Prevent writing operations to git-anex while on a geo readonly node

(temporarily disabling any operations to anex as it's currently not replicated)

Prevent writing operations to git-anex while on a geo readonly node
(temporarily disabling any operations to anex as it's currently not replicated)
9dd9b607 · Gabriel Mazetto · 7560abb3 · 9dd9b607 · 9dd9b607
Commit 9dd9b607 authored Feb 20, 2016 by Gabriel Mazetto
Hide whitespace changes
Inline Side-by-side

Showing with 19 additions and 4 deletions

lib/gitlab/git_access.rb lib/gitlab/git_access.rb +9 -4

spec/lib/gitlab/git_access_spec.rb spec/lib/gitlab/git_access_spec.rb +10 -0

No files found.
--- a/lib/gitlab/git_access.rb
+++ b/lib/gitlab/git_access.rb
@@ -85,6 +85,11 @@ module Gitlab
    end

    def push_access_check(changes)
+
+      if Gitlab::Geo.enabled? && Gitlab::Geo.readonly?
+        return build_status_object(false, "You can't push code on a secondary Gitlab Geo node.")
+      end
+
      return build_status_object(true) if git_annex_branch_sync?(changes)

      if user
@@ -113,10 +118,6 @@ module Gitlab
        return build_status_object(false, "A repository for this project does not exist yet.")
      end

-      if Gitlab::Geo.enabled? && Gitlab::Geo.readonly?
-        return build_status_object(false, "You can't push code on a secondary Gitlab Geo node.")
-      end
-
      if ::License.block_changes?
        message = ::LicenseHelper.license_message(signed_in: true, is_admin: (user && user.is_admin?))
        return build_status_object(false, message)
@@ -327,6 +328,10 @@ module Gitlab
        return build_status_object(false, "Repository does not exist")
      end

+      if Gitlab::Geo.enabled? && Gitlab::Geo.readonly?
+        return build_status_object(false, "You can't use git-anex with Gitlab Geo readonly node.")
+      end
+
      if user.can?(:push_code, project)
        build_status_object(true)
      else

--- a/spec/lib/gitlab/git_access_spec.rb
+++ b/spec/lib/gitlab/git_access_spec.rb
@@ -274,6 +274,16 @@ describe Gitlab::GitAccess, lib: true do
    context "when using git annex" do
      before { project.team << [user, :master] }

+      describe 'and gitlab geo is enabled in a readonly node' do
+        before do
+          allow(Gitlab.config.gitlab_shell).to receive(:git_annex_enabled).and_return(true)
+          allow(Gitlab::Geo).to receive(:enabled?) { true }
+          allow(Gitlab::Geo).to receive(:readonly?) { true }
+        end
+
+        it { expect(access.push_access_check(git_annex_changes)).not_to be_allowed }
+      end
+
      describe 'and git hooks unset' do
        describe 'git annex enabled' do
          before { allow(Gitlab.config.gitlab_shell).to receive(:git_annex_enabled).and_return(true) }