Commit f9dd25fb authored by Nick Thomas's avatar Nick Thomas

Merge branch 'id-add-lsif-header-to-workhorse' into 'master'

Add Lsif header to artifacts authorise response

See merge request gitlab-org/gitlab!31602
parents 7854e63c 107ade0b
# frozen_string_literal: true
module Ci
class AuthorizeJobArtifactService
include Gitlab::Utils::StrongMemoize
# Max size of the zipped LSIF artifact
LSIF_ARTIFACT_MAX_SIZE = 20.megabytes
LSIF_ARTIFACT_TYPE = 'lsif'
def initialize(job, params, max_size:)
@job = job
@max_size = max_size
@size = params[:filesize]
@type = params[:artifact_type].to_s
end
def forbidden?
lsif? && !code_navigation_enabled?
end
def too_large?
size && max_size <= size.to_i
end
def headers
default_headers = JobArtifactUploader.workhorse_authorize(has_length: false, maximum_size: max_size)
default_headers.tap do |h|
h[:ProcessLsif] = true if lsif? && code_navigation_enabled?
end
end
private
attr_reader :job, :size, :type
def code_navigation_enabled?
strong_memoize(:code_navigation_enabled) do
Feature.enabled?(:code_navigation)
end
end
def lsif?
strong_memoize(:lsif) do
type == LSIF_ARTIFACT_TYPE
end
end
def max_size
lsif? ? LSIF_ARTIFACT_MAX_SIZE : @max_size.to_i
end
end
end
...@@ -220,6 +220,8 @@ module API ...@@ -220,6 +220,8 @@ module API
requires :id, type: Integer, desc: %q(Job's ID) requires :id, type: Integer, desc: %q(Job's ID)
optional :token, type: String, desc: %q(Job's authentication token) optional :token, type: String, desc: %q(Job's authentication token)
optional :filesize, type: Integer, desc: %q(Artifacts filesize) optional :filesize, type: Integer, desc: %q(Artifacts filesize)
optional :artifact_type, type: String, desc: %q(The type of artifact),
default: 'archive', values: Ci::JobArtifact.file_types.keys
end end
post '/:id/artifacts/authorize' do post '/:id/artifacts/authorize' do
not_allowed! unless Gitlab.config.artifacts.enabled not_allowed! unless Gitlab.config.artifacts.enabled
...@@ -229,16 +231,14 @@ module API ...@@ -229,16 +231,14 @@ module API
job = authenticate_job! job = authenticate_job!
forbidden!('Job is not running') unless job.running? forbidden!('Job is not running') unless job.running?
max_size = max_artifacts_size(job) service = Ci::AuthorizeJobArtifactService.new(job, params, max_size: max_artifacts_size(job))
if params[:filesize] forbidden! if service.forbidden?
file_size = params[:filesize].to_i file_too_large! if service.too_large?
file_too_large! unless file_size < max_size
end
status 200 status 200
content_type Gitlab::Workhorse::INTERNAL_API_CONTENT_TYPE content_type Gitlab::Workhorse::INTERNAL_API_CONTENT_TYPE
JobArtifactUploader.workhorse_authorize(has_length: false, maximum_size: max_size) service.headers
end end
desc 'Upload artifacts for job' do desc 'Upload artifacts for job' do
......
...@@ -1634,6 +1634,31 @@ describe API::Runner, :clean_gitlab_redis_shared_state do ...@@ -1634,6 +1634,31 @@ describe API::Runner, :clean_gitlab_redis_shared_state do
end end
end end
context 'authorize uploading of an lsif artifact' do
it 'adds ProcessLsif header' do
authorize_artifacts_with_token_in_headers(artifact_type: :lsif)
expect(response).to have_gitlab_http_status(:ok)
expect(json_response['ProcessLsif']).to be_truthy
end
it 'fails to authorize too large artifact' do
authorize_artifacts_with_token_in_headers(artifact_type: :lsif, filesize: 30.megabytes)
expect(response).to have_gitlab_http_status(:payload_too_large)
end
context 'code_navigation feature flag is disabled' do
it 'does not add ProcessLsif header' do
stub_feature_flags(code_navigation: false)
authorize_artifacts_with_token_in_headers(artifact_type: :lsif)
expect(response).to have_gitlab_http_status(:forbidden)
end
end
end
def authorize_artifacts(params = {}, request_headers = headers) def authorize_artifacts(params = {}, request_headers = headers)
post api("/jobs/#{job.id}/artifacts/authorize"), params: params, headers: request_headers post api("/jobs/#{job.id}/artifacts/authorize"), params: params, headers: request_headers
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment