Cleanup secret variables refactoring in variables builder

Changelog: other

Cleanup secret variables refactoring in variables builder
Changelog: other
b668969c · Marius Bobin · 554e3e67 · 554e3e67 · b668969c · b668969c
Commit b668969c authored Mar 22, 2022 by Marius Bobin
3 changed files
--- a/config/feature_flags/development/ci_variables_builder_memoize_secret_variables.yml
+++ b/config/feature_flags/development/ci_variables_builder_memoize_secret_variables.yml
---
-name: ci_variables_builder_memoize_secret_variables
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/79850
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/351995
-milestone: '14.8'
-type: development
-group: group::pipeline execution
-default_enabled: false
--- a/lib/gitlab/ci/variables/builder.rb
+++ b/lib/gitlab/ci/variables/builder.rb
@@ -24,8 +24,8 @@ module Gitlab
            variables.concat(user_variables(job.user))
            variables.concat(job.dependency_variables) if dependencies
            variables.concat(secret_instance_variables)
-            variables.concat(secret_group_variables(environment: environment, ref: job.git_ref))
+            variables.concat(secret_group_variables(environment: environment))
-            variables.concat(secret_project_variables(environment: environment, ref: job.git_ref))
+            variables.concat(secret_project_variables(environment: environment))
            variables.concat(job.trigger_request.user_variables) if job.trigger_request
            variables.concat(pipeline.variables)
            variables.concat(pipeline.pipeline_schedule.job_variables) if pipeline.pipeline_schedule
@@ -75,21 +75,21 @@ module Gitlab
          end
        end
-        def secret_group_variables(environment:, ref:)
+        def secret_group_variables(environment:)
-          if memoize_secret_variables?
+          strong_memoize_with(:secret_group_variables, environment) do
-            memoized_secret_group_variables(environment: environment)
+            group_variables_builder
-          else
+              .secret_variables(
-            return [] unless project.group
+                environment: environment,
+                protected_ref: protected_ref?)
-            project.group.ci_variables_for(ref, project, environment: environment)
          end
        end
-        def secret_project_variables(environment:, ref:)
+        def secret_project_variables(environment:)
-          if memoize_secret_variables?
+          strong_memoize_with(:secret_project_variables, environment) do
-            memoized_secret_project_variables(environment: environment)
+            project_variables_builder
-          else
+              .secret_variables(
-            project.ci_variables_for(ref: ref, environment: environment)
+                environment: environment,
+                protected_ref: protected_ref?)
          end
        end
@@ -120,24 +120,6 @@ module Gitlab
          end
        end
-        def memoized_secret_project_variables(environment:)
-          strong_memoize_with(:secret_project_variables, environment) do
-            project_variables_builder
-              .secret_variables(
-                environment: environment,
-                protected_ref: protected_ref?)
-          end
-        end
-        def memoized_secret_group_variables(environment:)
-          strong_memoize_with(:secret_group_variables, environment) do
-            group_variables_builder
-              .secret_variables(
-                environment: environment,
-                protected_ref: protected_ref?)
-          end
-        end
        def ci_node_total_value(job)
          parallel = job.options&.dig(:parallel)
          parallel = parallel.dig(:total) if parallel.is_a?(Hash)
@@ -150,14 +132,6 @@ module Gitlab
          end
        end
-        def memoize_secret_variables?
-          strong_memoize(:memoize_secret_variables) do
-            ::Feature.enabled?(:ci_variables_builder_memoize_secret_variables,
-              project,
-              default_enabled: :yaml)
-          end
-        end
        def strong_memoize_with(name, *args)
          container = strong_memoize(name) { {} }

--- a/spec/lib/gitlab/ci/variables/builder_spec.rb
+++ b/spec/lib/gitlab/ci/variables/builder_spec.rb
@@ -278,6 +278,14 @@ RSpec.describe Gitlab::Ci::Variables::Builder do
  end
  shared_examples "secret CI variables" do
+    let(:protected_variable_item) do
+      Gitlab::Ci::Variables::Collection::Item.fabricate(protected_variable)
+    end
+    let(:unprotected_variable_item) do
+      Gitlab::Ci::Variables::Collection::Item.fabricate(unprotected_variable)
+    end
    context 'when ref is branch' do
      context 'when ref is protected' do
        before do
@@ -338,96 +346,72 @@ RSpec.describe Gitlab::Ci::Variables::Builder do
    let_it_be(:protected_variable) { create(:ci_instance_variable, protected: true) }
    let_it_be(:unprotected_variable) { create(:ci_instance_variable, protected: false) }
-    let(:protected_variable_item) { Gitlab::Ci::Variables::Collection::Item.fabricate(protected_variable) }
-    let(:unprotected_variable_item) { Gitlab::Ci::Variables::Collection::Item.fabricate(unprotected_variable) }
    include_examples "secret CI variables"
  end
  describe '#secret_group_variables' do
-    subject { builder.secret_group_variables(ref: job.git_ref, environment: job.expanded_environment_name) }
+    subject { builder.secret_group_variables(environment: job.expanded_environment_name) }
    let_it_be(:protected_variable) { create(:ci_group_variable, protected: true, group: group) }
    let_it_be(:unprotected_variable) { create(:ci_group_variable, protected: false, group: group) }
-    context 'with ci_variables_builder_memoize_secret_variables disabled' do
+    include_examples "secret CI variables"
-      before do
-        stub_feature_flags(ci_variables_builder_memoize_secret_variables: false)
-      end
-      let(:protected_variable_item) { protected_variable }
-      let(:unprotected_variable_item) { unprotected_variable }
-      include_examples "secret CI variables"
+    context 'variables memoization' do
-    end
+      let_it_be(:scoped_variable) { create(:ci_group_variable, group: group, environment_scope: 'scoped') }
+      let(:environment) { job.expanded_environment_name }
+      let(:scoped_variable_item) { Gitlab::Ci::Variables::Collection::Item.fabricate(scoped_variable) }
+      context 'with protected environments' do
+        it 'memoizes the result by environment' do
+          expect(pipeline.project)
+            .to receive(:protected_for?)
+            .with(pipeline.jobs_git_ref)
+            .once.and_return(true)
+          expect_next_instance_of(described_class::Group) do |group_variables_builder|
+            expect(group_variables_builder)
+              .to receive(:secret_variables)
+              .with(environment: 'production', protected_ref: true)
+              .once
+              .and_call_original
+          end
-    context 'with ci_variables_builder_memoize_secret_variables enabled' do
+          2.times do
-      before do
+            expect(builder.secret_group_variables(environment: 'production'))
-        stub_feature_flags(ci_variables_builder_memoize_secret_variables: true)
+              .to contain_exactly(unprotected_variable_item, protected_variable_item)
+          end
+        end
      end
-      let(:protected_variable_item) { Gitlab::Ci::Variables::Collection::Item.fabricate(protected_variable) }
+      context 'with unprotected environments' do
-      let(:unprotected_variable_item) { Gitlab::Ci::Variables::Collection::Item.fabricate(unprotected_variable) }
+        it 'memoizes the result by environment' do
+          expect(pipeline.project)
-      include_examples "secret CI variables"
+            .to receive(:protected_for?)
+            .with(pipeline.jobs_git_ref)
-      context 'variables memoization' do
+            .once.and_return(false)
-        let_it_be(:scoped_variable) { create(:ci_group_variable, group: group, environment_scope: 'scoped') }
+          expect_next_instance_of(described_class::Group) do |group_variables_builder|
-        let(:ref) { job.git_ref }
+            expect(group_variables_builder)
-        let(:environment) { job.expanded_environment_name }
+              .to receive(:secret_variables)
-        let(:scoped_variable_item) { Gitlab::Ci::Variables::Collection::Item.fabricate(scoped_variable) }
+              .with(environment: nil, protected_ref: false)
+              .once
-        context 'with protected environments' do
+              .and_call_original
-          it 'memoizes the result by environment' do
-            expect(pipeline.project)
+            expect(group_variables_builder)
-              .to receive(:protected_for?)
+              .to receive(:secret_variables)
-              .with(pipeline.jobs_git_ref)
+              .with(environment: 'scoped', protected_ref: false)
-              .once.and_return(true)
+              .once
+              .and_call_original
-            expect_next_instance_of(described_class::Group) do |group_variables_builder|
-              expect(group_variables_builder)
-                .to receive(:secret_variables)
-                .with(environment: 'production', protected_ref: true)
-                .once
-                .and_call_original
-            end
-            2.times do
-              expect(builder.secret_group_variables(ref: ref, environment: 'production'))
-                .to contain_exactly(unprotected_variable_item, protected_variable_item)
-            end
          end
-        end
-        context 'with unprotected environments' do
+          2.times do
-          it 'memoizes the result by environment' do
+            expect(builder.secret_group_variables(environment: nil))
-            expect(pipeline.project)
+              .to contain_exactly(unprotected_variable_item)
-              .to receive(:protected_for?)
-              .with(pipeline.jobs_git_ref)
+            expect(builder.secret_group_variables(environment: 'scoped'))
-              .once.and_return(false)
+              .to contain_exactly(unprotected_variable_item, scoped_variable_item)
-            expect_next_instance_of(described_class::Group) do |group_variables_builder|
-              expect(group_variables_builder)
-                .to receive(:secret_variables)
-                .with(environment: nil, protected_ref: false)
-                .once
-                .and_call_original
-              expect(group_variables_builder)
-                .to receive(:secret_variables)
-                .with(environment: 'scoped', protected_ref: false)
-                .once
-                .and_call_original
-            end
-            2.times do
-              expect(builder.secret_group_variables(ref: 'other', environment: nil))
-                .to contain_exactly(unprotected_variable_item)
-              expect(builder.secret_group_variables(ref: 'other', environment: 'scoped'))
-                .to contain_exactly(unprotected_variable_item, scoped_variable_item)
-            end
          end
        end
      end
@@ -438,87 +422,66 @@ RSpec.describe Gitlab::Ci::Variables::Builder do
    let_it_be(:protected_variable) { create(:ci_variable, protected: true, project: project) }
    let_it_be(:unprotected_variable) { create(:ci_variable, protected: false, project: project) }
-    let(:ref) { job.git_ref }
    let(:environment) { job.expanded_environment_name }
-    subject { builder.secret_project_variables(ref: ref, environment: environment) }
+    subject { builder.secret_project_variables(environment: environment) }
-    context 'with ci_variables_builder_memoize_secret_variables disabled' do
+    include_examples "secret CI variables"
-      before do
-        stub_feature_flags(ci_variables_builder_memoize_secret_variables: false)
-      end
-      let(:protected_variable_item) { protected_variable }
-      let(:unprotected_variable_item) { unprotected_variable }
-      include_examples "secret CI variables"
-    end
-    context 'with ci_variables_builder_memoize_secret_variables enabled' do
-      before do
-        stub_feature_flags(ci_variables_builder_memoize_secret_variables: true)
-      end
-      let(:protected_variable_item) { Gitlab::Ci::Variables::Collection::Item.fabricate(protected_variable) }
-      let(:unprotected_variable_item) { Gitlab::Ci::Variables::Collection::Item.fabricate(unprotected_variable) }
-      include_examples "secret CI variables"
-      context 'variables memoization' do
+    context 'variables memoization' do
-        let_it_be(:scoped_variable) { create(:ci_variable, project: project, environment_scope: 'scoped') }
+      let_it_be(:scoped_variable) { create(:ci_variable, project: project, environment_scope: 'scoped') }
-        let(:scoped_variable_item) { Gitlab::Ci::Variables::Collection::Item.fabricate(scoped_variable) }
+      let(:scoped_variable_item) { Gitlab::Ci::Variables::Collection::Item.fabricate(scoped_variable) }
-        context 'with protected environments' do
+      context 'with protected environments' do
-          it 'memoizes the result by environment' do
+        it 'memoizes the result by environment' do
-            expect(pipeline.project)
+          expect(pipeline.project)
-              .to receive(:protected_for?)
+            .to receive(:protected_for?)
-              .with(pipeline.jobs_git_ref)
+            .with(pipeline.jobs_git_ref)
-              .once.and_return(true)
+            .once.and_return(true)
-            expect_next_instance_of(described_class::Project) do |project_variables_builder|
+          expect_next_instance_of(described_class::Project) do |project_variables_builder|
-              expect(project_variables_builder)
+            expect(project_variables_builder)
-                .to receive(:secret_variables)
+              .to receive(:secret_variables)
-                .with(environment: 'production', protected_ref: true)
+              .with(environment: 'production', protected_ref: true)
-                .once
+              .once
-                .and_call_original
+              .and_call_original
-            end
+          end
-            2.times do
+          2.times do
-              expect(builder.secret_project_variables(ref: ref, environment: 'production'))
+            expect(builder.secret_project_variables(environment: 'production'))
-                .to contain_exactly(unprotected_variable_item, protected_variable_item)
+              .to contain_exactly(unprotected_variable_item, protected_variable_item)
-            end
          end
        end
+      end
+      context 'with unprotected environments' do
+        it 'memoizes the result by environment' do
+          expect(pipeline.project)
+            .to receive(:protected_for?)
+            .with(pipeline.jobs_git_ref)
+            .once.and_return(false)
+          expect_next_instance_of(described_class::Project) do |project_variables_builder|
+            expect(project_variables_builder)
+              .to receive(:secret_variables)
+              .with(environment: nil, protected_ref: false)
+              .once
+              .and_call_original
+            expect(project_variables_builder)
+              .to receive(:secret_variables)
+              .with(environment: 'scoped', protected_ref: false)
+              .once
+              .and_call_original
+          end
+          2.times do
+            expect(builder.secret_project_variables(environment: nil))
+              .to contain_exactly(unprotected_variable_item)
-        context 'with unprotected environments' do
+            expect(builder.secret_project_variables(environment: 'scoped'))
-          it 'memoizes the result by environment' do
+              .to contain_exactly(unprotected_variable_item, scoped_variable_item)
-            expect(pipeline.project)
-              .to receive(:protected_for?)
-              .with(pipeline.jobs_git_ref)
-              .once.and_return(false)
-            expect_next_instance_of(described_class::Project) do |project_variables_builder|
-              expect(project_variables_builder)
-                .to receive(:secret_variables)
-                .with(environment: nil, protected_ref: false)
-                .once
-                .and_call_original
-              expect(project_variables_builder)
-                .to receive(:secret_variables)
-                .with(environment: 'scoped', protected_ref: false)
-                .once
-                .and_call_original
-            end
-            2.times do
-              expect(builder.secret_project_variables(ref: 'other', environment: nil))
-                .to contain_exactly(unprotected_variable_item)
-              expect(builder.secret_project_variables(ref: 'other', environment: 'scoped'))
-                .to contain_exactly(unprotected_variable_item, scoped_variable_item)
-            end
          end
        end
      end