Merge branch 'mc/backstage/move-dotenv-limit-application-limits' into 'master'

Move dotenv limits from constant to application limits

See merge request gitlab-org/gitlab!73855

app/services/ci/parse_dotenv_artifact_service.rb

@@ -2,8 +2,7 @@
 
 module Ci
   class ParseDotenvArtifactService < ::BaseService
-    MAX_ACCEPTABLE_DOTENV_SIZE = 5.kilobytes
-    MAX_ACCEPTABLE_VARIABLES_COUNT = 20
+    include ::Gitlab::Utils::StrongMemoize
 
     SizeLimitError = Class.new(StandardError)
     ParserError = Class.new(StandardError)
@@ -27,9 +26,9 @@ module Ci
         raise ArgumentError, 'Artifact is not dotenv file type'
       end
 
-      unless artifact.file.size < MAX_ACCEPTABLE_DOTENV_SIZE
+      unless artifact.file.size < dotenv_size_limit
         raise SizeLimitError,
-          "Dotenv Artifact Too Big. Maximum Allowable Size: #{MAX_ACCEPTABLE_DOTENV_SIZE}"
+          "Dotenv Artifact Too Big. Maximum Allowable Size: #{dotenv_size_limit}"
       end
     end
 
@@ -45,9 +44,9 @@ module Ci
         end
       end
 
-      if variables.size > MAX_ACCEPTABLE_VARIABLES_COUNT
+      if variables.size > dotenv_variable_limit
         raise SizeLimitError,
-          "Dotenv files cannot have more than #{MAX_ACCEPTABLE_VARIABLES_COUNT} variables"
+          "Dotenv files cannot have more than #{dotenv_variable_limit} variables"
       end
 
       variables
@@ -60,5 +59,13 @@ module Ci
 
       result.each(&:strip!)
     end
+
+    def dotenv_variable_limit
+      strong_memoize(:dotenv_variable_limit) { project.actual_limits.dotenv_variables }
+    end
+
+    def dotenv_size_limit
+      strong_memoize(:dotenv_size_limit) { project.actual_limits.dotenv_size }
+    end
   end
 end

db/migrate/20211105160316_create_dotenv_application_limits.rb

+# frozen_string_literal: true
+
+class CreateDotenvApplicationLimits < Gitlab::Database::Migration[1.0]
+  def change
+    add_column(:plan_limits, :dotenv_variables, :integer, default: 20, null: false)
+    add_column(:plan_limits, :dotenv_size, :integer, default: 5.kilobytes, null: false)
+  end
+end

db/migrate/20211105161404_insert_dotenv_application_limits.rb

+# frozen_string_literal: true
+
+class InsertDotenvApplicationLimits < Gitlab::Database::Migration[1.0]
+  def up
+    create_or_update_plan_limit('dotenv_variables', 'default', 150)
+    create_or_update_plan_limit('dotenv_variables', 'free', 50)
+    create_or_update_plan_limit('dotenv_variables', 'opensource', 150)
+    create_or_update_plan_limit('dotenv_variables', 'premium', 100)
+    create_or_update_plan_limit('dotenv_variables', 'premium_trial', 100)
+    create_or_update_plan_limit('dotenv_variables', 'ultimate', 150)
+    create_or_update_plan_limit('dotenv_variables', 'ultimate_trial', 150)
+
+    create_or_update_plan_limit('dotenv_size', 'default', 5.kilobytes)
+  end
+
+  def down
+    create_or_update_plan_limit('dotenv_variables', 'default', 20)
+    create_or_update_plan_limit('dotenv_variables', 'free', 20)
+    create_or_update_plan_limit('dotenv_variables', 'opensource', 20)
+    create_or_update_plan_limit('dotenv_variables', 'premium', 20)
+    create_or_update_plan_limit('dotenv_variables', 'premium_trial', 20)
+    create_or_update_plan_limit('dotenv_variables', 'ultimate', 20)
+    create_or_update_plan_limit('dotenv_variables', 'ultimate_trial', 20)
+
+    create_or_update_plan_limit('dotenv_size', 'default', 5.kilobytes)
+  end
+end

db/schema_migrations/20211105160316

+afb9552a4104b10b25d65a9fec478c5c28a31ec31402400554db4288033bacb6
\ No newline at end of file

db/schema_migrations/20211105161404

+911cc21de320d0d5716ce80ebca56433b793c2072cb62da783605c99bb9aada9
\ No newline at end of file

db/structure.sql

@@ -17574,7 +17574,9 @@ CREATE TABLE plan_limits (
     ci_jobs_trace_size_limit integer DEFAULT 100 NOT NULL,
     pages_file_entries integer DEFAULT 200000 NOT NULL,
     dast_profile_schedules integer DEFAULT 1 NOT NULL,
-    external_audit_event_destinations integer DEFAULT 5 NOT NULL
+    external_audit_event_destinations integer DEFAULT 5 NOT NULL,
+    dotenv_variables integer DEFAULT 20 NOT NULL,
+    dotenv_size integer DEFAULT 5120 NOT NULL
 );
 
 CREATE SEQUENCE plan_limits_id_seq

doc/administration/instance_limits.md

@@ -610,6 +610,40 @@ To disable this limitation entirely, disable the feature flag in the console:
 Feature.disable(:ci_yaml_limit_size)
 ```
 
+### Limit dotenv variables
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/321552) in GitLab 14.5.
+
+You can set a limit on the maximum number of variables inside of a dotenv artifact.
+This limit is checked every time a dotenv file is exported as an artifact.
+
+Set the limit to `0` to disable it. Defaults to `0` on self-managed instances.
+
+To set this limit to `100` on a self-managed instance, run the following command in the
+[GitLab Rails console](operations/rails_console.md#starting-a-rails-console-session):
+
+```ruby
+Plan.default.actual_limits.update!(dotenv_variable_limit: 100)
+```
+
+This limit is [enabled on GitLab.com](../user/gitlab_com/index.md#gitlab-cicd).
+
+### Limit dotenv file size
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/321552) in GitLab 14.5.
+
+You can set a limit on the maximum size of a dotenv artifact. This limit is checked
+every time a dotenv file is exported as an artifact.
+
+Set the limit to `0` to disable it. Defaults to 5KB.
+
+To set this limit to 5KB on a self-managed installation, run the following in the
+[GitLab Rails console](operations/rails_console.md#starting-a-rails-console-session):
+
+```ruby
+Plan.default.actual_limits.update!(dotenv_size_limit: 5.kilobytes)
+```
+
 ## Instance monitoring and metrics
 
 ### Limit inbound incident management alerts

doc/user/gitlab_com/index.md

@@ -140,6 +140,7 @@ the related documentation.
 | [Scheduled Job Archival](../../user/admin_area/settings/continuous_integration.md#archive-jobs) | 3 months | Never |
 | Max test cases per [unit test report](../../ci/unit_test_reports.md) | `500_000` | Unlimited |
 | [Max registered runners](../../administration/instance_limits.md#number-of-registered-runners-per-scope) | Free tier: `50` per-group / `50` per-project <br/> All paid tiers: `1_000` per-group  / `1_000` per-project | `1_000` per-group / `1_000` per-project |
+| [Limit dotenv variables](../../administration/instance_limits.md#limit-dotenv-variables) | Free tier: `50` / Premium tier: `100` / Ultimate tier: `150` | Unlimited |
 
 ## Account and limit settings
 

spec/services/ci/parse_dotenv_artifact_service_spec.rb

@@ -45,7 +45,7 @@ RSpec.describe Ci::ParseDotenvArtifactService do
 
         it 'returns error' do
           expect(subject[:status]).to eq(:error)
-          expect(subject[:message]).to eq("Dotenv Artifact Too Big. Maximum Allowable Size: #{described_class::MAX_ACCEPTABLE_DOTENV_SIZE}")
+          expect(subject[:message]).to eq("Dotenv Artifact Too Big. Maximum Allowable Size: #{service.send(:dotenv_size_limit)}")
           expect(subject[:http_status]).to eq(:bad_request)
         end
       end
@@ -186,7 +186,7 @@ RSpec.describe Ci::ParseDotenvArtifactService do
         context 'when more than limitated variables are specified in dotenv' do
           let(:blob) do
             StringIO.new.tap do |s|
-              (described_class::MAX_ACCEPTABLE_VARIABLES_COUNT + 1).times do |i|
+              (service.send(:dotenv_variable_limit) + 1).times do |i|
                 s << "KEY#{i}=VAR#{i}\n"
               end
             end.string
@@ -194,7 +194,7 @@ RSpec.describe Ci::ParseDotenvArtifactService do
 
           it 'returns error' do
             expect(subject[:status]).to eq(:error)
-            expect(subject[:message]).to eq("Dotenv files cannot have more than #{described_class::MAX_ACCEPTABLE_VARIABLES_COUNT} variables")
+            expect(subject[:message]).to eq("Dotenv files cannot have more than #{service.send(:dotenv_variable_limit)} variables")
             expect(subject[:http_status]).to eq(:bad_request)
           end
         end