Introduce user access authorizations
NOTE: This MR is built on top of Namespace CiAccess Cluster Authorizations (!116894 - merged).
What does this MR do and why?
This MR introduces a new authorization model for user_access keyword. This is necessary to persist the data in the next MR.
See https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent/-/blob/master/doc/kubernetes_user_access.md for the feature spec details.
Related to Persist GitLab agent's user access configuratio... (#389430 - closed)
Migration details
Up
main: == [advisory_lock_connection] object_id: 274600, pg_backend_pid: 45926
main: == 20230406150254 CreateAgentUserAccessProjectAuthorizationsTable: migrating ==
main: -- create_table(:agent_user_access_project_authorizations)
main: -> 0.0538s
main: == 20230406150254 CreateAgentUserAccessProjectAuthorizationsTable: migrated (0.2375s)
main: == 20230406150354 CreateAgentUserAccessGroupAuthorizationsTable: migrating ====
main: -- create_table(:agent_user_access_group_authorizations)
main: -> 0.0290s
main: == 20230406150354 CreateAgentUserAccessGroupAuthorizationsTable: migrated (0.0588s)
main: == [advisory_lock_connection] object_id: 274600, pg_backend_pid: 45926
ci: == [advisory_lock_connection] object_id: 274920, pg_backend_pid: 45928
ci: == 20230406150254 CreateAgentUserAccessProjectAuthorizationsTable: migrating ==
ci: -- create_table(:agent_user_access_project_authorizations)
ci: -> 0.0317s
I, [2023-04-12T10:26:20.979743 #45750] INFO -- : Database: 'ci', Table: 'agent_user_access_project_authorizations': Lock Writes
ci: == 20230406150254 CreateAgentUserAccessProjectAuthorizationsTable: migrated (0.0610s)
ci: == 20230406150354 CreateAgentUserAccessGroupAuthorizationsTable: migrating ====
ci: -- create_table(:agent_user_access_group_authorizations)
ci: -> 0.0067s
I, [2023-04-12T10:26:20.999586 #45750] INFO -- : Database: 'ci', Table: 'agent_user_access_group_authorizations': Lock Writes
ci: == 20230406150354 CreateAgentUserAccessGroupAuthorizationsTable: migrated (0.0174s)
ci: == [advisory_lock_connection] object_id: 274920, pg_backend_pid: 45928Down
main: == [advisory_lock_connection] object_id: 274240, pg_backend_pid: 49628
main: == 20230406150354 CreateAgentUserAccessGroupAuthorizationsTable: reverting ====
main: -- drop_table(:agent_user_access_group_authorizations)
main: -> 0.0040s
main: == 20230406150354 CreateAgentUserAccessGroupAuthorizationsTable: reverted (0.0099s)
main: == [advisory_lock_connection] object_id: 274240, pg_backend_pid: 49628
main: == [advisory_lock_connection] object_id: 274240, pg_backend_pid: 51629
main: == 20230406150254 CreateAgentUserAccessProjectAuthorizationsTable: reverting ==
main: -- drop_table(:agent_user_access_project_authorizations)
main: -> 0.0057s
main: == 20230406150254 CreateAgentUserAccessProjectAuthorizationsTable: reverted (0.0125s)
main: == [advisory_lock_connection] object_id: 274240, pg_backend_pid: 51629
ci: == [advisory_lock_connection] object_id: 274240, pg_backend_pid: 50499
ci: == 20230406150354 CreateAgentUserAccessGroupAuthorizationsTable: reverting ====
ci: -- drop_table(:agent_user_access_group_authorizations)
ci: -> 0.0041s
ci: == 20230406150354 CreateAgentUserAccessGroupAuthorizationsTable: reverted (0.0233s)
ci: == [advisory_lock_connection] object_id: 274240, pg_backend_pid: 50499
ci: == [advisory_lock_connection] object_id: 274260, pg_backend_pid: 51198
ci: == 20230406150254 CreateAgentUserAccessProjectAuthorizationsTable: reverting ==
ci: -- drop_table(:agent_user_access_project_authorizations)
ci: -> 0.0033s
ci: == 20230406150254 CreateAgentUserAccessProjectAuthorizationsTable: reverted (0.0181s)
ci: == [advisory_lock_connection] object_id: 274260, pg_backend_pid: 51198How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Shinya Maeda