Run Cleanup Policies with a user
Problem
Currently, when a cleanup policy is run, there is no user associated with it, so the various services and workers pass nil
as the user. This causes problems when checking permissions such as can?(current_user, :destroy_container_image, project)
.
Solution
We should associate a user when a policy is run. There are two potential ways to do this:
- The last user to update the policy is used as the user.
- Pros: Allows for auditing to see who was the last user to change policy settings
- Cons: If the user's permissions are changed/revoked on the policy, the cleanup policy will no longer run
- Use a bot style user to run the policy.
- Pros: The policy will always run, permissions can still be checked.
- Cons: A bot user with a token would be created (perhaps like a project token), which means an additional token is floating around as a security weakness.
References
- See !43359 (merged) for details on the
nil
user currently used.
Edited by Steve Abrams