kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2021-08-27 00:08:45 +00:00
parent 9f6c0ac9fd
commit d9c4e920ed
28 changed files with 251 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/helpers/application_settings_helper.rb
View File

@ -315,12 +315,18 @@ module ApplicationSettingsHelper
:throttle_authenticated_packages_api_enabled,
:throttle_authenticated_packages_api_period_in_seconds,
:throttle_authenticated_packages_api_requests_per_period,
:throttle_authenticated_files_api_enabled,
:throttle_authenticated_files_api_period_in_seconds,
:throttle_authenticated_files_api_requests_per_period,
:throttle_unauthenticated_enabled,
:throttle_unauthenticated_period_in_seconds,
:throttle_unauthenticated_requests_per_period,
:throttle_unauthenticated_packages_api_enabled,
:throttle_unauthenticated_packages_api_period_in_seconds,
:throttle_unauthenticated_packages_api_requests_per_period,
:throttle_unauthenticated_files_api_enabled,
:throttle_unauthenticated_files_api_period_in_seconds,
:throttle_unauthenticated_files_api_requests_per_period,
:throttle_protected_paths_enabled,
:throttle_protected_paths_period_in_seconds,
:throttle_protected_paths_requests_per_period,

16
app/models/application_setting.rb
View File

@ -479,6 +479,14 @@ class ApplicationSetting < ApplicationRecord
presence: true,
numericality: { only_integer: true, greater_than: 0 }
validates :throttle_unauthenticated_files_api_requests_per_period,
presence: true,
numericality: { only_integer: true, greater_than: 0 }
validates :throttle_unauthenticated_files_api_period_in_seconds,
presence: true,
numericality: { only_integer: true, greater_than: 0 }
validates :throttle_authenticated_api_requests_per_period,
presence: true,
numericality: { only_integer: true, greater_than: 0 }
@ -503,6 +511,14 @@ class ApplicationSetting < ApplicationRecord
presence: true,
numericality: { only_integer: true, greater_than: 0 }
validates :throttle_authenticated_files_api_requests_per_period,
presence: true,
numericality: { only_integer: true, greater_than: 0 }
validates :throttle_authenticated_files_api_period_in_seconds,
presence: true,
numericality: { only_integer: true, greater_than: 0 }
validates :throttle_protected_paths_requests_per_period,
presence: true,
numericality: { only_integer: true, greater_than: 0 }

6
app/models/application_setting_implementation.rb
View File

@ -167,6 +167,9 @@ module ApplicationSettingImplementation
throttle_authenticated_packages_api_enabled: false,
throttle_authenticated_packages_api_period_in_seconds: 15,
throttle_authenticated_packages_api_requests_per_period: 1000,
throttle_authenticated_files_api_enabled: false,
throttle_authenticated_files_api_period_in_seconds: 15,
throttle_authenticated_files_api_requests_per_period: 500,
throttle_incident_management_notification_enabled: false,
throttle_incident_management_notification_per_period: 3600,
throttle_incident_management_notification_period_in_seconds: 3600,
@ -179,6 +182,9 @@ module ApplicationSettingImplementation
throttle_unauthenticated_packages_api_enabled: false,
throttle_unauthenticated_packages_api_period_in_seconds: 15,
throttle_unauthenticated_packages_api_requests_per_period: 800,
throttle_unauthenticated_files_api_enabled: false,
throttle_unauthenticated_files_api_period_in_seconds: 15,
throttle_unauthenticated_files_api_requests_per_period: 125,
time_tracking_limit_to_hours: false,
two_factor_grace_period: 48,
unique_ips_limit_enabled: false,

1
config/initializers/postgres_partitioning.rb
View File

@ -8,6 +8,7 @@ Gitlab::Database::Partitioning::PartitionManager.register(WebHookLog)
if Gitlab.ee?
Gitlab::Database::Partitioning::PartitionManager.register(IncidentManagement::PendingEscalations::Alert)
Gitlab::Database::Partitioning::PartitionManager.register(IncidentManagement::PendingEscalations::Issue)
end
begin

33
db/migrate/20210730194555_create_incident_management_pending_issue_escalations.rb Normal file
View File

@ -0,0 +1,33 @@
# frozen_string_literal: true
class CreateIncidentManagementPendingIssueEscalations < ActiveRecord::Migration[6.1]
include Gitlab::Database::MigrationHelpers
def up
with_lock_retries do
execute(<<~SQL)
CREATE TABLE incident_management_pending_issue_escalations (
id bigserial NOT NULL,
rule_id bigint NOT NULL,
issue_id bigint NOT NULL,
process_at timestamp with time zone NOT NULL,
created_at timestamp with time zone NOT NULL,
updated_at timestamp with time zone NOT NULL,
PRIMARY KEY (id, process_at)
) PARTITION BY RANGE (process_at);
CREATE INDEX index_incident_management_pending_issue_escalations_on_issue_id
ON incident_management_pending_issue_escalations USING btree (issue_id);
CREATE INDEX index_incident_management_pending_issue_escalations_on_rule_id
ON incident_management_pending_issue_escalations USING btree (rule_id);
SQL
end
end
def down
with_lock_retries do
drop_table :incident_management_pending_issue_escalations
end
end
end

13
db/migrate/20210819120243_add_throttle_files_api_columns.rb Normal file
View File

@ -0,0 +1,13 @@
# frozen_string_literal: true
class AddThrottleFilesApiColumns < ActiveRecord::Migration[6.1]
def change
add_column :application_settings, :throttle_unauthenticated_files_api_requests_per_period, :integer, default: 125, null: false
add_column :application_settings, :throttle_unauthenticated_files_api_period_in_seconds, :integer, default: 15, null: false
add_column :application_settings, :throttle_authenticated_files_api_requests_per_period, :integer, default: 500, null: false
add_column :application_settings, :throttle_authenticated_files_api_period_in_seconds, :integer, default: 15, null: false
add_column :application_settings, :throttle_unauthenticated_files_api_enabled, :boolean, default: false, null: false
add_column :application_settings, :throttle_authenticated_files_api_enabled, :boolean, default: false, null: false
end
end

22
db/migrate/20210820171834_add_foreign_keys_for_pending_issue_escalations.rb Normal file
View File

@ -0,0 +1,22 @@
# frozen_string_literal: true
class AddForeignKeysForPendingIssueEscalations < ActiveRecord::Migration[6.1]
include Gitlab::Database::PartitioningMigrationHelpers
disable_ddl_transaction!
def up
add_concurrent_partitioned_foreign_key :incident_management_pending_issue_escalations,
:incident_management_escalation_rules,
column: :rule_id
add_concurrent_partitioned_foreign_key :incident_management_pending_issue_escalations,
:issues,
column: :issue_id
end
def down
remove_foreign_key_if_exists :incident_management_pending_issue_escalations, :incident_management_escalation_rules, column: :rule_id
remove_foreign_key_if_exists :incident_management_pending_issue_escalations, :issues, column: :issue_id
end
end

1
db/schema_migrations/20210730194555 Normal file
View File

@ -0,0 +1 @@
2d0399beca58815197487d310318ed1cb3d8e85671d55581a6256ceac7667b43

1
db/schema_migrations/20210819120243 Normal file
View File

@ -0,0 +1 @@
5c74d34171ed9129ffbb3efe5417da1ba857cd729837544e58074debd5afca88

1
db/schema_migrations/20210820171834 Normal file
View File

@ -0,0 +1 @@
892a71a3f6fdeb20cb2837a426d6d0931c756f8bf3d647e520a72a0bb6f78309

40
db/structure.sql
View File

@ -222,6 +222,16 @@ CREATE TABLE incident_management_pending_alert_escalations (
)
PARTITION BY RANGE (process_at);
CREATE TABLE incident_management_pending_issue_escalations (
id bigint NOT NULL,
rule_id bigint NOT NULL,
issue_id bigint NOT NULL,
process_at timestamp with time zone NOT NULL,
created_at timestamp with time zone NOT NULL,
updated_at timestamp with time zone NOT NULL
)
PARTITION BY RANGE (process_at);
CREATE TABLE web_hook_logs (
id bigint NOT NULL,
web_hook_id integer NOT NULL,
@ -9596,6 +9606,12 @@ CREATE TABLE application_settings (
encrypted_customers_dot_jwt_signing_key bytea,
encrypted_customers_dot_jwt_signing_key_iv bytea,
pypi_package_requests_forwarding boolean DEFAULT true NOT NULL,
throttle_unauthenticated_files_api_requests_per_period integer DEFAULT 125 NOT NULL,
throttle_unauthenticated_files_api_period_in_seconds integer DEFAULT 15 NOT NULL,
throttle_authenticated_files_api_requests_per_period integer DEFAULT 500 NOT NULL,
throttle_authenticated_files_api_period_in_seconds integer DEFAULT 15 NOT NULL,
throttle_unauthenticated_files_api_enabled boolean DEFAULT false NOT NULL,
throttle_authenticated_files_api_enabled boolean DEFAULT false NOT NULL,
CONSTRAINT app_settings_container_reg_cleanup_tags_max_list_size_positive CHECK ((container_registry_cleanup_tags_service_max_list_size >= 0)),
CONSTRAINT app_settings_ext_pipeline_validation_service_url_text_limit CHECK ((char_length(external_pipeline_validation_service_url) <= 255)),
CONSTRAINT app_settings_registry_exp_policies_worker_capacity_positive CHECK ((container_registry_expiration_policies_worker_capacity >= 0)),
@ -14147,6 +14163,15 @@ CREATE SEQUENCE incident_management_pending_alert_escalations_id_seq
ALTER SEQUENCE incident_management_pending_alert_escalations_id_seq OWNED BY incident_management_pending_alert_escalations.id;
CREATE SEQUENCE incident_management_pending_issue_escalations_id_seq
START WITH 1
INCREMENT BY 1
NO MINVALUE
NO MAXVALUE
CACHE 1;
ALTER SEQUENCE incident_management_pending_issue_escalations_id_seq OWNED BY incident_management_pending_issue_escalations.id;
CREATE TABLE index_statuses (
id integer NOT NULL,
project_id integer NOT NULL,
@ -20531,6 +20556,8 @@ ALTER TABLE ONLY incident_management_oncall_shifts ALTER COLUMN id SET DEFAULT n
ALTER TABLE ONLY incident_management_pending_alert_escalations ALTER COLUMN id SET DEFAULT nextval('incident_management_pending_alert_escalations_id_seq'::regclass);
ALTER TABLE ONLY incident_management_pending_issue_escalations ALTER COLUMN id SET DEFAULT nextval('incident_management_pending_issue_escalations_id_seq'::regclass);
ALTER TABLE ONLY index_statuses ALTER COLUMN id SET DEFAULT nextval('index_statuses_id_seq'::regclass);
ALTER TABLE ONLY insights ALTER COLUMN id SET DEFAULT nextval('insights_id_seq'::regclass);
@ -21967,6 +21994,9 @@ ALTER TABLE ONLY incident_management_oncall_shifts
ALTER TABLE ONLY incident_management_pending_alert_escalations
ADD CONSTRAINT incident_management_pending_alert_escalations_pkey PRIMARY KEY (id, process_at);
ALTER TABLE ONLY incident_management_pending_issue_escalations
ADD CONSTRAINT incident_management_pending_issue_escalations_pkey PRIMARY KEY (id, process_at);
ALTER TABLE ONLY index_statuses
ADD CONSTRAINT index_statuses_pkey PRIMARY KEY (id);
@ -24266,6 +24296,10 @@ CREATE INDEX index_incident_management_pending_alert_escalations_on_rule_id ON O
CREATE INDEX index_incident_management_pending_alert_escalations_on_schedule ON ONLY incident_management_pending_alert_escalations USING btree (schedule_id);
CREATE INDEX index_incident_management_pending_issue_escalations_on_issue_id ON ONLY incident_management_pending_issue_escalations USING btree (issue_id);
CREATE INDEX index_incident_management_pending_issue_escalations_on_rule_id ON ONLY incident_management_pending_issue_escalations USING btree (rule_id);
CREATE UNIQUE INDEX index_index_statuses_on_project_id ON index_statuses USING btree (project_id);
CREATE INDEX index_insights_on_namespace_id ON insights USING btree (namespace_id);
@ -27077,6 +27111,9 @@ ALTER TABLE ONLY incident_management_oncall_participants
ALTER TABLE ONLY events
ADD CONSTRAINT fk_rails_0434b48643 FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE;
ALTER TABLE incident_management_pending_issue_escalations
ADD CONSTRAINT fk_rails_0470889ee5 FOREIGN KEY (rule_id) REFERENCES incident_management_escalation_rules(id) ON DELETE CASCADE;
ALTER TABLE ONLY ip_restrictions
ADD CONSTRAINT fk_rails_04a93778d5 FOREIGN KEY (group_id) REFERENCES namespaces(id) ON DELETE CASCADE;
@ -27686,6 +27723,9 @@ ALTER TABLE ONLY status_page_published_incidents
ALTER TABLE ONLY deployment_clusters
ADD CONSTRAINT fk_rails_6359a164df FOREIGN KEY (deployment_id) REFERENCES deployments(id) ON DELETE CASCADE;
ALTER TABLE incident_management_pending_issue_escalations
ADD CONSTRAINT fk_rails_636678b3bd FOREIGN KEY (issue_id) REFERENCES issues(id) ON DELETE CASCADE;
ALTER TABLE ONLY evidences
ADD CONSTRAINT fk_rails_6388b435a6 FOREIGN KEY (release_id) REFERENCES releases(id) ON DELETE CASCADE;

2
doc/api/api_resources.md
View File

@ -15,7 +15,7 @@ Available resources for the [GitLab REST API](index.md) can be grouped in the fo
See also:
- [V3 to V4](v3_to_v4.md).
- Adding [deploy keys for multiple projects](deploy_keys.md#adding-deploy-keys-to-multiple-projects).
- Adding [deploy keys for multiple projects](deploy_keys.md#add-deploy-keys-to-multiple-projects).
- [API Resources for various templates](#templates-api-resources).
## Project resources

11
doc/api/deploy_keys.md
View File

@ -8,7 +8,8 @@ info: To determine the technical writer assigned to the Stage/Group associated w
## List all deploy keys
Get a list of all deploy keys across all projects of the GitLab instance. This endpoint requires administrator access and is not available on GitLab.com.
Get a list of all deploy keys across all projects of the GitLab instance. This
endpoint requires an administrator role and is not available on GitLab.com.
```plaintext
GET /deploy_keys
@ -74,7 +75,7 @@ Example response:
]
```
## Single deploy key
## Get a single deploy key
Get a single key.
@ -213,10 +214,10 @@ Example response:
}
```
## Adding deploy keys to multiple projects
## Add deploy keys to multiple projects
If you want to easily add the same deploy key to multiple projects in the same
group, this can be achieved quite easily with the API.
If you want to add the same deploy key to multiple projects in the same
group, this can be achieved with the API.
First, find the ID of the projects you're interested in, by either listing all
projects:

40
doc/api/oauth2.md
View File

@ -5,7 +5,7 @@ group: Access
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
---
# GitLab as an OAuth2 provider
# GitLab as an OAuth 2.0 provider
This document covers using the [OAuth2](https://oauth.net/2/) protocol to allow
other services to access GitLab resources on user's behalf.
@ -15,9 +15,9 @@ other services, see the [OAuth2 authentication service provider](../integration/
documentation. This functionality is based on the
[doorkeeper Ruby gem](https://github.com/doorkeeper-gem/doorkeeper).
## Supported OAuth2 flows
## Supported OAuth 2.0 flows
GitLab currently supports the following authorization flows:
GitLab supports the following authorization flows:
- **Authorization code with [Proof Key for Code Exchange (PKCE)](https://tools.ietf.org/html/rfc7636):**
Most secure. Without PKCE, you'd have to include client secrets on mobile clients,
@ -26,14 +26,13 @@ GitLab currently supports the following authorization flows:
server-side apps.
- **Implicit grant:** Originally designed for user-agent only apps, such as
single page web apps running on GitLab Pages).
The [IETF](https://tools.ietf.org/html/draft-ietf-oauth-security-topics-09#section-2.1.2)
The [Internet Engineering Task Force (IETF)](https://tools.ietf.org/html/draft-ietf-oauth-security-topics-09#section-2.1.2)
recommends against Implicit grant flow.
- **Resource owner password credentials:** To be used **only** for securely
hosted, first-party services. GitLab recommends against use of this flow.
The draft specification for [OAuth 2.1](https://oauth.net/2.1/) specifically omits both the
Implicit grant and Resource Owner Password Credentials flows.
it will be deprecated in the next OAuth specification version.
Implicit grant and Resource Owner Password Credentials flows. It will be deprecated in the next OAuth specification version.
Refer to the [OAuth RFC](https://tools.ietf.org/html/rfc6749) to find out
how all those flows work and pick the right one for your use case.
@ -57,7 +56,7 @@ parameter, which are securely bound to the user agent", with each request to the
For production, please use HTTPS for your `redirect_uri`.
For development, GitLab allows insecure HTTP redirect URIs.
As OAuth2 bases its security entirely on the transport layer, you should not use unprotected
As OAuth 2.0 bases its security entirely on the transport layer, you should not use unprotected
URIs. For more information, see the [OAuth 2.0 RFC](https://tools.ietf.org/html/rfc6749#section-3.1.2.1)
and the [OAuth 2.0 Threat Model RFC](https://tools.ietf.org/html/rfc6819#section-4.4.2.1).
These factors are particularly important when using the
@ -123,7 +122,7 @@ Before starting the flow, generate the `STATE`, the `CODE_VERIFIER` and the `COD
"created_at": 1607635748
}
```
1. To retrieve a new `access_token`, use the `refresh_token` parameter. Refresh tokens may
be used even after the `access_token` itself expires. This request:
- Invalidates the existing `access_token` and `refresh_token`.
@ -135,7 +134,7 @@ Before starting the flow, generate the `STATE`, the `CODE_VERIFIER` and the `COD
```
Example response:
```json
{
"access_token": "c97d1fe52119f38c7f67f0a14db68d60caa35ddc86fd12401718b649dcfa9c68",
@ -203,7 +202,7 @@ be used as a CSRF token.
"created_at": 1607635748
}
```
1. To retrieve a new `access_token`, use the `refresh_token` parameter. Refresh tokens may
be used even after the `access_token` itself expires. This request:
- Invalidates the existing `access_token` and `refresh_token`.
@ -245,12 +244,13 @@ scheduled to be removed for existing applications.
We recommend that you use [Authorization code with PKCE](#authorization-code-with-proof-key-for-code-exchange-pkce) instead. If you choose to use Implicit flow, be sure to verify the
`application id` (or `client_id`) associated with the access token before granting
access to the data, as described in [Retrieving the token information](#retrieving-the-token-information)).
access to the data. To learn more, read
[Retrieving the token information](#retrieve-the-token-information)).
Unlike the authorization code flow, the client receives an `access token`
immediately as a result of the authorization request. The flow does not use
the client secret or the authorization code because all of the application code
and storage is easily accessible on client browsers and mobile devices.
immediately as a result of the authorization request. The flow does not use the
client secret or the authorization code, as the application
code and storage is accessible on client browsers and mobile devices.
To request the access token, you should redirect the user to the
`/oauth/authorize` endpoint using `token` response type:
@ -367,10 +367,11 @@ or you can put the token to the Authorization header:
curl --header "Authorization: Bearer OAUTH-TOKEN" "https://gitlab.example.com/api/v4/user"
```
## Retrieving the token information
## Retrieve the token information
To verify the details of a token, use the `token/info` endpoint provided by the Doorkeeper gem.
For more information, see [`/oauth/token/info`](https://github.com/doorkeeper-gem/doorkeeper/wiki/API-endpoint-descriptions-and-examples#get----oauthtokeninfo).
To verify the details of a token, use the `token/info` endpoint provided by the
Doorkeeper gem. For more information, see
[`/oauth/token/info`](https://github.com/doorkeeper-gem/doorkeeper/wiki/API-endpoint-descriptions-and-examples#get----oauthtokeninfo).
You must supply the access token, either:
@ -407,9 +408,10 @@ prevent breaking changes introduced in [doorkeeper 5.0.2](https://github.com/doo
Don't rely on these fields as they are slated for removal in a later release.
## OAuth2 tokens and GitLab registries
## OAuth 2.0 tokens and GitLab registries
Standard OAuth2 tokens support different degrees of access to GitLab registries, as they:
Standard OAuth 2.0 tokens support different degrees of access to GitLab
registries, as they:
- Do not allow users to authenticate to:
- The GitLab [Container registry](../user/packages/container_registry/index.md#authenticate-with-the-container-registry).

13
doc/api/packages/composer.md
View File

@ -108,13 +108,14 @@ V1.
GET group/:id/-/packages/composer/:package_name$:sha
```
Note the `$` symbol in the URL. When making requests, you may need to use the URL-encoded version of
the symbol `%24` (see example below).
Note the `$` symbol in the URL. When making requests, you may need the
URL-encoded version of the symbol `%24`. Refer to the example after
the table:
| Attribute | Type | Required | Description |
| -------------- | ------ | -------- | ----------- |
| `id` | string | yes | The ID or full path of the group. |
| `package_name` | string | yes | The name of the package. |
| Attribute | Type | Required | Description |
|----------------|--------|----------|---------------------------------------------------------------------------------------|
| `id` | string | yes | The ID or full path of the group. |
| `package_name` | string | yes | The name of the package. |
| `sha` | string | yes | The SHA digest of the package, provided by the [V1 packages list](#v1-packages-list). |
```shell

10
doc/api/packages/npm.md
View File

@ -58,11 +58,11 @@ Upload a package.
PUT projects/:id/packages/npm/:package_name
```
| Attribute | Type | Required | Description |
| ----------------- | ------ | -------- | ----------- |
| `id` | string | yes | The ID or full path of the project. |
| `package_name` | string | yes | The name of the package. |
| `versions` | string | yes | Package version info. |
| Attribute | Type | Required | Description |
|----------------|--------|----------|-------------------------------------|
| `id` | string | yes | The ID or full path of the project. |
| `package_name` | string | yes | The name of the package. |
| `versions` | string | yes | Package version information. |
```shell
curl --request PUT

8
doc/api/packages/pypi.md
View File

@ -47,7 +47,8 @@ To write the output to a file:
curl --user <username>:<personal_access_token> "https://gitlab.example.com/api/v4/groups/1/packages/pypi/files/5y57017232013c8ac80647f4ca153k3726f6cba62d055cd747844ed95b3c65ff/my.pypi.package-0.0.1.tar.gz" >> my.pypi.package-0.0.1.tar.gz
```
This writes the downloaded file to `my.pypi.package-0.0.1.tar.gz` in the current directory.
This writes the downloaded file to `my.pypi.package-0.0.1.tar.gz` in the current
directory.
## Group level simple API entry point
@ -106,7 +107,7 @@ GET projects/:id/packages/pypi/files/:sha256/:file_identifier
| --------- | ---- | -------- | ----------- |
| `id` | string | yes | The ID or full path of the project. |
| `sha256` | string | yes | PyPI package file sha256 check sum. |
| `file_identifier` | string | yes | The PyPI package file name. |
| `file_identifier` | string | yes | The PyPI package filename. |
```shell
curl --user <username>:<personal_access_token> "https://gitlab.example.com/api/v4/projects/1/packages/pypi/files/5y57017232013c8ac80647f4ca153k3726f6cba62d055cd747844ed95b3c65ff/my.pypi.package-0.0.1.tar.gz"
@ -118,7 +119,8 @@ To write the output to a file:
curl --user <username>:<personal_access_token> "https://gitlab.example.com/api/v4/projects/1/packages/pypi/files/5y57017232013c8ac80647f4ca153k3726f6cba62d055cd747844ed95b3c65ff/my.pypi.package-0.0.1.tar.gz" >> my.pypi.package-0.0.1.tar.gz
```
This writes the downloaded file to `my.pypi.package-0.0.1.tar.gz` in the current directory.
This writes the downloaded file to `my.pypi.package-0.0.1.tar.gz` in the current
directory.
## Project-level simple API entry point

2
doc/topics/authentication/index.md
View File

@ -43,7 +43,7 @@ This page gathers all the resources for the topic **Authentication** within GitL
- [Personal access tokens](../../api/index.md#personalproject-access-tokens)
- [Project access tokens](../../api/index.md#personalproject-access-tokens)
- [Impersonation tokens](../../api/index.md#impersonation-tokens)
- [GitLab as an OAuth2 provider](../../api/oauth2.md#gitlab-as-an-oauth2-provider)
- [GitLab as an OAuth2 provider](../../api/oauth2.md#gitlab-as-an-oauth-20-provider)
## Third-party resources

3
lib/banzai/filter/references/label_reference_filter.rb
View File

@ -23,7 +23,8 @@ module Banzai
label_relation = labels.where(title: label_names)
end
return Label.none if (relation = [id_relation, label_relation].compact).empty?
relation = [id_relation, label_relation].compact
return Label.none if relation.all?(Label.none)
Label.from_union(relation)
end

7
lib/banzai/filter/references/milestone_reference_filter.rb
View File

@ -23,7 +23,8 @@ module Banzai
milestone_relation = find_milestones(parent, false).where(name: milestone_names)
end
return Milestone.none if (relation = [iid_relation, milestone_relation].compact).empty?
relation = [iid_relation, milestone_relation].compact
return Milestone.none if relation.all?(Milestone.none)
Milestone.from_union(relation).includes(:project, :group)
end
@ -116,11 +117,11 @@ module Banzai
# We don't support IID lookups because IIDs can clash between
# group/project milestones and group/subgroup milestones.
params[:group_ids] = self_and_ancestors_ids(parent) unless find_by_iid
params[:group_ids] = group_and_ancestors_ids(parent) unless find_by_iid
end
end
def self_and_ancestors_ids(parent)
def group_and_ancestors_ids(parent)
if group_context?(parent)
parent.self_and_ancestors.select(:id)
elsif project_context?(parent)

6
lib/gitlab/database/load_balancing/load_balancer.rb
View File

@ -169,7 +169,11 @@ module Gitlab
when ActiveRecord::StatementInvalid, ActionView::Template::Error
# After connecting to the DB Rails will wrap query errors using this
# class.
connection_error?(error.cause)
if (cause = error.cause)
connection_error?(cause)
else
false
end
when *CONNECTION_ERRORS
true
else

21
locale/gitlab.pot
View File

@ -22203,21 +22203,12 @@ msgstr ""
msgid "NetworkPolicies|Policy definition"
msgstr ""
msgid "NetworkPolicies|Policy description"
msgstr ""
msgid "NetworkPolicies|Policy editor"
msgstr ""
msgid "NetworkPolicies|Policy preview"
msgstr ""
msgid "NetworkPolicies|Policy status"
msgstr ""
msgid "NetworkPolicies|Policy type"
msgstr ""
msgid "NetworkPolicies|Rule"
msgstr ""
@ -29682,6 +29673,9 @@ msgstr ""
msgid "SecurityOrchestration|Network"
msgstr ""
msgid "SecurityOrchestration|Network Policies can be used to limit which network traffic is allowed between containers inside the cluster."
msgstr ""
msgid "SecurityOrchestration|New policy"
msgstr ""
@ -29691,9 +29685,18 @@ msgstr ""
msgid "SecurityOrchestration|Policies"
msgstr ""
msgid "SecurityOrchestration|Policy description"
msgstr ""
msgid "SecurityOrchestration|Policy editor"
msgstr ""
msgid "SecurityOrchestration|Policy status"
msgstr ""
msgid "SecurityOrchestration|Policy type"
msgstr ""
msgid "SecurityOrchestration|Scan Execution"
msgstr ""

2
package.json
View File

@ -64,7 +64,7 @@
"@rails/actioncable": "6.1.3-2",
"@rails/ujs": "6.1.3-2",
"@sentry/browser": "5.26.0",
"@sourcegraph/code-host-integration": "0.0.59",
"@sourcegraph/code-host-integration": "0.0.60",
"@tiptap/core": "^2.0.0-beta.101",
"@tiptap/extension-blockquote": "^2.0.0-beta.15",
"@tiptap/extension-bold": "^2.0.0-beta.15",

6
spec/lib/gitlab/database/load_balancing/load_balancer_spec.rb
View File

@ -283,6 +283,12 @@ RSpec.describe Gitlab::Database::LoadBalancing::LoadBalancer, :request_store do
expect(lb.connection_error?(error)).to eq(false)
end
it 'returns false for ActiveRecord errors without a cause' do
error = ActiveRecord::RecordNotUnique.new
expect(lb.connection_error?(error)).to eq(false)
end
end
describe '#serialization_failure?' do

1
spec/lib/gitlab/import_export/all_models.yml
View File

@ -58,6 +58,7 @@ issues:
- test_reports
- requirement
- incident_management_issuable_escalation_status
- pending_escalations
work_item_type:
- issues
events:

4
spec/models/application_setting_spec.rb
View File

@ -931,6 +931,10 @@ RSpec.describe ApplicationSetting do
throttle_unauthenticated_packages_api_period_in_seconds
throttle_authenticated_packages_api_requests_per_period
throttle_authenticated_packages_api_period_in_seconds
throttle_unauthenticated_files_api_requests_per_period
throttle_unauthenticated_files_api_period_in_seconds
throttle_authenticated_files_api_requests_per_period
throttle_authenticated_files_api_period_in_seconds
]
end

26
spec/services/application_settings/update_service_spec.rb
View File

@ -362,6 +362,32 @@ RSpec.describe ApplicationSettings::UpdateService do
end
end
context 'when files API rate limits are passed' do
let(:params) do
{
throttle_unauthenticated_files_api_enabled: 1,
throttle_unauthenticated_files_api_period_in_seconds: 500,
throttle_unauthenticated_files_api_requests_per_period: 20,
throttle_authenticated_files_api_enabled: 1,
throttle_authenticated_files_api_period_in_seconds: 600,
throttle_authenticated_files_api_requests_per_period: 10
}
end
it 'updates files API throttle settings' do
subject.execute
application_settings.reload
expect(application_settings.throttle_unauthenticated_files_api_enabled).to be_truthy
expect(application_settings.throttle_unauthenticated_files_api_period_in_seconds).to eq(500)
expect(application_settings.throttle_unauthenticated_files_api_requests_per_period).to eq(20)
expect(application_settings.throttle_authenticated_files_api_enabled).to be_truthy
expect(application_settings.throttle_authenticated_files_api_period_in_seconds).to eq(600)
expect(application_settings.throttle_authenticated_files_api_requests_per_period).to eq(10)
end
end
context 'when issues_create_limit is passed' do
let(:params) do
{

8
yarn.lock
View File

@ -1427,10 +1427,10 @@
dependencies:
"@sinonjs/commons" "^1.7.0"
"@sourcegraph/code-host-integration@0.0.59":
version "0.0.59"
resolved "https://registry.yarnpkg.com/@sourcegraph/code-host-integration/-/code-host-integration-0.0.59.tgz#ac64a9f90ff48363334407d12622542d0faa7720"
integrity sha512-laZl6llJMr0OAYwihyhkVSrBmLSQy+X38HZKD590Sg+mgAp3C+Q9TXSYIEQjY2XrA3/ypuEbqoiTY8HyRl4b4g==
"@sourcegraph/code-host-integration@0.0.60":
version "0.0.60"
resolved "https://registry.yarnpkg.com/@sourcegraph/code-host-integration/-/code-host-integration-0.0.60.tgz#2043877fabb7eb986fcb61b67ee480afbb29f4f0"
integrity sha512-T+MvM8SUF7daA279hyQgwmva3J5LvPqwgQ/mWwxdVshehOQIPLUd310I0c6x6nZ0F/x4UjDWgRWzAqy6NLwV1w==
"@stylelint/postcss-css-in-js@^0.37.2":
version "0.37.2"