Commit 9d10ef96 authored by Nick Thomas's avatar Nick Thomas

Database layer for deprecated API throttle settings

We need to track and set these settings in the DB
parent 75c06be4
...@@ -333,6 +333,9 @@ module ApplicationSettingsHelper ...@@ -333,6 +333,9 @@ module ApplicationSettingsHelper
:throttle_authenticated_files_api_enabled, :throttle_authenticated_files_api_enabled,
:throttle_authenticated_files_api_period_in_seconds, :throttle_authenticated_files_api_period_in_seconds,
:throttle_authenticated_files_api_requests_per_period, :throttle_authenticated_files_api_requests_per_period,
:throttle_authenticated_deprecated_api_enabled,
:throttle_authenticated_deprecated_api_period_in_seconds,
:throttle_authenticated_deprecated_api_requests_per_period,
:throttle_unauthenticated_api_enabled, :throttle_unauthenticated_api_enabled,
:throttle_unauthenticated_api_period_in_seconds, :throttle_unauthenticated_api_period_in_seconds,
:throttle_unauthenticated_api_requests_per_period, :throttle_unauthenticated_api_requests_per_period,
...@@ -345,6 +348,9 @@ module ApplicationSettingsHelper ...@@ -345,6 +348,9 @@ module ApplicationSettingsHelper
:throttle_unauthenticated_files_api_enabled, :throttle_unauthenticated_files_api_enabled,
:throttle_unauthenticated_files_api_period_in_seconds, :throttle_unauthenticated_files_api_period_in_seconds,
:throttle_unauthenticated_files_api_requests_per_period, :throttle_unauthenticated_files_api_requests_per_period,
:throttle_unauthenticated_deprecated_api_enabled,
:throttle_unauthenticated_deprecated_api_period_in_seconds,
:throttle_unauthenticated_deprecated_api_requests_per_period,
:throttle_protected_paths_enabled, :throttle_protected_paths_enabled,
:throttle_protected_paths_period_in_seconds, :throttle_protected_paths_period_in_seconds,
:throttle_protected_paths_requests_per_period, :throttle_protected_paths_requests_per_period,
......
...@@ -479,6 +479,8 @@ class ApplicationSetting < ApplicationRecord ...@@ -479,6 +479,8 @@ class ApplicationSetting < ApplicationRecord
validates :throttle_unauthenticated_packages_api_period_in_seconds validates :throttle_unauthenticated_packages_api_period_in_seconds
validates :throttle_unauthenticated_files_api_requests_per_period validates :throttle_unauthenticated_files_api_requests_per_period
validates :throttle_unauthenticated_files_api_period_in_seconds validates :throttle_unauthenticated_files_api_period_in_seconds
validates :throttle_unauthenticated_deprecated_api_requests_per_period
validates :throttle_unauthenticated_deprecated_api_period_in_seconds
validates :throttle_authenticated_api_requests_per_period validates :throttle_authenticated_api_requests_per_period
validates :throttle_authenticated_api_period_in_seconds validates :throttle_authenticated_api_period_in_seconds
validates :throttle_authenticated_git_lfs_requests_per_period validates :throttle_authenticated_git_lfs_requests_per_period
...@@ -489,6 +491,8 @@ class ApplicationSetting < ApplicationRecord ...@@ -489,6 +491,8 @@ class ApplicationSetting < ApplicationRecord
validates :throttle_authenticated_packages_api_period_in_seconds validates :throttle_authenticated_packages_api_period_in_seconds
validates :throttle_authenticated_files_api_requests_per_period validates :throttle_authenticated_files_api_requests_per_period
validates :throttle_authenticated_files_api_period_in_seconds validates :throttle_authenticated_files_api_period_in_seconds
validates :throttle_authenticated_deprecated_api_requests_per_period
validates :throttle_authenticated_deprecated_api_period_in_seconds
validates :throttle_protected_paths_requests_per_period validates :throttle_protected_paths_requests_per_period
validates :throttle_protected_paths_period_in_seconds validates :throttle_protected_paths_period_in_seconds
end end
......
...@@ -175,6 +175,9 @@ module ApplicationSettingImplementation ...@@ -175,6 +175,9 @@ module ApplicationSettingImplementation
throttle_authenticated_files_api_enabled: false, throttle_authenticated_files_api_enabled: false,
throttle_authenticated_files_api_period_in_seconds: 15, throttle_authenticated_files_api_period_in_seconds: 15,
throttle_authenticated_files_api_requests_per_period: 500, throttle_authenticated_files_api_requests_per_period: 500,
throttle_authenticated_deprecated_api_enabled: false,
throttle_authenticated_deprecated_api_period_in_seconds: 3600,
throttle_authenticated_deprecated_api_requests_per_period: 3600,
throttle_incident_management_notification_enabled: false, throttle_incident_management_notification_enabled: false,
throttle_incident_management_notification_per_period: 3600, throttle_incident_management_notification_per_period: 3600,
throttle_incident_management_notification_period_in_seconds: 3600, throttle_incident_management_notification_period_in_seconds: 3600,
...@@ -193,6 +196,9 @@ module ApplicationSettingImplementation ...@@ -193,6 +196,9 @@ module ApplicationSettingImplementation
throttle_unauthenticated_files_api_enabled: false, throttle_unauthenticated_files_api_enabled: false,
throttle_unauthenticated_files_api_period_in_seconds: 15, throttle_unauthenticated_files_api_period_in_seconds: 15,
throttle_unauthenticated_files_api_requests_per_period: 125, throttle_unauthenticated_files_api_requests_per_period: 125,
throttle_unauthenticated_deprecated_api_enabled: false,
throttle_unauthenticated_deprecated_api_period_in_seconds: 3600,
throttle_unauthenticated_deprecated_api_requests_per_period: 1800,
time_tracking_limit_to_hours: false, time_tracking_limit_to_hours: false,
two_factor_grace_period: 48, two_factor_grace_period: 48,
unique_ips_limit_enabled: false, unique_ips_limit_enabled: false,
......
# frozen_string_literal: true
class AddThrottleDeprecatedApiColumns < Gitlab::Database::Migration[1.0]
def change
add_column :application_settings, :throttle_unauthenticated_deprecated_api_requests_per_period, :integer, default: 3600, null: false
add_column :application_settings, :throttle_unauthenticated_deprecated_api_period_in_seconds, :integer, default: 3600, null: false
add_column :application_settings, :throttle_unauthenticated_deprecated_api_enabled, :boolean, default: false, null: false
add_column :application_settings, :throttle_authenticated_deprecated_api_requests_per_period, :integer, default: 3600, null: false
add_column :application_settings, :throttle_authenticated_deprecated_api_period_in_seconds, :integer, default: 1800, null: false
add_column :application_settings, :throttle_authenticated_deprecated_api_enabled, :boolean, default: false, null: false
end
end
a30acb6d2a3772be29dfefc7d8cda2f2df94002556fa5de85483b7fca245be86
\ No newline at end of file
...@@ -10338,6 +10338,12 @@ CREATE TABLE application_settings ( ...@@ -10338,6 +10338,12 @@ CREATE TABLE application_settings (
sidekiq_job_limiter_compression_threshold_bytes integer DEFAULT 100000 NOT NULL, sidekiq_job_limiter_compression_threshold_bytes integer DEFAULT 100000 NOT NULL,
sidekiq_job_limiter_limit_bytes integer DEFAULT 0 NOT NULL, sidekiq_job_limiter_limit_bytes integer DEFAULT 0 NOT NULL,
suggest_pipeline_enabled boolean DEFAULT true NOT NULL, suggest_pipeline_enabled boolean DEFAULT true NOT NULL,
throttle_unauthenticated_deprecated_api_requests_per_period integer DEFAULT 1800 NOT NULL,
throttle_unauthenticated_deprecated_api_period_in_seconds integer DEFAULT 3600 NOT NULL,
throttle_unauthenticated_deprecated_api_enabled boolean DEFAULT false NOT NULL,
throttle_authenticated_deprecated_api_requests_per_period integer DEFAULT 3600 NOT NULL,
throttle_authenticated_deprecated_api_period_in_seconds integer DEFAULT 3600 NOT NULL,
throttle_authenticated_deprecated_api_enabled boolean DEFAULT false NOT NULL,
CONSTRAINT app_settings_container_reg_cleanup_tags_max_list_size_positive CHECK ((container_registry_cleanup_tags_service_max_list_size >= 0)), CONSTRAINT app_settings_container_reg_cleanup_tags_max_list_size_positive CHECK ((container_registry_cleanup_tags_service_max_list_size >= 0)),
CONSTRAINT app_settings_ext_pipeline_validation_service_url_text_limit CHECK ((char_length(external_pipeline_validation_service_url) <= 255)), CONSTRAINT app_settings_ext_pipeline_validation_service_url_text_limit CHECK ((char_length(external_pipeline_validation_service_url) <= 255)),
CONSTRAINT app_settings_registry_exp_policies_worker_capacity_positive CHECK ((container_registry_expiration_policies_worker_capacity >= 0)), CONSTRAINT app_settings_registry_exp_policies_worker_capacity_positive CHECK ((container_registry_expiration_policies_worker_capacity >= 0)),
...@@ -946,6 +946,10 @@ RSpec.describe ApplicationSetting do ...@@ -946,6 +946,10 @@ RSpec.describe ApplicationSetting do
throttle_unauthenticated_files_api_period_in_seconds throttle_unauthenticated_files_api_period_in_seconds
throttle_authenticated_files_api_requests_per_period throttle_authenticated_files_api_requests_per_period
throttle_authenticated_files_api_period_in_seconds throttle_authenticated_files_api_period_in_seconds
throttle_unauthenticated_deprecated_api_requests_per_period
throttle_unauthenticated_deprecated_api_period_in_seconds
throttle_authenticated_deprecated_api_requests_per_period
throttle_authenticated_deprecated_api_period_in_seconds
throttle_authenticated_git_lfs_requests_per_period throttle_authenticated_git_lfs_requests_per_period
throttle_authenticated_git_lfs_period_in_seconds throttle_authenticated_git_lfs_period_in_seconds
] ]
......
...@@ -413,6 +413,32 @@ RSpec.describe ApplicationSettings::UpdateService do ...@@ -413,6 +413,32 @@ RSpec.describe ApplicationSettings::UpdateService do
end end
end end
context 'when deprecated API rate limits are passed' do
let(:params) do
{
throttle_unauthenticated_deprecated_api_enabled: 1,
throttle_unauthenticated_deprecated_api_period_in_seconds: 500,
throttle_unauthenticated_deprecated_api_requests_per_period: 20,
throttle_authenticated_deprecated_api_enabled: 1,
throttle_authenticated_deprecated_api_period_in_seconds: 600,
throttle_authenticated_deprecated_api_requests_per_period: 10
}
end
it 'updates deprecated API throttle settings' do
subject.execute
application_settings.reload
expect(application_settings.throttle_unauthenticated_deprecated_api_enabled).to be_truthy
expect(application_settings.throttle_unauthenticated_deprecated_api_period_in_seconds).to eq(500)
expect(application_settings.throttle_unauthenticated_deprecated_api_requests_per_period).to eq(20)
expect(application_settings.throttle_authenticated_deprecated_api_enabled).to be_truthy
expect(application_settings.throttle_authenticated_deprecated_api_period_in_seconds).to eq(600)
expect(application_settings.throttle_authenticated_deprecated_api_requests_per_period).to eq(10)
end
end
context 'when git lfs rate limits are passed' do context 'when git lfs rate limits are passed' do
let(:params) do let(:params) do
{ {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment