debian-mirror-gitlab/app/models/clusters/agent.rb

141 lines
5.6 KiB
Ruby
Raw Normal View History

2020-10-24 23:57:45 +05:30
# frozen_string_literal: true
module Clusters
class Agent < ApplicationRecord
2023-07-09 08:55:56 +05:30
include FromUnion
2020-10-24 23:57:45 +05:30
self.table_name = 'cluster_agents'
2022-01-26 12:08:38 +05:30
INACTIVE_AFTER = 1.hour.freeze
2022-03-02 08:16:31 +05:30
ACTIVITY_EVENT_LIMIT = 200
2022-01-26 12:08:38 +05:30
2021-03-11 19:13:27 +05:30
belongs_to :created_by_user, class_name: 'User', optional: true
2020-10-24 23:57:45 +05:30
belongs_to :project, class_name: '::Project' # Otherwise, it will load ::Clusters::Project
2022-07-23 23:45:48 +05:30
has_many :agent_tokens, -> { order_last_used_at_desc }, class_name: 'Clusters::AgentToken', inverse_of: :agent
2023-07-09 08:55:56 +05:30
has_many :active_agent_tokens, -> { active.order_last_used_at_desc }, class_name: 'Clusters::AgentToken', inverse_of: :agent
2020-10-24 23:57:45 +05:30
2023-06-20 00:43:36 +05:30
has_many :ci_access_group_authorizations, class_name: 'Clusters::Agents::Authorizations::CiAccess::GroupAuthorization'
has_many :ci_access_authorized_groups, class_name: '::Group', through: :ci_access_group_authorizations, source: :group
2021-11-11 11:23:49 +05:30
2023-06-20 00:43:36 +05:30
has_many :ci_access_project_authorizations, class_name: 'Clusters::Agents::Authorizations::CiAccess::ProjectAuthorization'
has_many :ci_access_authorized_projects, class_name: '::Project', through: :ci_access_project_authorizations, source: :project
has_many :user_access_group_authorizations, class_name: 'Clusters::Agents::Authorizations::UserAccess::GroupAuthorization'
has_many :user_access_authorized_groups, class_name: '::Group', through: :user_access_group_authorizations, source: :group
has_many :user_access_project_authorizations, class_name: 'Clusters::Agents::Authorizations::UserAccess::ProjectAuthorization'
has_many :user_access_authorized_projects, class_name: '::Project', through: :user_access_project_authorizations, source: :project
2021-11-11 11:23:49 +05:30
2022-01-26 12:08:38 +05:30
has_many :activity_events, -> { in_timeline_order }, class_name: 'Clusters::Agents::ActivityEvent', inverse_of: :agent
2021-01-03 14:25:43 +05:30
scope :ordered_by_name, -> { order(:name) }
2020-11-24 15:15:51 +05:30
scope :with_name, -> (name) { where(name: name) }
2022-07-23 23:45:48 +05:30
scope :has_vulnerabilities, -> (value = true) { where(has_vulnerabilities: value) }
2020-11-24 15:15:51 +05:30
2020-10-24 23:57:45 +05:30
validates :name,
presence: true,
length: { maximum: 63 },
uniqueness: { scope: :project_id },
format: {
with: Gitlab::Regex.cluster_agent_name_regex,
message: Gitlab::Regex.cluster_agent_name_regex_message
}
2021-02-22 17:27:13 +05:30
def has_access_to?(requested_project)
requested_project == project
end
2022-01-26 12:08:38 +05:30
2022-03-02 08:16:31 +05:30
def connected?
agent_tokens.active.where("last_used_at > ?", INACTIVE_AFTER.ago).exists?
end
def activity_event_deletion_cutoff
# Order is defined by the association
activity_events
.offset(ACTIVITY_EVENT_LIMIT - 1)
.pick(:recorded_at)
2022-01-26 12:08:38 +05:30
end
2022-07-23 23:45:48 +05:30
def to_ability_name
:cluster
end
2023-07-09 08:55:56 +05:30
def ci_access_authorized_for?(user)
return false unless user
return false unless ::Feature.enabled?(:expose_authorized_cluster_agents, project)
::Project.from_union(
all_ci_access_authorized_projects_for(user).limit(1),
all_ci_access_authorized_namespaces_for(user).limit(1)
).exists?
end
def user_access_authorized_for?(user)
return false unless user
return false unless ::Feature.enabled?(:expose_authorized_cluster_agents, project)
Clusters::Agents::Authorizations::UserAccess::Finder
.new(user, agent: self, preload: false, limit: 1).execute.any?
end
# As of today, all config values of associated authorization rows have the same value.
# See `UserAccess::RefreshService` for more information.
def user_access_config
self.class.from_union(
user_access_project_authorizations.select('config').limit(1),
user_access_group_authorizations.select('config').limit(1)
).compact.first&.config
end
private
def all_ci_access_authorized_projects_for(user)
::Project.joins(:ci_access_project_authorizations)
.joins(:project_authorizations)
.where(agent_project_authorizations: { agent_id: id })
.where(project_authorizations: { user_id: user.id, access_level: Gitlab::Access::DEVELOPER.. })
end
def all_ci_access_authorized_namespaces_for(user)
::Project.with(root_namespace_cte.to_arel)
.with(all_ci_access_authorized_namespaces_cte.to_arel)
.joins('INNER JOIN all_authorized_namespaces ON all_authorized_namespaces.id = projects.namespace_id')
.joins(:project_authorizations)
.where(project_authorizations: { user_id: user.id, access_level: Gitlab::Access::DEVELOPER.. })
end
def root_namespace_cte
Gitlab::SQL::CTE.new(:root_namespace, root_namespace.to_sql)
end
def all_ci_access_authorized_namespaces_cte
Gitlab::SQL::CTE.new(:all_authorized_namespaces, all_ci_access_authorized_namespaces.to_sql)
end
def all_ci_access_authorized_namespaces
Namespace.select("traversal_ids[array_length(traversal_ids, 1)] AS id")
.joins("INNER JOIN root_namespace ON " \
"namespaces.traversal_ids @> ARRAY[root_namespace.root_id]")
.joins("INNER JOIN agent_group_authorizations ON " \
"namespaces.traversal_ids @> ARRAY[agent_group_authorizations.group_id::integer]")
.where(agent_group_authorizations: { agent_id: id })
end
def root_namespace
Namespace.select("traversal_ids[1] AS root_id")
.where("traversal_ids @> ARRAY(?)", project_namespace)
.limit(1)
end
def project_namespace
::Project.select('namespace_id')
.joins(:cluster_agents)
.where(cluster_agents: { id: id })
.limit(1)
end
2020-10-24 23:57:45 +05:30
end
end
2022-08-13 15:12:31 +05:30
Clusters::Agent.prepend_mod_with('Clusters::Agent')