Add latest changes from gitlab-org/gitlab@master

1 files changed, 13 insertions, 0 deletions

diff --git a/app/models/ci/job_token/project_scope_link.rb b/app/models/ci/job_token/project_scope_link.rb
index 774d85e3d3c..96e370bba1e 100644
--- a/app/models/ci/job_token/project_scope_link.rb
+++ b/app/models/ci/job_token/project_scope_link.rb
@@ -8,6 +8,8 @@ module Ci
     class ProjectScopeLink < Ci::ApplicationRecord
       self.table_name = 'ci_job_token_project_scope_links'
 
+      PROJECT_LINK_DIRECTIONAL_LIMIT = 100
+
       belongs_to :source_project, class_name: 'Project'
       # the project added to the scope's allowlist
       belongs_to :target_project, class_name: 'Project'
@@ -20,6 +22,7 @@ module Ci
       validates :source_project, presence: true
       validates :target_project, presence: true
       validate :not_self_referential_link
+      validate :source_project_under_link_limit, on: :create
 
       # When outbound the target project is allowed to be accessed by the source job token.
       # When inbound the source project is allowed to be accessed by the target job token.
@@ -41,6 +44,16 @@ module Ci
           self.errors.add(:target_project, _("can't be the same as the source project"))
         end
       end
+
+      def source_project_under_link_limit
+        return unless source_project
+
+        existing_links_count = self.class.with_source(source_project).with_access_direction(direction).count
+
+        if existing_links_count >= PROJECT_LINK_DIRECTIONAL_LIMIT
+          errors.add(:source_project, "exceeds the allowable number of project links in this direction")
+        end
+      end
     end
   end
 end