Update a batch of Project Import/Export relations to use AttributesPermitter & allow-list approach (metrics_setting, project_badges, pipeline_schedules, error_tracking_setting, auto_devops)
Transition 5 small Project Import models to use AttributesPermitter
& allow-list approach when Importing.
This will allow us to see if allow-list approach works as expected, if there are any issues that need to be fixed.
See https://gitlab.com/gitlab-org/gitlab/-/issues/37322 for reasons why.
Proposed list of models:
- project badges
- error tracking setting
- metrics setting
- auto_devops
- pipeline_schedules
Once completed, create a new issue to update the next batch of relations.
Implementation plan
-
backend Extend lib/gitlab/import_export/project/import_export.yml
with new section that contains attributes that should be included for import:
included_attributes:
metrics_setting:
- :project_id
- :external_dashboard_url
- :dashboard_timezone
project_badges:
- :link_url
- :image_url
- :project_id
- :created_at
- :updated_at
- :name
- :type
pipeline_schedules:
- :active
- :created_at
- :cron
- :cron_timezone
- :description
- :next_run_at
- :project_id
- :ref
- :updated_at
error_tracking_setting:
- :api_url
- :project_id
- :organization_name
- :project_name
auto_devops:
- :created_at
- :deploy_strategy
- :enabled
- :project_id
- :updated_at
-
backend Add feature flag to control usage of AttributesPermitter
to be able to disable it in case of unexpected issues, -
backend Modify parsed_relation_hash
method inlib/gitlab/import_export/base/relation_factory.rb
to useAttributesPermitter
when feature flag is enabled and permitted attributes are configured in ImportExport configuration:
diff --git a/lib/gitlab/import_export/base/relation_factory.rb b/lib/gitlab/import_export/base/relation_factory.rb
index 30cd5ccfbcb..633fbcabfc5 100644
--- a/lib/gitlab/import_export/base/relation_factory.rb
+++ b/lib/gitlab/import_export/base/relation_factory.rb
@@ -45,6 +45,7 @@ def self.relation_class(relation_name)
end
def initialize(relation_sym:, relation_index:, relation_hash:, members_mapper:, object_builder:, user:, importable:, excluded_keys: [])
+ @relation_sym = relation_sym
@relation_name = self.class.overrides[relation_sym]&.to_sym || relation_sym
@relation_index = relation_index
@relation_hash = relation_hash.except('noteable_id')
@@ -181,8 +182,17 @@ def imported_object
end
def parsed_relation_hash
- @parsed_relation_hash ||= Gitlab::ImportExport::AttributeCleaner.clean(relation_hash: @relation_hash,
- relation_class: relation_class)
+ strong_memoize(:parsed_relation_hash) do
+ if Feature.enabled?(:permitted_attributes_for_import_export) && attributes_permitter.permitted_attributes_for(@relation_sym).present?
+ attributes_permitter.permit(@relation_sym, @relation_hash.deep_symbolize_keys)
+ else
+ Gitlab::ImportExport::AttributeCleaner.clean(relation_hash: @relation_hash, relation_class: relation_class)
+ end
+ end
+ end
+
+ def attributes_permitter
+ @attributes_permitter ||= Gitlab::ImportExport::AttributesPermitter.new
end
def existing_or_new_object
-
Prepare new issue with next batch of classes that should use AttributesPermitter
,
Edited by Alan (Maciej) Paruszewski