diff options
Diffstat (limited to 'app/services')
83 files changed, 1476 insertions, 426 deletions
diff --git a/app/services/base_project_service.rb b/app/services/base_project_service.rb index fb466e61673..1bf4a235a79 100644 --- a/app/services/base_project_service.rb +++ b/app/services/base_project_service.rb @@ -2,6 +2,8 @@ # Base class, scoped by project class BaseProjectService < ::BaseContainerService + include ::Gitlab::Utils::StrongMemoize + attr_accessor :project def initialize(project:, current_user: nil, params: {}) @@ -11,4 +13,12 @@ class BaseProjectService < ::BaseContainerService end delegate :repository, to: :project + + private + + def project_group + strong_memoize(:project_group) do + project.group + end + end end diff --git a/app/services/boards/issues/list_service.rb b/app/services/boards/issues/list_service.rb index 9a3e3bc3bdb..6021d634f86 100644 --- a/app/services/boards/issues/list_service.rb +++ b/app/services/boards/issues/list_service.rb @@ -22,7 +22,7 @@ module Boards def order(items) return items.order_closed_date_desc if list&.closed? - items.order_by_position_and_priority(with_cte: params[:search].present?) + items.order_by_relative_position end def finder diff --git a/app/services/bulk_import_service.rb b/app/services/bulk_import_service.rb deleted file mode 100644 index 4e13e967dbd..00000000000 --- a/app/services/bulk_import_service.rb +++ /dev/null @@ -1,70 +0,0 @@ -# frozen_string_literal: true - -# Entry point of the BulkImport feature. -# This service receives a Gitlab Instance connection params -# and a list of groups to be imported. -# -# Process topography: -# -# sync | async -# | -# User +--> P1 +----> Pn +---+ -# | ^ | Enqueue new job -# | +-----+ -# -# P1 (sync) -# -# - Create a BulkImport record -# - Create a BulkImport::Entity for each group to be imported -# - Enqueue a BulkImportWorker job (P2) to import the given groups (entities) -# -# Pn (async) -# -# - For each group to be imported (BulkImport::Entity.with_status(:created)) -# - Import the group data -# - Create entities for each subgroup of the imported group -# - Enqueue a BulkImportService job (Pn) to import the new entities (subgroups) -# -class BulkImportService - attr_reader :current_user, :params, :credentials - - def initialize(current_user, params, credentials) - @current_user = current_user - @params = params - @credentials = credentials - end - - def execute - bulk_import = create_bulk_import - - BulkImportWorker.perform_async(bulk_import.id) - - ServiceResponse.success(payload: bulk_import) - rescue ActiveRecord::RecordInvalid => e - ServiceResponse.error( - message: e.message, - http_status: :unprocessable_entity - ) - end - - private - - def create_bulk_import - BulkImport.transaction do - bulk_import = BulkImport.create!(user: current_user, source_type: 'gitlab') - bulk_import.create_configuration!(credentials.slice(:url, :access_token)) - - params.each do |entity| - BulkImports::Entity.create!( - bulk_import: bulk_import, - source_type: entity[:source_type], - source_full_path: entity[:source_full_path], - destination_name: entity[:destination_name], - destination_namespace: entity[:destination_namespace] - ) - end - - bulk_import - end - end -end diff --git a/app/services/bulk_imports/create_service.rb b/app/services/bulk_imports/create_service.rb new file mode 100644 index 00000000000..c1becbb5609 --- /dev/null +++ b/app/services/bulk_imports/create_service.rb @@ -0,0 +1,83 @@ +# frozen_string_literal: true + +# Entry point of the BulkImport feature. +# This service receives a Gitlab Instance connection params +# and a list of groups to be imported. +# +# Process topography: +# +# sync | async +# | +# User +--> P1 +----> Pn +---+ +# | ^ | Enqueue new job +# | +-----+ +# +# P1 (sync) +# +# - Create a BulkImport record +# - Create a BulkImport::Entity for each group to be imported +# - Enqueue a BulkImportWorker job (P2) to import the given groups (entities) +# +# Pn (async) +# +# - For each group to be imported (BulkImport::Entity.with_status(:created)) +# - Import the group data +# - Create entities for each subgroup of the imported group +# - Enqueue a BulkImports::CreateService job (Pn) to import the new entities (subgroups) +# +module BulkImports + class CreateService + attr_reader :current_user, :params, :credentials + + def initialize(current_user, params, credentials) + @current_user = current_user + @params = params + @credentials = credentials + end + + def execute + bulk_import = create_bulk_import + + BulkImportWorker.perform_async(bulk_import.id) + + ServiceResponse.success(payload: bulk_import) + rescue ActiveRecord::RecordInvalid => e + ServiceResponse.error( + message: e.message, + http_status: :unprocessable_entity + ) + end + + private + + def create_bulk_import + BulkImport.transaction do + bulk_import = BulkImport.create!( + user: current_user, + source_type: 'gitlab', + source_version: client.instance_version + ) + bulk_import.create_configuration!(credentials.slice(:url, :access_token)) + + params.each do |entity| + BulkImports::Entity.create!( + bulk_import: bulk_import, + source_type: entity[:source_type], + source_full_path: entity[:source_full_path], + destination_name: entity[:destination_name], + destination_namespace: entity[:destination_namespace] + ) + end + + bulk_import + end + end + + def client + @client ||= BulkImports::Clients::HTTP.new( + url: @credentials[:url], + token: @credentials[:access_token] + ) + end + end +end diff --git a/app/services/bulk_imports/file_export_service.rb b/app/services/bulk_imports/file_export_service.rb new file mode 100644 index 00000000000..a7e0f998666 --- /dev/null +++ b/app/services/bulk_imports/file_export_service.rb @@ -0,0 +1,42 @@ +# frozen_string_literal: true + +module BulkImports + class FileExportService + include Gitlab::ImportExport::CommandLineUtil + + def initialize(portable, export_path, relation) + @portable = portable + @export_path = export_path + @relation = relation + end + + def execute + export_service.execute + + archive_exported_data + end + + def exported_filename + "#{relation}.tar" + end + + private + + attr_reader :export_path, :portable, :relation + + def export_service + case relation + when FileTransfer::ProjectConfig::UPLOADS_RELATION + UploadsExportService.new(portable, export_path) + else + raise BulkImports::Error, 'Unsupported relation export type' + end + end + + def archive_exported_data + archive_file = File.join(export_path, exported_filename) + + tar_cf(archive: archive_file, dir: export_path) + end + end +end diff --git a/app/services/bulk_imports/get_importable_data_service.rb b/app/services/bulk_imports/get_importable_data_service.rb new file mode 100644 index 00000000000..07e0b3976a1 --- /dev/null +++ b/app/services/bulk_imports/get_importable_data_service.rb @@ -0,0 +1,45 @@ +# frozen_string_literal: true + +module BulkImports + class GetImportableDataService + def initialize(params, query_params, credentials) + @params = params + @query_params = query_params + @credentials = credentials + end + + def execute + { + version_validation: version_validation, + response: importables + } + end + + private + + def importables + client.get('groups', @query_params) + end + + def version_validation + { + features: { + project_migration: { + available: client.compatible_for_project_migration?, + min_version: BulkImport.min_gl_version_for_project_migration.to_s + }, + source_instance_version: client.instance_version.to_s + } + } + end + + def client + @client ||= BulkImports::Clients::HTTP.new( + url: @credentials[:url], + token: @credentials[:access_token], + per_page: @params[:per_page], + page: @params[:page] + ) + end + end +end diff --git a/app/services/bulk_imports/relation_export_service.rb b/app/services/bulk_imports/relation_export_service.rb index 055f9cafd10..4718b3914b2 100644 --- a/app/services/bulk_imports/relation_export_service.rb +++ b/app/services/bulk_imports/relation_export_service.rb @@ -9,20 +9,23 @@ module BulkImports @portable = portable @relation = relation @jid = jid + @config = FileTransfer.config_for(portable) end def execute find_or_create_export! do |export| remove_existing_export_file!(export) - serialize_relation_to_file(export.relation_definition) + export_service.execute compress_exported_relation upload_compressed_file(export) end + ensure + FileUtils.remove_entry(config.export_path) end private - attr_reader :user, :portable, :relation, :jid + attr_reader :user, :portable, :relation, :jid, :config def find_or_create_export! validate_user_permissions! @@ -55,52 +58,28 @@ module BulkImports upload.save! end - def serialize_relation_to_file(relation_definition) - serializer.serialize_relation(relation_definition) - end - - def compress_exported_relation - gzip(dir: export_path, filename: ndjson_filename) + def export_service + @export_service ||= if config.tree_relation?(relation) + TreeExportService.new(portable, config.export_path, relation) + elsif config.file_relation?(relation) + FileExportService.new(portable, config.export_path, relation) + else + raise BulkImports::Error, 'Unsupported export relation' + end end def upload_compressed_file(export) - compressed_filename = File.join(export_path, "#{ndjson_filename}.gz") + compressed_file = File.join(config.export_path, "#{export_service.exported_filename}.gz") + upload = ExportUpload.find_or_initialize_by(export_id: export.id) # rubocop: disable CodeReuse/ActiveRecord - File.open(compressed_filename) { |file| upload.export_file = file } + File.open(compressed_file) { |file| upload.export_file = file } upload.save! end - def config - @config ||= FileTransfer.config_for(portable) - end - - def export_path - @export_path ||= config.export_path - end - - def portable_tree - @portable_tree ||= config.portable_tree - end - - # rubocop: disable CodeReuse/Serializer - def serializer - @serializer ||= ::Gitlab::ImportExport::Json::StreamingSerializer.new( - portable, - portable_tree, - json_writer, - exportable_path: '' - ) - end - # rubocop: enable CodeReuse/Serializer - - def json_writer - @json_writer ||= ::Gitlab::ImportExport::Json::NdjsonWriter.new(export_path) - end - - def ndjson_filename - @ndjson_filename ||= "#{relation}.ndjson" + def compress_exported_relation + gzip(dir: config.export_path, filename: export_service.exported_filename) end end end diff --git a/app/services/bulk_imports/tree_export_service.rb b/app/services/bulk_imports/tree_export_service.rb new file mode 100644 index 00000000000..b8e7ac4574b --- /dev/null +++ b/app/services/bulk_imports/tree_export_service.rb @@ -0,0 +1,43 @@ +# frozen_string_literal: true + +module BulkImports + class TreeExportService + def initialize(portable, export_path, relation) + @portable = portable + @export_path = export_path + @relation = relation + @config = FileTransfer.config_for(portable) + end + + def execute + relation_definition = config.tree_relation_definition_for(relation) + + raise BulkImports::Error, 'Unsupported relation export type' unless relation_definition + + serializer.serialize_relation(relation_definition) + end + + def exported_filename + "#{relation}.ndjson" + end + + private + + attr_reader :export_path, :portable, :relation, :config + + # rubocop: disable CodeReuse/Serializer + def serializer + ::Gitlab::ImportExport::Json::StreamingSerializer.new( + portable, + config.portable_tree, + json_writer, + exportable_path: '' + ) + end + # rubocop: enable CodeReuse/Serializer + + def json_writer + ::Gitlab::ImportExport::Json::NdjsonWriter.new(export_path) + end + end +end diff --git a/app/services/bulk_imports/uploads_export_service.rb b/app/services/bulk_imports/uploads_export_service.rb new file mode 100644 index 00000000000..32cc48c152c --- /dev/null +++ b/app/services/bulk_imports/uploads_export_service.rb @@ -0,0 +1,49 @@ +# frozen_string_literal: true + +module BulkImports + class UploadsExportService + include Gitlab::ImportExport::CommandLineUtil + + BATCH_SIZE = 100 + + def initialize(portable, export_path) + @portable = portable + @export_path = export_path + end + + def execute + portable.uploads.find_each(batch_size: BATCH_SIZE) do |upload| # rubocop: disable CodeReuse/ActiveRecord + uploader = upload.retrieve_uploader + + next unless upload.exist? + next unless uploader.file + + subdir_path = export_subdir_path(upload) + mkdir_p(subdir_path) + download_or_copy_upload(uploader, File.join(subdir_path, uploader.filename)) + rescue Errno::ENAMETOOLONG => e + # Do not fail entire export process if downloaded file has filename that exceeds 255 characters. + # Ignore raised exception, skip such upload, log the error and keep going with the export instead. + Gitlab::ErrorTracking.log_exception(e, portable_id: portable.id, portable_class: portable.class.name, upload_id: upload.id) + end + end + + private + + attr_reader :portable, :export_path + + def export_subdir_path(upload) + subdir = if upload.path == avatar_path + 'avatar' + else + upload.try(:secret).to_s + end + + File.join(export_path, subdir) + end + + def avatar_path + @avatar_path ||= portable.avatar&.upload&.path + end + end +end diff --git a/app/services/ci/archive_trace_service.rb b/app/services/ci/archive_trace_service.rb index 995b58c6882..17cac38ace2 100644 --- a/app/services/ci/archive_trace_service.rb +++ b/app/services/ci/archive_trace_service.rb @@ -3,10 +3,15 @@ module Ci class ArchiveTraceService def execute(job, worker_name:) + unless job.trace.archival_attempts_available? + Sidekiq.logger.warn(class: worker_name, message: 'The job is out of archival attempts.', job_id: job.id) + + job.trace.attempt_archive_cleanup! + return + end + unless job.trace.can_attempt_archival_now? - Sidekiq.logger.warn(class: worker_name, - message: job.trace.archival_attempts_message, - job_id: job.id) + Sidekiq.logger.warn(class: worker_name, message: 'The job can not be archived right now.', job_id: job.id) return end diff --git a/app/services/ci/destroy_pipeline_service.rb b/app/services/ci/destroy_pipeline_service.rb index dd5c8e0379f..476c7523d60 100644 --- a/app/services/ci/destroy_pipeline_service.rb +++ b/app/services/ci/destroy_pipeline_service.rb @@ -9,6 +9,9 @@ module Ci pipeline.cancel_running if pipeline.cancelable? + # Ci::Pipeline#destroy triggers `use_fast_destroy :job_artifacts` and + # ci_builds has ON DELETE CASCADE to ci_pipelines. The pipeline, the builds, + # job and pipeline artifacts all get destroyed here. pipeline.reset.destroy! ServiceResponse.success(message: 'Pipeline not found') diff --git a/app/services/ci/pipelines/add_job_service.rb b/app/services/ci/pipelines/add_job_service.rb index 53536b6fdf9..703bb22fb5d 100644 --- a/app/services/ci/pipelines/add_job_service.rb +++ b/app/services/ci/pipelines/add_job_service.rb @@ -16,15 +16,7 @@ module Ci def execute!(job, &block) assign_pipeline_attributes(job) - if Feature.enabled?(:ci_pipeline_add_job_with_lock, pipeline.project, default_enabled: :yaml) - in_lock("ci:pipelines:#{pipeline.id}:add-job", ttl: LOCK_TIMEOUT, sleep_sec: LOCK_SLEEP, retries: LOCK_RETRIES) do - Ci::Pipeline.transaction do - yield(job) - - job.update_older_statuses_retried! - end - end - else + in_lock("ci:pipelines:#{pipeline.id}:add-job", ttl: LOCK_TIMEOUT, sleep_sec: LOCK_SLEEP, retries: LOCK_RETRIES) do Ci::Pipeline.transaction do yield(job) diff --git a/app/services/ci/pipelines/hook_service.rb b/app/services/ci/pipelines/hook_service.rb new file mode 100644 index 00000000000..629ed7e1ebd --- /dev/null +++ b/app/services/ci/pipelines/hook_service.rb @@ -0,0 +1,34 @@ +# frozen_string_literal: true + +module Ci + module Pipelines + class HookService + include Gitlab::Utils::StrongMemoize + + HOOK_NAME = :pipeline_hooks + + def initialize(pipeline) + @pipeline = pipeline + end + + def execute + project.execute_hooks(hook_data, HOOK_NAME) if project.has_active_hooks?(HOOK_NAME) + project.execute_integrations(hook_data, HOOK_NAME) if project.has_active_integrations?(HOOK_NAME) + end + + private + + attr_reader :pipeline + + def project + @project ||= pipeline.project + end + + def hook_data + strong_memoize(:hook_data) do + Gitlab::DataBuilder::Pipeline.build(pipeline) + end + end + end + end +end diff --git a/app/services/ci/process_pipeline_service.rb b/app/services/ci/process_pipeline_service.rb index fb26d5d3356..664915c5e2f 100644 --- a/app/services/ci/process_pipeline_service.rb +++ b/app/services/ci/process_pipeline_service.rb @@ -11,8 +11,6 @@ module Ci def execute increment_processing_counter - update_retried - Ci::PipelineProcessing::AtomicProcessingService .new(pipeline) .execute @@ -24,41 +22,6 @@ module Ci private - # This method is for compatibility and data consistency and should be removed with 9.3 version of GitLab - # This replicates what is db/post_migrate/20170416103934_upate_retried_for_ci_build.rb - # and ensures that functionality will not be broken before migration is run - # this updates only when there are data that needs to be updated, there are two groups with no retried flag - # rubocop: disable CodeReuse/ActiveRecord - def update_retried - return if Feature.enabled?(:ci_remove_update_retried_from_process_pipeline, pipeline.project, default_enabled: :yaml) - - # find the latest builds for each name - latest_statuses = pipeline.latest_statuses - .group(:name) - .having('count(*) > 1') - .pluck(Arel.sql('MAX(id)'), 'name') - - # mark builds that are retried - if latest_statuses.any? - updated_count = pipeline.latest_statuses - .where(name: latest_statuses.map(&:second)) - .where.not(id: latest_statuses.map(&:first)) - .update_all(retried: true) - - # This counter is temporary. It will be used to check whether if we still use this method or not - # after setting correct value of `GenericCommitStatus#retried`. - # More info: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/50465#note_491657115 - if updated_count > 0 - Gitlab::AppJsonLogger.info(event: 'update_retried_is_used', - project_id: pipeline.project.id, - pipeline_id: pipeline.id) - - metrics.legacy_update_jobs_counter.increment - end - end - end - # rubocop: enable CodeReuse/ActiveRecord - def increment_processing_counter metrics.pipeline_processing_events_counter.increment end diff --git a/app/services/ci/queue/build_queue_service.rb b/app/services/ci/queue/build_queue_service.rb index 3276c427923..3c886cb023f 100644 --- a/app/services/ci/queue/build_queue_service.rb +++ b/app/services/ci/queue/build_queue_service.rb @@ -90,7 +90,7 @@ module Ci def runner_projects_relation if ::Feature.enabled?(:ci_pending_builds_project_runners_decoupling, runner, default_enabled: :yaml) - runner.runner_projects.select(:project_id) + runner.runner_projects.select('"ci_runner_projects"."project_id"::bigint') else runner.projects.without_deleted.with_builds_enabled end diff --git a/app/services/ci/register_job_service.rb b/app/services/ci/register_job_service.rb index c46ddd22558..67ef4f10709 100644 --- a/app/services/ci/register_job_service.rb +++ b/app/services/ci/register_job_service.rb @@ -22,7 +22,8 @@ module Ci end def execute(params = {}) - db_all_caught_up = ::Gitlab::Database::LoadBalancing::Sticking.all_caught_up?(:runner, runner.id) + db_all_caught_up = + ::Ci::Runner.sticking.all_caught_up?(:runner, runner.id) @metrics.increment_queue_operation(:queue_attempt) @@ -103,42 +104,40 @@ module Ci # rubocop: disable CodeReuse/ActiveRecord def each_build(params, &blk) - ::Gitlab::Database.allow_cross_joins_across_databases(url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/339429') do - queue = ::Ci::Queue::BuildQueueService.new(runner) - - builds = begin - if runner.instance_type? - queue.builds_for_shared_runner - elsif runner.group_type? - queue.builds_for_group_runner - else - queue.builds_for_project_runner - end - end + queue = ::Ci::Queue::BuildQueueService.new(runner) - if runner.ref_protected? - builds = queue.builds_for_protected_runner(builds) + builds = begin + if runner.instance_type? + queue.builds_for_shared_runner + elsif runner.group_type? + queue.builds_for_group_runner + else + queue.builds_for_project_runner end + end - # pick builds that does not have other tags than runner's one - builds = queue.builds_matching_tag_ids(builds, runner.tags.ids) + if runner.ref_protected? + builds = queue.builds_for_protected_runner(builds) + end - # pick builds that have at least one tag - unless runner.run_untagged? - builds = queue.builds_with_any_tags(builds) - end + # pick builds that does not have other tags than runner's one + builds = queue.builds_matching_tag_ids(builds, runner.tags.ids) - # pick builds that older than specified age - if params.key?(:job_age) - builds = queue.builds_queued_before(builds, params[:job_age].seconds.ago) - end + # pick builds that have at least one tag + unless runner.run_untagged? + builds = queue.builds_with_any_tags(builds) + end - build_ids = retrieve_queue(-> { queue.execute(builds) }) + # pick builds that older than specified age + if params.key?(:job_age) + builds = queue.builds_queued_before(builds, params[:job_age].seconds.ago) + end - @metrics.observe_queue_size(-> { build_ids.size }, @runner.runner_type) + build_ids = retrieve_queue(-> { queue.execute(builds) }) - build_ids.each { |build_id| yield Ci::Build.find(build_id) } - end + @metrics.observe_queue_size(-> { build_ids.size }, @runner.runner_type) + + build_ids.each { |build_id| yield Ci::Build.find(build_id) } end # rubocop: enable CodeReuse/ActiveRecord diff --git a/app/services/ci/resource_groups/assign_resource_from_resource_group_service.rb b/app/services/ci/resource_groups/assign_resource_from_resource_group_service.rb index 1d329fe7b53..dfd97498fc8 100644 --- a/app/services/ci/resource_groups/assign_resource_from_resource_group_service.rb +++ b/app/services/ci/resource_groups/assign_resource_from_resource_group_service.rb @@ -9,7 +9,7 @@ module Ci free_resources = resource_group.resources.free.count - resource_group.processables.waiting_for_resource.take(free_resources).each do |processable| + resource_group.upcoming_processables.take(free_resources).each do |processable| processable.enqueue_waiting_for_resource end end diff --git a/app/services/ci/retry_build_service.rb b/app/services/ci/retry_build_service.rb index 08520c9514c..07cfbb9ce3c 100644 --- a/app/services/ci/retry_build_service.rb +++ b/app/services/ci/retry_build_service.rb @@ -17,7 +17,7 @@ module Ci def execute(build) build.ensure_scheduling_type! - reprocess!(build).tap do |new_build| + clone!(build).tap do |new_build| check_assignable_runners!(new_build) next if new_build.failed? @@ -31,7 +31,12 @@ module Ci end # rubocop: disable CodeReuse/ActiveRecord - def reprocess!(build) + def clone!(build) + # Cloning a build requires a strict type check to ensure + # the attributes being used for the clone are taken straight + # from the model and not overridden by other abstractions. + raise TypeError unless build.instance_of?(Ci::Build) + check_access!(build) new_build = clone_build(build) diff --git a/app/services/ci/retry_pipeline_service.rb b/app/services/ci/retry_pipeline_service.rb index 02ee40d2cf6..9ad46ca7585 100644 --- a/app/services/ci/retry_pipeline_service.rb +++ b/app/services/ci/retry_pipeline_service.rb @@ -9,20 +9,15 @@ module Ci raise Gitlab::Access::AccessDeniedError end - needs = Set.new - pipeline.ensure_scheduling_type! builds_relation(pipeline).find_each do |build| next unless can_be_retried?(build) - Ci::RetryBuildService.new(project, current_user) - .reprocess!(build) - - needs += build.needs.map(&:name) + Ci::RetryBuildService.new(project, current_user).clone!(build) end - pipeline.builds.latest.skipped.find_each do |skipped| + pipeline.processables.latest.skipped.find_each do |skipped| retry_optimistic_lock(skipped, name: 'ci_retry_pipeline') { |build| build.process(current_user) } end diff --git a/app/services/ci/stuck_builds/drop_service.rb b/app/services/ci/stuck_builds/drop_pending_service.rb index 3fee9a94381..4653e701973 100644 --- a/app/services/ci/stuck_builds/drop_service.rb +++ b/app/services/ci/stuck_builds/drop_pending_service.rb @@ -2,27 +2,21 @@ module Ci module StuckBuilds - class DropService + class DropPendingService include DropHelpers - BUILD_RUNNING_OUTDATED_TIMEOUT = 1.hour BUILD_PENDING_OUTDATED_TIMEOUT = 1.day - BUILD_SCHEDULED_OUTDATED_TIMEOUT = 1.hour BUILD_PENDING_STUCK_TIMEOUT = 1.hour BUILD_LOOKBACK = 5.days def execute - Gitlab::AppLogger.info "#{self.class}: Cleaning stuck builds" - - drop(running_timed_out_builds, failure_reason: :stuck_or_timeout_failure) + Gitlab::AppLogger.info "#{self.class}: Cleaning pending timed-out builds" drop( pending_builds(BUILD_PENDING_OUTDATED_TIMEOUT.ago), failure_reason: :stuck_or_timeout_failure ) - drop(scheduled_timed_out_builds, failure_reason: :stale_schedule) - drop_stuck( pending_builds(BUILD_PENDING_STUCK_TIMEOUT.ago), failure_reason: :stuck_or_timeout_failure @@ -43,20 +37,6 @@ module Ci end end # rubocop: enable CodeReuse/ActiveRecord - - def scheduled_timed_out_builds - Ci::Build.where(status: :scheduled).where( # rubocop: disable CodeReuse/ActiveRecord - 'ci_builds.scheduled_at IS NOT NULL AND ci_builds.scheduled_at < ?', - BUILD_SCHEDULED_OUTDATED_TIMEOUT.ago - ) - end - - def running_timed_out_builds - Ci::Build.running.where( # rubocop: disable CodeReuse/ActiveRecord - 'ci_builds.updated_at < ?', - BUILD_RUNNING_OUTDATED_TIMEOUT.ago - ) - end end end end diff --git a/app/services/ci/stuck_builds/drop_running_service.rb b/app/services/ci/stuck_builds/drop_running_service.rb new file mode 100644 index 00000000000..a79224cc231 --- /dev/null +++ b/app/services/ci/stuck_builds/drop_running_service.rb @@ -0,0 +1,31 @@ +# frozen_string_literal: true + +module Ci + module StuckBuilds + class DropRunningService + include DropHelpers + + BUILD_RUNNING_OUTDATED_TIMEOUT = 1.hour + + def execute + Gitlab::AppLogger.info "#{self.class}: Cleaning running, timed-out builds" + + drop(running_timed_out_builds, failure_reason: :stuck_or_timeout_failure) + end + + private + + def running_timed_out_builds + if Feature.enabled?(:ci_new_query_for_running_stuck_jobs, default_enabled: :yaml) + Ci::Build + .running + .created_at_before(BUILD_RUNNING_OUTDATED_TIMEOUT.ago) + .updated_at_before(BUILD_RUNNING_OUTDATED_TIMEOUT.ago) + .order(created_at: :asc, project_id: :asc) # rubocop:disable CodeReuse/ActiveRecord + else + Ci::Build.running.updated_at_before(BUILD_RUNNING_OUTDATED_TIMEOUT.ago) + end + end + end + end +end diff --git a/app/services/ci/stuck_builds/drop_scheduled_service.rb b/app/services/ci/stuck_builds/drop_scheduled_service.rb new file mode 100644 index 00000000000..d4f4252c2c0 --- /dev/null +++ b/app/services/ci/stuck_builds/drop_scheduled_service.rb @@ -0,0 +1,23 @@ +# frozen_string_literal: true + +module Ci + module StuckBuilds + class DropScheduledService + include DropHelpers + + BUILD_SCHEDULED_OUTDATED_TIMEOUT = 1.hour + + def execute + Gitlab::AppLogger.info "#{self.class}: Cleaning scheduled, timed-out builds" + + drop(scheduled_timed_out_builds, failure_reason: :stale_schedule) + end + + private + + def scheduled_timed_out_builds + Ci::Build.scheduled.scheduled_at_before(BUILD_SCHEDULED_OUTDATED_TIMEOUT.ago) + end + end + end +end diff --git a/app/services/ci/update_build_state_service.rb b/app/services/ci/update_build_state_service.rb index abd50d2f110..3b403f92486 100644 --- a/app/services/ci/update_build_state_service.rb +++ b/app/services/ci/update_build_state_service.rb @@ -73,9 +73,11 @@ module Ci ::Gitlab::Ci::Trace::Checksum.new(build).then do |checksum| unless checksum.valid? metrics.increment_trace_operation(operation: :invalid) + metrics.increment_error_counter(type: :chunks_invalid_checksum) if checksum.corrupted? metrics.increment_trace_operation(operation: :corrupted) + metrics.increment_error_counter(type: :chunks_invalid_size) end next unless log_invalid_chunks? diff --git a/app/services/ci/update_pending_build_service.rb b/app/services/ci/update_pending_build_service.rb index dcba06e60bf..d546dbcfe3d 100644 --- a/app/services/ci/update_pending_build_service.rb +++ b/app/services/ci/update_pending_build_service.rb @@ -2,7 +2,7 @@ module Ci class UpdatePendingBuildService - VALID_PARAMS = %i[instance_runners_enabled].freeze + VALID_PARAMS = %i[instance_runners_enabled namespace_id namespace_traversal_ids].freeze InvalidParamsError = Class.new(StandardError) InvalidModelError = Class.new(StandardError) diff --git a/app/services/clusters/agent_tokens/create_service.rb b/app/services/clusters/agent_tokens/create_service.rb new file mode 100644 index 00000000000..ae2617f510b --- /dev/null +++ b/app/services/clusters/agent_tokens/create_service.rb @@ -0,0 +1,31 @@ +# frozen_string_literal: true + +module Clusters + module AgentTokens + class CreateService < ::BaseContainerService + ALLOWED_PARAMS = %i[agent_id description name].freeze + + def execute + return error_no_permissions unless current_user.can?(:create_cluster, container) + + token = ::Clusters::AgentToken.new(filtered_params.merge(created_by_user: current_user)) + + if token.save + ServiceResponse.success(payload: { secret: token.token, token: token }) + else + ServiceResponse.error(message: token.errors.full_messages) + end + end + + private + + def error_no_permissions + ServiceResponse.error(message: s_('ClusterAgent|User has insufficient permissions to create a token for this project')) + end + + def filtered_params + params.slice(*ALLOWED_PARAMS) + end + end + end +end diff --git a/app/services/clusters/agents/create_service.rb b/app/services/clusters/agents/create_service.rb new file mode 100644 index 00000000000..568f168d63b --- /dev/null +++ b/app/services/clusters/agents/create_service.rb @@ -0,0 +1,29 @@ +# frozen_string_literal: true + +module Clusters + module Agents + class CreateService < BaseService + def execute(name:) + return error_no_permissions unless cluster_agent_permissions? + + agent = ::Clusters::Agent.new(name: name, project: project, created_by_user: current_user) + + if agent.save + success.merge(cluster_agent: agent) + else + error(agent.errors.full_messages) + end + end + + private + + def cluster_agent_permissions? + current_user.can?(:admin_pipeline, project) && current_user.can?(:create_cluster, project) + end + + def error_no_permissions + error(s_('ClusterAgent|You have insufficient permissions to create a cluster agent for this project')) + end + end + end +end diff --git a/app/services/clusters/agents/delete_service.rb b/app/services/clusters/agents/delete_service.rb new file mode 100644 index 00000000000..2132dffa606 --- /dev/null +++ b/app/services/clusters/agents/delete_service.rb @@ -0,0 +1,23 @@ +# frozen_string_literal: true + +module Clusters + module Agents + class DeleteService < ::BaseContainerService + def execute(cluster_agent) + return error_no_permissions unless current_user.can?(:admin_cluster, cluster_agent) + + if cluster_agent.destroy + ServiceResponse.success + else + ServiceResponse.error(message: cluster_agent.errors.full_messages) + end + end + + private + + def error_no_permissions + ServiceResponse.error(message: s_('ClusterAgent|You have insufficient permissions to delete this cluster agent')) + end + end + end +end diff --git a/app/services/clusters/agents/refresh_authorization_service.rb b/app/services/clusters/agents/refresh_authorization_service.rb index a9e3340dbf5..7f401eef720 100644 --- a/app/services/clusters/agents/refresh_authorization_service.rb +++ b/app/services/clusters/agents/refresh_authorization_service.rb @@ -99,7 +99,7 @@ module Clusters end def group_root_ancestor? - root_ancestor.group? + root_ancestor.group_namespace? end end end diff --git a/app/services/concerns/rate_limited_service.rb b/app/services/concerns/rate_limited_service.rb new file mode 100644 index 00000000000..87cba7814fe --- /dev/null +++ b/app/services/concerns/rate_limited_service.rb @@ -0,0 +1,93 @@ +# frozen_string_literal: true + +module RateLimitedService + extend ActiveSupport::Concern + + RateLimitedNotSetupError = Class.new(StandardError) + + class RateLimitedError < StandardError + def initialize(key:, rate_limiter:) + @key = key + @rate_limiter = rate_limiter + end + + def headers + # TODO: This will be fleshed out in https://gitlab.com/gitlab-org/gitlab/-/issues/342370 + {} + end + + def log_request(request, current_user) + rate_limiter.class.log_request(request, "#{key}_request_limit".to_sym, current_user) + end + + private + + attr_reader :key, :rate_limiter + end + + class RateLimiterScopedAndKeyed + attr_reader :key, :opts, :rate_limiter_klass + + def initialize(key:, opts:, rate_limiter_klass:) + @key = key + @opts = opts + @rate_limiter_klass = rate_limiter_klass + end + + def rate_limit!(service) + evaluated_scope = evaluated_scope_for(service) + return if feature_flag_disabled?(evaluated_scope[:project]) + + rate_limiter = new_rate_limiter(evaluated_scope) + if rate_limiter.throttled? + raise RateLimitedError.new(key: key, rate_limiter: rate_limiter), _('This endpoint has been requested too many times. Try again later.') + end + end + + private + + def users_allowlist + @users_allowlist ||= opts[:users_allowlist] ? opts[:users_allowlist].call : [] + end + + def evaluated_scope_for(service) + opts[:scope].each_with_object({}) do |var, all| + all[var] = service.public_send(var) # rubocop: disable GitlabSecurity/PublicSend + end + end + + def feature_flag_disabled?(project) + Feature.disabled?("rate_limited_service_#{key}", project, default_enabled: :yaml) + end + + def new_rate_limiter(evaluated_scope) + rate_limiter_klass.new(key, **opts.merge(scope: evaluated_scope.values, users_allowlist: users_allowlist)) + end + end + + prepended do + attr_accessor :rate_limiter_bypassed + cattr_accessor :rate_limiter_scoped_and_keyed + + def self.rate_limit(key:, opts:, rate_limiter_klass: ::Gitlab::ApplicationRateLimiter) + self.rate_limiter_scoped_and_keyed = RateLimiterScopedAndKeyed.new(key: key, + opts: opts, + rate_limiter_klass: rate_limiter_klass) + end + end + + def execute_without_rate_limiting(*args, **kwargs) + self.rate_limiter_bypassed = true + execute(*args, **kwargs) + ensure + self.rate_limiter_bypassed = false + end + + def execute(*args, **kwargs) + raise RateLimitedNotSetupError if rate_limiter_scoped_and_keyed.nil? + + rate_limiter_scoped_and_keyed.rate_limit!(self) unless rate_limiter_bypassed + + super + end +end diff --git a/app/services/container_expiration_policies/cleanup_service.rb b/app/services/container_expiration_policies/cleanup_service.rb index cd988cdc5fe..0da5e552c48 100644 --- a/app/services/container_expiration_policies/cleanup_service.rb +++ b/app/services/container_expiration_policies/cleanup_service.rb @@ -4,7 +4,7 @@ module ContainerExpirationPolicies class CleanupService attr_reader :repository - SERVICE_RESULT_FIELDS = %i[original_size before_truncate_size after_truncate_size before_delete_size deleted_size].freeze + SERVICE_RESULT_FIELDS = %i[original_size before_truncate_size after_truncate_size before_delete_size deleted_size cached_tags_count].freeze def initialize(repository) @repository = repository @@ -24,8 +24,8 @@ module ContainerExpirationPolicies begin service_result = Projects::ContainerRepository::CleanupTagsService - .new(project, nil, policy_params.merge('container_expiration_policy' => true)) - .execute(repository) + .new(repository, nil, policy_params.merge('container_expiration_policy' => true)) + .execute rescue StandardError repository.cleanup_unfinished! diff --git a/app/services/customer_relations/contacts/base_service.rb b/app/services/customer_relations/contacts/base_service.rb new file mode 100644 index 00000000000..89f6f2c3f1f --- /dev/null +++ b/app/services/customer_relations/contacts/base_service.rb @@ -0,0 +1,17 @@ +# frozen_string_literal: true + +module CustomerRelations + module Contacts + class BaseService < ::BaseGroupService + private + + def allowed? + current_user&.can?(:admin_contact, group) + end + + def error(message) + ServiceResponse.error(message: Array(message)) + end + end + end +end diff --git a/app/services/customer_relations/contacts/create_service.rb b/app/services/customer_relations/contacts/create_service.rb new file mode 100644 index 00000000000..7ff8b731e0d --- /dev/null +++ b/app/services/customer_relations/contacts/create_service.rb @@ -0,0 +1,41 @@ +# frozen_string_literal: true + +module CustomerRelations + module Contacts + class CreateService < BaseService + def execute + return error_no_permissions unless allowed? + return error_organization_invalid unless organization_valid? + + contact = Contact.create(params.merge(group_id: group.id)) + + return error_creating(contact) unless contact.persisted? + + ServiceResponse.success(payload: contact) + end + + private + + def organization_valid? + return true unless params[:organization_id] + + organization = Organization.find(params[:organization_id]) + organization.group_id == group.id + rescue ActiveRecord::RecordNotFound + false + end + + def error_organization_invalid + error('The specified organization was not found or does not belong to this group') + end + + def error_no_permissions + error('You have insufficient permissions to create a contact for this group') + end + + def error_creating(contact) + error(contact&.errors&.full_messages || 'Failed to create contact') + end + end + end +end diff --git a/app/services/customer_relations/contacts/update_service.rb b/app/services/customer_relations/contacts/update_service.rb new file mode 100644 index 00000000000..473a80be262 --- /dev/null +++ b/app/services/customer_relations/contacts/update_service.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +module CustomerRelations + module Contacts + class UpdateService < BaseService + def execute(contact) + return error_no_permissions unless allowed? + return error_updating(contact) unless contact.update(params) + + ServiceResponse.success(payload: contact) + end + + private + + def error_no_permissions + error('You have insufficient permissions to update a contact for this group') + end + + def error_updating(contact) + error(contact&.errors&.full_messages || 'Failed to update contact') + end + end + end +end diff --git a/app/services/customer_relations/organizations/base_service.rb b/app/services/customer_relations/organizations/base_service.rb index 63261534b37..8f8480d697c 100644 --- a/app/services/customer_relations/organizations/base_service.rb +++ b/app/services/customer_relations/organizations/base_service.rb @@ -10,7 +10,7 @@ module CustomerRelations end def error(message) - ServiceResponse.error(message: message) + ServiceResponse.error(message: Array(message)) end end end diff --git a/app/services/customer_relations/organizations/create_service.rb b/app/services/customer_relations/organizations/create_service.rb index 9c223796eaf..aad1b7e2ca4 100644 --- a/app/services/customer_relations/organizations/create_service.rb +++ b/app/services/customer_relations/organizations/create_service.rb @@ -7,9 +7,7 @@ module CustomerRelations def execute return error_no_permissions unless allowed? - params[:group_id] = group.id - - organization = Organization.create(params) + organization = Organization.create(params.merge(group_id: group.id)) return error_creating(organization) unless organization.persisted? diff --git a/app/services/dependency_proxy/auth_token_service.rb b/app/services/dependency_proxy/auth_token_service.rb index 16279ed12b0..c6c9eb534bb 100644 --- a/app/services/dependency_proxy/auth_token_service.rb +++ b/app/services/dependency_proxy/auth_token_service.rb @@ -12,10 +12,16 @@ module DependencyProxy JSONWebToken::HMACToken.decode(token, ::Auth::DependencyProxyAuthenticationService.secret).first end - class << self - def decoded_token_payload(token) - self.new(token).execute + def self.user_or_deploy_token_from_jwt(raw_jwt) + token_payload = self.new(raw_jwt).execute + + if token_payload['user_id'] + User.find(token_payload['user_id']) + elsif token_payload['deploy_token'] + DeployToken.active.find_by_token(token_payload['deploy_token']) end + rescue JWT::DecodeError, JWT::ExpiredSignature, JWT::ImmatureSignature + nil end end end diff --git a/app/services/dependency_proxy/find_or_create_blob_service.rb b/app/services/dependency_proxy/find_or_create_blob_service.rb index f3dbf31dcdb..0a6db6e3d34 100644 --- a/app/services/dependency_proxy/find_or_create_blob_service.rb +++ b/app/services/dependency_proxy/find_or_create_blob_service.rb @@ -12,7 +12,7 @@ module DependencyProxy def execute from_cache = true file_name = @blob_sha.sub('sha256:', '') + '.gz' - blob = @group.dependency_proxy_blobs.find_or_build(file_name) + blob = @group.dependency_proxy_blobs.active.find_or_build(file_name) unless blob.persisted? from_cache = false @@ -30,6 +30,8 @@ module DependencyProxy blob.save! end + # Technical debt: change to read_at https://gitlab.com/gitlab-org/gitlab/-/issues/341536 + blob.touch if from_cache success(blob: blob, from_cache: from_cache) end diff --git a/app/services/dependency_proxy/find_or_create_manifest_service.rb b/app/services/dependency_proxy/find_or_create_manifest_service.rb index 0eb990ab7f8..1976d4d47f4 100644 --- a/app/services/dependency_proxy/find_or_create_manifest_service.rb +++ b/app/services/dependency_proxy/find_or_create_manifest_service.rb @@ -13,11 +13,16 @@ module DependencyProxy def execute @manifest = @group.dependency_proxy_manifests + .active .find_or_initialize_by_file_name_or_digest(file_name: @file_name, digest: @tag) head_result = DependencyProxy::HeadManifestService.new(@image, @tag, @token).execute - return success(manifest: @manifest, from_cache: true) if cached_manifest_matches?(head_result) + if cached_manifest_matches?(head_result) + @manifest.touch + + return success(manifest: @manifest, from_cache: true) + end pull_new_manifest respond(from_cache: false) @@ -46,6 +51,9 @@ module DependencyProxy def respond(from_cache: true) if @manifest.persisted? + # Technical debt: change to read_at https://gitlab.com/gitlab-org/gitlab/-/issues/341536 + @manifest.touch if from_cache + success(manifest: @manifest, from_cache: from_cache) else error('Failed to download the manifest from the external registry', 503) diff --git a/app/services/dependency_proxy/group_settings/update_service.rb b/app/services/dependency_proxy/group_settings/update_service.rb new file mode 100644 index 00000000000..ba43452def3 --- /dev/null +++ b/app/services/dependency_proxy/group_settings/update_service.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: true + +module DependencyProxy + module GroupSettings + class UpdateService < BaseContainerService + ALLOWED_ATTRIBUTES = %i[enabled].freeze + + def execute + return ServiceResponse.error(message: 'Access Denied', http_status: 403) unless allowed? + return ServiceResponse.error(message: 'Dependency proxy setting not found', http_status: 404) unless dependency_proxy_setting + + if dependency_proxy_setting.update(dependency_proxy_setting_params) + ServiceResponse.success(payload: { dependency_proxy_setting: dependency_proxy_setting }) + else + ServiceResponse.error( + message: dependency_proxy_setting.errors.full_messages.to_sentence || 'Bad request', + http_status: 400 + ) + end + end + + private + + def dependency_proxy_setting + container.dependency_proxy_setting + end + + def allowed? + Ability.allowed?(current_user, :admin_dependency_proxy, container) + end + + def dependency_proxy_setting_params + params.slice(*ALLOWED_ATTRIBUTES) + end + end + end +end diff --git a/app/services/deployments/older_deployments_drop_service.rb b/app/services/deployments/older_deployments_drop_service.rb index 100d1267848..504b55b99ac 100644 --- a/app/services/deployments/older_deployments_drop_service.rb +++ b/app/services/deployments/older_deployments_drop_service.rb @@ -11,23 +11,23 @@ module Deployments def execute return unless @deployment&.running? - older_deployments.find_each do |older_deployment| - Gitlab::OptimisticLocking.retry_lock(older_deployment.deployable, name: 'older_deployments_drop') do |deployable| - deployable.drop(:forward_deployment_failure) + older_deployments_builds.each do |build| + Gitlab::OptimisticLocking.retry_lock(build, name: 'older_deployments_drop') do |build| + build.drop(:forward_deployment_failure) end rescue StandardError => e - Gitlab::ErrorTracking.track_exception(e, subject_id: @deployment.id, deployment_id: older_deployment.id) + Gitlab::ErrorTracking.track_exception(e, subject_id: @deployment.id, build_id: build.id) end end private - def older_deployments + def older_deployments_builds @deployment .environment .active_deployments .older_than(@deployment) - .with_deployable + .builds end end end diff --git a/app/services/error_tracking/list_issues_service.rb b/app/services/error_tracking/list_issues_service.rb index 86c7791e759..1979816b88d 100644 --- a/app/services/error_tracking/list_issues_service.rb +++ b/app/services/error_tracking/list_issues_service.rb @@ -76,16 +76,21 @@ module ErrorTracking filter_opts = { status: opts[:issue_status], sort: opts[:sort], - limit: opts[:limit] + limit: opts[:limit], + cursor: opts[:cursor] } errors = ErrorTracking::ErrorsFinder.new(current_user, project, filter_opts).execute + pagination = {} + pagination[:next] = { cursor: errors.cursor_for_next_page } if errors.has_next_page? + pagination[:previous] = { cursor: errors.cursor_for_previous_page } if errors.has_previous_page? + # We use the same response format as project_error_tracking_setting # method below for compatibility with existing code. { issues: errors.map(&:to_sentry_error), - pagination: {} + pagination: pagination } else project_error_tracking_setting.list_sentry_issues(**opts) diff --git a/app/services/feature_flags/base_service.rb b/app/services/feature_flags/base_service.rb index 9ae9ab4de63..ca0b6b89199 100644 --- a/app/services/feature_flags/base_service.rb +++ b/app/services/feature_flags/base_service.rb @@ -7,6 +7,8 @@ module FeatureFlags AUDITABLE_ATTRIBUTES = %w(name description active).freeze def success(**args) + audit_event = args.fetch(:audit_event) { audit_event(args[:feature_flag]) } + save_audit_event(audit_event) sync_to_jira(args[:feature_flag]) super end @@ -66,5 +68,11 @@ module FeatureFlags feature_flag_by_name.scopes.find_by_environment_scope(params[:environment_scope]) end end + + private + + def audit_message(feature_flag) + raise NotImplementedError, "This method should be overriden by subclasses" + end end end diff --git a/app/services/feature_flags/create_service.rb b/app/services/feature_flags/create_service.rb index 65f8f8e33f6..ebbe71f39c7 100644 --- a/app/services/feature_flags/create_service.rb +++ b/app/services/feature_flags/create_service.rb @@ -10,8 +10,6 @@ module FeatureFlags feature_flag = project.operations_feature_flags.new(params) if feature_flag.save - save_audit_event(audit_event(feature_flag)) - success(feature_flag: feature_flag) else error(feature_flag.errors.full_messages, 400) diff --git a/app/services/feature_flags/destroy_service.rb b/app/services/feature_flags/destroy_service.rb index 986fe004db6..817a80940c0 100644 --- a/app/services/feature_flags/destroy_service.rb +++ b/app/services/feature_flags/destroy_service.rb @@ -13,8 +13,6 @@ module FeatureFlags ApplicationRecord.transaction do if feature_flag.destroy - save_audit_event(audit_event(feature_flag)) - success(feature_flag: feature_flag) else error(feature_flag.errors.full_messages) diff --git a/app/services/feature_flags/hook_service.rb b/app/services/feature_flags/hook_service.rb new file mode 100644 index 00000000000..6f77a70bd09 --- /dev/null +++ b/app/services/feature_flags/hook_service.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +module FeatureFlags + class HookService + HOOK_NAME = :feature_flag_hooks + + def initialize(feature_flag, current_user) + @feature_flag = feature_flag + @current_user = current_user + end + + def execute + project.execute_hooks(hook_data, HOOK_NAME) + end + + private + + attr_reader :feature_flag, :current_user + + def project + @project ||= feature_flag.project + end + + def hook_data + Gitlab::DataBuilder::FeatureFlag.build(feature_flag, current_user) + end + end +end diff --git a/app/services/feature_flags/update_service.rb b/app/services/feature_flags/update_service.rb index ccfd1b57d44..bcfd2c15189 100644 --- a/app/services/feature_flags/update_service.rb +++ b/app/services/feature_flags/update_service.rb @@ -7,6 +7,11 @@ module FeatureFlags 'parameters' => 'parameters' }.freeze + def success(**args) + execute_hooks_after_commit(args[:feature_flag]) + super + end + def execute(feature_flag) return error('Access Denied', 403) unless can_update?(feature_flag) return error('Not Found', 404) unless valid_user_list_ids?(feature_flag, user_list_ids(params)) @@ -20,16 +25,11 @@ module FeatureFlags end end + # We generate the audit event before the feature flag is saved as #changed_strategies_messages depends on the strategies' states before save audit_event = audit_event(feature_flag) - if feature_flag.active_changed? - feature_flag.execute_hooks(current_user) - end - if feature_flag.save - save_audit_event(audit_event) - - success(feature_flag: feature_flag) + success(feature_flag: feature_flag, audit_event: audit_event) else error(feature_flag.errors.full_messages, :bad_request) end @@ -38,6 +38,16 @@ module FeatureFlags private + def execute_hooks_after_commit(feature_flag) + return unless feature_flag.active_previously_changed? + + # The `current_user` method (defined in `BaseService`) is not available within the `run_after_commit` block + user = current_user + feature_flag.run_after_commit do + HookService.new(feature_flag, user).execute + end + end + def audit_message(feature_flag) changes = changed_attributes_messages(feature_flag) changes += changed_strategies_messages(feature_flag) diff --git a/app/services/groups/transfer_service.rb b/app/services/groups/transfer_service.rb index b7eae06b963..774f81b0a5e 100644 --- a/app/services/groups/transfer_service.rb +++ b/app/services/groups/transfer_service.rb @@ -29,6 +29,7 @@ module Groups update_group_attributes ensure_ownership update_integrations + update_pending_builds! end post_update_hooks(@updated_project_ids) @@ -139,6 +140,10 @@ module Groups # these records again. @updated_project_ids = projects_to_update.pluck(:id) + Namespaces::ProjectNamespace + .where(id: projects_to_update.select(:project_namespace_id)) + .update_all(visibility_level: @new_parent_group.visibility_level) + projects_to_update .update_all(visibility_level: @new_parent_group.visibility_level) end @@ -217,6 +222,15 @@ module Groups PropagateIntegrationWorker.perform_async(integration.id) end end + + def update_pending_builds! + update_params = { + namespace_traversal_ids: group.traversal_ids, + namespace_id: group.id + } + + ::Ci::UpdatePendingBuildService.new(group, update_params).execute + end end end diff --git a/app/services/import/validate_remote_git_endpoint_service.rb b/app/services/import/validate_remote_git_endpoint_service.rb new file mode 100644 index 00000000000..afccb5373a9 --- /dev/null +++ b/app/services/import/validate_remote_git_endpoint_service.rb @@ -0,0 +1,76 @@ +# frozen_string_literal: true + +module Import + class ValidateRemoteGitEndpointService + # Validates if the remote endpoint is a valid GIT repository + # Only smart protocol is supported + # Validation rules are taken from https://git-scm.com/docs/http-protocol#_smart_clients + + GIT_SERVICE_NAME = "git-upload-pack" + GIT_EXPECTED_FIRST_PACKET_LINE = "# service=#{GIT_SERVICE_NAME}" + GIT_BODY_MESSAGE_REGEXP = /^[0-9a-f]{4}#{GIT_EXPECTED_FIRST_PACKET_LINE}/.freeze + # https://github.com/git/git/blob/master/Documentation/technical/protocol-common.txt#L56-L59 + GIT_PROTOCOL_PKT_LEN = 4 + GIT_MINIMUM_RESPONSE_LENGTH = GIT_PROTOCOL_PKT_LEN + GIT_EXPECTED_FIRST_PACKET_LINE.length + EXPECTED_CONTENT_TYPE = "application/x-#{GIT_SERVICE_NAME}-advertisement" + + def initialize(params) + @params = params + end + + def execute + uri = Gitlab::Utils.parse_url(@params[:url]) + + return ServiceResponse.error(message: "#{@params[:url]} is not a valid URL") unless uri + + uri.fragment = nil + url = Gitlab::Utils.append_path(uri.to_s, "/info/refs?service=#{GIT_SERVICE_NAME}") + + response_body = '' + result = nil + Gitlab::HTTP.try_get(url, stream_body: true, follow_redirects: false, basic_auth: auth) do |fragment| + response_body += fragment + next if response_body.length < GIT_MINIMUM_RESPONSE_LENGTH + + result = if status_code_is_valid(fragment) && content_type_is_valid(fragment) && response_body_is_valid(response_body) + :success + else + :error + end + + # We are interested only in the first chunks of the response + # So we're using stream_body: true and breaking when receive enough body + break + end + + if result == :success + ServiceResponse.success + else + ServiceResponse.error(message: "#{uri} is not a valid HTTP Git repository") + end + end + + private + + def auth + unless @params[:user].to_s.blank? + { + username: @params[:user], + password: @params[:password] + } + end + end + + def status_code_is_valid(fragment) + fragment.http_response.code == '200' + end + + def content_type_is_valid(fragment) + fragment.http_response['content-type'] == EXPECTED_CONTENT_TYPE + end + + def response_body_is_valid(response_body) + response_body.match?(GIT_BODY_MESSAGE_REGEXP) + end + end +end diff --git a/app/services/issuable/import_csv/base_service.rb b/app/services/issuable/import_csv/base_service.rb index 4a6b7540ded..4a2078a4e60 100644 --- a/app/services/issuable/import_csv/base_service.rb +++ b/app/services/issuable/import_csv/base_service.rb @@ -71,7 +71,14 @@ module Issuable # NOTE: CSV imports are performed by workers, so we do not have a request context in order # to create a SpamParams object to pass to the issuable create service. spam_params = nil - create_issuable_class.new(project: @project, current_user: @user, params: attributes, spam_params: spam_params).execute + create_service = create_issuable_class.new(project: @project, current_user: @user, params: attributes, spam_params: spam_params) + + # For now, if create_issuable_class prepends RateLimitedService let's bypass rate limiting + if create_issuable_class < RateLimitedService + create_service.execute_without_rate_limiting + else + create_service.execute + end end def email_results_to_user diff --git a/app/services/issues/clone_service.rb b/app/services/issues/clone_service.rb index cb42334fe32..c675f957cd7 100644 --- a/app/services/issues/clone_service.rb +++ b/app/services/issues/clone_service.rb @@ -8,13 +8,7 @@ module Issues @target_project = target_project @with_notes = with_notes - unless issue.can_clone?(current_user, target_project) - raise CloneError, s_('CloneIssue|Cannot clone issue due to insufficient permissions!') - end - - if target_project.pending_delete? - raise CloneError, s_('CloneIssue|Cannot clone issue to target project as it is pending deletion.') - end + verify_can_clone_issue!(issue, target_project) super(issue, target_project) @@ -30,6 +24,20 @@ module Issues attr_reader :target_project attr_reader :with_notes + def verify_can_clone_issue!(issue, target_project) + unless issue.supports_move_and_clone? + raise CloneError, s_('CloneIssue|Cannot clone issues of \'%{issue_type}\' type.') % { issue_type: issue.issue_type } + end + + unless issue.can_clone?(current_user, target_project) + raise CloneError, s_('CloneIssue|Cannot clone issue due to insufficient permissions!') + end + + if target_project.pending_delete? + raise CloneError, s_('CloneIssue|Cannot clone issue to target project as it is pending deletion.') + end + end + def update_new_entity # we don't call `super` because we want to be able to decide whether or not to copy all comments over. update_new_entity_description diff --git a/app/services/issues/close_service.rb b/app/services/issues/close_service.rb index ea64239dd99..ac846c769a3 100644 --- a/app/services/issues/close_service.rb +++ b/app/services/issues/close_service.rb @@ -3,8 +3,8 @@ module Issues class CloseService < Issues::BaseService # Closes the supplied issue if the current user is able to do so. - def execute(issue, commit: nil, notifications: true, system_note: true) - return issue unless can?(current_user, :update_issue, issue) || issue.is_a?(ExternalIssue) + def execute(issue, commit: nil, notifications: true, system_note: true, skip_authorization: false) + return issue unless can_close?(issue, skip_authorization: skip_authorization) close_issue(issue, closed_via: commit, @@ -24,7 +24,7 @@ module Issues return issue end - if project.issues_enabled? && issue.close(current_user) + if perform_close(issue) event_service.close_issue(issue, current_user) create_note(issue, closed_via) if system_note @@ -51,6 +51,15 @@ module Issues private + # Overridden on EE + def perform_close(issue) + issue.close(current_user) + end + + def can_close?(issue, skip_authorization: false) + skip_authorization || can?(current_user, :update_issue, issue) || issue.is_a?(ExternalIssue) + end + def perform_incident_management_actions(issue) resolve_alert(issue) end @@ -82,11 +91,11 @@ module Issues end end - def store_first_mentioned_in_commit_at(issue, merge_request) + def store_first_mentioned_in_commit_at(issue, merge_request, max_commit_lookup: 100) metrics = issue.metrics return if metrics.nil? || metrics.first_mentioned_in_commit_at - first_commit_timestamp = merge_request.commits(limit: 1).first.try(:authored_date) + first_commit_timestamp = merge_request.commits(limit: max_commit_lookup).last.try(:authored_date) return unless first_commit_timestamp metrics.update!(first_mentioned_in_commit_at: first_commit_timestamp) diff --git a/app/services/issues/create_service.rb b/app/services/issues/create_service.rb index b15b3e49c9a..fcedd1c1c8d 100644 --- a/app/services/issues/create_service.rb +++ b/app/services/issues/create_service.rb @@ -3,6 +3,10 @@ module Issues class CreateService < Issues::BaseService include ResolveDiscussions + prepend RateLimitedService + + rate_limit key: :issues_create, + opts: { scope: [:project, :current_user], users_allowlist: -> { [User.support_bot.username] } } # NOTE: For Issues::CreateService, we require the spam_params and do not default it to nil, because # spam_checking is likely to be necessary. However, if there is not a request available in scope diff --git a/app/services/issues/move_service.rb b/app/services/issues/move_service.rb index ff78221c941..4418b4eb2bf 100644 --- a/app/services/issues/move_service.rb +++ b/app/services/issues/move_service.rb @@ -7,13 +7,7 @@ module Issues def execute(issue, target_project) @target_project = target_project - unless issue.can_move?(current_user, @target_project) - raise MoveError, s_('MoveIssue|Cannot move issue due to insufficient permissions!') - end - - if @project == @target_project - raise MoveError, s_('MoveIssue|Cannot move issue to project it originates from!') - end + verify_can_move_issue!(issue, target_project) super @@ -32,6 +26,20 @@ module Issues attr_reader :target_project + def verify_can_move_issue!(issue, target_project) + unless issue.supports_move_and_clone? + raise MoveError, s_('MoveIssue|Cannot move issues of \'%{issue_type}\' type.') % { issue_type: issue.issue_type } + end + + unless issue.can_move?(current_user, @target_project) + raise MoveError, s_('MoveIssue|Cannot move issue due to insufficient permissions!') + end + + if @project == @target_project + raise MoveError, s_('MoveIssue|Cannot move issue to project it originates from!') + end + end + def update_service_desk_sent_notifications return unless original_entity.from_service_desk? diff --git a/app/services/issues/relative_position_rebalancing_service.rb b/app/services/issues/relative_position_rebalancing_service.rb index 7d199f99a24..23bb409f3cd 100644 --- a/app/services/issues/relative_position_rebalancing_service.rb +++ b/app/services/issues/relative_position_rebalancing_service.rb @@ -82,7 +82,7 @@ module Issues collection.each do |project| caching.cache_current_project_id(project.id) index += 1 - scope = Issue.in_projects(project).reorder(custom_reorder).select(:id, :relative_position) + scope = Issue.in_projects(project).order_by_relative_position.with_non_null_relative_position.select(:id, :relative_position) with_retry(PREFETCH_ISSUES_BATCH_SIZE, 100) do |batch_size| Gitlab::Pagination::Keyset::Iterator.new(scope: scope).each_batch(of: batch_size) do |batch| @@ -166,10 +166,6 @@ module Issues @start_position ||= (RelativePositioning::START_POSITION - (gaps / 2) * gap_size).to_i end - def custom_reorder - ::Gitlab::Pagination::Keyset::Order.build([Issue.column_order_relative_position, Issue.column_order_id_asc]) - end - def with_retry(initial_batch_size, exit_batch_size) retries = 0 batch_size = initial_batch_size diff --git a/app/services/issues/reopen_service.rb b/app/services/issues/reopen_service.rb index 977b924ed72..4abd1dfbf4e 100644 --- a/app/services/issues/reopen_service.rb +++ b/app/services/issues/reopen_service.rb @@ -2,10 +2,10 @@ module Issues class ReopenService < Issues::BaseService - def execute(issue) - return issue unless can?(current_user, :reopen_issue, issue) + def execute(issue, skip_authorization: false) + return issue unless can_reopen?(issue, skip_authorization: skip_authorization) - if issue.reopen + if perform_reopen(issue) event_service.reopen_issue(issue, current_user) create_note(issue, 'reopened') notification_service.async.reopen_issue(issue, current_user) @@ -22,6 +22,15 @@ module Issues private + # Overriden on EE + def perform_reopen(issue) + issue.reopen + end + + def can_reopen?(issue, skip_authorization: false) + skip_authorization || can?(current_user, :reopen_issue, issue) + end + def perform_incident_management_actions(issue) end diff --git a/app/services/merge_requests/mergeability/check_base_service.rb b/app/services/merge_requests/mergeability/check_base_service.rb new file mode 100644 index 00000000000..d5ddcb4b828 --- /dev/null +++ b/app/services/merge_requests/mergeability/check_base_service.rb @@ -0,0 +1,36 @@ +# frozen_string_literal: true +module MergeRequests + module Mergeability + class CheckBaseService + attr_reader :merge_request, :params + + def initialize(merge_request:, params:) + @merge_request = merge_request + @params = params + end + + def skip? + raise NotImplementedError + end + + # When this method is true, we need to implement a cache_key + def cacheable? + raise NotImplementedError + end + + def cache_key + raise NotImplementedError + end + + private + + def success(*args) + Gitlab::MergeRequests::Mergeability::CheckResult.success(*args) + end + + def failure(*args) + Gitlab::MergeRequests::Mergeability::CheckResult.failed(*args) + end + end + end +end diff --git a/app/services/merge_requests/mergeability/check_ci_status_service.rb b/app/services/merge_requests/mergeability/check_ci_status_service.rb new file mode 100644 index 00000000000..c0ef5ba1c30 --- /dev/null +++ b/app/services/merge_requests/mergeability/check_ci_status_service.rb @@ -0,0 +1,22 @@ +# frozen_string_literal: true +module MergeRequests + module Mergeability + class CheckCiStatusService < CheckBaseService + def execute + if merge_request.mergeable_ci_state? + success + else + failure + end + end + + def skip? + params[:skip_ci_check].present? + end + + def cacheable? + false + end + end + end +end diff --git a/app/services/merge_requests/mergeability/run_checks_service.rb b/app/services/merge_requests/mergeability/run_checks_service.rb new file mode 100644 index 00000000000..c1d65fb65cc --- /dev/null +++ b/app/services/merge_requests/mergeability/run_checks_service.rb @@ -0,0 +1,54 @@ +# frozen_string_literal: true +module MergeRequests + module Mergeability + class RunChecksService + include Gitlab::Utils::StrongMemoize + + # We want to have the cheapest checks first in the list, + # that way we can fail fast before running the more expensive ones + CHECKS = [ + CheckCiStatusService + ].freeze + + def initialize(merge_request:, params:) + @merge_request = merge_request + @params = params + end + + def execute + CHECKS.each_with_object([]) do |check_class, results| + check = check_class.new(merge_request: merge_request, params: params) + + next if check.skip? + + check_result = run_check(check) + results << check_result + + break results if check_result.failed? + end + end + + private + + attr_reader :merge_request, :params + + def run_check(check) + return check.execute unless Feature.enabled?(:mergeability_caching, merge_request.project, default_enabled: :yaml) + return check.execute unless check.cacheable? + + cached_result = results.read(merge_check: check) + return cached_result if cached_result.respond_to?(:status) + + check.execute.tap do |result| + results.write(merge_check: check, result_hash: result.to_hash) + end + end + + def results + strong_memoize(:results) do + Gitlab::MergeRequests::Mergeability::ResultsStore.new(merge_request: merge_request) + end + end + end + end +end diff --git a/app/services/merge_requests/update_service.rb b/app/services/merge_requests/update_service.rb index af041de5596..c5395138902 100644 --- a/app/services/merge_requests/update_service.rb +++ b/app/services/merge_requests/update_service.rb @@ -248,7 +248,7 @@ module MergeRequests def merge_from_quick_action(merge_request) last_diff_sha = params.delete(:merge) - MergeRequests::MergeOrchestrationService + ::MergeRequests::MergeOrchestrationService .new(project, current_user, { sha: last_diff_sha }) .execute(merge_request) end diff --git a/app/services/metrics/dashboard/annotations/create_service.rb b/app/services/metrics/dashboard/annotations/create_service.rb index 54f4e96378c..b86fa82a5e8 100644 --- a/app/services/metrics/dashboard/annotations/create_service.rb +++ b/app/services/metrics/dashboard/annotations/create_service.rb @@ -30,7 +30,7 @@ module Metrics options[:environment] = environment success(options) else - error(s_('Metrics::Dashboard::Annotation|You are not authorized to create annotation for selected environment')) + error(s_('MetricsDashboardAnnotation|You are not authorized to create annotation for selected environment')) end end @@ -39,7 +39,7 @@ module Metrics options[:cluster] = cluster success(options) else - error(s_('Metrics::Dashboard::Annotation|You are not authorized to create annotation for selected cluster')) + error(s_('MetricsDashboardAnnotation|You are not authorized to create annotation for selected cluster')) end end @@ -51,7 +51,7 @@ module Metrics success(options) rescue Gitlab::Template::Finders::RepoTemplateFinder::FileNotFoundError - error(s_('Metrics::Dashboard::Annotation|Dashboard with requested path can not be found')) + error(s_('MetricsDashboardAnnotation|Dashboard with requested path can not be found')) end def create(options) diff --git a/app/services/metrics/dashboard/annotations/delete_service.rb b/app/services/metrics/dashboard/annotations/delete_service.rb index 3efe6924a9b..3cb22f8d3da 100644 --- a/app/services/metrics/dashboard/annotations/delete_service.rb +++ b/app/services/metrics/dashboard/annotations/delete_service.rb @@ -27,7 +27,7 @@ module Metrics if Ability.allowed?(user, :delete_metrics_dashboard_annotation, annotation) success else - error(s_('Metrics::Dashboard::Annotation|You are not authorized to delete this annotation')) + error(s_('MetricsDashboardAnnotation|You are not authorized to delete this annotation')) end end @@ -35,7 +35,7 @@ module Metrics if annotation.destroy success else - error(s_('Metrics::Dashboard::Annotation|Annotation has not been deleted')) + error(s_('MetricsDashboardAnnotation|Annotation has not been deleted')) end end end diff --git a/app/services/metrics/users_starred_dashboards/create_service.rb b/app/services/metrics/users_starred_dashboards/create_service.rb index 9642df87861..0d028f120d3 100644 --- a/app/services/metrics/users_starred_dashboards/create_service.rb +++ b/app/services/metrics/users_starred_dashboards/create_service.rb @@ -35,7 +35,7 @@ module Metrics if Ability.allowed?(user, :create_metrics_user_starred_dashboard, project) success(user: user, project: project) else - error(s_('Metrics::UsersStarredDashboards|You are not authorized to add star to this dashboard')) + error(s_('MetricsUsersStarredDashboards|You are not authorized to add star to this dashboard')) end end @@ -44,7 +44,7 @@ module Metrics options[:dashboard_path] = dashboard_path success(options) else - error(s_('Metrics::UsersStarredDashboards|Dashboard with requested path can not be found')) + error(s_('MetricsUsersStarredDashboards|Dashboard with requested path can not be found')) end end diff --git a/app/services/packages/composer/create_package_service.rb b/app/services/packages/composer/create_package_service.rb index 8215a3385a4..0f5429f667e 100644 --- a/app/services/packages/composer/create_package_service.rb +++ b/app/services/packages/composer/create_package_service.rb @@ -17,10 +17,6 @@ module Packages }) end - unless Feature.enabled?(:remove_composer_v1_cache_code, project) - ::Packages::Composer::CacheUpdateWorker.perform_async(created_package.project_id, created_package.name, nil) - end - created_package end diff --git a/app/services/projects/after_rename_service.rb b/app/services/projects/after_rename_service.rb index 953b386b754..a3d54bc6b58 100644 --- a/app/services/projects/after_rename_service.rb +++ b/app/services/projects/after_rename_service.rb @@ -12,6 +12,8 @@ module Projects # # Projects::AfterRenameService.new(project).execute class AfterRenameService + include BaseServiceUtility + # @return [String] The Project being renamed. attr_reader :project @@ -78,7 +80,7 @@ module Projects def execute_system_hooks project.old_path_with_namespace = full_path_before - SystemHooksService.new.execute_hooks_for(project, :rename) + system_hook_service.execute_hooks_for(project, :rename) end def update_repository_configuration @@ -110,7 +112,7 @@ module Projects end def log_completion - Gitlab::AppLogger.info( + log_info( "Project #{project.id} has been renamed from " \ "#{full_path_before} to #{full_path_after}" ) @@ -140,7 +142,7 @@ module Projects def rename_failed! error = "Repository #{full_path_before} could not be renamed to #{full_path_after}" - Gitlab::AppLogger.error(error) + log_error(error) raise RenameFailedError, error end diff --git a/app/services/projects/container_repository/cache_tags_created_at_service.rb b/app/services/projects/container_repository/cache_tags_created_at_service.rb new file mode 100644 index 00000000000..3a5346d7a23 --- /dev/null +++ b/app/services/projects/container_repository/cache_tags_created_at_service.rb @@ -0,0 +1,70 @@ +# frozen_string_literal: true + +module Projects + module ContainerRepository + class CacheTagsCreatedAtService + def initialize(container_repository) + @container_repository = container_repository + @cached_tag_names = Set.new + end + + def populate(tags) + return if tags.empty? + + # This will load all tags in one Redis roundtrip + # the maximum number of tags is configurable and is set to 200 by default. + # https://gitlab.com/gitlab-org/gitlab/blob/master/doc/user/packages/container_registry/index.md#set-cleanup-limits-to-conserve-resources + keys = tags.map(&method(:cache_key)) + cached_tags_count = 0 + + ::Gitlab::Redis::Cache.with do |redis| + tags.zip(redis.mget(keys)).each do |tag, created_at| + next unless created_at + + tag.created_at = DateTime.rfc3339(created_at) + @cached_tag_names << tag.name + cached_tags_count += 1 + end + end + + cached_tags_count + end + + def insert(tags, max_ttl_in_seconds) + return unless max_ttl_in_seconds + return if tags.empty? + + # tags with nil created_at are not cacheable + # tags already cached don't need to be cached again + cacheable_tags = tags.select do |tag| + tag.created_at.present? && !tag.name.in?(@cached_tag_names) + end + + return if cacheable_tags.empty? + + now = Time.zone.now + + ::Gitlab::Redis::Cache.with do |redis| + # we use a pipeline instead of a MSET because each tag has + # a specific ttl + redis.pipelined do + cacheable_tags.each do |tag| + created_at = tag.created_at + # ttl is the max_ttl_in_seconds reduced by the number + # of seconds that the tag has already existed + ttl = max_ttl_in_seconds - (now - created_at).seconds + ttl = ttl.to_i + redis.set(cache_key(tag), created_at.rfc3339, ex: ttl) if ttl > 0 + end + end + end + end + + private + + def cache_key(tag) + "container_repository:{#{@container_repository.id}}:tag:#{tag.name}:created_at" + end + end + end +end diff --git a/app/services/projects/container_repository/cleanup_tags_service.rb b/app/services/projects/container_repository/cleanup_tags_service.rb index 793d2fec033..3a60de0f1ee 100644 --- a/app/services/projects/container_repository/cleanup_tags_service.rb +++ b/app/services/projects/container_repository/cleanup_tags_service.rb @@ -2,116 +2,152 @@ module Projects module ContainerRepository - class CleanupTagsService < BaseService - def execute(container_repository) + class CleanupTagsService + include BaseServiceUtility + include ::Gitlab::Utils::StrongMemoize + + def initialize(container_repository, user = nil, params = {}) + @container_repository = container_repository + @current_user = user + @params = params.dup + + @project = container_repository.project + @tags = container_repository.tags + tags_size = @tags.size + @counts = { + original_size: tags_size, + cached_tags_count: 0 + } + end + + def execute return error('access denied') unless can_destroy? return error('invalid regex') unless valid_regex? - tags = container_repository.tags - original_size = tags.size + filter_out_latest + filter_by_name - tags = without_latest(tags) - tags = filter_by_name(tags) + truncate + populate_from_cache - before_truncate_size = tags.size - tags = truncate(tags) - after_truncate_size = tags.size + filter_keep_n + filter_by_older_than - tags = filter_keep_n(tags) - tags = filter_by_older_than(tags) - - delete_tags(container_repository, tags).tap do |result| - result[:original_size] = original_size - result[:before_truncate_size] = before_truncate_size - result[:after_truncate_size] = after_truncate_size - result[:before_delete_size] = tags.size + delete_tags.merge(@counts).tap do |result| + result[:before_delete_size] = @tags.size result[:deleted_size] = result[:deleted]&.size - result[:status] = :error if before_truncate_size != after_truncate_size + result[:status] = :error if @counts[:before_truncate_size] != @counts[:after_truncate_size] end end private - def delete_tags(container_repository, tags) - return success(deleted: []) unless tags.any? - - tag_names = tags.map(&:name) + def delete_tags + return success(deleted: []) unless @tags.any? service = Projects::ContainerRepository::DeleteTagsService.new( - container_repository.project, - current_user, - tags: tag_names, - container_expiration_policy: params['container_expiration_policy'] + @project, + @current_user, + tags: @tags.map(&:name), + container_expiration_policy: container_expiration_policy ) - service.execute(container_repository) + service.execute(@container_repository) end - def without_latest(tags) - tags.reject(&:latest?) + def filter_out_latest + @tags.reject!(&:latest?) end - def order_by_date(tags) + def order_by_date now = DateTime.current - tags.sort_by { |tag| tag.created_at || now }.reverse + @tags.sort_by! { |tag| tag.created_at || now } + .reverse! end - def filter_by_name(tags) - regex_delete = ::Gitlab::UntrustedRegexp.new("\\A#{params['name_regex_delete'] || params['name_regex']}\\z") - regex_retain = ::Gitlab::UntrustedRegexp.new("\\A#{params['name_regex_keep']}\\z") + def filter_by_name + regex_delete = ::Gitlab::UntrustedRegexp.new("\\A#{name_regex_delete || name_regex}\\z") + regex_retain = ::Gitlab::UntrustedRegexp.new("\\A#{name_regex_keep}\\z") - tags.select do |tag| + @tags.select! do |tag| # regex_retain will override any overlapping matches by regex_delete regex_delete.match?(tag.name) && !regex_retain.match?(tag.name) end end - def filter_keep_n(tags) - return tags unless params['keep_n'] + def filter_keep_n + return unless keep_n - tags = order_by_date(tags) - tags.drop(keep_n) + order_by_date + cache_tags(@tags.first(keep_n_as_integer)) + @tags = @tags.drop(keep_n_as_integer) end - def filter_by_older_than(tags) - return tags unless params['older_than'] + def filter_by_older_than + return unless older_than - older_than = ChronicDuration.parse(params['older_than']).seconds.ago + older_than_timestamp = older_than_in_seconds.ago - tags.select do |tag| - tag.created_at && tag.created_at < older_than + @tags, tags_to_keep = @tags.partition do |tag| + tag.created_at && tag.created_at < older_than_timestamp end + + cache_tags(tags_to_keep) end def can_destroy? - return true if params['container_expiration_policy'] + return true if container_expiration_policy - can?(current_user, :destroy_container_image, project) + can?(@current_user, :destroy_container_image, @project) end def valid_regex? %w(name_regex_delete name_regex name_regex_keep).each do |param_name| - regex = params[param_name] + regex = @params[param_name] ::Gitlab::UntrustedRegexp.new(regex) unless regex.blank? end true rescue RegexpError => e - ::Gitlab::ErrorTracking.log_exception(e, project_id: project.id) + ::Gitlab::ErrorTracking.log_exception(e, project_id: @project.id) false end - def truncate(tags) - return tags unless throttling_enabled? - return tags if max_list_size == 0 + def truncate + @counts[:before_truncate_size] = @tags.size + @counts[:after_truncate_size] = @tags.size + + return unless throttling_enabled? + return if max_list_size == 0 # truncate the list to make sure that after the #filter_keep_n # execution, the resulting list will be max_list_size - truncated_size = max_list_size + keep_n + truncated_size = max_list_size + keep_n_as_integer - return tags if tags.size <= truncated_size + return if @tags.size <= truncated_size + + @tags = @tags.sample(truncated_size) + @counts[:after_truncate_size] = @tags.size + end + + def populate_from_cache + @counts[:cached_tags_count] = cache.populate(@tags) if caching_enabled? + end + + def cache_tags(tags) + cache.insert(tags, older_than_in_seconds) if caching_enabled? + end + + def cache + strong_memoize(:cache) do + ::Projects::ContainerRepository::CacheTagsCreatedAtService.new(@container_repository) + end + end - tags.sample(truncated_size) + def caching_enabled? + container_expiration_policy && + older_than.present? && + Feature.enabled?(:container_registry_expiration_policies_caching, @project) end def throttling_enabled? @@ -123,7 +159,37 @@ module Projects end def keep_n - params['keep_n'].to_i + @params['keep_n'] + end + + def keep_n_as_integer + keep_n.to_i + end + + def older_than_in_seconds + strong_memoize(:older_than_in_seconds) do + ChronicDuration.parse(older_than).seconds + end + end + + def older_than + @params['older_than'] + end + + def name_regex_delete + @params['name_regex_delete'] + end + + def name_regex + @params['name_regex'] + end + + def name_regex_keep + @params['name_regex_keep'] + end + + def container_expiration_policy + @params['container_expiration_policy'] end end end diff --git a/app/services/projects/create_service.rb b/app/services/projects/create_service.rb index e717491b19d..1536f0a22b8 100644 --- a/app/services/projects/create_service.rb +++ b/app/services/projects/create_service.rb @@ -8,6 +8,7 @@ module Projects @current_user = user @params = params.dup @skip_wiki = @params.delete(:skip_wiki) + @initialize_with_sast = Gitlab::Utils.to_boolean(@params.delete(:initialize_with_sast)) @initialize_with_readme = Gitlab::Utils.to_boolean(@params.delete(:initialize_with_readme)) @import_data = @params.delete(:import_data) @relations_block = @params.delete(:relations_block) @@ -118,6 +119,7 @@ module Projects Projects::PostCreationWorker.perform_async(@project.id) create_readme if @initialize_with_readme + create_sast_commit if @initialize_with_sast end # Add an authorization for the current user authorizations inline @@ -160,6 +162,10 @@ module Projects Files::CreateService.new(@project, current_user, commit_attrs).execute end + def create_sast_commit + ::Security::CiConfiguration::SastCreateService.new(@project, current_user, {}, commit_on_default: true).execute + end + def readme_content @readme_template.presence || experiment(:new_project_readme_content, namespace: @project.namespace).run_with(@project) end diff --git a/app/services/projects/destroy_service.rb b/app/services/projects/destroy_service.rb index afa8de04fca..27f813f4661 100644 --- a/app/services/projects/destroy_service.rb +++ b/app/services/projects/destroy_service.rb @@ -5,6 +5,7 @@ module Projects include Gitlab::ShellAdapter DestroyError = Class.new(StandardError) + BATCH_SIZE = 100 def async_execute project.update_attribute(:pending_delete, true) @@ -119,6 +120,12 @@ module Projects destroy_web_hooks! destroy_project_bots! + if ::Feature.enabled?(:ci_optimize_project_records_destruction, project, default_enabled: :yaml) && + Feature.enabled?(:abort_deleted_project_pipelines, default_enabled: :yaml) + + destroy_ci_records! + end + # Rails attempts to load all related records into memory before # destroying: https://github.com/rails/rails/issues/22510 # This ensures we delete records in batches. @@ -133,6 +140,23 @@ module Projects log_info("Attempting to destroy #{project.full_path} (#{project.id})") end + def destroy_ci_records! + project.all_pipelines.find_each(batch_size: BATCH_SIZE) do |pipeline| # rubocop: disable CodeReuse/ActiveRecord + # Destroy artifacts, then builds, then pipelines + # All builds have already been dropped by Ci::AbortPipelinesService, + # so no Ci::Build-instantiating cancellations happen here. + # https://gitlab.com/gitlab-org/gitlab/-/merge_requests/71342#note_691523196 + + ::Ci::DestroyPipelineService.new(project, current_user).execute(pipeline) + end + + deleted_count = project.commit_statuses.delete_all + + if deleted_count > 0 + Gitlab::AppLogger.info "Projects::DestroyService - Project #{project.id} - #{deleted_count} leftover commit statuses" + end + end + # The project can have multiple webhooks with hundreds of thousands of web_hook_logs. # By default, they are removed with "DELETE CASCADE" option defined via foreign_key. # But such queries can exceed the statement_timeout limit and fail to delete the project. diff --git a/app/services/projects/group_links/update_service.rb b/app/services/projects/group_links/update_service.rb index 475ab17f1a1..a836b96cac3 100644 --- a/app/services/projects/group_links/update_service.rb +++ b/app/services/projects/group_links/update_service.rb @@ -20,19 +20,15 @@ module Projects attr_reader :group_link def refresh_authorizations - if Feature.enabled?(:specialized_worker_for_project_share_update_auth_recalculation) - AuthorizedProjectUpdate::ProjectRecalculateWorker.perform_async(project.id) - - # Until we compare the inconsistency rates of the new specialized worker and - # the old approach, we still run AuthorizedProjectsWorker - # but with some delay and lower urgency as a safety net. - group_link.group.refresh_members_authorized_projects( - blocking: false, - priority: UserProjectAccessChangedService::LOW_PRIORITY - ) - else - group_link.group.refresh_members_authorized_projects - end + AuthorizedProjectUpdate::ProjectRecalculateWorker.perform_async(project.id) + + # Until we compare the inconsistency rates of the new specialized worker and + # the old approach, we still run AuthorizedProjectsWorker + # but with some delay and lower urgency as a safety net. + group_link.group.refresh_members_authorized_projects( + blocking: false, + priority: UserProjectAccessChangedService::LOW_PRIORITY + ) end def requires_authorization_refresh?(params) diff --git a/app/services/projects/import_service.rb b/app/services/projects/import_service.rb index b5288aad6f0..4979af6dfe1 100644 --- a/app/services/projects/import_service.rb +++ b/app/services/projects/import_service.rb @@ -16,6 +16,8 @@ module Projects end def execute + track_start_import + add_repository_to_project download_lfs_objects @@ -25,16 +27,17 @@ module Projects after_execute_hook success - rescue Gitlab::UrlBlocker::BlockedUrlError => e - Gitlab::ErrorTracking.track_exception(e, project_path: project.full_path, importer: project.import_type) + rescue Gitlab::UrlBlocker::BlockedUrlError, StandardError => e + Gitlab::Import::ImportFailureService.track( + project_id: project.id, + error_source: self.class.name, + exception: e, + metrics: true + ) - error(s_("ImportProjects|Error importing repository %{project_safe_import_url} into %{project_full_path} - %{message}") % { project_safe_import_url: project.safe_import_url, project_full_path: project.full_path, message: e.message }) - rescue StandardError => e message = Projects::ImportErrorFilter.filter_message(e.message) - - Gitlab::ErrorTracking.track_exception(e, project_path: project.full_path, importer: project.import_type) - - error(s_("ImportProjects|Error importing repository %{project_safe_import_url} into %{project_full_path} - %{message}") % { project_safe_import_url: project.safe_import_url, project_full_path: project.full_path, message: message }) + error(s_("ImportProjects|Error importing repository %{project_safe_import_url} into %{project_full_path} - %{message}") % + { project_safe_import_url: project.safe_import_url, project_full_path: project.full_path, message: message }) end protected @@ -54,6 +57,10 @@ module Projects # Defined in EE::Projects::ImportService end + def track_start_import + has_importer? && importer_class.try(:track_start_import, project) + end + def add_repository_to_project if project.external_import? && !unknown_url? begin diff --git a/app/services/projects/overwrite_project_service.rb b/app/services/projects/overwrite_project_service.rb index f35370c427f..2612001eb95 100644 --- a/app/services/projects/overwrite_project_service.rb +++ b/app/services/projects/overwrite_project_service.rb @@ -3,7 +3,7 @@ module Projects class OverwriteProjectService < BaseService def execute(source_project) - return unless source_project && source_project.namespace == @project.namespace + return unless source_project && source_project.namespace_id == @project.namespace_id start_time = ::Gitlab::Metrics::System.monotonic_time @@ -40,7 +40,7 @@ module Projects duration = ::Gitlab::Metrics::System.monotonic_time - start_time Gitlab::AppJsonLogger.info(class: self.class.name, - namespace_id: source_project.namespace.id, + namespace_id: source_project.namespace_id, project_id: source_project.id, duration_s: duration.to_f, error: exception.class.name) diff --git a/app/services/projects/participants_service.rb b/app/services/projects/participants_service.rb index 228115d72b8..1616a8a4062 100644 --- a/app/services/projects/participants_service.rb +++ b/app/services/projects/participants_service.rb @@ -36,14 +36,17 @@ module Projects private def project_members_through_invited_groups - groups_with_ancestors_ids = Gitlab::ObjectHierarchy - .new(visible_groups) - .base_and_ancestors - .pluck_primary_key + groups_with_ancestors = if ::Feature.enabled?(:linear_participants_service_ancestor_scopes, current_user, default_enabled: :yaml) + visible_groups.self_and_ancestors + else + Gitlab::ObjectHierarchy + .new(visible_groups) + .base_and_ancestors + end GroupMember .active_without_invites_and_requests - .with_source_id(groups_with_ancestors_ids) + .with_source_id(groups_with_ancestors.pluck_primary_key) end def visible_groups diff --git a/app/services/projects/transfer_service.rb b/app/services/projects/transfer_service.rb index 27376173f07..a69e6488ebc 100644 --- a/app/services/projects/transfer_service.rb +++ b/app/services/projects/transfer_service.rb @@ -81,7 +81,7 @@ module Projects # Apply changes to the project update_namespace_and_visibility(@new_namespace) - update_shared_runners_settings + project.reconcile_shared_runners_setting! project.save! # Notifications @@ -104,6 +104,8 @@ module Projects update_repository_configuration(@new_path) execute_system_hooks + + update_pending_builds! end post_update_hooks(project) @@ -154,19 +156,15 @@ module Projects user_ids = @old_namespace.user_ids_for_project_authorizations | @new_namespace.user_ids_for_project_authorizations - if Feature.enabled?(:specialized_worker_for_project_transfer_auth_recalculation) - AuthorizedProjectUpdate::ProjectRecalculateWorker.perform_async(project.id) - - # Until we compare the inconsistency rates of the new specialized worker and - # the old approach, we still run AuthorizedProjectsWorker - # but with some delay and lower urgency as a safety net. - UserProjectAccessChangedService.new(user_ids).execute( - blocking: false, - priority: UserProjectAccessChangedService::LOW_PRIORITY - ) - else - UserProjectAccessChangedService.new(user_ids).execute - end + AuthorizedProjectUpdate::ProjectRecalculateWorker.perform_async(project.id) + + # Until we compare the inconsistency rates of the new specialized worker and + # the old approach, we still run AuthorizedProjectsWorker + # but with some delay and lower urgency as a safety net. + UserProjectAccessChangedService.new(user_ids).execute( + blocking: false, + priority: UserProjectAccessChangedService::LOW_PRIORITY + ) end def rollback_side_effects @@ -189,7 +187,7 @@ module Projects end def execute_system_hooks - SystemHooksService.new.execute_hooks_for(project, :transfer) + system_hook_service.execute_hooks_for(project, :transfer) end def move_project_folders(project) @@ -241,18 +239,19 @@ module Projects "#{new_path}#{::Gitlab::GlRepository::DESIGN.path_suffix}" end - def update_shared_runners_settings - # If a project is being transferred to another group it means it can already - # have shared runners enabled but we need to check whether the new group allows that. - if project.group && project.group.shared_runners_setting == 'disabled_and_unoverridable' - project.shared_runners_enabled = false - end - end - def update_integrations project.integrations.with_default_settings.delete_all Integration.create_from_active_default_integrations(project, :project_id) end + + def update_pending_builds! + update_params = { + namespace_id: new_namespace.id, + namespace_traversal_ids: new_namespace.traversal_ids + } + + ::Ci::UpdatePendingBuildService.new(project, update_params).execute + end end end diff --git a/app/services/projects/update_pages_service.rb b/app/services/projects/update_pages_service.rb index dc75fe1014a..0000e713cb4 100644 --- a/app/services/projects/update_pages_service.rb +++ b/app/services/projects/update_pages_service.rb @@ -136,13 +136,11 @@ module Projects def validate_outdated_sha! return if latest? - if Feature.enabled?(:pages_smart_check_outdated_sha, project, default_enabled: :yaml) - # use pipeline_id in case the build is retried - last_deployed_pipeline_id = project.pages_metadatum&.pages_deployment&.ci_build&.pipeline_id + # use pipeline_id in case the build is retried + last_deployed_pipeline_id = project.pages_metadatum&.pages_deployment&.ci_build&.pipeline_id - return unless last_deployed_pipeline_id - return if last_deployed_pipeline_id <= build.pipeline_id - end + return unless last_deployed_pipeline_id + return if last_deployed_pipeline_id <= build.pipeline_id raise InvalidStateError, 'build SHA is outdated for this ref' end diff --git a/app/services/projects/update_service.rb b/app/services/projects/update_service.rb index b87564fcaef..a32e80af4b1 100644 --- a/app/services/projects/update_service.rb +++ b/app/services/projects/update_service.rb @@ -105,7 +105,7 @@ module Projects end update_pages_config if changing_pages_related_config? - update_pending_builds if shared_runners_toggled? + update_pending_builds if runners_settings_toggled? end def after_rename_service(project) @@ -181,13 +181,36 @@ module Projects end def update_pending_builds - update_params = { instance_runners_enabled: project.shared_runners_enabled } + update_params = { + instance_runners_enabled: project.shared_runners_enabled?, + namespace_traversal_ids: group_runner_traversal_ids + } - ::Ci::UpdatePendingBuildService.new(project, update_params).execute + ::Ci::UpdatePendingBuildService + .new(project, update_params) + .execute end - def shared_runners_toggled? - project.previous_changes.include?('shared_runners_enabled') + def shared_runners_settings_toggled? + project.previous_changes.include?(:shared_runners_enabled) + end + + def group_runners_settings_toggled? + return false unless project.ci_cd_settings.present? + + project.ci_cd_settings.previous_changes.include?(:group_runners_enabled) + end + + def runners_settings_toggled? + shared_runners_settings_toggled? || group_runners_settings_toggled? + end + + def group_runner_traversal_ids + if project.group_runners_enabled? + project.namespace.traversal_ids + else + [] + end end end end diff --git a/app/services/search/global_service.rb b/app/services/search/global_service.rb index 33faf2d6698..cee59360b4b 100644 --- a/app/services/search/global_service.rb +++ b/app/services/search/global_service.rb @@ -24,7 +24,7 @@ module Search # rubocop: disable CodeReuse/ActiveRecord def projects - @projects ||= ProjectsFinder.new(params: { non_archived: true }, current_user: current_user).execute.preload(:topics, :taggings) + @projects ||= ProjectsFinder.new(params: { non_archived: true }, current_user: current_user).execute.preload(:topics, :project_topics) end def allowed_scopes diff --git a/app/services/security/ci_configuration/base_create_service.rb b/app/services/security/ci_configuration/base_create_service.rb index adb45244adb..ea77cd98ba3 100644 --- a/app/services/security/ci_configuration/base_create_service.rb +++ b/app/services/security/ci_configuration/base_create_service.rb @@ -25,7 +25,7 @@ module Security rescue Gitlab::Git::PreReceiveError => e ServiceResponse.error(message: e.message) rescue StandardError - project.repository.rm_branch(current_user, branch_name) if project.repository.branch_exists?(branch_name) + remove_branch_on_exception raise end @@ -50,6 +50,10 @@ module Security Gitlab::Routing.url_helpers.project_new_merge_request_url(project, merge_request: merge_request_params) end + def remove_branch_on_exception + project.repository.rm_branch(current_user, branch_name) if project.repository.branch_exists?(branch_name) + end + def track_event(attributes_for_commit) action = attributes_for_commit[:actions].first diff --git a/app/services/security/ci_configuration/sast_create_service.rb b/app/services/security/ci_configuration/sast_create_service.rb index f495cac18f8..47e01847b17 100644 --- a/app/services/security/ci_configuration/sast_create_service.rb +++ b/app/services/security/ci_configuration/sast_create_service.rb @@ -5,15 +5,28 @@ module Security class SastCreateService < ::Security::CiConfiguration::BaseCreateService attr_reader :params - def initialize(project, current_user, params) + def initialize(project, current_user, params, commit_on_default: false) super(project, current_user) @params = params + + @commit_on_default = commit_on_default + @branch_name = project.default_branch if @commit_on_default end private + def remove_branch_on_exception + super unless @commit_on_default + end + def action - Security::CiConfiguration::SastBuildAction.new(project.auto_devops_enabled?, params, existing_gitlab_ci_content).generate + existing_content = begin + existing_gitlab_ci_content # this can fail on the very first commit + rescue StandardError + nil + end + + Security::CiConfiguration::SastBuildAction.new(project.auto_devops_enabled?, params, existing_content).generate end def next_branch diff --git a/app/services/service_ping/submit_service.rb b/app/services/service_ping/submit_service.rb index 3417ce4f583..63e01603d47 100644 --- a/app/services/service_ping/submit_service.rb +++ b/app/services/service_ping/submit_service.rb @@ -78,7 +78,7 @@ module ServicePing def store_metrics(response) metrics = response['conv_index'] || response['dev_ops_score'] # leaving dev_ops_score here, as the response data comes from the gitlab-version-com - return unless metrics.present? + return unless metrics.except('usage_data_id').present? DevOpsReport::Metric.create!( metrics.slice(*METRICS) diff --git a/app/services/terraform/remote_state_handler.rb b/app/services/terraform/remote_state_handler.rb index e9a13cee764..f13477b8b34 100644 --- a/app/services/terraform/remote_state_handler.rb +++ b/app/services/terraform/remote_state_handler.rb @@ -2,8 +2,6 @@ module Terraform class RemoteStateHandler < BaseService - include Gitlab::OptimisticLocking - StateLockedError = Class.new(StandardError) UnauthorizedError = Class.new(StandardError) @@ -60,7 +58,7 @@ module Terraform private def retrieve_with_lock(find_only: false) - create_or_find!(find_only: find_only).tap { |state| retry_optimistic_lock(state, name: 'terraform_remote_state_handler_retrieve') { |state| yield state } } + create_or_find!(find_only: find_only).tap { |state| state.with_lock { yield state } } end def create_or_find!(find_only:) diff --git a/app/services/user_project_access_changed_service.rb b/app/services/user_project_access_changed_service.rb index 5f48f410bf7..5bba986f4ad 100644 --- a/app/services/user_project_access_changed_service.rb +++ b/app/services/user_project_access_changed_service.rb @@ -30,7 +30,7 @@ class UserProjectAccessChangedService end end - ::Gitlab::Database::LoadBalancing::Sticking.bulk_stick(:user, @user_ids) + ::User.sticking.bulk_stick(:user, @user_ids) result end diff --git a/app/services/users/update_service.rb b/app/services/users/update_service.rb index 23c67231a29..c3df9b153a1 100644 --- a/app/services/users/update_service.rb +++ b/app/services/users/update_service.rb @@ -5,15 +5,18 @@ module Users include NewUserNotifier attr_reader :user, :identity_params + ATTRS_REQUIRING_PASSWORD_CHECK = %w[email].freeze + def initialize(current_user, params = {}) @current_user = current_user + @validation_password = params.delete(:validation_password) @user = params.delete(:user) @status_params = params.delete(:status) @identity_params = params.slice(*identity_attributes) @params = params.dup end - def execute(validate: true, &block) + def execute(validate: true, check_password: false, &block) yield(@user) if block_given? user_exists = @user.persisted? @@ -21,6 +24,11 @@ module Users discard_read_only_attributes assign_attributes + + if check_password && require_password_check? && !@user.valid_password?(@validation_password) + return error(s_("Profiles|Invalid password")) + end + assign_identity build_canonical_email @@ -32,8 +40,8 @@ module Users end end - def execute!(*args, &block) - result = execute(*args, &block) + def execute!(*args, **kargs, &block) + result = execute(*args, **kargs, &block) raise ActiveRecord::RecordInvalid, @user unless result[:status] == :success @@ -42,6 +50,14 @@ module Users private + def require_password_check? + return false unless @user.persisted? + return false if @user.password_automatically_set? + + changes = @user.changed + ATTRS_REQUIRING_PASSWORD_CHECK.any? { |param| changes.include?(param) } + end + def build_canonical_email return unless @user.email_changed? diff --git a/app/services/users/upsert_credit_card_validation_service.rb b/app/services/users/upsert_credit_card_validation_service.rb index 70a96b3ec6b..86b5b923418 100644 --- a/app/services/users/upsert_credit_card_validation_service.rb +++ b/app/services/users/upsert_credit_card_validation_service.rb @@ -7,6 +7,14 @@ module Users end def execute + @params = { + user_id: params.fetch(:user_id), + credit_card_validated_at: params.fetch(:credit_card_validated_at), + expiration_date: get_expiration_date(params), + last_digits: Integer(params.fetch(:credit_card_mask_number), 10), + holder_name: params.fetch(:credit_card_holder_name) + } + ::Users::CreditCardValidation.upsert(@params) ServiceResponse.success(message: 'CreditCardValidation was set') @@ -16,5 +24,14 @@ module Users Gitlab::ErrorTracking.track_exception(e, params: @params, class: self.class.to_s) ServiceResponse.error(message: "Could not set CreditCardValidation: #{e.message}") end + + private + + def get_expiration_date(params) + year = params.fetch(:credit_card_expiration_year) + month = params.fetch(:credit_card_expiration_month) + + Date.new(year, month, -1) # last day of the month + end end end |