Commit 54ade9d7 authored by Etienne Baqué's avatar Etienne Baqué

Merge branch '346290-proposal-for-adding-binary-file-support-to-ci-variables-2' into 'master'

Adding Secure Files API

See merge request gitlab-org/gitlab!78227
parents 37f51308 71730c28
---
name: ci_secure_files
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/78227
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/350748
milestone: '14.8'
type: development
group: group::incubation
default_enabled: false
...@@ -404,6 +404,23 @@ production: &base ...@@ -404,6 +404,23 @@ production: &base
# aws_signature_version: 4 # For creation of signed URLs. Set to 2 if provider does not support v4. # aws_signature_version: 4 # For creation of signed URLs. Set to 2 if provider does not support v4.
# path_style: true # Use 'host/bucket_name/object' instead of 'bucket_name.host/object' # path_style: true # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
## CI Secure Files
ci_secure_files:
enabled: true
# storage_path: shared/ci_secure_files
object_store:
enabled: false
remote_directory: ci_secure_files # The bucket name
connection:
provider: AWS
aws_access_key_id: AWS_ACCESS_KEY_ID
aws_secret_access_key: AWS_SECRET_ACCESS_KEY
region: us-east-1
# host: 'localhost' # default: s3.amazonaws.com
# endpoint: 'http://127.0.0.1:9000' # default: nil
# aws_signature_version: 4 # For creation of signed URLs. Set to 2 if provider does not support v4.
# path_style: true # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
## GitLab Pages ## GitLab Pages
pages: pages:
enabled: false enabled: false
......
...@@ -171,6 +171,7 @@ module API ...@@ -171,6 +171,7 @@ module API
mount ::API::Ci::ResourceGroups mount ::API::Ci::ResourceGroups
mount ::API::Ci::Runner mount ::API::Ci::Runner
mount ::API::Ci::Runners mount ::API::Ci::Runners
mount ::API::Ci::SecureFiles
mount ::API::Ci::Triggers mount ::API::Ci::Triggers
mount ::API::Ci::Variables mount ::API::Ci::Variables
mount ::API::Commits mount ::API::Commits
......
# frozen_string_literal: true
module API
module Ci
class SecureFiles < ::API::Base
include PaginationParams
before do
authenticate!
authorize! :admin_build, user_project
feature_flag_enabled?
end
feature_category :pipeline_authoring
default_format :json
params do
requires :id, type: String, desc: 'The ID of a project'
end
resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
desc 'List all Secure Files for a Project'
params do
use :pagination
end
route_setting :authentication, basic_auth_personal_access_token: true, job_token_allowed: true
get ':id/secure_files' do
secure_files = user_project.secure_files
present paginate(secure_files), with: Entities::Ci::SecureFile
end
desc 'Get an individual Secure File'
params do
requires :id, type: Integer, desc: 'The Secure File ID'
end
route_setting :authentication, basic_auth_personal_access_token: true, job_token_allowed: true
get ':id/secure_files/:secure_file_id' do
secure_file = user_project.secure_files.find(params[:secure_file_id])
present secure_file, with: Entities::Ci::SecureFile
end
desc 'Download a Secure File'
route_setting :authentication, basic_auth_personal_access_token: true, job_token_allowed: true
get ':id/secure_files/:secure_file_id/download' do
secure_file = user_project.secure_files.find(params[:secure_file_id])
content_type 'application/octet-stream'
env['api.format'] = :binary
header['Content-Disposition'] = "attachment; filename=#{secure_file.name}"
body secure_file.file.read
end
desc 'Upload a Secure File'
params do
requires :name, type: String, desc: 'The name of the file'
requires :file, types: [Rack::Multipart::UploadedFile, ::API::Validations::Types::WorkhorseFile], desc: 'The secure file to be uploaded'
optional :permissions, type: String, desc: 'The file permissions', default: 'read_only', values: %w[read_only read_write execute]
end
route_setting :authentication, basic_auth_personal_access_token: true, job_token_allowed: true
post ':id/secure_files' do
secure_file = user_project.secure_files.new(
name: params[:name],
permissions: params[:permissions] || :read_only
)
secure_file.file = params[:file]
file_too_large! unless secure_file.file.size < ::Ci::SecureFile::FILE_SIZE_LIMIT.to_i
if secure_file.save
present secure_file, with: Entities::Ci::SecureFile
else
render_validation_error!(secure_file)
end
end
desc 'Delete an individual Secure File'
route_setting :authentication, basic_auth_personal_access_token: true, job_token_allowed: true
delete ':id/secure_files/:secure_file_id' do
secure_file = user_project.secure_files.find(params[:secure_file_id])
secure_file.destroy!
no_content!
end
end
helpers do
def feature_flag_enabled?
service_unavailable! unless Feature.enabled?(:ci_secure_files, user_project, default_enabled: :yaml)
end
end
end
end
end
# frozen_string_literal: true
module API
module Entities
module Ci
class SecureFile < Grape::Entity
expose :id
expose :name
expose :permissions
expose :checksum
expose :checksum_algorithm
end
end
end
end
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment