Maven Virtual Registry: Not allow duplicated upstreams

Moaz Khalifarequested to merge
537233-maven-virtual-registry-not-allow-duplicated-upstreams into master

Context

In Maven virtual registry, we need to prevent duplicate upstreams for the same top-level group. The upstream object has 3 credential attributes: the URL, username, and password. By preventing duplicates, we don't want to allow having 2 upstreams that share the same credentials. However, two upstreams can share the same URL but with different username & password.

If users need to have the same upstream in multiple registries, they can utilize the shareable upstreams feature: an upstream is associated with more than one upstream.

What does this MR do and why?

  • Add a model uniqueness custom validation to ensure that two upstream objects cannot share the same URL, username & password in the same top-level group.
  • Add the needed specs.

References

Screenshots or screen recordings

N/A

How to set up and validate locally

Requirements:

  • Have a GitLab instance with an EE licence, as the maven virtual registry is an EE only feature.
  • Have a top level group id ready (maintainer access level).
  • Have a PAT ready (scope api).

  1. Enable the feature flag in Rails console:

    Feature.enable(:maven_virtual_registry)

  2. Create a registry object and note the id. We can use $ curl for that.

    curl -X POST -H "PRIVATE-TOKEN: <PAT>" "http://gdk.test:3000/api/v4/groups/<top level group id>/-/virtual_registries/packages/maven/registries?name=registry"

  3. Use the registry id to create an upstream with credentials:

    curl --request POST --header "PRIVATE-TOKEN: <PAT>" \
  --header "Content-Type: application/json" \
  --data '{"name": "upstream1", "url": "https://example.com", "username": "user", "password": "password"}' \
  --url "http://gdk.test:3000/api/v4/virtual_registries/packages/maven/registries/<registry id>/upstreams" | jq

  4. Try to create a 2nd upstream with the same credentials, an error should be returned. Change any value of the credentials and the upstream should be created successfully.

  5. You can also play with Update an upstream registry endpoint to make sure the uniqueness validation works as expected.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #537233 (closed)

Edited by Moaz Khalifa

Merge request reports