Dependency proxy settings are built on access

When group dependency proxy settings are accessed, the setting object is built so no NULL result is ever returned. Changelog: fixed

Dependency proxy settings are built on access
When group dependency proxy settings are accessed, the setting object is built so no NULL result is ever returned. Changelog: fixed
b45f6426 · Steve Abrams · Bob Van Landuyt · 4f1e3e52 · b45f6426 · b45f6426
Commit b45f6426 authored Jan 18, 2022 by Steve Abrams Committed by Bob Van Landuyt Jan 18, 2022
6 changed files
--- a/app/controllers/groups/dependency_proxy_for_containers_controller.rb
+++ b/app/controllers/groups/dependency_proxy_for_containers_controller.rb
@@ -145,8 +145,7 @@ class Groups::DependencyProxyForContainersController < ::Groups::DependencyProxy
  end

  def dependency_proxy
-    @dependency_proxy ||=
-      group.dependency_proxy_setting || group.create_dependency_proxy_setting
+    @dependency_proxy ||= group.dependency_proxy_setting
  end

  def ensure_group

--- a/app/models/group.rb
+++ b/app/models/group.rb
@@ -776,6 +776,10 @@ class Group < Namespace
    super || build_dependency_proxy_image_ttl_policy
  end

+  def dependency_proxy_setting
+    super || build_dependency_proxy_setting
+  end
+
  def crm_enabled?
    crm_settings&.enabled?
  end

--- a/spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb
+++ b/spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb
@@ -178,10 +178,6 @@ RSpec.describe Groups::DependencyProxyForContainersController do
    subject { get_manifest(tag) }

    context 'feature enabled' do
-      before do
-        enable_dependency_proxy
-      end
-
      it_behaves_like 'without a token'
      it_behaves_like 'without permission'
      it_behaves_like 'feature flag disabled with private group'
@@ -270,7 +266,6 @@ RSpec.describe Groups::DependencyProxyForContainersController do
          let_it_be_with_reload(:group) { create(:group, parent: parent_group) }

          before do
-            parent_group.create_dependency_proxy_setting!(enabled: true)
            group_deploy_token.update_column(:group_id, parent_group.id)
          end

@@ -294,10 +289,6 @@ RSpec.describe Groups::DependencyProxyForContainersController do
    subject { get_blob }

    context 'feature enabled' do
-      before do
-        enable_dependency_proxy
-      end
-
      it_behaves_like 'without a token'
      it_behaves_like 'without permission'
      it_behaves_like 'feature flag disabled with private group'
@@ -341,7 +332,6 @@ RSpec.describe Groups::DependencyProxyForContainersController do
          let_it_be_with_reload(:group) { create(:group, parent: parent_group) }

          before do
-            parent_group.create_dependency_proxy_setting!(enabled: true)
            group_deploy_token.update_column(:group_id, parent_group.id)
          end

@@ -474,10 +464,6 @@ RSpec.describe Groups::DependencyProxyForContainersController do
    end
  end

-  def enable_dependency_proxy
-    group.create_dependency_proxy_setting!(enabled: true)
-  end
-
  def disable_dependency_proxy
    group.create_dependency_proxy_setting!(enabled: false)
  end

--- a/spec/models/group_spec.rb
+++ b/spec/models/group_spec.rb
@@ -2823,6 +2823,26 @@ RSpec.describe Group do
    end
  end

+  describe '#dependency_proxy_setting' do
+    subject(:setting) { group.dependency_proxy_setting }
+
+    it 'builds a new policy if one does not exist', :aggregate_failures do
+      expect(setting.enabled).to eq(true)
+      expect(setting).not_to be_persisted
+    end
+
+    context 'with existing policy' do
+      before do
+        group.dependency_proxy_setting.update!(enabled: false)
+      end
+
+      it 'returns the policy if it already exists', :aggregate_failures do
+        expect(setting.enabled).to eq(false)
+        expect(setting).to be_persisted
+      end
+    end
+  end
+
  describe '#crm_enabled?' do
    it 'returns false where no crm_settings exist' do
      expect(group.crm_enabled?).to be_falsey

--- a/spec/policies/group_policy_spec.rb
+++ b/spec/policies/group_policy_spec.rb
@@ -909,7 +909,6 @@ RSpec.describe GroupPolicy do
    context 'feature enabled' do
      before do
        stub_config(dependency_proxy: { enabled: true })
-        group.create_dependency_proxy_setting!(enabled: true)
      end

      context 'reporter' do
@@ -955,7 +954,6 @@ RSpec.describe GroupPolicy do

      before do
        stub_config(dependency_proxy: { enabled: true })
-        group.create_dependency_proxy_setting!(enabled: true)
      end

      it { is_expected.to be_allowed(:read_dependency_proxy) }

--- a/spec/requests/rack_attack_global_spec.rb
+++ b/spec/requests/rack_attack_global_spec.rb
@@ -499,9 +499,7 @@ RSpec.describe 'Rack Attack global throttles', :use_clean_rails_memory_store_cac

    before do
      group.add_owner(user)
-      group.create_dependency_proxy_setting!(enabled: true)
      other_group.add_owner(other_user)
-      other_group.create_dependency_proxy_setting!(enabled: true)

      allow(Gitlab.config.dependency_proxy)
        .to receive(:enabled).and_return(true)