Namespace CiAccess Cluster Authorizations
What does this MR do and why?
This MR simply replaces all of the Clusters::AgentAuthorizations
occurrences by Clusters::Agents::Authorizations::CiAccess
namespace to indicate that these models, finders and services are ci_access
keyword specific. This is necessary refactoring to avoid a conflict when we Introduce user access authorizations (!116901 - merged).
In order to reduce review load, new rubocop offences are silenced. This allows us to easily compare diffs that this MR does NOT change application logic. These offences will be fixed in a separate MR.
For more information, see https://docs.gitlab.com/ee/development/software_design.html#use-namespaces-to-define-bounded-contexts about the importance of namespacing.
Related to Persist GitLab agent's user access configuratio... (#389430 - closed)
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
How to set up and validate locally
Since these MR diffs are skewed, you can validate the diff locally.
- Checkout this branch. Make sure that the
master
also points to the previous SHA, which is6c7e55af5c8923106c477f6224c56ba461a4bc6a
. - Run the following script:
RELOCATION_MAP = {
"app/finders/clusters/agent_authorizations_finder.rb" => "app/finders/clusters/agents/authorizations/ci_access/finder.rb",
"app/models/clusters/agents/group_authorization.rb" => "app/models/clusters/agents/authorizations/ci_access/group_authorization.rb",
"app/models/clusters/agents/implicit_authorization.rb" => "app/models/clusters/agents/authorizations/ci_access/implicit_authorization.rb",
"app/models/clusters/agents/project_authorization.rb" => "app/models/clusters/agents/authorizations/ci_access/project_authorization.rb",
"app/models/concerns/clusters/agents/authorization_config_scopes.rb" => "app/models/concerns/clusters/agents/authorizations/ci_access/config_scopes.rb",
"app/services/clusters/agents/filter_authorizations_service.rb" => "app/services/clusters/agents/authorizations/ci_access/filter_service.rb",
"app/services/clusters/agents/refresh_authorization_service.rb" => "app/services/clusters/agents/authorizations/ci_access/refresh_service.rb",
"ee/app/models/concerns/ee/clusters/agents/authorization_config_scopes.rb" => "ee/app/models/concerns/ee/clusters/agents/authorizations/ci_access/config_scopes.rb",
"ee/spec/models/concerns/ee/clusters/agents/authorization_config_scopes_spec.rb" => "ee/spec/models/concerns/ee/clusters/agents/authorizations/ci_access/config_scopes_spec.rb",
"lib/api/entities/clusters/agent_authorization.rb" => "lib/api/entities/clusters/agents/authorizations/ci_access.rb",
"spec/models/concerns/clusters/agents/authorization_config_scopes_spec.rb" => "spec/models/concerns/clusters/agents/authorizations/ci_access/config_scopes_spec.rb"
}
diffs = `git diff --name-only master`
stayed = []
relocated = []
diffs.each_line do |file|
if file.include?("authorization") && !file.include?("db/docs") && !file.include?("app/validators/json_schemas")
relocated << file.strip
else
stayed << file.strip
end
end
# stayed.each { |file| puts "stayed: #{file}" }
# relocated.each { |file| puts "relocated: #{file}" }
processed = []
relocated.each do |file|
dest_file = RELOCATION_MAP[file]
next unless dest_file
system("git checkout master -- #{file}")
raise StandardError, "File #{file} does not exist on master branch" unless $?.exitstatus == 0
puts "------------------------------------------------ Linux Diff -------------------------------------------------"
puts "Src file: #{file}"
puts "Dest file: #{dest_file}"
puts "-------------------------------------------------------------------------------------------------------------"
system("diff -w #{file} #{dest_file}")
raise StandardError, "File #{file} or #{dest_file} does not exist for diff" if $?.exitstatus == 2
processed << file
processed << dest_file
end
git_diff_exclude = processed.map { |file| "':!#{file}'" }.join(' ')
puts "------------------------------------------------- Git Diff Start -------------------------------------------------"
system("git diff master -- #{git_diff_exclude}")
puts "------------------------------------------------- Git Diff End -------------------------------------------------"
`git reset && git clean -f`
The output will look like this:
shinya@shinya-B550-VISION-D:~/workspace/thin-gdk/services/rails/src$ ruby ci-access-rename-diff.ruby
------------------------------------------------ Linux Diff -------------------------------------------------
Src file: app/finders/clusters/agent_authorizations_finder.rb
Dest file: app/finders/clusters/agents/authorizations/ci_access/finder.rb
-------------------------------------------------------------------------------------------------------------
4c4,7
< class AgentAuthorizationsFinder
---
> module Agents
> module Authorizations
> module CiAccess
> class Finder
21c24
< Clusters::Agents::ImplicitAuthorization.new(agent: agent)
---
> Clusters::Agents::Authorizations::CiAccess::ImplicitAuthorization.new(agent: agent)
29c32
< Clusters::Agents::ProjectAuthorization
---
> Clusters::Agents::Authorizations::CiAccess::ProjectAuthorization
41c44
< authorizations = Clusters::Agents::GroupAuthorization.arel_table
---
> authorizations = Clusters::Agents::Authorizations::CiAccess::GroupAuthorization.arel_table
52c55
< Clusters::Agents::GroupAuthorization
---
> Clusters::Agents::Authorizations::CiAccess::GroupAuthorization
66a70,72
> end
> end
> end
------------------------------------------------ Linux Diff -------------------------------------------------
Src file: app/models/clusters/agents/group_authorization.rb
Dest file: app/models/clusters/agents/authorizations/ci_access/group_authorization.rb
-------------------------------------------------------------------------------------------------------------
4a5,6
> module Authorizations
> module CiAccess
6c8
< include ::Clusters::Agents::AuthorizationConfigScopes
---
> include ConfigScopes
13c15
< validates :config, json_schema: { filename: 'cluster_agent_authorization_configuration' }
---
> validates :config, json_schema: { filename: 'clusters_agents_authorizations_ci_access_config' }
16a19,20
> end
> end
------------------------------------------------ Linux Diff -------------------------------------------------
Src file: app/models/clusters/agents/implicit_authorization.rb
Dest file: app/models/clusters/agents/authorizations/ci_access/implicit_authorization.rb
-------------------------------------------------------------------------------------------------------------
4a5,6
> module Authorizations
> module CiAccess
19a22,23
> end
> end
------------------------------------------------ Linux Diff -------------------------------------------------
Src file: app/models/clusters/agents/project_authorization.rb
Dest file: app/models/clusters/agents/authorizations/ci_access/project_authorization.rb
-------------------------------------------------------------------------------------------------------------
4a5,6
> module Authorizations
> module CiAccess
6c8
< include ::Clusters::Agents::AuthorizationConfigScopes
---
> include ConfigScopes
13c15
< validates :config, json_schema: { filename: 'cluster_agent_authorization_configuration' }
---
> validates :config, json_schema: { filename: 'clusters_agents_authorizations_ci_access_config' }
16a19,20
> end
> end
------------------------------------------------ Linux Diff -------------------------------------------------
Src file: app/models/concerns/clusters/agents/authorization_config_scopes.rb
Dest file: app/models/concerns/clusters/agents/authorizations/ci_access/config_scopes.rb
-------------------------------------------------------------------------------------------------------------
5c5,7
< module AuthorizationConfigScopes
---
> module Authorizations
> module CiAccess
> module ConfigScopes
23a26,27
> end
> end
25c29
< Clusters::Agents::AuthorizationConfigScopes.prepend_mod
---
> Clusters::Agents::Authorizations::CiAccess::ConfigScopes.prepend_mod
------------------------------------------------ Linux Diff -------------------------------------------------
Src file: app/services/clusters/agents/filter_authorizations_service.rb
Dest file: app/services/clusters/agents/authorizations/ci_access/filter_service.rb
-------------------------------------------------------------------------------------------------------------
5c5,7
< class FilterAuthorizationsService
---
> module Authorizations
> module CiAccess
> class FilterService
46a49,50
> end
> end
------------------------------------------------ Linux Diff -------------------------------------------------
Src file: app/services/clusters/agents/refresh_authorization_service.rb
Dest file: app/services/clusters/agents/authorizations/ci_access/refresh_service.rb
-------------------------------------------------------------------------------------------------------------
5c5,7
< class RefreshAuthorizationService
---
> module Authorizations
> module CiAccess
> class RefreshService
34,35c36,37
< agent.project_authorizations.upsert_all(allowed_project_configurations, unique_by: [:agent_id, :project_id])
< agent.project_authorizations.where.not(project_id: project_ids).delete_all # rubocop: disable CodeReuse/ActiveRecord
---
> agent.ci_access_project_authorizations.upsert_all(allowed_project_configurations, unique_by: [:agent_id, :project_id])
> agent.ci_access_project_authorizations.where.not(project_id: project_ids).delete_all # rubocop: disable CodeReuse/ActiveRecord
38c40
< agent.project_authorizations.delete_all(:delete_all)
---
> agent.ci_access_project_authorizations.delete_all(:delete_all)
47,48c49,50
< agent.group_authorizations.upsert_all(allowed_group_configurations, unique_by: [:agent_id, :group_id])
< agent.group_authorizations.where.not(group_id: group_ids).delete_all # rubocop: disable CodeReuse/ActiveRecord
---
> agent.ci_access_group_authorizations.upsert_all(allowed_group_configurations, unique_by: [:agent_id, :group_id])
> agent.ci_access_group_authorizations.where.not(group_id: group_ids).delete_all # rubocop: disable CodeReuse/ActiveRecord
51c53
< agent.group_authorizations.delete_all(:delete_all)
---
> agent.ci_access_group_authorizations.delete_all(:delete_all)
98a101,102
> end
> end
------------------------------------------------ Linux Diff -------------------------------------------------
Src file: ee/app/models/concerns/ee/clusters/agents/authorization_config_scopes.rb
Dest file: ee/app/models/concerns/ee/clusters/agents/authorizations/ci_access/config_scopes.rb
-------------------------------------------------------------------------------------------------------------
6c6,8
< module AuthorizationConfigScopes
---
> module Authorizations
> module CiAccess
> module ConfigScopes
18a21,22
> end
> end
------------------------------------------------ Linux Diff -------------------------------------------------
Src file: ee/spec/models/concerns/ee/clusters/agents/authorization_config_scopes_spec.rb
Dest file: ee/spec/models/concerns/ee/clusters/agents/authorizations/ci_access/config_scopes_spec.rb
-------------------------------------------------------------------------------------------------------------
5c5
< RSpec.describe EE::Clusters::Agents::AuthorizationConfigScopes do
---
> RSpec.describe EE::Clusters::Agents::Authorizations::CiAccess::ConfigScopes, feature_category: :kubernetes_management do
9,14c9,14
< let_it_be(:agent_authorization_0) { create(:agent_project_authorization, project: project) }
< let_it_be(:agent_authorization_1) { create(:agent_project_authorization, project: project, config: { access_as: {} }) }
< let_it_be(:agent_authorization_2) { create(:agent_project_authorization, project: project, config: { access_as: { agent: {} } }) }
< let_it_be(:impersonate_authorization) { create(:agent_project_authorization, project: project, config: { access_as: { impersonate: {} } }) }
< let_it_be(:ci_user_authorization) { create(:agent_project_authorization, project: project, config: { access_as: { ci_user: {} } }) }
< let_it_be(:ci_job_authorization) { create(:agent_project_authorization, project: project, config: { access_as: { ci_job: {} } }) }
---
> let_it_be(:agent_authorization_0) { create(:agent_ci_access_project_authorization, project: project) }
> let_it_be(:agent_authorization_1) { create(:agent_ci_access_project_authorization, project: project, config: { access_as: {} }) }
> let_it_be(:agent_authorization_2) { create(:agent_ci_access_project_authorization, project: project, config: { access_as: { agent: {} } }) }
> let_it_be(:impersonate_authorization) { create(:agent_ci_access_project_authorization, project: project, config: { access_as: { impersonate: {} } }) }
> let_it_be(:ci_user_authorization) { create(:agent_ci_access_project_authorization, project: project, config: { access_as: { ci_user: {} } }) }
> let_it_be(:ci_job_authorization) { create(:agent_ci_access_project_authorization, project: project, config: { access_as: { ci_job: {} } }) }
16c16
< subject { Clusters::Agents::ProjectAuthorization.with_available_ci_access_fields(project) }
---
> subject { Clusters::Agents::Authorizations::CiAccess::ProjectAuthorization.with_available_ci_access_fields(project) }
------------------------------------------------ Linux Diff -------------------------------------------------
Src file: lib/api/entities/clusters/agent_authorization.rb
Dest file: lib/api/entities/clusters/agents/authorizations/ci_access.rb
-------------------------------------------------------------------------------------------------------------
6c6,8
< class AgentAuthorization < Grape::Entity
---
> module Agents
> module Authorizations
> class CiAccess < Grape::Entity
9a12,13
> end
> end
------------------------------------------------ Linux Diff -------------------------------------------------
Src file: spec/models/concerns/clusters/agents/authorization_config_scopes_spec.rb
Dest file: spec/models/concerns/clusters/agents/authorizations/ci_access/config_scopes_spec.rb
-------------------------------------------------------------------------------------------------------------
5c5
< RSpec.describe Clusters::Agents::AuthorizationConfigScopes do
---
> RSpec.describe Clusters::Agents::Authorizations::CiAccess::ConfigScopes, feature_category: :kubernetes_management do
9,15c9,15
< let!(:agent_authorization_0) { create(:agent_project_authorization, project: project) }
< let!(:agent_authorization_1) { create(:agent_project_authorization, project: project, config: { access_as: {} }) }
< let!(:agent_authorization_2) { create(:agent_project_authorization, project: project, config: { access_as: { agent: {} } }) }
< let!(:impersonate_authorization) { create(:agent_project_authorization, project: project, config: { access_as: { impersonate: {} } }) }
< let!(:ci_user_authorization) { create(:agent_project_authorization, project: project, config: { access_as: { ci_user: {} } }) }
< let!(:ci_job_authorization) { create(:agent_project_authorization, project: project, config: { access_as: { ci_job: {} } }) }
< let!(:unexpected_authorization) { create(:agent_project_authorization, project: project, config: { access_as: { unexpected: {} } }) }
---
> let!(:agent_authorization_0) { create(:agent_ci_access_project_authorization, project: project) }
> let!(:agent_authorization_1) { create(:agent_ci_access_project_authorization, project: project, config: { access_as: {} }) }
> let!(:agent_authorization_2) { create(:agent_ci_access_project_authorization, project: project, config: { access_as: { agent: {} } }) }
> let!(:impersonate_authorization) { create(:agent_ci_access_project_authorization, project: project, config: { access_as: { impersonate: {} } }) }
> let!(:ci_user_authorization) { create(:agent_ci_access_project_authorization, project: project, config: { access_as: { ci_user: {} } }) }
> let!(:ci_job_authorization) { create(:agent_ci_access_project_authorization, project: project, config: { access_as: { ci_job: {} } }) }
> let!(:unexpected_authorization) { create(:agent_ci_access_project_authorization, project: project, config: { access_as: { unexpected: {} } }) }
17c17
< subject { Clusters::Agents::ProjectAuthorization.with_available_ci_access_fields(project) }
---
> subject { Clusters::Agents::Authorizations::CiAccess::ProjectAuthorization.with_available_ci_access_fields(project) }
and
------------------------------------------------- Git Diff Start -------------------------------------------------
diff --git a/.rubocop_todo/gitlab/strong_memoize_attr.yml b/.rubocop_todo/gitlab/strong_memoize_attr.yml
index 06efefef2f1e..f05e7ba35afe 100644
--- a/.rubocop_todo/gitlab/strong_memoize_attr.yml
+++ b/.rubocop_todo/gitlab/strong_memoize_attr.yml
@@ -180,7 +180,7 @@ Gitlab/StrongMemoizeAttr:
- 'app/services/ci/pipelines/hook_service.rb'
- 'app/services/ci/queue/build_queue_service.rb'
- 'app/services/ci/update_build_state_service.rb'
- - 'app/services/clusters/agents/refresh_authorization_service.rb'
+ - 'app/services/clusters/agents/authorizations/ci_access/refresh_service.rb'
- 'app/services/clusters/integrations/prometheus_health_check_service.rb'
- 'app/services/concerns/alert_management/alert_processing.rb'
- 'app/services/concerns/incident_management/settings.rb'
diff --git a/.rubocop_todo/layout/line_length.yml b/.rubocop_todo/layout/line_length.yml
index a7d5a7588e5b..274f9ad2885f 100644
--- a/.rubocop_todo/layout/line_length.yml
+++ b/.rubocop_todo/layout/line_length.yml
@@ -105,7 +105,7 @@ Layout/LineLength:
- 'app/controllers/users_controller.rb'
- 'app/finders/analytics/cycle_analytics/stage_finder.rb'
- 'app/finders/ci/runners_finder.rb'
- - 'app/finders/clusters/agent_authorizations_finder.rb'
+ - 'app/finders/clusters/agents/authorizations/ci_access/finder.rb'
- 'app/finders/group_descendants_finder.rb'
- 'app/finders/group_members_finder.rb'
- 'app/finders/group_projects_finder.rb'
@@ -507,6 +507,7 @@ Layout/LineLength:
- 'app/services/ci/runners/register_runner_service.rb'
- 'app/services/ci/runners/unregister_runner_service.rb'
- 'app/services/clusters/agent_tokens/create_service.rb'
+ - 'app/services/clusters/agents/authorizations/ci_access/refresh_service.rb'
- 'app/services/clusters/agents/delete_service.rb'
- 'app/services/clusters/build_kubernetes_namespace_service.rb'
- 'app/services/clusters/integrations/create_service.rb'
@@ -2039,7 +2040,7 @@ Layout/LineLength:
- 'ee/spec/models/ci/minutes/namespace_monthly_usage_spec.rb'
- 'ee/spec/models/ci/minutes/project_monthly_usage_spec.rb'
- 'ee/spec/models/ci/pipeline_spec.rb'
- - 'ee/spec/models/concerns/ee/clusters/agents/authorization_config_scopes_spec.rb'
+ - 'ee/spec/models/concerns/ee/clusters/agents/authorizations/ci_access/config_scopes_spec.rb'
- 'ee/spec/models/concerns/ee/issuable_spec.rb'
- 'ee/spec/models/concerns/ee/noteable_spec.rb'
- 'ee/spec/models/concerns/ee/project_security_scanners_information_spec.rb'
@@ -3517,6 +3518,8 @@ Layout/LineLength:
- 'spec/factories/ci/job_artifacts.rb'
- 'spec/factories/ci/pipelines.rb'
- 'spec/factories/ci/reports/codequality_degradations.rb'
+ - 'spec/factories/clusters/agents/authorizations/ci_access/group_authorizations.rb'
+ - 'spec/factories/clusters/agents/authorizations/ci_access/project_authorizations.rb'
- 'spec/factories/container_repositories.rb'
- 'spec/factories/dependency_proxy.rb'
- 'spec/factories/deployments.rb'
@@ -3745,6 +3748,7 @@ Layout/LineLength:
- 'spec/finders/ci/pipelines_finder_spec.rb'
- 'spec/finders/ci/pipelines_for_merge_request_finder_spec.rb'
- 'spec/finders/ci/runners_finder_spec.rb'
+ - 'spec/finders/clusters/agents/authorizations/ci_access/finder_spec.rb'
- 'spec/finders/clusters/agent_authorizations_finder_spec.rb'
- 'spec/finders/clusters_finder_spec.rb'
- 'spec/finders/deploy_tokens/tokens_finder_spec.rb'
@@ -4571,7 +4575,7 @@ Layout/LineLength:
- 'spec/models/concerns/cache_markdown_field_spec.rb'
- 'spec/models/concerns/cacheable_attributes_spec.rb'
- 'spec/models/concerns/ci/artifactable_spec.rb'
- - 'spec/models/concerns/clusters/agents/authorization_config_scopes_spec.rb'
+ - 'spec/models/concerns/clusters/agents/authorizations/ci_access/config_scopes_spec.rb'
- 'spec/models/concerns/deployment_platform_spec.rb'
- 'spec/models/concerns/group_descendant_spec.rb'
- 'spec/models/concerns/id_in_ordered_spec.rb'
@@ -5021,6 +5025,7 @@ Layout/LineLength:
- 'spec/services/ci/test_failure_history_service_spec.rb'
- 'spec/services/ci/unlock_artifacts_service_spec.rb'
- 'spec/services/ci/update_pending_build_service_spec.rb'
+ - 'spec/services/clusters/agents/authorizations/ci_access/filter_service_spec.rb'
- 'spec/services/clusters/create_service_spec.rb'
- 'spec/services/clusters/integrations/prometheus_health_check_service_spec.rb'
- 'spec/services/clusters/kubernetes/create_or_update_namespace_service_spec.rb'
diff --git a/.rubocop_todo/rspec/context_wording.yml b/.rubocop_todo/rspec/context_wording.yml
index 560c99e3b1d5..45dd4610c8d8 100644
--- a/.rubocop_todo/rspec/context_wording.yml
+++ b/.rubocop_todo/rspec/context_wording.yml
@@ -182,7 +182,7 @@ RSpec/ContextWording:
- 'ee/spec/finders/dast_site_profiles_finder_spec.rb'
- 'ee/spec/finders/dast_site_validations_finder_spec.rb'
- 'ee/spec/finders/ee/alert_management/http_integrations_finder_spec.rb'
- - 'ee/spec/finders/ee/clusters/agent_authorizations_finder_spec.rb'
+ - 'ee/spec/finders/ee/clusters/agents/authorizations/ci_access/finder_spec.rb'
- 'ee/spec/finders/ee/clusters/agents_finder_spec.rb'
- 'ee/spec/finders/ee/group_members_finder_spec.rb'
- 'ee/spec/finders/ee/namespaces/projects_finder_spec.rb'
@@ -1344,6 +1344,7 @@ RSpec/ContextWording:
- 'spec/finders/ci/pipelines_finder_spec.rb'
- 'spec/finders/ci/runners_finder_spec.rb'
- 'spec/finders/cluster_ancestors_finder_spec.rb'
+ - 'spec/finders/clusters/agents/authorizations/ci_access/finder_spec.rb'
- 'spec/finders/clusters/agent_authorizations_finder_spec.rb'
- 'spec/finders/clusters/agents_finder_spec.rb'
- 'spec/finders/clusters/kubernetes_namespace_finder_spec.rb'
@@ -1529,7 +1530,7 @@ RSpec/ContextWording:
- 'spec/initializers/validate_database_config_spec.rb'
- 'spec/lib/api/entities/application_setting_spec.rb'
- 'spec/lib/api/entities/basic_project_details_spec.rb'
- - 'spec/lib/api/entities/clusters/agent_authorization_spec.rb'
+ - 'spec/lib/api/entities/clusters/agents/authorizations/ci_access_spec.rb'
- 'spec/lib/api/entities/nuget/dependency_group_spec.rb'
- 'spec/lib/api/entities/user_spec.rb'
- 'spec/lib/api/every_api_endpoint_spec.rb'
@@ -2688,7 +2689,7 @@ RSpec/ContextWording:
- 'spec/services/ci/update_pending_build_service_spec.rb'
- 'spec/services/clusters/agent_tokens/track_usage_service_spec.rb'
- 'spec/services/clusters/agents/delete_expired_events_service_spec.rb'
- - 'spec/services/clusters/agents/refresh_authorization_service_spec.rb'
+ - 'spec/services/clusters/agents/authorizations/ci_access/refresh_service_spec.rb'
- 'spec/services/clusters/build_kubernetes_namespace_service_spec.rb'
- 'spec/services/clusters/create_service_spec.rb'
- 'spec/services/clusters/kubernetes/create_or_update_namespace_service_spec.rb'
diff --git a/.rubocop_todo/style/percent_literal_delimiters.yml b/.rubocop_todo/style/percent_literal_delimiters.yml
index bc3c41ae992d..c5da676891dc 100644
--- a/.rubocop_todo/style/percent_literal_delimiters.yml
+++ b/.rubocop_todo/style/percent_literal_delimiters.yml
@@ -54,7 +54,7 @@ Style/PercentLiteralDelimiters:
- 'app/models/ci/pipeline.rb'
- 'app/models/clusters/platforms/kubernetes.rb'
- 'app/models/commit.rb'
- - 'app/models/concerns/clusters/agents/authorization_config_scopes.rb'
+ - 'app/models/concerns/clusters/agents/authorizations/ci_access/config_scopes.rb'
- 'app/models/concerns/diff_positionable_note.rb'
- 'app/models/concerns/enums/prometheus_metric.rb'
- 'app/models/concerns/issuable.rb'
diff --git a/app/models/ci/pipeline.rb b/app/models/ci/pipeline.rb
index 644e9c31eb47..748ffe5c094f 100644
--- a/app/models/ci/pipeline.rb
+++ b/app/models/ci/pipeline.rb
@@ -1333,7 +1333,7 @@ def build_matchers
def cluster_agent_authorizations
strong_memoize(:cluster_agent_authorizations) do
- ::Clusters::AgentAuthorizationsFinder.new(project).execute
+ ::Clusters::Agents::Authorizations::CiAccess::Finder.new(project).execute
end
end
diff --git a/app/models/clusters/agent.rb b/app/models/clusters/agent.rb
index 3478bb697075..4e2de06577d6 100644
--- a/app/models/clusters/agent.rb
+++ b/app/models/clusters/agent.rb
@@ -12,11 +12,11 @@ class Agent < ApplicationRecord
has_many :agent_tokens, -> { order_last_used_at_desc }, class_name: 'Clusters::AgentToken', inverse_of: :agent
- has_many :group_authorizations, class_name: 'Clusters::Agents::GroupAuthorization'
- has_many :authorized_groups, class_name: '::Group', through: :group_authorizations, source: :group
+ has_many :ci_access_group_authorizations, class_name: 'Clusters::Agents::Authorizations::CiAccess::GroupAuthorization'
+ has_many :ci_access_authorized_groups, class_name: '::Group', through: :ci_access_group_authorizations, source: :group
- has_many :project_authorizations, class_name: 'Clusters::Agents::ProjectAuthorization'
- has_many :authorized_projects, class_name: '::Project', through: :project_authorizations, source: :project
+ has_many :ci_access_project_authorizations, class_name: 'Clusters::Agents::Authorizations::CiAccess::ProjectAuthorization'
+ has_many :ci_access_authorized_projects, class_name: '::Project', through: :ci_access_project_authorizations, source: :project
has_many :activity_events, -> { in_timeline_order }, class_name: 'Clusters::Agents::ActivityEvent', inverse_of: :agent
diff --git a/app/services/ci/generate_kubeconfig_service.rb b/app/services/ci/generate_kubeconfig_service.rb
index 1c6aaa9d1ff2..56e22a64529f 100644
--- a/app/services/ci/generate_kubeconfig_service.rb
+++ b/app/services/ci/generate_kubeconfig_service.rb
@@ -41,7 +41,7 @@ def execute
attr_reader :pipeline, :token, :environment, :template
def agent_authorizations
- ::Clusters::Agents::FilterAuthorizationsService.new(
+ ::Clusters::Agents::Authorizations::CiAccess::FilterService.new(
pipeline.cluster_agent_authorizations,
environment: environment
).execute
diff --git a/app/services/clusters/agents/authorize_proxy_user_service.rb b/app/services/clusters/agents/authorize_proxy_user_service.rb
index ec6645b2db4b..ba90d61a7efd 100644
--- a/app/services/clusters/agents/authorize_proxy_user_service.rb
+++ b/app/services/clusters/agents/authorize_proxy_user_service.rb
@@ -57,7 +57,7 @@ def access_as_agent(user_access)
def authorized_projects(user_access)
strong_memoize_with(:authorized_projects, user_access) do
user_access.fetch(:projects, [])
- .first(::Clusters::Agents::RefreshAuthorizationService::AUTHORIZED_ENTITY_LIMIT)
+ .first(::Clusters::Agents::Authorizations::CiAccess::RefreshService::AUTHORIZED_ENTITY_LIMIT)
.map { |project| ::Project.find_by_full_path(project[:id]) }
.select { |project| current_user.can?(:use_k8s_proxies, project) }
end
@@ -66,7 +66,7 @@ def authorized_projects(user_access)
def authorized_groups(user_access)
strong_memoize_with(:authorized_groups, user_access) do
user_access.fetch(:groups, [])
- .first(::Clusters::Agents::RefreshAuthorizationService::AUTHORIZED_ENTITY_LIMIT)
+ .first(::Clusters::Agents::Authorizations::CiAccess::RefreshService::AUTHORIZED_ENTITY_LIMIT)
.map { |group| ::Group.find_by_full_path(group[:id]) }
.select { |group| current_user.can?(:use_k8s_proxies, group) }
end
diff --git a/app/validators/json_schemas/cluster_agent_authorization_configuration.json b/app/validators/json_schemas/clusters_agents_authorizations_ci_access_config.json
similarity index 100%
rename from app/validators/json_schemas/cluster_agent_authorization_configuration.json
rename to app/validators/json_schemas/clusters_agents_authorizations_ci_access_config.json
diff --git a/db/docs/agent_group_authorizations.yml b/db/docs/agent_group_authorizations.yml
index 61c8733383a4..c300ed3ba089 100644
--- a/db/docs/agent_group_authorizations.yml
+++ b/db/docs/agent_group_authorizations.yml
@@ -1,7 +1,7 @@
---
table_name: agent_group_authorizations
classes:
-- Clusters::Agents::GroupAuthorization
+- Clusters::Agents::Authorizations::CiAccess::GroupAuthorization
feature_categories:
- kubernetes_management
description: Configuration for a group that is authorized to use a particular cluster agent
diff --git a/db/docs/agent_project_authorizations.yml b/db/docs/agent_project_authorizations.yml
index e595c84b5d51..98a74b9f9b71 100644
--- a/db/docs/agent_project_authorizations.yml
+++ b/db/docs/agent_project_authorizations.yml
@@ -1,7 +1,7 @@
---
table_name: agent_project_authorizations
classes:
-- Clusters::Agents::ProjectAuthorization
+- Clusters::Agents::Authorizations::CiAccess::ProjectAuthorization
feature_categories:
- kubernetes_management
description: Configuration for a project that is authorized to use a particular cluster agent
diff --git a/ee/spec/finders/ee/clusters/agent_authorizations_finder_spec.rb b/ee/spec/finders/ee/clusters/agents/authorizations/ci_access/finder_spec.rb
similarity index 91%
rename from ee/spec/finders/ee/clusters/agent_authorizations_finder_spec.rb
rename to ee/spec/finders/ee/clusters/agents/authorizations/ci_access/finder_spec.rb
index 1c1409259344..b568828fbaa7 100644
--- a/ee/spec/finders/ee/clusters/agent_authorizations_finder_spec.rb
+++ b/ee/spec/finders/ee/clusters/agents/authorizations/ci_access/finder_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-RSpec.describe Clusters::AgentAuthorizationsFinder do
+RSpec.describe Clusters::Agents::Authorizations::CiAccess::Finder, feature_category: :kubernetes_management do
describe '#execute' do
let_it_be(:top_level_group) { create(:group) }
let_it_be(:agent_configuration_project) { create(:project, namespace: top_level_group) }
@@ -62,7 +62,7 @@
it_behaves_like 'licensed access_as' do
let!(:authorization) do
create(
- :agent_project_authorization,
+ :agent_ci_access_project_authorization,
agent: production_agent,
project: requesting_project,
config: config
@@ -75,7 +75,7 @@
it_behaves_like 'licensed access_as' do
let!(:authorization) do
create(
- :agent_group_authorization,
+ :agent_ci_access_group_authorization,
agent: production_agent,
group: top_level_group,
config: config
diff --git a/lib/api/ci/jobs.rb b/lib/api/ci/jobs.rb
index 30d12864bf8c..2e377f41b66c 100644
--- a/lib/api/ci/jobs.rb
+++ b/lib/api/ci/jobs.rb
@@ -266,14 +266,14 @@ class Jobs < ::API::Base
persisted_environment = current_authenticated_job.actual_persisted_environment
environment = { tier: persisted_environment.tier, slug: persisted_environment.slug } if persisted_environment
- agent_authorizations = ::Clusters::Agents::FilterAuthorizationsService.new(
- ::Clusters::AgentAuthorizationsFinder.new(project).execute,
+ agent_authorizations = ::Clusters::Agents::Authorizations::CiAccess::FilterService.new(
+ ::Clusters::Agents::Authorizations::CiAccess::Finder.new(project).execute,
environment: persisted_environment&.name
).execute
# See https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent/-/blob/master/doc/kubernetes_ci_access.md#apiv4joballowed_agents-api
{
- allowed_agents: Entities::Clusters::AgentAuthorization.represent(agent_authorizations),
+ allowed_agents: Entities::Clusters::Agents::Authorizations::CiAccess.represent(agent_authorizations),
job: { id: current_authenticated_job.id },
pipeline: { id: pipeline.id },
project: { id: project.id, groups: project_groups },
diff --git a/lib/api/internal/kubernetes.rb b/lib/api/internal/kubernetes.rb
index bf9612db6bf5..94764d0dda37 100644
--- a/lib/api/internal/kubernetes.rb
+++ b/lib/api/internal/kubernetes.rb
@@ -129,7 +129,7 @@ def increment_count_events
post '/', feature_category: :kubernetes_management, urgency: :low do
agent = ::Clusters::Agent.find(params[:agent_id])
- ::Clusters::Agents::RefreshAuthorizationService.new(agent, config: params[:agent_config]).execute
+ ::Clusters::Agents::Authorizations::CiAccess::RefreshService.new(agent, config: params[:agent_config]).execute
no_content!
end
diff --git a/spec/factories/clusters/agents/group_authorizations.rb b/spec/factories/clusters/agents/authorizations/ci_access/group_authorizations.rb
similarity index 71%
rename from spec/factories/clusters/agents/group_authorizations.rb
rename to spec/factories/clusters/agents/authorizations/ci_access/group_authorizations.rb
index abe25794234b..659114eef8e4 100644
--- a/spec/factories/clusters/agents/group_authorizations.rb
+++ b/spec/factories/clusters/agents/authorizations/ci_access/group_authorizations.rb
@@ -1,7 +1,7 @@
# frozen_string_literal: true
FactoryBot.define do
- factory :agent_group_authorization, class: 'Clusters::Agents::GroupAuthorization' do
+ factory :agent_ci_access_group_authorization, class: 'Clusters::Agents::Authorizations::CiAccess::GroupAuthorization' do
association :agent, factory: :cluster_agent
group
diff --git a/spec/factories/clusters/agents/project_authorizations.rb b/spec/factories/clusters/agents/authorizations/ci_access/project_authorizations.rb
similarity index 71%
rename from spec/factories/clusters/agents/project_authorizations.rb
rename to spec/factories/clusters/agents/authorizations/ci_access/project_authorizations.rb
index eecbfe95bfc6..10d4f8fb946d 100644
--- a/spec/factories/clusters/agents/project_authorizations.rb
+++ b/spec/factories/clusters/agents/authorizations/ci_access/project_authorizations.rb
@@ -1,7 +1,7 @@
# frozen_string_literal: true
FactoryBot.define do
- factory :agent_project_authorization, class: 'Clusters::Agents::ProjectAuthorization' do
+ factory :agent_ci_access_project_authorization, class: 'Clusters::Agents::Authorizations::CiAccess::ProjectAuthorization' do
association :agent, factory: :cluster_agent
project
diff --git a/spec/finders/clusters/agent_authorizations_finder_spec.rb b/spec/finders/clusters/agents/authorizations/ci_access/finder_spec.rb
similarity index 67%
rename from spec/finders/clusters/agent_authorizations_finder_spec.rb
rename to spec/finders/clusters/agents/authorizations/ci_access/finder_spec.rb
index f680792d6c44..c311b19139f6 100644
--- a/spec/finders/clusters/agent_authorizations_finder_spec.rb
+++ b/spec/finders/clusters/agents/authorizations/ci_access/finder_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-RSpec.describe Clusters::AgentAuthorizationsFinder do
+RSpec.describe Clusters::Agents::Authorizations::CiAccess::Finder, feature_category: :kubernetes_management do
describe '#execute' do
let_it_be(:top_level_group) { create(:group) }
let_it_be(:subgroup1) { create(:group, parent: top_level_group) }
@@ -54,34 +54,34 @@
let(:unrelated_agent) { create(:cluster_agent) }
before do
- create(:agent_project_authorization, agent: unrelated_agent, project: requesting_project)
+ create(:agent_ci_access_project_authorization, agent: unrelated_agent, project: requesting_project)
end
it { is_expected.to be_empty }
end
context 'agent configuration project shares a root namespace, but does not belong to an ancestor of the given project' do
- let!(:project_authorization) { create(:agent_project_authorization, agent: non_ancestor_agent, project: requesting_project) }
+ let!(:project_authorization) { create(:agent_ci_access_project_authorization, agent: non_ancestor_agent, project: requesting_project) }
it { is_expected.to match_array([project_authorization]) }
end
context 'with project authorizations present' do
- let!(:authorization) { create(:agent_project_authorization, agent: production_agent, project: requesting_project) }
+ let!(:authorization) { create(:agent_ci_access_project_authorization, agent: production_agent, project: requesting_project) }
it { is_expected.to match_array [authorization] }
end
context 'with overlapping authorizations' do
let!(:agent) { create(:cluster_agent, project: requesting_project) }
- let!(:project_authorization) { create(:agent_project_authorization, agent: agent, project: requesting_project) }
- let!(:group_authorization) { create(:agent_group_authorization, agent: agent, group: bottom_level_group) }
+ let!(:project_authorization) { create(:agent_ci_access_project_authorization, agent: agent, project: requesting_project) }
+ let!(:group_authorization) { create(:agent_ci_access_group_authorization, agent: agent, group: bottom_level_group) }
it { is_expected.to match_array [project_authorization] }
end
it_behaves_like 'access_as' do
- let!(:authorization) { create(:agent_project_authorization, agent: production_agent, project: requesting_project, config: config) }
+ let!(:authorization) { create(:agent_ci_access_project_authorization, agent: production_agent, project: requesting_project, config: config) }
end
end
@@ -92,7 +92,7 @@
expect(subject.count).to eq(1)
authorization = subject.first
- expect(authorization).to be_a(Clusters::Agents::ImplicitAuthorization)
+ expect(authorization).to be_a(Clusters::Agents::Authorizations::CiAccess::ImplicitAuthorization)
expect(authorization.agent).to eq(associated_agent)
end
end
@@ -102,15 +102,15 @@
let(:unrelated_agent) { create(:cluster_agent) }
before do
- create(:agent_group_authorization, agent: unrelated_agent, group: top_level_group)
+ create(:agent_ci_access_group_authorization, agent: unrelated_agent, group: top_level_group)
end
it { is_expected.to be_empty }
end
context 'multiple agents are authorized for the same group' do
- let!(:staging_auth) { create(:agent_group_authorization, agent: staging_agent, group: bottom_level_group) }
- let!(:production_auth) { create(:agent_group_authorization, agent: production_agent, group: bottom_level_group) }
+ let!(:staging_auth) { create(:agent_ci_access_group_authorization, agent: staging_agent, group: bottom_level_group) }
+ let!(:production_auth) { create(:agent_ci_access_group_authorization, agent: production_agent, group: bottom_level_group) }
it 'returns authorizations for all agents' do
expect(subject).to contain_exactly(staging_auth, production_auth)
@@ -118,8 +118,8 @@
end
context 'a single agent is authorized to more than one matching group' do
- let!(:bottom_level_auth) { create(:agent_group_authorization, agent: production_agent, group: bottom_level_group) }
- let!(:top_level_auth) { create(:agent_group_authorization, agent: production_agent, group: top_level_group) }
+ let!(:bottom_level_auth) { create(:agent_ci_access_group_authorization, agent: production_agent, group: bottom_level_group) }
+ let!(:top_level_auth) { create(:agent_ci_access_group_authorization, agent: production_agent, group: top_level_group) }
it 'picks the authorization for the closest group to the requesting project' do
expect(subject).to contain_exactly(bottom_level_auth)
@@ -127,13 +127,13 @@
end
context 'agent configuration project does not belong to an ancestor of the authorized group' do
- let!(:group_authorization) { create(:agent_group_authorization, agent: non_ancestor_agent, group: bottom_level_group) }
+ let!(:group_authorization) { create(:agent_ci_access_group_authorization, agent: non_ancestor_agent, group: bottom_level_group) }
it { is_expected.to match_array([group_authorization]) }
end
it_behaves_like 'access_as' do
- let!(:authorization) { create(:agent_group_authorization, agent: production_agent, group: top_level_group, config: config) }
+ let!(:authorization) { create(:agent_ci_access_group_authorization, agent: production_agent, group: top_level_group, config: config) }
end
end
end
diff --git a/spec/lib/api/entities/clusters/agent_authorization_spec.rb b/spec/lib/api/entities/clusters/agents/authorizations/ci_access_spec.rb
similarity index 65%
rename from spec/lib/api/entities/clusters/agent_authorization_spec.rb
rename to spec/lib/api/entities/clusters/agents/authorizations/ci_access_spec.rb
index 3a1deb43bf87..5f41ae6af4bb 100644
--- a/spec/lib/api/entities/clusters/agent_authorization_spec.rb
+++ b/spec/lib/api/entities/clusters/agents/authorizations/ci_access_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-RSpec.describe API::Entities::Clusters::AgentAuthorization do
+RSpec.describe API::Entities::Clusters::Agents::Authorizations::CiAccess, feature_category: :kubernetes_management do
subject { described_class.new(authorization).as_json }
shared_examples 'generic authorization' do
@@ -16,20 +16,20 @@
end
context 'project authorization' do
- let(:authorization) { create(:agent_project_authorization) }
+ let(:authorization) { create(:agent_ci_access_project_authorization) }
include_examples 'generic authorization'
end
context 'group authorization' do
- let(:authorization) { create(:agent_group_authorization) }
+ let(:authorization) { create(:agent_ci_access_group_authorization) }
include_examples 'generic authorization'
end
context 'implicit authorization' do
let(:agent) { create(:cluster_agent) }
- let(:authorization) { Clusters::Agents::ImplicitAuthorization.new(agent: agent) }
+ let(:authorization) { Clusters::Agents::Authorizations::CiAccess::ImplicitAuthorization.new(agent: agent) }
include_examples 'generic authorization'
end
diff --git a/spec/models/ci/pipeline_spec.rb b/spec/models/ci/pipeline_spec.rb
index 263db8e58c7a..6f41ba372049 100644
--- a/spec/models/ci/pipeline_spec.rb
+++ b/spec/models/ci/pipeline_spec.rb
@@ -5458,11 +5458,11 @@ def create_bridge(upstream:, downstream:, depends: false)
describe '#cluster_agent_authorizations' do
let(:pipeline) { create(:ci_empty_pipeline, :created) }
- let(:authorization) { instance_double(Clusters::Agents::GroupAuthorization) }
+ let(:authorization) { instance_double(Clusters::Agents::Authorizations::CiAccess::GroupAuthorization) }
let(:finder) { double(execute: [authorization]) }
it 'retrieves authorization records from the finder and caches the result' do
- expect(Clusters::AgentAuthorizationsFinder).to receive(:new).once
+ expect(Clusters::Agents::Authorizations::CiAccess::Finder).to receive(:new).once
.with(pipeline.project)
.and_return(finder)
diff --git a/spec/models/clusters/agent_spec.rb b/spec/models/clusters/agent_spec.rb
index de67bdb32aa8..df8ad861affb 100644
--- a/spec/models/clusters/agent_spec.rb
+++ b/spec/models/clusters/agent_spec.rb
@@ -8,10 +8,10 @@
it { is_expected.to belong_to(:created_by_user).class_name('User').optional }
it { is_expected.to belong_to(:project).class_name('::Project') }
it { is_expected.to have_many(:agent_tokens).class_name('Clusters::AgentToken').order(Clusters::AgentToken.arel_table[:last_used_at].desc.nulls_last) }
- it { is_expected.to have_many(:group_authorizations).class_name('Clusters::Agents::GroupAuthorization') }
- it { is_expected.to have_many(:authorized_groups).through(:group_authorizations) }
- it { is_expected.to have_many(:project_authorizations).class_name('Clusters::Agents::ProjectAuthorization') }
- it { is_expected.to have_many(:authorized_projects).through(:project_authorizations).class_name('::Project') }
+ it { is_expected.to have_many(:ci_access_group_authorizations).class_name('Clusters::Agents::Authorizations::CiAccess::GroupAuthorization') }
+ it { is_expected.to have_many(:ci_access_authorized_groups).through(:ci_access_group_authorizations) }
+ it { is_expected.to have_many(:ci_access_project_authorizations).class_name('Clusters::Agents::Authorizations::CiAccess::ProjectAuthorization') }
+ it { is_expected.to have_many(:ci_access_authorized_projects).through(:ci_access_project_authorizations).class_name('::Project') }
it { is_expected.to validate_presence_of(:name) }
it { is_expected.to validate_length_of(:name).is_at_most(63) }
diff --git a/spec/models/clusters/agents/group_authorization_spec.rb b/spec/models/clusters/agents/authorizations/ci_access/group_authorization_spec.rb
similarity index 67%
rename from spec/models/clusters/agents/group_authorization_spec.rb
rename to spec/models/clusters/agents/authorizations/ci_access/group_authorization_spec.rb
index baeb8f5464e7..2864d6583bd8 100644
--- a/spec/models/clusters/agents/group_authorization_spec.rb
+++ b/spec/models/clusters/agents/authorizations/ci_access/group_authorization_spec.rb
@@ -2,14 +2,14 @@
require 'spec_helper'
-RSpec.describe Clusters::Agents::GroupAuthorization do
+RSpec.describe Clusters::Agents::Authorizations::CiAccess::GroupAuthorization, feature_category: :kubernetes_management do
it { is_expected.to belong_to(:agent).class_name('Clusters::Agent').required }
it { is_expected.to belong_to(:group).class_name('::Group').required }
it { expect(described_class).to validate_jsonb_schema(['config']) }
describe '#config_project' do
- let(:record) { create(:agent_group_authorization) }
+ let(:record) { create(:agent_ci_access_group_authorization) }
it { expect(record.config_project).to eq(record.agent.project) }
end
diff --git a/spec/models/clusters/agents/implicit_authorization_spec.rb b/spec/models/clusters/agents/authorizations/ci_access/implicit_authorization_spec.rb
similarity index 73%
rename from spec/models/clusters/agents/implicit_authorization_spec.rb
rename to spec/models/clusters/agents/authorizations/ci_access/implicit_authorization_spec.rb
index 1f4c5b1ac9e0..9a4f0c286876 100644
--- a/spec/models/clusters/agents/implicit_authorization_spec.rb
+++ b/spec/models/clusters/agents/authorizations/ci_access/implicit_authorization_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-RSpec.describe Clusters::Agents::ImplicitAuthorization do
+RSpec.describe Clusters::Agents::Authorizations::CiAccess::ImplicitAuthorization, feature_category: :kubernetes_management do
let_it_be(:agent) { create(:cluster_agent) }
subject { described_class.new(agent: agent) }
diff --git a/spec/models/clusters/agents/project_authorization_spec.rb b/spec/models/clusters/agents/authorizations/ci_access/project_authorization_spec.rb
similarity index 67%
rename from spec/models/clusters/agents/project_authorization_spec.rb
rename to spec/models/clusters/agents/authorizations/ci_access/project_authorization_spec.rb
index 9ba259356c74..9e2b25e415e2 100644
--- a/spec/models/clusters/agents/project_authorization_spec.rb
+++ b/spec/models/clusters/agents/authorizations/ci_access/project_authorization_spec.rb
@@ -2,14 +2,14 @@
require 'spec_helper'
-RSpec.describe Clusters::Agents::ProjectAuthorization do
+RSpec.describe Clusters::Agents::Authorizations::CiAccess::ProjectAuthorization, feature_category: :kubernetes_management do
it { is_expected.to belong_to(:agent).class_name('Clusters::Agent').required }
it { is_expected.to belong_to(:project).class_name('Project').required }
it { expect(described_class).to validate_jsonb_schema(['config']) }
describe '#config_project' do
- let(:record) { create(:agent_project_authorization) }
+ let(:record) { create(:agent_ci_access_project_authorization) }
it { expect(record.config_project).to eq(record.agent.project) }
end
diff --git a/spec/requests/api/ci/jobs_spec.rb b/spec/requests/api/ci/jobs_spec.rb
index 8b3ec59b785b..25871beeb4f6 100644
--- a/spec/requests/api/ci/jobs_spec.rb
+++ b/spec/requests/api/ci/jobs_spec.rb
@@ -198,22 +198,22 @@ def perform_request
let_it_be(:agent_authorizations_without_env) do
[
- create(:agent_group_authorization, agent: create(:cluster_agent, project: other_project), group: group),
- create(:agent_project_authorization, agent: create(:cluster_agent, project: project), project: project),
- Clusters::Agents::ImplicitAuthorization.new(agent: create(:cluster_agent, project: project))
+ create(:agent_ci_access_group_authorization, agent: create(:cluster_agent, project: other_project), group: group),
+ create(:agent_ci_access_project_authorization, agent: create(:cluster_agent, project: project), project: project),
+ Clusters::Agents::Authorizations::CiAccess::ImplicitAuthorization.new(agent: create(:cluster_agent, project: project))
]
end
let_it_be(:agent_authorizations_with_review_and_production_env) do
[
create(
- :agent_group_authorization,
+ :agent_ci_access_group_authorization,
agent: create(:cluster_agent, project: other_project),
group: group,
environments: ['production', 'review/*']
),
create(
- :agent_project_authorization,
+ :agent_ci_access_project_authorization,
agent: create(:cluster_agent, project: project),
project: project,
environments: ['production', 'review/*']
@@ -224,13 +224,13 @@ def perform_request
let_it_be(:agent_authorizations_with_staging_env) do
[
create(
- :agent_group_authorization,
+ :agent_ci_access_group_authorization,
agent: create(:cluster_agent, project: other_project),
group: group,
environments: ['staging']
),
create(
- :agent_project_authorization,
+ :agent_ci_access_project_authorization,
agent: create(:cluster_agent, project: project),
project: project,
environments: ['staging']
diff --git a/spec/requests/api/internal/kubernetes_spec.rb b/spec/requests/api/internal/kubernetes_spec.rb
index 547b9071f948..56d6f5380261 100644
--- a/spec/requests/api/internal/kubernetes_spec.rb
+++ b/spec/requests/api/internal/kubernetes_spec.rb
@@ -158,8 +158,8 @@ def send_request(headers: {}, params: {})
send_request(params: { agent_id: agent.id, agent_config: config })
expect(response).to have_gitlab_http_status(:no_content)
- expect(agent.authorized_groups).to contain_exactly(group)
- expect(agent.authorized_projects).to contain_exactly(project)
+ expect(agent.ci_access_authorized_groups).to contain_exactly(group)
+ expect(agent.ci_access_authorized_projects).to contain_exactly(project)
end
end
diff --git a/spec/services/ci/generate_kubeconfig_service_spec.rb b/spec/services/ci/generate_kubeconfig_service_spec.rb
index da18dfe04c3f..913aaf11d7dd 100644
--- a/spec/services/ci/generate_kubeconfig_service_spec.rb
+++ b/spec/services/ci/generate_kubeconfig_service_spec.rb
@@ -13,12 +13,12 @@
let_it_be(:project_agent_authorization) do
agent = create(:cluster_agent, project: agent_project)
- create(:agent_project_authorization, agent: agent, project: project)
+ create(:agent_ci_access_project_authorization, agent: agent, project: project)
end
let_it_be(:group_agent_authorization) do
agent = create(:cluster_agent, project: agent_project)
- create(:agent_group_authorization, agent: agent, group: group)
+ create(:agent_ci_access_group_authorization, agent: agent, group: group)
end
let(:template) do
@@ -33,7 +33,7 @@
let(:agent_authorizations) { [project_agent_authorization, group_agent_authorization] }
let(:filter_service) do
instance_double(
- ::Clusters::Agents::FilterAuthorizationsService,
+ ::Clusters::Agents::Authorizations::CiAccess::FilterService,
execute: agent_authorizations
)
end
@@ -42,7 +42,7 @@
before do
allow(Gitlab::Kubernetes::Kubeconfig::Template).to receive(:new).and_return(template)
- allow(::Clusters::Agents::FilterAuthorizationsService).to receive(:new).and_return(filter_service)
+ allow(::Clusters::Agents::Authorizations::CiAccess::FilterService).to receive(:new).and_return(filter_service)
end
it 'returns a Kubeconfig Template' do
@@ -59,7 +59,7 @@
end
it "filters the pipeline's agents by `nil` environment" do
- expect(::Clusters::Agents::FilterAuthorizationsService).to receive(:new).with(
+ expect(::Clusters::Agents::Authorizations::CiAccess::FilterService).to receive(:new).with(
pipeline.cluster_agent_authorizations,
environment: nil
)
@@ -89,7 +89,7 @@
subject(:execute) { described_class.new(pipeline, token: build.token, environment: 'production').execute }
it "filters the pipeline's agents by the specified environment" do
- expect(::Clusters::Agents::FilterAuthorizationsService).to receive(:new).with(
+ expect(::Clusters::Agents::Authorizations::CiAccess::FilterService).to receive(:new).with(
pipeline.cluster_agent_authorizations,
environment: 'production'
)
diff --git a/spec/services/clusters/agents/filter_authorizations_service_spec.rb b/spec/services/clusters/agents/authorizations/ci_access/filter_service_spec.rb
similarity index 80%
rename from spec/services/clusters/agents/filter_authorizations_service_spec.rb
rename to spec/services/clusters/agents/authorizations/ci_access/filter_service_spec.rb
index 62cff405d0cf..45443cfd8878 100644
--- a/spec/services/clusters/agents/filter_authorizations_service_spec.rb
+++ b/spec/services/clusters/agents/authorizations/ci_access/filter_service_spec.rb
@@ -2,16 +2,16 @@
require 'spec_helper'
-RSpec.describe Clusters::Agents::FilterAuthorizationsService, feature_category: :continuous_integration do
+RSpec.describe Clusters::Agents::Authorizations::CiAccess::FilterService, feature_category: :continuous_integration do
describe '#execute' do
let_it_be(:group) { create(:group) }
let_it_be(:project) { create(:project, group: group) }
let(:agent_authorizations_without_env) do
[
- build(:agent_project_authorization, project: project, agent: build(:cluster_agent, project: project)),
- build(:agent_group_authorization, group: group, agent: build(:cluster_agent, project: project)),
- ::Clusters::Agents::ImplicitAuthorization.new(agent: build(:cluster_agent, project: project))
+ build(:agent_ci_access_project_authorization, project: project, agent: build(:cluster_agent, project: project)),
+ build(:agent_ci_access_group_authorization, group: group, agent: build(:cluster_agent, project: project)),
+ ::Clusters::Agents::Authorizations::CiAccess::ImplicitAuthorization.new(agent: build(:cluster_agent, project: project))
]
end
@@ -31,13 +31,13 @@
let(:agent_authorizations_with_env) do
[
build(
- :agent_project_authorization,
+ :agent_ci_access_project_authorization,
project: project,
agent: build(:cluster_agent, project: project),
environments: ['staging', 'review/*', 'production']
),
build(
- :agent_group_authorization,
+ :agent_ci_access_group_authorization,
group: group,
agent: build(:cluster_agent, project: project),
environments: ['staging', 'review/*', 'production']
@@ -48,13 +48,13 @@
let(:agent_authorizations_with_different_env) do
[
build(
- :agent_project_authorization,
+ :agent_ci_access_project_authorization,
project: project,
agent: build(:cluster_agent, project: project),
environments: ['staging']
),
build(
- :agent_group_authorization,
+ :agent_ci_access_group_authorization,
group: group,
agent: build(:cluster_agent, project: project),
environments: ['staging']
diff --git a/spec/services/clusters/agents/refresh_authorization_service_spec.rb b/spec/services/clusters/agents/authorizations/ci_access/refresh_service_spec.rb
similarity index 73%
rename from spec/services/clusters/agents/refresh_authorization_service_spec.rb
rename to spec/services/clusters/agents/authorizations/ci_access/refresh_service_spec.rb
index 51c054ddc984..dc803c94ccb7 100644
--- a/spec/services/clusters/agents/refresh_authorization_service_spec.rb
+++ b/spec/services/clusters/agents/authorizations/ci_access/refresh_service_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-RSpec.describe Clusters::Agents::RefreshAuthorizationService, feature_category: :kubernetes_management do
+RSpec.describe Clusters::Agents::Authorizations::CiAccess::RefreshService, feature_category: :kubernetes_management do
describe '#execute' do
let_it_be(:root_ancestor) { create(:group) }
@@ -39,11 +39,11 @@
before do
default_config = { default_namespace: 'default' }
- agent.group_authorizations.create!(group: removed_group, config: default_config)
- agent.group_authorizations.create!(group: modified_group, config: default_config)
+ agent.ci_access_group_authorizations.create!(group: removed_group, config: default_config)
+ agent.ci_access_group_authorizations.create!(group: modified_group, config: default_config)
- agent.project_authorizations.create!(project: removed_project, config: default_config)
- agent.project_authorizations.create!(project: modified_project, config: default_config)
+ agent.ci_access_project_authorizations.create!(project: removed_project, config: default_config)
+ agent.ci_access_project_authorizations.create!(project: modified_project, config: default_config)
end
shared_examples 'removing authorization' do
@@ -78,12 +78,12 @@
describe 'group authorization' do
it 'refreshes authorizations for the agent' do
expect(subject).to be_truthy
- expect(agent.authorized_groups).to contain_exactly(added_group, modified_group)
+ expect(agent.ci_access_authorized_groups).to contain_exactly(added_group, modified_group)
- added_authorization = agent.group_authorizations.find_by(group: added_group)
+ added_authorization = agent.ci_access_group_authorizations.find_by(group: added_group)
expect(added_authorization.config).to eq({ 'default_namespace' => 'default' })
- modified_authorization = agent.group_authorizations.find_by(group: modified_group)
+ modified_authorization = agent.ci_access_group_authorizations.find_by(group: modified_group)
expect(modified_authorization.config).to eq({ 'default_namespace' => 'new-namespace' })
end
@@ -94,24 +94,24 @@
it 'authorizes groups up to the limit' do
expect(subject).to be_truthy
- expect(agent.authorized_groups).to contain_exactly(added_group)
+ expect(agent.ci_access_authorized_groups).to contain_exactly(added_group)
end
end
include_examples 'removing authorization' do
- let(:authorizations) { agent.authorized_groups }
+ let(:authorizations) { agent.ci_access_authorized_groups }
end
end
describe 'project authorization' do
it 'refreshes authorizations for the agent' do
expect(subject).to be_truthy
- expect(agent.authorized_projects).to contain_exactly(added_project, modified_project)
+ expect(agent.ci_access_authorized_projects).to contain_exactly(added_project, modified_project)
- added_authorization = agent.project_authorizations.find_by(project: added_project)
+ added_authorization = agent.ci_access_project_authorizations.find_by(project: added_project)
expect(added_authorization.config).to eq({ 'default_namespace' => 'default' })
- modified_authorization = agent.project_authorizations.find_by(project: modified_project)
+ modified_authorization = agent.ci_access_project_authorizations.find_by(project: modified_project)
expect(modified_authorization.config).to eq({ 'default_namespace' => 'new-namespace' })
end
@@ -121,7 +121,7 @@
it 'creates an authorization record for the project' do
expect(subject).to be_truthy
- expect(agent.authorized_projects).to contain_exactly(added_project)
+ expect(agent.ci_access_authorized_projects).to contain_exactly(added_project)
end
end
@@ -131,7 +131,7 @@
it 'creates an authorization record for the project' do
expect(subject).to be_truthy
- expect(agent.authorized_projects).to contain_exactly(added_project)
+ expect(agent.ci_access_authorized_projects).to contain_exactly(added_project)
end
end
@@ -142,12 +142,12 @@
it 'authorizes projects up to the limit' do
expect(subject).to be_truthy
- expect(agent.authorized_projects).to contain_exactly(added_project)
+ expect(agent.ci_access_authorized_projects).to contain_exactly(added_project)
end
end
include_examples 'removing authorization' do
- let(:authorizations) { agent.authorized_projects }
+ let(:authorizations) { agent.ci_access_authorized_projects }
end
end
end
diff --git a/spec/support/finder_collection_allowlist.yml b/spec/support/finder_collection_allowlist.yml
index 1b1c98af80d3..25084ece58d8 100644
--- a/spec/support/finder_collection_allowlist.yml
+++ b/spec/support/finder_collection_allowlist.yml
@@ -24,7 +24,7 @@
- Ci::CommitStatusesFinder
- Ci::DailyBuildGroupReportResultsFinder
- ClusterAncestorsFinder
-- Clusters::AgentAuthorizationsFinder
+- Clusters::Agents::Authorizations::CiAccess::Finder
- Clusters::KubernetesNamespaceFinder
- ComplianceManagement::MergeRequests::ComplianceViolationsFinder
- ContainerRepositoriesFinder
------------------------------------------------- Git Diff End -------------------------------------------------
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.