Merge branch 'ci-secrets-runner-feature' into 'master'

Add check for "secrets" runner feature See merge request gitlab-org/gitlab!34813

Merge branch 'ci-secrets-runner-feature' into 'master'
Add check for "secrets" runner feature See merge request gitlab-org/gitlab!34813
f9b6d616 · Grzegorz Bizon · 3ec87ba8 · 4ebbc03a · f9b6d616 · f9b6d616
Commit f9b6d616 authored Jul 01, 2020 by Grzegorz Bizon
5 changed files
--- a/app/models/concerns/ci/metadatable.rb
+++ b/app/models/concerns/ci/metadatable.rb
@@ -87,3 +87,5 @@ module Ci
    end
  end
 end
+
+Ci::Metadatable.prepend_if_ee('EE::Ci::Metadatable')
--- a/ee/app/models/concerns/ee/ci/metadatable.rb
+++ b/ee/app/models/concerns/ee/ci/metadatable.rb
+# frozen_string_literal: true
+
+module EE
+  module Ci
+    module Metadatable
+      extend ActiveSupport::Concern
+
+      prepended do
+        delegate :secrets?, to: :metadata, prefix: false, allow_nil: true
+      end
+
+      def secrets=(value)
+        ensure_metadata.secrets = value
+      end
+    end
+  end
+end
--- a/ee/app/models/ee/ci/build.rb
+++ b/ee/app/models/ee/ci/build.rb
@@ -19,6 +19,10 @@ module EE
        coverage_fuzzing: :coverage_fuzzing
      }.with_indifferent_access.freeze

+      EE_RUNNER_FEATURES = {
+        secrets: -> (build) { build.ci_secrets_management_available? && build.secrets?}
+      }.freeze
+
      prepended do
        include UsageStatistics
        include FromUnion
@@ -139,6 +143,11 @@ module EE
        project.beta_feature_available?(:ci_secrets_management)
      end

+      override :runner_required_feature_names
+      def runner_required_feature_names
+        super + ee_runner_required_feature_names
+      end
+
      private

      def parse_security_artifact_blob(security_report, blob)
@@ -146,6 +155,14 @@ module EE
        ::Gitlab::Ci::Parsers.fabricate!(security_report.type).parse!(blob, report_clone)
        security_report.merge!(report_clone)
      end
+
+      def ee_runner_required_feature_names
+        strong_memoize(:ee_runner_required_feature_names) do
+          EE_RUNNER_FEATURES.select do |feature, method|
+            method.call(self)
+          end.keys
+        end
+      end
    end
  end
 end
--- a/ee/spec/models/ci/build_spec.rb
+++ b/ee/spec/models/ci/build_spec.rb
@@ -506,4 +506,57 @@ RSpec.describe Ci::Build do
      it { is_expected.to be false }
    end
  end
+
+  describe '#runner_required_feature_names' do
+    let(:valid_secrets) do
+      {
+        DATABASE_PASSWORD: {
+          vault: {
+            engine: { name: 'kv-v2', path: 'kv-v2' },
+            path: 'production/db',
+            field: 'password'
+          }
+        }
+      }
+    end
+    let(:build) { create(:ci_build, secrets: secrets) }
+
+    subject { build.runner_required_feature_names }
+
+    context 'when secrets management feature is available' do
+      before do
+        stub_licensed_features(ci_secrets_management: true)
+      end
+
+      context 'when there are secrets defined' do
+        let(:secrets) { valid_secrets }
+
+        it { is_expected.to include(:secrets) }
+      end
+
+      context 'when there are no secrets defined' do
+        let(:secrets) { {} }
+
+        it { is_expected.not_to include(:secrets) }
+      end
+    end
+
+    context 'when secrets management feature is not available' do
+      before do
+        stub_licensed_features(ci_secrets_management: false)
+      end
+
+      context 'when there are secrets defined' do
+        let(:secrets) { valid_secrets }
+
+        it { is_expected.not_to include(:secrets) }
+      end
+
+      context 'when there are no secrets defined' do
+        let(:secrets) { {} }
+
+        it { is_expected.not_to include(:secrets) }
+      end
+    end
+  end
 end
--- a/spec/services/ci/register_job_service_spec.rb
+++ b/spec/services/ci/register_job_service_spec.rb
@@ -356,13 +356,8 @@ module Ci
      end

      context 'runner feature set is verified' do
-        let!(:pending_job) { create(:ci_build, :pending, pipeline: pipeline) }
-
-        before do
-          expect_any_instance_of(Ci::Build).to receive(:runner_required_feature_names) do
-            [:runner_required_feature]
-          end
-        end
+        let(:options) { { artifacts: { reports: { junit: "junit.xml" } } } }
+        let!(:pending_job) { create(:ci_build, :pending, pipeline: pipeline, options: options) }

        subject { execute(specific_runner, params) }

@@ -378,7 +373,7 @@ module Ci

        context 'when feature is supported by runner' do
          let(:params) do
-            { info: { features: { runner_required_feature: true } } }
+            { info: { features: { upload_multiple_artifacts: true } } }
          end

          it 'does pick job' do