Commit 1b86edce authored by Mayra Cabrera's avatar Mayra Cabrera

Merge branch '335075_add_files_api_throttling_settings' into 'master'

Add Files API throttling to application settings

See merge request gitlab-org/gitlab!68559
parents 29a00e6c e989361e
...@@ -315,12 +315,18 @@ module ApplicationSettingsHelper ...@@ -315,12 +315,18 @@ module ApplicationSettingsHelper
:throttle_authenticated_packages_api_enabled, :throttle_authenticated_packages_api_enabled,
:throttle_authenticated_packages_api_period_in_seconds, :throttle_authenticated_packages_api_period_in_seconds,
:throttle_authenticated_packages_api_requests_per_period, :throttle_authenticated_packages_api_requests_per_period,
:throttle_authenticated_files_api_enabled,
:throttle_authenticated_files_api_period_in_seconds,
:throttle_authenticated_files_api_requests_per_period,
:throttle_unauthenticated_enabled, :throttle_unauthenticated_enabled,
:throttle_unauthenticated_period_in_seconds, :throttle_unauthenticated_period_in_seconds,
:throttle_unauthenticated_requests_per_period, :throttle_unauthenticated_requests_per_period,
:throttle_unauthenticated_packages_api_enabled, :throttle_unauthenticated_packages_api_enabled,
:throttle_unauthenticated_packages_api_period_in_seconds, :throttle_unauthenticated_packages_api_period_in_seconds,
:throttle_unauthenticated_packages_api_requests_per_period, :throttle_unauthenticated_packages_api_requests_per_period,
:throttle_unauthenticated_files_api_enabled,
:throttle_unauthenticated_files_api_period_in_seconds,
:throttle_unauthenticated_files_api_requests_per_period,
:throttle_protected_paths_enabled, :throttle_protected_paths_enabled,
:throttle_protected_paths_period_in_seconds, :throttle_protected_paths_period_in_seconds,
:throttle_protected_paths_requests_per_period, :throttle_protected_paths_requests_per_period,
......
...@@ -479,6 +479,14 @@ class ApplicationSetting < ApplicationRecord ...@@ -479,6 +479,14 @@ class ApplicationSetting < ApplicationRecord
presence: true, presence: true,
numericality: { only_integer: true, greater_than: 0 } numericality: { only_integer: true, greater_than: 0 }
validates :throttle_unauthenticated_files_api_requests_per_period,
presence: true,
numericality: { only_integer: true, greater_than: 0 }
validates :throttle_unauthenticated_files_api_period_in_seconds,
presence: true,
numericality: { only_integer: true, greater_than: 0 }
validates :throttle_authenticated_api_requests_per_period, validates :throttle_authenticated_api_requests_per_period,
presence: true, presence: true,
numericality: { only_integer: true, greater_than: 0 } numericality: { only_integer: true, greater_than: 0 }
...@@ -503,6 +511,14 @@ class ApplicationSetting < ApplicationRecord ...@@ -503,6 +511,14 @@ class ApplicationSetting < ApplicationRecord
presence: true, presence: true,
numericality: { only_integer: true, greater_than: 0 } numericality: { only_integer: true, greater_than: 0 }
validates :throttle_authenticated_files_api_requests_per_period,
presence: true,
numericality: { only_integer: true, greater_than: 0 }
validates :throttle_authenticated_files_api_period_in_seconds,
presence: true,
numericality: { only_integer: true, greater_than: 0 }
validates :throttle_protected_paths_requests_per_period, validates :throttle_protected_paths_requests_per_period,
presence: true, presence: true,
numericality: { only_integer: true, greater_than: 0 } numericality: { only_integer: true, greater_than: 0 }
......
...@@ -167,6 +167,9 @@ module ApplicationSettingImplementation ...@@ -167,6 +167,9 @@ module ApplicationSettingImplementation
throttle_authenticated_packages_api_enabled: false, throttle_authenticated_packages_api_enabled: false,
throttle_authenticated_packages_api_period_in_seconds: 15, throttle_authenticated_packages_api_period_in_seconds: 15,
throttle_authenticated_packages_api_requests_per_period: 1000, throttle_authenticated_packages_api_requests_per_period: 1000,
throttle_authenticated_files_api_enabled: false,
throttle_authenticated_files_api_period_in_seconds: 15,
throttle_authenticated_files_api_requests_per_period: 500,
throttle_incident_management_notification_enabled: false, throttle_incident_management_notification_enabled: false,
throttle_incident_management_notification_per_period: 3600, throttle_incident_management_notification_per_period: 3600,
throttle_incident_management_notification_period_in_seconds: 3600, throttle_incident_management_notification_period_in_seconds: 3600,
...@@ -179,6 +182,9 @@ module ApplicationSettingImplementation ...@@ -179,6 +182,9 @@ module ApplicationSettingImplementation
throttle_unauthenticated_packages_api_enabled: false, throttle_unauthenticated_packages_api_enabled: false,
throttle_unauthenticated_packages_api_period_in_seconds: 15, throttle_unauthenticated_packages_api_period_in_seconds: 15,
throttle_unauthenticated_packages_api_requests_per_period: 800, throttle_unauthenticated_packages_api_requests_per_period: 800,
throttle_unauthenticated_files_api_enabled: false,
throttle_unauthenticated_files_api_period_in_seconds: 15,
throttle_unauthenticated_files_api_requests_per_period: 125,
time_tracking_limit_to_hours: false, time_tracking_limit_to_hours: false,
two_factor_grace_period: 48, two_factor_grace_period: 48,
unique_ips_limit_enabled: false, unique_ips_limit_enabled: false,
......
# frozen_string_literal: true
class AddThrottleFilesApiColumns < ActiveRecord::Migration[6.1]
def change
add_column :application_settings, :throttle_unauthenticated_files_api_requests_per_period, :integer, default: 125, null: false
add_column :application_settings, :throttle_unauthenticated_files_api_period_in_seconds, :integer, default: 15, null: false
add_column :application_settings, :throttle_authenticated_files_api_requests_per_period, :integer, default: 500, null: false
add_column :application_settings, :throttle_authenticated_files_api_period_in_seconds, :integer, default: 15, null: false
add_column :application_settings, :throttle_unauthenticated_files_api_enabled, :boolean, default: false, null: false
add_column :application_settings, :throttle_authenticated_files_api_enabled, :boolean, default: false, null: false
end
end
5c74d34171ed9129ffbb3efe5417da1ba857cd729837544e58074debd5afca88
\ No newline at end of file
...@@ -9606,6 +9606,12 @@ CREATE TABLE application_settings ( ...@@ -9606,6 +9606,12 @@ CREATE TABLE application_settings (
encrypted_customers_dot_jwt_signing_key bytea, encrypted_customers_dot_jwt_signing_key bytea,
encrypted_customers_dot_jwt_signing_key_iv bytea, encrypted_customers_dot_jwt_signing_key_iv bytea,
pypi_package_requests_forwarding boolean DEFAULT true NOT NULL, pypi_package_requests_forwarding boolean DEFAULT true NOT NULL,
throttle_unauthenticated_files_api_requests_per_period integer DEFAULT 125 NOT NULL,
throttle_unauthenticated_files_api_period_in_seconds integer DEFAULT 15 NOT NULL,
throttle_authenticated_files_api_requests_per_period integer DEFAULT 500 NOT NULL,
throttle_authenticated_files_api_period_in_seconds integer DEFAULT 15 NOT NULL,
throttle_unauthenticated_files_api_enabled boolean DEFAULT false NOT NULL,
throttle_authenticated_files_api_enabled boolean DEFAULT false NOT NULL,
CONSTRAINT app_settings_container_reg_cleanup_tags_max_list_size_positive CHECK ((container_registry_cleanup_tags_service_max_list_size >= 0)), CONSTRAINT app_settings_container_reg_cleanup_tags_max_list_size_positive CHECK ((container_registry_cleanup_tags_service_max_list_size >= 0)),
CONSTRAINT app_settings_ext_pipeline_validation_service_url_text_limit CHECK ((char_length(external_pipeline_validation_service_url) <= 255)), CONSTRAINT app_settings_ext_pipeline_validation_service_url_text_limit CHECK ((char_length(external_pipeline_validation_service_url) <= 255)),
CONSTRAINT app_settings_registry_exp_policies_worker_capacity_positive CHECK ((container_registry_expiration_policies_worker_capacity >= 0)), CONSTRAINT app_settings_registry_exp_policies_worker_capacity_positive CHECK ((container_registry_expiration_policies_worker_capacity >= 0)),
...@@ -931,6 +931,10 @@ RSpec.describe ApplicationSetting do ...@@ -931,6 +931,10 @@ RSpec.describe ApplicationSetting do
throttle_unauthenticated_packages_api_period_in_seconds throttle_unauthenticated_packages_api_period_in_seconds
throttle_authenticated_packages_api_requests_per_period throttle_authenticated_packages_api_requests_per_period
throttle_authenticated_packages_api_period_in_seconds throttle_authenticated_packages_api_period_in_seconds
throttle_unauthenticated_files_api_requests_per_period
throttle_unauthenticated_files_api_period_in_seconds
throttle_authenticated_files_api_requests_per_period
throttle_authenticated_files_api_period_in_seconds
] ]
end end
......
...@@ -362,6 +362,32 @@ RSpec.describe ApplicationSettings::UpdateService do ...@@ -362,6 +362,32 @@ RSpec.describe ApplicationSettings::UpdateService do
end end
end end
context 'when files API rate limits are passed' do
let(:params) do
{
throttle_unauthenticated_files_api_enabled: 1,
throttle_unauthenticated_files_api_period_in_seconds: 500,
throttle_unauthenticated_files_api_requests_per_period: 20,
throttle_authenticated_files_api_enabled: 1,
throttle_authenticated_files_api_period_in_seconds: 600,
throttle_authenticated_files_api_requests_per_period: 10
}
end
it 'updates files API throttle settings' do
subject.execute
application_settings.reload
expect(application_settings.throttle_unauthenticated_files_api_enabled).to be_truthy
expect(application_settings.throttle_unauthenticated_files_api_period_in_seconds).to eq(500)
expect(application_settings.throttle_unauthenticated_files_api_requests_per_period).to eq(20)
expect(application_settings.throttle_authenticated_files_api_enabled).to be_truthy
expect(application_settings.throttle_authenticated_files_api_period_in_seconds).to eq(600)
expect(application_settings.throttle_authenticated_files_api_requests_per_period).to eq(10)
end
end
context 'when issues_create_limit is passed' do context 'when issues_create_limit is passed' do
let(:params) do let(:params) do
{ {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment