Skip to content

Add maven virtual registry crud endpoints (Upstream)

Moaz Khalifa requested to merge 467979-maven-vreg-models-API-for-upstreams into master

🔭 Context

With Maven virtual registry MVC (single upstream and... (&14137), we're starting the work on Virtual Registries. Virtual Registries is a feature that could be described as the evolution of the dependency proxy idea: having the GitLab instance play man in the middle between clients and artifacts registries. Artifacts can be any kind, but we're going to focus on packages and container images, starting with Maven packages specifically.

The maven virtual registry mainly consists of 3 entities (models that are backed up with database tables): Registries, Upstreams, and CachedResponses. For each entity, we need to support crud APIs, so users can list/create/update/delete those entities in their groups.

In this MR, we add the crud endpoints for the 2nd entity: Upstream. In Add maven virtual registry crud endpoints (Regi... (!161615 - merged), we are adding the crud endpoints of the Registry entity. A 3rd MR for the CachedResponse entity should be pushed soon.

What does this MR do and why?

Adding the following endpoints & their specs:

Upstreams

Route Notes
GET /api/v4/virtual_registries/packages/maven/registries/:registry_id/upstreams Get the list of all upstreams. (only 1 in this scope).
GET /api/v4/virtual_registries/packages/maven/registries/:registry_id/upstreams/:upstream_id Get a specific upstream.
POST /api/v4/virtual_registries/packages/maven/registries/:registry_id/upstreams Create an upstream. Attributes will be essentially the url and the optional credentials.
PUT /api/v4/virtual_registries/packages/maven/registries/:registry_id/upstreams/:upstream_id Update an upstream.
DELETE /api/v4/virtual_registries/packages/maven/registries/:registry_id/upstreams/:upstream_id Delete an upstream.

The attributes that can be passed for the POST and PUT requests:

  • url. The upstream url.
  • username. The username to use against the upstream.
  • password. The password to use against the upstream.

The password should be a write-once, read-none attribute. In other words, it should not be possible to read the password back.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

N/A

How to set up and validate locally

  1. Enable the feature flag : Feature.enable(:virtual_registry_maven).

  2. Make sure you have the dependency proxy enabled in your GDK, or simply comment out this line for easier testing.

  3. Have a PAT and a root group (any visibility) ready.

  4. In rails console, create a new registry:

    registry = ::VirtualRegistries::Packages::Maven::Registry.create!(group: <root_group>)

  5. Create a new upstream using the new POST /api/v4/virtual_registries/packages/maven/registries/:id/upstreams endpoint:

    curl -i -H 'Content-Type: application/json' \
   -d '{ "url": "https://maven.test", "username": "test", "password": "password"}' \
   -X POST \
   http://root:<PAT>@gdk.test:3000/api/v4/virtual_registries/packages/maven/registries/<registry_id>/upstreams

  6. List the available upstreams of the registry using GET /api/v4/virtual_registries/packages/maven/registries/:id/upstreams endpoint:

    curl -i http://root:<PAT>@gdk.test:3000/api/v4/virtual_registries/packages/maven/registries/<registry_id>/upstreams

  7. Get the details of a specific upstream using GET /api/v4/virtual_registries/packages/maven/registries/:id/upstreams/:upstream_id endpoint:

    curl -i http://root:<PAT>@gdk.test:3000/api/v4/virtual_registries/packages/maven/registries/<registry_id>/upstreams/<upstream_id>

  8. Update the attributes of the upstream using PUT /api/v4/virtual_registries/packages/maven/registries/:id/upstreams/:upstream_id endpoint:

    curl -i -H 'Content-Type: application/json' \
   -d '{ "url": "https://maven.test/updated", "username": "updated_test", "password": "updated_password"}' \
   -X PUT \
   http://root:<PAT>@gdk.test:3000/api/v4/virtual_registries/packages/maven/registries/<registry_id>/upstreams/<upstream_id>

  9. Delete the upstream using DELETE /api/v4/virtual_registries/packages/maven/registries/:id/upstreams/:upstream_id endpoint:

    curl -i -X DELETE http://root:<PAT>@gdk.test:3000/api/v4/virtual_registries/packages/maven/registries/<registry_id>/upstreams/<upstream_id>

  10. You can play around with different scenarios: passing invalid parameters, or invalid authentication token.

Related to #467979 (closed)

Edited by Moaz Khalifa

Merge request reports