Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/db/post_migrate/20210908132335_disable_job_token_scope_when_unused.rb
diff options
context:
space:
mode:
Diffstat (limited to 'db/post_migrate/20210908132335_disable_job_token_scope_when_unused.rb')
-rw-r--r--db/post_migrate/20210908132335_disable_job_token_scope_when_unused.rb52
1 files changed, 52 insertions, 0 deletions
diff --git a/db/post_migrate/20210908132335_disable_job_token_scope_when_unused.rb b/db/post_migrate/20210908132335_disable_job_token_scope_when_unused.rb
new file mode 100644
index 00000000000..2e6ad12f928
--- /dev/null
+++ b/db/post_migrate/20210908132335_disable_job_token_scope_when_unused.rb
@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+class DisableJobTokenScopeWhenUnused < Gitlab::Database::Migration[1.0]
+ disable_ddl_transaction!
+
+ class ProjectCiCdSetting < ApplicationRecord
+ include EachBatch
+
+ self.table_name = 'project_ci_cd_settings'
+ end
+
+ module Ci
+ module JobToken
+ class ProjectScopeLink < ApplicationRecord
+ self.table_name = 'ci_job_token_project_scope_links'
+ end
+ end
+ end
+
+ def up
+ # Disabling job token scope after db/migrate/20210902171808_set_default_job_token_scope_false.rb
+ # if users haven't configured it.
+ ProjectCiCdSetting.each_batch(of: 10_000) do |settings|
+ with_enabled_but_unused_scope(settings).each_batch(of: 500) do |settings_to_update|
+ settings_to_update.update_all(job_token_scope_enabled: false)
+ end
+ end
+ end
+
+ def down
+ # irreversible data migration
+
+ # The migration relies on the state of `job_token_scope_enabled` and
+ # updates it based on whether the feature is used or not.
+ #
+ # The inverse migration would be to set `job_token_scope_enabled: true`
+ # for those projects that have the feature disabled and unused. But there
+ # could be also existing cases where the feature is disabled and unused.
+ # For example, old projects.
+ end
+
+ private
+
+ # The presence of ProjectScopeLinks means that the job token scope
+ # is configured and we need to leave it enabled. Unused job token scope
+ # can be disabled since they weren't configured.
+ def with_enabled_but_unused_scope(settings)
+ settings
+ .where(job_token_scope_enabled: true)
+ .where.not(project_id: Ci::JobToken::ProjectScopeLink.select(:source_project_id))
+ end
+end
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-15 23:59:44 +0300