Commit cdc32a72 authored by Etienne Baqué's avatar Etienne Baqué

Merge branch '334565-remove-dependency-proxy-deploy-token-feature-flag' into 'master'

Remove the `dependency_proxy_deploy_tokens` feature flag

See merge request gitlab-org/gitlab!67552
parents 96294925 9a6cee64
......@@ -18,23 +18,14 @@ module Groups
def authenticate_user_from_jwt_token!
return unless dependency_proxy_for_private_groups?
if Feature.enabled?(:dependency_proxy_deploy_tokens)
authenticate_with_http_token do |token, _|
@authentication_result = EMPTY_AUTH_RESULT
found_user = user_from_token(token)
sign_in(found_user) if found_user.is_a?(User)
end
request_bearer_token! unless authenticated_user
else
authenticate_with_http_token do |token, _|
user = user_from_token(token)
sign_in(user) if user
end
request_bearer_token! unless current_user
authenticate_with_http_token do |token, _|
@authentication_result = EMPTY_AUTH_RESULT
found_user = user_from_token(token)
sign_in(found_user) if found_user.is_a?(User)
end
request_bearer_token! unless authenticated_user
end
private
......@@ -51,7 +42,6 @@ module Groups
def user_from_token(token)
token_payload = ::DependencyProxy::AuthTokenService.decoded_token_payload(token)
return User.find(token_payload['user_id']) unless Feature.enabled?(:dependency_proxy_deploy_tokens)
if token_payload['user_id']
token_user = User.find(token_payload['user_id'])
......
---
name: dependency_proxy_deploy_tokens
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/64363
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/334565
milestone: '14.2'
type: development
group: group::package
default_enabled: false
......@@ -65,82 +65,39 @@ RSpec.describe Groups::DependencyProxyForContainersController do
it { is_expected.to have_gitlab_http_status(:not_found) }
end
context 'deploy tokens with dependency_proxy_deploy_tokens disabled' do
before do
stub_feature_flags(dependency_proxy_deploy_tokens: false)
end
context 'with deploy token from a different group,' do
let_it_be(:user) { create(:deploy_token, :group, :dependency_proxy_scopes) }
it { is_expected.to have_gitlab_http_status(:not_found) }
end
context 'with revoked deploy token' do
let_it_be(:user) { create(:deploy_token, :revoked, :group, :dependency_proxy_scopes) }
let_it_be(:group_deploy_token) { create(:group_deploy_token, deploy_token: user, group: group) }
it { is_expected.to have_gitlab_http_status(:not_found) }
end
context 'with expired deploy token' do
let_it_be(:user) { create(:deploy_token, :expired, :group, :dependency_proxy_scopes) }
let_it_be(:group_deploy_token) { create(:group_deploy_token, deploy_token: user, group: group) }
it { is_expected.to have_gitlab_http_status(:not_found) }
end
context 'with deploy token with insufficient scopes' do
let_it_be(:user) { create(:deploy_token, :group) }
let_it_be(:group_deploy_token) { create(:group_deploy_token, deploy_token: user, group: group) }
it { is_expected.to have_gitlab_http_status(:not_found) }
end
context 'with deploy token from a different group,' do
let_it_be(:user) { create(:deploy_token, :group, :dependency_proxy_scopes) }
context 'when a group is not found' do
before do
expect(Group).to receive(:find_by_full_path).and_return(nil)
end
it { is_expected.to have_gitlab_http_status(:not_found) }
end
it { is_expected.to have_gitlab_http_status(:not_found) }
end
context 'deploy tokens with dependency_proxy_deploy_tokens enabled' do
context 'with deploy token from a different group,' do
let_it_be(:user) { create(:deploy_token, :group, :dependency_proxy_scopes) }
it { is_expected.to have_gitlab_http_status(:not_found) }
end
context 'with revoked deploy token' do
let_it_be(:user) { create(:deploy_token, :revoked, :group, :dependency_proxy_scopes) }
let_it_be(:group_deploy_token) { create(:group_deploy_token, deploy_token: user, group: group) }
context 'with revoked deploy token' do
let_it_be(:user) { create(:deploy_token, :revoked, :group, :dependency_proxy_scopes) }
let_it_be(:group_deploy_token) { create(:group_deploy_token, deploy_token: user, group: group) }
it { is_expected.to have_gitlab_http_status(:unauthorized) }
end
it { is_expected.to have_gitlab_http_status(:unauthorized) }
end
context 'with expired deploy token' do
let_it_be(:user) { create(:deploy_token, :expired, :group, :dependency_proxy_scopes) }
let_it_be(:group_deploy_token) { create(:group_deploy_token, deploy_token: user, group: group) }
context 'with expired deploy token' do
let_it_be(:user) { create(:deploy_token, :expired, :group, :dependency_proxy_scopes) }
let_it_be(:group_deploy_token) { create(:group_deploy_token, deploy_token: user, group: group) }
it { is_expected.to have_gitlab_http_status(:unauthorized) }
end
it { is_expected.to have_gitlab_http_status(:unauthorized) }
end
context 'with deploy token with insufficient scopes' do
let_it_be(:user) { create(:deploy_token, :group) }
let_it_be(:group_deploy_token) { create(:group_deploy_token, deploy_token: user, group: group) }
context 'with deploy token with insufficient scopes' do
let_it_be(:user) { create(:deploy_token, :group) }
let_it_be(:group_deploy_token) { create(:group_deploy_token, deploy_token: user, group: group) }
it { is_expected.to have_gitlab_http_status(:not_found) }
end
it { is_expected.to have_gitlab_http_status(:not_found) }
context 'when a group is not found' do
before do
expect(Group).to receive(:find_by_full_path).and_return(nil)
end
context 'when a group is not found' do
before do
expect(Group).to receive(:find_by_full_path).and_return(nil)
end
it { is_expected.to have_gitlab_http_status(:not_found) }
end
it { is_expected.to have_gitlab_http_status(:not_found) }
end
context 'when user is not found' do
......@@ -274,25 +231,6 @@ RSpec.describe Groups::DependencyProxyForContainersController do
it_behaves_like 'returning response status', :success
it_behaves_like 'a package tracking event', described_class.name, 'pull_manifest_from_cache'
end
context 'with dependency_proxy_deploy_tokens feature flag disabled' do
before do
stub_feature_flags(dependency_proxy_deploy_tokens: false)
end
it_behaves_like 'a successful manifest pull'
end
end
context 'a valid deploy token with dependency_proxy_deploy_tokens feature flag disabled' do
let_it_be(:user) { create(:deploy_token, :dependency_proxy_scopes, :group) }
let_it_be(:group_deploy_token) { create(:group_deploy_token, deploy_token: user, group: group) }
before do
stub_feature_flags(dependency_proxy_deploy_tokens: false)
end
it { is_expected.to have_gitlab_http_status(:not_found) }
end
context 'a valid deploy token' do
......@@ -395,25 +333,6 @@ RSpec.describe Groups::DependencyProxyForContainersController do
it_behaves_like 'returning response status', :success
it_behaves_like 'a package tracking event', described_class.name, 'pull_blob_from_cache'
end
context 'with dependency_proxy_deploy_tokens feature flag disabled' do
before do
stub_feature_flags(dependency_proxy_deploy_tokens: false)
end
it_behaves_like 'a successful blob pull'
end
end
context 'a valid deploy token with dependency_proxy_deploy_tokens feature flag disabled' do
let_it_be(:user) { create(:deploy_token, :group, :dependency_proxy_scopes) }
let_it_be(:group_deploy_token) { create(:group_deploy_token, deploy_token: user, group: group) }
before do
stub_feature_flags(dependency_proxy_deploy_tokens: false)
end
it { is_expected.to have_gitlab_http_status(:not_found) }
end
context 'a valid deploy token' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment