class Group < Namespace ...@@ -22,11 +22,6 @@ class Group < Namespace
extend ::Gitlab::Utils::Override extend ::Gitlab::Utils::Override
# Prefix for runners_token which can be used to invalidate existing tokens.
# The value chosen here is GR (for Gitlab Runner) combined with the rotation
# date (20220225) decimal to hex encoded.
RUNNERS_TOKEN_PREFIX = 'GR1348941'
def self.sti_name def self.sti_name
'Group' 'Group'
end end
...@@ -124,7 +119,7 @@ class Group < Namespace ...@@ -124,7 +119,7 @@ class Group < Namespace
add_authentication_token_field :runners_token, add_authentication_token_field :runners_token,
encrypted: -> { Feature.enabled?(:groups_tokens_optional_encryption, default_enabled: true) ? :optional : :required }, encrypted: -> { Feature.enabled?(:groups_tokens_optional_encryption, default_enabled: true) ? :optional : :required },
prefix: ->(instance) { instance.runners_token_prefix } prefix: RunnersTokenPrefixable::RUNNERS_TOKEN_PREFIX
after_create :post_create_hook after_create :post_create_hook
after_destroy :post_destroy_hook after_destroy :post_destroy_hook
...@@ -678,13 +673,9 @@ class Group < Namespace ...@@ -678,13 +673,9 @@ class Group < Namespace
ensure_runners_token! ensure_runners_token!
end end
def runners_token_prefix
Feature.enabled?(:groups_runners_token_prefix, self, default_enabled: :yaml) ? RUNNERS_TOKEN_PREFIX : ''
end
override :format_runners_token override :format_runners_token
def format_runners_token(token) def format_runners_token(token)
"#{runners_token_prefix}#{token}" "#{RunnersTokenPrefixable::RUNNERS_TOKEN_PREFIX}#{token}"
end end
def project_creation_level def project_creation_level
......
...@@ -90,11 +90,6 @@ class Project < ApplicationRecord ...@@ -90,11 +90,6 @@ class Project < ApplicationRecord
DEFAULT_SQUASH_COMMIT_TEMPLATE = '%{title}' DEFAULT_SQUASH_COMMIT_TEMPLATE = '%{title}'
# Prefix for runners_token which can be used to invalidate existing tokens.
# The value chosen here is GR (for Gitlab Runner) combined with the rotation
# date (20220225) decimal to hex encoded.
RUNNERS_TOKEN_PREFIX = 'GR1348941'
cache_markdown_field :description, pipeline: :description cache_markdown_field :description, pipeline: :description
default_value_for :packages_enabled, true default_value_for :packages_enabled, true
...@@ -117,7 +112,7 @@ class Project < ApplicationRecord ...@@ -117,7 +112,7 @@ class Project < ApplicationRecord
add_authentication_token_field :runners_token, add_authentication_token_field :runners_token,
encrypted: -> { Feature.enabled?(:projects_tokens_optional_encryption, default_enabled: true) ? :optional : :required }, encrypted: -> { Feature.enabled?(:projects_tokens_optional_encryption, default_enabled: true) ? :optional : :required },
prefix: ->(instance) { instance.runners_token_prefix } prefix: RunnersTokenPrefixable::RUNNERS_TOKEN_PREFIX
before_validation :mark_remote_mirrors_for_removal, if: -> { RemoteMirror.table_exists? } before_validation :mark_remote_mirrors_for_removal, if: -> { RemoteMirror.table_exists? }
...@@ -1887,13 +1882,9 @@ class Project < ApplicationRecord ...@@ -1887,13 +1882,9 @@ class Project < ApplicationRecord
ensure_runners_token! ensure_runners_token!
end end
def runners_token_prefix
Feature.enabled?(:projects_runners_token_prefix, self, default_enabled: :yaml) ? RUNNERS_TOKEN_PREFIX : ''
end
override :format_runners_token override :format_runners_token
def format_runners_token(token) def format_runners_token(token)
"#{runners_token_prefix}#{token}" "#{RunnersTokenPrefixable::RUNNERS_TOKEN_PREFIX}#{token}"
end end
def pages_deployed? def pages_deployed?
......
---
name: groups_runners_token_prefix
introduced_by_url:
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/353805
milestone: '14.9'
type: development
group: group::database
default_enabled: true
---
name: projects_runners_token_prefix
introduced_by_url:
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/353805
milestone: '14.9'
type: development
group: group::database
default_enabled: true
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe RunnersTokenPrefixable do
describe 'runners token prefix' do
subject { described_class::RUNNERS_TOKEN_PREFIX }
it 'has the correct value' do
expect(subject).to eq('GR1348941')
end
end
end
...@@ -441,7 +441,7 @@ RSpec.shared_examples 'prefixed token rotation' do ...@@ -441,7 +441,7 @@ RSpec.shared_examples 'prefixed token rotation' do
context 'token is not set' do context 'token is not set' do
it 'generates a new token' do it 'generates a new token' do
expect(subject).to match(/^#{instance.class::RUNNERS_TOKEN_PREFIX}/) expect(subject).to match(/^#{RunnersTokenPrefixable::RUNNERS_TOKEN_PREFIX}/)
expect(instance).not_to be_persisted expect(instance).not_to be_persisted
end end
end end
...@@ -452,26 +452,14 @@ RSpec.shared_examples 'prefixed token rotation' do ...@@ -452,26 +452,14 @@ RSpec.shared_examples 'prefixed token rotation' do
end end
it 'generates a new token' do it 'generates a new token' do
expect(subject).to match(/^#{instance.class::RUNNERS_TOKEN_PREFIX}/) expect(subject).to match(/^#{RunnersTokenPrefixable::RUNNERS_TOKEN_PREFIX}/)
expect(instance).not_to be_persisted expect(instance).not_to be_persisted
end end
context 'feature flag is disabled' do
before do
flag = "#{described_class.name.downcase.pluralize}_runners_token_prefix"
stub_feature_flags(flag => false)
end
it 'leaves the token unchanged' do
expect { subject }.not_to change(instance, :runners_token)
expect(instance).not_to be_persisted
end
end
end end
context 'token is set and matches prefix' do context 'token is set and matches prefix' do
before do before do
instance.set_runners_token(instance.class::RUNNERS_TOKEN_PREFIX + '-abcdef') instance.set_runners_token(RunnersTokenPrefixable::RUNNERS_TOKEN_PREFIX + '-abcdef')
end end
it 'leaves the token unchanged' do it 'leaves the token unchanged' do
...@@ -486,7 +474,7 @@ RSpec.shared_examples 'prefixed token rotation' do ...@@ -486,7 +474,7 @@ RSpec.shared_examples 'prefixed token rotation' do
context 'token is not set' do context 'token is not set' do
it 'generates a new token' do it 'generates a new token' do
expect(subject).to match(/^#{instance.class::RUNNERS_TOKEN_PREFIX}/) expect(subject).to match(/^#{RunnersTokenPrefixable::RUNNERS_TOKEN_PREFIX}/)
expect(instance).to be_persisted expect(instance).to be_persisted
end end
end end
...@@ -497,25 +485,14 @@ RSpec.shared_examples 'prefixed token rotation' do ...@@ -497,25 +485,14 @@ RSpec.shared_examples 'prefixed token rotation' do
end end
it 'generates a new token' do it 'generates a new token' do
expect(subject).to match(/^#{instance.class::RUNNERS_TOKEN_PREFIX}/) expect(subject).to match(/^#{RunnersTokenPrefixable::RUNNERS_TOKEN_PREFIX}/)
expect(instance).to be_persisted expect(instance).to be_persisted
end end
context 'feature flag is disabled' do
before do
flag = "#{described_class.name.downcase.pluralize}_runners_token_prefix"
stub_feature_flags(flag => false)
end
it 'leaves the token unchanged' do
expect { subject }.not_to change(instance, :runners_token)
end
end
end end
context 'token is set and matches prefix' do context 'token is set and matches prefix' do
before do before do
instance.set_runners_token(instance.class::RUNNERS_TOKEN_PREFIX + '-abcdef') instance.set_runners_token(RunnersTokenPrefixable::RUNNERS_TOKEN_PREFIX + '-abcdef')
instance.save! instance.save!
end end
......
...@@ -3239,12 +3239,4 @@ RSpec.describe Group do ...@@ -3239,12 +3239,4 @@ RSpec.describe Group do
it_behaves_like 'no effective expiration interval' it_behaves_like 'no effective expiration interval'
end end
end end
describe '#runners_token' do
let_it_be(:group) { create(:group) }
subject { group }
it_behaves_like 'it has a prefixable runners_token', :groups_runners_token_prefix
end
end end
...@@ -813,8 +813,8 @@ RSpec.describe Project, factory_default: :keep do ...@@ -813,8 +813,8 @@ RSpec.describe Project, factory_default: :keep do
end end
it 'does not set an random token if one provided' do it 'does not set an random token if one provided' do
project = FactoryBot.create(:project, runners_token: "#{Project::RUNNERS_TOKEN_PREFIX}my-token") project = FactoryBot.create(:project, runners_token: "#{RunnersTokenPrefixable::RUNNERS_TOKEN_PREFIX}my-token")
expect(project.runners_token).to eq("#{Project::RUNNERS_TOKEN_PREFIX}my-token") expect(project.runners_token).to eq("#{RunnersTokenPrefixable::RUNNERS_TOKEN_PREFIX}my-token")
end end
end end
...@@ -8077,14 +8077,6 @@ RSpec.describe Project, factory_default: :keep do ...@@ -8077,14 +8077,6 @@ RSpec.describe Project, factory_default: :keep do
end end
end end
describe '#runners_token' do
let_it_be(:project) { create(:project) }
subject { project }
it_behaves_like 'it has a prefixable runners_token', :projects_runners_token_prefix
end
private private
def finish_job(export_job) def finish_job(export_job)
......
# frozen_string_literal: true
RSpec.shared_examples 'it has a prefixable runners_token' do |feature_flag|
context 'feature flag enabled' do
before do
stub_feature_flags(feature_flag => [subject])
end
describe '#runners_token' do
it 'has a runners_token_prefix' do
expect(subject.runners_token_prefix).not_to be_empty
end
it 'starts with the runners_token_prefix' do
expect(subject.runners_token).to start_with(subject.runners_token_prefix)
end
end
end
context 'feature flag disabled' do
before do
stub_feature_flags(feature_flag => false)
end
describe '#runners_token' do
it 'does not have a runners_token_prefix' do
expect(subject.runners_token_prefix).to be_empty
end
it 'starts with the runners_token_prefix' do
expect(subject.runners_token).to start_with(subject.runners_token_prefix)
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment