Add latest changes from gitlab-org/gitlab@master

7 files changed, 89 insertions, 18 deletions

diff --git a/lib/api/api.rb b/lib/api/api.rb
index 10fdb8d7682..46d0aa3d19d 100644
--- a/lib/api/api.rb
+++ b/lib/api/api.rb
@@ -196,6 +196,7 @@ module API
         mount ::API::Clusters::Agents
         mount ::API::Commits
         mount ::API::CommitStatuses
+        mount ::API::ContainerRegistryEvent
         mount ::API::DependencyProxy
         mount ::API::DeployKeys
         mount ::API::DeployTokens
@@ -252,6 +253,7 @@ module API
         mount ::API::ProjectTemplates
         mount ::API::ProtectedBranches
         mount ::API::ProtectedTags
+        mount ::API::PypiPackages
         mount ::API::Releases
         mount ::API::Release::Links
         mount ::API::RemoteMirrors
@@ -289,7 +291,6 @@ module API
       mount ::API::ComposerPackages
       mount ::API::ConanInstancePackages
       mount ::API::ConanProjectPackages
-      mount ::API::ContainerRegistryEvent
       mount ::API::ContainerRepositories
       mount ::API::DebianGroupPackages
       mount ::API::DebianProjectPackages
@@ -318,7 +319,6 @@ module API
       mount ::API::ProjectMilestones
       mount ::API::Projects
       mount ::API::ProtectedTags
-      mount ::API::PypiPackages
       mount ::API::ResourceLabelEvents
       mount ::API::ResourceStateEvents
       mount ::API::RpmProjectPackages
diff --git a/lib/api/container_registry_event.rb b/lib/api/container_registry_event.rb
index 9acf2fca1b3..9e59401ddf6 100644
--- a/lib/api/container_registry_event.rb
+++ b/lib/api/container_registry_event.rb
@@ -26,15 +26,21 @@ module API
       desc 'Receives notifications from the container registry when an operation occurs' do
         detail 'This feature was introduced in GitLab 12.10'
         consumes [:json, DOCKER_DISTRIBUTION_EVENTS_V1_JSON]
+        success code: 200, message: 'Success'
+        failure [
+          { code: 401, message: 'Invalid Token' }
+        ]
+        tags %w[container_registry_event]
       end
       params do
         requires :events, type: Array, desc: 'Event notifications' do
           requires :action, type: String, desc: 'The action to perform, `push`, `delete`',
                             values: %w[push delete].freeze
           optional :target, type: Hash, desc: 'The target of the action' do
-            optional :tag, type: String, desc: 'The target tag'
-            optional :repository, type: String, desc: 'The target repository'
-            optional :digest, type: String, desc: 'Unique identifier for target image manifest'
+            optional :tag, type: String, desc: 'The target tag', documentation: { example: 'latest' }
+            optional :repository, type: String, desc: 'The target repository', documentation: { example: 'group/p1' }
+            optional :digest, type: String, desc: 'Unique identifier for target image manifest',
+                              documentation: { example: 'imagedigest' }
           end
         end
       end
diff --git a/lib/api/internal/base.rb b/lib/api/internal/base.rb
index c4464666020..dbd5c5f9db1 100644
--- a/lib/api/internal/base.rb
+++ b/lib/api/internal/base.rb
@@ -191,7 +191,7 @@ module API
         get '/authorized_keys', feature_category: :source_code_management, urgency: :high do
           fingerprint = Gitlab::InsecureKeyFingerprint.new(params.fetch(:key)).fingerprint_sha256
 
-          key = Key.find_by_fingerprint_sha256(fingerprint)
+          key = Key.auth.find_by_fingerprint_sha256(fingerprint)
           not_found!('Key') if key.nil?
           present key, with: Entities::SSHKey
         end
diff --git a/lib/api/pypi_packages.rb b/lib/api/pypi_packages.rb
index 0707a0b0ec4..f9470ce1cb6 100644
--- a/lib/api/pypi_packages.rb
+++ b/lib/api/pypi_packages.rb
@@ -32,12 +32,12 @@ module API
 
     helpers do
       params :package_download do
-        requires :file_identifier, type: String, desc: 'The PyPi package file identifier', file_path: true
-        requires :sha256, type: String, desc: 'The PyPi package sha256 check sum'
+        requires :file_identifier, type: String, desc: 'The PyPi package file identifier', file_path: true, documentation: { example: 'my.pypi.package-0.0.1.tar.gz' }
+        requires :sha256, type: String, desc: 'The PyPi package sha256 check sum', documentation: { example: '5y57017232013c8ac80647f4ca153k3726f6cba62d055cd747844ed95b3c65ff' }
       end
 
       params :package_name do
-        requires :package_name, type: String, file_path: true, desc: 'The PyPi package name'
+        requires :package_name, type: String, file_path: true, desc: 'The PyPi package name', documentation: { example: 'my.pypi.package' }
       end
 
       def present_simple_index(group_or_project)
@@ -102,7 +102,7 @@ module API
     end
 
     params do
-      requires :id, type: String, desc: 'The ID of a group'
+      requires :id, types: [Integer, String], desc: 'The ID or full path of the group.'
     end
     resource :groups, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
       after_validation do
@@ -110,6 +110,16 @@ module API
       end
 
       namespace ':id/-/packages/pypi' do
+        desc 'Download a package file from a group' do
+          detail 'This feature was introduced in GitLab 13.12'
+          success code: 200
+          failure [
+            { code: 401, message: 'Unauthorized' },
+            { code: 403, message: 'Forbidden' },
+            { code: 404, message: 'Not Found' }
+          ]
+          tags %w[pypi_packages]
+        end
         params do
           use :package_download
         end
@@ -130,6 +140,13 @@ module API
 
         desc 'The PyPi Simple Group Index Endpoint' do
           detail 'This feature was introduced in GitLab 15.1'
+          success code: 200
+          failure [
+            { code: 401, message: 'Unauthorized' },
+            { code: 403, message: 'Forbidden' },
+            { code: 404, message: 'Not Found' }
+          ]
+          tags %w[pypi_packages]
         end
 
         # An API entry point but returns an HTML file instead of JSON.
@@ -141,6 +158,13 @@ module API
 
         desc 'The PyPi Simple Group Package Endpoint' do
           detail 'This feature was introduced in GitLab 12.10'
+          success code: 200
+          failure [
+            { code: 401, message: 'Unauthorized' },
+            { code: 403, message: 'Forbidden' },
+            { code: 404, message: 'Not Found' }
+          ]
+          tags %w[pypi_packages]
         end
 
         params do
@@ -164,6 +188,13 @@ module API
       namespace ':id/packages/pypi' do
         desc 'The PyPi package download endpoint' do
           detail 'This feature was introduced in GitLab 12.10'
+          success code: 200
+          failure [
+            { code: 401, message: 'Unauthorized' },
+            { code: 403, message: 'Forbidden' },
+            { code: 404, message: 'Not Found' }
+          ]
+          tags %w[pypi_packages]
         end
 
         params do
@@ -185,6 +216,13 @@ module API
 
         desc 'The PyPi Simple Project Index Endpoint' do
           detail 'This feature was introduced in GitLab 15.1'
+          success code: 200
+          failure [
+            { code: 401, message: 'Unauthorized' },
+            { code: 403, message: 'Forbidden' },
+            { code: 404, message: 'Not Found' }
+          ]
+          tags %w[pypi_packages]
         end
 
         # An API entry point but returns an HTML file instead of JSON.
@@ -196,6 +234,13 @@ module API
 
         desc 'The PyPi Simple Project Package Endpoint' do
           detail 'This feature was introduced in GitLab 12.10'
+          success code: 200
+          failure [
+            { code: 401, message: 'Unauthorized' },
+            { code: 403, message: 'Forbidden' },
+            { code: 404, message: 'Not Found' }
+          ]
+          tags %w[pypi_packages]
         end
 
         params do
@@ -211,15 +256,24 @@ module API
 
         desc 'The PyPi Package upload endpoint' do
           detail 'This feature was introduced in GitLab 12.10'
+          success code: 201
+          failure [
+            { code: 400, message: 'Bad Request' },
+            { code: 401, message: 'Unauthorized' },
+            { code: 403, message: 'Forbidden' },
+            { code: 404, message: 'Not Found' },
+            { code: 422, message: 'Unprocessable Entity' }
+          ]
+          tags %w[pypi_packages]
         end
 
         params do
           requires :content, type: ::API::Validations::Types::WorkhorseFile, desc: 'The package file to be published (generated by Multipart middleware)', documentation: { type: 'file' }
-          requires :name, type: String
-          requires :version, type: String
-          optional :requires_python, type: String
-          optional :md5_digest, type: String
-          optional :sha256_digest, type: String, regexp: Gitlab::Regex.sha256_regex
+          requires :name, type: String, documentation: { example: 'my.pypi.package' }
+          requires :version, type: String, documentation: { example: '1.3.7' }
+          optional :requires_python, type: String, documentation: { example: '>=3.7' }
+          optional :md5_digest, type: String, documentation: { example: '900150983cd24fb0d6963f7d28e17f72' }
+          optional :sha256_digest, type: String, regexp: Gitlab::Regex.sha256_regex, documentation: { example: 'ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad' }
         end
 
         route_setting :authentication, deploy_token_allowed: true, basic_auth_personal_access_token: true, job_token_allowed: :basic_auth
@@ -243,6 +297,17 @@ module API
           forbidden!
         end
 
+        desc 'Authorize the PyPi package upload from workhorse' do
+          detail 'This feature was introduced in GitLab 12.10'
+          success code: 200
+          failure [
+            { code: 401, message: 'Unauthorized' },
+            { code: 403, message: 'Forbidden' },
+            { code: 404, message: 'Not Found' }
+          ]
+          tags %w[pypi_packages]
+        end
+
         route_setting :authentication, deploy_token_allowed: true, basic_auth_personal_access_token: true, job_token_allowed: :basic_auth
         post 'authorize' do
           project = project!(action: :read_project)
diff --git a/lib/api/support/git_access_actor.rb b/lib/api/support/git_access_actor.rb
index 16861a146ae..7a4e6f3e14c 100644
--- a/lib/api/support/git_access_actor.rb
+++ b/lib/api/support/git_access_actor.rb
@@ -16,7 +16,7 @@ module API
 
       def self.from_params(params)
         if params[:key_id]
-          new(key: Key.find_by_id(params[:key_id]))
+          new(key: Key.auth.find_by_id(params[:key_id]))
         elsif params[:user_id]
           new(user: UserFinder.new(params[:user_id]).find_by_id)
         elsif params[:username]
diff --git a/lib/gitlab/ssh/signature.rb b/lib/gitlab/ssh/signature.rb
index 3b4df9a8d0c..b1cad8d76c9 100644
--- a/lib/gitlab/ssh/signature.rb
+++ b/lib/gitlab/ssh/signature.rb
@@ -30,7 +30,7 @@ module Gitlab
         strong_memoize(:signed_by_key) do
           next unless key_fingerprint
 
-          Key.find_by_fingerprint_sha256(key_fingerprint)
+          Key.signing.find_by_fingerprint_sha256(key_fingerprint)
         end
       end
 
diff --git a/lib/tasks/gitlab/shell.rake b/lib/tasks/gitlab/shell.rake
index cf9876366aa..59c87c2b01b 100644
--- a/lib/tasks/gitlab/shell.rake
+++ b/lib/tasks/gitlab/shell.rake
@@ -81,7 +81,7 @@ namespace :gitlab do
 
     authorized_keys.clear
 
-    Key.find_in_batches(batch_size: 1000) do |keys|
+    Key.auth.find_in_batches(batch_size: 1000) do |keys|
       unless authorized_keys.batch_add_keys(keys)
         puts "Failed to add keys...".color(:red)
         exit 1