Commit 6f4b0524 authored by Shinya Maeda's avatar Shinya Maeda

Measure create, update and delete operation error on Release

This commit measures the write operations on Release entries
by lacking protected tag access.
parent 3ccbb949
......@@ -5,6 +5,8 @@ module Releases
include BaseServiceUtility
include Gitlab::Utils::StrongMemoize
ReleaseProtectedTagAccessError = Class.new(StandardError)
attr_accessor :project, :current_user, :params
def initialize(project, user = nil, params = {})
......@@ -81,6 +83,15 @@ module Releases
release.execute_hooks(action)
end
def track_protected_tag_access_error!
unless ::Gitlab::UserAccess.new(current_user, container: project).can_create_tag?(tag_name)
Gitlab::ErrorTracking.log_exception(
ReleaseProtectedTagAccessError.new,
project_id: project.id,
user_id: current_user.id)
end
end
# overridden in EE
def project_group_id; end
end
......
......@@ -7,6 +7,8 @@ module Releases
return error('Release already exists', 409) if release
return error("Milestone(s) not found: #{inexistent_milestones.join(', ')}", 400) if inexistent_milestones.any?
track_protected_tag_access_error!
# should be found before the creation of new tag
# because tag creation can spawn new pipeline
# which won't have any data for evidence yet
......
......@@ -6,6 +6,8 @@ module Releases
return error('Release does not exist', 404) unless release
return error('Access Denied', 403) unless allowed?
track_protected_tag_access_error!
if release.destroy
success(tag: existing_tag, release: release)
else
......
......@@ -7,6 +7,8 @@ module Releases
return error
end
track_protected_tag_access_error!
if param_for_milestone_titles_provided?
previous_milestones = release.milestones.map(&:title)
params[:milestones] = milestones
......
......@@ -44,6 +44,21 @@ RSpec.describe Releases::CreateService do
it_behaves_like 'a successful release creation'
context 'when tag is protected and user does not have access to it' do
let!(:protected_tag) { create(:protected_tag, :no_one_can_create, name: '*', project: project) }
it 'track the error event' do
stub_feature_flags(evalute_protected_tag_for_release_permissions: false)
expect(Gitlab::ErrorTracking).to receive(:log_exception).with(
kind_of(described_class::ReleaseProtectedTagAccessError),
project_id: project.id,
user_id: user.id)
service.execute
end
end
context 'when the tag does not exist' do
let(:tag_name) { 'non-exist-tag' }
......
......@@ -28,6 +28,21 @@ RSpec.describe Releases::DestroyService do
it 'returns the destroyed object' do
is_expected.to include(status: :success, release: release)
end
context 'when tag is protected and user does not have access to it' do
let!(:protected_tag) { create(:protected_tag, :no_one_can_create, name: '*', project: project) }
it 'track the error event' do
stub_feature_flags(evalute_protected_tag_for_release_permissions: false)
expect(Gitlab::ErrorTracking).to receive(:log_exception).with(
kind_of(described_class::ReleaseProtectedTagAccessError),
project_id: project.id,
user_id: user.id)
service.execute
end
end
end
context 'when tag does not exist in the repository' do
......
......@@ -38,6 +38,21 @@ RSpec.describe Releases::UpdateService do
service.execute
end
context 'when tag is protected and user does not have access to it' do
let!(:protected_tag) { create(:protected_tag, :no_one_can_create, name: '*', project: project) }
it 'track the error event' do
stub_feature_flags(evalute_protected_tag_for_release_permissions: false)
expect(Gitlab::ErrorTracking).to receive(:log_exception).with(
kind_of(described_class::ReleaseProtectedTagAccessError),
project_id: project.id,
user_id: user.id)
service.execute
end
end
context 'when the tag does not exists' do
let(:tag_name) { 'foobar' }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment