Move audit event endpoints to audit_events category

43179f65 · Małgorzata Ksionek · Gosia Ksionek · 561e685d · 43179f65 · 43179f65
Commit 43179f65 authored Apr 04, 2022 by Małgorzata Ksionek Committed by Gosia Ksionek Apr 05, 2022
Showing with 41 additions and 37 deletions

db/structure.sql db/structure.sql +14 -8

ee/db/geo/structure.sql ee/db/geo/structure.sql +9 -9

ee/lib/ee/api/groups.rb ee/lib/ee/api/groups.rb +5 -5

lib/api/groups.rb lib/api/groups.rb +13 -15

No files found.
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -10,6 +10,8 @@ CREATE EXTENSION IF NOT EXISTS btree_gist;

 CREATE EXTENSION IF NOT EXISTS pg_trgm;

+CREATE EXTENSION IF NOT EXISTS pgcrypto;
+
 CREATE FUNCTION delete_associated_project_namespace() RETURNS trigger
    LANGUAGE plpgsql
    AS $$
@@ -11166,9 +11168,9 @@ CREATE TABLE application_settings (
    kroki_formats jsonb DEFAULT '{}'::jsonb NOT NULL,
    in_product_marketing_emails_enabled boolean DEFAULT true NOT NULL,
    asset_proxy_whitelist text,
-    admin_mode boolean DEFAULT false NOT NULL,
    delayed_project_removal boolean DEFAULT false NOT NULL,
    lock_delayed_project_removal boolean DEFAULT false NOT NULL,
+    admin_mode boolean DEFAULT false NOT NULL,
    external_pipeline_validation_service_timeout integer,
    encrypted_external_pipeline_validation_service_token text,
    encrypted_external_pipeline_validation_service_token_iv text,
@@ -11179,8 +11181,8 @@ CREATE TABLE application_settings (
    throttle_authenticated_packages_api_period_in_seconds integer DEFAULT 15 NOT NULL,
    throttle_unauthenticated_packages_api_enabled boolean DEFAULT false NOT NULL,
    throttle_authenticated_packages_api_enabled boolean DEFAULT false NOT NULL,
-    deactivate_dormant_users boolean DEFAULT false NOT NULL,
    whats_new_variant smallint DEFAULT 0,
+    deactivate_dormant_users boolean DEFAULT false NOT NULL,
    encrypted_spam_check_api_key bytea,
    encrypted_spam_check_api_key_iv bytea,
    floc_enabled boolean DEFAULT false NOT NULL,
@@ -11212,10 +11214,10 @@ CREATE TABLE application_settings (
    throttle_unauthenticated_api_enabled boolean DEFAULT false NOT NULL,
    throttle_unauthenticated_api_requests_per_period integer DEFAULT 3600 NOT NULL,
    throttle_unauthenticated_api_period_in_seconds integer DEFAULT 3600 NOT NULL,
-    jobs_per_stage_page_size integer DEFAULT 200 NOT NULL,
    sidekiq_job_limiter_mode smallint DEFAULT 1 NOT NULL,
    sidekiq_job_limiter_compression_threshold_bytes integer DEFAULT 100000 NOT NULL,
    sidekiq_job_limiter_limit_bytes integer DEFAULT 0 NOT NULL,
+    jobs_per_stage_page_size integer DEFAULT 200 NOT NULL,
    suggest_pipeline_enabled boolean DEFAULT true NOT NULL,
    throttle_unauthenticated_deprecated_api_requests_per_period integer DEFAULT 1800 NOT NULL,
    throttle_unauthenticated_deprecated_api_period_in_seconds integer DEFAULT 3600 NOT NULL,
@@ -11232,8 +11234,8 @@ CREATE TABLE application_settings (
    sentry_dsn text,
    sentry_clientside_dsn text,
    sentry_environment text,
-    max_ssh_key_lifetime integer,
    static_objects_external_storage_auth_token_encrypted text,
+    max_ssh_key_lifetime integer,
    future_subscriptions jsonb DEFAULT '[]'::jsonb NOT NULL,
    packages_cleanup_package_file_worker_capacity smallint DEFAULT 2 NOT NULL,
    container_registry_import_max_tags_count integer DEFAULT 100 NOT NULL,
@@ -11241,7 +11243,7 @@ CREATE TABLE application_settings (
    container_registry_import_start_max_retries integer DEFAULT 50 NOT NULL,
    container_registry_import_max_step_duration integer DEFAULT 300 NOT NULL,
    container_registry_import_target_plan text DEFAULT 'free'::text NOT NULL,
-    container_registry_import_created_before timestamp with time zone DEFAULT '2022-01-23 00:00:00+00'::timestamp with time zone NOT NULL,
+    container_registry_import_created_before timestamp with time zone DEFAULT '2022-01-23 01:00:00+01'::timestamp with time zone NOT NULL,
    runner_token_expiration_interval integer,
    group_runner_token_expiration_interval integer,
    project_runner_token_expiration_interval integer,
@@ -17353,8 +17355,8 @@ CREATE TABLE namespace_settings (
    default_branch_name text,
    repository_read_only boolean DEFAULT false NOT NULL,
    delayed_project_removal boolean,
-    resource_access_token_creation_allowed boolean DEFAULT true NOT NULL,
    lock_delayed_project_removal boolean DEFAULT false NOT NULL,
+    resource_access_token_creation_allowed boolean DEFAULT true NOT NULL,
    prevent_sharing_groups_outside_hierarchy boolean DEFAULT false NOT NULL,
    new_user_signups_cap integer,
    setup_for_company boolean,
@@ -27599,7 +27601,7 @@ CREATE INDEX index_events_on_author_id_and_created_at_merge_requests ON events U

 CREATE INDEX index_events_on_author_id_and_id ON events USING btree (author_id, id);

-CREATE INDEX index_events_on_created_at_and_id ON events USING btree (created_at, id) WHERE (created_at > '2021-08-27 00:00:00+00'::timestamp with time zone);
+CREATE INDEX index_events_on_created_at_and_id ON events USING btree (created_at, id) WHERE (created_at > '2021-08-27 02:00:00+02'::timestamp with time zone);

 CREATE INDEX index_events_on_group_id_partial ON events USING btree (group_id) WHERE (group_id IS NOT NULL);

@@ -28335,6 +28337,8 @@ CREATE INDEX index_notes_on_discussion_id ON notes USING btree (discussion_id);

 CREATE INDEX index_notes_on_line_code ON notes USING btree (line_code);

+CREATE INDEX index_notes_on_note_gin_trigram ON notes USING gin (note gin_trgm_ops);
+
 CREATE INDEX index_notes_on_noteable_id_and_noteable_type_and_system ON notes USING btree (noteable_id, noteable_type, system);

 CREATE INDEX index_notes_on_project_id_and_id_and_system_false ON notes USING btree (project_id, id) WHERE (NOT system);
@@ -29627,7 +29631,7 @@ CREATE INDEX tmp_gitlab_subscriptions_max_seats_used_migration ON gitlab_subscri

 CREATE INDEX tmp_gitlab_subscriptions_max_seats_used_migration_2 ON gitlab_subscriptions USING btree (id) WHERE ((start_date < '2021-08-02'::date) AND (max_seats_used <> 0) AND (max_seats_used > seats_in_use) AND (max_seats_used > seats));

-CREATE INDEX tmp_index_ci_job_artifacts_on_id_where_trace_and_expire_at ON ci_job_artifacts USING btree (id) WHERE ((file_type = 3) AND (expire_at = ANY (ARRAY['2021-04-22 00:00:00+00'::timestamp with time zone, '2021-05-22 00:00:00+00'::timestamp with time zone, '2021-06-22 00:00:00+00'::timestamp with time zone, '2022-01-22 00:00:00+00'::timestamp with time zone, '2022-02-22 00:00:00+00'::timestamp with time zone, '2022-03-22 00:00:00+00'::timestamp with time zone, '2022-04-22 00:00:00+00'::timestamp with time zone])));
+CREATE INDEX tmp_index_ci_job_artifacts_on_id_where_trace_and_expire_at ON ci_job_artifacts USING btree (id) WHERE ((file_type = 3) AND (expire_at = ANY (ARRAY['2021-04-22 02:00:00+02'::timestamp with time zone, '2021-05-22 02:00:00+02'::timestamp with time zone, '2021-06-22 02:00:00+02'::timestamp with time zone, '2022-01-22 01:00:00+01'::timestamp with time zone, '2022-02-22 01:00:00+01'::timestamp with time zone, '2022-03-22 01:00:00+01'::timestamp with time zone, '2022-04-22 02:00:00+02'::timestamp with time zone])));

 CREATE INDEX tmp_index_container_repositories_on_id_migration_state ON container_repositories USING btree (id, migration_state);

@@ -29655,6 +29659,8 @@ CREATE INDEX tmp_index_projects_on_id_and_runners_token ON projects USING btree

 CREATE INDEX tmp_index_projects_on_id_and_runners_token_encrypted ON projects USING btree (id, runners_token_encrypted) WHERE (runners_token_encrypted IS NOT NULL);

+CREATE INDEX token_encrypted_hashed ON ci_builds USING btree (sha256((token_encrypted)::bytea));
+
 CREATE UNIQUE INDEX uniq_pkgs_deb_grp_architectures_on_distribution_id_and_name ON packages_debian_group_architectures USING btree (distribution_id, name);

 CREATE UNIQUE INDEX uniq_pkgs_deb_grp_components_on_distribution_id_and_name ON packages_debian_group_components USING btree (distribution_id, name);
--- a/ee/db/geo/structure.sql
+++ b/ee/db/geo/structure.sql
@@ -127,18 +127,18 @@ CREATE TABLE job_artifact_registry (
    success boolean,
    sha256 character varying,
    missing_on_primary boolean DEFAULT false NOT NULL,
-    state smallint DEFAULT 0 NOT NULL,
    last_synced_at timestamp with time zone,
-    last_sync_failure character varying(255),
    verified_at timestamp with time zone,
    verification_started_at timestamp with time zone,
    verification_retry_at timestamp with time zone,
+    state smallint DEFAULT 0 NOT NULL,
    verification_state smallint DEFAULT 0 NOT NULL,
    verification_retry_count smallint DEFAULT 0 NOT NULL,
    verification_checksum bytea,
    verification_checksum_mismatched bytea,
    checksum_mismatch boolean DEFAULT false NOT NULL,
-    verification_failure character varying(255)
+    verification_failure character varying(255),
+    last_sync_failure character varying(255)
 );

 CREATE SEQUENCE job_artifact_registry_id_seq
@@ -628,18 +628,18 @@ CREATE UNIQUE INDEX index_terraform_state_version_registry_on_t_state_version_id

 CREATE UNIQUE INDEX index_tf_state_versions_registry_tf_state_versions_id_unique ON terraform_state_version_registry USING btree (terraform_state_version_id);

-CREATE INDEX lfs_object_registry_failed_verification ON lfs_object_registry USING btree (verification_retry_at NULLS FIRST) WHERE ((state = 2) AND (verification_state = 3));
-
-CREATE INDEX lfs_object_registry_needs_verification ON lfs_object_registry USING btree (verification_state) WHERE ((state = 2) AND (verification_state = ANY (ARRAY[0, 3])));
-
-CREATE INDEX lfs_object_registry_pending_verification ON lfs_object_registry USING btree (verified_at NULLS FIRST) WHERE ((state = 2) AND (verification_state = 0));
-
 CREATE INDEX job_artifact_registry_failed_verification ON job_artifact_registry USING btree (verification_retry_at NULLS FIRST) WHERE ((state = 2) AND (verification_state = 3));

 CREATE INDEX job_artifact_registry_needs_verification ON job_artifact_registry USING btree (verification_state) WHERE ((state = 2) AND (verification_state = ANY (ARRAY[0, 3])));

 CREATE INDEX job_artifact_registry_pending_verification ON job_artifact_registry USING btree (verified_at NULLS FIRST) WHERE ((state = 2) AND (verification_state = 0));

+CREATE INDEX lfs_object_registry_failed_verification ON lfs_object_registry USING btree (verification_retry_at NULLS FIRST) WHERE ((state = 2) AND (verification_state = 3));
+
+CREATE INDEX lfs_object_registry_needs_verification ON lfs_object_registry USING btree (verification_state) WHERE ((state = 2) AND (verification_state = ANY (ARRAY[0, 3])));
+
+CREATE INDEX lfs_object_registry_pending_verification ON lfs_object_registry USING btree (verified_at NULLS FIRST) WHERE ((state = 2) AND (verification_state = 0));
+
 CREATE INDEX merge_request_diff_registry_failed_verification ON merge_request_diff_registry USING btree (verification_retry_at NULLS FIRST) WHERE ((state = 2) AND (verification_state = 3));

 CREATE INDEX merge_request_diff_registry_needs_verification ON merge_request_diff_registry USING btree (verification_state) WHERE ((state = 2) AND (verification_state = ANY (ARRAY[0, 3])));

--- a/ee/lib/ee/api/groups.rb
+++ b/ee/lib/ee/api/groups.rb
@@ -86,7 +86,7 @@ module EE

        resource :groups, requirements: ::API::API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
          desc 'Sync a group with LDAP.'
-          post ":id/ldap_sync" do
+          post ":id/ldap_sync", feature_category: :authentication_and_authorization do
            not_found! unless ::Gitlab::Auth::Ldap::Config.group_sync_enabled?

            group = find_group!(params[:id])
@@ -115,7 +115,7 @@ module EE

              use :pagination
            end
-            get '/' do
+            get '/', feature_category: :audit_events do
              level = ::Gitlab::Audit::Levels::Group.new(group: user_group)
              audit_events = AuditLogFinder.new(
                level: level,
@@ -131,7 +131,7 @@ module EE
            params do
              requires :audit_event_id, type: Integer, desc: 'The ID of the audit event'
            end
-            get '/:audit_event_id' do
+            get '/:audit_event_id', feature_category: :audit_events do
              level = ::Gitlab::Audit::Levels::Group.new(group: user_group)
              # rubocop: disable CodeReuse/ActiveRecord, Rails/FindById
              # This is not `find_by!` from ActiveRecord
@@ -144,7 +144,7 @@ module EE
          end

          desc 'Restore a group.'
-          post ':id/restore' do
+          post ':id/restore', feature_category: :subgroups do
            authorize! :admin_group, user_group
            break not_found! unless user_group.licensed_feature_available?(:adjourned_deletion_for_projects_and_groups)

@@ -172,7 +172,7 @@ module EE
            use :pagination
          end
          # rubocop: disable CodeReuse/ActiveRecord
-          get ':id/provisioned_users' do
+          get ':id/provisioned_users', feature_category: :authentication_and_authorization do
            authorize! :maintainer_access, user_group

            finder = ::Auth::ProvisionedUsersFinder.new(

--- a/lib/api/groups.rb
+++ b/lib/api/groups.rb
@@ -7,8 +7,6 @@ module API

    before { authenticate_non_get! }

-    feature_category :subgroups
-
    helpers Helpers::GroupsHelpers

    helpers do
@@ -181,7 +179,7 @@ module API
        use :group_list_params
        use :with_custom_attributes
      end
-      get do
+      get feature_category: :subgroups do
        groups = find_groups(declared_params(include_missing: false), params[:id])
        present_groups_with_pagination_strategies params, groups
      end
@@ -196,7 +194,7 @@ module API

        use :optional_params
      end
-      post do
+      post feature_category: :subgroups do
        parent_group = find_group!(params[:parent_id]) if params[:parent_id].present?
        if parent_group
          authorize! :create_subgroup, parent_group
@@ -229,7 +227,7 @@ module API
        use :optional_update_params
        use :optional_update_params_ee
      end
-      put ':id' do
+      put ':id', feature_category: :subgroups do
        group = find_group!(params[:id])
        group.preload_shared_group_links

@@ -249,7 +247,7 @@ module API
        use :with_custom_attributes
        optional :with_projects, type: Boolean, default: true, desc: 'Omit project details'
      end
-      get ":id" do
+      get ":id", feature_category: :subgroups do
        group = find_group!(params[:id])
        group.preload_shared_group_links

@@ -265,7 +263,7 @@ module API
      end

      desc 'Remove a group.'
-      delete ":id" do
+      delete ":id", feature_category: :subgroups do
        group = find_group!(params[:id])
        authorize! :admin_group, group
        check_subscription! group
@@ -300,7 +298,7 @@ module API
        use :with_custom_attributes
        use :optional_projects_params
      end
-      get ":id/projects" do
+      get ":id/projects", feature_category: :projects do
        finder_options = {
          only_owned: !params[:with_shared],
          include_subgroups: params[:include_subgroups],
@@ -334,7 +332,7 @@ module API
        use :pagination
        use :with_custom_attributes
      end
-      get ":id/projects/shared" do
+      get ":id/projects/shared", feature_category: :projects do
        projects = find_group_projects(params, { only_shared: true })

        present_projects(params, projects)
@@ -347,7 +345,7 @@ module API
        use :group_list_params
        use :with_custom_attributes
      end
-      get ":id/subgroups" do
+      get ":id/subgroups", feature_category: :subgroups do
        groups = find_groups(declared_params(include_missing: false), params[:id])
        present_groups params, groups
      end
@@ -359,7 +357,7 @@ module API
        use :group_list_params
        use :with_custom_attributes
      end
-      get ":id/descendant_groups" do
+      get ":id/descendant_groups", feature_category: :subgroups do
        finder_params = declared_params(include_missing: false).merge(include_parent_descendants: true)
        groups = find_groups(finder_params, params[:id])
        present_groups params, groups
@@ -371,7 +369,7 @@ module API
      params do
        requires :project_id, type: String, desc: 'The ID or path of the project'
      end
-      post ":id/projects/:project_id", requirements: { project_id: /.+/ } do
+      post ":id/projects/:project_id", requirements: { project_id: /.+/ }, feature_category: :projects do
        authenticated_as_admin!
        group = find_group!(params[:id])
        group.preload_shared_group_links
@@ -391,7 +389,7 @@ module API
          desc: 'The ID of the target group to which the group needs to be transferred to.'\
                'If not provided, the source group will be promoted to a root group.'
      end
-      post ':id/transfer' do
+      post ':id/transfer', feature_category: :subgroups do
        group = find_group!(params[:id])
        authorize! :admin_group, group

@@ -415,7 +413,7 @@ module API
        requires :group_access, type: Integer, values: Gitlab::Access.all_values, desc: 'The group access level'
        optional :expires_at, type: Date, desc: 'Share expiration date'
      end
-      post ":id/share" do
+      post ":id/share", feature_category: :subgroups do
        shared_group = find_group!(params[:id])
        shared_with_group = find_group!(params[:group_id])

@@ -438,7 +436,7 @@ module API
        requires :group_id, type: Integer, desc: 'The ID of the shared group'
      end
      # rubocop: disable CodeReuse/ActiveRecord
-      delete ":id/share/:group_id" do
+      delete ":id/share/:group_id", feature_category: :subgroups do
        shared_group = find_group!(params[:id])

        link = shared_group.shared_with_group_links.find_by(shared_with_group_id: params[:group_id])