Migrate self-managed custom roles to the instance-level roles
⚠ 🔥 This must be merged for %17.0 release 🔥
What does this MR do and why?
It migrates custom roles on self managed that are assigned to groups to the instance level custom roles.
member_roles.namespace_id is set to NULL and custom role name is updated so that it includes the information about the original group.
Name of the migrated groups
We want to keep our customers informed therefore decided that we will include the information about the original custom role group in its name.
As we have a unique constraint on name - namespace_id scope, we have to make sure we don't have duplicated names after the migration. Group names can be duplicated, therefor I added id to the generated name.
Example of custom role names:
| custom role name before | group id | group name | custom role name after | group id |
|---|---|---|---|---|
| Incident manager | 125 | Gitlab | Incident Manager (Gitlab - 125) | NULL |
| Incident manager | 123 | Gitlab | Incident Manager (Gitlab - 123) | NULL |
Links
Queries
The update query execution plan: https://console.postgres.ai/gitlab/gitlab-production-main/sessions/27412/commands/85369
- the update query will run only on self-managed but I am providing here the queries for gitlab.com for review purposes
- we don't expect many records, maximum tons of records on self-managed instances
- on gitlab.com we have about 1200 custom roles records
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
- In rails console, create few group-level custom roles, at least one instance-level custom role, eg.
group_1 = Group.find(33)
group_2 = Group.find(22)
MemberRole.create(name: 'instance group approver', namespace_id: nil, base_access_level: 10, admin_merge_request: true)
MemberRole.create(name: 'test approver', namespace: group_1, base_access_level: 10, admin_merge_request: true)
MemberRole.create(name: 'test group admin', namespace: group_1, base_access_level: 10, admin_group_member: true)
MemberRole.create(name: 'test approver', namespace: group_2, base_access_level: 10, admin_merge_request: true)- Run the migration
- Check all custom roles have
namespace_id = niland information about the original group (name and id) in the custom role name - The existing instance-level custom role should not be affected (no name update)
- If you try to run the migration on SaaS, nothing should happen
Related to #429281 (closed)