Add latest changes from gitlab-org/gitlab@master
This commit is contained in:
parent
9f6c0ac9fd
commit
d9c4e920ed
|
@ -315,12 +315,18 @@ module ApplicationSettingsHelper
|
|||
:throttle_authenticated_packages_api_enabled,
|
||||
:throttle_authenticated_packages_api_period_in_seconds,
|
||||
:throttle_authenticated_packages_api_requests_per_period,
|
||||
:throttle_authenticated_files_api_enabled,
|
||||
:throttle_authenticated_files_api_period_in_seconds,
|
||||
:throttle_authenticated_files_api_requests_per_period,
|
||||
:throttle_unauthenticated_enabled,
|
||||
:throttle_unauthenticated_period_in_seconds,
|
||||
:throttle_unauthenticated_requests_per_period,
|
||||
:throttle_unauthenticated_packages_api_enabled,
|
||||
:throttle_unauthenticated_packages_api_period_in_seconds,
|
||||
:throttle_unauthenticated_packages_api_requests_per_period,
|
||||
:throttle_unauthenticated_files_api_enabled,
|
||||
:throttle_unauthenticated_files_api_period_in_seconds,
|
||||
:throttle_unauthenticated_files_api_requests_per_period,
|
||||
:throttle_protected_paths_enabled,
|
||||
:throttle_protected_paths_period_in_seconds,
|
||||
:throttle_protected_paths_requests_per_period,
|
||||
|
|
|
@ -479,6 +479,14 @@ class ApplicationSetting < ApplicationRecord
|
|||
presence: true,
|
||||
numericality: { only_integer: true, greater_than: 0 }
|
||||
|
||||
validates :throttle_unauthenticated_files_api_requests_per_period,
|
||||
presence: true,
|
||||
numericality: { only_integer: true, greater_than: 0 }
|
||||
|
||||
validates :throttle_unauthenticated_files_api_period_in_seconds,
|
||||
presence: true,
|
||||
numericality: { only_integer: true, greater_than: 0 }
|
||||
|
||||
validates :throttle_authenticated_api_requests_per_period,
|
||||
presence: true,
|
||||
numericality: { only_integer: true, greater_than: 0 }
|
||||
|
@ -503,6 +511,14 @@ class ApplicationSetting < ApplicationRecord
|
|||
presence: true,
|
||||
numericality: { only_integer: true, greater_than: 0 }
|
||||
|
||||
validates :throttle_authenticated_files_api_requests_per_period,
|
||||
presence: true,
|
||||
numericality: { only_integer: true, greater_than: 0 }
|
||||
|
||||
validates :throttle_authenticated_files_api_period_in_seconds,
|
||||
presence: true,
|
||||
numericality: { only_integer: true, greater_than: 0 }
|
||||
|
||||
validates :throttle_protected_paths_requests_per_period,
|
||||
presence: true,
|
||||
numericality: { only_integer: true, greater_than: 0 }
|
||||
|
|
|
@ -167,6 +167,9 @@ module ApplicationSettingImplementation
|
|||
throttle_authenticated_packages_api_enabled: false,
|
||||
throttle_authenticated_packages_api_period_in_seconds: 15,
|
||||
throttle_authenticated_packages_api_requests_per_period: 1000,
|
||||
throttle_authenticated_files_api_enabled: false,
|
||||
throttle_authenticated_files_api_period_in_seconds: 15,
|
||||
throttle_authenticated_files_api_requests_per_period: 500,
|
||||
throttle_incident_management_notification_enabled: false,
|
||||
throttle_incident_management_notification_per_period: 3600,
|
||||
throttle_incident_management_notification_period_in_seconds: 3600,
|
||||
|
@ -179,6 +182,9 @@ module ApplicationSettingImplementation
|
|||
throttle_unauthenticated_packages_api_enabled: false,
|
||||
throttle_unauthenticated_packages_api_period_in_seconds: 15,
|
||||
throttle_unauthenticated_packages_api_requests_per_period: 800,
|
||||
throttle_unauthenticated_files_api_enabled: false,
|
||||
throttle_unauthenticated_files_api_period_in_seconds: 15,
|
||||
throttle_unauthenticated_files_api_requests_per_period: 125,
|
||||
time_tracking_limit_to_hours: false,
|
||||
two_factor_grace_period: 48,
|
||||
unique_ips_limit_enabled: false,
|
||||
|
|
|
@ -8,6 +8,7 @@ Gitlab::Database::Partitioning::PartitionManager.register(WebHookLog)
|
|||
|
||||
if Gitlab.ee?
|
||||
Gitlab::Database::Partitioning::PartitionManager.register(IncidentManagement::PendingEscalations::Alert)
|
||||
Gitlab::Database::Partitioning::PartitionManager.register(IncidentManagement::PendingEscalations::Issue)
|
||||
end
|
||||
|
||||
begin
|
||||
|
|
|
@ -0,0 +1,33 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
class CreateIncidentManagementPendingIssueEscalations < ActiveRecord::Migration[6.1]
|
||||
include Gitlab::Database::MigrationHelpers
|
||||
|
||||
def up
|
||||
with_lock_retries do
|
||||
execute(<<~SQL)
|
||||
CREATE TABLE incident_management_pending_issue_escalations (
|
||||
id bigserial NOT NULL,
|
||||
rule_id bigint NOT NULL,
|
||||
issue_id bigint NOT NULL,
|
||||
process_at timestamp with time zone NOT NULL,
|
||||
created_at timestamp with time zone NOT NULL,
|
||||
updated_at timestamp with time zone NOT NULL,
|
||||
PRIMARY KEY (id, process_at)
|
||||
) PARTITION BY RANGE (process_at);
|
||||
|
||||
CREATE INDEX index_incident_management_pending_issue_escalations_on_issue_id
|
||||
ON incident_management_pending_issue_escalations USING btree (issue_id);
|
||||
|
||||
CREATE INDEX index_incident_management_pending_issue_escalations_on_rule_id
|
||||
ON incident_management_pending_issue_escalations USING btree (rule_id);
|
||||
SQL
|
||||
end
|
||||
end
|
||||
|
||||
def down
|
||||
with_lock_retries do
|
||||
drop_table :incident_management_pending_issue_escalations
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,13 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
class AddThrottleFilesApiColumns < ActiveRecord::Migration[6.1]
|
||||
def change
|
||||
add_column :application_settings, :throttle_unauthenticated_files_api_requests_per_period, :integer, default: 125, null: false
|
||||
add_column :application_settings, :throttle_unauthenticated_files_api_period_in_seconds, :integer, default: 15, null: false
|
||||
add_column :application_settings, :throttle_authenticated_files_api_requests_per_period, :integer, default: 500, null: false
|
||||
add_column :application_settings, :throttle_authenticated_files_api_period_in_seconds, :integer, default: 15, null: false
|
||||
|
||||
add_column :application_settings, :throttle_unauthenticated_files_api_enabled, :boolean, default: false, null: false
|
||||
add_column :application_settings, :throttle_authenticated_files_api_enabled, :boolean, default: false, null: false
|
||||
end
|
||||
end
|
|
@ -0,0 +1,22 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
class AddForeignKeysForPendingIssueEscalations < ActiveRecord::Migration[6.1]
|
||||
include Gitlab::Database::PartitioningMigrationHelpers
|
||||
|
||||
disable_ddl_transaction!
|
||||
|
||||
def up
|
||||
add_concurrent_partitioned_foreign_key :incident_management_pending_issue_escalations,
|
||||
:incident_management_escalation_rules,
|
||||
column: :rule_id
|
||||
|
||||
add_concurrent_partitioned_foreign_key :incident_management_pending_issue_escalations,
|
||||
:issues,
|
||||
column: :issue_id
|
||||
end
|
||||
|
||||
def down
|
||||
remove_foreign_key_if_exists :incident_management_pending_issue_escalations, :incident_management_escalation_rules, column: :rule_id
|
||||
remove_foreign_key_if_exists :incident_management_pending_issue_escalations, :issues, column: :issue_id
|
||||
end
|
||||
end
|
|
@ -0,0 +1 @@
|
|||
2d0399beca58815197487d310318ed1cb3d8e85671d55581a6256ceac7667b43
|
|
@ -0,0 +1 @@
|
|||
5c74d34171ed9129ffbb3efe5417da1ba857cd729837544e58074debd5afca88
|
|
@ -0,0 +1 @@
|
|||
892a71a3f6fdeb20cb2837a426d6d0931c756f8bf3d647e520a72a0bb6f78309
|
|
@ -222,6 +222,16 @@ CREATE TABLE incident_management_pending_alert_escalations (
|
|||
)
|
||||
PARTITION BY RANGE (process_at);
|
||||
|
||||
CREATE TABLE incident_management_pending_issue_escalations (
|
||||
id bigint NOT NULL,
|
||||
rule_id bigint NOT NULL,
|
||||
issue_id bigint NOT NULL,
|
||||
process_at timestamp with time zone NOT NULL,
|
||||
created_at timestamp with time zone NOT NULL,
|
||||
updated_at timestamp with time zone NOT NULL
|
||||
)
|
||||
PARTITION BY RANGE (process_at);
|
||||
|
||||
CREATE TABLE web_hook_logs (
|
||||
id bigint NOT NULL,
|
||||
web_hook_id integer NOT NULL,
|
||||
|
@ -9596,6 +9606,12 @@ CREATE TABLE application_settings (
|
|||
encrypted_customers_dot_jwt_signing_key bytea,
|
||||
encrypted_customers_dot_jwt_signing_key_iv bytea,
|
||||
pypi_package_requests_forwarding boolean DEFAULT true NOT NULL,
|
||||
throttle_unauthenticated_files_api_requests_per_period integer DEFAULT 125 NOT NULL,
|
||||
throttle_unauthenticated_files_api_period_in_seconds integer DEFAULT 15 NOT NULL,
|
||||
throttle_authenticated_files_api_requests_per_period integer DEFAULT 500 NOT NULL,
|
||||
throttle_authenticated_files_api_period_in_seconds integer DEFAULT 15 NOT NULL,
|
||||
throttle_unauthenticated_files_api_enabled boolean DEFAULT false NOT NULL,
|
||||
throttle_authenticated_files_api_enabled boolean DEFAULT false NOT NULL,
|
||||
CONSTRAINT app_settings_container_reg_cleanup_tags_max_list_size_positive CHECK ((container_registry_cleanup_tags_service_max_list_size >= 0)),
|
||||
CONSTRAINT app_settings_ext_pipeline_validation_service_url_text_limit CHECK ((char_length(external_pipeline_validation_service_url) <= 255)),
|
||||
CONSTRAINT app_settings_registry_exp_policies_worker_capacity_positive CHECK ((container_registry_expiration_policies_worker_capacity >= 0)),
|
||||
|
@ -14147,6 +14163,15 @@ CREATE SEQUENCE incident_management_pending_alert_escalations_id_seq
|
|||
|
||||
ALTER SEQUENCE incident_management_pending_alert_escalations_id_seq OWNED BY incident_management_pending_alert_escalations.id;
|
||||
|
||||
CREATE SEQUENCE incident_management_pending_issue_escalations_id_seq
|
||||
START WITH 1
|
||||
INCREMENT BY 1
|
||||
NO MINVALUE
|
||||
NO MAXVALUE
|
||||
CACHE 1;
|
||||
|
||||
ALTER SEQUENCE incident_management_pending_issue_escalations_id_seq OWNED BY incident_management_pending_issue_escalations.id;
|
||||
|
||||
CREATE TABLE index_statuses (
|
||||
id integer NOT NULL,
|
||||
project_id integer NOT NULL,
|
||||
|
@ -20531,6 +20556,8 @@ ALTER TABLE ONLY incident_management_oncall_shifts ALTER COLUMN id SET DEFAULT n
|
|||
|
||||
ALTER TABLE ONLY incident_management_pending_alert_escalations ALTER COLUMN id SET DEFAULT nextval('incident_management_pending_alert_escalations_id_seq'::regclass);
|
||||
|
||||
ALTER TABLE ONLY incident_management_pending_issue_escalations ALTER COLUMN id SET DEFAULT nextval('incident_management_pending_issue_escalations_id_seq'::regclass);
|
||||
|
||||
ALTER TABLE ONLY index_statuses ALTER COLUMN id SET DEFAULT nextval('index_statuses_id_seq'::regclass);
|
||||
|
||||
ALTER TABLE ONLY insights ALTER COLUMN id SET DEFAULT nextval('insights_id_seq'::regclass);
|
||||
|
@ -21967,6 +21994,9 @@ ALTER TABLE ONLY incident_management_oncall_shifts
|
|||
ALTER TABLE ONLY incident_management_pending_alert_escalations
|
||||
ADD CONSTRAINT incident_management_pending_alert_escalations_pkey PRIMARY KEY (id, process_at);
|
||||
|
||||
ALTER TABLE ONLY incident_management_pending_issue_escalations
|
||||
ADD CONSTRAINT incident_management_pending_issue_escalations_pkey PRIMARY KEY (id, process_at);
|
||||
|
||||
ALTER TABLE ONLY index_statuses
|
||||
ADD CONSTRAINT index_statuses_pkey PRIMARY KEY (id);
|
||||
|
||||
|
@ -24266,6 +24296,10 @@ CREATE INDEX index_incident_management_pending_alert_escalations_on_rule_id ON O
|
|||
|
||||
CREATE INDEX index_incident_management_pending_alert_escalations_on_schedule ON ONLY incident_management_pending_alert_escalations USING btree (schedule_id);
|
||||
|
||||
CREATE INDEX index_incident_management_pending_issue_escalations_on_issue_id ON ONLY incident_management_pending_issue_escalations USING btree (issue_id);
|
||||
|
||||
CREATE INDEX index_incident_management_pending_issue_escalations_on_rule_id ON ONLY incident_management_pending_issue_escalations USING btree (rule_id);
|
||||
|
||||
CREATE UNIQUE INDEX index_index_statuses_on_project_id ON index_statuses USING btree (project_id);
|
||||
|
||||
CREATE INDEX index_insights_on_namespace_id ON insights USING btree (namespace_id);
|
||||
|
@ -27077,6 +27111,9 @@ ALTER TABLE ONLY incident_management_oncall_participants
|
|||
ALTER TABLE ONLY events
|
||||
ADD CONSTRAINT fk_rails_0434b48643 FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE;
|
||||
|
||||
ALTER TABLE incident_management_pending_issue_escalations
|
||||
ADD CONSTRAINT fk_rails_0470889ee5 FOREIGN KEY (rule_id) REFERENCES incident_management_escalation_rules(id) ON DELETE CASCADE;
|
||||
|
||||
ALTER TABLE ONLY ip_restrictions
|
||||
ADD CONSTRAINT fk_rails_04a93778d5 FOREIGN KEY (group_id) REFERENCES namespaces(id) ON DELETE CASCADE;
|
||||
|
||||
|
@ -27686,6 +27723,9 @@ ALTER TABLE ONLY status_page_published_incidents
|
|||
ALTER TABLE ONLY deployment_clusters
|
||||
ADD CONSTRAINT fk_rails_6359a164df FOREIGN KEY (deployment_id) REFERENCES deployments(id) ON DELETE CASCADE;
|
||||
|
||||
ALTER TABLE incident_management_pending_issue_escalations
|
||||
ADD CONSTRAINT fk_rails_636678b3bd FOREIGN KEY (issue_id) REFERENCES issues(id) ON DELETE CASCADE;
|
||||
|
||||
ALTER TABLE ONLY evidences
|
||||
ADD CONSTRAINT fk_rails_6388b435a6 FOREIGN KEY (release_id) REFERENCES releases(id) ON DELETE CASCADE;
|
||||
|
||||
|
|
|
@ -15,7 +15,7 @@ Available resources for the [GitLab REST API](index.md) can be grouped in the fo
|
|||
See also:
|
||||
|
||||
- [V3 to V4](v3_to_v4.md).
|
||||
- Adding [deploy keys for multiple projects](deploy_keys.md#adding-deploy-keys-to-multiple-projects).
|
||||
- Adding [deploy keys for multiple projects](deploy_keys.md#add-deploy-keys-to-multiple-projects).
|
||||
- [API Resources for various templates](#templates-api-resources).
|
||||
|
||||
## Project resources
|
||||
|
|
|
@ -8,7 +8,8 @@ info: To determine the technical writer assigned to the Stage/Group associated w
|
|||
|
||||
## List all deploy keys
|
||||
|
||||
Get a list of all deploy keys across all projects of the GitLab instance. This endpoint requires administrator access and is not available on GitLab.com.
|
||||
Get a list of all deploy keys across all projects of the GitLab instance. This
|
||||
endpoint requires an administrator role and is not available on GitLab.com.
|
||||
|
||||
```plaintext
|
||||
GET /deploy_keys
|
||||
|
@ -74,7 +75,7 @@ Example response:
|
|||
]
|
||||
```
|
||||
|
||||
## Single deploy key
|
||||
## Get a single deploy key
|
||||
|
||||
Get a single key.
|
||||
|
||||
|
@ -213,10 +214,10 @@ Example response:
|
|||
}
|
||||
```
|
||||
|
||||
## Adding deploy keys to multiple projects
|
||||
## Add deploy keys to multiple projects
|
||||
|
||||
If you want to easily add the same deploy key to multiple projects in the same
|
||||
group, this can be achieved quite easily with the API.
|
||||
If you want to add the same deploy key to multiple projects in the same
|
||||
group, this can be achieved with the API.
|
||||
|
||||
First, find the ID of the projects you're interested in, by either listing all
|
||||
projects:
|
||||
|
|
|
@ -5,7 +5,7 @@ group: Access
|
|||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
|
||||
---
|
||||
|
||||
# GitLab as an OAuth2 provider
|
||||
# GitLab as an OAuth 2.0 provider
|
||||
|
||||
This document covers using the [OAuth2](https://oauth.net/2/) protocol to allow
|
||||
other services to access GitLab resources on user's behalf.
|
||||
|
@ -15,9 +15,9 @@ other services, see the [OAuth2 authentication service provider](../integration/
|
|||
documentation. This functionality is based on the
|
||||
[doorkeeper Ruby gem](https://github.com/doorkeeper-gem/doorkeeper).
|
||||
|
||||
## Supported OAuth2 flows
|
||||
## Supported OAuth 2.0 flows
|
||||
|
||||
GitLab currently supports the following authorization flows:
|
||||
GitLab supports the following authorization flows:
|
||||
|
||||
- **Authorization code with [Proof Key for Code Exchange (PKCE)](https://tools.ietf.org/html/rfc7636):**
|
||||
Most secure. Without PKCE, you'd have to include client secrets on mobile clients,
|
||||
|
@ -26,14 +26,13 @@ GitLab currently supports the following authorization flows:
|
|||
server-side apps.
|
||||
- **Implicit grant:** Originally designed for user-agent only apps, such as
|
||||
single page web apps running on GitLab Pages).
|
||||
The [IETF](https://tools.ietf.org/html/draft-ietf-oauth-security-topics-09#section-2.1.2)
|
||||
The [Internet Engineering Task Force (IETF)](https://tools.ietf.org/html/draft-ietf-oauth-security-topics-09#section-2.1.2)
|
||||
recommends against Implicit grant flow.
|
||||
- **Resource owner password credentials:** To be used **only** for securely
|
||||
hosted, first-party services. GitLab recommends against use of this flow.
|
||||
|
||||
The draft specification for [OAuth 2.1](https://oauth.net/2.1/) specifically omits both the
|
||||
Implicit grant and Resource Owner Password Credentials flows.
|
||||
it will be deprecated in the next OAuth specification version.
|
||||
Implicit grant and Resource Owner Password Credentials flows. It will be deprecated in the next OAuth specification version.
|
||||
|
||||
Refer to the [OAuth RFC](https://tools.ietf.org/html/rfc6749) to find out
|
||||
how all those flows work and pick the right one for your use case.
|
||||
|
@ -57,7 +56,7 @@ parameter, which are securely bound to the user agent", with each request to the
|
|||
For production, please use HTTPS for your `redirect_uri`.
|
||||
For development, GitLab allows insecure HTTP redirect URIs.
|
||||
|
||||
As OAuth2 bases its security entirely on the transport layer, you should not use unprotected
|
||||
As OAuth 2.0 bases its security entirely on the transport layer, you should not use unprotected
|
||||
URIs. For more information, see the [OAuth 2.0 RFC](https://tools.ietf.org/html/rfc6749#section-3.1.2.1)
|
||||
and the [OAuth 2.0 Threat Model RFC](https://tools.ietf.org/html/rfc6819#section-4.4.2.1).
|
||||
These factors are particularly important when using the
|
||||
|
@ -123,7 +122,7 @@ Before starting the flow, generate the `STATE`, the `CODE_VERIFIER` and the `COD
|
|||
"created_at": 1607635748
|
||||
}
|
||||
```
|
||||
|
||||
|
||||
1. To retrieve a new `access_token`, use the `refresh_token` parameter. Refresh tokens may
|
||||
be used even after the `access_token` itself expires. This request:
|
||||
- Invalidates the existing `access_token` and `refresh_token`.
|
||||
|
@ -135,7 +134,7 @@ Before starting the flow, generate the `STATE`, the `CODE_VERIFIER` and the `COD
|
|||
```
|
||||
|
||||
Example response:
|
||||
|
||||
|
||||
```json
|
||||
{
|
||||
"access_token": "c97d1fe52119f38c7f67f0a14db68d60caa35ddc86fd12401718b649dcfa9c68",
|
||||
|
@ -203,7 +202,7 @@ be used as a CSRF token.
|
|||
"created_at": 1607635748
|
||||
}
|
||||
```
|
||||
|
||||
|
||||
1. To retrieve a new `access_token`, use the `refresh_token` parameter. Refresh tokens may
|
||||
be used even after the `access_token` itself expires. This request:
|
||||
- Invalidates the existing `access_token` and `refresh_token`.
|
||||
|
@ -245,12 +244,13 @@ scheduled to be removed for existing applications.
|
|||
|
||||
We recommend that you use [Authorization code with PKCE](#authorization-code-with-proof-key-for-code-exchange-pkce) instead. If you choose to use Implicit flow, be sure to verify the
|
||||
`application id` (or `client_id`) associated with the access token before granting
|
||||
access to the data, as described in [Retrieving the token information](#retrieving-the-token-information)).
|
||||
access to the data. To learn more, read
|
||||
[Retrieving the token information](#retrieve-the-token-information)).
|
||||
|
||||
Unlike the authorization code flow, the client receives an `access token`
|
||||
immediately as a result of the authorization request. The flow does not use
|
||||
the client secret or the authorization code because all of the application code
|
||||
and storage is easily accessible on client browsers and mobile devices.
|
||||
immediately as a result of the authorization request. The flow does not use the
|
||||
client secret or the authorization code, as the application
|
||||
code and storage is accessible on client browsers and mobile devices.
|
||||
|
||||
To request the access token, you should redirect the user to the
|
||||
`/oauth/authorize` endpoint using `token` response type:
|
||||
|
@ -367,10 +367,11 @@ or you can put the token to the Authorization header:
|
|||
curl --header "Authorization: Bearer OAUTH-TOKEN" "https://gitlab.example.com/api/v4/user"
|
||||
```
|
||||
|
||||
## Retrieving the token information
|
||||
## Retrieve the token information
|
||||
|
||||
To verify the details of a token, use the `token/info` endpoint provided by the Doorkeeper gem.
|
||||
For more information, see [`/oauth/token/info`](https://github.com/doorkeeper-gem/doorkeeper/wiki/API-endpoint-descriptions-and-examples#get----oauthtokeninfo).
|
||||
To verify the details of a token, use the `token/info` endpoint provided by the
|
||||
Doorkeeper gem. For more information, see
|
||||
[`/oauth/token/info`](https://github.com/doorkeeper-gem/doorkeeper/wiki/API-endpoint-descriptions-and-examples#get----oauthtokeninfo).
|
||||
|
||||
You must supply the access token, either:
|
||||
|
||||
|
@ -407,9 +408,10 @@ prevent breaking changes introduced in [doorkeeper 5.0.2](https://github.com/doo
|
|||
|
||||
Don't rely on these fields as they are slated for removal in a later release.
|
||||
|
||||
## OAuth2 tokens and GitLab registries
|
||||
## OAuth 2.0 tokens and GitLab registries
|
||||
|
||||
Standard OAuth2 tokens support different degrees of access to GitLab registries, as they:
|
||||
Standard OAuth 2.0 tokens support different degrees of access to GitLab
|
||||
registries, as they:
|
||||
|
||||
- Do not allow users to authenticate to:
|
||||
- The GitLab [Container registry](../user/packages/container_registry/index.md#authenticate-with-the-container-registry).
|
||||
|
|
|
@ -108,13 +108,14 @@ V1.
|
|||
GET group/:id/-/packages/composer/:package_name$:sha
|
||||
```
|
||||
|
||||
Note the `$` symbol in the URL. When making requests, you may need to use the URL-encoded version of
|
||||
the symbol `%24` (see example below).
|
||||
Note the `$` symbol in the URL. When making requests, you may need the
|
||||
URL-encoded version of the symbol `%24`. Refer to the example after
|
||||
the table:
|
||||
|
||||
| Attribute | Type | Required | Description |
|
||||
| -------------- | ------ | -------- | ----------- |
|
||||
| `id` | string | yes | The ID or full path of the group. |
|
||||
| `package_name` | string | yes | The name of the package. |
|
||||
| Attribute | Type | Required | Description |
|
||||
|----------------|--------|----------|---------------------------------------------------------------------------------------|
|
||||
| `id` | string | yes | The ID or full path of the group. |
|
||||
| `package_name` | string | yes | The name of the package. |
|
||||
| `sha` | string | yes | The SHA digest of the package, provided by the [V1 packages list](#v1-packages-list). |
|
||||
|
||||
```shell
|
||||
|
|
|
@ -58,11 +58,11 @@ Upload a package.
|
|||
PUT projects/:id/packages/npm/:package_name
|
||||
```
|
||||
|
||||
| Attribute | Type | Required | Description |
|
||||
| ----------------- | ------ | -------- | ----------- |
|
||||
| `id` | string | yes | The ID or full path of the project. |
|
||||
| `package_name` | string | yes | The name of the package. |
|
||||
| `versions` | string | yes | Package version info. |
|
||||
| Attribute | Type | Required | Description |
|
||||
|----------------|--------|----------|-------------------------------------|
|
||||
| `id` | string | yes | The ID or full path of the project. |
|
||||
| `package_name` | string | yes | The name of the package. |
|
||||
| `versions` | string | yes | Package version information. |
|
||||
|
||||
```shell
|
||||
curl --request PUT
|
||||
|
|
|
@ -47,7 +47,8 @@ To write the output to a file:
|
|||
curl --user <username>:<personal_access_token> "https://gitlab.example.com/api/v4/groups/1/packages/pypi/files/5y57017232013c8ac80647f4ca153k3726f6cba62d055cd747844ed95b3c65ff/my.pypi.package-0.0.1.tar.gz" >> my.pypi.package-0.0.1.tar.gz
|
||||
```
|
||||
|
||||
This writes the downloaded file to `my.pypi.package-0.0.1.tar.gz` in the current directory.
|
||||
This writes the downloaded file to `my.pypi.package-0.0.1.tar.gz` in the current
|
||||
directory.
|
||||
|
||||
## Group level simple API entry point
|
||||
|
||||
|
@ -106,7 +107,7 @@ GET projects/:id/packages/pypi/files/:sha256/:file_identifier
|
|||
| --------- | ---- | -------- | ----------- |
|
||||
| `id` | string | yes | The ID or full path of the project. |
|
||||
| `sha256` | string | yes | PyPI package file sha256 check sum. |
|
||||
| `file_identifier` | string | yes | The PyPI package file name. |
|
||||
| `file_identifier` | string | yes | The PyPI package filename. |
|
||||
|
||||
```shell
|
||||
curl --user <username>:<personal_access_token> "https://gitlab.example.com/api/v4/projects/1/packages/pypi/files/5y57017232013c8ac80647f4ca153k3726f6cba62d055cd747844ed95b3c65ff/my.pypi.package-0.0.1.tar.gz"
|
||||
|
@ -118,7 +119,8 @@ To write the output to a file:
|
|||
curl --user <username>:<personal_access_token> "https://gitlab.example.com/api/v4/projects/1/packages/pypi/files/5y57017232013c8ac80647f4ca153k3726f6cba62d055cd747844ed95b3c65ff/my.pypi.package-0.0.1.tar.gz" >> my.pypi.package-0.0.1.tar.gz
|
||||
```
|
||||
|
||||
This writes the downloaded file to `my.pypi.package-0.0.1.tar.gz` in the current directory.
|
||||
This writes the downloaded file to `my.pypi.package-0.0.1.tar.gz` in the current
|
||||
directory.
|
||||
|
||||
## Project-level simple API entry point
|
||||
|
||||
|
|
|
@ -43,7 +43,7 @@ This page gathers all the resources for the topic **Authentication** within GitL
|
|||
- [Personal access tokens](../../api/index.md#personalproject-access-tokens)
|
||||
- [Project access tokens](../../api/index.md#personalproject-access-tokens)
|
||||
- [Impersonation tokens](../../api/index.md#impersonation-tokens)
|
||||
- [GitLab as an OAuth2 provider](../../api/oauth2.md#gitlab-as-an-oauth2-provider)
|
||||
- [GitLab as an OAuth2 provider](../../api/oauth2.md#gitlab-as-an-oauth-20-provider)
|
||||
|
||||
## Third-party resources
|
||||
|
||||
|
|
|
@ -23,7 +23,8 @@ module Banzai
|
|||
label_relation = labels.where(title: label_names)
|
||||
end
|
||||
|
||||
return Label.none if (relation = [id_relation, label_relation].compact).empty?
|
||||
relation = [id_relation, label_relation].compact
|
||||
return Label.none if relation.all?(Label.none)
|
||||
|
||||
Label.from_union(relation)
|
||||
end
|
||||
|
|
|
@ -23,7 +23,8 @@ module Banzai
|
|||
milestone_relation = find_milestones(parent, false).where(name: milestone_names)
|
||||
end
|
||||
|
||||
return Milestone.none if (relation = [iid_relation, milestone_relation].compact).empty?
|
||||
relation = [iid_relation, milestone_relation].compact
|
||||
return Milestone.none if relation.all?(Milestone.none)
|
||||
|
||||
Milestone.from_union(relation).includes(:project, :group)
|
||||
end
|
||||
|
@ -116,11 +117,11 @@ module Banzai
|
|||
|
||||
# We don't support IID lookups because IIDs can clash between
|
||||
# group/project milestones and group/subgroup milestones.
|
||||
params[:group_ids] = self_and_ancestors_ids(parent) unless find_by_iid
|
||||
params[:group_ids] = group_and_ancestors_ids(parent) unless find_by_iid
|
||||
end
|
||||
end
|
||||
|
||||
def self_and_ancestors_ids(parent)
|
||||
def group_and_ancestors_ids(parent)
|
||||
if group_context?(parent)
|
||||
parent.self_and_ancestors.select(:id)
|
||||
elsif project_context?(parent)
|
||||
|
|
|
@ -169,7 +169,11 @@ module Gitlab
|
|||
when ActiveRecord::StatementInvalid, ActionView::Template::Error
|
||||
# After connecting to the DB Rails will wrap query errors using this
|
||||
# class.
|
||||
connection_error?(error.cause)
|
||||
if (cause = error.cause)
|
||||
connection_error?(cause)
|
||||
else
|
||||
false
|
||||
end
|
||||
when *CONNECTION_ERRORS
|
||||
true
|
||||
else
|
||||
|
|
|
@ -22203,21 +22203,12 @@ msgstr ""
|
|||
msgid "NetworkPolicies|Policy definition"
|
||||
msgstr ""
|
||||
|
||||
msgid "NetworkPolicies|Policy description"
|
||||
msgstr ""
|
||||
|
||||
msgid "NetworkPolicies|Policy editor"
|
||||
msgstr ""
|
||||
|
||||
msgid "NetworkPolicies|Policy preview"
|
||||
msgstr ""
|
||||
|
||||
msgid "NetworkPolicies|Policy status"
|
||||
msgstr ""
|
||||
|
||||
msgid "NetworkPolicies|Policy type"
|
||||
msgstr ""
|
||||
|
||||
msgid "NetworkPolicies|Rule"
|
||||
msgstr ""
|
||||
|
||||
|
@ -29682,6 +29673,9 @@ msgstr ""
|
|||
msgid "SecurityOrchestration|Network"
|
||||
msgstr ""
|
||||
|
||||
msgid "SecurityOrchestration|Network Policies can be used to limit which network traffic is allowed between containers inside the cluster."
|
||||
msgstr ""
|
||||
|
||||
msgid "SecurityOrchestration|New policy"
|
||||
msgstr ""
|
||||
|
||||
|
@ -29691,9 +29685,18 @@ msgstr ""
|
|||
msgid "SecurityOrchestration|Policies"
|
||||
msgstr ""
|
||||
|
||||
msgid "SecurityOrchestration|Policy description"
|
||||
msgstr ""
|
||||
|
||||
msgid "SecurityOrchestration|Policy editor"
|
||||
msgstr ""
|
||||
|
||||
msgid "SecurityOrchestration|Policy status"
|
||||
msgstr ""
|
||||
|
||||
msgid "SecurityOrchestration|Policy type"
|
||||
msgstr ""
|
||||
|
||||
msgid "SecurityOrchestration|Scan Execution"
|
||||
msgstr ""
|
||||
|
||||
|
|
|
@ -64,7 +64,7 @@
|
|||
"@rails/actioncable": "6.1.3-2",
|
||||
"@rails/ujs": "6.1.3-2",
|
||||
"@sentry/browser": "5.26.0",
|
||||
"@sourcegraph/code-host-integration": "0.0.59",
|
||||
"@sourcegraph/code-host-integration": "0.0.60",
|
||||
"@tiptap/core": "^2.0.0-beta.101",
|
||||
"@tiptap/extension-blockquote": "^2.0.0-beta.15",
|
||||
"@tiptap/extension-bold": "^2.0.0-beta.15",
|
||||
|
|
|
@ -283,6 +283,12 @@ RSpec.describe Gitlab::Database::LoadBalancing::LoadBalancer, :request_store do
|
|||
|
||||
expect(lb.connection_error?(error)).to eq(false)
|
||||
end
|
||||
|
||||
it 'returns false for ActiveRecord errors without a cause' do
|
||||
error = ActiveRecord::RecordNotUnique.new
|
||||
|
||||
expect(lb.connection_error?(error)).to eq(false)
|
||||
end
|
||||
end
|
||||
|
||||
describe '#serialization_failure?' do
|
||||
|
|
|
@ -58,6 +58,7 @@ issues:
|
|||
- test_reports
|
||||
- requirement
|
||||
- incident_management_issuable_escalation_status
|
||||
- pending_escalations
|
||||
work_item_type:
|
||||
- issues
|
||||
events:
|
||||
|
|
|
@ -931,6 +931,10 @@ RSpec.describe ApplicationSetting do
|
|||
throttle_unauthenticated_packages_api_period_in_seconds
|
||||
throttle_authenticated_packages_api_requests_per_period
|
||||
throttle_authenticated_packages_api_period_in_seconds
|
||||
throttle_unauthenticated_files_api_requests_per_period
|
||||
throttle_unauthenticated_files_api_period_in_seconds
|
||||
throttle_authenticated_files_api_requests_per_period
|
||||
throttle_authenticated_files_api_period_in_seconds
|
||||
]
|
||||
end
|
||||
|
||||
|
|
|
@ -362,6 +362,32 @@ RSpec.describe ApplicationSettings::UpdateService do
|
|||
end
|
||||
end
|
||||
|
||||
context 'when files API rate limits are passed' do
|
||||
let(:params) do
|
||||
{
|
||||
throttle_unauthenticated_files_api_enabled: 1,
|
||||
throttle_unauthenticated_files_api_period_in_seconds: 500,
|
||||
throttle_unauthenticated_files_api_requests_per_period: 20,
|
||||
throttle_authenticated_files_api_enabled: 1,
|
||||
throttle_authenticated_files_api_period_in_seconds: 600,
|
||||
throttle_authenticated_files_api_requests_per_period: 10
|
||||
}
|
||||
end
|
||||
|
||||
it 'updates files API throttle settings' do
|
||||
subject.execute
|
||||
|
||||
application_settings.reload
|
||||
|
||||
expect(application_settings.throttle_unauthenticated_files_api_enabled).to be_truthy
|
||||
expect(application_settings.throttle_unauthenticated_files_api_period_in_seconds).to eq(500)
|
||||
expect(application_settings.throttle_unauthenticated_files_api_requests_per_period).to eq(20)
|
||||
expect(application_settings.throttle_authenticated_files_api_enabled).to be_truthy
|
||||
expect(application_settings.throttle_authenticated_files_api_period_in_seconds).to eq(600)
|
||||
expect(application_settings.throttle_authenticated_files_api_requests_per_period).to eq(10)
|
||||
end
|
||||
end
|
||||
|
||||
context 'when issues_create_limit is passed' do
|
||||
let(:params) do
|
||||
{
|
||||
|
|
|
@ -1427,10 +1427,10 @@
|
|||
dependencies:
|
||||
"@sinonjs/commons" "^1.7.0"
|
||||
|
||||
"@sourcegraph/code-host-integration@0.0.59":
|
||||
version "0.0.59"
|
||||
resolved "https://registry.yarnpkg.com/@sourcegraph/code-host-integration/-/code-host-integration-0.0.59.tgz#ac64a9f90ff48363334407d12622542d0faa7720"
|
||||
integrity sha512-laZl6llJMr0OAYwihyhkVSrBmLSQy+X38HZKD590Sg+mgAp3C+Q9TXSYIEQjY2XrA3/ypuEbqoiTY8HyRl4b4g==
|
||||
"@sourcegraph/code-host-integration@0.0.60":
|
||||
version "0.0.60"
|
||||
resolved "https://registry.yarnpkg.com/@sourcegraph/code-host-integration/-/code-host-integration-0.0.60.tgz#2043877fabb7eb986fcb61b67ee480afbb29f4f0"
|
||||
integrity sha512-T+MvM8SUF7daA279hyQgwmva3J5LvPqwgQ/mWwxdVshehOQIPLUd310I0c6x6nZ0F/x4UjDWgRWzAqy6NLwV1w==
|
||||
|
||||
"@stylelint/postcss-css-in-js@^0.37.2":
|
||||
version "0.37.2"
|
||||
|
|
Loading…
Reference in New Issue