Enable repo size limit and ip restriction

features if service ping is enabled Add specs for the change Changelog: changed MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/70912 EE: true

Enable repo size limit and ip restriction
features if service ping is enabled Add specs for the change Changelog: changed MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/70912 EE: true
30bdbd2a · Rajendra Kadam · d9e4a776 · 30bdbd2a · 30bdbd2a · 30bdbd2a
Commit 30bdbd2a authored Sep 12, 2021 by Rajendra Kadam
12 changed files
--- a/app/views/admin/application_settings/_usage.html.haml
+++ b/app/views/admin/application_settings/_usage.html.haml
@@ -51,10 +51,18 @@
          %p.gl-mb-3.text-muted= _('Registration Features include:')
        .form-text
          - email_from_gitlab_path = help_page_path('tools/email.md')
+          - repo_size_limit_path = help_page_path('user/admin_area/settings/account_and_limit_settings.md', anchor: 'repository-size-limit')
+          - restrict_ip_path = help_page_path('user/group/index.md', anchor: 'restrict-group-access-by-ip-address')
          - link_end = '</a>'.html_safe
          - email_from_gitlab_link = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: email_from_gitlab_path }
+          - repo_size_limit_link = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: repo_size_limit_path }
+          - restrict_ip_link = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: restrict_ip_path }
          %ul
            %li
              = _('Email from GitLab - email users right from the Admin Area. %{link_start}Learn more%{link_end}.').html_safe % { link_start: email_from_gitlab_link, link_end: link_end }
+            %li
+              = _('Limit project size at a global, group and project level. %{link_start}Learn more%{link_end}.').html_safe % { link_start: repo_size_limit_link, link_end: link_end }
+            %li
+              = _('Restrict group access by IP address. %{link_start}Learn more%{link_end}.').html_safe % { link_start: restrict_ip_link, link_end: link_end }

  = f.submit _('Save changes'), class: "gl-button btn btn-confirm"
--- a/ee/app/models/ee/project.rb
+++ b/ee/app/models/ee/project.rb
@@ -601,7 +601,7 @@ module EE
          current_size_proc: -> { statistics.total_repository_size },
          limit: actual_size_limit,
          namespace: namespace,
-          enabled: License.feature_available?(:repository_size_limit)
+          enabled: License.feature_available?(:repository_size_limit) || License.features_with_usage_ping.include?(:repository_size_limit)
        )
      end
    end

--- a/ee/app/models/license.rb
+++ b/ee/app/models/license.rb
@@ -15,6 +15,11 @@ class License < ApplicationRecord

  EES_FEATURES_WITH_USAGE_PING = %i[
    send_emails_from_admin_area
+    repository_size_limit
+  ].freeze
+
+  EEP_FEATURES_WITH_USAGE_PING = %i[
+    group_ip_restriction
  ].freeze

  EES_FEATURES = %i[
@@ -45,7 +50,6 @@ class License < ApplicationRecord
    protected_refs_for_users
    push_rules
    repository_mirrors
-    repository_size_limit
    resource_access_token
    seat_link
    scoped_issue_board
@@ -54,7 +58,7 @@ class License < ApplicationRecord
    wip_limits
  ].freeze + EES_FEATURES_WITH_USAGE_PING

-  EEP_FEATURES = EES_FEATURES + %i[
+  EEP_FEATURES = EES_FEATURES + EEP_FEATURES_WITH_USAGE_PING + %i[
    adjourned_deletion_for_projects_and_groups
    admin_audit_log
    auditor_user
@@ -92,7 +96,6 @@ class License < ApplicationRecord
    group_allowed_email_domains
    group_coverage_reports
    group_forking_protection
-    group_ip_restriction
    group_merge_request_analytics
    group_merge_request_approval_settings
    group_milestone_project_releases
@@ -205,7 +208,7 @@ class License < ApplicationRecord
    end
  end.freeze

-  FEATURES_WITH_USAGE_PING = EES_FEATURES_WITH_USAGE_PING
+  FEATURES_WITH_USAGE_PING = EES_FEATURES_WITH_USAGE_PING + EEP_FEATURES_WITH_USAGE_PING

  # Add on codes that may occur in legacy licenses that don't have a plan yet.
  FEATURES_FOR_ADD_ONS = {

--- a/ee/app/views/admin/application_settings/_repository_size_limit_setting.html.haml
+++ b/ee/app/views/admin/application_settings/_repository_size_limit_setting.html.haml
- return unless License.feature_available?(:repository_size_limit)
+- return unless License.feature_available?(:repository_size_limit) || License.features_with_usage_ping.include?(:repository_size_limit)

 - form = local_assigns.fetch(:form)


--- a/ee/app/views/groups/settings/_ip_restriction.html.haml
+++ b/ee/app/views/groups/settings/_ip_restriction.html.haml
- return if !group.licensed_feature_available?(:group_ip_restriction) || group.parent_id.present?
+- return if !(group.licensed_feature_available?(:group_ip_restriction) || License.features_with_usage_ping.include?(:group_ip_restriction)) || group.parent_id.present?
 - hidden_input_id = 'group_ip_restriction_ranges'
 - label_id = "#{hidden_input_id}_label"


--- a/ee/app/views/shared/_repository_size_limit_setting.html.haml
+++ b/ee/app/views/shared/_repository_size_limit_setting.html.haml
- return unless current_user.admin? && License.feature_available?(:repository_size_limit)
+- return unless current_user.admin? && (License.feature_available?(:repository_size_limit) || License.features_with_usage_ping.include?(:repository_size_limit))

 - form = local_assigns.fetch(:form)
 - is_project = local_assigns.fetch(:type) == :project

--- a/ee/lib/gitlab/ip_restriction/enforcer.rb
+++ b/ee/lib/gitlab/ip_restriction/enforcer.rb
@@ -12,7 +12,7 @@ module Gitlab
      end

      def allows_current_ip?
-        return true unless group&.feature_available?(:group_ip_restriction)
+        return true unless group&.feature_available?(:group_ip_restriction) || ::License.features_with_usage_ping.include?(:group_ip_restriction)

        current_ip_address = Gitlab::IpAddressState.current


--- a/ee/spec/lib/ee/gitlab/ip_restriction/enforcer_spec.rb
+++ b/ee/spec/lib/ee/gitlab/ip_restriction/enforcer_spec.rb
@@ -7,6 +7,32 @@ RSpec.describe Gitlab::IpRestriction::Enforcer do
    let(:group) { create(:group) }
    let(:current_ip) { '192.168.0.2' }

+    shared_examples 'ip_restriction' do
+      context 'without restriction' do
+        it { is_expected.to be_truthy }
+      end
+
+      context 'with restriction' do
+        before do
+          ranges.each do |range|
+            create(:ip_restriction, group: group, range: range)
+          end
+        end
+
+        context 'address is within one of the ranges' do
+          let(:ranges) { ['192.168.0.0/24', '255.255.255.224/27'] }
+
+          it { is_expected.to be_truthy }
+        end
+
+        context 'address is outside all of the ranges' do
+          let(:ranges) { ['10.0.0.0/8', '255.255.255.224/27'] }
+
+          it { is_expected.to be_falsey }
+        end
+      end
+    end
+
    subject { described_class.new(group).allows_current_ip? }

    before do
@@ -14,36 +40,37 @@ RSpec.describe Gitlab::IpRestriction::Enforcer do
      stub_licensed_features(group_ip_restriction: true)
    end

-    context 'without restriction' do
-      it { is_expected.to be_truthy }
-    end
+    it_behaves_like 'ip_restriction'

-    context 'with restriction' do
+    context 'feature is disabled' do
      before do
-        ranges.each do |range|
-          create(:ip_restriction, group: group, range: range)
-        end
+        stub_licensed_features(group_ip_restriction: false)
      end

-      context 'address is within one of the ranges' do
-        let(:ranges) { ['192.168.0.0/24', '255.255.255.224/27'] }
+      it { is_expected.to be_truthy }
+    end

-        it { is_expected.to be_truthy }
+    context 'when usage ping is enabled' do
+      before do
+        stub_licensed_features(group_ip_restriction: false)
+        stub_application_setting(usage_ping_enabled: true)
      end

-      context 'address is outside all of the ranges' do
-        let(:ranges) { ['10.0.0.0/8', '255.255.255.224/27'] }
+      context 'when feature is activated' do
+        before do
+          stub_application_setting(usage_ping_features_enabled: true)
+        end

-        it { is_expected.to be_falsey }
+        it_behaves_like 'ip_restriction'
      end
-    end

-    context 'feature is disabled' do
-      before do
-        stub_licensed_features(group_ip_restriction: false)
-      end
+      context 'when feature is deactivated' do
+        before do
+          stub_application_setting(usage_ping_features_enabled: false)
+        end

-      it { is_expected.to be_truthy }
+        it { is_expected.to be_truthy }
+      end
    end
  end
 end
--- a/ee/spec/models/project_spec.rb
+++ b/ee/spec/models/project_spec.rb
@@ -2377,6 +2377,33 @@ RSpec.describe Project do
            expect(checker.enabled?).to be_falsey
          end
        end
+
+        context 'when usage ping is enabled' do
+          before do
+            stub_licensed_features(repository_size_limit: false)
+            stub_application_setting(usage_ping_enabled: true)
+          end
+
+          context 'when feature is activated' do
+            before do
+              stub_application_setting(usage_ping_features_enabled: true)
+            end
+
+            it 'is enabled' do
+              expect(checker.enabled?).to be_truthy
+            end
+          end
+
+          context 'when feature is deactivated' do
+            before do
+              stub_application_setting(usage_ping_features_enabled: false)
+            end
+
+            it 'is disabled' do
+              expect(checker.enabled?).to be_falsy
+            end
+          end
+        end
      end
    end
  end

--- a/ee/spec/requests/api/todos_spec.rb
+++ b/ee/spec/requests/api/todos_spec.rb
@@ -47,8 +47,8 @@ RSpec.describe API::Todos do

        create_todo_for_new_epic

-        # Additional query due to authorization check on new group
-        expect { get api('/todos', personal_access_token: pat) }.not_to exceed_query_limit(control).with_threshold(1)
+        # Additional query due to authorization check on new group and checking ip restriction on group
+        expect { get api('/todos', personal_access_token: pat) }.not_to exceed_query_limit(control).with_threshold(2)
      end

      it 'includes the Epic Todo in the response' do

--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -20355,6 +20355,9 @@ msgstr ""
 msgid "Limit namespaces and projects that can be indexed"
 msgstr ""

+msgid "Limit project size at a global, group and project level. %{link_start}Learn more%{link_end}."
+msgstr ""
+
 msgid "Limit sign in from multiple IP addresses"
 msgstr ""

@@ -28937,6 +28940,9 @@ msgstr ""
 msgid "Restoring the project will prevent the project from being removed on this date and restore people's ability to make changes to it."
 msgstr ""

+msgid "Restrict group access by IP address. %{link_start}Learn more%{link_end}."
+msgstr ""
+
 msgid "Restrict membership by email domain"
 msgstr ""


--- a/spec/requests/api/graphql/current_user/groups_query_spec.rb
+++ b/spec/requests/api/graphql/current_user/groups_query_spec.rb
@@ -45,7 +45,8 @@ RSpec.describe 'Query current user groups' do
    new_group = create(:group, :private)
    new_group.add_maintainer(current_user)

-    expect { post_graphql(query, current_user: current_user) }.not_to exceed_query_limit(control)
+    # Adds an extra query for checking ip restrictions on group
+    expect { post_graphql(query, current_user: current_user) }.not_to exceed_query_limit(control).with_threshold(1)
  end

  it 'returns all groups where the user is a direct member' do