diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-08-23 12:10:23 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-08-23 12:10:23 +0300 |
commit | a95a8847071680f16dbd7c0c0511f6492d00fc45 (patch) | |
tree | 1640e03fec815b8d11c992c64230a4d64929ac04 /app/services/clusters/agents | |
parent | a5549176e1fb5780fa68778571f0eda563dcf090 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app/services/clusters/agents')
-rw-r--r-- | app/services/clusters/agents/refresh_authorization_service.rb | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/app/services/clusters/agents/refresh_authorization_service.rb b/app/services/clusters/agents/refresh_authorization_service.rb new file mode 100644 index 00000000000..0da012da861 --- /dev/null +++ b/app/services/clusters/agents/refresh_authorization_service.rb @@ -0,0 +1,59 @@ +# frozen_string_literal: true + +module Clusters + module Agents + class RefreshAuthorizationService + include Gitlab::Utils::StrongMemoize + + AUTHORIZED_GROUP_LIMIT = 100 + + delegate :project, to: :agent, private: true + + def initialize(agent, config:) + @agent = agent + @config = config + end + + def execute + if allowed_group_configurations.present? + group_ids = allowed_group_configurations.map { |config| config.fetch(:group_id) } + + agent.with_lock do + agent.group_authorizations.upsert_all(allowed_group_configurations, unique_by: [:agent_id, :group_id]) + agent.group_authorizations.where.not(group_id: group_ids).delete_all # rubocop: disable CodeReuse/ActiveRecord + end + else + agent.group_authorizations.delete_all(:delete_all) + end + + true + end + + private + + attr_reader :agent, :config + + def allowed_group_configurations + strong_memoize(:allowed_group_configurations) do + group_entries = config.dig('ci_access', 'groups')&.first(AUTHORIZED_GROUP_LIMIT) + + if group_entries + groups_by_path = group_entries.index_by { |config| config.delete('id') } + + allowed_groups.where_full_path_in(groups_by_path.keys).map do |group| + { group_id: group.id, config: groups_by_path[group.full_path] } + end + end + end + end + + def allowed_groups + if project.root_ancestor.group? + project.root_ancestor.self_and_descendants + else + ::Group.none + end + end + end + end +end |