option to make variables protected by default

parent 5bf89395
...@@ -36,7 +36,9 @@ export default class VariableList { ...@@ -36,7 +36,9 @@ export default class VariableList {
}, },
protected: { protected: {
selector: '.js-ci-variable-input-protected', selector: '.js-ci-variable-input-protected',
default: 'false', // use `attr` instead of `data` as we don't want the value to be
// converted. we need the value as a string.
default: $('.js-ci-variable-input-protected').attr('data-default'),
}, },
environment_scope: { environment_scope: {
// We can't use a `.js-` class here because // We can't use a `.js-` class here because
......
...@@ -218,7 +218,8 @@ module ApplicationSettingsHelper ...@@ -218,7 +218,8 @@ module ApplicationSettingsHelper
:version_check_enabled, :version_check_enabled,
:web_ide_clientside_preview_enabled, :web_ide_clientside_preview_enabled,
:diff_max_patch_bytes, :diff_max_patch_bytes,
:commit_email_hostname :commit_email_hostname,
:protected_ci_variables
] ]
end end
......
...@@ -302,7 +302,8 @@ class ApplicationSetting < ActiveRecord::Base ...@@ -302,7 +302,8 @@ class ApplicationSetting < ActiveRecord::Base
user_show_add_ssh_key_message: true, user_show_add_ssh_key_message: true,
usage_stats_set_by_user_id: nil, usage_stats_set_by_user_id: nil,
diff_max_patch_bytes: Gitlab::Git::Diff::DEFAULT_MAX_PATCH_BYTES, diff_max_patch_bytes: Gitlab::Git::Diff::DEFAULT_MAX_PATCH_BYTES,
commit_email_hostname: default_commit_email_hostname commit_email_hostname: default_commit_email_hostname,
protected_ci_variables: false
} }
end end
......
...@@ -49,5 +49,12 @@ ...@@ -49,5 +49,12 @@
Once that time passes, the jobs will be archived and no longer able to be Once that time passes, the jobs will be archived and no longer able to be
retried. Make it empty to never expire jobs. It has to be no less than 1 day, retried. Make it empty to never expire jobs. It has to be no less than 1 day,
for example: <code>15 days</code>, <code>1 month</code>, <code>2 years</code>. for example: <code>15 days</code>, <code>1 month</code>, <code>2 years</code>.
.form-group
.form-check
= f.check_box :protected_ci_variables, class: 'form-check-input'
= f.label :protected_ci_variables, class: 'form-check-label' do
= s_('AdminSettings|Environment variables are protected by default')
.form-text.text-muted
= s_('AdminSettings|When creating a new environment variable it will be protected by default.')
= f.submit 'Save changes', class: "btn btn-success" = f.submit 'Save changes', class: "btn btn-success"
...@@ -5,7 +5,8 @@ ...@@ -5,7 +5,8 @@
- id = variable&.id - id = variable&.id
- key = variable&.key - key = variable&.key
- value = variable&.value - value = variable&.value
- is_protected = variable && !only_key_value ? variable.protected : false - is_protected_default = Gitlab::CurrentSettings.current_application_settings.protected_ci_variables
- is_protected = variable && !only_key_value ? variable.protected : is_protected_default
- id_input_name = "#{form_field}[variables_attributes][][id]" - id_input_name = "#{form_field}[variables_attributes][][id]"
- destroy_input_name = "#{form_field}[variables_attributes][][_destroy]" - destroy_input_name = "#{form_field}[variables_attributes][][_destroy]"
...@@ -39,7 +40,8 @@ ...@@ -39,7 +40,8 @@
%input{ type: "hidden", %input{ type: "hidden",
class: 'js-ci-variable-input-protected js-project-feature-toggle-input', class: 'js-ci-variable-input-protected js-project-feature-toggle-input',
name: protected_input_name, name: protected_input_name,
value: is_protected } value: is_protected,
data: { default: is_protected_default.to_s } }
%span.toggle-icon %span.toggle-icon
= sprite_icon('status_success_borderless', size: 16, css_class: 'toggle-icon-svg toggle-status-checked') = sprite_icon('status_success_borderless', size: 16, css_class: 'toggle-icon-svg toggle-status-checked')
= sprite_icon('status_failed_borderless', size: 16, css_class: 'toggle-icon-svg toggle-status-unchecked') = sprite_icon('status_failed_borderless', size: 16, css_class: 'toggle-icon-svg toggle-status-unchecked')
......
# frozen_string_literal: true
class AddProtectedCiVariablesToApplicationSettings < ActiveRecord::Migration[5.0]
include Gitlab::Database::MigrationHelpers
DOWNTIME = false
disable_ddl_transaction!
def up
add_column_with_default(:application_settings, :protected_ci_variables, :boolean, default: false, allow_null: false)
end
def down
remove_column(:application_settings, :protected_ci_variables)
end
end
...@@ -166,6 +166,7 @@ ActiveRecord::Schema.define(version: 20181126153547) do ...@@ -166,6 +166,7 @@ ActiveRecord::Schema.define(version: 20181126153547) do
t.integer "diff_max_patch_bytes", default: 102400, null: false t.integer "diff_max_patch_bytes", default: 102400, null: false
t.integer "archive_builds_in_seconds" t.integer "archive_builds_in_seconds"
t.string "commit_email_hostname" t.string "commit_email_hostname"
t.boolean "protected_ci_variables", default: false, null: false
t.index ["usage_stats_set_by_user_id"], name: "index_application_settings_on_usage_stats_set_by_user_id", using: :btree t.index ["usage_stats_set_by_user_id"], name: "index_application_settings_on_usage_stats_set_by_user_id", using: :btree
end end
......
...@@ -414,9 +414,15 @@ msgstr "" ...@@ -414,9 +414,15 @@ msgstr ""
msgid "AdminProjects|Delete project" msgid "AdminProjects|Delete project"
msgstr "" msgstr ""
msgid "AdminSettings|Environment variables are protected by default"
msgstr ""
msgid "AdminSettings|Specify a domain to use by default for every project's Auto Review Apps and Auto Deploy stages." msgid "AdminSettings|Specify a domain to use by default for every project's Auto Review Apps and Auto Deploy stages."
msgstr "" msgstr ""
msgid "AdminSettings|When creating a new environment variable it will be protected by default."
msgstr ""
msgid "AdminUsers|Block user" msgid "AdminUsers|Block user"
msgstr "" msgstr ""
......
...@@ -118,6 +118,8 @@ describe('VariableList', () => { ...@@ -118,6 +118,8 @@ describe('VariableList', () => {
loadFixtures('projects/ci_cd_settings.html.raw'); loadFixtures('projects/ci_cd_settings.html.raw');
$wrapper = $('.js-ci-variable-list-section'); $wrapper = $('.js-ci-variable-list-section');
$wrapper.find('.js-ci-variable-input-protected').attr('data-default', 'false');
variableList = new VariableList({ variableList = new VariableList({
container: $wrapper, container: $wrapper,
formField: 'variables', formField: 'variables',
......
...@@ -63,6 +63,44 @@ shared_examples 'variable list' do ...@@ -63,6 +63,44 @@ shared_examples 'variable list' do
end end
end end
context 'defaults to the application setting' do
context 'application setting is true' do
before do
stub_application_setting(protected_ci_variables: true)
end
it 'defaults to protected' do
visit page_path
page.within('.js-ci-variable-list-section .js-row:last-child') do
find('.js-ci-variable-input-key').set('key')
end
values = all('.js-ci-variable-input-protected', visible: false).map(&:value)
expect(values).to eq %w(false true true)
end
end
context 'application setting is false' do
before do
stub_application_setting(protected_ci_variables: false)
end
it 'defaults to unprotected' do
visit page_path
page.within('.js-ci-variable-list-section .js-row:last-child') do
find('.js-ci-variable-input-key').set('key')
end
values = all('.js-ci-variable-input-protected', visible: false).map(&:value)
expect(values).to eq %w(false false false)
end
end
end
it 'reveals and hides variables' do it 'reveals and hides variables' do
page.within('.js-ci-variable-list-section') do page.within('.js-ci-variable-list-section') do
expect(first('.js-ci-variable-input-key').value).to eq(variable.key) expect(first('.js-ci-variable-input-key').value).to eq(variable.key)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment