Commit 8e045622 authored by Dmytro Zaporozhets's avatar Dmytro Zaporozhets

Merge branch '213566-package-deploy-tokens' into 'master'

Add new scopes to the deploy_tokens table

See merge request gitlab-org/gitlab!29383
parents e8416fb8 21aea74f
...@@ -7,7 +7,8 @@ class DeployToken < ApplicationRecord ...@@ -7,7 +7,8 @@ class DeployToken < ApplicationRecord
include Gitlab::Utils::StrongMemoize include Gitlab::Utils::StrongMemoize
add_authentication_token_field :token, encrypted: :optional add_authentication_token_field :token, encrypted: :optional
AVAILABLE_SCOPES = %i(read_repository read_registry write_registry).freeze AVAILABLE_SCOPES = %i(read_repository read_registry write_registry
read_package_registry write_package_registry).freeze
GITLAB_DEPLOY_TOKEN_NAME = 'gitlab-deploy-token' GITLAB_DEPLOY_TOKEN_NAME = 'gitlab-deploy-token'
default_value_for(:expires_at) { Forever.date } default_value_for(:expires_at) { Forever.date }
...@@ -105,7 +106,7 @@ class DeployToken < ApplicationRecord ...@@ -105,7 +106,7 @@ class DeployToken < ApplicationRecord
end end
def ensure_at_least_one_scope def ensure_at_least_one_scope
errors.add(:base, _("Scopes can't be blank")) unless read_repository || read_registry || write_registry errors.add(:base, _("Scopes can't be blank")) unless scopes.any?
end end
def default_username def default_username
......
---
title: Add read/write_package_registry to deploy_tokens
merge_request: 29383
author:
type: added
# frozen_string_literal: true
class AddPackageScopesToDeployTokens < ActiveRecord::Migration[6.0]
include Gitlab::Database::MigrationHelpers
DOWNTIME = false
disable_ddl_transaction!
def up
add_column_with_default(:deploy_tokens, :read_package_registry, :boolean, default: false, allow_null: false)
add_column_with_default(:deploy_tokens, :write_package_registry, :boolean, default: false, allow_null: false)
end
def down
remove_column(:deploy_tokens, :read_package_registry)
remove_column(:deploy_tokens, :write_package_registry)
end
end
...@@ -2005,7 +2005,9 @@ CREATE TABLE public.deploy_tokens ( ...@@ -2005,7 +2005,9 @@ CREATE TABLE public.deploy_tokens (
username character varying, username character varying,
token_encrypted character varying(255), token_encrypted character varying(255),
deploy_token_type smallint DEFAULT 2 NOT NULL, deploy_token_type smallint DEFAULT 2 NOT NULL,
write_registry boolean DEFAULT false NOT NULL write_registry boolean DEFAULT false NOT NULL,
read_package_registry boolean DEFAULT false NOT NULL,
write_package_registry boolean DEFAULT false NOT NULL
); );
CREATE SEQUENCE public.deploy_tokens_id_seq CREATE SEQUENCE public.deploy_tokens_id_seq
...@@ -13246,6 +13248,7 @@ COPY "schema_migrations" (version) FROM STDIN; ...@@ -13246,6 +13248,7 @@ COPY "schema_migrations" (version) FROM STDIN;
20200409211607 20200409211607
20200410104828 20200410104828
20200410232012 20200410232012
20200411125656
20200413072059 20200413072059
20200413230056 20200413230056
20200414144547 20200414144547
......
...@@ -8,6 +8,8 @@ FactoryBot.define do ...@@ -8,6 +8,8 @@ FactoryBot.define do
read_repository { true } read_repository { true }
read_registry { true } read_registry { true }
write_registry { false } write_registry { false }
read_package_registry { false }
write_package_registry { false }
revoked { false } revoked { false }
expires_at { 5.days.from_now } expires_at { 5.days.from_now }
deploy_token_type { DeployToken.deploy_token_types[:project_type] } deploy_token_type { DeployToken.deploy_token_types[:project_type] }
...@@ -31,5 +33,11 @@ FactoryBot.define do ...@@ -31,5 +33,11 @@ FactoryBot.define do
trait :project do trait :project do
deploy_token_type { DeployToken.deploy_token_types[:project_type] } deploy_token_type { DeployToken.deploy_token_types[:project_type] }
end end
trait :all_scopes do
write_registry { true}
read_package_registry { true }
write_package_registry { true }
end
end end
end end
...@@ -72,8 +72,10 @@ describe DeployToken do ...@@ -72,8 +72,10 @@ describe DeployToken do
describe '#scopes' do describe '#scopes' do
context 'with all the scopes' do context 'with all the scopes' do
let_it_be(:deploy_token) { create(:deploy_token, :all_scopes) }
it 'returns scopes assigned to DeployToken' do it 'returns scopes assigned to DeployToken' do
expect(deploy_token.scopes).to eq([:read_repository, :read_registry]) expect(deploy_token.scopes).to eq(DeployToken::AVAILABLE_SCOPES)
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment