From a42190a13bc04f38507a5308c81f50bec4072603 Mon Sep 17 00:00:00 2001 From: lyb124553153 <124553153@qq.com> Date: Fri, 9 Jun 2023 17:51:55 +0800 Subject: [PATCH] Add gitlab_shell_operation_limit to application_settings Add new column on application_settings with the name gitlab_shell_operaton_limit, with a default value of 600(per minute), which used as rate limiter for gitlab_shell_operation Changelog: changed --- app/models/application_setting.rb | 1 + app/models/application_setting_implementation.rb | 3 ++- ...gitlab_shell_operation_limit_to_application_settings.rb | 7 +++++++ db/schema_migrations/20230609085234 | 1 + db/structure.sql | 1 + lib/gitlab/application_rate_limiter.rb | 2 +- spec/models/application_setting_spec.rb | 2 +- 7 files changed, 14 insertions(+), 3 deletions(-) create mode 100644 db/migrate/20230609085234_add_gitlab_shell_operation_limit_to_application_settings.rb create mode 100644 db/schema_migrations/20230609085234 diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb index a823b8a93fbad6..7bcd9d08c91090 100644 --- a/app/models/application_setting.rb +++ b/app/models/application_setting.rb @@ -628,6 +628,7 @@ def self.kroki_formats_attributes validates :search_rate_limit validates :search_rate_limit_unauthenticated validates :projects_api_rate_limit_unauthenticated + validates :gitlab_shell_operation_limit end validates :notes_create_limit_allowlist, diff --git a/app/models/application_setting_implementation.rb b/app/models/application_setting_implementation.rb index c73bdf8793c576..81e816a5b7ccf3 100644 --- a/app/models/application_setting_implementation.rb +++ b/app/models/application_setting_implementation.rb @@ -259,7 +259,8 @@ def defaults # rubocop:disable Metrics/AbcSize projects_api_rate_limit_unauthenticated: 400, gitlab_dedicated_instance: false, ci_max_includes: 150, - allow_account_deletion: true + allow_account_deletion: true, + gitlab_shell_operation_limit: 600 }.tap do |hsh| hsh.merge!(non_production_defaults) unless Rails.env.production? end diff --git a/db/migrate/20230609085234_add_gitlab_shell_operation_limit_to_application_settings.rb b/db/migrate/20230609085234_add_gitlab_shell_operation_limit_to_application_settings.rb new file mode 100644 index 00000000000000..f9a5a6fcea9fad --- /dev/null +++ b/db/migrate/20230609085234_add_gitlab_shell_operation_limit_to_application_settings.rb @@ -0,0 +1,7 @@ +# frozen_string_literal: true + +class AddGitlabShellOperationLimitToApplicationSettings < Gitlab::Database::Migration[2.1] + def change + add_column :application_settings, :gitlab_shell_operation_limit, :integer, default: 600 + end +end diff --git a/db/schema_migrations/20230609085234 b/db/schema_migrations/20230609085234 new file mode 100644 index 00000000000000..0fbe9b8d2073d1 --- /dev/null +++ b/db/schema_migrations/20230609085234 @@ -0,0 +1 @@ +8fe12238b9e06a72c43f307f54aa75ef115f2885c8d7a5b42fa5dec7ff2a384a \ No newline at end of file diff --git a/db/structure.sql b/db/structure.sql index 5891df1a25025a..c5ec6078b7fc53 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -11851,6 +11851,7 @@ CREATE TABLE application_settings ( delete_unconfirmed_users boolean DEFAULT false NOT NULL, unconfirmed_users_delete_after_days integer DEFAULT 7 NOT NULL, default_branch_protection_defaults jsonb DEFAULT '{}'::jsonb NOT NULL, + gitlab_shell_operation_limit integer DEFAULT 600, CONSTRAINT app_settings_container_reg_cleanup_tags_max_list_size_positive CHECK ((container_registry_cleanup_tags_service_max_list_size >= 0)), CONSTRAINT app_settings_container_registry_pre_import_tags_rate_positive CHECK ((container_registry_pre_import_tags_rate >= (0)::numeric)), CONSTRAINT app_settings_dep_proxy_ttl_policies_worker_capacity_positive CHECK ((dependency_proxy_ttl_group_policy_worker_capacity >= 0)), diff --git a/lib/gitlab/application_rate_limiter.rb b/lib/gitlab/application_rate_limiter.rb index a8e74cbd7e6b36..8d7712951e1246 100644 --- a/lib/gitlab/application_rate_limiter.rb +++ b/lib/gitlab/application_rate_limiter.rb @@ -45,7 +45,7 @@ def rate_limits # rubocop:disable Metrics/AbcSize auto_rollback_deployment: { threshold: 1, interval: 3.minutes }, search_rate_limit: { threshold: -> { application_settings.search_rate_limit }, interval: 1.minute }, search_rate_limit_unauthenticated: { threshold: -> { application_settings.search_rate_limit_unauthenticated }, interval: 1.minute }, - gitlab_shell_operation: { threshold: 600, interval: 1.minute }, + gitlab_shell_operation: { threshold: application_settings.gitlab_shell_operation_limit, interval: 1.minute }, pipelines_create: { threshold: -> { application_settings.pipeline_limit_per_project_user_sha }, interval: 1.minute }, temporary_email_failure: { threshold: 300, interval: 1.day }, permanent_email_failure: { threshold: 5, interval: 1.day }, diff --git a/spec/models/application_setting_spec.rb b/spec/models/application_setting_spec.rb index b0c7f8c6dfc00b..8c8cfba55bdce7 100644 --- a/spec/models/application_setting_spec.rb +++ b/spec/models/application_setting_spec.rb @@ -206,7 +206,7 @@ it { is_expected.not_to allow_value('default' => 100, shouldntexist: 50).for(:repository_storages_weighted).with_message("can't include: shouldntexist") } %i[notes_create_limit search_rate_limit search_rate_limit_unauthenticated users_get_by_id_limit - projects_api_rate_limit_unauthenticated].each do |setting| + projects_api_rate_limit_unauthenticated gitlab_shell_operation_limit].each do |setting| it { is_expected.to allow_value(400).for(setting) } it { is_expected.not_to allow_value('two').for(setting) } it { is_expected.not_to allow_value(nil).for(setting) } -- GitLab