diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/api/entities/group_detail.rb | 1 | ||||
-rw-r--r-- | lib/api/helpers/groups_helpers.rb | 1 | ||||
-rw-r--r-- | lib/api/usage_data.rb | 29 | ||||
-rw-r--r-- | lib/gitlab/click_house.rb | 11 | ||||
-rw-r--r-- | lib/gitlab/gitaly_client.rb | 2 | ||||
-rw-r--r-- | lib/gitlab/http.rb | 2 | ||||
-rw-r--r-- | lib/gitlab/http_connection_adapter.rb | 79 | ||||
-rw-r--r-- | lib/gitlab/import_export/remote_stream_upload.rb | 10 | ||||
-rw-r--r-- | lib/gitlab/metrics/global_search_slis.rb | 5 | ||||
-rw-r--r-- | lib/gitlab/sidekiq_middleware/pause_control/strategies/click_house_migration.rb | 2 | ||||
-rw-r--r-- | lib/tasks/gitlab/assets.rake | 2 |
11 files changed, 59 insertions, 85 deletions
diff --git a/lib/api/entities/group_detail.rb b/lib/api/entities/group_detail.rb index f3d64315203..9f3ced7d717 100644 --- a/lib/api/entities/group_detail.rb +++ b/lib/api/entities/group_detail.rb @@ -7,6 +7,7 @@ module API SharedGroupWithGroup.represent(group.shared_with_group_links_visible_to_user(options[:current_user])) end expose :runners_token, if: ->(_, options) { options[:user_can_admin_group] } + expose :enabled_git_access_protocol, if: ->(group, options) { group.root? && options[:user_can_admin_group] } expose :prevent_sharing_groups_outside_hierarchy, if: ->(group) { group.root? && group.namespace_settings.present? } diff --git a/lib/api/helpers/groups_helpers.rb b/lib/api/helpers/groups_helpers.rb index fbe13bfe8f7..1861ef7c402 100644 --- a/lib/api/helpers/groups_helpers.rb +++ b/lib/api/helpers/groups_helpers.rb @@ -35,6 +35,7 @@ module API optional :developer_can_initial_push, type: Boolean, desc: 'Allow developers to initial push' end optional :shared_runners_setting, type: String, values: ::Namespace::SHARED_RUNNERS_SETTINGS, desc: 'Enable/disable shared runners for the group and its subgroups and projects' + optional :enabled_git_access_protocol, type: String, values: %w[ssh http all], desc: 'Allow only the selected protocols to be used for Git access.' end params :optional_params_ee do diff --git a/lib/api/usage_data.rb b/lib/api/usage_data.rb index 0d1c6cb2281..67bf2725988 100644 --- a/lib/api/usage_data.rb +++ b/lib/api/usage_data.rb @@ -2,6 +2,8 @@ module API class UsageData < ::API::Base + include APIGuard + before { authenticate_non_get! } feature_category :service_ping @@ -12,6 +14,33 @@ module API forbidden!('Invalid CSRF token is provided') unless verified_request? end + resource :service_ping do + allow_access_with_scope :read_service_ping + + before do + authenticated_as_admin! + end + + desc 'Get the latest ServicePing payload' do + detail 'Introduces in Gitlab 16.9. Requires Personal Access Token with read_service_ping scope.' + success code: 200 + failure [ + { code: 401, message: '401 Unauthorized' }, + { code: 403, message: 'Forbidden' }, + { code: 404, message: 'Not found' } + ] + tags %w[usage_data] + produces ['application/json'] + end + + get do + content_type 'application/json' + + Rails.cache.fetch(Gitlab::Usage::ServicePingReport::CACHE_KEY) || + ::RawUsageData.for_current_reporting_cycle.first&.payload || {} + end + end + desc 'Track usage data event' do detail 'This feature was introduced in GitLab 13.4.' success code: 200 diff --git a/lib/gitlab/click_house.rb b/lib/gitlab/click_house.rb new file mode 100644 index 00000000000..81468ab2875 --- /dev/null +++ b/lib/gitlab/click_house.rb @@ -0,0 +1,11 @@ +# frozen_string_literal: true + +module Gitlab + module ClickHouse + DATABASES = [:main].freeze + + def self.configured? + DATABASES.all? { |db| ::ClickHouse::Client.database_configured?(db) } + end + end +end diff --git a/lib/gitlab/gitaly_client.rb b/lib/gitlab/gitaly_client.rb index 6dee9a404f4..3ee46019a06 100644 --- a/lib/gitlab/gitaly_client.rb +++ b/lib/gitlab/gitaly_client.rb @@ -491,6 +491,8 @@ module Gitlab private_class_method :increment_call_count def self.decrement_call_count(key) + return unless Gitlab::SafeRequestStore[key] + Gitlab::SafeRequestStore[key] -= 1 end private_class_method :decrement_call_count diff --git a/lib/gitlab/http.rb b/lib/gitlab/http.rb index 958b415e18f..593ea4f721e 100644 --- a/lib/gitlab/http.rb +++ b/lib/gitlab/http.rb @@ -6,8 +6,6 @@ # the usages to the new gem. # -require_relative 'http_connection_adapter' - module Gitlab class HTTP BlockedUrlError = Gitlab::HTTP_V2::BlockedUrlError diff --git a/lib/gitlab/http_connection_adapter.rb b/lib/gitlab/http_connection_adapter.rb deleted file mode 100644 index 8e9a63a9f7f..00000000000 --- a/lib/gitlab/http_connection_adapter.rb +++ /dev/null @@ -1,79 +0,0 @@ -# frozen_string_literal: true - -# This class is part of the Gitlab::HTTP wrapper. It handles local requests and header timeouts -# -# 1. Local requests -# Depending on the value of the global setting allow_local_requests_from_web_hooks_and_services, -# this adapter will allow/block connection to internal IPs and/or urls. -# -# This functionality can be overridden by providing the setting the option -# allow_local_requests = true in the request. For example: -# Gitlab::HTTP.get('http://www.gitlab.com', allow_local_requests: true) -# -# This option will take precedence over the global setting. -# -# 2. Header timeouts -# When the use_read_total_timeout option is used, that means the receiver -# of the HTTP request cannot be trusted. Gitlab::BufferedIo will be used, -# to read header data. It is a modified version of Net::BufferedIO that -# raises a timeout error if reading header data takes too much time. - -require_relative 'utils/override' - -module Gitlab - class HTTPConnectionAdapter < HTTParty::ConnectionAdapter - extend ::Gitlab::Utils::Override - - override :connection - def connection - result = validate_url_with_proxy!(uri) - @uri = result.uri - hostname = result.hostname - - http = super - http.hostname_override = hostname if hostname - - unless result.use_proxy - http.proxy_from_env = false - http.proxy_address = nil - end - - gitlab_http = Gitlab::NetHttpAdapter.new(http.address, http.port) - - http.instance_variables.each do |variable| - gitlab_http.instance_variable_set(variable, http.instance_variable_get(variable)) - end - - gitlab_http - end - - private - - def validate_url_with_proxy!(url) - Gitlab::UrlBlocker.validate_url_with_proxy!( - url, allow_local_network: allow_local_requests?, - allow_localhost: allow_local_requests?, - allow_object_storage: allow_object_storage?, - dns_rebind_protection: dns_rebind_protection?, - schemes: %w[http https]) - rescue Gitlab::HTTP_V2::UrlBlocker::BlockedUrlError => e - raise Gitlab::HTTP::BlockedUrlError, "URL is blocked: #{e.message}" - end - - def allow_local_requests? - options.fetch(:allow_local_requests, allow_settings_local_requests?) - end - - def allow_object_storage? - options.fetch(:allow_object_storage, false) - end - - def dns_rebind_protection? - Gitlab::CurrentSettings.dns_rebinding_protection_enabled? - end - - def allow_settings_local_requests? - Gitlab::CurrentSettings.allow_local_requests_from_web_hooks_and_services? - end - end -end diff --git a/lib/gitlab/import_export/remote_stream_upload.rb b/lib/gitlab/import_export/remote_stream_upload.rb index 1fb3faf0767..8f761cf37bb 100644 --- a/lib/gitlab/import_export/remote_stream_upload.rb +++ b/lib/gitlab/import_export/remote_stream_upload.rb @@ -77,7 +77,10 @@ module Gitlab attr_reader :download_url, :upload_url, :upload_method, :upload_content_type, :logger def receive_data(uri) - http = Gitlab::HTTPConnectionAdapter.new(URI(uri), {}).connection + http = Gitlab::HTTP_V2::NewConnectionAdapter.new(URI(uri), { + allow_local_requests: Gitlab::CurrentSettings.allow_local_requests_from_web_hooks_and_services?, + dns_rebind_protection: Gitlab::CurrentSettings.dns_rebinding_protection_enabled? + }).connection http.start do request = Net::HTTP::Get.new(uri) @@ -95,7 +98,10 @@ module Gitlab end def send_data(uri, content_length, chunks) - http = Gitlab::HTTPConnectionAdapter.new(URI(uri), {}).connection + http = Gitlab::HTTP_V2::NewConnectionAdapter.new(URI(uri), { + allow_local_requests: Gitlab::CurrentSettings.allow_local_requests_from_web_hooks_and_services?, + dns_rebind_protection: Gitlab::CurrentSettings.dns_rebinding_protection_enabled? + }).connection http.start do request = upload_request_class(upload_method).new(uri) diff --git a/lib/gitlab/metrics/global_search_slis.rb b/lib/gitlab/metrics/global_search_slis.rb index 530bebd72ab..1da0ad6797b 100644 --- a/lib/gitlab/metrics/global_search_slis.rb +++ b/lib/gitlab/metrics/global_search_slis.rb @@ -8,6 +8,7 @@ module Gitlab # gathered on 25-10-2022 # from https://log.gprd.gitlab.net/goto/0c89cd80-23af-11ed-8656-f5f2137823ba (internal only) BASIC_CONTENT_TARGET_S = 8.812 + BASIC_MR_TARGET_S = 15 BASIC_CODE_TARGET_S = 27.538 ADVANCED_CONTENT_TARGET_S = 2.452 ADVANCED_CODE_TARGET_S = 15.52 @@ -35,7 +36,9 @@ module Gitlab private def duration_target(search_type, search_scope) - if search_type == 'basic' && content_search?(search_scope) + if search_type == 'basic' && search_scope == 'merge_requests' + BASIC_MR_TARGET_S + elsif search_type == 'basic' && content_search?(search_scope) BASIC_CONTENT_TARGET_S elsif search_type == 'basic' && code_search?(search_scope) BASIC_CODE_TARGET_S diff --git a/lib/gitlab/sidekiq_middleware/pause_control/strategies/click_house_migration.rb b/lib/gitlab/sidekiq_middleware/pause_control/strategies/click_house_migration.rb index adeb0524567..c1d33885a40 100644 --- a/lib/gitlab/sidekiq_middleware/pause_control/strategies/click_house_migration.rb +++ b/lib/gitlab/sidekiq_middleware/pause_control/strategies/click_house_migration.rb @@ -9,7 +9,7 @@ module Gitlab def should_pause? return false unless Feature.enabled?(:pause_clickhouse_workers_during_migration) - ClickHouse::MigrationSupport::ExclusiveLock.pause_workers? + ::ClickHouse::MigrationSupport::ExclusiveLock.pause_workers? end end end diff --git a/lib/tasks/gitlab/assets.rake b/lib/tasks/gitlab/assets.rake index b8a6e701876..16b0f5bedba 100644 --- a/lib/tasks/gitlab/assets.rake +++ b/lib/tasks/gitlab/assets.rake @@ -101,6 +101,8 @@ namespace :gitlab do # gettext:compile needs to run before rake:assets:precompile because # app/assets/javascripts/locale/**/app.js are pre-compiled by Sprockets Gitlab::TaskHelpers.invoke_and_time_task('gettext:compile') + # Skip Yarn Install when using Cssbundling + Rake::Task["css:install"].clear if defined?(Cssbundling) Gitlab::TaskHelpers.invoke_and_time_task('rake:assets:precompile') log_path = ENV['WEBPACK_COMPILE_LOG_PATH'] |