Addresses: Issue #13810
1. Adds a last_used_at attribute to the Key table/model
2. Update a key's last_used_at whenever it gets used
3. Display how long ago an ssh key was last used
1. Starting version 2.11, git changed the way the pre-receive flow works.
- Previously, the new potential objects would be added to the main repo. If the
pre-receive passes, the new objects stay in the repo but are linked up. If
the pre-receive fails, the new objects stay orphaned in the repo, and are
cleaned up during the next `git gc`.
- In 2.11, the new potential objects are added to a temporary "alternate object
directory", that git creates for this purpose. If the pre-receive passes, the
objects from the alternate object directory are migrated to the main repo. If
the pre-receive fails the alternate object directory is simply deleted.
2. In our workflow, the pre-recieve script (in `gitlab-shell) calls the
`/allowed` endpoint, which calls out directly to git to perform
various checks. These direct calls to git do _not_ have the necessary
environment variables set which allow access to the "alternate object
directory" (explained above). Therefore these calls to git are not able to
access any of the new potential objects to be added during this push.
3. We fix this by accepting the relevant environment variables
(GIT_ALTERNATE_OBJECT_DIRECTORIES, GIT_OBJECT_DIRECTORY) on the
`/allowed` endpoint, and then include these environment variables while
calling out to git.
4. This commit includes (whitelisted) these environment variables while making
the "force push" check. A `Gitlab::Git::RevList` module is extracted to
prevent `ForcePush` from being littered with these checks.
gitlab-shell v3.6.6 would give project paths like so:
* namespace/project
gitlab-shell v4.0.0 can give project paths like so:
* /namespace1/namespace2/project
* /namespace/project
* /path/to/repository/storage/namespace1/namespace2/project
* /path/to/repository/storage/namespace/project
DRY code + fix rubocop
Add more test cases
Append to changelog
DRY changes list
find_url service for merge_requests
use GET for getting merge request links
remove files
rename to get_url_service
reduce loop
add test case for cross project
refactor tiny thing
update changelog
Merely setting the "action" tag will only result in the transaction
itself containing a value for this tag. To ensure other metrics also
contain this tag we must set the action using Transaction#action=
instead.
To prevent leaking of users info we reduce amount of user information
retrieved via API for normal users.
What user can get via API:
* if not admin: only id, state, name, username and avatar_url
* if admin: all user information
* about himself: all informaion
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Vincent Wong
Timothy Andrew
Nick Thomas
Dmitriy Zaporozhets
Patricio Cano
Kamil Trzcinski
Drew Blessing
Scott Le
Alejandro Rodríguez
Paco Guzman
Yorick Peterse
James Lopez
Douwe Maan
Ciro Santilli
Valery Sizov
Valery Sizov
Steven Thonus
Jurnell Cockhren