MR 1 of #208193 (comment 362910703) MR plan:
Put a timeout around DeleteTagsService#execute but only under those conditions:
container_registry_expiration_policies_throttling
is enabledcontainer_registry_delete_tags_service_timeout
set to anything else than nil
or 0
container_registry_delete_tags_service_timeout
)
/admin/application_settings/ci_cd
)container_registry_expiration_policies_throttling
. This provides us a safety switch between non throttled executions (current implementation) <-> throttled executions. This switch can be used in the case of a production issue.Caution
block to indicate that Cleanup Policies can be partially executed.$ rails db:migrate:up VERSION=20200710113437
== 20200710113437 AddContainerRegistryDeleteTagsServiceTimeoutToApplicationSettings: migrating
-- add_column(:application_settings, :container_registry_delete_tags_service_timeout, :integer, {:default=>250, :null=>false})
-> 0.0054s
== 20200710113437 AddContainerRegistryDeleteTagsServiceTimeoutToApplicationSettings: migrated (0.0054s)
$ rails db:migrate:down VERSION=20200710113437
== 20200710113437 AddContainerRegistryDeleteTagsServiceTimeoutToApplicationSettings: reverting
-- remove_column(:application_settings, :container_registry_delete_tags_service_timeout)
-> 0.0165s
== 20200710113437 AddContainerRegistryDeleteTagsServiceTimeoutToApplicationSettings: reverted (0.0166s)
The admin UI:
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
@gitlab-com/gl-security/appsec