Skip to content

Conan package registry file upload endpoints

Steve Abrams requested to merge 13345-conan-upload-file-endpoints into master

What does this MR do?

This MR implements the endpoints for handling file uploads to the conan package registry. When running a command like conan upload, the conan CLI will make api requests to this endpoint sending each package file as a request to the API. Workhorse intercepts these requests and handles the file upload, but forwards a /authorize request that is expected to be verified. Once workhorse has verified authorization, it submits the original request, but with file metadata rather than the file itself. This MR implements the endpoint for authorizing workhorse, and the endpoint for accepting the file metadata and creating the conan Package, PackageFile, and ConanFileMetadatum records.

This requires v8.11.0 of workhorse, which is already in use on master per the GITLAB_WORKHORSE_VERSION file. The workhorse route was imlemented in gitlab-workhorse!412 (merged)

Note: This is only a piece of the full conan upload implementation (it is too large for one MR), these new endpoints sit behind a feature flag, so there is no need for a changelog. The documentation for conan is also being handled in a separate MR: !16349 (merged)

Does this MR meet the acceptance criteria?

Conformity

Performance and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • ~~[ ] Label as security and @ mention @gitlab-com/gl-security/appsec~~
  • [ ] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • [ ] Security reports checked/validated by a reviewer from the AppSec team

Related #13345 (closed)

Edited by Steve Abrams

Merge request reports