diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-11-05 03:13:17 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-11-05 03:13:17 +0300 |
commit | cdd01f01dcca9b2ec93f3e0538329c0b6cb222ae (patch) | |
tree | 13c6a586eeab9ae476b51ece57e8bfe78aa85e5e | |
parent | 2fdc3eaafbfcaef2dcfea4629be5ec67595e7e6f (diff) |
Add latest changes from gitlab-org/gitlab@master
-rw-r--r-- | app/services/issues/create_service.rb | 6 | ||||
-rw-r--r-- | app/views/admin/topics/_topic.html.haml | 2 | ||||
-rw-r--r-- | db/post_migrate/20211104044453_remove_redundant_events_index.rb | 13 | ||||
-rw-r--r-- | db/schema_migrations/20211104044453 | 1 | ||||
-rw-r--r-- | db/structure.sql | 2 | ||||
-rw-r--r-- | doc/user/clusters/agent/repository.md | 8 | ||||
-rw-r--r-- | doc/user/packages/generic_packages/index.md | 5 | ||||
-rw-r--r-- | spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb | 4 | ||||
-rw-r--r-- | spec/fixtures/emails/service_desk_forwarded.eml | 4 | ||||
-rw-r--r-- | spec/lib/gitlab/application_rate_limiter_spec.rb | 20 | ||||
-rw-r--r-- | spec/lib/gitlab/email/handler/service_desk_handler_spec.rb | 61 | ||||
-rw-r--r-- | spec/services/issues/create_service_spec.rb | 47 |
12 files changed, 152 insertions, 21 deletions
diff --git a/app/services/issues/create_service.rb b/app/services/issues/create_service.rb index fcedd1c1c8d..fa8d380404b 100644 --- a/app/services/issues/create_service.rb +++ b/app/services/issues/create_service.rb @@ -6,7 +6,7 @@ module Issues prepend RateLimitedService rate_limit key: :issues_create, - opts: { scope: [:project, :current_user], users_allowlist: -> { [User.support_bot.username] } } + opts: { scope: [:project, :current_user, :external_author] } # NOTE: For Issues::CreateService, we require the spam_params and do not default it to nil, because # spam_checking is likely to be necessary. However, if there is not a request available in scope @@ -25,6 +25,10 @@ module Issues create(@issue, skip_system_notes: skip_system_notes) end + def external_author + params[:external_author] # present when creating an issue using service desk (email: from) + end + def before_create(issue) Spam::SpamActionService.new( spammable: issue, diff --git a/app/views/admin/topics/_topic.html.haml b/app/views/admin/topics/_topic.html.haml index abf3cffa422..959e7ab31fc 100644 --- a/app/views/admin/topics/_topic.html.haml +++ b/app/views/admin/topics/_topic.html.haml @@ -6,7 +6,7 @@ .gl-min-w-0.gl-flex-grow-1 .title - = topic.name + = link_to topic.name, topic_explore_projects_path(topic_name: topic.name) .stats.gl-text-gray-500.gl-flex-shrink-0.gl-display-none.gl-sm-display-flex %span.gl-ml-5.has-tooltip{ title: n_('%d project', '%d projects', topic.total_projects_count) % topic.total_projects_count } diff --git a/db/post_migrate/20211104044453_remove_redundant_events_index.rb b/db/post_migrate/20211104044453_remove_redundant_events_index.rb new file mode 100644 index 00000000000..54e71e1b54b --- /dev/null +++ b/db/post_migrate/20211104044453_remove_redundant_events_index.rb @@ -0,0 +1,13 @@ +# frozen_string_literal: true + +class RemoveRedundantEventsIndex < Gitlab::Database::Migration[1.0] + disable_ddl_transaction! + + def up + remove_concurrent_index_by_name :events, :index_events_on_target_type_and_target_id + end + + def down + add_concurrent_index :events, [:target_type, :target_id], name: :index_events_on_target_type_and_target_id + end +end diff --git a/db/schema_migrations/20211104044453 b/db/schema_migrations/20211104044453 new file mode 100644 index 00000000000..7d39c0e48e8 --- /dev/null +++ b/db/schema_migrations/20211104044453 @@ -0,0 +1 @@ +fc5a60c27ca89b122d798abe8f55a0951fece712c885555df0d2f37b565d6f94
\ No newline at end of file diff --git a/db/structure.sql b/db/structure.sql index 2ce95725470..a10a3edd61f 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -25361,8 +25361,6 @@ CREATE INDEX index_events_on_project_id_and_id ON events USING btree (project_id CREATE INDEX index_events_on_project_id_and_id_desc_on_merged_action ON events USING btree (project_id, id DESC) WHERE (action = 7); -CREATE INDEX index_events_on_target_type_and_target_id ON events USING btree (target_type, target_id); - CREATE UNIQUE INDEX index_events_on_target_type_and_target_id_and_fingerprint ON events USING btree (target_type, target_id, fingerprint); CREATE INDEX index_evidences_on_release_id ON evidences USING btree (release_id); diff --git a/doc/user/clusters/agent/repository.md b/doc/user/clusters/agent/repository.md index 9cafe8c9bed..f5c009f6abb 100644 --- a/doc/user/clusters/agent/repository.md +++ b/doc/user/clusters/agent/repository.md @@ -213,7 +213,7 @@ configuration block to your agent's `config.yaml` with no `filters`: ```yaml starboard: - vulnerability_reports: + vulnerability_report: filters: [] ``` @@ -231,7 +231,7 @@ By adding filters, you can limit scans by: ```yaml starboard: - vulnerability_reports: + vulnerability_report: filters: - namespaces: - staging @@ -256,7 +256,7 @@ names are scanned. In this example, a resource isn't scanned unless it has a con ```yaml starboard: - vulnerability_reports: + vulnerability_report: filters: - kinds: - Deployment @@ -270,7 +270,7 @@ There is also a global `namespaces` field that applies to all filters: ```yaml starboard: - vulnerability_reports: + vulnerability_report: namespaces: - production filters: diff --git a/doc/user/packages/generic_packages/index.md b/doc/user/packages/generic_packages/index.md index c5472ca0536..72a5b9e1fb4 100644 --- a/doc/user/packages/generic_packages/index.md +++ b/doc/user/packages/generic_packages/index.md @@ -35,7 +35,10 @@ When you publish a package file, if the package does not exist, it is created. Prerequisites: -- You need to [authenticate with the API](../../../api/index.md#authentication). If authenticating with a deploy token, it must be configured with the `write_package_registry` scope. +- You must [authenticate with the API](../../../api/index.md#authentication). + If authenticating with a deploy token, it must be configured with the `write_package_registry` + scope. If authenticating with a personal access token or project access token, it must be + configured with the `api` scope. ```plaintext PUT /projects/:id/packages/generic/:package_name/:package_version/:file_name?status=:status diff --git a/spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb b/spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb index 61f38e7e379..661b7d210bb 100644 --- a/spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb +++ b/spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb @@ -164,10 +164,10 @@ RSpec.describe Groups::DependencyProxyForContainersController do end describe 'GET #manifest' do - let_it_be(:manifest) { create(:dependency_proxy_manifest, group: group) } + let_it_be(:tag) { 'latest' } + let_it_be(:manifest) { create(:dependency_proxy_manifest, file_name: "alpine:#{tag}.json", group: group) } let(:pull_response) { { status: :success, manifest: manifest, from_cache: false } } - let(:tag) { 'latest1' } before do allow_next_instance_of(DependencyProxy::FindOrCreateManifestService) do |instance| diff --git a/spec/fixtures/emails/service_desk_forwarded.eml b/spec/fixtures/emails/service_desk_forwarded.eml index 56987972808..ab509cf55af 100644 --- a/spec/fixtures/emails/service_desk_forwarded.eml +++ b/spec/fixtures/emails/service_desk_forwarded.eml @@ -1,11 +1,11 @@ Delivered-To: incoming+email-test-project_id-issue-@appmail.adventuretime.ooo -Return-Path: <jake@adventuretime.ooo> +Return-Path: <jake.g@adventuretime.ooo> Received: from iceking.adventuretime.ooo ([unix socket]) by iceking (Cyrus v2.2.13-Debian-2.2.13-19+squeeze3) with LMTPA; Thu, 13 Jun 2013 17:03:50 -0400 Received: from mail-ie0-x234.google.com (mail-ie0-x234.google.com [IPv6:2607:f8b0:4001:c03::234]) by iceking.adventuretime.ooo (8.14.3/8.14.3/Debian-9.4) with ESMTP id r5DL3nFJ016967 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for <incoming+gitlabhq/gitlabhq@appmail.adventuretime.ooo>; Thu, 13 Jun 2013 17:03:50 -0400 Received: by mail-ie0-f180.google.com with SMTP id f4so21977375iea.25 for <incoming+email-test-project_id-issue-@appmail.adventuretime.ooo>; Thu, 13 Jun 2013 14:03:48 -0700 Received: by 10.0.0.1 with HTTP; Thu, 13 Jun 2013 14:03:48 -0700 Date: Thu, 13 Jun 2013 17:03:48 -0400 -From: Jake the Dog <jake@adventuretime.ooo> +From: Jake the Dog <jake.g@adventuretime.ooo> To: support@adventuretime.ooo Delivered-To: support@adventuretime.ooo Message-ID: <CADkmRc+rNGAGGbV2iE5p918UVy4UyJqVcXRO2=otppgzduJSg@mail.gmail.com> diff --git a/spec/lib/gitlab/application_rate_limiter_spec.rb b/spec/lib/gitlab/application_rate_limiter_spec.rb index ab6ac024af7..0ce7ae8d3aa 100644 --- a/spec/lib/gitlab/application_rate_limiter_spec.rb +++ b/spec/lib/gitlab/application_rate_limiter_spec.rb @@ -99,6 +99,16 @@ RSpec.describe Gitlab::ApplicationRateLimiter do end it_behaves_like 'action rate limiter' + + context 'when a scope attribute is nil' do + let(:scope) { [user, nil] } + + let(:cache_key) do + "application_rate_limiter:test_action:user:#{user.id}" + end + + it_behaves_like 'action rate limiter' + end end context 'when the key is a combination of ActiveRecord models and strings' do @@ -112,6 +122,16 @@ RSpec.describe Gitlab::ApplicationRateLimiter do end it_behaves_like 'action rate limiter' + + context 'when a scope attribute is nil' do + let(:scope) { [project, commit, nil] } + + let(:cache_key) do + "application_rate_limiter:test_action:project:#{project.id}:commit:#{commit.sha}" + end + + it_behaves_like 'action rate limiter' + end end end diff --git a/spec/lib/gitlab/email/handler/service_desk_handler_spec.rb b/spec/lib/gitlab/email/handler/service_desk_handler_spec.rb index 4fb2dc241dc..942ac67c39d 100644 --- a/spec/lib/gitlab/email/handler/service_desk_handler_spec.rb +++ b/spec/lib/gitlab/email/handler/service_desk_handler_spec.rb @@ -11,6 +11,7 @@ RSpec.describe Gitlab::Email::Handler::ServiceDeskHandler do end let(:email_raw) { email_fixture('emails/service_desk.eml') } + let(:author_email) { 'jake@adventuretime.ooo' } let_it_be(:group) { create(:group, :private, name: "email") } let(:expected_description) do @@ -45,7 +46,7 @@ RSpec.describe Gitlab::Email::Handler::ServiceDeskHandler do receiver.execute new_issue = Issue.last - expect(new_issue.issue_email_participants.first.email).to eq("jake@adventuretime.ooo") + expect(new_issue.issue_email_participants.first.email).to eq(author_email) end it 'sends thank you email' do @@ -256,13 +257,60 @@ RSpec.describe Gitlab::Email::Handler::ServiceDeskHandler do it_behaves_like 'a new issue request' end end + end - context 'when rate limiting is in effect' do - it 'allows unlimited new issue creation' do - stub_application_setting(issues_create_limit: 1) - setup_attachment + context 'when rate limiting is in effect', :clean_gitlab_redis_cache do + let(:receiver) { Gitlab::Email::Receiver.new(email_raw) } + + subject { 2.times { receiver.execute } } + + before do + stub_feature_flags(rate_limited_service_issues_create: true) + stub_application_setting(issues_create_limit: 1) + end + + context 'when too many requests are sent by one user' do + it 'raises an error' do + freeze_time do + expect { subject }.to raise_error(RateLimitedService::RateLimitedError) + end + end + + it 'creates 1 issue' do + freeze_time do + expect do + subject + rescue RateLimitedService::RateLimitedError + end.to change { Issue.count }.by(1) + end + end + + context 'when requests are sent by different users' do + let(:email_raw_2) { email_fixture('emails/service_desk_forwarded.eml') } + let(:receiver2) { Gitlab::Email::Receiver.new(email_raw_2) } - expect { 2.times { receiver.execute } }.to change { Issue.count }.by(2) + subject do + receiver.execute + receiver2.execute + end + + it 'creates 2 issues' do + freeze_time do + expect { subject }.to change { Issue.count }.by(2) + end + end + end + end + + context 'when limit is higher than sent emails' do + before do + stub_application_setting(issues_create_limit: 3) + end + + it 'creates 2 issues' do + freeze_time do + expect { subject }.to change { Issue.count }.by(2) + end end end end @@ -336,6 +384,7 @@ RSpec.describe Gitlab::Email::Handler::ServiceDeskHandler do end context 'when the email is forwarded through an alias' do + let(:author_email) { 'jake.g@adventuretime.ooo' } let(:email_raw) { email_fixture('emails/service_desk_forwarded.eml') } it_behaves_like 'a new issue request' diff --git a/spec/services/issues/create_service_spec.rb b/spec/services/issues/create_service_spec.rb index 1887be4896e..0e0f52debc3 100644 --- a/spec/services/issues/create_service_spec.rb +++ b/spec/services/issues/create_service_spec.rb @@ -15,8 +15,7 @@ RSpec.describe Issues::CreateService do expect(described_class.rate_limiter_scoped_and_keyed).to be_a(RateLimitedService::RateLimiterScopedAndKeyed) expect(described_class.rate_limiter_scoped_and_keyed.key).to eq(:issues_create) - expect(described_class.rate_limiter_scoped_and_keyed.opts[:scope]).to eq(%i[project current_user]) - expect(described_class.rate_limiter_scoped_and_keyed.opts[:users_allowlist].call).to eq(%w[support-bot]) + expect(described_class.rate_limiter_scoped_and_keyed.opts[:scope]).to eq(%i[project current_user external_author]) expect(described_class.rate_limiter_scoped_and_keyed.rate_limiter_klass).to eq(Gitlab::ApplicationRateLimiter) end end @@ -289,6 +288,50 @@ RSpec.describe Issues::CreateService do described_class.new(project: project, current_user: user, params: opts, spam_params: spam_params).execute end + context 'when rate limiting is in effect', :clean_gitlab_redis_cache do + let(:user) { create(:user) } + + before do + stub_feature_flags(rate_limited_service_issues_create: true) + stub_application_setting(issues_create_limit: 1) + end + + subject do + 2.times { described_class.new(project: project, current_user: user, params: opts, spam_params: double).execute } + end + + context 'when too many requests are sent by one user' do + it 'raises an error' do + freeze_time do + expect do + subject + end.to raise_error(RateLimitedService::RateLimitedError) + end + end + + it 'creates 1 issue' do + freeze_time do + expect do + subject + rescue RateLimitedService::RateLimitedError + end.to change { Issue.count }.by(1) + end + end + end + + context 'when limit is higher than counf of issues being created' do + before do + stub_application_setting(issues_create_limit: 3) + end + + it 'creates 2 issues' do + freeze_time do + expect { subject }.to change { Issue.count }.by(2) + end + end + end + end + context 'after_save callback to store_mentions' do context 'when mentionable attributes change' do let(:opts) { { title: 'Title', description: "Description with #{user.to_reference}" } } |