Skip to content

GitLab Next

Why GitLab
Pricing
Contact Sales
Explore

Sign in
Get free trial

Resolve "Support restricting group access by multiple IP subnets"

Review changes
Download
Patches
Plain diff

Manoj M J requested to merge 12873-support-restricting-group-access-by-multiple-ip-subnets into master Aug 14, 2019

Overview 31
Commits 1
Pipelines 9
Changes 15

CE PORT: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/31959

What does this MR do?

For #12873 (closed)

Currently, for the group IP restriction feature, only 1 IP subnet can be provided.

This MR adds the ability to provide comma separated subnets for group IP restrictions.

This is how the change looks (the input box now accepts comma separated IP subnets)

Our long term goal is to move the IP restriction UI to something like this:

but right now, due to low bandwidth in FE, we were not able to get FE help for this change.

Hence, we had to make do with the existing form, which only has a single text input, but at the same time, move the association from a has_one :ip_restriction to a has_many :ip_restrictions.

In order to do this, I've made use of virtual attributes (a getter and setter named ip_restriction_ranges in the Group model), that creates and updates multiples ip_restriction records for us, while still allowing us to maintain the single text input in the form.

The benefits of virtual attribute I see are:

The surface area of the change is minimum: the change affects only the form, and not any area associated with the working of the IP Restriction feature.
When we move to the new UI as described above:

2.1 we will already have has_many :ip_restrictions in place (no db migration required from has_one)

2.2 we can get rid of the getter, setter and the form and it won't affect the working of the IP restriction feature in any manner.

Does this MR meet the acceptance criteria?

Conformity

Changelog entry
Documentation created/updated or follow-up review issue created
Code review guidelines
Merge request performance guidelines
Style guides
Database guides
Separation of EE specific content

Performance and Testing

Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
Tested in all supported browsers

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

Label as security and @ mention @gitlab-com/gl-security/appsec
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
Security reports checked/validated by a reviewer from the AppSec team

Edited Aug 19, 2019 by Manoj M J

Merge request reports

Assignee

Reviewers

Request review from

Time tracking