diff options
28 files changed, 252 insertions, 60 deletions
diff --git a/app/helpers/application_settings_helper.rb b/app/helpers/application_settings_helper.rb index 2447a731167..8e1fe1e1595 100644 --- a/app/helpers/application_settings_helper.rb +++ b/app/helpers/application_settings_helper.rb @@ -315,12 +315,18 @@ module ApplicationSettingsHelper :throttle_authenticated_packages_api_enabled, :throttle_authenticated_packages_api_period_in_seconds, :throttle_authenticated_packages_api_requests_per_period, + :throttle_authenticated_files_api_enabled, + :throttle_authenticated_files_api_period_in_seconds, + :throttle_authenticated_files_api_requests_per_period, :throttle_unauthenticated_enabled, :throttle_unauthenticated_period_in_seconds, :throttle_unauthenticated_requests_per_period, :throttle_unauthenticated_packages_api_enabled, :throttle_unauthenticated_packages_api_period_in_seconds, :throttle_unauthenticated_packages_api_requests_per_period, + :throttle_unauthenticated_files_api_enabled, + :throttle_unauthenticated_files_api_period_in_seconds, + :throttle_unauthenticated_files_api_requests_per_period, :throttle_protected_paths_enabled, :throttle_protected_paths_period_in_seconds, :throttle_protected_paths_requests_per_period, diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb index 8ed408d2c23..0402beb6283 100644 --- a/app/models/application_setting.rb +++ b/app/models/application_setting.rb @@ -479,6 +479,14 @@ class ApplicationSetting < ApplicationRecord presence: true, numericality: { only_integer: true, greater_than: 0 } + validates :throttle_unauthenticated_files_api_requests_per_period, + presence: true, + numericality: { only_integer: true, greater_than: 0 } + + validates :throttle_unauthenticated_files_api_period_in_seconds, + presence: true, + numericality: { only_integer: true, greater_than: 0 } + validates :throttle_authenticated_api_requests_per_period, presence: true, numericality: { only_integer: true, greater_than: 0 } @@ -503,6 +511,14 @@ class ApplicationSetting < ApplicationRecord presence: true, numericality: { only_integer: true, greater_than: 0 } + validates :throttle_authenticated_files_api_requests_per_period, + presence: true, + numericality: { only_integer: true, greater_than: 0 } + + validates :throttle_authenticated_files_api_period_in_seconds, + presence: true, + numericality: { only_integer: true, greater_than: 0 } + validates :throttle_protected_paths_requests_per_period, presence: true, numericality: { only_integer: true, greater_than: 0 } diff --git a/app/models/application_setting_implementation.rb b/app/models/application_setting_implementation.rb index 060c831a11b..5dfe9f922fd 100644 --- a/app/models/application_setting_implementation.rb +++ b/app/models/application_setting_implementation.rb @@ -167,6 +167,9 @@ module ApplicationSettingImplementation throttle_authenticated_packages_api_enabled: false, throttle_authenticated_packages_api_period_in_seconds: 15, throttle_authenticated_packages_api_requests_per_period: 1000, + throttle_authenticated_files_api_enabled: false, + throttle_authenticated_files_api_period_in_seconds: 15, + throttle_authenticated_files_api_requests_per_period: 500, throttle_incident_management_notification_enabled: false, throttle_incident_management_notification_per_period: 3600, throttle_incident_management_notification_period_in_seconds: 3600, @@ -179,6 +182,9 @@ module ApplicationSettingImplementation throttle_unauthenticated_packages_api_enabled: false, throttle_unauthenticated_packages_api_period_in_seconds: 15, throttle_unauthenticated_packages_api_requests_per_period: 800, + throttle_unauthenticated_files_api_enabled: false, + throttle_unauthenticated_files_api_period_in_seconds: 15, + throttle_unauthenticated_files_api_requests_per_period: 125, time_tracking_limit_to_hours: false, two_factor_grace_period: 48, unique_ips_limit_enabled: false, diff --git a/config/initializers/postgres_partitioning.rb b/config/initializers/postgres_partitioning.rb index d4be1e7670d..49936e7cc79 100644 --- a/config/initializers/postgres_partitioning.rb +++ b/config/initializers/postgres_partitioning.rb @@ -8,6 +8,7 @@ Gitlab::Database::Partitioning::PartitionManager.register(WebHookLog) if Gitlab.ee? Gitlab::Database::Partitioning::PartitionManager.register(IncidentManagement::PendingEscalations::Alert) + Gitlab::Database::Partitioning::PartitionManager.register(IncidentManagement::PendingEscalations::Issue) end begin diff --git a/db/migrate/20210730194555_create_incident_management_pending_issue_escalations.rb b/db/migrate/20210730194555_create_incident_management_pending_issue_escalations.rb new file mode 100644 index 00000000000..20a6fde96ff --- /dev/null +++ b/db/migrate/20210730194555_create_incident_management_pending_issue_escalations.rb @@ -0,0 +1,33 @@ +# frozen_string_literal: true + +class CreateIncidentManagementPendingIssueEscalations < ActiveRecord::Migration[6.1] + include Gitlab::Database::MigrationHelpers + + def up + with_lock_retries do + execute(<<~SQL) + CREATE TABLE incident_management_pending_issue_escalations ( + id bigserial NOT NULL, + rule_id bigint NOT NULL, + issue_id bigint NOT NULL, + process_at timestamp with time zone NOT NULL, + created_at timestamp with time zone NOT NULL, + updated_at timestamp with time zone NOT NULL, + PRIMARY KEY (id, process_at) + ) PARTITION BY RANGE (process_at); + + CREATE INDEX index_incident_management_pending_issue_escalations_on_issue_id + ON incident_management_pending_issue_escalations USING btree (issue_id); + + CREATE INDEX index_incident_management_pending_issue_escalations_on_rule_id + ON incident_management_pending_issue_escalations USING btree (rule_id); + SQL + end + end + + def down + with_lock_retries do + drop_table :incident_management_pending_issue_escalations + end + end +end diff --git a/db/migrate/20210819120243_add_throttle_files_api_columns.rb b/db/migrate/20210819120243_add_throttle_files_api_columns.rb new file mode 100644 index 00000000000..ace093c7b0c --- /dev/null +++ b/db/migrate/20210819120243_add_throttle_files_api_columns.rb @@ -0,0 +1,13 @@ +# frozen_string_literal: true + +class AddThrottleFilesApiColumns < ActiveRecord::Migration[6.1] + def change + add_column :application_settings, :throttle_unauthenticated_files_api_requests_per_period, :integer, default: 125, null: false + add_column :application_settings, :throttle_unauthenticated_files_api_period_in_seconds, :integer, default: 15, null: false + add_column :application_settings, :throttle_authenticated_files_api_requests_per_period, :integer, default: 500, null: false + add_column :application_settings, :throttle_authenticated_files_api_period_in_seconds, :integer, default: 15, null: false + + add_column :application_settings, :throttle_unauthenticated_files_api_enabled, :boolean, default: false, null: false + add_column :application_settings, :throttle_authenticated_files_api_enabled, :boolean, default: false, null: false + end +end diff --git a/db/migrate/20210820171834_add_foreign_keys_for_pending_issue_escalations.rb b/db/migrate/20210820171834_add_foreign_keys_for_pending_issue_escalations.rb new file mode 100644 index 00000000000..9d5322de498 --- /dev/null +++ b/db/migrate/20210820171834_add_foreign_keys_for_pending_issue_escalations.rb @@ -0,0 +1,22 @@ +# frozen_string_literal: true + +class AddForeignKeysForPendingIssueEscalations < ActiveRecord::Migration[6.1] + include Gitlab::Database::PartitioningMigrationHelpers + + disable_ddl_transaction! + + def up + add_concurrent_partitioned_foreign_key :incident_management_pending_issue_escalations, + :incident_management_escalation_rules, + column: :rule_id + + add_concurrent_partitioned_foreign_key :incident_management_pending_issue_escalations, + :issues, + column: :issue_id + end + + def down + remove_foreign_key_if_exists :incident_management_pending_issue_escalations, :incident_management_escalation_rules, column: :rule_id + remove_foreign_key_if_exists :incident_management_pending_issue_escalations, :issues, column: :issue_id + end +end diff --git a/db/schema_migrations/20210730194555 b/db/schema_migrations/20210730194555 new file mode 100644 index 00000000000..5b2a142779d --- /dev/null +++ b/db/schema_migrations/20210730194555 @@ -0,0 +1 @@ +2d0399beca58815197487d310318ed1cb3d8e85671d55581a6256ceac7667b43
\ No newline at end of file diff --git a/db/schema_migrations/20210819120243 b/db/schema_migrations/20210819120243 new file mode 100644 index 00000000000..e31d0ca6414 --- /dev/null +++ b/db/schema_migrations/20210819120243 @@ -0,0 +1 @@ +5c74d34171ed9129ffbb3efe5417da1ba857cd729837544e58074debd5afca88
\ No newline at end of file diff --git a/db/schema_migrations/20210820171834 b/db/schema_migrations/20210820171834 new file mode 100644 index 00000000000..be62c2b9a63 --- /dev/null +++ b/db/schema_migrations/20210820171834 @@ -0,0 +1 @@ +892a71a3f6fdeb20cb2837a426d6d0931c756f8bf3d647e520a72a0bb6f78309
\ No newline at end of file diff --git a/db/structure.sql b/db/structure.sql index 608694a2814..eebf3c45b1b 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -222,6 +222,16 @@ CREATE TABLE incident_management_pending_alert_escalations ( ) PARTITION BY RANGE (process_at); +CREATE TABLE incident_management_pending_issue_escalations ( + id bigint NOT NULL, + rule_id bigint NOT NULL, + issue_id bigint NOT NULL, + process_at timestamp with time zone NOT NULL, + created_at timestamp with time zone NOT NULL, + updated_at timestamp with time zone NOT NULL +) +PARTITION BY RANGE (process_at); + CREATE TABLE web_hook_logs ( id bigint NOT NULL, web_hook_id integer NOT NULL, @@ -9596,6 +9606,12 @@ CREATE TABLE application_settings ( encrypted_customers_dot_jwt_signing_key bytea, encrypted_customers_dot_jwt_signing_key_iv bytea, pypi_package_requests_forwarding boolean DEFAULT true NOT NULL, + throttle_unauthenticated_files_api_requests_per_period integer DEFAULT 125 NOT NULL, + throttle_unauthenticated_files_api_period_in_seconds integer DEFAULT 15 NOT NULL, + throttle_authenticated_files_api_requests_per_period integer DEFAULT 500 NOT NULL, + throttle_authenticated_files_api_period_in_seconds integer DEFAULT 15 NOT NULL, + throttle_unauthenticated_files_api_enabled boolean DEFAULT false NOT NULL, + throttle_authenticated_files_api_enabled boolean DEFAULT false NOT NULL, CONSTRAINT app_settings_container_reg_cleanup_tags_max_list_size_positive CHECK ((container_registry_cleanup_tags_service_max_list_size >= 0)), CONSTRAINT app_settings_ext_pipeline_validation_service_url_text_limit CHECK ((char_length(external_pipeline_validation_service_url) <= 255)), CONSTRAINT app_settings_registry_exp_policies_worker_capacity_positive CHECK ((container_registry_expiration_policies_worker_capacity >= 0)), @@ -14147,6 +14163,15 @@ CREATE SEQUENCE incident_management_pending_alert_escalations_id_seq ALTER SEQUENCE incident_management_pending_alert_escalations_id_seq OWNED BY incident_management_pending_alert_escalations.id; +CREATE SEQUENCE incident_management_pending_issue_escalations_id_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + +ALTER SEQUENCE incident_management_pending_issue_escalations_id_seq OWNED BY incident_management_pending_issue_escalations.id; + CREATE TABLE index_statuses ( id integer NOT NULL, project_id integer NOT NULL, @@ -20531,6 +20556,8 @@ ALTER TABLE ONLY incident_management_oncall_shifts ALTER COLUMN id SET DEFAULT n ALTER TABLE ONLY incident_management_pending_alert_escalations ALTER COLUMN id SET DEFAULT nextval('incident_management_pending_alert_escalations_id_seq'::regclass); +ALTER TABLE ONLY incident_management_pending_issue_escalations ALTER COLUMN id SET DEFAULT nextval('incident_management_pending_issue_escalations_id_seq'::regclass); + ALTER TABLE ONLY index_statuses ALTER COLUMN id SET DEFAULT nextval('index_statuses_id_seq'::regclass); ALTER TABLE ONLY insights ALTER COLUMN id SET DEFAULT nextval('insights_id_seq'::regclass); @@ -21967,6 +21994,9 @@ ALTER TABLE ONLY incident_management_oncall_shifts ALTER TABLE ONLY incident_management_pending_alert_escalations ADD CONSTRAINT incident_management_pending_alert_escalations_pkey PRIMARY KEY (id, process_at); +ALTER TABLE ONLY incident_management_pending_issue_escalations + ADD CONSTRAINT incident_management_pending_issue_escalations_pkey PRIMARY KEY (id, process_at); + ALTER TABLE ONLY index_statuses ADD CONSTRAINT index_statuses_pkey PRIMARY KEY (id); @@ -24266,6 +24296,10 @@ CREATE INDEX index_incident_management_pending_alert_escalations_on_rule_id ON O CREATE INDEX index_incident_management_pending_alert_escalations_on_schedule ON ONLY incident_management_pending_alert_escalations USING btree (schedule_id); +CREATE INDEX index_incident_management_pending_issue_escalations_on_issue_id ON ONLY incident_management_pending_issue_escalations USING btree (issue_id); + +CREATE INDEX index_incident_management_pending_issue_escalations_on_rule_id ON ONLY incident_management_pending_issue_escalations USING btree (rule_id); + CREATE UNIQUE INDEX index_index_statuses_on_project_id ON index_statuses USING btree (project_id); CREATE INDEX index_insights_on_namespace_id ON insights USING btree (namespace_id); @@ -27077,6 +27111,9 @@ ALTER TABLE ONLY incident_management_oncall_participants ALTER TABLE ONLY events ADD CONSTRAINT fk_rails_0434b48643 FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE; +ALTER TABLE incident_management_pending_issue_escalations + ADD CONSTRAINT fk_rails_0470889ee5 FOREIGN KEY (rule_id) REFERENCES incident_management_escalation_rules(id) ON DELETE CASCADE; + ALTER TABLE ONLY ip_restrictions ADD CONSTRAINT fk_rails_04a93778d5 FOREIGN KEY (group_id) REFERENCES namespaces(id) ON DELETE CASCADE; @@ -27686,6 +27723,9 @@ ALTER TABLE ONLY status_page_published_incidents ALTER TABLE ONLY deployment_clusters ADD CONSTRAINT fk_rails_6359a164df FOREIGN KEY (deployment_id) REFERENCES deployments(id) ON DELETE CASCADE; +ALTER TABLE incident_management_pending_issue_escalations + ADD CONSTRAINT fk_rails_636678b3bd FOREIGN KEY (issue_id) REFERENCES issues(id) ON DELETE CASCADE; + ALTER TABLE ONLY evidences ADD CONSTRAINT fk_rails_6388b435a6 FOREIGN KEY (release_id) REFERENCES releases(id) ON DELETE CASCADE; diff --git a/doc/api/api_resources.md b/doc/api/api_resources.md index aae76697841..345f0d5ed70 100644 --- a/doc/api/api_resources.md +++ b/doc/api/api_resources.md @@ -15,7 +15,7 @@ Available resources for the [GitLab REST API](index.md) can be grouped in the fo See also: - [V3 to V4](v3_to_v4.md). -- Adding [deploy keys for multiple projects](deploy_keys.md#adding-deploy-keys-to-multiple-projects). +- Adding [deploy keys for multiple projects](deploy_keys.md#add-deploy-keys-to-multiple-projects). - [API Resources for various templates](#templates-api-resources). ## Project resources diff --git a/doc/api/deploy_keys.md b/doc/api/deploy_keys.md index 3d6d680e3e4..be4207ea681 100644 --- a/doc/api/deploy_keys.md +++ b/doc/api/deploy_keys.md @@ -8,7 +8,8 @@ info: To determine the technical writer assigned to the Stage/Group associated w ## List all deploy keys -Get a list of all deploy keys across all projects of the GitLab instance. This endpoint requires administrator access and is not available on GitLab.com. +Get a list of all deploy keys across all projects of the GitLab instance. This +endpoint requires an administrator role and is not available on GitLab.com. ```plaintext GET /deploy_keys @@ -74,7 +75,7 @@ Example response: ] ``` -## Single deploy key +## Get a single deploy key Get a single key. @@ -213,10 +214,10 @@ Example response: } ``` -## Adding deploy keys to multiple projects +## Add deploy keys to multiple projects -If you want to easily add the same deploy key to multiple projects in the same -group, this can be achieved quite easily with the API. +If you want to add the same deploy key to multiple projects in the same +group, this can be achieved with the API. First, find the ID of the projects you're interested in, by either listing all projects: diff --git a/doc/api/oauth2.md b/doc/api/oauth2.md index ce455c89d1a..528f012c7a8 100644 --- a/doc/api/oauth2.md +++ b/doc/api/oauth2.md @@ -5,7 +5,7 @@ group: Access info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers --- -# GitLab as an OAuth2 provider +# GitLab as an OAuth 2.0 provider This document covers using the [OAuth2](https://oauth.net/2/) protocol to allow other services to access GitLab resources on user's behalf. @@ -15,9 +15,9 @@ other services, see the [OAuth2 authentication service provider](../integration/ documentation. This functionality is based on the [doorkeeper Ruby gem](https://github.com/doorkeeper-gem/doorkeeper). -## Supported OAuth2 flows +## Supported OAuth 2.0 flows -GitLab currently supports the following authorization flows: +GitLab supports the following authorization flows: - **Authorization code with [Proof Key for Code Exchange (PKCE)](https://tools.ietf.org/html/rfc7636):** Most secure. Without PKCE, you'd have to include client secrets on mobile clients, @@ -26,14 +26,13 @@ GitLab currently supports the following authorization flows: server-side apps. - **Implicit grant:** Originally designed for user-agent only apps, such as single page web apps running on GitLab Pages). - The [IETF](https://tools.ietf.org/html/draft-ietf-oauth-security-topics-09#section-2.1.2) + The [Internet Engineering Task Force (IETF)](https://tools.ietf.org/html/draft-ietf-oauth-security-topics-09#section-2.1.2) recommends against Implicit grant flow. - **Resource owner password credentials:** To be used **only** for securely hosted, first-party services. GitLab recommends against use of this flow. The draft specification for [OAuth 2.1](https://oauth.net/2.1/) specifically omits both the -Implicit grant and Resource Owner Password Credentials flows. - it will be deprecated in the next OAuth specification version. +Implicit grant and Resource Owner Password Credentials flows. It will be deprecated in the next OAuth specification version. Refer to the [OAuth RFC](https://tools.ietf.org/html/rfc6749) to find out how all those flows work and pick the right one for your use case. @@ -57,7 +56,7 @@ parameter, which are securely bound to the user agent", with each request to the For production, please use HTTPS for your `redirect_uri`. For development, GitLab allows insecure HTTP redirect URIs. -As OAuth2 bases its security entirely on the transport layer, you should not use unprotected +As OAuth 2.0 bases its security entirely on the transport layer, you should not use unprotected URIs. For more information, see the [OAuth 2.0 RFC](https://tools.ietf.org/html/rfc6749#section-3.1.2.1) and the [OAuth 2.0 Threat Model RFC](https://tools.ietf.org/html/rfc6819#section-4.4.2.1). These factors are particularly important when using the @@ -123,7 +122,7 @@ Before starting the flow, generate the `STATE`, the `CODE_VERIFIER` and the `COD "created_at": 1607635748 } ``` - + 1. To retrieve a new `access_token`, use the `refresh_token` parameter. Refresh tokens may be used even after the `access_token` itself expires. This request: - Invalidates the existing `access_token` and `refresh_token`. @@ -135,7 +134,7 @@ Before starting the flow, generate the `STATE`, the `CODE_VERIFIER` and the `COD ``` Example response: - + ```json { "access_token": "c97d1fe52119f38c7f67f0a14db68d60caa35ddc86fd12401718b649dcfa9c68", @@ -203,7 +202,7 @@ be used as a CSRF token. "created_at": 1607635748 } ``` - + 1. To retrieve a new `access_token`, use the `refresh_token` parameter. Refresh tokens may be used even after the `access_token` itself expires. This request: - Invalidates the existing `access_token` and `refresh_token`. @@ -245,12 +244,13 @@ scheduled to be removed for existing applications. We recommend that you use [Authorization code with PKCE](#authorization-code-with-proof-key-for-code-exchange-pkce) instead. If you choose to use Implicit flow, be sure to verify the `application id` (or `client_id`) associated with the access token before granting -access to the data, as described in [Retrieving the token information](#retrieving-the-token-information)). +access to the data. To learn more, read +[Retrieving the token information](#retrieve-the-token-information)). Unlike the authorization code flow, the client receives an `access token` -immediately as a result of the authorization request. The flow does not use -the client secret or the authorization code because all of the application code -and storage is easily accessible on client browsers and mobile devices. +immediately as a result of the authorization request. The flow does not use the +client secret or the authorization code, as the application +code and storage is accessible on client browsers and mobile devices. To request the access token, you should redirect the user to the `/oauth/authorize` endpoint using `token` response type: @@ -367,10 +367,11 @@ or you can put the token to the Authorization header: curl --header "Authorization: Bearer OAUTH-TOKEN" "https://gitlab.example.com/api/v4/user" ``` -## Retrieving the token information +## Retrieve the token information -To verify the details of a token, use the `token/info` endpoint provided by the Doorkeeper gem. -For more information, see [`/oauth/token/info`](https://github.com/doorkeeper-gem/doorkeeper/wiki/API-endpoint-descriptions-and-examples#get----oauthtokeninfo). +To verify the details of a token, use the `token/info` endpoint provided by the +Doorkeeper gem. For more information, see +[`/oauth/token/info`](https://github.com/doorkeeper-gem/doorkeeper/wiki/API-endpoint-descriptions-and-examples#get----oauthtokeninfo). You must supply the access token, either: @@ -407,9 +408,10 @@ prevent breaking changes introduced in [doorkeeper 5.0.2](https://github.com/doo Don't rely on these fields as they are slated for removal in a later release. -## OAuth2 tokens and GitLab registries +## OAuth 2.0 tokens and GitLab registries -Standard OAuth2 tokens support different degrees of access to GitLab registries, as they: +Standard OAuth 2.0 tokens support different degrees of access to GitLab +registries, as they: - Do not allow users to authenticate to: - The GitLab [Container registry](../user/packages/container_registry/index.md#authenticate-with-the-container-registry). diff --git a/doc/api/packages/composer.md b/doc/api/packages/composer.md index 4f8e0a23c9c..0e66654b494 100644 --- a/doc/api/packages/composer.md +++ b/doc/api/packages/composer.md @@ -108,13 +108,14 @@ V1. GET group/:id/-/packages/composer/:package_name$:sha ``` -Note the `$` symbol in the URL. When making requests, you may need to use the URL-encoded version of -the symbol `%24` (see example below). - -| Attribute | Type | Required | Description | -| -------------- | ------ | -------- | ----------- | -| `id` | string | yes | The ID or full path of the group. | -| `package_name` | string | yes | The name of the package. | +Note the `$` symbol in the URL. When making requests, you may need the +URL-encoded version of the symbol `%24`. Refer to the example after +the table: + +| Attribute | Type | Required | Description | +|----------------|--------|----------|---------------------------------------------------------------------------------------| +| `id` | string | yes | The ID or full path of the group. | +| `package_name` | string | yes | The name of the package. | | `sha` | string | yes | The SHA digest of the package, provided by the [V1 packages list](#v1-packages-list). | ```shell diff --git a/doc/api/packages/npm.md b/doc/api/packages/npm.md index 3992a042915..a1d29e9691c 100644 --- a/doc/api/packages/npm.md +++ b/doc/api/packages/npm.md @@ -58,11 +58,11 @@ Upload a package. PUT projects/:id/packages/npm/:package_name ``` -| Attribute | Type | Required | Description | -| ----------------- | ------ | -------- | ----------- | -| `id` | string | yes | The ID or full path of the project. | -| `package_name` | string | yes | The name of the package. | -| `versions` | string | yes | Package version info. | +| Attribute | Type | Required | Description | +|----------------|--------|----------|-------------------------------------| +| `id` | string | yes | The ID or full path of the project. | +| `package_name` | string | yes | The name of the package. | +| `versions` | string | yes | Package version information. | ```shell curl --request PUT diff --git a/doc/api/packages/pypi.md b/doc/api/packages/pypi.md index dd301e9fab8..8a71bf4588a 100644 --- a/doc/api/packages/pypi.md +++ b/doc/api/packages/pypi.md @@ -47,7 +47,8 @@ To write the output to a file: curl --user <username>:<personal_access_token> "https://gitlab.example.com/api/v4/groups/1/packages/pypi/files/5y57017232013c8ac80647f4ca153k3726f6cba62d055cd747844ed95b3c65ff/my.pypi.package-0.0.1.tar.gz" >> my.pypi.package-0.0.1.tar.gz ``` -This writes the downloaded file to `my.pypi.package-0.0.1.tar.gz` in the current directory. +This writes the downloaded file to `my.pypi.package-0.0.1.tar.gz` in the current +directory. ## Group level simple API entry point @@ -106,7 +107,7 @@ GET projects/:id/packages/pypi/files/:sha256/:file_identifier | --------- | ---- | -------- | ----------- | | `id` | string | yes | The ID or full path of the project. | | `sha256` | string | yes | PyPI package file sha256 check sum. | -| `file_identifier` | string | yes | The PyPI package file name. | +| `file_identifier` | string | yes | The PyPI package filename. | ```shell curl --user <username>:<personal_access_token> "https://gitlab.example.com/api/v4/projects/1/packages/pypi/files/5y57017232013c8ac80647f4ca153k3726f6cba62d055cd747844ed95b3c65ff/my.pypi.package-0.0.1.tar.gz" @@ -118,7 +119,8 @@ To write the output to a file: curl --user <username>:<personal_access_token> "https://gitlab.example.com/api/v4/projects/1/packages/pypi/files/5y57017232013c8ac80647f4ca153k3726f6cba62d055cd747844ed95b3c65ff/my.pypi.package-0.0.1.tar.gz" >> my.pypi.package-0.0.1.tar.gz ``` -This writes the downloaded file to `my.pypi.package-0.0.1.tar.gz` in the current directory. +This writes the downloaded file to `my.pypi.package-0.0.1.tar.gz` in the current +directory. ## Project-level simple API entry point diff --git a/doc/topics/authentication/index.md b/doc/topics/authentication/index.md index 83c9e180c1c..855707e8738 100644 --- a/doc/topics/authentication/index.md +++ b/doc/topics/authentication/index.md @@ -43,7 +43,7 @@ This page gathers all the resources for the topic **Authentication** within GitL - [Personal access tokens](../../api/index.md#personalproject-access-tokens) - [Project access tokens](../../api/index.md#personalproject-access-tokens) - [Impersonation tokens](../../api/index.md#impersonation-tokens) -- [GitLab as an OAuth2 provider](../../api/oauth2.md#gitlab-as-an-oauth2-provider) +- [GitLab as an OAuth2 provider](../../api/oauth2.md#gitlab-as-an-oauth-20-provider) ## Third-party resources diff --git a/lib/banzai/filter/references/label_reference_filter.rb b/lib/banzai/filter/references/label_reference_filter.rb index 3ae9c5f8d90..a019ae0108e 100644 --- a/lib/banzai/filter/references/label_reference_filter.rb +++ b/lib/banzai/filter/references/label_reference_filter.rb @@ -23,7 +23,8 @@ module Banzai label_relation = labels.where(title: label_names) end - return Label.none if (relation = [id_relation, label_relation].compact).empty? + relation = [id_relation, label_relation].compact + return Label.none if relation.all?(Label.none) Label.from_union(relation) end diff --git a/lib/banzai/filter/references/milestone_reference_filter.rb b/lib/banzai/filter/references/milestone_reference_filter.rb index d992e667056..94f7106d31e 100644 --- a/lib/banzai/filter/references/milestone_reference_filter.rb +++ b/lib/banzai/filter/references/milestone_reference_filter.rb @@ -23,7 +23,8 @@ module Banzai milestone_relation = find_milestones(parent, false).where(name: milestone_names) end - return Milestone.none if (relation = [iid_relation, milestone_relation].compact).empty? + relation = [iid_relation, milestone_relation].compact + return Milestone.none if relation.all?(Milestone.none) Milestone.from_union(relation).includes(:project, :group) end @@ -116,11 +117,11 @@ module Banzai # We don't support IID lookups because IIDs can clash between # group/project milestones and group/subgroup milestones. - params[:group_ids] = self_and_ancestors_ids(parent) unless find_by_iid + params[:group_ids] = group_and_ancestors_ids(parent) unless find_by_iid end end - def self_and_ancestors_ids(parent) + def group_and_ancestors_ids(parent) if group_context?(parent) parent.self_and_ancestors.select(:id) elsif project_context?(parent) diff --git a/lib/gitlab/database/load_balancing/load_balancer.rb b/lib/gitlab/database/load_balancing/load_balancer.rb index e3f5d0ac470..73d6a4fbb48 100644 --- a/lib/gitlab/database/load_balancing/load_balancer.rb +++ b/lib/gitlab/database/load_balancing/load_balancer.rb @@ -169,7 +169,11 @@ module Gitlab when ActiveRecord::StatementInvalid, ActionView::Template::Error # After connecting to the DB Rails will wrap query errors using this # class. - connection_error?(error.cause) + if (cause = error.cause) + connection_error?(cause) + else + false + end when *CONNECTION_ERRORS true else diff --git a/locale/gitlab.pot b/locale/gitlab.pot index c73175dbba6..b5ec7b083cf 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -22203,21 +22203,12 @@ msgstr "" msgid "NetworkPolicies|Policy definition" msgstr "" -msgid "NetworkPolicies|Policy description" -msgstr "" - msgid "NetworkPolicies|Policy editor" msgstr "" msgid "NetworkPolicies|Policy preview" msgstr "" -msgid "NetworkPolicies|Policy status" -msgstr "" - -msgid "NetworkPolicies|Policy type" -msgstr "" - msgid "NetworkPolicies|Rule" msgstr "" @@ -29682,6 +29673,9 @@ msgstr "" msgid "SecurityOrchestration|Network" msgstr "" +msgid "SecurityOrchestration|Network Policies can be used to limit which network traffic is allowed between containers inside the cluster." +msgstr "" + msgid "SecurityOrchestration|New policy" msgstr "" @@ -29691,9 +29685,18 @@ msgstr "" msgid "SecurityOrchestration|Policies" msgstr "" +msgid "SecurityOrchestration|Policy description" +msgstr "" + msgid "SecurityOrchestration|Policy editor" msgstr "" +msgid "SecurityOrchestration|Policy status" +msgstr "" + +msgid "SecurityOrchestration|Policy type" +msgstr "" + msgid "SecurityOrchestration|Scan Execution" msgstr "" diff --git a/package.json b/package.json index 187707811b9..8dc37565326 100644 --- a/package.json +++ b/package.json @@ -64,7 +64,7 @@ "@rails/actioncable": "6.1.3-2", "@rails/ujs": "6.1.3-2", "@sentry/browser": "5.26.0", - "@sourcegraph/code-host-integration": "0.0.59", + "@sourcegraph/code-host-integration": "0.0.60", "@tiptap/core": "^2.0.0-beta.101", "@tiptap/extension-blockquote": "^2.0.0-beta.15", "@tiptap/extension-bold": "^2.0.0-beta.15", diff --git a/spec/lib/gitlab/database/load_balancing/load_balancer_spec.rb b/spec/lib/gitlab/database/load_balancing/load_balancer_spec.rb index c647f5a8f5d..4de5cb7c3d7 100644 --- a/spec/lib/gitlab/database/load_balancing/load_balancer_spec.rb +++ b/spec/lib/gitlab/database/load_balancing/load_balancer_spec.rb @@ -283,6 +283,12 @@ RSpec.describe Gitlab::Database::LoadBalancing::LoadBalancer, :request_store do expect(lb.connection_error?(error)).to eq(false) end + + it 'returns false for ActiveRecord errors without a cause' do + error = ActiveRecord::RecordNotUnique.new + + expect(lb.connection_error?(error)).to eq(false) + end end describe '#serialization_failure?' do diff --git a/spec/lib/gitlab/import_export/all_models.yml b/spec/lib/gitlab/import_export/all_models.yml index d83a00589b1..cf340b47b68 100644 --- a/spec/lib/gitlab/import_export/all_models.yml +++ b/spec/lib/gitlab/import_export/all_models.yml @@ -58,6 +58,7 @@ issues: - test_reports - requirement - incident_management_issuable_escalation_status +- pending_escalations work_item_type: - issues events: diff --git a/spec/models/application_setting_spec.rb b/spec/models/application_setting_spec.rb index e9c5ffef210..93b37b455fd 100644 --- a/spec/models/application_setting_spec.rb +++ b/spec/models/application_setting_spec.rb @@ -931,6 +931,10 @@ RSpec.describe ApplicationSetting do throttle_unauthenticated_packages_api_period_in_seconds throttle_authenticated_packages_api_requests_per_period throttle_authenticated_packages_api_period_in_seconds + throttle_unauthenticated_files_api_requests_per_period + throttle_unauthenticated_files_api_period_in_seconds + throttle_authenticated_files_api_requests_per_period + throttle_authenticated_files_api_period_in_seconds ] end diff --git a/spec/services/application_settings/update_service_spec.rb b/spec/services/application_settings/update_service_spec.rb index 56c1284927d..30f606a1cd3 100644 --- a/spec/services/application_settings/update_service_spec.rb +++ b/spec/services/application_settings/update_service_spec.rb @@ -362,6 +362,32 @@ RSpec.describe ApplicationSettings::UpdateService do end end + context 'when files API rate limits are passed' do + let(:params) do + { + throttle_unauthenticated_files_api_enabled: 1, + throttle_unauthenticated_files_api_period_in_seconds: 500, + throttle_unauthenticated_files_api_requests_per_period: 20, + throttle_authenticated_files_api_enabled: 1, + throttle_authenticated_files_api_period_in_seconds: 600, + throttle_authenticated_files_api_requests_per_period: 10 + } + end + + it 'updates files API throttle settings' do + subject.execute + + application_settings.reload + + expect(application_settings.throttle_unauthenticated_files_api_enabled).to be_truthy + expect(application_settings.throttle_unauthenticated_files_api_period_in_seconds).to eq(500) + expect(application_settings.throttle_unauthenticated_files_api_requests_per_period).to eq(20) + expect(application_settings.throttle_authenticated_files_api_enabled).to be_truthy + expect(application_settings.throttle_authenticated_files_api_period_in_seconds).to eq(600) + expect(application_settings.throttle_authenticated_files_api_requests_per_period).to eq(10) + end + end + context 'when issues_create_limit is passed' do let(:params) do { diff --git a/yarn.lock b/yarn.lock index d57d789385f..e9daeec9872 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1427,10 +1427,10 @@ dependencies: "@sinonjs/commons" "^1.7.0" -"@sourcegraph/code-host-integration@0.0.59": - version "0.0.59" - resolved "https://registry.yarnpkg.com/@sourcegraph/code-host-integration/-/code-host-integration-0.0.59.tgz#ac64a9f90ff48363334407d12622542d0faa7720" - integrity sha512-laZl6llJMr0OAYwihyhkVSrBmLSQy+X38HZKD590Sg+mgAp3C+Q9TXSYIEQjY2XrA3/ypuEbqoiTY8HyRl4b4g== +"@sourcegraph/code-host-integration@0.0.60": + version "0.0.60" + resolved "https://registry.yarnpkg.com/@sourcegraph/code-host-integration/-/code-host-integration-0.0.60.tgz#2043877fabb7eb986fcb61b67ee480afbb29f4f0" + integrity sha512-T+MvM8SUF7daA279hyQgwmva3J5LvPqwgQ/mWwxdVshehOQIPLUd310I0c6x6nZ0F/x4UjDWgRWzAqy6NLwV1w== "@stylelint/postcss-css-in-js@^0.37.2": version "0.37.2" |