diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-08-18 08:17:02 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-08-18 08:17:02 +0000 |
| commit | b39512ed755239198a9c294b6a45e65c05900235 (patch) | |
| tree | d234a3efade1de67c46b9e5a38ce813627726aa7 /lib/api | |
| parent | d31474cf3b17ece37939d20082b07f6657cc79a9 (diff) | |
| download | gitlab-ce-b39512ed755239198a9c294b6a45e65c05900235.tar.gz | |
Add latest changes from gitlab-org/gitlab@15-3-stable-eev15.3.0-rc42
Diffstat (limited to 'lib/api')
66 files changed, 539 insertions, 233 deletions
diff --git a/lib/api/api.rb b/lib/api/api.rb index 8827371546c..e4158eee37f 100644 --- a/lib/api/api.rb +++ b/lib/api/api.rb @@ -22,6 +22,7 @@ module API Gitlab::GrapeLogging::Loggers::ClientEnvLogger.new, Gitlab::GrapeLogging::Loggers::RouteLogger.new, Gitlab::GrapeLogging::Loggers::UserLogger.new, + Gitlab::GrapeLogging::Loggers::TokenLogger.new, Gitlab::GrapeLogging::Loggers::ExceptionLogger.new, Gitlab::GrapeLogging::Loggers::QueueDurationLogger.new, Gitlab::GrapeLogging::Loggers::PerfLogger.new, @@ -47,6 +48,12 @@ module API before do header['X-Frame-Options'] = 'SAMEORIGIN' header['X-Content-Type-Options'] = 'nosniff' + + if Rails.application.config.content_security_policy && !Rails.application.config.content_security_policy_report_only + policy = ActionDispatch::ContentSecurityPolicy.new { |p| p.default_src :none } + end + + request.env[ActionDispatch::ContentSecurityPolicy::Request::POLICY] = policy end before do diff --git a/lib/api/api_guard.rb b/lib/api/api_guard.rb index 8822a30d4a1..df550f12c0d 100644 --- a/lib/api/api_guard.rb +++ b/lib/api/api_guard.rb @@ -48,7 +48,9 @@ module API include Gitlab::Auth::AuthFinders def access_token - super || find_personal_access_token_from_http_basic_auth + strong_memoize(:api_guard_access_token) do + super || find_personal_access_token_from_http_basic_auth + end end def find_current_user! diff --git a/lib/api/applications.rb b/lib/api/applications.rb index 346bd6ccfe4..70488621f33 100644 --- a/lib/api/applications.rb +++ b/lib/api/applications.rb @@ -17,8 +17,10 @@ module API requires :redirect_uri, type: String, desc: 'Application redirect URI' requires :scopes, type: String, desc: 'Application scopes', allow_blank: false - optional :confidential, type: Boolean, default: true, - desc: 'Application will be used where the client secret is confidential' + optional :confidential, + type: Boolean, + default: true, + desc: 'Application will be used where the client secret is confidential' end post do application = Doorkeeper::Application.new(declared_params) diff --git a/lib/api/broadcast_messages.rb b/lib/api/broadcast_messages.rb index e818cad0d03..6af7c3b4804 100644 --- a/lib/api/broadcast_messages.rb +++ b/lib/api/broadcast_messages.rb @@ -37,8 +37,11 @@ module API optional :ends_at, type: DateTime, desc: 'Ending time', default: -> { 1.hour.from_now } optional :color, type: String, desc: 'Background color' optional :font, type: String, desc: 'Foreground color' - optional :target_access_levels, type: Array[Integer], coerce_with: Validations::Types::CommaSeparatedToIntegerArray.coerce, - values: BroadcastMessage::ALLOWED_TARGET_ACCESS_LEVELS, desc: 'Target user roles' + optional :target_access_levels, + type: Array[Integer], + coerce_with: Validations::Types::CommaSeparatedToIntegerArray.coerce, + values: BroadcastMessage::ALLOWED_TARGET_ACCESS_LEVELS, + desc: 'Target user roles' optional :target_path, type: String, desc: 'Target path' optional :broadcast_type, type: String, values: BroadcastMessage.broadcast_types.keys, desc: 'Broadcast type. Defaults to banner', default: -> { 'banner' } optional :dismissable, type: Boolean, desc: 'Is dismissable' @@ -79,8 +82,11 @@ module API optional :ends_at, type: DateTime, desc: 'Ending time' optional :color, type: String, desc: 'Background color' optional :font, type: String, desc: 'Foreground color' - optional :target_access_levels, type: Array[Integer], coerce_with: Validations::Types::CommaSeparatedToIntegerArray.coerce, - values: BroadcastMessage::ALLOWED_TARGET_ACCESS_LEVELS, desc: 'Target user roles' + optional :target_access_levels, + type: Array[Integer], + coerce_with: Validations::Types::CommaSeparatedToIntegerArray.coerce, + values: BroadcastMessage::ALLOWED_TARGET_ACCESS_LEVELS, + desc: 'Target user roles' optional :target_path, type: String, desc: 'Target path' optional :broadcast_type, type: String, values: BroadcastMessage.broadcast_types.keys, desc: 'Broadcast Type' optional :dismissable, type: Boolean, desc: 'Is dismissable' diff --git a/lib/api/bulk_imports.rb b/lib/api/bulk_imports.rb index b1cb84c97cb..2c6adc0f37b 100644 --- a/lib/api/bulk_imports.rb +++ b/lib/api/bulk_imports.rb @@ -44,14 +44,29 @@ module API requires :access_token, type: String, desc: 'Access token to the source GitLab instance' end requires :entities, type: Array, desc: 'List of entities to import' do - requires :source_type, type: String, desc: 'Source entity type (only `group_entity` is supported)', + requires :source_type, + type: String, + desc: 'Source entity type (only `group_entity` is supported)', values: %w[group_entity] requires :source_full_path, type: String, desc: 'Source full path of the entity to import' - requires :destination_name, type: String, desc: 'Destination slug for the entity' requires :destination_namespace, type: String, desc: 'Destination namespace for the entity' + optional :destination_slug, type: String, desc: 'Destination slug for the entity' + optional :destination_name, + type: String, + desc: 'Deprecated: Use :destination_slug instead. Destination slug for the entity' + + mutually_exclusive :destination_slug, :destination_name + at_least_one_of :destination_slug, :destination_name end end post do + params[:entities].each do |entity| + if entity[:destination_name] + entity[:destination_slug] ||= entity[:destination_name] + entity.delete(:destination_name) + end + end + response = ::BulkImports::CreateService.new( current_user, params[:entities], @@ -72,9 +87,9 @@ module API params do use :pagination optional :sort, type: String, values: %w[asc desc], default: 'desc', - desc: 'Return GitLab Migrations sorted in created by `asc` or `desc` order.' + desc: 'Return GitLab Migrations sorted in created by `asc` or `desc` order.' optional :status, type: String, values: BulkImport.all_human_statuses, - desc: 'Return GitLab Migrations with specified status' + desc: 'Return GitLab Migrations with specified status' end get do present paginate(bulk_imports), with: Entities::BulkImport @@ -86,9 +101,9 @@ module API params do use :pagination optional :sort, type: String, values: %w[asc desc], default: 'desc', - desc: 'Return GitLab Migrations sorted in created by `asc` or `desc` order.' + desc: 'Return GitLab Migrations sorted in created by `asc` or `desc` order.' optional :status, type: String, values: ::BulkImports::Entity.all_human_statuses, - desc: "Return all GitLab Migrations' entities with specified status" + desc: "Return all GitLab Migrations' entities with specified status" end get :entities do entities = ::BulkImports::EntitiesFinder.new( @@ -115,7 +130,7 @@ module API params do requires :import_id, type: Integer, desc: "The ID of user's GitLab Migration" optional :status, type: String, values: ::BulkImports::Entity.all_human_statuses, - desc: 'Return import entities with specified status' + desc: 'Return import entities with specified status' use :pagination end get ':import_id/entities' do diff --git a/lib/api/ci/helpers/runner.rb b/lib/api/ci/helpers/runner.rb index fe49074afed..269f2fa7ddc 100644 --- a/lib/api/ci/helpers/runner.rb +++ b/lib/api/ci/helpers/runner.rb @@ -138,17 +138,13 @@ module API def set_application_context return unless current_job - Gitlab::ApplicationContext.push(job: current_job) + Gitlab::ApplicationContext.push(job: current_job, runner: current_runner) end def track_ci_minutes_usage!(_build, _runner) # noop: overridden in EE end - def log_artifact_size(artifact) - Gitlab::ApplicationContext.push(artifact: artifact) - end - private def get_runner_config_from_request diff --git a/lib/api/ci/job_artifacts.rb b/lib/api/ci/job_artifacts.rb index 8b332f96be0..b843404e9d7 100644 --- a/lib/api/ci/job_artifacts.rb +++ b/lib/api/ci/job_artifacts.rb @@ -30,15 +30,16 @@ module API requires :job, type: String, desc: 'The name for the job' end route_setting :authentication, job_token_allowed: true - get ':id/jobs/artifacts/:ref_name/download', urgency: :low, - requirements: { ref_name: /.+/ } do - authorize_download_artifacts! + get ':id/jobs/artifacts/:ref_name/download', + urgency: :low, + requirements: { ref_name: /.+/ } do + authorize_download_artifacts! - latest_build = user_project.latest_successful_build_for_ref!(params[:job], params[:ref_name]) - authorize_read_job_artifacts!(latest_build) + latest_build = user_project.latest_successful_build_for_ref!(params[:job], params[:ref_name]) + authorize_read_job_artifacts!(latest_build) - present_artifacts_file!(latest_build.artifacts_file) - end + present_artifacts_file!(latest_build.artifacts_file) + end desc 'Download a specific file from artifacts archive from a ref' do detail 'This feature was introduced in GitLab 11.5' @@ -49,21 +50,22 @@ module API requires :artifact_path, type: String, desc: 'Artifact path' end route_setting :authentication, job_token_allowed: true - get ':id/jobs/artifacts/:ref_name/raw/*artifact_path', urgency: :low, - format: false, - requirements: { ref_name: /.+/ } do - authorize_download_artifacts! + get ':id/jobs/artifacts/:ref_name/raw/*artifact_path', + urgency: :low, + format: false, + requirements: { ref_name: /.+/ } do + authorize_download_artifacts! - build = user_project.latest_successful_build_for_ref!(params[:job], params[:ref_name]) - authorize_read_job_artifacts!(build) + build = user_project.latest_successful_build_for_ref!(params[:job], params[:ref_name]) + authorize_read_job_artifacts!(build) - path = Gitlab::Ci::Build::Artifacts::Path - .new(params[:artifact_path]) + path = Gitlab::Ci::Build::Artifacts::Path + .new(params[:artifact_path]) - bad_request! unless path.valid? + bad_request! unless path.valid? - send_artifacts_entry(build.artifacts_file, path) - end + send_artifacts_entry(build.artifacts_file, path) + end desc 'Download the artifacts archive from a job' do detail 'This feature was introduced in GitLab 8.5' diff --git a/lib/api/ci/jobs.rb b/lib/api/ci/jobs.rb index 97471d3c96e..cd5f1f77ced 100644 --- a/lib/api/ci/jobs.rb +++ b/lib/api/ci/jobs.rb @@ -152,8 +152,8 @@ module API end params do requires :job_id, type: Integer, desc: 'The ID of a Job' - optional :job_variables_attributes, type: Array, - desc: 'User defined variables that will be included when running the job' do + optional :job_variables_attributes, + type: Array, desc: 'User defined variables that will be included when running the job' do requires :key, type: String, desc: 'The name of the variable' requires :value, type: String, desc: 'The value of the variable' end diff --git a/lib/api/ci/pipeline_schedules.rb b/lib/api/ci/pipeline_schedules.rb index 4b522f37524..886c3509c51 100644 --- a/lib/api/ci/pipeline_schedules.rb +++ b/lib/api/ci/pipeline_schedules.rb @@ -42,6 +42,16 @@ module API present pipeline_schedule, with: Entities::Ci::PipelineScheduleDetails, user: current_user end + desc 'Get all pipelines triggered from a pipeline schedule' do + success Entities::Ci::PipelineBasic + end + params do + requires :pipeline_schedule_id, type: Integer, desc: 'The pipeline schedule ID' + end + get ':id/pipeline_schedules/:pipeline_schedule_id/pipelines' do + present paginate(pipeline_schedule.pipelines), with: Entities::Ci::PipelineBasic + end + desc 'Create a new pipeline schedule' do success Entities::Ci::PipelineScheduleDetails end diff --git a/lib/api/ci/pipelines.rb b/lib/api/ci/pipelines.rb index cd686a28dd2..72a81330e71 100644 --- a/lib/api/ci/pipelines.rb +++ b/lib/api/ci/pipelines.rb @@ -21,17 +21,17 @@ module API helpers do params :optional_scope do optional :scope, types: [String, Array[String]], desc: 'The scope of builds to show', - values: ::CommitStatus::AVAILABLE_STATUSES, - coerce_with: ->(scope) { - case scope - when String - [scope] - when ::Array - scope - else - ['unknown'] - end - } + values: ::CommitStatus::AVAILABLE_STATUSES, + coerce_with: ->(scope) { + case scope + when String + [scope] + when ::Array + scope + else + ['unknown'] + end + } end end diff --git a/lib/api/ci/runner.rb b/lib/api/ci/runner.rb index 65dc002e67d..9e4a700d0f3 100644 --- a/lib/api/ci/runner.rb +++ b/lib/api/ci/runner.rb @@ -38,7 +38,8 @@ module API attributes[:maintenance_note] ||= deprecated_note if deprecated_note attributes[:active] = !attributes.delete(:paused) if attributes.include?(:paused) - @runner = ::Ci::Runners::RegisterRunnerService.new.execute(params[:token], attributes) + result = ::Ci::Runners::RegisterRunnerService.new.execute(params[:token], attributes) + @runner = result.success? ? result.payload[:runner] : nil forbidden! unless @runner if @runner.persisted? @@ -255,7 +256,7 @@ module API optional :filesize, type: Integer, desc: %q(Artifacts filesize) optional :artifact_type, type: String, desc: %q(The type of artifact), - default: 'archive', values: ::Ci::JobArtifact.file_types.keys + default: 'archive', values: ::Ci::JobArtifact.file_types.keys end post '/:id/artifacts/authorize', feature_category: :build_artifacts, urgency: :low do not_allowed! unless Gitlab.config.artifacts.enabled @@ -288,9 +289,9 @@ module API optional :token, type: String, desc: %q(Job's authentication token) optional :expire_in, type: String, desc: %q(Specify when artifacts should expire) optional :artifact_type, type: String, desc: %q(The type of artifact), - default: 'archive', values: ::Ci::JobArtifact.file_types.keys + default: 'archive', values: ::Ci::JobArtifact.file_types.keys optional :artifact_format, type: String, desc: %q(The format of artifact), - default: 'zip', values: ::Ci::JobArtifact.file_formats.keys + default: 'zip', values: ::Ci::JobArtifact.file_formats.keys optional :metadata, type: ::API::Validations::Types::WorkhorseFile, desc: %(The artifact metadata to store (generated by Multipart middleware)) end post '/:id/artifacts', feature_category: :build_artifacts, urgency: :low do @@ -305,7 +306,8 @@ module API result = ::Ci::JobArtifacts::CreateService.new(job).execute(artifacts, params, metadata_file: metadata) if result[:status] == :success - log_artifact_size(result[:artifact]) + log_artifacts_filesize(result[:artifact]) + status :created body "201" else diff --git a/lib/api/ci/runners.rb b/lib/api/ci/runners.rb index 06bfee59140..ec9b09a3419 100644 --- a/lib/api/ci/runners.rb +++ b/lib/api/ci/runners.rb @@ -16,7 +16,7 @@ module API end params do optional :scope, type: String, values: ::Ci::Runner::AVAILABLE_STATUSES, - desc: 'The scope of specific runners to show' + desc: 'The scope of specific runners to show' optional :type, type: String, values: ::Ci::Runner::AVAILABLE_TYPES, desc: 'The type of the runners to show' optional :paused, type: Boolean, desc: 'Whether to include only runners that are accepting or ignoring new jobs' @@ -38,7 +38,7 @@ module API end params do optional :scope, type: String, values: ::Ci::Runner::AVAILABLE_SCOPES, - desc: 'The scope of specific runners to show' + desc: 'The scope of specific runners to show' optional :type, type: String, values: ::Ci::Runner::AVAILABLE_TYPES, desc: 'The type of the runners to show' optional :paused, type: Boolean, desc: 'Whether to include only runners that are accepting or ignoring new jobs' @@ -159,7 +159,7 @@ module API end params do optional :scope, type: String, values: ::Ci::Runner::AVAILABLE_SCOPES, - desc: 'The scope of specific runners to show' + desc: 'The scope of specific runners to show' optional :type, type: String, values: ::Ci::Runner::AVAILABLE_TYPES, desc: 'The type of the runners to show' optional :paused, type: Boolean, desc: 'Whether to include only runners that are accepting or ignoring new jobs' @@ -188,7 +188,7 @@ module API runner = get_runner(params[:runner_id]) authenticate_enable_runner!(runner) - if ::Ci::Runners::AssignRunnerService.new(runner, user_project, current_user).execute + if ::Ci::Runners::AssignRunnerService.new(runner, user_project, current_user).execute.success? present runner, with: Entities::Ci::Runner else render_validation_error!(runner) @@ -225,10 +225,10 @@ module API end params do optional :type, type: String, values: ::Ci::Runner::AVAILABLE_TYPES, - desc: 'The type of the runners to show' + desc: 'The type of the runners to show' optional :paused, type: Boolean, desc: 'Whether to include only runners that are accepting or ignoring new jobs' optional :status, type: String, values: ::Ci::Runner::AVAILABLE_STATUSES, - desc: 'The status of the runners to show' + desc: 'The status of the runners to show' optional :tag_list, type: Array[String], coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce, desc: 'The tags of the runners to show' use :pagination end diff --git a/lib/api/commits.rb b/lib/api/commits.rb index 5fd9a8e3278..7a6c3e4d53f 100644 --- a/lib/api/commits.rb +++ b/lib/api/commits.rb @@ -10,6 +10,8 @@ module API before do require_repository_enabled! authorize! :download_code, user_project + + verify_pagination_params! end helpers do @@ -86,7 +88,7 @@ module API requires :branch, type: String, desc: 'Name of the branch to commit into. To create a new branch, also provide either `start_branch` or `start_sha`, and optionally `start_project`.', allow_blank: false requires :commit_message, type: String, desc: 'Commit message' requires :actions, type: Array, desc: 'Actions to perform in commit' do - requires :action, type: String, desc: 'The action to perform, `create`, `delete`, `move`, `update`, `chmod`', values: %w[create update move delete chmod].freeze + requires :action, type: String, desc: 'The action to perform, `create`, `delete`, `move`, `update`, `chmod`', values: %w[create update move delete chmod].freeze, allow_blank: false requires :file_path, type: String, desc: 'Full path to the file. Ex. `lib/class.rb`' given action: ->(action) { action == 'move' } do requires :previous_path, type: String, desc: 'Original full path to the file being moved. Ex. `lib/class1.rb`' @@ -302,8 +304,8 @@ module API not_found!('Commit') unless commit refs = [] - refs.concat(user_project.repository.branch_names_contains(commit.id).map {|name| { type: 'branch', name: name }}) unless params[:type] == 'tag' - refs.concat(user_project.repository.tag_names_contains(commit.id).map {|name| { type: 'tag', name: name }}) unless params[:type] == 'branch' + refs.concat(user_project.repository.branch_names_contains(commit.id).map { |name| { type: 'branch', name: name } }) unless params[:type] == 'tag' + refs.concat(user_project.repository.tag_names_contains(commit.id).map { |name| { type: 'tag', name: name } }) unless params[:type] == 'branch' refs = Kaminari.paginate_array(refs) present paginate(refs), with: Entities::BasicRef diff --git a/lib/api/concerns/packages/debian_distribution_endpoints.rb b/lib/api/concerns/packages/debian_distribution_endpoints.rb index e01f3adbb06..380966136df 100644 --- a/lib/api/concerns/packages/debian_distribution_endpoints.rb +++ b/lib/api/concerns/packages/debian_distribution_endpoints.rb @@ -33,13 +33,13 @@ module API optional :valid_time_duration_seconds, type: Integer, desc: 'The duration before the Release file should be considered expired by the client' optional :components, type: Array[String], - coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce, - regexp: Gitlab::Regex.debian_component_regex, - desc: 'The list of Components' + coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce, + regexp: Gitlab::Regex.debian_component_regex, + desc: 'The list of Components' optional :architectures, type: Array[String], - coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce, - regexp: Gitlab::Regex.debian_architecture_regex, - desc: 'The list of Architectures' + coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce, + regexp: Gitlab::Regex.debian_architecture_regex, + desc: 'The list of Architectures' end end diff --git a/lib/api/debian_project_packages.rb b/lib/api/debian_project_packages.rb index ca576254c3d..06846d8f36e 100644 --- a/lib/api/debian_project_packages.rb +++ b/lib/api/debian_project_packages.rb @@ -73,10 +73,10 @@ module API bad_request!('File is too large') if authorized_user_project.actual_limits.exceeded?(:debian_max_file_size, params[:file].size) file_params = { - file: params['file'], - file_name: params['file_name'], - file_sha1: params['file.sha1'], - file_md5: params['file.md5'] + file: params['file'], + file_name: params['file_name'], + file_sha1: params['file.sha1'], + file_md5: params['file.md5'] } package = ::Packages::Debian::FindOrCreateIncomingService.new(authorized_user_project, current_user).execute diff --git a/lib/api/deploy_tokens.rb b/lib/api/deploy_tokens.rb index 3e0411d2e91..3955e29621f 100644 --- a/lib/api/deploy_tokens.rb +++ b/lib/api/deploy_tokens.rb @@ -71,8 +71,11 @@ module API params do requires :name, type: String, desc: "New deploy token's name" - requires :scopes, type: Array[String], coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce, values: ::DeployToken::AVAILABLE_SCOPES.map(&:to_s), - desc: 'Indicates the deploy token scopes. Must be at least one of "read_repository", "read_registry", "write_registry", "read_package_registry", or "write_package_registry".' + requires :scopes, + type: Array[String], + coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce, + values: ::DeployToken::AVAILABLE_SCOPES.map(&:to_s), + desc: 'Indicates the deploy token scopes. Must be at least one of "read_repository", "read_registry", "write_registry", "read_package_registry", or "write_package_registry".' optional :expires_at, type: DateTime, desc: 'Expiration date for the deploy token. Does not expire if no value is provided.' optional :username, type: String, desc: 'Username for deploy token. Default is `gitlab+deploy-token-{n}`' end @@ -152,8 +155,11 @@ module API params do requires :name, type: String, desc: 'The name of the deploy token' - requires :scopes, type: Array[String], coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce, values: ::DeployToken::AVAILABLE_SCOPES.map(&:to_s), - desc: 'Indicates the deploy token scopes. Must be at least one of "read_repository", "read_registry", "write_registry", "read_package_registry", or "write_package_registry".' + requires :scopes, + type: Array[String], + coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce, + values: ::DeployToken::AVAILABLE_SCOPES.map(&:to_s), + desc: 'Indicates the deploy token scopes. Must be at least one of "read_repository", "read_registry", "write_registry", "read_package_registry", or "write_package_registry".' optional :expires_at, type: DateTime, desc: 'Expiration date for the deploy token. Does not expire if no value is provided.' optional :username, type: String, desc: 'Username for deploy token. Default is `gitlab+deploy-token-{n}`' end diff --git a/lib/api/deployments.rb b/lib/api/deployments.rb index 8db5f54b45a..ee0a026d7ac 100644 --- a/lib/api/deployments.rb +++ b/lib/api/deployments.rb @@ -119,9 +119,9 @@ module API end params do requires :status, - type: String, - desc: 'The new status of the deployment', - values: %w[running success failed canceled] + type: String, + desc: 'The new status of the deployment', + values: %w[running success failed canceled] end put ':id/deployments/:deployment_id' do authorize!(:read_deployment, user_project) @@ -143,6 +143,27 @@ module API end end + desc 'Deletes an existing deployment' do + detail 'This feature was introduced in GitLab 15.3' + http_codes [[204, 'Deployment was deleted'], [403, 'Forbidden'], [400, 'Cannot destroy']] + end + params do + requires :deployment_id, type: Integer, desc: 'The deployment ID' + end + delete ':id/deployments/:deployment_id' do + deployment = user_project.deployments.find(params[:deployment_id]) + + authorize!(:destroy_deployment, deployment) + + destroy_conditionally!(deployment) do + result = ::Ci::Deployments::DestroyService.new(user_project, current_user).execute(deployment) + + if result[:status] == :error + render_api_error!(result[:message], result[:http_status] || 400) + end + end + end + helpers Helpers::MergeRequestsHelpers desc 'Get all merge requests of a deployment' do diff --git a/lib/api/entities/bulk_imports/entity.rb b/lib/api/entities/bulk_imports/entity.rb index e8c31256b17..142bfaf2149 100644 --- a/lib/api/entities/bulk_imports/entity.rb +++ b/lib/api/entities/bulk_imports/entity.rb @@ -8,7 +8,8 @@ module API expose :bulk_import_id expose :status_name, as: :status expose :source_full_path - expose :destination_name + expose :destination_name # deprecated + expose :destination_slug expose :destination_namespace expose :parent_id expose :namespace_id diff --git a/lib/api/entities/group_detail.rb b/lib/api/entities/group_detail.rb index e521de0d572..7b05984421a 100644 --- a/lib/api/entities/group_detail.rb +++ b/lib/api/entities/group_detail.rb @@ -7,7 +7,8 @@ module API SharedGroupWithGroup.represent(group.shared_with_group_links_visible_to_user(options[:current_user])) end expose :runners_token, if: ->(_, options) { options[:user_can_admin_group] } - expose :prevent_sharing_groups_outside_hierarchy, if: ->(group) { group.root? } + expose :prevent_sharing_groups_outside_hierarchy, + if: ->(group) { group.root? && group.namespace_settings.present? } expose :projects, if: ->(_, options) { options[:with_projects] }, diff --git a/lib/api/entities/merge_request_reviewer.rb b/lib/api/entities/merge_request_reviewer.rb new file mode 100644 index 00000000000..3bf2ccc36aa --- /dev/null +++ b/lib/api/entities/merge_request_reviewer.rb @@ -0,0 +1,12 @@ +# frozen_string_literal: true + +module API + module Entities + class MergeRequestReviewer < Grape::Entity + expose :reviewer, as: :user, using: Entities::UserBasic + expose :updated_state_by, using: Entities::UserBasic + expose :state + expose :created_at + end + end +end diff --git a/lib/api/entities/note.rb b/lib/api/entities/note.rb index a597aa7bb4a..a92f534bbdc 100644 --- a/lib/api/entities/note.rb +++ b/lib/api/entities/note.rb @@ -26,6 +26,7 @@ module API expose :resolved_at, if: ->(note, options) { note.resolvable? } expose :confidential?, as: :confidential + expose :confidential?, as: :internal # Avoid N+1 queries as much as possible expose(:noteable_iid) { |note| note.noteable.iid if NOTEABLE_TYPES_WITH_IID.include?(note.noteable_type) } diff --git a/lib/api/entities/project.rb b/lib/api/entities/project.rb index 906c252d7f9..1739bdd639e 100644 --- a/lib/api/entities/project.rb +++ b/lib/api/entities/project.rb @@ -47,8 +47,9 @@ module API expose :visibility expose :owner, using: Entities::UserBasic, unless: ->(project, options) { project.group } expose :resolve_outdated_diff_discussions - expose :container_expiration_policy, using: Entities::ContainerExpirationPolicy, - if: -> (project, _) { project.container_expiration_policy } + expose :container_expiration_policy, + using: Entities::ContainerExpirationPolicy, + if: -> (project, _) { project.container_expiration_policy } # Expose old field names with the new permissions methods to keep API compatible # TODO: remove in API v5, replaced by *_access_level @@ -67,18 +68,18 @@ module API Ability.allowed?(options[:current_user], :create_merge_request_in, project) end - expose(:issues_access_level) { |project, options| project.project_feature.string_access_level(:issues) } - expose(:repository_access_level) { |project, options| project.project_feature.string_access_level(:repository) } - expose(:merge_requests_access_level) { |project, options| project.project_feature.string_access_level(:merge_requests) } - expose(:forking_access_level) { |project, options| project.project_feature.string_access_level(:forking) } - expose(:wiki_access_level) { |project, options| project.project_feature.string_access_level(:wiki) } - expose(:builds_access_level) { |project, options| project.project_feature.string_access_level(:builds) } - expose(:snippets_access_level) { |project, options| project.project_feature.string_access_level(:snippets) } - expose(:pages_access_level) { |project, options| project.project_feature.string_access_level(:pages) } - expose(:operations_access_level) { |project, options| project.project_feature.string_access_level(:operations) } - expose(:analytics_access_level) { |project, options| project.project_feature.string_access_level(:analytics) } - expose(:container_registry_access_level) { |project, options| project.project_feature.string_access_level(:container_registry) } - expose(:security_and_compliance_access_level) { |project, options| project.project_feature.string_access_level(:security_and_compliance) } + expose(:issues_access_level) { |project, options| project_feature_string_access_level(project, :issues) } + expose(:repository_access_level) { |project, options| project_feature_string_access_level(project, :repository) } + expose(:merge_requests_access_level) { |project, options| project_feature_string_access_level(project, :merge_requests) } + expose(:forking_access_level) { |project, options| project_feature_string_access_level(project, :forking) } + expose(:wiki_access_level) { |project, options| project_feature_string_access_level(project, :wiki) } + expose(:builds_access_level) { |project, options| project_feature_string_access_level(project, :builds) } + expose(:snippets_access_level) { |project, options| project_feature_string_access_level(project, :snippets) } + expose(:pages_access_level) { |project, options| project_feature_string_access_level(project, :pages) } + expose(:operations_access_level) { |project, options| project_feature_string_access_level(project, :operations) } + expose(:analytics_access_level) { |project, options| project_feature_string_access_level(project, :analytics) } + expose(:container_registry_access_level) { |project, options| project_feature_string_access_level(project, :container_registry) } + expose(:security_and_compliance_access_level) { |project, options| project_feature_string_access_level(project, :security_and_compliance) } expose :emails_disabled expose :shared_runners_enabled @@ -105,13 +106,13 @@ module API expose :ci_job_token_scope_enabled expose :ci_separated_caches expose :ci_opt_in_jwt + expose :ci_allow_fork_pipelines_to_run_in_parent_project expose :public_builds, as: :public_jobs expose :build_git_strategy, if: lambda { |project, options| options[:user_can_admin_project] } do |project, options| project.build_allow_git_fetch ? 'fetch' : 'clone' end expose :build_timeout expose :auto_cancel_pending_pipelines - expose :build_coverage_regex expose :ci_config_path, if: -> (project, options) { Ability.allowed?(options[:current_user], :download_code, project) } expose :shared_with_groups do |project, options| user = options[:current_user] diff --git a/lib/api/feature_flags.rb b/lib/api/feature_flags.rb index 42050888c14..67e96284449 100644 --- a/lib/api/feature_flags.rb +++ b/lib/api/feature_flags.rb @@ -24,8 +24,10 @@ module API success ::API::Entities::FeatureFlag end params do - optional :scope, type: String, desc: 'The scope of feature flags', - values: %w[enabled disabled] + optional :scope, + type: String, + desc: 'The scope of feature flags', + values: %w[enabled disabled] use :pagination end get do diff --git a/lib/api/features.rb b/lib/api/features.rb index 13a6aedc2df..f89da48acea 100644 --- a/lib/api/features.rb +++ b/lib/api/features.rb @@ -69,11 +69,14 @@ module API optional :key, type: String, desc: '`percentage_of_actors` or the default `percentage_of_time`' optional :feature_group, type: String, desc: 'A Feature group name' optional :user, type: String, desc: 'A GitLab username or comma-separated multiple usernames' - optional :group, type: String, + optional :group, + type: String, desc: "A GitLab group's path, such as 'gitlab-org', or comma-separated multiple group paths" - optional :namespace, type: String, + optional :namespace, + type: String, desc: "A GitLab group or user namespace path, such as 'john-doe', or comma-separated multiple namespace paths" - optional :project, type: String, + optional :project, + type: String, desc: "A projects path, such as `gitlab-org/gitlab-ce`, or comma-separated multiple project paths" optional :force, type: Boolean, desc: 'Skip feature flag validation checks, ie. YAML definition' diff --git a/lib/api/group_labels.rb b/lib/api/group_labels.rb index e4cbe442f58..a8c48a6f4fe 100644 --- a/lib/api/group_labels.rb +++ b/lib/api/group_labels.rb @@ -19,15 +19,24 @@ module API success Entities::GroupLabel end params do - optional :with_counts, type: Boolean, default: false, + optional :with_counts, + type: Boolean, + default: false, desc: 'Include issue and merge request counts' - optional :include_ancestor_groups, type: Boolean, default: true, + optional :include_ancestor_groups, + type: Boolean, + default: true, desc: 'Include ancestor groups' - optional :include_descendant_groups, type: Boolean, default: false, + optional :include_descendant_groups, + type: Boolean, + default: false, desc: 'Include descendant groups. This feature was added in GitLab 13.6' - optional :only_group_labels, type: Boolean, default: true, + optional :only_group_labels, + type: Boolean, + default: true, desc: 'Toggle to include only group labels or also project labels. This feature was added in GitLab 13.6' - optional :search, type: String, + optional :search, + type: String, desc: 'Keyword to filter labels by. This feature was added in GitLab 13.6' use :pagination end @@ -40,11 +49,17 @@ module API success Entities::GroupLabel end params do - optional :include_ancestor_groups, type: Boolean, default: true, + optional :include_ancestor_groups, + type: Boolean, + default: true, desc: 'Include ancestor groups' - optional :include_descendant_groups, type: Boolean, default: false, + optional :include_descendant_groups, + type: Boolean, + default: false, desc: 'Include descendant groups. This feature was added in GitLab 13.6' - optional :only_group_labels, type: Boolean, default: true, + optional :only_group_labels, + type: Boolean, + default: true, desc: 'Toggle to include only group labels or also project labels. This feature was added in GitLab 13.6' end get ':id/labels/:name' do diff --git a/lib/api/group_packages.rb b/lib/api/group_packages.rb index af6e2b1e422..72d67b41c31 100644 --- a/lib/api/group_packages.rb +++ b/lib/api/group_packages.rb @@ -24,17 +24,29 @@ module API end params do use :pagination - optional :order_by, type: String, values: %w[created_at name version type project_path], default: 'created_at', - desc: 'Return packages ordered by `created_at`, `name`, `version` or `type` fields.' - optional :sort, type: String, values: %w[asc desc], default: 'asc', - desc: 'Return packages sorted in `asc` or `desc` order.' - optional :package_type, type: String, values: Packages::Package.package_types.keys, - desc: 'Return packages of a certain type' - optional :package_name, type: String, - desc: 'Return packages with this name' - optional :include_versionless, type: Boolean, - desc: 'Returns packages without a version' - optional :status, type: String, values: Packages::Package.statuses.keys, + optional :order_by, + type: String, + values: %w[created_at name version type project_path], + default: 'created_at', + desc: 'Return packages ordered by `created_at`, `name`, `version` or `type` fields.' + optional :sort, + type: String, + values: %w[asc desc], + default: 'asc', + desc: 'Return packages sorted in `asc` or `desc` order.' + optional :package_type, + type: String, + values: Packages::Package.package_types.keys, + desc: 'Return packages of a certain type' + optional :package_name, + type: String, + desc: 'Return packages with this name' + optional :include_versionless, + type: Boolean, + desc: 'Returns packages without a version' + optional :status, + type: String, + values: Packages::Package.statuses.keys, desc: 'Return packages with specified status' end get ':id/packages' do diff --git a/lib/api/groups.rb b/lib/api/groups.rb index b63396ed073..82bbab5d7d4 100644 --- a/lib/api/groups.rb +++ b/lib/api/groups.rb @@ -394,9 +394,10 @@ module API desc 'Transfer a group to a new parent group or promote a subgroup to a root group' params do - optional :group_id, type: Integer, - desc: 'The ID of the target group to which the group needs to be transferred to.'\ - 'If not provided, the source group will be promoted to a root group.' + optional :group_id, + type: Integer, + desc: 'The ID of the target group to which the group needs to be transferred to.'\ + 'If not provided, the source group will be promoted to a root group.' end post ':id/transfer', feature_category: :subgroups do group = find_group!(params[:id]) diff --git a/lib/api/helm_packages.rb b/lib/api/helm_packages.rb index e0e4e02fa55..a1b265bc8f3 100644 --- a/lib/api/helm_packages.rb +++ b/lib/api/helm_packages.rb @@ -100,7 +100,7 @@ module API ).execute(:helm, name: ::Packages::Helm::TEMPORARY_PACKAGE_NAME) chart_params = { - file: params[:chart], + file: params[:chart], file_name: PACKAGE_FILENAME } diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index fdb0fbf820d..1d0f0c6e7bb 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -6,11 +6,13 @@ module API include Helpers::Caching include Helpers::Pagination include Helpers::PaginationStrategies + include Gitlab::Ci::Artifacts::Logger SUDO_HEADER = "HTTP_SUDO" GITLAB_SHARED_SECRET_HEADER = "Gitlab-Shared-Secret" SUDO_PARAM = :sudo API_USER_ENV = 'gitlab.api.user' + API_TOKEN_ENV = 'gitlab.api.token' API_EXCEPTION_ENV = 'gitlab.api.exception' API_RESPONSE_STATUS_CODE = 'gitlab.api.response_status_code' @@ -20,7 +22,11 @@ module API end def check_unmodified_since!(last_modified) - if_unmodified_since = Time.parse(headers['If-Unmodified-Since']) rescue nil + if_unmodified_since = begin + Time.parse(headers['If-Unmodified-Since']) + rescue StandardError + nil + end if if_unmodified_since && last_modified && last_modified > if_unmodified_since render_api_error!('412 Precondition Failed', 412) @@ -74,6 +80,8 @@ module API save_current_user_in_env(@current_user) if @current_user + save_current_token_in_env + if @current_user ::ApplicationRecord .sticking @@ -88,6 +96,13 @@ module API env[API_USER_ENV] = { user_id: user.id, username: user.username } end + def save_current_token_in_env + token = access_token + env[API_TOKEN_ENV] = { token_id: token.id, token_type: token.class } if token + + rescue Gitlab::Auth::UnauthorizedError + end + def sudo? initial_current_user != current_user end @@ -574,12 +589,8 @@ module API end end - def log_artifact_file_size(file) - Gitlab::ApplicationContext.push(artifact: file.model) - end - def present_artifacts_file!(file, **args) - log_artifact_file_size(file) if file + log_artifacts_filesize(file&.model) present_carrierwave_file!(file, **args) end diff --git a/lib/api/helpers/groups_helpers.rb b/lib/api/helpers/groups_helpers.rb index 72bdb32d38c..2b10eebb009 100644 --- a/lib/api/helpers/groups_helpers.rb +++ b/lib/api/helpers/groups_helpers.rb @@ -9,8 +9,8 @@ module API params :optional_params_ce do optional :description, type: String, desc: 'The description of the group' optional :visibility, type: String, - values: Gitlab::VisibilityLevel.string_values, - desc: 'The visibility of the group' + values: Gitlab::VisibilityLevel.string_values, + desc: 'The visibility of the group' # TODO: remove rubocop disable - https://gitlab.com/gitlab-org/gitlab/issues/14960 optional :avatar, type: File, desc: 'Avatar image for the group' # rubocop:disable Scalability/FileUploads optional :share_with_group_lock, type: Boolean, desc: 'Prevent sharing a project with another group within this group' diff --git a/lib/api/helpers/integrations_helpers.rb b/lib/api/helpers/integrations_helpers.rb index 0b0100c7d7f..99273e81730 100644 --- a/lib/api/helpers/integrations_helpers.rb +++ b/lib/api/helpers/integrations_helpers.rb @@ -328,14 +328,12 @@ module API type: String, desc: '(Advanced) The full URL for your Datadog site' }, - # TODO: uncomment this field once :datadog_integration_logs_collection is rolled out - # https://gitlab.com/gitlab-org/gitlab/-/issues/346339 - # { - # required: false, - # name: :archive_trace_events, - # type: Boolean, - # desc: 'When enabled, job logs will be collected by Datadog and shown along pipeline execution traces' - # }, + { + required: false, + name: :archive_trace_events, + type: Boolean, + desc: 'When enabled, job logs will be collected by Datadog and shown along pipeline execution traces' + }, { required: false, name: :datadog_service, @@ -678,6 +676,15 @@ module API desc: 'Contents of the credentials.json file of your service account, like: { "type": "service_account", "project_id": ... }' } ], + 'pumble' => [ + { + required: true, + name: :webhook, + type: String, + desc: 'The Pumble chat webhook. For example, https://api.pumble.com/workspaces/x/...' + }, + chat_notification_events + ].flatten, 'pushover' => [ { required: true, diff --git a/lib/api/helpers/merge_requests_helpers.rb b/lib/api/helpers/merge_requests_helpers.rb index 00d9f49adf0..85648cd166d 100644 --- a/lib/api/helpers/merge_requests_helpers.rb +++ b/lib/api/helpers/merge_requests_helpers.rb @@ -17,7 +17,9 @@ module API types: [Integer, String], integer_none_any: true, desc: 'Return merge requests which are assigned to the user with the given ID' - optional :assignee_username, type: Array[String], check_assignees_count: true, + optional :assignee_username, + type: Array[String], + check_assignees_count: true, coerce_with: Validations::Validators::CheckAssigneesCount.coerce, desc: 'Return merge requests which are assigned to the user with the given username' mutually_exclusive :assignee_id, :assignee_username @@ -129,7 +131,7 @@ module API end def self.sort_options_help - sort_options.map {|y| "`#{y}`" }.to_sentence(last_word_connector: ' or ') + sort_options.map { |y| "`#{y}`" }.to_sentence(last_word_connector: ' or ') end end end diff --git a/lib/api/helpers/projects_helpers.rb b/lib/api/helpers/projects_helpers.rb index 3a518959b2c..628182ad1ab 100644 --- a/lib/api/helpers/projects_helpers.rb +++ b/lib/api/helpers/projects_helpers.rb @@ -96,6 +96,7 @@ module API params :optional_update_params_ce do optional :ci_forward_deployment_enabled, type: Boolean, desc: 'Skip older deployment jobs that are still pending' + optional :ci_allow_fork_pipelines_to_run_in_parent_project, type: Boolean, desc: 'Allow fork merge request pipelines to run in parent project' optional :ci_separated_caches, type: Boolean, desc: 'Enable or disable separated caches based on branch protection.' optional :restrict_user_defined_variables, type: Boolean, desc: 'Restrict use of user-defined variables when triggering a pipeline' end @@ -130,6 +131,7 @@ module API :builds_access_level, :ci_config_path, :ci_default_git_depth, + :ci_allow_fork_pipelines_to_run_in_parent_project, :ci_forward_deployment_enabled, :ci_separated_caches, :container_registry_access_level, diff --git a/lib/api/helpers/related_resources_helpers.rb b/lib/api/helpers/related_resources_helpers.rb index d0eda68bf52..27fcc0a68fb 100644 --- a/lib/api/helpers/related_resources_helpers.rb +++ b/lib/api/helpers/related_resources_helpers.rb @@ -9,6 +9,10 @@ module API available?(:issues, project, options[:current_user]) end + def project_feature_string_access_level(project, feature) + project.project_feature&.string_access_level(feature) + end + def mrs_available?(project, options) available?(:merge_requests, project, options[:current_user]) end diff --git a/lib/api/helpers/snippets_helpers.rb b/lib/api/helpers/snippets_helpers.rb index 2d8c761101a..fe20fb3cbe2 100644 --- a/lib/api/helpers/snippets_helpers.rb +++ b/lib/api/helpers/snippets_helpers.rb @@ -29,9 +29,10 @@ module API params :update_file_params do |options| optional :files, type: Array, desc: 'An array of files to update' do - requires :action, type: String, - values: SnippetInputAction::ACTIONS.map(&:to_s), - desc: "The type of action to perform on the file, must be one of: #{SnippetInputAction::ACTIONS.join(", ")}" + requires :action, + type: String, + values: SnippetInputAction::ACTIONS.map(&:to_s), + desc: "The type of action to perform on the file, must be one of: #{SnippetInputAction::ACTIONS.join(", ")}" optional :content, type: String, desc: 'The content of a snippet' optional :file_path, file_path: true, type: String, desc: 'The file path of a snippet file' optional :previous_path, file_path: true, type: String, desc: 'The previous path of a snippet file' diff --git a/lib/api/internal/base.rb b/lib/api/internal/base.rb index b53f855c3a2..6f475fa8d74 100644 --- a/lib/api/internal/base.rb +++ b/lib/api/internal/base.rb @@ -39,6 +39,7 @@ module API container.lfs_http_url_to_repo end + # rubocop: disable Metrics/AbcSize def check_allowed(params) # This is a separate method so that EE can alter its behaviour more # easily. @@ -47,6 +48,14 @@ module API check_rate_limit!(:gitlab_shell_operation, scope: [params[:action], params[:project], actor.key_or_user]) end + if Feature.enabled?(:rate_limit_gitlab_shell_by_ip, actor.user) + rate_limiter = Gitlab::Auth::IpRateLimiter.new(request.ip) + + unless rate_limiter.trusted_ip? + check_rate_limit!(:gitlab_shell_operation, scope: [params[:action], params[:project], rate_limiter.ip]) + end + end + # Stores some Git-specific env thread-safely env = parse_env Gitlab::Git::HookEnv.set(gl_repository, env) if container @@ -101,6 +110,7 @@ module API response_with_status(code: 500, success: false, message: UNKNOWN_CHECK_RESULT_ERROR) end end + # rubocop: enable Metrics/AbcSize def send_git_audit_streaming_event(msg) # Defined in EE diff --git a/lib/api/internal/error_tracking.rb b/lib/api/internal/error_tracking.rb index bad790b0e43..1680ac8afb5 100644 --- a/lib/api/internal/error_tracking.rb +++ b/lib/api/internal/error_tracking.rb @@ -12,7 +12,7 @@ module API input = params['error_tracking_token'] if headers.key?(GITLAB_ERROR_TRACKING_TOKEN_HEADER) - input ||= Base64.decode64(headers[GITLAB_ERROR_TRACKING_TOKEN_HEADER]) + input ||= headers[GITLAB_ERROR_TRACKING_TOKEN_HEADER] end input&.chomp! diff --git a/lib/api/internal/kubernetes.rb b/lib/api/internal/kubernetes.rb index f7c6e48e54f..6f964d5636b 100644 --- a/lib/api/internal/kubernetes.rb +++ b/lib/api/internal/kubernetes.rb @@ -4,6 +4,8 @@ module API # Kubernetes Internal API module Internal class Kubernetes < ::API::Base + include Gitlab::Utils::StrongMemoize + feature_category :kubernetes_management before do check_feature_enabled @@ -54,6 +56,27 @@ module API ::Clusters::AgentTokens::TrackUsageService.new(agent_token).execute end + + def agent_has_access_to_project?(project) + Guest.can?(:download_code, project) || agent.has_access_to?(project) + end + + def count_events + strong_memoize(:count_events) do + events = params.slice(:gitops_sync_count, :k8s_api_proxy_request_count) + events.transform_keys! { |event| event.to_s.chomp('_count') } + events = params[:counters]&.slice(:gitops_sync, :k8s_api_proxy_request) unless events.present? + events + end + end + + def increment_unique_events + events = params[:unique_counters]&.slice(:agent_users_using_ci_tunnel) + + events&.each do |event, entity_ids| + increment_unique_values(event, entity_ids) + end + end end namespace 'internal' do @@ -79,6 +102,24 @@ module API default_branch: project.default_branch_or_main } end + + desc 'Gets project info' do + detail 'Retrieves project info (if authorized)' + end + route_setting :authentication, cluster_agent_token_allowed: true + get '/project_info', urgency: :low do + project = find_project(params[:id]) + + not_found! unless agent_has_access_to_project?(project) + + status 200 + { + project_id: project.id, + gitaly_info: gitaly_info(project), + gitaly_repository: gitaly_repository(project), + default_branch: project.default_branch_or_main + } + end end namespace 'kubernetes/agent_configuration', urgency: :low do @@ -103,14 +144,27 @@ module API detail 'Updates usage metrics for agent' end params do + # Todo: Remove gitops_sync_count and k8s_api_proxy_request_count in the next milestone + # https://gitlab.com/gitlab-org/gitlab/-/issues/369489 + # We're only keeping it for backwards compatibility until KAS is released + # using `counts:` instead optional :gitops_sync_count, type: Integer, desc: 'The count to increment the gitops_sync metric by' optional :k8s_api_proxy_request_count, type: Integer, desc: 'The count to increment the k8s_api_proxy_request_count metric by' + optional :counters, type: Hash do + optional :gitops_sync, type: Integer, desc: 'The count to increment the gitops_sync metric by' + optional :k8s_api_proxy_request, type: Integer, desc: 'The count to increment the k8s_api_proxy_request_count metric by' + end + mutually_exclusive :counters, :gitops_sync_count + mutually_exclusive :counters, :k8s_api_proxy_request_count + + optional :unique_counters, type: Hash do + optional :agent_users_using_ci_tunnel, type: Set[Integer], desc: 'A set of user ids that have interacted a CI Tunnel to' + end end post '/' do - events = params.slice(:gitops_sync_count, :k8s_api_proxy_request_count) - events.transform_keys! { |event| event.to_s.chomp('_count') } + Gitlab::UsageDataCounters::KubernetesAgentCounter.increment_event_counts(count_events) if count_events - Gitlab::UsageDataCounters::KubernetesAgentCounter.increment_event_counts(events) + increment_unique_events no_content! rescue ArgumentError => e diff --git a/lib/api/issue_links.rb b/lib/api/issue_links.rb index c07c2c1994e..563fb3358ed 100644 --- a/lib/api/issue_links.rb +++ b/lib/api/issue_links.rb @@ -37,7 +37,7 @@ module API requires :target_project_id, type: String, desc: 'The ID of the target project' requires :target_issue_iid, type: Integer, desc: 'The IID of the target issue' optional :link_type, type: String, values: IssueLink.link_types.keys, - desc: 'The type of the relation' + desc: 'The type of the relation' end # rubocop: disable CodeReuse/ActiveRecord post ':id/issues/:issue_iid/links' do diff --git a/lib/api/issues.rb b/lib/api/issues.rb index 971163c18db..b6ad34424a6 100644 --- a/lib/api/issues.rb +++ b/lib/api/issues.rb @@ -16,7 +16,7 @@ module API optional :labels, type: Array[String], coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce, desc: 'Comma-separated list of label names' optional :milestone, type: String, desc: 'Milestone title' optional :milestone_id, types: String, values: %w[Any None Upcoming Started], - desc: 'Return issues assigned to milestones without the specified timebox value ("Any", "None", "Upcoming" or "Started")' + desc: 'Return issues assigned to milestones without the specified timebox value ("Any", "None", "Upcoming" or "Started")' mutually_exclusive :milestone_id, :milestone optional :iids, type: Array[Integer], coerce_with: ::API::Validations::Types::CommaSeparatedToIntegerArray.coerce, desc: 'The IID array of issues' @@ -27,8 +27,8 @@ module API optional :assignee_id, type: Integer, desc: 'Return issues which are not assigned to the user with the given ID' optional :assignee_username, type: Array[String], check_assignees_count: true, - coerce_with: Validations::Validators::CheckAssigneesCount.coerce, - desc: 'Return issues which are not assigned to the user with the given username' + coerce_with: Validations::Validators::CheckAssigneesCount.coerce, + desc: 'Return issues which are not assigned to the user with the given username' mutually_exclusive :assignee_id, :assignee_username use :negatable_issue_filter_params_ee @@ -40,7 +40,7 @@ module API # 'milestone_id' only accepts wildcard values 'Any', 'None', 'Upcoming', 'Started' # the param has '_id' in the name to keep consistency (ex. assignee_id accepts id and wildcard values). optional :milestone_id, types: String, values: %w[Any None Upcoming Started], - desc: 'Return issues assigned to milestones with the specified timebox value ("Any", "None", "Upcoming" or "Started")' + desc: 'Return issues assigned to milestones with the specified timebox value ("Any", "None", "Upcoming" or "Started")' optional :iids, type: Array[Integer], coerce_with: ::API::Validations::Types::CommaSeparatedToIntegerArray.coerce, desc: 'The IID array of issues' optional :search, type: String, desc: 'Search issues for text present in the title, description, or any combination of these' optional :in, type: String, desc: '`title`, `description`, or a string joining them with comma' @@ -51,10 +51,10 @@ module API mutually_exclusive :author_id, :author_username optional :assignee_id, types: [Integer, String], integer_none_any: true, - desc: 'Return issues which are assigned to the user with the given ID' + desc: 'Return issues which are assigned to the user with the given ID' optional :assignee_username, type: Array[String], check_assignees_count: true, - coerce_with: Validations::Validators::CheckAssigneesCount.coerce, - desc: 'Return issues which are assigned to the user with the given username' + coerce_with: Validations::Validators::CheckAssigneesCount.coerce, + desc: 'Return issues which are assigned to the user with the given username' mutually_exclusive :assignee_id, :assignee_username optional :created_after, type: DateTime, desc: 'Return issues created after the specified time' @@ -77,13 +77,13 @@ module API params :issues_params do optional :with_labels_details, type: Boolean, desc: 'Return titles of labels and other details', default: false optional :state, type: String, values: %w[opened closed all], default: 'all', - desc: 'Return opened, closed, or all issues' + desc: 'Return opened, closed, or all issues' optional :order_by, type: String, values: Helpers::IssuesHelpers.sort_options, default: 'created_at', - desc: 'Return issues ordered by `created_at`, `due_date`, `label_priority`, `milestone_due`, `popularity`, `priority`, `relative_position`, `title`, or `updated_at` fields.' + desc: 'Return issues ordered by `created_at`, `due_date`, `label_priority`, `milestone_due`, `popularity`, `priority`, `relative_position`, `title`, or `updated_at` fields.' optional :sort, type: String, values: %w[asc desc], default: 'desc', - desc: 'Return issues sorted in `asc` or `desc` order.' + desc: 'Return issues sorted in `asc` or `desc` order.' optional :due_date, type: String, values: %w[0 any today tomorrow overdue week month next_month_and_previous_two_weeks] << '', - desc: 'Return issues that have no due date (`0`), or whose due date is this week, this month, between two weeks ago and next month, or which are overdue. Accepts: `overdue`, `week`, `month`, `next_month_and_previous_two_weeks`, `0`' + desc: 'Return issues that have no due date (`0`), or whose due date is this week, this month, between two weeks ago and next month, or which are overdue. Accepts: `overdue`, `week`, `month`, `next_month_and_previous_two_weeks`, `0`' optional :issue_type, type: String, values: WorkItems::Type.allowed_types_for_issues, desc: "The type of the issue. Accepts: #{WorkItems::Type.allowed_types_for_issues.join(', ')}" use :issues_stats_params diff --git a/lib/api/labels.rb b/lib/api/labels.rb index e2d4f5d823a..0a107a96d61 100644 --- a/lib/api/labels.rb +++ b/lib/api/labels.rb @@ -23,11 +23,11 @@ module API end params do optional :with_counts, type: Boolean, default: false, - desc: 'Include issue and merge request counts' + desc: 'Include issue and merge request counts' optional :include_ancestor_groups, type: Boolean, default: true, - desc: 'Include ancestor groups' + desc: 'Include ancestor groups' optional :search, type: String, - desc: 'Keyword to filter labels by. This feature was added in GitLab 13.6' + desc: 'Keyword to filter labels by. This feature was added in GitLab 13.6' use :pagination end get ':id/labels' do @@ -40,7 +40,7 @@ module API end params do optional :include_ancestor_groups, type: Boolean, default: true, - desc: 'Include ancestor groups' + desc: 'Include ancestor groups' end get ':id/labels/:name' do get_label(user_project, Entities::ProjectLabel, declared_params) diff --git a/lib/api/markdown.rb b/lib/api/markdown.rb index c465087c4a2..1f8255fd6a4 100644 --- a/lib/api/markdown.rb +++ b/lib/api/markdown.rb @@ -2,7 +2,9 @@ module API class Markdown < ::API::Base - feature_category :not_owned # rubocop:todo Gitlab/AvoidFeatureCategoryNotOwned + before { authenticate! if Feature.enabled?(:authenticate_markdown_api, type: :ops) } + + feature_category :team_planning params do requires :text, type: String, desc: "The markdown text to render" diff --git a/lib/api/maven_packages.rb b/lib/api/maven_packages.rb index e2481dcb8c1..fb0221ee907 100644 --- a/lib/api/maven_packages.rb +++ b/lib/api/maven_packages.rb @@ -43,6 +43,9 @@ module API end end + # The sha verification done by the maven api is between: + # - the sha256 set by workhorse helpers + # - the sha256 of the sha1 of the uploaded package file def verify_package_file(package_file, uploaded_file) stored_sha256 = Digest::SHA256.hexdigest(package_file.file_sha1) expected_sha256 = uploaded_file.sha256 @@ -50,6 +53,16 @@ module API if stored_sha256 == expected_sha256 no_content! else + # Track sha1 conflicts. + # See https://gitlab.com/gitlab-org/gitlab/-/issues/367356 + Gitlab::ErrorTracking.log_exception( + ArgumentError.new, + message: 'maven package file sha1 conflict', + stored_sha1: package_file.file_sha1, + received_sha256: uploaded_file.sha256, + sha256_hexdigest_of_stored_sha1: stored_sha256 + ) + conflict! end end @@ -270,12 +283,12 @@ module API '' else file_params = { - file: params[:file], - size: params['file.size'], + file: params[:file], + size: params['file.size'], file_name: file_name, file_type: params['file.type'], file_sha1: params['file.sha1'], - file_md5: params['file.md5'] + file_md5: params['file.md5'] } ::Packages::CreatePackageFileService.new(package, file_params.merge(build: current_authenticated_job)).execute diff --git a/lib/api/members.rb b/lib/api/members.rb index b94f68f60b5..d26fdd09ee7 100644 --- a/lib/api/members.rb +++ b/lib/api/members.rb @@ -91,7 +91,7 @@ module API authorize_read_source_member!(source_type, source) - members = find_all_members(source) + members = find_all_members(source).order(access_level: :desc) member = members.find_by!(user_id: params[:user_id]) present_members member @@ -156,9 +156,9 @@ module API params do requires :user_id, type: Integer, desc: 'The user ID of the member' optional :skip_subresources, type: Boolean, default: false, - desc: 'Flag indicating if the deletion of direct memberships of the removed member in subgroups and projects should be skipped' + desc: 'Flag indicating if the deletion of direct memberships of the removed member in subgroups and projects should be skipped' optional :unassign_issuables, type: Boolean, default: false, - desc: 'Flag indicating if the removed member should be unassigned from any issues or merge requests within given group or project' + desc: 'Flag indicating if the removed member should be unassigned from any issues or merge requests within given group or project' end # rubocop: disable CodeReuse/ActiveRecord delete ":id/members/:user_id", feature_category: feature_category do diff --git a/lib/api/merge_requests.rb b/lib/api/merge_requests.rb index 156a92802b0..a8f58e91067 100644 --- a/lib/api/merge_requests.rb +++ b/lib/api/merge_requests.rb @@ -121,6 +121,10 @@ module API merge_request.permits_force_push? end + def recheck_mergeability_of(merge_requests:) + merge_requests.each { |mr| mr.check_mergeability(async: true) } + end + params :merge_requests_params do use :merge_requests_base_params use :optional_merge_requests_search_params @@ -155,7 +159,7 @@ module API params do use :merge_requests_params optional :non_archived, type: Boolean, desc: 'Return merge requests from non archived projects', - default: true + default: true end get ":id/merge_requests", feature_category: :code_review, urgency: :low do validate_anonymous_search_access! if declared_params[:search].present? @@ -206,7 +210,9 @@ module API options = serializer_options_for(merge_requests).merge(project: user_project) options[:project] = user_project - present_cached merge_requests, expires_in: 2.days, **options + recheck_mergeability_of(merge_requests: merge_requests) unless options[:skip_merge_status_recheck] + + present_cached merge_requests, expires_in: 8.hours, cache_context: -> (mr) { "#{current_user&.cache_key}:#{mr.merge_status}" }, **options end desc 'Create a merge request' do @@ -283,6 +289,17 @@ module API present paginate(participants), with: Entities::UserBasic end + desc 'Get the reviewers of a merge request' do + success Entities::MergeRequestReviewer + end + get ':id/merge_requests/:merge_request_iid/reviewers', feature_category: :code_review, urgency: :low do + merge_request = find_merge_request_with_access(params[:merge_request_iid]) + + reviewers = ::Kaminari.paginate_array(merge_request.merge_request_reviewers) + + present paginate(reviewers), with: Entities::MergeRequestReviewer + end + desc 'Get the commits of a merge request' do success Entities::Commit end @@ -455,11 +472,7 @@ module API not_allowed! if !immediately_mergeable && !automatically_mergeable - if Feature.enabled?(:change_response_code_merge_status, user_project) - render_api_error!('Branch cannot be merged', 422) unless merge_request.mergeable?(skip_ci_check: automatically_mergeable) - else - render_api_error!('Branch cannot be merged', 406) unless merge_request.mergeable?(skip_ci_check: automatically_mergeable) - end + render_api_error!('Branch cannot be merged', 422) unless merge_request.mergeable?(skip_ci_check: automatically_mergeable) check_sha_param!(params, merge_request) @@ -481,7 +494,11 @@ module API .execute(merge_request, AutoMergeService::STRATEGY_MERGE_WHEN_PIPELINE_SUCCEEDS) end - present merge_request, with: Entities::MergeRequest, current_user: current_user, project: user_project + if immediately_mergeable && !merge_request.merged? + render_api_error!("Branch cannot be merged", 422) + else + present merge_request, with: Entities::MergeRequest, current_user: current_user, project: user_project + end end desc 'Returns the up to date merge-ref HEAD commit' diff --git a/lib/api/metrics/dashboard/annotations.rb b/lib/api/metrics/dashboard/annotations.rb index 6fc90da87d4..478adcdce70 100644 --- a/lib/api/metrics/dashboard/annotations.rb +++ b/lib/api/metrics/dashboard/annotations.rb @@ -20,11 +20,11 @@ module API resource annotations_source[:resource] do params do requires :starting_at, type: DateTime, - desc: 'Date time indicating starting moment to which the annotation relates.' + desc: 'Date time indicating starting moment to which the annotation relates.' optional :ending_at, type: DateTime, - desc: 'Date time indicating ending moment to which the annotation relates.' + desc: 'Date time indicating ending moment to which the annotation relates.' requires :dashboard_path, type: String, coerce_with: -> (val) { CGI.unescape(val) }, - desc: 'The path to a file defining the dashboard on which the annotation should be added' + desc: 'The path to a file defining the dashboard on which the annotation should be added' requires :description, type: String, desc: 'The description of the annotation' end diff --git a/lib/api/metrics/user_starred_dashboards.rb b/lib/api/metrics/user_starred_dashboards.rb index 83d95f8b062..4d5396acccb 100644 --- a/lib/api/metrics/user_starred_dashboards.rb +++ b/lib/api/metrics/user_starred_dashboards.rb @@ -13,7 +13,7 @@ module API params do requires :dashboard_path, type: String, allow_blank: false, coerce_with: ->(val) { CGI.unescape(val) }, - desc: 'Url encoded path to a file defining the dashboard to which the star should be added' + desc: 'Url encoded path to a file defining the dashboard to which the star should be added' end post ':id/metrics/user_starred_dashboards' do @@ -30,7 +30,7 @@ module API params do optional :dashboard_path, type: String, allow_blank: false, coerce_with: ->(val) { CGI.unescape(val) }, - desc: 'Url encoded path to a file defining the dashboard from which the star should be removed' + desc: 'Url encoded path to a file defining the dashboard from which the star should be removed' end delete ':id/metrics/user_starred_dashboards' do diff --git a/lib/api/milestone_responses.rb b/lib/api/milestone_responses.rb index d75ed3a48d7..2fd3239b44a 100644 --- a/lib/api/milestone_responses.rb +++ b/lib/api/milestone_responses.rb @@ -14,12 +14,12 @@ module API params :list_params do optional :state, type: String, values: %w[active closed all], default: 'all', - desc: 'Return "active", "closed", or "all" milestones' + desc: 'Return "active", "closed", or "all" milestones' optional :iids, type: Array[Integer], coerce_with: ::API::Validations::Types::CommaSeparatedToIntegerArray.coerce, desc: 'The IIDs of the milestones' optional :title, type: String, desc: 'The title of the milestones' optional :search, type: String, desc: 'The search criteria for the title or description of the milestone' optional :include_parent_milestones, type: Grape::API::Boolean, default: false, - desc: 'Include group milestones from parent and its ancestors' + desc: 'Include group milestones from parent and its ancestors' use :pagination end @@ -27,7 +27,7 @@ module API requires :milestone_id, type: Integer, desc: 'The milestone ID number' optional :title, type: String, desc: 'The title of the milestone' optional :state_event, type: String, values: %w[close activate], - desc: 'The state event of the milestone ' + desc: 'The state event of the milestone ' use :optional_params at_least_one_of :title, :description, :start_date, :due_date, :state_event end diff --git a/lib/api/notes.rb b/lib/api/notes.rb index 2a854bd785e..77c479c529a 100644 --- a/lib/api/notes.rb +++ b/lib/api/notes.rb @@ -30,7 +30,7 @@ module API optional :sort, type: String, values: %w[asc desc], default: 'desc', desc: 'Return notes sorted in `asc` or `desc` order.' optional :activity_filter, type: String, values: UserPreference::NOTES_FILTERS.stringify_keys.keys, default: 'all_notes', - desc: 'The type of notables which are returned.' + desc: 'The type of notables which are returned.' use :pagination end # rubocop: disable CodeReuse/ActiveRecord @@ -73,7 +73,8 @@ module API params do requires :noteable_id, type: Integer, desc: 'The ID of the noteable' requires :body, type: String, desc: 'The content of a note' - optional :confidential, type: Boolean, desc: 'Confidentiality note flag, default is false' + optional :confidential, type: Boolean, desc: '[Deprecated in 15.3] Renamed to internal' + optional :internal, type: Boolean, desc: 'Internal note flag, default is false' optional :created_at, type: String, desc: 'The creation date of the note' optional :merge_request_diff_head_sha, type: String, desc: 'The SHA of the head commit' end @@ -87,7 +88,7 @@ module API note: params[:body], noteable_type: noteables_str.classify, noteable_id: noteable.id, - confidential: params[:confidential], + internal: params[:internal] || params[:confidential], created_at: params[:created_at], merge_request_diff_head_sha: params[:merge_request_diff_head_sha] } diff --git a/lib/api/pages_domains.rb b/lib/api/pages_domains.rb index 2e7f8475509..34d3a5150da 100644 --- a/lib/api/pages_domains.rb +++ b/lib/api/pages_domains.rb @@ -97,7 +97,7 @@ module API optional :certificate, types: [File, String], desc: 'The certificate', as: :user_provided_certificate optional :key, types: [File, String], desc: 'The key', as: :user_provided_key optional :auto_ssl_enabled, allow_blank: false, type: Boolean, default: false, - desc: "Enables automatic generation of SSL certificates issued by Let's Encrypt for custom domains." + desc: "Enables automatic generation of SSL certificates issued by Let's Encrypt for custom domains." # rubocop:enable Scalability/FileUploads all_or_none_of :user_provided_certificate, :user_provided_key end @@ -123,7 +123,7 @@ module API optional :certificate, types: [File, String], desc: 'The certificate', as: :user_provided_certificate optional :key, types: [File, String], desc: 'The key', as: :user_provided_key optional :auto_ssl_enabled, allow_blank: true, type: Boolean, - desc: "Enables automatic generation of SSL certificates issued by Let's Encrypt for custom domains." + desc: "Enables automatic generation of SSL certificates issued by Let's Encrypt for custom domains." # rubocop:enable Scalability/FileUploads end put ":id/pages/domains/:domain", requirements: PAGES_DOMAINS_ENDPOINT_REQUIREMENTS do diff --git a/lib/api/pagination_params.rb b/lib/api/pagination_params.rb index 85ac50d5bec..bdb69d0ba44 100644 --- a/lib/api/pagination_params.rb +++ b/lib/api/pagination_params.rb @@ -20,6 +20,26 @@ module API optional :page, type: Integer, default: 1, desc: 'Current page number' optional :per_page, type: Integer, default: 20, desc: 'Number of items per page', except_values: [0] end + + def verify_pagination_params! + return if Feature.disabled?(:only_positive_pagination_values) + + page = begin + Integer(params[:page]) + rescue ArgumentError, TypeError + nil + end + + return render_structured_api_error!({ error: 'page does not have a valid value' }, 400) if page&.< 1 + + per_page = begin + Integer(params[:per_page]) + rescue ArgumentError, TypeError + nil + end + + return render_structured_api_error!({ error: 'per_page does not have a valid value' }, 400) if per_page&.< 1 + end end end end diff --git a/lib/api/personal_access_tokens.rb b/lib/api/personal_access_tokens.rb index f8b744bb14b..0d7d2dc6a0c 100644 --- a/lib/api/personal_access_tokens.rb +++ b/lib/api/personal_access_tokens.rb @@ -57,9 +57,14 @@ module API get ':id' do token = PersonalAccessToken.find_by_id(params[:id]) - unauthorized! unless token && Ability.allowed?(current_user, :read_user_personal_access_tokens, token.user) - - present token, with: Entities::PersonalAccessToken + allowed = Ability.allowed?(current_user, :read_user_personal_access_tokens, token&.user) + + if allowed + present token, with: Entities::PersonalAccessToken + else + # Only admins should be informed if the token doesn't exist + current_user.admin? ? not_found! : unauthorized! + end end delete 'self' do diff --git a/lib/api/project_packages.rb b/lib/api/project_packages.rb index 79a5ca531e1..800966408fc 100644 --- a/lib/api/project_packages.rb +++ b/lib/api/project_packages.rb @@ -32,10 +32,11 @@ module API optional :package_name, type: String, desc: 'Return packages with this name' optional :include_versionless, type: Boolean, - desc: 'Returns packages without a version' + desc: 'Returns packages without a version' optional :status, type: String, values: Packages::Package.statuses.keys, - desc: 'Return packages with specified status' + desc: 'Return packages with specified status' end + route_setting :authentication, job_token_allowed: true get ':id/packages' do packages = ::Packages::PackagesFinder.new( user_project, @@ -52,6 +53,7 @@ module API params do requires :package_id, type: Integer, desc: 'The ID of a package' end + route_setting :authentication, job_token_allowed: true get ':id/packages/:package_id' do package = ::Packages::PackageFinder .new(user_project, params[:package_id]).execute @@ -65,6 +67,7 @@ module API params do requires :package_id, type: Integer, desc: 'The ID of a package' end + route_setting :authentication, job_token_allowed: true delete ':id/packages/:package_id' do authorize_destroy_package!(user_project) diff --git a/lib/api/project_templates.rb b/lib/api/project_templates.rb index fe0e837c596..f6e1286d616 100644 --- a/lib/api/project_templates.rb +++ b/lib/api/project_templates.rb @@ -37,7 +37,7 @@ module API params do requires :name, type: String, desc: 'The name of the template' optional :source_template_project_id, type: Integer, - desc: 'The project id where a given template is being stored. This is useful when multiple templates from different projects have the same name' + desc: 'The project id where a given template is being stored. This is useful when multiple templates from different projects have the same name' optional :project, type: String, desc: 'The project name to use when expanding placeholders in the template. Only affects licenses' optional :fullname, type: String, desc: 'The full name of the copyright holder to use when expanding placeholders in the template. Only affects licenses' end diff --git a/lib/api/projects.rb b/lib/api/projects.rb index 6530887c1c3..6ed480518ee 100644 --- a/lib/api/projects.rb +++ b/lib/api/projects.rb @@ -688,11 +688,11 @@ module API optional :search, type: String, desc: 'Return list of groups matching the search criteria' optional :skip_groups, type: Array[Integer], coerce_with: ::API::Validations::Types::CommaSeparatedToIntegerArray.coerce, desc: 'Array of group ids to exclude from list' optional :with_shared, type: Boolean, default: false, - desc: 'Include shared groups' + desc: 'Include shared groups' optional :shared_visible_only, type: Boolean, default: false, - desc: 'Limit to shared groups user has access to' + desc: 'Limit to shared groups user has access to' optional :shared_min_access_level, type: Integer, values: Gitlab::Access.all_values, - desc: 'Limit returned shared groups by minimum access level to the project' + desc: 'Limit returned shared groups by minimum access level to the project' use :pagination end get ':id/groups', feature_category: :source_code_management do diff --git a/lib/api/protected_branches.rb b/lib/api/protected_branches.rb index a4f5dfefae6..38bafac25b2 100644 --- a/lib/api/protected_branches.rb +++ b/lib/api/protected_branches.rb @@ -61,8 +61,8 @@ module API values: ProtectedBranch::MergeAccessLevel.allowed_access_levels, desc: 'Access levels allowed to merge (defaults: `40`, maintainer access level)' optional :allow_force_push, type: Boolean, - default: false, - desc: 'Allow force push for all users with push access.' + default: false, + desc: 'Allow force push for all users with push access.' use :optional_params_ee end diff --git a/lib/api/releases.rb b/lib/api/releases.rb index aecd6f9eef8..10e879ec70b 100644 --- a/lib/api/releases.rb +++ b/lib/api/releases.rb @@ -23,9 +23,9 @@ module API params do requires :id, type: Integer, desc: 'The ID of the group to get releases for' optional :sort, type: String, values: %w[asc desc], default: 'desc', - desc: 'Return projects sorted in ascending and descending order by released_at' + desc: 'Return projects sorted in ascending and descending order by released_at' optional :simple, type: Boolean, default: false, - desc: 'Return only the ID, URL, name, and path of each project' + desc: 'Return only the ID, URL, name, and path of each project' use :pagination end @@ -61,7 +61,7 @@ module API optional :sort, type: String, values: %w[asc desc], default: 'desc', desc: 'Return releases sorted in `asc` or `desc` order.' optional :include_html_description, type: Boolean, - desc: 'If `true`, a response includes HTML rendered markdown of the release description.' + desc: 'If `true`, a response includes HTML rendered markdown of the release description.' end route_setting :authentication, job_token_allowed: true get ':id/releases' do @@ -89,7 +89,7 @@ module API params do requires :tag_name, type: String, desc: 'The name of the tag', as: :tag optional :include_html_description, type: Boolean, - desc: 'If `true`, a response includes HTML rendered markdown of the release description.' + desc: 'If `true`, a response includes HTML rendered markdown of the release description.' end route_setting :authentication, job_token_allowed: true get ':id/releases/:tag_name', requirements: RELEASE_ENDPOINT_REQUIREMENTS do @@ -186,6 +186,8 @@ module API .execute if result[:status] == :success + log_release_deleted_audit_event + present result[:release], with: Entities::Release, current_user: current_user else render_api_error!(result[:message], result[:http_status]) @@ -238,6 +240,10 @@ module API # extended in EE end + def log_release_deleted_audit_event + # extended in EE + end + def log_release_milestones_updated_audit_event # extended in EE end diff --git a/lib/api/repositories.rb b/lib/api/repositories.rb index 4c7cc6be8b6..cef72d898e6 100644 --- a/lib/api/repositories.rb +++ b/lib/api/repositories.rb @@ -99,11 +99,17 @@ module API optional :recursive, type: Boolean, default: false, desc: 'Used to get a recursive tree' use :pagination - optional :pagination, type: String, values: %w(legacy keyset), default: 'legacy', desc: 'Specify the pagination method' + optional :pagination, type: String, values: %w(legacy keyset none), default: 'legacy', desc: 'Specify the pagination method ("none" is only valid if "recursive" is true)' - given pagination: -> (value) { value == 'keyset' } do + given pagination: ->(value) { value == 'keyset' } do optional :page_token, type: String, desc: 'Record from which to start the keyset pagination' end + + given pagination: ->(value) { value == 'none' } do + given recursive: ->(value) { value == false } do + validates([:pagination], except_values: { value: 'none', message: 'cannot be "none" unless "recursive" is true' }) + end + end end get ':id/repository/tree', urgency: :low do tree_finder = ::Repositories::TreeFinder.new(user_project, declared_params(include_missing: false)) diff --git a/lib/api/rubygem_packages.rb b/lib/api/rubygem_packages.rb index e6c54faebd9..85bbd0879b7 100644 --- a/lib/api/rubygem_packages.rb +++ b/lib/api/rubygem_packages.rb @@ -109,7 +109,7 @@ module API ).execute(:rubygems, name: ::Packages::Rubygems::TEMPORARY_PACKAGE_NAME) file_params = { - file: params[:file], + file: params[:file], file_name: PACKAGE_FILENAME } diff --git a/lib/api/search.rb b/lib/api/search.rb index fd4d46cf77d..c78aff705ab 100644 --- a/lib/api/search.rb +++ b/lib/api/search.rb @@ -59,11 +59,15 @@ module API end def search(additional_params = {}) - results = search_service(additional_params).search_objects(preload_method) + @search_duration_s = Benchmark.realtime do + @results = search_service(additional_params).search_objects(preload_method) + end + + set_global_search_log_information Gitlab::UsageDataCounters::SearchCounter.count(:all_searches) - paginate(results) + paginate(@results) end def snippets? @@ -83,6 +87,23 @@ module API # Defining this method here as a noop allows us to easily extend it in # EE, without having to modify this file directly. end + + def search_type + 'basic' + end + + def search_scope + params[:scope] + end + + def set_global_search_log_information + Gitlab::Instrumentation::GlobalSearchApi.set_information( + type: search_type, + level: search_service.level, + scope: search_scope, + search_duration_s: @search_duration_s + ) + end end resource :search do diff --git a/lib/api/sidekiq_metrics.rb b/lib/api/sidekiq_metrics.rb index bca1376d489..e279e63181d 100644 --- a/lib/api/sidekiq_metrics.rb +++ b/lib/api/sidekiq_metrics.rb @@ -22,14 +22,14 @@ module API def process_metrics Sidekiq::ProcessSet.new(false).map do |process| { - hostname: process['hostname'], - pid: process['pid'], - tag: process['tag'], - started_at: Time.at(process['started_at']), - queues: process['queues'], - labels: process['labels'], + hostname: process['hostname'], + pid: process['pid'], + tag: process['tag'], + started_at: Time.at(process['started_at']), + queues: process['queues'], + labels: process['labels'], concurrency: process['concurrency'], - busy: process['busy'] + busy: process['busy'] } end end diff --git a/lib/api/support/git_access_actor.rb b/lib/api/support/git_access_actor.rb index 71395086ac2..f450630afdd 100644 --- a/lib/api/support/git_access_actor.rb +++ b/lib/api/support/git_access_actor.rb @@ -32,6 +32,10 @@ module API key || user end + def deploy_key_or_user + key.instance_of?(DeployKey) ? key : user + end + def username user&.username end diff --git a/lib/api/topics.rb b/lib/api/topics.rb index 15f79e75be3..a08b4c6c107 100644 --- a/lib/api/topics.rb +++ b/lib/api/topics.rb @@ -12,6 +12,7 @@ module API end params do optional :search, type: String, desc: 'Return list of topics matching the search criteria' + optional :without_projects, type: Boolean, desc: 'Return list of topics without assigned projects' use :pagination end get 'topics' do diff --git a/lib/api/unleash.rb b/lib/api/unleash.rb index 2d528ad47a2..1fbd7cf5afc 100644 --- a/lib/api/unleash.rb +++ b/lib/api/unleash.rb @@ -33,8 +33,10 @@ module API end end + # We decrease the urgency of this endpoint until the maxmemory issue of redis-cache has been resolved. + # See https://gitlab.com/gitlab-org/gitlab/-/issues/365575#note_1033611872 for more information. desc 'Get a list of features' - get 'client/features' do + get 'client/features', urgency: :low do if ::Feature.enabled?(:cache_unleash_client_api, project) present_feature_flags else diff --git a/lib/api/user_counts.rb b/lib/api/user_counts.rb index d0b1e458a27..388aa5e375c 100644 --- a/lib/api/user_counts.rb +++ b/lib/api/user_counts.rb @@ -12,19 +12,13 @@ module API get do unauthorized! unless current_user - counts = { + { merge_requests: current_user.assigned_open_merge_requests_count, # @deprecated assigned_issues: current_user.assigned_open_issues_count, assigned_merge_requests: current_user.assigned_open_merge_requests_count, review_requested_merge_requests: current_user.review_requested_open_merge_requests_count, todos: current_user.todos_pending_count } - - if current_user&.mr_attention_requests_enabled? - counts[:attention_requests] = current_user.attention_requested_open_merge_requests_count - end - - counts end end end diff --git a/lib/api/users.rb b/lib/api/users.rb index d66d86a9055..c93c0f601a0 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -68,9 +68,9 @@ module API params :sort_params do optional :order_by, type: String, values: %w[id name username created_at updated_at], - default: 'id', desc: 'Return users ordered by a field' + default: 'id', desc: 'Return users ordered by a field' optional :sort, type: String, values: %w[asc desc], default: 'desc', - desc: 'Return users sorted in ascending and descending order' + desc: 'Return users sorted in ascending and descending order' end end @@ -940,7 +940,7 @@ module API params do requires :name, type: String, desc: 'The name of the personal access token' requires :scopes, type: Array[String], coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce, values: ::Gitlab::Auth.all_available_scopes.map(&:to_s), - desc: 'The array of scopes of the personal access token' + desc: 'The array of scopes of the personal access token' optional :expires_at, type: Date, desc: 'The expiration date in the format YEAR-MONTH-DAY of the personal access token' end post feature_category: :authentication_and_authorization do |