diff --git a/changelogs/unreleased/63079-migrate-clusters-with-no-token-to-unmanaged.yml b/changelogs/unreleased/63079-migrate-clusters-with-no-token-to-unmanaged.yml new file mode 100644 index 0000000000000000000000000000000000000000..92133af03f7660f8d2d143df9856f418f12a8cc7 --- /dev/null +++ b/changelogs/unreleased/63079-migrate-clusters-with-no-token-to-unmanaged.yml @@ -0,0 +1,6 @@ +--- +title: Migrate GitLab managed project-level clusters to unmanaged if they are missing + a Kubernetes service account token +merge_request: 29648 +author: +type: other diff --git a/db/post_migrate/20190613231640_migrate_managed_clusters_with_no_token_to_unmanaged.rb b/db/post_migrate/20190613231640_migrate_managed_clusters_with_no_token_to_unmanaged.rb new file mode 100644 index 0000000000000000000000000000000000000000..b2914afe2cde1413964eb87e5f5d09efa505e3f7 --- /dev/null +++ b/db/post_migrate/20190613231640_migrate_managed_clusters_with_no_token_to_unmanaged.rb @@ -0,0 +1,48 @@ +# frozen_string_literal: true + +# See http://doc.gitlab.com/ce/development/migration_style_guide.html +# for more information on how to write migrations for GitLab. + +class MigrateManagedClustersWithNoTokenToUnmanaged < ActiveRecord::Migration[5.1] + include Gitlab::Database::MigrationHelpers + + DOWNTIME = false + + disable_ddl_transaction! + + class Cluster < ActiveRecord::Base + include EachBatch + + self.table_name = 'clusters' + + has_many :kubernetes_namespaces, class_name: 'MigrateManagedClustersWithNoTokenToUnmanaged::KubernetesNamespace' + + scope :managed, -> { where(managed: true) } + + enum cluster_type: { + instance_type: 1, + group_type: 2, + project_type: 3 + } + end + + class KubernetesNamespace < ActiveRecord::Base + self.table_name = 'clusters_kubernetes_namespaces' + + belongs_to :cluster, class_name: 'MigrateManagedClustersWithNoTokenToUnmanaged::Cluster' + end + + def up + Cluster.managed + .project_type + .joins(:kubernetes_namespaces) + .where(clusters_kubernetes_namespaces: { encrypted_service_account_token: nil }) + .where('clusters.created_at < ?', Date.new(2018, 12, 1).midnight) + .each_batch do |batch| + batch.update_all(managed: false) + end + end + + def down + end +end diff --git a/spec/migrations/migrate_managed_clusters_with_no_token_to_unmanaged_spec.rb b/spec/migrations/migrate_managed_clusters_with_no_token_to_unmanaged_spec.rb new file mode 100644 index 0000000000000000000000000000000000000000..b73bd16cb60ba02e1b2176cec1c44e0fae330fcc --- /dev/null +++ b/spec/migrations/migrate_managed_clusters_with_no_token_to_unmanaged_spec.rb @@ -0,0 +1,59 @@ +# frozen_string_literal: true + +require 'spec_helper' +require Rails.root.join('db', 'post_migrate', '20190613231640_migrate_managed_clusters_with_no_token_to_unmanaged.rb') + +describe MigrateManagedClustersWithNoTokenToUnmanaged, :migration do + let(:cluster_type) { 'project_type' } + let(:created_at) { Date.new(2018, 11, 1).midnight } + + let!(:cluster) do + table(:clusters).create!( + name: 'cluster', + cluster_type: described_class::Cluster.cluster_types[cluster_type], + managed: true, + created_at: created_at + ) + end + + let!(:kubernetes_namespace) do + table(:clusters_kubernetes_namespaces).create!( + cluster_id: cluster.id, + namespace: 'namespace' + ) + end + + it 'marks the cluster as unmanaged' do + migrate! + expect(cluster.reload).not_to be_managed + end + + context 'cluster is not project type' do + let(:cluster_type) { 'group_type' } + + it 'does not update the cluster' do + migrate! + expect(cluster.reload).to be_managed + end + end + + context 'kubernetes namespace has a service account token' do + before do + kubernetes_namespace.update!(encrypted_service_account_token: "TOKEN") + end + + it 'does not update the cluster' do + migrate! + expect(cluster.reload).to be_managed + end + end + + context 'cluster was created after the cutoff' do + let(:created_at) { Date.new(2019, 1, 1).midnight } + + it 'does not update the cluster' do + migrate! + expect(cluster.reload).to be_managed + end + end +end