Maven virtual registry: implement multiple upstreams support

⏫ Multiple upstream support

🪑 Table changes

• Add an position column to virtual_registries_packages_maven_registry_upstreams. Required.
• Drop the unique constraints for that table. Here and here.
  • Add a unique [registry_id, upstream_id] constraint.
  • (If possible) add a count constraint where registry_id can't only appear 20 times.

🦄 Model changes

• VirtualRegistries::Packages::Maven::Registry model
  • Revisit has_one associations here and here.
  • Revisit #destroy_upstream.
• VirtualRegistries::Packages::Maven::RegistryUpstream model
  • Implementation a validation that only allows registry_id to appear 20 times in the table.
  • Handle the position attribute.
    • Special case: updating the attribute on an existing record which means:
      • if the order is not taken: make sure that the ordering is coherent. (1, 2, 3) instead of (1, 20, 100).
      • if the order is taken: push down all the greater order. (1, 2 , 3) for upstreams (A, B, C). Updating C order to 1 should end up in (1, 2, 3) for (C, A, B).
    • We could use a gem for this but honestly, I think we can keep it simple with callbacks that will adjust the position value for impacted upstreams.
• VirtualRegistries::Packages::Maven::Upstream.
  • In the url validator, add additional parameters:
    • dns_rebind_protection: true
  • Make sure that removing a VirtualRegistries::Packages::Maven::Upstream also removes the VirtualRegistries::Packages::Maven::RegistryUpstream record.

⚙️ Service changes

• VirtualRegistries::Packages::Maven::HandleFileRequestService.
  • Update #cache_entry. This is the code that tries to locate an existing cache entry.
  • Update #check_upstream. This is where the logic investigated should be.
    • Use typhoeus with the hydra mode with concurrency of 3.

📻 API changes

• Upstreams API:
  • Adding an Upstream through POST /api/v4/virtual_registries/packages/maven/registries/:id/upstreams will append the Upstream at the end of the list.
  • Expose the registry_upstream_id.
• Introduce a new API for RegistryUpstreams under /api/v4/virtual_registries/packages/maven/registry_upstreams
  • For now, we only need PUT /api/v4/virtual_registries/packages/maven/registry_upstreams/:id to be able to update the position.

🏋️ Work load

We are looking at 3-4 MRs for the overall work. They are mostly sequential (following the presentation order shown above). The only exception is API changes that can be done as soon as we have model changes.