diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-04-14 15:08:53 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-04-14 15:08:53 +0300 |
commit | 8a5138ed7d38ccff8b5ca2fe0f7bbb77f8fdaad3 (patch) | |
tree | 4c0d373c990fc01cacff9b4093366ab398fcb7d3 /db | |
parent | 6d8f30ab0ae82678f10450d2158f24772f0c765c (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'db')
13 files changed, 187 insertions, 14 deletions
diff --git a/db/docs/agent_user_access_group_authorizations.yml b/db/docs/agent_user_access_group_authorizations.yml new file mode 100644 index 00000000000..659b36bd61f --- /dev/null +++ b/db/docs/agent_user_access_group_authorizations.yml @@ -0,0 +1,10 @@ +--- +table_name: agent_user_access_group_authorizations +classes: +- Clusters::Agents::Authorizations::UserAccess::GroupAuthorization +feature_categories: +- kubernetes_management +description: Configuration for a group that is authorized to use a particular cluster agent through user_access keyword +introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/116901 +milestone: '15.11' +gitlab_schema: gitlab_main diff --git a/db/docs/agent_user_access_project_authorizations.yml b/db/docs/agent_user_access_project_authorizations.yml new file mode 100644 index 00000000000..0f0953da630 --- /dev/null +++ b/db/docs/agent_user_access_project_authorizations.yml @@ -0,0 +1,10 @@ +--- +table_name: agent_user_access_project_authorizations +classes: +- Clusters::Agents::Authorizations::UserAccess::ProjectAuthorization +feature_categories: +- kubernetes_management +description: Configuration for a project that is authorized to use a particular cluster agent through user_access keyword +introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/116901 +milestone: '15.11' +gitlab_schema: gitlab_main diff --git a/db/docs/batched_background_migrations/backfill_admin_mode_scope_for_personal_access_tokens.yml b/db/docs/batched_background_migrations/backfill_admin_mode_scope_for_personal_access_tokens.yml new file mode 100644 index 00000000000..33f3371e294 --- /dev/null +++ b/db/docs/batched_background_migrations/backfill_admin_mode_scope_for_personal_access_tokens.yml @@ -0,0 +1,6 @@ +--- +migration_job_name: BackfillAdminModeScopeForPersonalAccessTokens +description: backfills `admin_mode` scope to personal access tokens associated to administrators +feature_category: system_access +introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/107875 +milestone: 15.8 diff --git a/db/migrate/20230406150254_create_agent_user_access_project_authorizations_table.rb b/db/migrate/20230406150254_create_agent_user_access_project_authorizations_table.rb new file mode 100644 index 00000000000..1adc3bb001a --- /dev/null +++ b/db/migrate/20230406150254_create_agent_user_access_project_authorizations_table.rb @@ -0,0 +1,17 @@ +# frozen_string_literal: true + +class CreateAgentUserAccessProjectAuthorizationsTable < Gitlab::Database::Migration[2.1] + INDEX_NAME_1 = 'index_agent_user_access_on_project_id' + INDEX_NAME_2 = 'index_agent_user_access_on_agent_id_and_project_id' + + def change + create_table :agent_user_access_project_authorizations do |t| + t.bigint :project_id, null: false + t.bigint :agent_id, null: false + t.jsonb :config, null: false + + t.index [:project_id], name: INDEX_NAME_1 + t.index [:agent_id, :project_id], unique: true, name: INDEX_NAME_2 + end + end +end diff --git a/db/migrate/20230406150354_create_agent_user_access_group_authorizations_table.rb b/db/migrate/20230406150354_create_agent_user_access_group_authorizations_table.rb new file mode 100644 index 00000000000..1d4df7d7330 --- /dev/null +++ b/db/migrate/20230406150354_create_agent_user_access_group_authorizations_table.rb @@ -0,0 +1,17 @@ +# frozen_string_literal: true + +class CreateAgentUserAccessGroupAuthorizationsTable < Gitlab::Database::Migration[2.1] + INDEX_NAME_1 = 'index_agent_user_access_on_group_id' + INDEX_NAME_2 = 'index_agent_user_access_on_agent_id_and_group_id' + + def change + create_table :agent_user_access_group_authorizations do |t| + t.bigint :group_id, null: false + t.bigint :agent_id, null: false + t.jsonb :config, null: false + + t.index [:group_id], name: INDEX_NAME_1 + t.index [:agent_id, :group_id], unique: true, name: INDEX_NAME_2 + end + end +end diff --git a/db/migrate/20230406150454_add_fks_to_agent_user_access_authorizations.rb b/db/migrate/20230406150454_add_fks_to_agent_user_access_authorizations.rb new file mode 100644 index 00000000000..62f00620108 --- /dev/null +++ b/db/migrate/20230406150454_add_fks_to_agent_user_access_authorizations.rb @@ -0,0 +1,34 @@ +# frozen_string_literal: true + +class AddFksToAgentUserAccessAuthorizations < Gitlab::Database::Migration[2.1] + disable_ddl_transaction! + + def up + add_concurrent_foreign_key :agent_user_access_project_authorizations, :projects, + column: :project_id, on_delete: :cascade + add_concurrent_foreign_key :agent_user_access_project_authorizations, :cluster_agents, + column: :agent_id, on_delete: :cascade + add_concurrent_foreign_key :agent_user_access_group_authorizations, :namespaces, + column: :group_id, on_delete: :cascade + add_concurrent_foreign_key :agent_user_access_group_authorizations, :cluster_agents, + column: :agent_id, on_delete: :cascade + end + + def down + with_lock_retries do + remove_foreign_key_if_exists :agent_user_access_project_authorizations, column: :project_id + end + + with_lock_retries do + remove_foreign_key_if_exists :agent_user_access_project_authorizations, column: :agent_id + end + + with_lock_retries do + remove_foreign_key_if_exists :agent_user_access_group_authorizations, column: :group_id + end + + with_lock_retries do + remove_foreign_key_if_exists :agent_user_access_group_authorizations, column: :agent_id + end + end +end diff --git a/db/post_migrate/20221228103133_queue_backfill_admin_mode_scope_for_personal_access_tokens.rb b/db/post_migrate/20221228103133_queue_backfill_admin_mode_scope_for_personal_access_tokens.rb index c111d5090e1..577d55f4df6 100644 --- a/db/post_migrate/20221228103133_queue_backfill_admin_mode_scope_for_personal_access_tokens.rb +++ b/db/post_migrate/20221228103133_queue_backfill_admin_mode_scope_for_personal_access_tokens.rb @@ -1,21 +1,11 @@ # frozen_string_literal: true class QueueBackfillAdminModeScopeForPersonalAccessTokens < Gitlab::Database::Migration[2.1] - MIGRATION = 'BackfillAdminModeScopeForPersonalAccessTokens' - DELAY_INTERVAL = 2.minutes - restrict_gitlab_migration gitlab_schema: :gitlab_main - def up - queue_batched_background_migration( - MIGRATION, - :personal_access_tokens, - :id, - job_interval: DELAY_INTERVAL - ) - end + # no-op as the original migration is rescheduled + # in migrations version 20230406093640 + def up; end - def down - delete_batched_background_migration(MIGRATION, :personal_access_tokens, :id, []) - end + def down; end end diff --git a/db/post_migrate/20230406093640_requeue_backfill_admin_mode_scope_for_personal_access_tokens.rb b/db/post_migrate/20230406093640_requeue_backfill_admin_mode_scope_for_personal_access_tokens.rb new file mode 100644 index 00000000000..17ba9edef22 --- /dev/null +++ b/db/post_migrate/20230406093640_requeue_backfill_admin_mode_scope_for_personal_access_tokens.rb @@ -0,0 +1,23 @@ +# frozen_string_literal: true + +class RequeueBackfillAdminModeScopeForPersonalAccessTokens < Gitlab::Database::Migration[2.1] + MIGRATION = 'BackfillAdminModeScopeForPersonalAccessTokens' + DELAY_INTERVAL = 2.minutes + + restrict_gitlab_migration gitlab_schema: :gitlab_main + + def up + delete_batched_background_migration(MIGRATION, :personal_access_tokens, :id, []) + + queue_batched_background_migration( + MIGRATION, + :personal_access_tokens, + :id, + job_interval: DELAY_INTERVAL + ) + end + + def down + delete_batched_background_migration(MIGRATION, :personal_access_tokens, :id, []) + end +end diff --git a/db/schema_migrations/20230406093640 b/db/schema_migrations/20230406093640 new file mode 100644 index 00000000000..3bc9003b2fa --- /dev/null +++ b/db/schema_migrations/20230406093640 @@ -0,0 +1 @@ +a49416e1b59ffb29bf2015c96e6bdf92428036862102fbbfa63284cc1da53c82
\ No newline at end of file diff --git a/db/schema_migrations/20230406150254 b/db/schema_migrations/20230406150254 new file mode 100644 index 00000000000..3e3463a76f9 --- /dev/null +++ b/db/schema_migrations/20230406150254 @@ -0,0 +1 @@ +2b8aea677f295a0ab8f5ca9fbe7162156a06de89bd30ab5b252eb4460bcc7a2e
\ No newline at end of file diff --git a/db/schema_migrations/20230406150354 b/db/schema_migrations/20230406150354 new file mode 100644 index 00000000000..484af1e53ad --- /dev/null +++ b/db/schema_migrations/20230406150354 @@ -0,0 +1 @@ +2f1ef88ab1731b20821a86a74006ed0856d3c7baa5e197f72410aedb15cb2894
\ No newline at end of file diff --git a/db/schema_migrations/20230406150454 b/db/schema_migrations/20230406150454 new file mode 100644 index 00000000000..f7237bd5ef2 --- /dev/null +++ b/db/schema_migrations/20230406150454 @@ -0,0 +1 @@ +9966f807ce21016777a87d437355241cd8e5cacf2ccd143258ef0446e6f26e93
\ No newline at end of file diff --git a/db/structure.sql b/db/structure.sql index 26d2a9c5787..600cac16e96 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -10858,6 +10858,38 @@ CREATE SEQUENCE agent_project_authorizations_id_seq ALTER SEQUENCE agent_project_authorizations_id_seq OWNED BY agent_project_authorizations.id; +CREATE TABLE agent_user_access_group_authorizations ( + id bigint NOT NULL, + group_id bigint NOT NULL, + agent_id bigint NOT NULL, + config jsonb NOT NULL +); + +CREATE SEQUENCE agent_user_access_group_authorizations_id_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + +ALTER SEQUENCE agent_user_access_group_authorizations_id_seq OWNED BY agent_user_access_group_authorizations.id; + +CREATE TABLE agent_user_access_project_authorizations ( + id bigint NOT NULL, + project_id bigint NOT NULL, + agent_id bigint NOT NULL, + config jsonb NOT NULL +); + +CREATE SEQUENCE agent_user_access_project_authorizations_id_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + +ALTER SEQUENCE agent_user_access_project_authorizations_id_seq OWNED BY agent_user_access_project_authorizations.id; + CREATE TABLE alert_management_alert_assignees ( id bigint NOT NULL, user_id bigint NOT NULL, @@ -24534,6 +24566,10 @@ ALTER TABLE ONLY agent_group_authorizations ALTER COLUMN id SET DEFAULT nextval( ALTER TABLE ONLY agent_project_authorizations ALTER COLUMN id SET DEFAULT nextval('agent_project_authorizations_id_seq'::regclass); +ALTER TABLE ONLY agent_user_access_group_authorizations ALTER COLUMN id SET DEFAULT nextval('agent_user_access_group_authorizations_id_seq'::regclass); + +ALTER TABLE ONLY agent_user_access_project_authorizations ALTER COLUMN id SET DEFAULT nextval('agent_user_access_project_authorizations_id_seq'::regclass); + ALTER TABLE ONLY alert_management_alert_assignees ALTER COLUMN id SET DEFAULT nextval('alert_management_alert_assignees_id_seq'::regclass); ALTER TABLE ONLY alert_management_alert_metric_images ALTER COLUMN id SET DEFAULT nextval('alert_management_alert_metric_images_id_seq'::regclass); @@ -26234,6 +26270,12 @@ ALTER TABLE ONLY agent_group_authorizations ALTER TABLE ONLY agent_project_authorizations ADD CONSTRAINT agent_project_authorizations_pkey PRIMARY KEY (id); +ALTER TABLE ONLY agent_user_access_group_authorizations + ADD CONSTRAINT agent_user_access_group_authorizations_pkey PRIMARY KEY (id); + +ALTER TABLE ONLY agent_user_access_project_authorizations + ADD CONSTRAINT agent_user_access_project_authorizations_pkey PRIMARY KEY (id); + ALTER TABLE ONLY alert_management_alert_assignees ADD CONSTRAINT alert_management_alert_assignees_pkey PRIMARY KEY (id); @@ -29409,6 +29451,14 @@ CREATE UNIQUE INDEX index_agent_project_authorizations_on_agent_id_and_project_i CREATE INDEX index_agent_project_authorizations_on_project_id ON agent_project_authorizations USING btree (project_id); +CREATE UNIQUE INDEX index_agent_user_access_on_agent_id_and_group_id ON agent_user_access_group_authorizations USING btree (agent_id, group_id); + +CREATE UNIQUE INDEX index_agent_user_access_on_agent_id_and_project_id ON agent_user_access_project_authorizations USING btree (agent_id, project_id); + +CREATE INDEX index_agent_user_access_on_group_id ON agent_user_access_group_authorizations USING btree (group_id); + +CREATE INDEX index_agent_user_access_on_project_id ON agent_user_access_project_authorizations USING btree (project_id); + CREATE INDEX index_alert_assignees_on_alert_id ON alert_management_alert_assignees USING btree (alert_id); CREATE UNIQUE INDEX index_alert_assignees_on_user_id_and_alert_id ON alert_management_alert_assignees USING btree (user_id, alert_id); @@ -34320,6 +34370,9 @@ ALTER TABLE ONLY epics ALTER TABLE ONLY environments ADD CONSTRAINT fk_01a033a308 FOREIGN KEY (merge_request_id) REFERENCES merge_requests(id) ON DELETE SET NULL; +ALTER TABLE ONLY agent_user_access_project_authorizations + ADD CONSTRAINT fk_0250c0ad51 FOREIGN KEY (agent_id) REFERENCES cluster_agents(id) ON DELETE CASCADE; + ALTER TABLE ONLY incident_management_escalation_rules ADD CONSTRAINT fk_0314ee86eb FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE; @@ -34617,6 +34670,9 @@ ALTER TABLE ONLY alert_management_alerts ALTER TABLE ONLY path_locks ADD CONSTRAINT fk_5265c98f24 FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE; +ALTER TABLE ONLY agent_user_access_group_authorizations + ADD CONSTRAINT fk_53fd98ccbf FOREIGN KEY (group_id) REFERENCES namespaces(id) ON DELETE CASCADE; + ALTER TABLE ONLY clusters_applications_prometheus ADD CONSTRAINT fk_557e773639 FOREIGN KEY (cluster_id) REFERENCES clusters(id) ON DELETE CASCADE; @@ -34737,6 +34793,9 @@ ALTER TABLE ONLY vulnerabilities ALTER TABLE ONLY oauth_openid_requests ADD CONSTRAINT fk_77114b3b09 FOREIGN KEY (access_grant_id) REFERENCES oauth_access_grants(id) ON DELETE CASCADE; +ALTER TABLE ONLY agent_user_access_project_authorizations + ADD CONSTRAINT fk_78034b05d8 FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE; + ALTER TABLE ONLY users ADD CONSTRAINT fk_789cd90b35 FOREIGN KEY (accepted_term_id) REFERENCES application_setting_terms(id) ON DELETE CASCADE; @@ -34854,6 +34913,9 @@ ALTER TABLE ONLY boards_epic_list_user_preferences ALTER TABLE ONLY issues ADD CONSTRAINT fk_96b1dd429c FOREIGN KEY (milestone_id) REFERENCES milestones(id) ON DELETE SET NULL; +ALTER TABLE ONLY agent_user_access_group_authorizations + ADD CONSTRAINT fk_97ce8e8284 FOREIGN KEY (agent_id) REFERENCES cluster_agents(id) ON DELETE CASCADE; + ALTER TABLE ONLY vulnerability_occurrences ADD CONSTRAINT fk_97ffe77653 FOREIGN KEY (vulnerability_id) REFERENCES vulnerabilities(id) ON DELETE SET NULL; |