diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-08-17 15:09:15 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-08-17 15:09:15 +0300 |
commit | cd92e0ff989f38f028fd3ee8d27e0fb1d21f7362 (patch) | |
tree | b27854c43f5f5c4a0e71fc6c756b83c55ae543b4 /lib | |
parent | d0ed973bd7c3a5c79c2bf9673d9d7260f91dd961 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib')
-rw-r--r-- | lib/api/entities/snippet.rb | 2 | ||||
-rw-r--r-- | lib/api/helpers.rb | 3 | ||||
-rw-r--r-- | lib/api/helpers/snippets_helpers.rb | 5 | ||||
-rw-r--r-- | lib/api/snippets.rb | 36 | ||||
-rw-r--r-- | lib/bulk_imports/visibility_level.rb | 15 | ||||
-rw-r--r-- | lib/gitlab/ci/config/external/context.rb | 10 | ||||
-rw-r--r-- | lib/gitlab/ci/config/external/mapper.rb | 1 | ||||
-rw-r--r-- | lib/gitlab/ci/config/external/mapper/verifier.rb | 15 |
8 files changed, 62 insertions, 25 deletions
diff --git a/lib/api/entities/snippet.rb b/lib/api/entities/snippet.rb index 709566944ed..ee652225ba0 100644 --- a/lib/api/entities/snippet.rb +++ b/lib/api/entities/snippet.rb @@ -26,3 +26,5 @@ module API end end end + +API::Entities::Snippet.prepend_mod_with('API::Entities::Snippet', with_descendants: true) diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index e1207e7e222..b7f21bd6c22 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -757,6 +757,9 @@ module API @initial_current_user = Gitlab::Auth::UniqueIpsLimiter.limit_user! { find_current_user! } rescue Gitlab::Auth::UnauthorizedError unauthorized! + + # Explicitly return `nil`, otherwise an instance of `Rack::Response` is returned when reporting an error + nil end end # rubocop:enable Gitlab/ModuleWithInstanceVariables diff --git a/lib/api/helpers/snippets_helpers.rb b/lib/api/helpers/snippets_helpers.rb index fe20fb3cbe2..241e92e9d10 100644 --- a/lib/api/helpers/snippets_helpers.rb +++ b/lib/api/helpers/snippets_helpers.rb @@ -46,6 +46,9 @@ module API at_least_one_of :content, :description, :files, :file_name, :title, :visibility end + params :optional_list_params_ee do # rubocop:disable Lint/EmptyBlock + end + def content_for(snippet) if snippet.empty_repo? env['api.format'] = :txt @@ -96,3 +99,5 @@ module API end end end + +API::Helpers::SnippetsHelpers.prepend_mod_with('API::Helpers::SnippetsHelpers') diff --git a/lib/api/snippets.rb b/lib/api/snippets.rb index c17d8462988..4f3c1499549 100644 --- a/lib/api/snippets.rb +++ b/lib/api/snippets.rb @@ -8,18 +8,19 @@ module API feature_category :source_code_management urgency :low + helpers do + def find_snippets(user: current_user, params: {}) + SnippetsFinder.new(user, params).execute + end + + def snippets_for_current_user + find_snippets(params: { author: current_user }) + end + end + resource :snippets do helpers Helpers::SnippetsHelpers helpers SpammableActions::CaptchaCheck::RestApiActionsSupport - helpers do - def snippets_for_current_user - SnippetsFinder.new(current_user, author: current_user).execute - end - - def snippets - SnippetsFinder.new(current_user).execute - end - end desc 'Get a snippets list for an authenticated user' do detail 'This feature was introduced in GitLab 8.15.' @@ -41,7 +42,7 @@ module API filter_params = declared_params(include_missing: false).merge(author: current_user) - present paginate(SnippetsFinder.new(current_user, filter_params).execute), with: Entities::Snippet, current_user: current_user + present paginate(find_snippets(params: filter_params)), with: Entities::Snippet, current_user: current_user end desc 'List all public personal snippets current_user has access to' do @@ -64,7 +65,7 @@ module API filter_params = declared_params(include_missing: false).merge(only_personal: true) - present paginate(SnippetsFinder.new(nil, filter_params).execute), with: Entities::PersonalSnippet, current_user: current_user + present paginate(find_snippets(user: nil, params: filter_params)), with: Entities::PersonalSnippet, current_user: current_user end desc 'List all snippets current_user has access to' do @@ -81,13 +82,14 @@ module API optional :created_before, type: DateTime, desc: 'Return snippets created before the specified time' use :pagination + use :optional_list_params_ee end get 'all' do authenticate! filter_params = declared_params(include_missing: false).merge(all_available: true) - present paginate(SnippetsFinder.new(current_user, filter_params).execute), with: Entities::Snippet, current_user: current_user + present paginate(find_snippets(params: filter_params)), with: Entities::Snippet, current_user: current_user end desc 'Get a single snippet' do @@ -102,7 +104,7 @@ module API requires :id, type: Integer, desc: 'The ID of a snippet' end get ':id' do - snippet = snippets.find_by_id(params[:id]) + snippet = find_snippets.find_by_id(params[:id]) break not_found!('Snippet') unless snippet @@ -126,6 +128,7 @@ module API values: Gitlab::VisibilityLevel.string_values, default: 'internal', desc: 'The visibility of the snippet' + use :create_file_params end post do @@ -156,7 +159,6 @@ module API ] tags %w[snippets] end - params do requires :id, type: Integer, desc: 'The ID of a snippet' optional :content, type: String, allow_blank: false, desc: 'The content of a snippet' @@ -235,7 +237,7 @@ module API requires :id, type: Integer, desc: 'The ID of a snippet' end get ":id/raw" do - snippet = snippets.find_by_id(params.delete(:id)) + snippet = find_snippets.find_by_id(params.delete(:id)) not_found!('Snippet') unless snippet present content_for(snippet) @@ -251,7 +253,7 @@ module API use :raw_file_params end get ":id/files/:ref/:file_path/raw", requirements: { file_path: API::NO_SLASH_URL_PART_REGEX } do - snippet = snippets.find_by_id(params.delete(:id)) + snippet = find_snippets.find_by_id(params.delete(:id)) not_found!('Snippet') unless snippet&.repo_exists? present file_content_for(snippet) @@ -279,3 +281,5 @@ module API end end end + +API::Snippets.prepend_mod_with('API::Snippets') diff --git a/lib/bulk_imports/visibility_level.rb b/lib/bulk_imports/visibility_level.rb index 6b0af15dd7b..13bf25ff662 100644 --- a/lib/bulk_imports/visibility_level.rb +++ b/lib/bulk_imports/visibility_level.rb @@ -4,23 +4,24 @@ module BulkImports module VisibilityLevel private + # Calculates visbility level based on the source and the destination namespace visbility levels + # If there are visibility_level restrictions on the destination instance, + # the highest allowed level less than the calculated level is returned def visibility_level(entity, namespace, visibility_string) requested = requested_visibility_level(entity, visibility_string) - max_allowed = max_allowed_visibility_level(namespace) + namespace_level = namespace&.visibility_level - return requested if max_allowed >= requested + lowest_level = [requested, namespace_level].compact.min - max_allowed + closet_allowed_level(lowest_level) end def requested_visibility_level(entity, visibility_string) Gitlab::VisibilityLevel.string_options[visibility_string] || entity.default_visibility_level end - def max_allowed_visibility_level(namespace) - return Gitlab::VisibilityLevel.allowed_levels.max if namespace.blank? - - Gitlab::VisibilityLevel.closest_allowed_level(namespace.visibility_level) + def closet_allowed_level(level) + Gitlab::VisibilityLevel.closest_allowed_level(level) end end end diff --git a/lib/gitlab/ci/config/external/context.rb b/lib/gitlab/ci/config/external/context.rb index b8e012ec851..c57391d355c 100644 --- a/lib/gitlab/ci/config/external/context.rb +++ b/lib/gitlab/ci/config/external/context.rb @@ -14,7 +14,9 @@ module Gitlab include ::Gitlab::Utils::StrongMemoize attr_reader :project, :sha, :user, :parent_pipeline, :variables, :pipeline_config - attr_reader :expandset, :execution_deadline, :logger, :max_includes + attr_reader :expandset, :execution_deadline, :logger, :max_includes, :max_total_yaml_size_bytes + + attr_accessor :total_file_size_in_bytes delegate :instrument, to: :logger @@ -32,6 +34,9 @@ module Gitlab @execution_deadline = 0 @logger = logger || Gitlab::Ci::Pipeline::Logger.new(project: project) @max_includes = Gitlab::CurrentSettings.current_application_settings.ci_max_includes + @max_total_yaml_size_bytes = + Gitlab::CurrentSettings.current_application_settings.ci_max_total_yaml_size_bytes + @total_file_size_in_bytes = 0 yield self if block_given? end @@ -59,6 +64,7 @@ module Gitlab ctx.execution_deadline = execution_deadline ctx.logger = logger ctx.max_includes = max_includes + ctx.max_total_yaml_size_bytes = max_total_yaml_size_bytes end end @@ -100,7 +106,7 @@ module Gitlab protected - attr_writer :expandset, :execution_deadline, :logger, :max_includes + attr_writer :expandset, :execution_deadline, :logger, :max_includes, :max_total_yaml_size_bytes private diff --git a/lib/gitlab/ci/config/external/mapper.rb b/lib/gitlab/ci/config/external/mapper.rb index 61b4d1ada10..cff7954235f 100644 --- a/lib/gitlab/ci/config/external/mapper.rb +++ b/lib/gitlab/ci/config/external/mapper.rb @@ -10,6 +10,7 @@ module Gitlab Error = Class.new(StandardError) AmbigiousSpecificationError = Class.new(Error) TooManyIncludesError = Class.new(Error) + TooMuchDataInPipelineTreeError = Class.new(Error) def initialize(values, context) @locations = Array.wrap(values.fetch(:include, [])).compact diff --git a/lib/gitlab/ci/config/external/mapper/verifier.rb b/lib/gitlab/ci/config/external/mapper/verifier.rb index 95975e4661b..580cae8a207 100644 --- a/lib/gitlab/ci/config/external/mapper/verifier.rb +++ b/lib/gitlab/ci/config/external/mapper/verifier.rb @@ -1,5 +1,7 @@ # frozen_string_literal: true +require 'objspace' + module Gitlab module Ci class Config @@ -37,6 +39,13 @@ module Gitlab file.validate_content! if file.valid? file.load_and_validate_expanded_hash! if file.valid? + + next unless Feature.enabled?(:introduce_ci_max_total_yaml_size_bytes, context.project) && file.valid? + + # We are checking the file.content.to_s because that is returning the actual content of the file, + # whereas file.content would return the BatchLoader. + context.total_file_size_in_bytes += ObjectSpace.memsize_of(file.content.to_s) + verify_max_total_pipeline_size! end end # rubocop: enable Metrics/CyclomaticComplexity @@ -50,6 +59,12 @@ module Gitlab def verify_execution_time! context.check_execution_time! end + + def verify_max_total_pipeline_size! + return if context.total_file_size_in_bytes <= context.max_total_yaml_size_bytes + + raise Mapper::TooMuchDataInPipelineTreeError, "Total size of combined CI/CD configuration is too big" + end end end end |