Add latest changes from gitlab-org/gitlab@master

5 files changed, 113 insertions, 78 deletions

diff --git a/app/services/alert_management/http_integrations/base_service.rb b/app/services/alert_management/http_integrations/base_service.rb
new file mode 100644
index 00000000000..980f18631c0
--- /dev/null
+++ b/app/services/alert_management/http_integrations/base_service.rb
@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+module AlertManagement
+  module HttpIntegrations
+    class BaseService < BaseProjectService
+      # @param project [Project]
+      # @param current_user [User]
+      # @param params [Hash]
+      def initialize(project, current_user, params)
+        @response = nil
+
+        super(project: project, current_user: current_user, params: params.with_indifferent_access)
+      end
+
+      private
+
+      def allowed?
+        current_user&.can?(:admin_operations, project)
+      end
+
+      def too_many_integrations?(integration)
+        AlertManagement::HttpIntegration
+          .for_project(integration.project_id)
+          .for_type(integration.type_identifier)
+          .id_not_in(integration.id)
+          .any?
+      end
+
+      def permitted_params
+        params.slice(*permitted_params_keys)
+      end
+
+      # overriden in EE
+      def permitted_params_keys
+        %i[name active type_identifier]
+      end
+
+      def error(message)
+        ServiceResponse.error(message: message)
+      end
+
+      def success(integration)
+        ServiceResponse.success(payload: { integration: integration.reset })
+      end
+
+      def error_multiple_integrations
+        error(_('Multiple integrations of a single type are not supported for this project'))
+      end
+
+      def error_on_save(integration)
+        error(integration.errors.full_messages.to_sentence)
+      end
+    end
+  end
+end
+
+::AlertManagement::HttpIntegrations::BaseService.prepend_mod
diff --git a/app/services/alert_management/http_integrations/create_service.rb b/app/services/alert_management/http_integrations/create_service.rb
index 1abe0548c45..17e39577c29 100644
--- a/app/services/alert_management/http_integrations/create_service.rb
+++ b/app/services/alert_management/http_integrations/create_service.rb
@@ -2,68 +2,34 @@
 
 module AlertManagement
   module HttpIntegrations
-    class CreateService
-      # @param project [Project]
-      # @param current_user [User]
-      # @param params [Hash]
-      def initialize(project, current_user, params)
-        @project = project
-        @current_user = current_user
-        @params = params.with_indifferent_access
-      end
-
+    class CreateService < BaseService
       def execute
         return error_no_permissions unless allowed?
-        return error_multiple_integrations unless creation_allowed?
-
-        integration = project.alert_management_http_integrations.create(permitted_params)
-        return error_in_create(integration) unless integration.valid?
-
-        success(integration)
-      end
 
-      private
+        ::AlertManagement::HttpIntegration.transaction do
+          integration = project.alert_management_http_integrations.build(permitted_params)
 
-      attr_reader :project, :current_user, :params
+          if integration.save
+            @response = success(integration)
 
-      def allowed?
-        current_user&.can?(:admin_operations, project)
-      end
+            if too_many_integrations?(integration)
+              @response = error_multiple_integrations
 
-      def creation_allowed?
-        project.alert_management_http_integrations.empty?
-      end
-
-      def permitted_params
-        params.slice(*permitted_params_keys)
-      end
+              raise ActiveRecord::Rollback
+            end
+          else
+            @response = error_on_save(integration)
+          end
+        end
 
-      # overriden in EE
-      def permitted_params_keys
-        %i[name active]
+        @response
       end
 
-      def error(message)
-        ServiceResponse.error(message: message)
-      end
-
-      def success(integration)
-        ServiceResponse.success(payload: { integration: integration })
-      end
+      private
 
       def error_no_permissions
         error(_('You have insufficient permissions to create an HTTP integration for this project'))
       end
-
-      def error_multiple_integrations
-        error(_('Multiple HTTP integrations are not supported for this project'))
-      end
-
-      def error_in_create(integration)
-        error(integration.errors.full_messages.to_sentence)
-      end
     end
   end
 end
-
-::AlertManagement::HttpIntegrations::CreateService.prepend_mod_with('AlertManagement::HttpIntegrations::CreateService')
diff --git a/app/services/alert_management/http_integrations/destroy_service.rb b/app/services/alert_management/http_integrations/destroy_service.rb
index aeb3f6cb807..1bd73ca46e4 100644
--- a/app/services/alert_management/http_integrations/destroy_service.rb
+++ b/app/services/alert_management/http_integrations/destroy_service.rb
@@ -12,6 +12,7 @@ module AlertManagement
 
       def execute
         return error_no_permissions unless allowed?
+        return error_legacy_prometheus unless destroy_allowed?
 
         if integration.destroy
           success
@@ -28,6 +29,12 @@ module AlertManagement
         current_user&.can?(:admin_operations, integration)
       end
 
+      # Prevents downtime while migrating from Integrations::Prometheus.
+      # Remove with https://gitlab.com/gitlab-org/gitlab/-/issues/409734
+      def destroy_allowed?
+        !(integration.legacy? && integration.prometheus?)
+      end
+
       def error(message)
         ServiceResponse.error(message: message)
       end
@@ -39,6 +46,10 @@ module AlertManagement
       def error_no_permissions
         error(_('You have insufficient permissions to remove this HTTP integration'))
       end
+
+      def error_legacy_prometheus
+        error(_('Legacy Prometheus integrations cannot currently be removed'))
+      end
     end
   end
 end
diff --git a/app/services/alert_management/http_integrations/update_service.rb b/app/services/alert_management/http_integrations/update_service.rb
index 8662f966a2e..f7a079576e4 100644
--- a/app/services/alert_management/http_integrations/update_service.rb
+++ b/app/services/alert_management/http_integrations/update_service.rb
@@ -2,51 +2,48 @@
 
 module AlertManagement
   module HttpIntegrations
-    class UpdateService
+    class UpdateService < BaseService
       # @param integration [AlertManagement::HttpIntegration]
       # @param current_user [User]
       # @param params [Hash]
       def initialize(integration, current_user, params)
         @integration = integration
-        @current_user = current_user
-        @params = params.with_indifferent_access
+
+        super(integration.project, current_user, params)
       end
 
       def execute
         return error_no_permissions unless allowed?
 
-        params[:token] = nil if params.delete(:regenerate_token)
+        integration.transaction do
+          if integration.update(permitted_params.merge(token_params))
+            @response = success(integration)
+
+            if type_update? && too_many_integrations?(integration)
+              @response = error_multiple_integrations
 
-        if integration.update(permitted_params)
-          success
-        else
-          error(integration.errors.full_messages.to_sentence)
+              raise ActiveRecord::Rollback
+            end
+          else
+            @response = error_on_save(integration)
+          end
         end
+
+        @response
       end
 
       private
 
-      attr_reader :integration, :current_user, :params
+      attr_reader :integration
 
-      def allowed?
-        current_user&.can?(:admin_operations, integration)
-      end
+      def token_params
+        return {} unless params[:regenerate_token]
 
-      def permitted_params
-        params.slice(*permitted_params_keys)
+        { token: nil }
       end
 
-      # overriden in EE
-      def permitted_params_keys
-        %i[name active token]
-      end
-
-      def error(message)
-        ServiceResponse.error(message: message)
-      end
-
-      def success
-        ServiceResponse.success(payload: { integration: integration.reset })
+      def type_update?
+        params[:type_identifier].present?
       end
 
       def error_no_permissions
@@ -55,5 +52,3 @@ module AlertManagement
     end
   end
 end
-
-::AlertManagement::HttpIntegrations::UpdateService.prepend_mod_with('AlertManagement::HttpIntegrations::UpdateService')
diff --git a/app/services/projects/prometheus/alerts/notify_service.rb b/app/services/projects/prometheus/alerts/notify_service.rb
index 1e084c0e5eb..1d24a113e05 100644
--- a/app/services/projects/prometheus/alerts/notify_service.rb
+++ b/app/services/projects/prometheus/alerts/notify_service.rb
@@ -79,12 +79,18 @@ module Projects
         end
 
         def valid_alert_manager_token?(token, integration)
-          valid_for_manual?(token) ||
-            valid_for_alerts_endpoint?(token, integration) ||
+          valid_for_alerts_endpoint?(token, integration) ||
+            valid_for_manual?(token) ||
             valid_for_cluster?(token)
         end
 
         def valid_for_manual?(token)
+          # If migration from Integrations::Prometheus to
+          # AlertManagement::HttpIntegrations is complete,
+          # we should use use the HttpIntegration as SSOT.
+          # Remove with https://gitlab.com/gitlab-org/gitlab/-/issues/409734
+          return false if project.alert_management_http_integrations.legacy.prometheus.any?
+
           prometheus = project.find_or_initialize_integration('prometheus')
           return false unless prometheus.manual_configuration?