[Backported from EE] Readonly flag for Projects

This is used in EE for the storage migration, and we want to use this in CE as well to be able to migrate projects to hashed_storage.

[Backported from EE] Readonly flag for Projects
This is used in EE for the storage migration, and we want to use this in CE as well to be able to migrate projects to hashed_storage.
38607b48 · Gabriel Mazetto · Nick Thomas · e0e49f2f · 38607b48 · 38607b48
5 changed file
--- a/db/migrate/20160713200638_add_repository_read_only_to_projects.rb
+++ b/db/migrate/20160713200638_add_repository_read_only_to_projects.rb
+class AddRepositoryReadOnlyToProjects < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  def change
+    add_column :projects, :repository_read_only, :boolean
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -1215,6 +1215,7 @@ ActiveRecord::Schema.define(version: 20170921115009) do
    t.datetime "last_repository_updated_at"
    t.integer "storage_version", limit: 2
    t.boolean "resolve_outdated_diff_discussions"
+    t.boolean "repository_read_only"
  end

  add_index "projects", ["ci_id"], name: "index_projects_on_ci_id", using: :btree

--- a/lib/gitlab/git_access.rb
+++ b/lib/gitlab/git_access.rb
@@ -16,7 +16,8 @@ module Gitlab
      account_blocked: 'Your account has been blocked.',
      command_not_allowed: "The command you're trying to execute is not allowed.",
      upload_pack_disabled_over_http: 'Pulling over HTTP is not allowed.',
-      receive_pack_disabled_over_http: 'Pushing over HTTP is not allowed.'
+      receive_pack_disabled_over_http: 'Pushing over HTTP is not allowed.',
+      readonly: 'The repository is temporarily read-only. Please try again later.'
    }.freeze

    DOWNLOAD_COMMANDS = %w{ git-upload-pack git-upload-archive }.freeze
@@ -159,6 +160,10 @@ module Gitlab
    end

    def check_push_access!(changes)
+      if project.repository_read_only?
+        raise UnauthorizedError, ERROR_MESSAGES[:readonly]
+      end
+
      if deploy_key
        check_deploy_key_push_access!
      elsif user

--- a/spec/factories/projects.rb
+++ b/spec/factories/projects.rb
@@ -143,6 +143,10 @@ FactoryGirl.define do
      end
    end

+    trait :read_only_repository do
+      repository_read_only true
+    end
+
    trait :broken_repo do
      after(:create) do |project|
        raise "Failed to create repository!" unless project.create_repository

--- a/spec/lib/gitlab/shell_spec.rb
+++ b/spec/lib/gitlab/shell_spec.rb
@@ -48,14 +48,35 @@ describe Gitlab::Shell do
    end
  end

-  describe '#add_key' do
-    it 'removes trailing garbage' do
-      allow(gitlab_shell).to receive(:gitlab_shell_keys_path).and_return(:gitlab_shell_keys_path)
-      expect(gitlab_shell).to receive(:gitlab_shell_fast_execute).with(
-        [:gitlab_shell_keys_path, 'add-key', 'key-123', 'ssh-rsa foobar']
-      )
-
-      gitlab_shell.add_key('key-123', 'ssh-rsa foobar trailing garbage')
+  describe 'projects commands' do
+    let(:gitlab_shell_path) { File.expand_path('tmp/tests/gitlab-shell') }
+    let(:projects_path) { File.join(gitlab_shell_path, 'bin/gitlab-projects') }
+    let(:gitlab_shell_hooks_path) { File.join(gitlab_shell_path, 'hooks') }
+
+    before do
+      allow(Gitlab.config.gitlab_shell).to receive(:path).and_return(gitlab_shell_path)
+      allow(Gitlab.config.gitlab_shell).to receive(:hooks_path).and_return(gitlab_shell_hooks_path)
+      allow(Gitlab.config.gitlab_shell).to receive(:git_timeout).and_return(800)
+    end
+
+    describe '#mv_repository' do
+      it 'executes the command' do
+        expect(gitlab_shell).to receive(:gitlab_shell_fast_execute).with(
+          [projects_path, 'mv-project', 'storage/path', 'project/path.git', 'new/path.git']
+        )
+        gitlab_shell.mv_repository('storage/path', 'project/path', 'new/path')
+      end
+    end
+
+    describe '#add_key' do
+      it 'removes trailing garbage' do
+        allow(gitlab_shell).to receive(:gitlab_shell_keys_path).and_return(:gitlab_shell_keys_path)
+        expect(gitlab_shell).to receive(:gitlab_shell_fast_execute).with(
+          [:gitlab_shell_keys_path, 'add-key', 'key-123', 'ssh-rsa foobar']
+        )
+
+        gitlab_shell.add_key('key-123', 'ssh-rsa foobar trailing garbage')
+      end
    end
  end

@@ -136,7 +157,7 @@ describe Gitlab::Shell do
      it 'returns true when the command succeeds' do
        expect(Gitlab::Popen).to receive(:popen)
          .with([projects_path, 'rm-project', 'current/storage', 'project/path.git'],
-                nil, popen_vars).and_return([nil, 0])
+            nil, popen_vars).and_return([nil, 0])

        expect(gitlab_shell.remove_repository('current/storage', 'project/path')).to be true
      end
@@ -144,7 +165,7 @@ describe Gitlab::Shell do
      it 'returns false when the command fails' do
        expect(Gitlab::Popen).to receive(:popen)
          .with([projects_path, 'rm-project', 'current/storage', 'project/path.git'],
-                nil, popen_vars).and_return(["error", 1])
+            nil, popen_vars).and_return(["error", 1])

        expect(gitlab_shell.remove_repository('current/storage', 'project/path')).to be false
      end