Skip to content

Commit

Permalink
fix(authz): Activate the RunAsUserToPermissionsMigration again (#868)
Browse files Browse the repository at this point in the history 
Because the migration is already feature flagged, I think there is no need to expire this migration by using a hard coded date.

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
  • Loading branch information
@jervi @mergify
jervi and mergify[bot] committed Jul 9, 2020
1 parent dfcf3e0 commit f077f72
Show file tree
Hide file tree
Showing 2 changed files with 1 addition and 42 deletions.
13 changes: 1 addition & 12 deletions ...c/main/java/com/netflix/spinnaker/front50/migrations/RunAsUserToPermissionsMigration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,6 @@
import com.netflix.spinnaker.front50.model.pipeline.Trigger;
import com.netflix.spinnaker.front50.model.serviceaccount.ServiceAccount;
import com.netflix.spinnaker.front50.model.serviceaccount.ServiceAccountDAO;
import java.time.Clock;
import java.time.LocalDate;
import java.time.Month;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
Expand All @@ -45,16 +42,12 @@
@ConditionalOnProperty("migrations.migrate-to-managed-service-accounts")
public class RunAsUserToPermissionsMigration implements Migration {

// Only valid until April 1, 2020
private static final LocalDate VALID_UNTIL = LocalDate.of(2020, Month.APRIL, 1);

private static final String SERVICE_ACCOUNT_SUFFIX = "@managed-service-account";
private static final String RUN_AS_USER = "runAsUser";
private static final String ROLES = "roles";

private final PipelineDAO pipelineDAO;
private final ServiceAccountDAO serviceAccountDAO;
private Clock clock = Clock.systemDefaultZone();

@Autowired
public RunAsUserToPermissionsMigration(
Expand All @@ -65,7 +58,7 @@ public RunAsUserToPermissionsMigration(

@Override
public boolean isValid() {
return LocalDate.now(clock).isBefore(VALID_UNTIL);
return true;
}

@Override
Expand Down Expand Up @@ -151,8 +144,4 @@ private String generateSvcAcctName(Pipeline pipeline) {
String pipelineName = pipeline.getId();
return pipelineName.toLowerCase() + SERVICE_ACCOUNT_SUFFIX;
}

void setClock(Clock clock) {
this.clock = clock;
}
}
30 changes: 0 additions & 30 deletions ...roovy/com/netflix/spinnaker/front50/migrations/RunAsUserToPermissionsMigrationSpec.groovy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,6 @@ import com.netflix.spinnaker.front50.model.serviceaccount.ServiceAccount
import com.netflix.spinnaker.front50.model.serviceaccount.ServiceAccountDAO
import spock.lang.Specification
import spock.lang.Subject
import spock.lang.Unroll

import java.time.Clock
import java.time.Instant
import java.time.ZoneId

class RunAsUserToPermissionsMigrationSpec extends Specification {
PipelineDAO pipelineDAO = Mock()
Expand All @@ -23,31 +18,6 @@ class RunAsUserToPermissionsMigrationSpec extends Specification {
@Subject
def migration = new RunAsUserToPermissionsMigration(pipelineDAO, serviceAccountDAO)

def setup() {
migration.setClock(Clock.fixed(Instant.parse("2019-04-01T10:15:30.00Z"), ZoneId.of("Z")))
}

@Unroll
def "should #shouldRun migration if time is #date"() {
given:
migration.setClock(Clock.fixed(Instant.parse(date), ZoneId.of("Z")))

when:
def valid = migration.isValid()

then:
valid == expectedValid

where:
date || expectedValid
"2019-04-01T10:15:30.00Z" || true
"2020-03-31T23:59:59.99Z" || true
"2020-04-01T00:00:00.00Z" || false
"2020-04-02T10:15:30.00Z" || false
shouldRun = "${expectedValid ? '' : 'not '}run"

}

def "should migrate pipeline if one trigger is missing automatic service user"() {
given:
def pipeline = new Pipeline([
Expand Down

0 comments on commit f077f72

Please sign in to comment.