diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2024-01-16 21:09:25 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2024-01-16 21:09:25 +0300 |
commit | e18006fc6313b1d04128416cdb5f1533adcdb53e (patch) | |
tree | ad418c4afbfcc8f83bcf5b4a9c897a2139e79e13 /lib | |
parent | cb8835f38a3e4c188e9a73adf45936e2a95f40ae (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib')
-rw-r--r-- | lib/gitlab/bitbucket_server_import/importers/pull_request_importer.rb | 2 | ||||
-rw-r--r-- | lib/gitlab/bitbucket_server_import/importers/pull_request_notes_importer.rb | 2 | ||||
-rw-r--r-- | lib/gitlab/bitbucket_server_import/importers/users_importer.rb | 4 | ||||
-rw-r--r-- | lib/gitlab/checks/lfs_check.rb | 4 | ||||
-rw-r--r-- | lib/gitlab/import/mentions_converter.rb (renamed from lib/gitlab/bitbucket_server_import/mentions_converter.rb) | 7 | ||||
-rw-r--r-- | lib/gitlab/import/user_from_mention.rb (renamed from lib/gitlab/bitbucket_server_import/user_from_mention.rb) | 10 | ||||
-rw-r--r-- | lib/gitlab/observability.rb | 4 | ||||
-rw-r--r-- | lib/google_cloud_platform/artifact_registry/client.rb | 57 | ||||
-rw-r--r-- | lib/google_cloud_platform/base_client.rb | 30 | ||||
-rw-r--r-- | lib/google_cloud_platform/jwt.rb | 86 | ||||
-rw-r--r-- | lib/integrations/google_cloud_platform/artifact_registry/client.rb | 59 | ||||
-rw-r--r-- | lib/integrations/google_cloud_platform/base_client.rb | 32 | ||||
-rw-r--r-- | lib/integrations/google_cloud_platform/jwt.rb | 88 |
13 files changed, 188 insertions, 197 deletions
diff --git a/lib/gitlab/bitbucket_server_import/importers/pull_request_importer.rb b/lib/gitlab/bitbucket_server_import/importers/pull_request_importer.rb index 99f4adbe317..8fd602c851c 100644 --- a/lib/gitlab/bitbucket_server_import/importers/pull_request_importer.rb +++ b/lib/gitlab/bitbucket_server_import/importers/pull_request_importer.rb @@ -10,7 +10,7 @@ module Gitlab @project = project @formatter = Gitlab::ImportFormatter.new @user_finder = UserFinder.new(project) - @mentions_converter = Gitlab::BitbucketServerImport::MentionsConverter.new(project.id) + @mentions_converter = Gitlab::Import::MentionsConverter.new('bitbucket_server', project.id) # Object should behave as a object so we can remove object.is_a?(Hash) check # This will be fixed in https://gitlab.com/gitlab-org/gitlab/-/issues/412328 diff --git a/lib/gitlab/bitbucket_server_import/importers/pull_request_notes_importer.rb b/lib/gitlab/bitbucket_server_import/importers/pull_request_notes_importer.rb index 19e5cdcbdc2..4b7c5568dd6 100644 --- a/lib/gitlab/bitbucket_server_import/importers/pull_request_notes_importer.rb +++ b/lib/gitlab/bitbucket_server_import/importers/pull_request_notes_importer.rb @@ -11,7 +11,7 @@ module Gitlab @project = project @user_finder = UserFinder.new(project) @formatter = Gitlab::ImportFormatter.new - @mentions_converter = Gitlab::BitbucketServerImport::MentionsConverter.new(project.id) + @mentions_converter = Gitlab::Import::MentionsConverter.new('bitbucket_server', project.id) @object = hash.with_indifferent_access end diff --git a/lib/gitlab/bitbucket_server_import/importers/users_importer.rb b/lib/gitlab/bitbucket_server_import/importers/users_importer.rb index 156d89c2732..8b0b059b397 100644 --- a/lib/gitlab/bitbucket_server_import/importers/users_importer.rb +++ b/lib/gitlab/bitbucket_server_import/importers/users_importer.rb @@ -5,7 +5,7 @@ module Gitlab module Importers class UsersImporter include Loggable - include UserFromMention + include Gitlab::Import::UserFromMention BATCH_SIZE = 100 @@ -46,7 +46,7 @@ module Gitlab def cache_users(users) users_hash = users.each_with_object({}) do |user, hash| - cache_key = source_user_cache_key(project_id, user.username) + cache_key = source_user_cache_key('bitbucket_server', project_id, user.username) hash[cache_key] = user.email end diff --git a/lib/gitlab/checks/lfs_check.rb b/lib/gitlab/checks/lfs_check.rb index 1d1d24c8fcc..f2c4b28470d 100644 --- a/lib/gitlab/checks/lfs_check.rb +++ b/lib/gitlab/checks/lfs_check.rb @@ -7,10 +7,6 @@ module Gitlab ERROR_MESSAGE = 'LFS objects are missing. Ensure LFS is properly set up or try a manual "git lfs push --all".' def validate! - # This feature flag is used for disabling integrity check on some envs - # because these costy calculations may cause performance issues - return unless Feature.enabled?(:lfs_check, project) - return unless project.lfs_enabled? logger.log_timed(LOG_MESSAGE) do diff --git a/lib/gitlab/bitbucket_server_import/mentions_converter.rb b/lib/gitlab/import/mentions_converter.rb index 8b1eeb6e007..180a9f069e3 100644 --- a/lib/gitlab/bitbucket_server_import/mentions_converter.rb +++ b/lib/gitlab/import/mentions_converter.rb @@ -1,16 +1,17 @@ # frozen_string_literal: true module Gitlab - module BitbucketServerImport + module Import class MentionsConverter include UserFromMention MENTIONS_REGEX = User.reference_pattern MENTION_PLACEHOLDER = '~GITLAB_MENTION_PLACEHOLDER~' - attr_reader :project_id + attr_reader :importer, :project_id - def initialize(project_id) + def initialize(importer, project_id) + @importer = importer @project_id = project_id end diff --git a/lib/gitlab/bitbucket_server_import/user_from_mention.rb b/lib/gitlab/import/user_from_mention.rb index 907db245760..9e3489f91b4 100644 --- a/lib/gitlab/bitbucket_server_import/user_from_mention.rb +++ b/lib/gitlab/import/user_from_mention.rb @@ -1,9 +1,9 @@ # frozen_string_literal: true module Gitlab - module BitbucketServerImport + module Import module UserFromMention - SOURCE_USER_CACHE_KEY = 'bitbucket_server/project/%s/source/username/%s' + SOURCE_USER_CACHE_KEY = '%s/project/%s/source/username/%s' def user_from_cache(mention) cached_email = read(mention) @@ -17,14 +17,14 @@ module Gitlab ::Gitlab::Cache::Import::Caching.write_multiple(hash, timeout: timeout) end - def source_user_cache_key(project_id, username) - format(SOURCE_USER_CACHE_KEY, project_id, username) + def source_user_cache_key(importer, project_id, username) + format(SOURCE_USER_CACHE_KEY, importer, project_id, username) end private def read(mention) - ::Gitlab::Cache::Import::Caching.read(source_user_cache_key(project_id, mention)) + ::Gitlab::Cache::Import::Caching.read(source_user_cache_key(importer, project_id, mention)) end def find_user(email) diff --git a/lib/gitlab/observability.rb b/lib/gitlab/observability.rb index d42d10cd0f4..9dd6632aeeb 100644 --- a/lib/gitlab/observability.rb +++ b/lib/gitlab/observability.rb @@ -25,8 +25,8 @@ module Gitlab def should_enable_observability_auth_scopes?(resource) # Enable the needed oauth scopes if tracing is enabled. if resource.is_a?(Group) || resource.is_a?(Project) - return Feature.enabled?(:observability_tracing, - resource.root_ancestor) + return Feature.enabled?(:observability_tracing, resource.root_ancestor) || + Feature.enabled?(:observability_metrics, resource.root_ancestor) end false diff --git a/lib/google_cloud_platform/artifact_registry/client.rb b/lib/google_cloud_platform/artifact_registry/client.rb new file mode 100644 index 00000000000..f371a3ce9c7 --- /dev/null +++ b/lib/google_cloud_platform/artifact_registry/client.rb @@ -0,0 +1,57 @@ +# frozen_string_literal: true + +module GoogleCloudPlatform + module ArtifactRegistry + class Client < GoogleCloudPlatform::BaseClient + PAGE_SIZE = 10 + + def initialize(project:, user:, gcp_project_id:, gcp_location:, gcp_repository:, gcp_wlif:) + super(project: project, user: user) + @gcp_project_id = gcp_project_id + @gcp_location = gcp_location + @gcp_repository = gcp_repository + @gcp_wlif = gcp_wlif + end + + def list_docker_images(page_token: nil) + url = list_docker_images_url + response = ::Gitlab::HTTP.get( + url, + headers: headers, + query: query_params(page_token: page_token), + format: :plain, # disable httparty json parsing + extra_allowed_uris: [URI(GLGO_BASE_URL)] + ) + + if response.success? + ::Gitlab::Json.parse(response.body, symbolize_keys: true) + else + {} + end + end + + private + + def list_docker_images_url + "#{GLGO_BASE_URL}/gcp/ar/" \ + "projects/#{@gcp_project_id}/" \ + "locations/#{@gcp_location}/" \ + "repositories/#{@gcp_repository}/docker" + end + + def query_params(page_token: nil) + { + page_token: page_token, + page_size: PAGE_SIZE + }.compact + end + + def headers + jwt = encoded_jwt(wlif: @gcp_wlif) + { + 'Authorization' => "Bearer #{jwt}" + } + end + end + end +end diff --git a/lib/google_cloud_platform/base_client.rb b/lib/google_cloud_platform/base_client.rb new file mode 100644 index 00000000000..a1a13e1e0e9 --- /dev/null +++ b/lib/google_cloud_platform/base_client.rb @@ -0,0 +1,30 @@ +# frozen_string_literal: true + +module GoogleCloudPlatform + class BaseClient + GLGO_BASE_URL = if Gitlab.staging? + 'https://glgo.staging.runway.gitlab.net' + else + 'https://glgo.runway.gitlab.net' + end + + def initialize(project:, user:) + @project = project + @user = user + end + + private + + def encoded_jwt(wlif:) + jwt = ::GoogleCloudPlatform::Jwt.new( + project: @project, + user: @user, + claims: { + audience: GLGO_BASE_URL, + wlif: wlif + } + ) + jwt.encoded + end + end +end diff --git a/lib/google_cloud_platform/jwt.rb b/lib/google_cloud_platform/jwt.rb new file mode 100644 index 00000000000..128dd5ae6f1 --- /dev/null +++ b/lib/google_cloud_platform/jwt.rb @@ -0,0 +1,86 @@ +# frozen_string_literal: true + +module GoogleCloudPlatform + class Jwt < ::JSONWebToken::RSAToken + extend ::Gitlab::Utils::Override + + JWT_OPTIONS_ERROR = 'This jwt needs jwt claims audience and wlif to be set.' + + NoSigningKeyError = Class.new(StandardError) + + def initialize(project:, user:, claims:) + super + + raise ArgumentError, JWT_OPTIONS_ERROR if claims[:audience].blank? || claims[:wlif].blank? + + @claims = claims + @project = project + @user = user + end + + def encoded + @custom_payload.merge!(custom_claims) + + super + end + + private + + override :subject + def subject + "project_#{@project.id}_user_#{@user.id}" + end + + override :key_data + def key_data + @key_data ||= begin + # TODO Feels strange to use the CI signing key but do + # we have a different signing key? + key_data = Gitlab::CurrentSettings.ci_jwt_signing_key + + raise NoSigningKeyError unless key_data + + key_data + end + end + + def custom_claims + { + namespace_id: namespace.id.to_s, + namespace_path: namespace.full_path, + root_namespace_path: root_namespace.full_path, + root_namespace_id: root_namespace.id.to_s, + project_id: @project.id.to_s, + project_path: @project.full_path, + user_id: @user&.id.to_s, + user_login: @user&.username, + user_email: @user&.email, + wlif: @claims[:wlif] + } + end + + def namespace + @project.namespace + end + + def root_namespace + @project.root_namespace + end + + override :issuer + def issuer + Feature.enabled?(:oidc_issuer_url) ? Gitlab.config.gitlab.url : Settings.gitlab.base_url + end + + override :audience + def audience + @claims[:audience] + end + + override :kid + def kid + rsa_key = OpenSSL::PKey::RSA.new(key_data) + rsa_key.public_key.to_jwk[:kid] + end + end +end diff --git a/lib/integrations/google_cloud_platform/artifact_registry/client.rb b/lib/integrations/google_cloud_platform/artifact_registry/client.rb deleted file mode 100644 index 32e09821814..00000000000 --- a/lib/integrations/google_cloud_platform/artifact_registry/client.rb +++ /dev/null @@ -1,59 +0,0 @@ -# frozen_string_literal: true - -module Integrations - module GoogleCloudPlatform - module ArtifactRegistry - class Client < Integrations::GoogleCloudPlatform::BaseClient - PAGE_SIZE = 10 - - def initialize(project:, user:, gcp_project_id:, gcp_location:, gcp_repository:, gcp_wlif:) - super(project: project, user: user) - @gcp_project_id = gcp_project_id - @gcp_location = gcp_location - @gcp_repository = gcp_repository - @gcp_wlif = gcp_wlif - end - - def list_docker_images(page_token: nil) - url = list_docker_images_url - response = ::Gitlab::HTTP.get( - url, - headers: headers, - query: query_params(page_token: page_token), - format: :plain, # disable httparty json parsing - extra_allowed_uris: [URI(GLGO_BASE_URL)] - ) - - if response.success? - ::Gitlab::Json.parse(response.body, symbolize_keys: true) - else - {} - end - end - - private - - def list_docker_images_url - "#{GLGO_BASE_URL}/gcp/ar/" \ - "projects/#{@gcp_project_id}/" \ - "locations/#{@gcp_location}/" \ - "repositories/#{@gcp_repository}/docker" - end - - def query_params(page_token: nil) - { - page_token: page_token, - page_size: PAGE_SIZE - }.compact - end - - def headers - jwt = encoded_jwt(wlif: @gcp_wlif) - { - 'Authorization' => "Bearer #{jwt}" - } - end - end - end - end -end diff --git a/lib/integrations/google_cloud_platform/base_client.rb b/lib/integrations/google_cloud_platform/base_client.rb deleted file mode 100644 index 937454cda43..00000000000 --- a/lib/integrations/google_cloud_platform/base_client.rb +++ /dev/null @@ -1,32 +0,0 @@ -# frozen_string_literal: true - -module Integrations - module GoogleCloudPlatform - class BaseClient - GLGO_BASE_URL = if Gitlab.staging? - 'https://glgo.staging.runway.gitlab.net' - else - 'https://glgo.runway.gitlab.net' - end - - def initialize(project:, user:) - @project = project - @user = user - end - - private - - def encoded_jwt(wlif:) - jwt = ::Integrations::GoogleCloudPlatform::Jwt.new( - project: @project, - user: @user, - claims: { - audience: GLGO_BASE_URL, - wlif: wlif - } - ) - jwt.encoded - end - end - end -end diff --git a/lib/integrations/google_cloud_platform/jwt.rb b/lib/integrations/google_cloud_platform/jwt.rb deleted file mode 100644 index 26343a3a9db..00000000000 --- a/lib/integrations/google_cloud_platform/jwt.rb +++ /dev/null @@ -1,88 +0,0 @@ -# frozen_string_literal: true - -module Integrations - module GoogleCloudPlatform - class Jwt < ::JSONWebToken::RSAToken - extend ::Gitlab::Utils::Override - - JWT_OPTIONS_ERROR = 'This jwt needs jwt claims audience and wlif to be set.' - - NoSigningKeyError = Class.new(StandardError) - - def initialize(project:, user:, claims:) - super - - raise ArgumentError, JWT_OPTIONS_ERROR if claims[:audience].blank? || claims[:wlif].blank? - - @claims = claims - @project = project - @user = user - end - - def encoded - @custom_payload.merge!(custom_claims) - - super - end - - private - - override :subject - def subject - "project_#{@project.id}_user_#{@user.id}" - end - - override :key_data - def key_data - @key_data ||= begin - # TODO Feels strange to use the CI signing key but do - # we have a different signing key? - key_data = Gitlab::CurrentSettings.ci_jwt_signing_key - - raise NoSigningKeyError unless key_data - - key_data - end - end - - def custom_claims - { - namespace_id: namespace.id.to_s, - namespace_path: namespace.full_path, - root_namespace_path: root_namespace.full_path, - root_namespace_id: root_namespace.id.to_s, - project_id: @project.id.to_s, - project_path: @project.full_path, - user_id: @user&.id.to_s, - user_login: @user&.username, - user_email: @user&.email, - wlif: @claims[:wlif] - } - end - - def namespace - @project.namespace - end - - def root_namespace - @project.root_namespace - end - - override :issuer - def issuer - Feature.enabled?(:oidc_issuer_url) ? Gitlab.config.gitlab.url : Settings.gitlab.base_url - end - - override :audience - def audience - @claims[:audience] - end - - override :kid - def kid - rsa_key = OpenSSL::PKey::RSA.new(key_data) - rsa_key.public_key.to_jwk[:kid] - end - end - end -end |