Direct Import: Bug fix for visibility level restrictions
What does this MR do and why?
Addresses #402495 (closed) whereby a Direct Import fails when an internal group is imported onto an instance that has internal visibility level restricted. This also happens when an internal project is imported into a public group.
We had 8 occurrences of this happening in the last 7 days and some customer reports.
After adding more robust tests, the following cases failed with the current logic:
-
internal
group imported intopublic
group withinternal
visibility restricted should be set toprivate
but is set tointernal
-
internal
group imported into no namespace withinternal
visibility restricted should be set toprivate
but is set tointernal
-
internal
project imported intopublic
group withinternal
visibility restricted should be set toprivate
but is set tointernal
This is a bug since the transformer sets the group's visibility to internal even if the visibility level is disabled on the destination instance, leading to an error message "Visibility level internal has been restricted by your GitLab administrator".
The fix
Update the logic for transforming group and project visibility level in lib/bulk_imports/visibility_level.rb
We basically want to consider 3 things:
- The visibility level of the source group/project
- The visibility level of the destination group (if any)
- If there are any restricted visibility levels on the source instance
The updated logic takes the minimum of 1
and 2
and finds the closest allowed (not restricted level) that is <= to that level.
Screenshots or screen recordings
Before | After |
---|---|
before | after |
How to set up and validate locally
Before
- Checkout master
- Sign in as a non-admin user
- Create an internal group, let's call it
source-internal-group
- Create a public group called
destination-public-group
- Sign in as admin
- Restrict internal visibility level on the admin page by checking
Internal
in theRestricted visibility levels
section and saving - Sign in as your non-admin user
- Go to the Direct Import status page
- Import
source-internal-group
intodestination-public-group
- Go to the imports history page and note that the group fails to import. Click on Details and see that the error message is "Visibility level internal has been restricted by your GitLab administrator".
- Import
source-internal-group
into "No namespace" and observe the same result
After
- Checkout this branch
- Go to the Direct Import status page
- Import
source-internal-group
intodestination-public-group
- Go to the imports history page and note that the group does not fail to import.
- Import
source-internal-group
into "No namespace" and observe the same result
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #402495 (closed)