diff options
Diffstat (limited to 'lib/api/helpers')
-rw-r--r-- | lib/api/helpers/groups_helpers.rb | 2 | ||||
-rw-r--r-- | lib/api/helpers/members_helpers.rb | 8 | ||||
-rw-r--r-- | lib/api/helpers/packages/dependency_proxy_helpers.rb | 23 | ||||
-rw-r--r-- | lib/api/helpers/packages/npm.rb | 14 | ||||
-rw-r--r-- | lib/api/helpers/projects_helpers.rb | 11 | ||||
-rw-r--r-- | lib/api/helpers/runner.rb | 121 |
6 files changed, 39 insertions, 140 deletions
diff --git a/lib/api/helpers/groups_helpers.rb b/lib/api/helpers/groups_helpers.rb index e38213532ba..72bdb32d38c 100644 --- a/lib/api/helpers/groups_helpers.rb +++ b/lib/api/helpers/groups_helpers.rb @@ -23,7 +23,7 @@ module API optional :mentions_disabled, type: Boolean, desc: 'Disable a group from getting mentioned' optional :lfs_enabled, type: Boolean, desc: 'Enable/disable LFS for the projects in this group' optional :request_access_enabled, type: Boolean, desc: 'Allow users to request member access' - optional :default_branch_protection, type: Integer, values: ::Gitlab::Access.protection_values, desc: 'Determine if developers can push to master' + optional :default_branch_protection, type: Integer, values: ::Gitlab::Access.protection_values, desc: 'Determine if developers can push to default branch' optional :shared_runners_setting, type: String, values: ::Namespace::SHARED_RUNNERS_SETTINGS, desc: 'Enable/disable shared runners for the group and its subgroups and projects' end diff --git a/lib/api/helpers/members_helpers.rb b/lib/api/helpers/members_helpers.rb index bd0c2501220..e72bbb931f0 100644 --- a/lib/api/helpers/members_helpers.rb +++ b/lib/api/helpers/members_helpers.rb @@ -54,6 +54,14 @@ module API source.add_user(user, params[:access_level], current_user: current_user, expires_at: params[:expires_at]) end + def track_areas_of_focus(member, areas_of_focus) + return unless areas_of_focus + + areas_of_focus.each do |area_of_focus| + Gitlab::Tracking.event(::Members::CreateService.name, 'area_of_focus', label: area_of_focus, property: member.id.to_s) + end + end + def present_members(members) present members, with: Entities::Member, current_user: current_user, show_seat_info: params[:show_seat_info] end diff --git a/lib/api/helpers/packages/dependency_proxy_helpers.rb b/lib/api/helpers/packages/dependency_proxy_helpers.rb index 989c4e1761b..b8ae1dddd7e 100644 --- a/lib/api/helpers/packages/dependency_proxy_helpers.rb +++ b/lib/api/helpers/packages/dependency_proxy_helpers.rb @@ -5,11 +5,17 @@ module API module Packages module DependencyProxyHelpers REGISTRY_BASE_URLS = { - npm: 'https://registry.npmjs.org/' + npm: 'https://registry.npmjs.org/', + pypi: 'https://pypi.org/simple/' + }.freeze + + APPLICATION_SETTING_NAMES = { + npm: 'npm_package_requests_forwarding', + pypi: 'pypi_package_requests_forwarding' }.freeze def redirect_registry_request(forward_to_registry, package_type, options) - if forward_to_registry && redirect_registry_request_available? + if forward_to_registry && redirect_registry_request_available?(package_type) ::Gitlab::Tracking.event(self.options[:for].name, "#{package_type}_request_forward") redirect(registry_url(package_type, options)) else @@ -25,11 +31,20 @@ module API case package_type when :npm "#{base_url}#{options[:package_name]}" + when :pypi + "#{base_url}#{options[:package_name]}/" end end - def redirect_registry_request_available? - ::Gitlab::CurrentSettings.current_application_settings.npm_package_requests_forwarding + def redirect_registry_request_available?(package_type) + application_setting_name = APPLICATION_SETTING_NAMES[package_type] + + raise ArgumentError, "Can't find application setting for package_type #{package_type}" unless application_setting_name + + ::Gitlab::CurrentSettings + .current_application_settings + .attributes + .fetch(application_setting_name, false) end end end diff --git a/lib/api/helpers/packages/npm.rb b/lib/api/helpers/packages/npm.rb index 2d556f889bf..ce5db52fdbc 100644 --- a/lib/api/helpers/packages/npm.rb +++ b/lib/api/helpers/packages/npm.rb @@ -49,28 +49,20 @@ module API when :project params[:id] when :instance - namespace_path = namespace_path_from_package_name + package_name = params[:package_name] + namespace_path = ::Packages::Npm.scope_of(package_name) next unless namespace_path namespace = Namespace.top_most .by_path(namespace_path) next unless namespace - finder = ::Packages::Npm::PackageFinder.new(params[:package_name], namespace: namespace) + finder = ::Packages::Npm::PackageFinder.new(package_name, namespace: namespace) finder.last&.project_id end end end - - # from "@scope/package-name" return "scope" or nil - def namespace_path_from_package_name - package_name = params[:package_name] - return unless package_name.starts_with?('@') - return unless package_name.include?('/') - - package_name.match(Gitlab::Regex.npm_package_name_regex)&.captures&.first - end end end end diff --git a/lib/api/helpers/projects_helpers.rb b/lib/api/helpers/projects_helpers.rb index 272452bd8db..becd25595a6 100644 --- a/lib/api/helpers/projects_helpers.rb +++ b/lib/api/helpers/projects_helpers.rb @@ -35,13 +35,14 @@ module API optional :pages_access_level, type: String, values: %w(disabled private enabled public), desc: 'Pages access level. One of `disabled`, `private`, `enabled` or `public`' optional :operations_access_level, type: String, values: %w(disabled private enabled), desc: 'Operations access level. One of `disabled`, `private` or `enabled`' optional :analytics_access_level, type: String, values: %w(disabled private enabled), desc: 'Analytics access level. One of `disabled`, `private` or `enabled`' + optional :container_registry_access_level, type: String, values: %w(disabled private enabled), desc: 'Controls visibility of the container registry. One of `disabled`, `private` or `enabled`. `private` will make the container registry accessible only to project members (reporter role and above). `enabled` will make the container registry accessible to everyone who has access to the project. `disabled` will disable the container registry' optional :emails_disabled, type: Boolean, desc: 'Disable email notifications' optional :show_default_award_emojis, type: Boolean, desc: 'Show default award emojis' optional :shared_runners_enabled, type: Boolean, desc: 'Flag indication if shared runners are enabled for that project' optional :resolve_outdated_diff_discussions, type: Boolean, desc: 'Automatically resolve merge request diffs discussions on lines changed with a push' optional :remove_source_branch_after_merge, type: Boolean, desc: 'Remove the source branch by default after merge' - optional :container_registry_enabled, type: Boolean, desc: 'Flag indication if the container registry is enabled for that project' + optional :container_registry_enabled, type: Boolean, desc: 'Deprecated: Use :container_registry_access_level instead. Flag indication if the container registry is enabled for that project' optional :container_expiration_policy_attributes, type: Hash do use :optional_container_expiration_policy_params end @@ -124,7 +125,7 @@ module API :ci_config_path, :ci_default_git_depth, :ci_forward_deployment_enabled, - :container_registry_enabled, + :container_registry_access_level, :container_expiration_policy_attributes, :default_branch, :description, @@ -132,7 +133,10 @@ module API :forking_access_level, :issues_access_level, :lfs_enabled, + :merge_pipelines_enabled, :merge_requests_access_level, + :merge_requests_template, + :merge_trains_enabled, :merge_method, :name, :only_allow_merge_if_all_discussions_are_resolved, @@ -166,7 +170,8 @@ module API :jobs_enabled, :merge_requests_enabled, :wiki_enabled, - :snippets_enabled + :snippets_enabled, + :container_registry_enabled ] end diff --git a/lib/api/helpers/runner.rb b/lib/api/helpers/runner.rb deleted file mode 100644 index a022d1a56ac..00000000000 --- a/lib/api/helpers/runner.rb +++ /dev/null @@ -1,121 +0,0 @@ -# frozen_string_literal: true - -module API - module Helpers - module Runner - include Gitlab::Utils::StrongMemoize - - prepend_mod_with('API::Helpers::Runner') # rubocop: disable Cop/InjectEnterpriseEditionModule - - JOB_TOKEN_HEADER = 'HTTP_JOB_TOKEN' - JOB_TOKEN_PARAM = :token - - def runner_registration_token_valid? - ActiveSupport::SecurityUtils.secure_compare(params[:token], Gitlab::CurrentSettings.runners_registration_token) - end - - def runner_registrar_valid?(type) - Feature.disabled?(:runner_registration_control) || Gitlab::CurrentSettings.valid_runner_registrars.include?(type) - end - - def authenticate_runner! - forbidden! unless current_runner - - current_runner - .heartbeat(get_runner_details_from_request) - end - - def get_runner_details_from_request - return get_runner_ip unless params['info'].present? - - attributes_for_keys(%w(name version revision platform architecture), params['info']) - .merge(get_runner_config_from_request) - .merge(get_runner_ip) - end - - def get_runner_ip - { ip_address: ip_address } - end - - def current_runner - token = params[:token] - - if token - ::Gitlab::Database::LoadBalancing::RackMiddleware - .stick_or_unstick(env, :runner, token) - end - - strong_memoize(:current_runner) do - ::Ci::Runner.find_by_token(token.to_s) - end - end - - # HTTP status codes to terminate the job on GitLab Runner: - # - 403 - def authenticate_job!(require_running: true) - job = current_job - - # 404 is not returned here because we want to terminate the job if it's - # running. A 404 can be returned from anywhere in the networking stack which is why - # we are explicit about a 403, we should improve this in - # https://gitlab.com/gitlab-org/gitlab/-/issues/327703 - forbidden! unless job - - forbidden! unless job_token_valid?(job) - - forbidden!('Project has been deleted!') if job.project.nil? || job.project.pending_delete? - forbidden!('Job has been erased!') if job.erased? - - if require_running - job_forbidden!(job, 'Job is not running') unless job.running? - end - - job.runner&.heartbeat(get_runner_ip) - - job - end - - def current_job - id = params[:id] - - if id - ::Gitlab::Database::LoadBalancing::RackMiddleware - .stick_or_unstick(env, :build, id) - end - - strong_memoize(:current_job) do - ::Ci::Build.find_by_id(id) - end - end - - def job_token_valid?(job) - token = (params[JOB_TOKEN_PARAM] || env[JOB_TOKEN_HEADER]).to_s - token && job.valid_token?(token) - end - - def job_forbidden!(job, reason) - header 'Job-Status', job.status - forbidden!(reason) - end - - def set_application_context - return unless current_job - - Gitlab::ApplicationContext.push( - user: -> { current_job.user }, - project: -> { current_job.project } - ) - end - - def track_ci_minutes_usage!(_build, _runner) - # noop: overridden in EE - end - - private - - def get_runner_config_from_request - { config: attributes_for_keys(%w(gpus), params.dig('info', 'config')) } - end - end - end -end |