Add environment scope to group CI variables [RUN ALL RSPEC] [RUN AS-IF-FOSS]
What does this MR do?
Inspired by project level scoped variables, store an environment
scope for each group variable and use existing matching logic to
select only those that are relevant when passing variables to a
build.
Because the default scope is '*' (all environments) and there is
not yet a way to modify the scope, these changes alone don't
cause a change in behaviour.Screenshots (strongly suggested)
Migrations
== 20210218040814 AddEnvironmentScopeToGroupVariables: reverting ==============
-- execute(" DELETE FROM ci_group_variables\n WHERE id NOT IN (\n SELECT MIN(id)\n FROM ci_group_variables\n GROUP BY group_id, key\n )\n")
-> 0.0093s
-- transaction_open?()
-> 0.0000s
-- index_exists?(:ci_group_variables, [:group_id, :key], {:unique=>true, :name=>"index_ci_group_variables_on_group_id_and_key", :algorithm=>:concurrently})
-> 0.0053s
-- execute("SET statement_timeout TO 0")
-> 0.0007s
-- add_index(:ci_group_variables, [:group_id, :key], {:unique=>true, :name=>"index_ci_group_variables_on_group_id_and_key", :algorithm=>:concurrently})
-> 0.0099s
-- execute("RESET ALL")
-> 0.0006s
-- transaction_open?()
-> 0.0000s
-- indexes(:ci_group_variables)
-> 0.0016s
-- remove_index(:ci_group_variables, {:algorithm=>:concurrently, :name=>"index_ci_group_variables_on_group_id_and_key_and_environment"})
-> 0.0050s
-- remove_column(:ci_group_variables, :environment_scope)
-> 0.0037s
== 20210218040814 AddEnvironmentScopeToGroupVariables: reverted (0.0382s) =====
== 20210218040814 AddEnvironmentScopeToGroupVariables: migrating ==============
-- column_exists?(:ci_group_variables, :environment_scope)
-> 0.0026s
-- add_column(:ci_group_variables, :environment_scope, :text, {:null=>false, :default=>"*"})
-> 0.0050s
-- transaction_open?()
-> 0.0000s
-- index_exists?(:ci_group_variables, [:group_id, :key, :environment_scope], {:unique=>true, :name=>"index_ci_group_variables_on_group_id_and_key_and_environment", :algorithm=>:concurrently})
-> 0.0038s
-- execute("SET statement_timeout TO 0")
-> 0.0011s
-- add_index(:ci_group_variables, [:group_id, :key, :environment_scope], {:unique=>true, :name=>"index_ci_group_variables_on_group_id_and_key_and_environment", :algorithm=>:concurrently})
-> 0.0055s
-- execute("RESET ALL")
-> 0.0012s
-- transaction_open?()
-> 0.0000s
-- indexes(:ci_group_variables)
-> 0.0031s
-- remove_index(:ci_group_variables, {:algorithm=>:concurrently, :name=>"index_ci_group_variables_on_group_id_and_key"})
-> 0.0045s
-- transaction_open?()
-> 0.0000s
-- current_schema()
-> 0.0003s
-- execute("ALTER TABLE ci_group_variables\nADD CONSTRAINT check_dfe009485a\nCHECK ( char_length(environment_scope) <= 255 )\nNOT VALID;\n")
-> 0.0036s
-- current_schema()
-> 0.0005s
-- execute("ALTER TABLE ci_group_variables VALIDATE CONSTRAINT check_dfe009485a;")
-> 0.0027s
== 20210218040814 AddEnvironmentScopeToGroupVariables: migrated (0.0620s) =====Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry - [-] Documentation (if required)
-
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. - [-] Tested in all supported browsers
- [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
- [-] Label as security and @ mention
@gitlab-com/gl-security/appsec - [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
- [-] Security reports checked/validated by a reviewer from the AppSec team
Edited by Mayra Cabrera