Adds package forwarding warning to delete modal
What does this MR do and why?
When users have package forwarding enabled (currently available for npm, PyPI, and Maven), there is a risk that a package could be deleted and then requests for that package will be forwarded to the public registry. Worst case, a malicious package exists under the same name on the public registry and is installed.
This MR adds a warning in confirmation modal for package list page:
- When users try to delete a single package with forwarding enabled
- When users try to bulk delete packages with forwarding enabled.
Previous MRs
- Added note about warning in settings -> !114403 (merged)
- Documentation -> !114457 (merged)
Implementation
- Removes usage of
delete-package-modal
from list page. - Improves shared
delete-modal
to handle one item. - This
delete-modal
will be used in the next MR for the details page.
Screenshots or screen recordings
How to set up and validate locally
- Visit Group > Settings > Packages and registries
- Enable request forwarding for one of NPM, PyPI, Maven package formats
- Publish different types of packages, as mentioned in https://gitlab.com/gitlab-org/ci-cd/package-stage/package/-/wikis/Packages-Tips-&-Tricks Example:
-
rails c
- Open the rails console -
p = Project.find(1)
- Find one of your GDK projects. Project id can be found on the project home page -
FactoryBot.create_list(:npm_package, 25, project: p, name: p.name)
- Creates 25 npm packages -
Add this line if above fails during the creation of files
def fixture_file_upload(*args, **kwargs) Rack::Test::UploadedFile.new(*args, **kwargs) end
-
- Visit groups & projects package registry list page.
- Trying to delete package should show warning in the modal if package type matches the request forwarding
- Trying to bulk delete packages should show warning in the modal if some of the package types match the request forwarding.
- For package formats that does not allow request forwarding, this warning should not appear.
These changes should not be applicable on details page.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #388694