Skip to content

Backend to show Group Deploy Keys at Project level

Etienne Baqué requested to merge 14729-from-group-deploy-keys-to-projects into master

What does this MR do?

When a Group Deploy Key is enabled at the group level, it should be also enabled for all projects belonging to that group. Consequently, this key should be taken into consideration when retrieving all deploy keys for a given project. For example, they should show up in Project > Repository > Deploy Keys section:

Screenshot_from_2020-08-10_08-24-59

That said, for a given project, enabled group deploy keys should not be returned as part of project.deploy_keys.

This MR chooses to be explicit about the addition of the enabled and eligible group deploy keys, rather than having them returned as part of project.deploy_keys:

  • even though GroupDeployKey is a subclass of Key (like DeployKey), it should be seen as a different entity (it's actually a different table than keys).
  • it may be preferable not to break that existing has_many :deploy_keys association in Project.
  • there may be a scenario where we actually only want project-scoped deploy keys.

Exemple: to show group deploy keys in the Repository view, we would have something like:

# app/presenters/projects/settings/deploy_keys_presenter.rb

def enabled_keys
  strong_memoize(:enabled_keys) do
    project.deploy_keys.with_projects + project.enabled_group_deploy_keys
  end
end

This MR deals with the backend part of showing the group deploy keys at the project level. frontend should dealt with in as part of this issue.

Screenshots

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team

Closes #14729 (closed)

Edited by Etienne Baqué

Merge request reports

Loading