This brings back many of the changes in
!27276. This was
reverted due to some failures in the QA tests with nil parameters.

Grape v1.3.3 brings in Ruby 2.7 support and a number of fixes:
https://github.com/ruby-grape/grape/blob/master/CHANGELOG.md

1. Move all inherited `Grape::API` -> `Grape::API::Instance`
2. Remove use of Virtus since this has been removed from Grape.
3. Extract `Rack::Response` from API error
4. Grape v1.2.3 pulled in a fix used in `SafeFile`:
https://github.com/ruby-grape/grape/pull/1844, so we no longer need
to maintain our custom type.
5. Adapt `WorkhorseFile` with the latest changes to make custom types
work with Grape and dry-types.
6. Ensure `Array[String]` is coerced properly.

The change from Virtus to dry-types now requires all strings to be
coerced to arrays. Before this was done within Virtus.

7. Coerce `Array[Integer]` types to arrays of integers

8. Use a new helper, `coerce_nil_params_to_array!`, that coerces nil
Array inputs to empty arrays to preserve previous behavior.

If you have a parameter of type `Array[String]`, for example, Grape used
to coerce a provided `nil` value to `[]`. Grape no longer does this for
us, so we need a helper method that will automatically do this if the
parameter is present.

This merge request also introduces two Rubocop rules for Grape v1.3:

1. `Grape::API::Instance` instead of `Grape::API` is required, unless we
solve #215230.

2. Grape parameters defined with `Array` types (e.g. `Array[String]`,
`Array[Integer]`) must have a `coerce_with` block or they will fail to
parse properly. See
https://github.com/ruby-grape/grape/blob/master/UPGRADING.md for more
details.

Allison Browne authored 4 years ago and Bob Van Landuyt committed 4 years ago

API::Runners => API::Ci::Runners

We used them for the first code intelligence iteration
Now we don't need them, so we can remove

Also add specs and documentation

Edit intro to docs page

Edit docs examples

- Rearrange example requests and responses
- Surround request URLs in quotation marks

Apply suggestion to app/finders/resource_milestone_event_finder.rb

Apply suggestion to doc/api/resource_milestone_events.md

Bob Van Landuyt authored 4 years ago and Stan Hu committed 4 years ago

This logs the context for Rails-controller and Grape-API reqeusts
similar to what we do for Sidekiq.

The information comes from Labkit::Context.

This also avoids logging information for unpersisted groups and
projects in controllers. This was needed since the `#new` actions of
controllers would assign those ivars but the information is not
relevant for logs.

Sean Carroll authored 4 years ago and charlie ablett committed 4 years ago

Part of #24295

See merge request !29382

Minimum required to add a new API

Adds CRUD actions API for managing instance level CI/CD variables

To make starring dashboard available we need to introduce new API
endpoint which will recieve POST requests and add corresponding
database entries.

This handles a specific exception raised
by `rack-timeout` Gem when Puma requests
surpass the configured timeout.

This exception wasn't being handled properly
(and logged), given it inherits from `Exception`,
which is not handled by Grape `rescue_from :all`.

This reverts merge request !27276

This brings in Ruby 2.7 suport and a number of fixes:
https://github.com/ruby-grape/grape/blob/master/CHANGELOG.md

1. Move all inherited Grape::API -> Grape::API::Instance
2. Remove use of Virtus since this has been removed from Grape.
3. Extract Rack::Response from API error
4. Grape v1.2.3 pulled in a fix used in SafeFile:
https://github.com/ruby-grape/grape/pull/1844, so we no longer need
to maintain our custom type.
5. Adapt WorkhorseFile with the latest changes to make custom types work
with Grape and dry-types.
6. Ensure Array[String] is coerced properly.

The change from Virtus to dry-types now requires all strings to be
coerced to arrays. Before this was done within Virtus.

7. Coerce Array[Integer] types to arrays of integers

The change from Virtus to dry-types now requires all strings to be
coerced to arrays of integers. Before this was done within Virtus.

Kirstie Cook authored 4 years ago and Robert Speicher committed 4 years ago

Add annotations post endpoint specs

Add changelog entry

Add changelog entry

- Use Grape API
- Endpoints are dummies, but with authentication and authorization
- Use basic auth to get the Personal Access Token
- Add Maintainer ability specific to Terraform state

To track when:

* a push is done to a container repository
* a push is done to a container tag
* a delete is done to a container tag

Drew Blessing authored 4 years ago and Bob Van Landuyt committed 4 years ago

The SCIM API needs
to override the Application Context and set the user to nil
since the SCIM API doesn't operate in the context of a user.
Rather, the SCIM API uses a static token specific to the group
enabling SCIM.

Without overriding the context saving a user will hang when
attempting to resolve the current_user set in the Application
Context in the main API (lib/api/api.rb).

This API endpoint uses job metadata to remove jobs from a queue. It can
only be used by admins, and deletes as many jobs as it can in 30
seconds. If it exceeds 30 seconds, it returns a flag indicating that the
user should try again to finish processing the queue.

(Because of the way Sidekiq queues work, it can't resume where it left
off, so you just have to start from scratch each time.)

By default, it's implemented in GraphQL, but there's also a matching
REST endpoint for convenience.

Steve Abrams authored 5 years ago and Dylan Griffith committed 5 years ago

deploy_tokens endpoint is added to the api

George Koltsov authored 5 years ago and Ash McKenzie committed 5 years ago

- Add POST '/groups/import' API endpoint
- Triggers Group Import functionality similar to Project Import
- Imports a group structure along with it's relations

This MR provides API for fetching code navigation
info from the stored LSIF data

Andy Schoenen authored 5 years ago and Grzegorz Bizon committed 5 years ago

It updates User#last_activity_on, on every API request
when user is logged in and last_activity_on is a date
earlier than today

It adds new attributes subscription_plan and caller_id.

The subscription_plan can be "free", "bronze", "silver" or "gold",
these are exclusively fetched from the given namespace (or the
project if it's not given).

The caller_id can be the controller action name if it's a regular
Rails request, or the Grape route, when it's an API request.

These new attributes will also be logged at Sidekiq logs, along
the project, user and namespace.

This provides context to all requests made to Rails controllers or
grape endpoints.

Doing this starts a new `Labkit::Context`, to which we can provide a
namespace, project and user.

We're currently setting the following values:

- Web requests: In the ApplicationController we wrap the entire
  request in a `with_context`.
  - user: based on the `auth_user` if there is one
  - project: We try to read the @Project instance variable of the
    controller.
  - namespace: We try to read the @group instance variable of the
    controller. If there was none, but the project was set, we'll use
    that path to set the namespace

- API requests: The application context is pushed in a before block
  setting the following values:
  - user: to `current_user` if there is one
  - project: to `@Project`
  - namespace: to `@group`

- Internal API requests: the application context is pushed in a before
  block:
  - user: When to the user set in `Api::Support::GitAccessActor`
  - project: to @Project if it was available

The 3 supported attributes for a context are read lazily when
required.

This also replaces the existing correlation middlewares with the new
Labkit::Context middlewares.

The rack middleware wraps each rack request in an overarching context
that adds the correlation id. The context is cleaned up after the
request, so we're sure all child contexts are cleaned up as well.

The sidekiq client middleware will write the context into the job that
 goes into redis when a job is scheduled.

The sidekiq server middleware will then re-instantiate this context so
the job gets executed with the same context that was alive when it was
scheduled. This means that any new job scheduled from sidekiq would
also have this context.

Ethan Urie authored 5 years ago and Jan Provaznik committed 5 years ago

Refactored PagesController and pages API to use new service.

This API can be used to gather information on a project's push mirrors
and their status.

George Koltsov authored 5 years ago and Sean McGivern committed 5 years ago

- Introduce 2 new API endpoints for Group Structure Export
- POST /groups/:id/export
- GET /groups/:id/export/download

- Add new API endpoint to trigger Group Relations export
- Similar to Project Export, relations only

Closes #35362

Manoj M J authored 5 years ago and Ash McKenzie committed 5 years ago

This change implements Application
Statistics API

Basic `/internal/pages` endpoint that will be used for Pages virtual
domains internal API. The endpoint is currently behind feature flag and
provides authetication similar to how Workhorse is authenticating with
the GitLab.

This change implements Application
Statistics API

Squashed commits:

c4b804c6

so that we can use API::Internal namespace.

Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/61927.

Gosia Ksionek authored 5 years ago and Mike Kozono committed 5 years ago

Add middleware to api

Add new middleware class

Cast ip to string

Add specyfication for groups endpoint

Add specs for projects endpoint

Add working specs for ip_saver

Add changelog entry

Add string freeze

Fix rubocop offences

Add code review remarks

Fix typo in filename

Add docs about api restriction

Update docs file

Add changelod

Remove not needed file

Update docs file

Add changelod

Remove changelog

Apply suggestion to doc/user/group/index.md

Add code review remarks

Remove not needed code

Bring back to_s method on remote ip

Add if clause to restrictor

To avoid locking out of ssh calls

Make regex wider so it covers all internal endpoints

Add remote ip to be used in middleware

Add rubocop remarks

Stan Hu authored 5 years ago and Mayra Cabrera committed 5 years ago

Current `auth.log` uses `fullpath` and `ip`, while `api_json.log` uses
`remote_ip` and `path` for the same fields. Let's standardize these
namings to make it easier for people working with the data.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/66167

Steve Abrams authored 5 years ago and Mayra Cabrera committed 5 years ago

API endpoints for requesting container repositories
and container repositories with their tag information
are enabled for users that want to specify the group
containing the repository rather than the specific project.

All instances of injecting an EE specific module have been changed to
use the new methods for this: prepend_if_ee, extend_if_ee, and
include_if_ee. This allows these lines to be included in CE, even when
the modules to inject do not exist. This in turn allows us to backport
these lines to CE and keep them there, instead of having to strip them
out.