diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-05-20 14:34:42 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-05-20 14:34:42 +0000 |
commit | 9f46488805e86b1bc341ea1620b866016c2ce5ed (patch) | |
tree | f9748c7e287041e37d6da49e0a29c9511dc34768 /app/workers | |
parent | dfc92d081ea0332d69c8aca2f0e745cb48ae5e6d (diff) | |
download | gitlab-ce-9f46488805e86b1bc341ea1620b866016c2ce5ed.tar.gz |
Add latest changes from gitlab-org/gitlab@13-0-stable-ee
Diffstat (limited to 'app/workers')
25 files changed, 329 insertions, 106 deletions
diff --git a/app/workers/all_queues.yml b/app/workers/all_queues.yml index 57d41bfaec2..1f9a53d64d9 100644 --- a/app/workers/all_queues.yml +++ b/app/workers/all_queues.yml @@ -3,6 +3,20 @@ # # Do not edit it manually! --- +- :name: authorized_project_update:authorized_project_update_project_create + :feature_category: :authentication_and_authorization + :has_external_dependencies: + :urgency: :low + :resource_boundary: :unknown + :weight: 1 + :idempotent: true +- :name: authorized_project_update:authorized_project_update_user_refresh_with_low_urgency + :feature_category: :authentication_and_authorization + :has_external_dependencies: + :urgency: :low + :resource_boundary: :unknown + :weight: 1 + :idempotent: true - :name: auto_devops:auto_devops_disable :feature_category: :auto_devops :has_external_dependencies: @@ -18,35 +32,35 @@ :weight: 3 :idempotent: - :name: chaos:chaos_cpu_spin - :feature_category: :chaos_engineering + :feature_category: :not_owned :has_external_dependencies: :urgency: :low :resource_boundary: :unknown :weight: 2 :idempotent: - :name: chaos:chaos_db_spin - :feature_category: :chaos_engineering + :feature_category: :not_owned :has_external_dependencies: :urgency: :low :resource_boundary: :unknown :weight: 2 :idempotent: - :name: chaos:chaos_kill - :feature_category: :chaos_engineering + :feature_category: :not_owned :has_external_dependencies: :urgency: :low :resource_boundary: :unknown :weight: 2 :idempotent: - :name: chaos:chaos_leak_mem - :feature_category: :chaos_engineering + :feature_category: :not_owned :has_external_dependencies: :urgency: :low :resource_boundary: :unknown :weight: 2 :idempotent: - :name: chaos:chaos_sleep - :feature_category: :chaos_engineering + :feature_category: :not_owned :has_external_dependencies: :urgency: :low :resource_boundary: :unknown @@ -269,6 +283,13 @@ :resource_boundary: :unknown :weight: 1 :idempotent: +- :name: cronjob:x509_issuer_crl_check + :feature_category: :source_code_management + :has_external_dependencies: true + :urgency: :low + :resource_boundary: :unknown + :weight: 1 + :idempotent: true - :name: deployment:deployments_finished :feature_category: :continuous_delivery :has_external_dependencies: @@ -290,13 +311,6 @@ :resource_boundary: :cpu :weight: 3 :idempotent: -- :name: gcp_cluster:cluster_configure - :feature_category: :kubernetes_management - :has_external_dependencies: - :urgency: :low - :resource_boundary: :unknown - :weight: 1 - :idempotent: - :name: gcp_cluster:cluster_configure_istio :feature_category: :kubernetes_management :has_external_dependencies: true @@ -318,13 +332,6 @@ :resource_boundary: :unknown :weight: 1 :idempotent: -- :name: gcp_cluster:cluster_project_configure - :feature_category: :kubernetes_management - :has_external_dependencies: true - :urgency: :low - :resource_boundary: :unknown - :weight: 1 - :idempotent: - :name: gcp_cluster:cluster_provision :feature_category: :kubernetes_management :has_external_dependencies: true @@ -689,7 +696,7 @@ :resource_boundary: :unknown :weight: 1 :idempotent: -- :name: pipeline_background:ci_daily_report_results +- :name: pipeline_background:ci_daily_build_group_report_results :feature_category: :continuous_integration :has_external_dependencies: :urgency: :low @@ -849,14 +856,14 @@ :urgency: :high :resource_boundary: :unknown :weight: 5 - :idempotent: + :idempotent: true - :name: pipeline_processing:update_head_pipeline_for_merge_request :feature_category: :continuous_integration :has_external_dependencies: :urgency: :high :resource_boundary: :cpu :weight: 5 - :idempotent: + :idempotent: true - :name: repository_check:repository_check_batch :feature_category: :source_code_management :has_external_dependencies: @@ -961,7 +968,7 @@ :urgency: :low :resource_boundary: :unknown :weight: 2 - :idempotent: + :idempotent: true - :name: create_evidence :feature_category: :release_evidence :has_external_dependencies: @@ -1011,6 +1018,13 @@ :resource_boundary: :unknown :weight: 1 :idempotent: +- :name: design_management_new_version + :feature_category: :design_management + :has_external_dependencies: + :urgency: :low + :resource_boundary: :memory + :weight: 1 + :idempotent: - :name: detect_repository_languages :feature_category: :source_code_management :has_external_dependencies: @@ -1053,6 +1067,13 @@ :resource_boundary: :cpu :weight: 1 :idempotent: +- :name: external_service_reactive_caching + :feature_category: :not_owned + :has_external_dependencies: true + :urgency: :low + :resource_boundary: :unknown + :weight: 1 + :idempotent: - :name: file_hook :feature_category: :integrations :has_external_dependencies: @@ -1143,7 +1164,7 @@ :urgency: :low :resource_boundary: :unknown :weight: 1 - :idempotent: + :idempotent: true - :name: migrate_external_diffs :feature_category: :source_code_management :has_external_dependencies: @@ -1220,7 +1241,7 @@ :urgency: :high :resource_boundary: :unknown :weight: 3 - :idempotent: + :idempotent: true - :name: project_cache :feature_category: :source_code_management :has_external_dependencies: @@ -1280,7 +1301,7 @@ - :name: reactive_caching :feature_category: :not_owned :has_external_dependencies: - :urgency: :high + :urgency: :low :resource_boundary: :cpu :weight: 1 :idempotent: diff --git a/app/workers/authorized_project_update/project_create_worker.rb b/app/workers/authorized_project_update/project_create_worker.rb new file mode 100644 index 00000000000..651849b57ec --- /dev/null +++ b/app/workers/authorized_project_update/project_create_worker.rb @@ -0,0 +1,19 @@ +# frozen_string_literal: true + +module AuthorizedProjectUpdate + class ProjectCreateWorker + include ApplicationWorker + + feature_category :authentication_and_authorization + urgency :low + queue_namespace :authorized_project_update + + idempotent! + + def perform(project_id) + project = Project.find(project_id) + + AuthorizedProjectUpdate::ProjectCreateService.new(project).execute + end + end +end diff --git a/app/workers/authorized_project_update/user_refresh_with_low_urgency_worker.rb b/app/workers/authorized_project_update/user_refresh_with_low_urgency_worker.rb new file mode 100644 index 00000000000..19038cb8900 --- /dev/null +++ b/app/workers/authorized_project_update/user_refresh_with_low_urgency_worker.rb @@ -0,0 +1,11 @@ +# frozen_string_literal: true + +module AuthorizedProjectUpdate + class UserRefreshWithLowUrgencyWorker < ::AuthorizedProjectsWorker + feature_category :authentication_and_authorization + urgency :low + queue_namespace :authorized_project_update + + idempotent! + end +end diff --git a/app/workers/ci/daily_report_results_worker.rb b/app/workers/ci/daily_build_group_report_results_worker.rb index 314fd44f86c..a6d3c485e24 100644 --- a/app/workers/ci/daily_report_results_worker.rb +++ b/app/workers/ci/daily_build_group_report_results_worker.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true module Ci - class DailyReportResultsWorker + class DailyBuildGroupReportResultsWorker include ApplicationWorker include PipelineBackgroundQueue @@ -9,7 +9,7 @@ module Ci def perform(pipeline_id) Ci::Pipeline.find_by_id(pipeline_id).try do |pipeline| - Ci::DailyReportResultService.new.execute(pipeline) + Ci::DailyBuildGroupReportResultService.new.execute(pipeline) end end end diff --git a/app/workers/cluster_configure_worker.rb b/app/workers/cluster_configure_worker.rb deleted file mode 100644 index f9364ab7144..00000000000 --- a/app/workers/cluster_configure_worker.rb +++ /dev/null @@ -1,10 +0,0 @@ -# frozen_string_literal: true - -class ClusterConfigureWorker # rubocop:disable Scalability/IdempotentWorker - include ApplicationWorker - include ClusterQueue - - def perform(cluster_id) - # Scheduled for removal in https://gitlab.com/gitlab-org/gitlab-foss/issues/59319 - end -end diff --git a/app/workers/cluster_project_configure_worker.rb b/app/workers/cluster_project_configure_worker.rb deleted file mode 100644 index b68df01dc7a..00000000000 --- a/app/workers/cluster_project_configure_worker.rb +++ /dev/null @@ -1,12 +0,0 @@ -# frozen_string_literal: true - -class ClusterProjectConfigureWorker # rubocop:disable Scalability/IdempotentWorker - include ApplicationWorker - include ClusterQueue - - worker_has_external_dependencies! - - def perform(project_id) - # Scheduled for removal in https://gitlab.com/gitlab-org/gitlab-foss/issues/59319 - end -end diff --git a/app/workers/concerns/application_worker.rb b/app/workers/concerns/application_worker.rb index c0062780688..7ab9a0c2a02 100644 --- a/app/workers/concerns/application_worker.rb +++ b/app/workers/concerns/application_worker.rb @@ -11,6 +11,8 @@ module ApplicationWorker include WorkerAttributes include WorkerContext + LOGGING_EXTRA_KEY = 'extra' + included do set_queue @@ -24,6 +26,21 @@ module ApplicationWorker payload.stringify_keys.merge(context) end + + def log_extra_metadata_on_done(key, value) + @done_log_extra_metadata ||= {} + @done_log_extra_metadata[key] = value + end + + def logging_extras + return {} unless @done_log_extra_metadata + + # Prefix keys with class name to avoid conflicts in Elasticsearch types. + # Also prefix with "extra." so that we know to log these new fields. + @done_log_extra_metadata.transform_keys do |k| + "#{LOGGING_EXTRA_KEY}.#{self.class.name.gsub("::", "_").underscore}.#{k}" + end + end end class_methods do diff --git a/app/workers/concerns/chaos_queue.rb b/app/workers/concerns/chaos_queue.rb index c5db10491f2..a9c557f0175 100644 --- a/app/workers/concerns/chaos_queue.rb +++ b/app/workers/concerns/chaos_queue.rb @@ -5,6 +5,6 @@ module ChaosQueue included do queue_namespace :chaos - feature_category :chaos_engineering + feature_category_not_owned! end end diff --git a/app/workers/concerns/reactive_cacheable_worker.rb b/app/workers/concerns/reactive_cacheable_worker.rb new file mode 100644 index 00000000000..e73707c2b43 --- /dev/null +++ b/app/workers/concerns/reactive_cacheable_worker.rb @@ -0,0 +1,33 @@ +# frozen_string_literal: true + +module ReactiveCacheableWorker + extend ActiveSupport::Concern + + included do + include ApplicationWorker + + feature_category_not_owned! + + def self.context_for_arguments(arguments) + class_name, *_other_args = arguments + Gitlab::ApplicationContext.new(related_class: class_name.to_s) + end + end + + def perform(class_name, id, *args) + klass = begin + class_name.constantize + rescue NameError + nil + end + + return unless klass + + klass + .reactive_cache_worker_finder + .call(id, *args) + .try(:exclusively_update_reactive_cache!, *args) + rescue ReactiveCaching::ExceededReactiveCacheLimit => e + Gitlab::ErrorTracking.track_exception(e) + end +end diff --git a/app/workers/create_commit_signature_worker.rb b/app/workers/create_commit_signature_worker.rb index 9cbc75f8944..a88d2bf7d15 100644 --- a/app/workers/create_commit_signature_worker.rb +++ b/app/workers/create_commit_signature_worker.rb @@ -1,11 +1,13 @@ # frozen_string_literal: true -class CreateCommitSignatureWorker # rubocop:disable Scalability/IdempotentWorker +class CreateCommitSignatureWorker include ApplicationWorker feature_category :source_code_management weight 2 + idempotent! + # rubocop: disable CodeReuse/ActiveRecord def perform(commit_shas, project_id) # Older versions of Git::BranchPushService may push a single commit ID on diff --git a/app/workers/design_management/new_version_worker.rb b/app/workers/design_management/new_version_worker.rb new file mode 100644 index 00000000000..3634dcbcebd --- /dev/null +++ b/app/workers/design_management/new_version_worker.rb @@ -0,0 +1,31 @@ +# frozen_string_literal: true + +module DesignManagement + class NewVersionWorker # rubocop:disable Scalability/IdempotentWorker + include ApplicationWorker + + feature_category :design_management + # Declare this worker as memory bound due to + # `GenerateImageVersionsService` resizing designs + worker_resource_boundary :memory + + def perform(version_id) + version = DesignManagement::Version.find(version_id) + + add_system_note(version) + generate_image_versions(version) + rescue ActiveRecord::RecordNotFound => e + Sidekiq.logger.warn(e) + end + + private + + def add_system_note(version) + SystemNoteService.design_version_added(version) + end + + def generate_image_versions(version) + DesignManagement::GenerateImageVersionsService.new(version).execute + end + end +end diff --git a/app/workers/external_service_reactive_caching_worker.rb b/app/workers/external_service_reactive_caching_worker.rb new file mode 100644 index 00000000000..e3104b44a7f --- /dev/null +++ b/app/workers/external_service_reactive_caching_worker.rb @@ -0,0 +1,7 @@ +# frozen_string_literal: true + +class ExternalServiceReactiveCachingWorker # rubocop:disable Scalability/IdempotentWorker + include ReactiveCacheableWorker + + worker_has_external_dependencies! +end diff --git a/app/workers/gitlab/jira_import/import_issue_worker.rb b/app/workers/gitlab/jira_import/import_issue_worker.rb index 7ace0a35fd9..78de5cf1307 100644 --- a/app/workers/gitlab/jira_import/import_issue_worker.rb +++ b/app/workers/gitlab/jira_import/import_issue_worker.rb @@ -28,19 +28,35 @@ module Gitlab private def create_issue(issue_attributes, project_id) + label_ids = issue_attributes.delete('label_ids') + assignee_ids = issue_attributes.delete('assignee_ids') issue_id = insert_and_return_id(issue_attributes, Issue) - label_issue(project_id, issue_id) + label_issue(project_id, issue_id, label_ids) + assign_issue(project_id, issue_id, assignee_ids) issue_id end - def label_issue(project_id, issue_id) - label_id = JiraImport.get_import_label_id(project_id) - return unless label_id + def label_issue(project_id, issue_id, label_ids) + label_link_attrs = label_ids.to_a.map do |label_id| + build_label_attrs(issue_id, label_id.to_i) + end - label_link_attrs = build_label_attrs(issue_id, label_id.to_i) - insert_and_return_id(label_link_attrs, LabelLink) + import_label_id = JiraImport.get_import_label_id(project_id) + return unless import_label_id + + label_link_attrs << build_label_attrs(issue_id, import_label_id.to_i) + + Gitlab::Database.bulk_insert(LabelLink.table_name, label_link_attrs) + end + + def assign_issue(project_id, issue_id, assignee_ids) + return if assignee_ids.blank? + + assignee_attrs = assignee_ids.map { |user_id| { issue_id: issue_id, user_id: user_id } } + + Gitlab::Database.bulk_insert(IssueAssignee.table_name, assignee_attrs) end def build_label_attrs(issue_id, label_id) diff --git a/app/workers/group_import_worker.rb b/app/workers/group_import_worker.rb index b6fc5afc28c..d8f236013bf 100644 --- a/app/workers/group_import_worker.rb +++ b/app/workers/group_import_worker.rb @@ -2,14 +2,23 @@ class GroupImportWorker # rubocop:disable Scalability/IdempotentWorker include ApplicationWorker - include ExceptionBacktrace + sidekiq_options retry: false feature_category :importers def perform(user_id, group_id) current_user = User.find(user_id) group = Group.find(group_id) + group_import = group.build_import_state(jid: self.jid) + + group_import.start! ::Groups::ImportExport::ImportService.new(group: group, user: current_user).execute + + group_import.finish! + rescue StandardError => e + group_import&.fail_op(e.message) + + raise e end end diff --git a/app/workers/incident_management/process_alert_worker.rb b/app/workers/incident_management/process_alert_worker.rb index 8d4294cc231..2ce9fe359b5 100644 --- a/app/workers/incident_management/process_alert_worker.rb +++ b/app/workers/incident_management/process_alert_worker.rb @@ -7,11 +7,14 @@ module IncidentManagement queue_namespace :incident_management feature_category :incident_management - def perform(project_id, alert) + def perform(project_id, alert_payload, am_alert_id = nil) project = find_project(project_id) return unless project - create_issue(project, alert) + new_issue = create_issue(project, alert_payload) + return unless am_alert_id && new_issue.persisted? + + link_issue_with_alert(am_alert_id, new_issue.id) end private @@ -20,10 +23,24 @@ module IncidentManagement Project.find_by_id(project_id) end - def create_issue(project, alert) + def create_issue(project, alert_payload) IncidentManagement::CreateIssueService - .new(project, alert) + .new(project, alert_payload) .execute end + + def link_issue_with_alert(alert_id, issue_id) + alert = AlertManagement::Alert.find_by_id(alert_id) + return unless alert + + return if alert.update(issue_id: issue_id) + + Gitlab::AppLogger.warn( + message: 'Cannot link an Issue with Alert', + issue_id: issue_id, + alert_id: alert_id, + alert_errors: alert.errors.messages + ) + end end end diff --git a/app/workers/irker_worker.rb b/app/workers/irker_worker.rb index 73bc050d7be..7622f40a949 100644 --- a/app/workers/irker_worker.rb +++ b/app/workers/irker_worker.rb @@ -53,7 +53,7 @@ class IrkerWorker # rubocop:disable Scalability/IdempotentWorker def sendtoirker(privmsg) to_send = { to: @channels, privmsg: privmsg } - @socket.puts JSON.dump(to_send) + @socket.puts Gitlab::Json.dump(to_send) end def close_connection diff --git a/app/workers/merge_request_mergeability_check_worker.rb b/app/workers/merge_request_mergeability_check_worker.rb index a26c1a886f6..1a84efb4e52 100644 --- a/app/workers/merge_request_mergeability_check_worker.rb +++ b/app/workers/merge_request_mergeability_check_worker.rb @@ -1,9 +1,10 @@ # frozen_string_literal: true -class MergeRequestMergeabilityCheckWorker # rubocop:disable Scalability/IdempotentWorker +class MergeRequestMergeabilityCheckWorker include ApplicationWorker feature_category :source_code_management + idempotent! def perform(merge_request_id) merge_request = MergeRequest.find_by_id(merge_request_id) diff --git a/app/workers/new_release_worker.rb b/app/workers/new_release_worker.rb index 3c19e5f3d2b..fa4703d10f2 100644 --- a/app/workers/new_release_worker.rb +++ b/app/workers/new_release_worker.rb @@ -1,5 +1,7 @@ # frozen_string_literal: true +# TODO: Worker can be removed in 13.2: +# https://gitlab.com/gitlab-org/gitlab/-/issues/218231 class NewReleaseWorker # rubocop:disable Scalability/IdempotentWorker include ApplicationWorker diff --git a/app/workers/pages_domain_ssl_renewal_cron_worker.rb b/app/workers/pages_domain_ssl_renewal_cron_worker.rb index 43fb35c5298..fe6d516d3cf 100644 --- a/app/workers/pages_domain_ssl_renewal_cron_worker.rb +++ b/app/workers/pages_domain_ssl_renewal_cron_worker.rb @@ -10,11 +10,6 @@ class PagesDomainSslRenewalCronWorker # rubocop:disable Scalability/IdempotentWo return unless ::Gitlab::LetsEncrypt.enabled? PagesDomain.need_auto_ssl_renewal.with_logging_info.find_each do |domain| - # Ideally that should be handled in PagesDomain.need_auto_ssl_renewal scope - # but it's hard to make scope work with feature flags - # once we remove feature flag we can modify scope to implement this behaviour - next if Feature.enabled?(:pages_letsencrypt_errors, domain.project) && domain.auto_ssl_failed - with_context(project: domain.project) do PagesDomainSslRenewalWorker.perform_async(domain.id) end diff --git a/app/workers/process_commit_worker.rb b/app/workers/process_commit_worker.rb index 9960e812a2f..bdfabea8938 100644 --- a/app/workers/process_commit_worker.rb +++ b/app/workers/process_commit_worker.rb @@ -7,13 +7,15 @@ # result of this the workload of this worker should be kept to a bare minimum. # Consider using an extra worker if you need to add any extra (and potentially # slow) processing of commits. -class ProcessCommitWorker # rubocop:disable Scalability/IdempotentWorker +class ProcessCommitWorker include ApplicationWorker feature_category :source_code_management urgency :high weight 3 + idempotent! + # project_id - The ID of the project this commit belongs to. # user_id - The ID of the user that pushed the commit. # commit_hash - Hash containing commit details to use for constructing a diff --git a/app/workers/project_update_repository_storage_worker.rb b/app/workers/project_update_repository_storage_worker.rb index ecee33e6421..5c1a8062f12 100644 --- a/app/workers/project_update_repository_storage_worker.rb +++ b/app/workers/project_update_repository_storage_worker.rb @@ -5,9 +5,19 @@ class ProjectUpdateRepositoryStorageWorker # rubocop:disable Scalability/Idempot feature_category :gitaly - def perform(project_id, new_repository_storage_key) - project = Project.find(project_id) + def perform(project_id, new_repository_storage_key, repository_storage_move_id = nil) + repository_storage_move = + if repository_storage_move_id + ProjectRepositoryStorageMove.find(repository_storage_move_id) + else + # maintain compatibility with workers queued before release + project = Project.find(project_id) + project.repository_storage_moves.create!( + source_storage_name: project.repository_storage, + destination_storage_name: new_repository_storage_key + ) + end - ::Projects::UpdateRepositoryStorageService.new(project).execute(new_repository_storage_key) + ::Projects::UpdateRepositoryStorageService.new(repository_storage_move).execute end end diff --git a/app/workers/reactive_caching_worker.rb b/app/workers/reactive_caching_worker.rb index 513033281e5..a0829c31280 100644 --- a/app/workers/reactive_caching_worker.rb +++ b/app/workers/reactive_caching_worker.rb @@ -1,36 +1,8 @@ # frozen_string_literal: true class ReactiveCachingWorker # rubocop:disable Scalability/IdempotentWorker - include ApplicationWorker + include ReactiveCacheableWorker - feature_category_not_owned! - - # TODO: The reactive caching worker should be split into - # two different workers, one for high urgency jobs without external dependencies - # and another worker without high urgency, but with external dependencies - # https://gitlab.com/gitlab-com/gl-infra/scalability/issues/34 - # This worker should also have `worker_has_external_dependencies!` enabled - urgency :high + urgency :low worker_resource_boundary :cpu - - def self.context_for_arguments(arguments) - class_name, *_other_args = arguments - Gitlab::ApplicationContext.new(related_class: class_name.to_s) - end - - def perform(class_name, id, *args) - klass = begin - class_name.constantize - rescue NameError - nil - end - return unless klass - - klass - .reactive_cache_worker_finder - .call(id, *args) - .try(:exclusively_update_reactive_cache!, *args) - rescue ReactiveCaching::ExceededReactiveCacheLimit => e - Gitlab::ErrorTracking.track_exception(e) - end end diff --git a/app/workers/stage_update_worker.rb b/app/workers/stage_update_worker.rb index aface8288e3..20db19536c3 100644 --- a/app/workers/stage_update_worker.rb +++ b/app/workers/stage_update_worker.rb @@ -1,12 +1,14 @@ # frozen_string_literal: true -class StageUpdateWorker # rubocop:disable Scalability/IdempotentWorker +class StageUpdateWorker include ApplicationWorker include PipelineQueue queue_namespace :pipeline_processing urgency :high + idempotent! + def perform(stage_id) Ci::Stage.find_by_id(stage_id)&.update_legacy_status end diff --git a/app/workers/update_head_pipeline_for_merge_request_worker.rb b/app/workers/update_head_pipeline_for_merge_request_worker.rb index 69698ba81bd..63d11d33283 100644 --- a/app/workers/update_head_pipeline_for_merge_request_worker.rb +++ b/app/workers/update_head_pipeline_for_merge_request_worker.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class UpdateHeadPipelineForMergeRequestWorker # rubocop:disable Scalability/IdempotentWorker +class UpdateHeadPipelineForMergeRequestWorker include ApplicationWorker include PipelineQueue @@ -9,6 +9,8 @@ class UpdateHeadPipelineForMergeRequestWorker # rubocop:disable Scalability/Idem urgency :high worker_resource_boundary :cpu + idempotent! + def perform(merge_request_id) MergeRequest.find_by_id(merge_request_id).try do |merge_request| merge_request.update_head_pipeline diff --git a/app/workers/x509_issuer_crl_check_worker.rb b/app/workers/x509_issuer_crl_check_worker.rb new file mode 100644 index 00000000000..5fc92da803c --- /dev/null +++ b/app/workers/x509_issuer_crl_check_worker.rb @@ -0,0 +1,76 @@ +# frozen_string_literal: true + +class X509IssuerCrlCheckWorker + include ApplicationWorker + include CronjobQueue + + feature_category :source_code_management + urgency :low + + idempotent! + worker_has_external_dependencies! + + attr_accessor :logger + + def perform + @logger = Gitlab::GitLogger.build + + X509Issuer.all.find_each do |issuer| + with_context(related_class: X509IssuerCrlCheckWorker) do + update_certificates(issuer) + end + end + end + + private + + def update_certificates(issuer) + crl = download_crl(issuer) + return unless crl + + serials = X509Certificate.serial_numbers(issuer) + return if serials.empty? + + revoked_serials = serials & crl.revoked.map(&:serial).map(&:to_i) + + revoked_serials.each_slice(1000) do |batch| + certs = issuer.x509_certificates.where(serial_number: batch, certificate_status: :good) # rubocop: disable CodeReuse/ActiveRecord + + certs.find_each do |cert| + logger.info(message: "Certificate revoked", + id: cert.id, + email: cert.email, + subject: cert.subject, + serial_number: cert.serial_number, + issuer: cert.x509_issuer.id, + issuer_subject: cert.x509_issuer.subject, + issuer_crl_url: cert.x509_issuer.crl_url) + end + + certs.update_all(certificate_status: :revoked) + end + end + + def download_crl(issuer) + response = Gitlab::HTTP.try_get(issuer.crl_url) + + if response&.code == 200 + OpenSSL::X509::CRL.new(response.body) + else + logger.warn(message: "Failed to download certificate revocation list", + issuer: issuer.id, + issuer_subject: issuer.subject, + issuer_crl_url: issuer.crl_url) + + nil + end + + rescue OpenSSL::X509::CRLError + logger.warn(message: "Failed to parse certificate revocation list", + issuer: issuer.id, + issuer_subject: issuer.subject, + issuer_crl_url: issuer.crl_url) + + nil + end +end |