Merge branch 'fix/push-read-only-message' into 'master'

Fix message when pushing to Geo secondary Closes #3945 See merge request gitlab-org/gitlab-ee!3616

Merge branch 'fix/push-read-only-message' into 'master'
Fix message when pushing to Geo secondary Closes #3945 See merge request gitlab-org/gitlab-ee!3616
2f950769 · Douwe Maan · a6158aa0 · ffdf79d1 · 2f950769 · 2f950769
Commit 2f950769 authored Dec 08, 2017 by Douwe Maan
9 changed files
--- a/changelogs/unreleased-ee/fix-push-read-only-message.yml
+++ b/changelogs/unreleased-ee/fix-push-read-only-message.yml
+---
+title: Fix Git message when pushing to Geo secondary
+merge_request: 3616
+author:
+type: fixed
--- a/doc/gitlab-geo/using_a_geo_server.md
+++ b/doc/gitlab-geo/using_a_geo_server.md
+[//]: # (Please update EE::GitLab::GeoGitAccess::GEO_SERVER_DOCS_URL if this file is moved)
+
 # Using a Geo Server

 After you set up the [database replication and configure the GitLab Geo nodes][req],

--- a/ee/lib/ee/gitlab/geo_git_access.rb
+++ b/ee/lib/ee/gitlab/geo_git_access.rb
+module EE
+  module Gitlab
+    module GeoGitAccess
+      include ::Gitlab::ConfigHelper
+      include ::EE::GitlabRoutingHelper
+
+      GEO_SERVER_DOCS_URL = 'https://docs.gitlab.com/ee/gitlab-geo/using_a_geo_server.html'.freeze
+
+      protected
+
+      def project_or_wiki
+        @project
+      end
+
+      private
+
+      def push_to_read_only_message
+        message = super
+
+        if ::Gitlab::Geo.secondary_with_primary?
+          message += " Please use the Primary node URL: #{geo_primary_url_to_repo}. Documentation: #{GEO_SERVER_DOCS_URL}"
+        end
+
+        message
+      end
+
+      def geo_primary_url_to_repo
+        case protocol
+        when 'ssh'
+          geo_primary_ssh_url_to_repo(project_or_wiki)
+        else
+          geo_primary_http_url_to_repo(project_or_wiki)
+        end
+      end
+    end
+  end
+end
--- a/ee/lib/ee/gitlab/git_access.rb
+++ b/ee/lib/ee/gitlab/git_access.rb
 module EE
  module Gitlab
    module GitAccess
+      prepend GeoGitAccess
+
      def check(cmd, changes)
        raise NotImplementedError.new unless defined?(super)


--- a/ee/lib/ee/gitlab/git_access_wiki.rb
+++ b/ee/lib/ee/gitlab/git_access_wiki.rb
+module EE
+  module Gitlab
+    module GitAccessWiki
+      include GeoGitAccess
+
+      private
+
+      def project_or_wiki
+        @project.wiki
+      end
+    end
+  end
+end
--- a/lib/gitlab/git_access.rb
+++ b/lib/gitlab/git_access.rb
@@ -171,7 +171,7 @@ module Gitlab
      end

      if Gitlab::Database.read_only?
-        raise UnauthorizedError, ERROR_MESSAGES[:cannot_push_to_read_only]
+        raise UnauthorizedError, push_to_read_only_message
      end

      if deploy_key
@@ -304,5 +304,9 @@ module Gitlab
                         UserAccess.new(user, project: project)
                       end
    end
+
+    def push_to_read_only_message
+      ERROR_MESSAGES[:cannot_push_to_read_only]
+    end
  end
 end
--- a/lib/gitlab/git_access_wiki.rb
+++ b/lib/gitlab/git_access_wiki.rb
 module Gitlab
  class GitAccessWiki < GitAccess
+    prepend EE::Gitlab::GitAccessWiki
+
    ERROR_MESSAGES = {
      read_only:     "You can't push code to a read-only GitLab instance.",
      write_to_wiki: "You are not allowed to write to this project's wiki."
@@ -19,10 +21,14 @@ module Gitlab
      end

      if Gitlab::Database.read_only?
-        raise UnauthorizedError, ERROR_MESSAGES[:read_only]
+        raise UnauthorizedError, push_to_read_only_message
      end

      true
    end
+
+    def push_to_read_only_message
+      ERROR_MESSAGES[:read_only]
+    end
  end
 end
--- a/spec/ee/spec/lib/ee/gitlab/git_access_spec.rb
+++ b/spec/ee/spec/lib/ee/gitlab/git_access_spec.rb
+require 'spec_helper'
+
+describe Gitlab::GitAccess do
+  set(:user) { create(:user) }
+
+  let(:actor) { user }
+  let(:project) { create(:project, :repository) }
+  let(:protocol) { 'web' }
+  let(:authentication_abilities) { %i[read_project download_code push_code] }
+  let(:redirected_path) { nil }
+
+  let(:access) { described_class.new(actor, project, protocol, authentication_abilities: authentication_abilities, redirected_path: redirected_path) }
+  subject { access.check('git-receive-pack', '_any') }
+
+  context "when in a read-only GitLab instance" do
+    before do
+      create(:protected_branch, name: 'feature', project: project)
+      allow(Gitlab::Database).to receive(:read_only?) { true }
+    end
+
+    it 'denies push access' do
+      project.add_master(user)
+
+      expect { subject }.to raise_unauthorized("You can't push code to a read-only GitLab instance.")
+    end
+
+    it 'denies push access with primary present' do
+      error_message = "You can't push code to a read-only GitLab instance. "\
+"Please use the Primary node URL: https://localhost:3000/gitlab/#{project.full_path}.git. Documentation: https://docs.gitlab.com/ee/gitlab-geo/using_a_geo_server.html"
+
+      primary_node = create(:geo_node, :primary, url: 'https://localhost:3000/gitlab')
+      allow(Gitlab::Geo).to receive(:primary).and_return(primary_node)
+      allow(Gitlab::Geo).to receive(:secondary_with_primary?).and_return(true)
+
+      project.add_master(user)
+
+      expect { subject }.to raise_unauthorized(error_message)
+    end
+  end
+
+  private
+
+  def raise_unauthorized(message)
+    raise_error(Gitlab::GitAccess::UnauthorizedError, message)
+  end
+end
--- a/spec/ee/spec/lib/ee/gitlab/git_access_wiki_spec.rb
+++ b/spec/ee/spec/lib/ee/gitlab/git_access_wiki_spec.rb
+require 'spec_helper'
+
+describe Gitlab::GitAccessWiki do
+  let(:access) { described_class.new(user, project, 'web', authentication_abilities: authentication_abilities, redirected_path: redirected_path) }
+  let(:project) { create(:project, :repository) }
+  let(:user) { create(:user) }
+  let(:changes) { ['6f6d7e7ed 570e7b2ab refs/heads/master'] }
+  let(:redirected_path) { nil }
+  let(:authentication_abilities) do
+    [
+        :read_project,
+        :download_code,
+        :push_code
+    ]
+  end
+
+  subject { access.check('git-receive-pack', changes) }
+
+  context "when in a read-only GitLab instance" do
+    before do
+      create(:protected_branch, name: 'feature', project: project)
+      allow(Gitlab::Database).to receive(:read_only?) { true }
+    end
+
+    it 'denies push access' do
+      project.add_master(user)
+
+      expect { subject }.to raise_unauthorized("You can't push code to a read-only GitLab instance.")
+    end
+
+    it 'denies push access with primary present' do
+      error_message = "You can't push code to a read-only GitLab instance. Please use the Primary node URL: "\
+"https://localhost:3000/gitlab/#{project.full_path}.wiki.git. Documentation: https://docs.gitlab.com/ee/gitlab-geo/using_a_geo_server.html"
+
+      primary_node = create(:geo_node, :primary, url: 'https://localhost:3000/gitlab')
+      allow(Gitlab::Geo).to receive(:primary).and_return(primary_node)
+      allow(Gitlab::Geo).to receive(:secondary_with_primary?).and_return(true)
+
+      project.add_master(user)
+
+      expect { subject }.to raise_unauthorized(error_message)
+    end
+  end
+
+  private
+
+  def raise_unauthorized(message)
+    raise_error(Gitlab::GitAccess::UnauthorizedError, message)
+  end
+end