Bug P3
Status Update
Comments
ek...@google.com <ek...@google.com> #2
lu...@gmail.com <lu...@gmail.com> #3
Project: plugins/replication
Branch: master
commit d1ad7d504171c8f68d2cf956bb3422fa84a8194f
Author: Luca Milanesio <luca.milanesio@gmail.com>
Date: Thu Jun 13 17:56:43 2024
Use SecureStore to access replication credentials
Gerrit introduced the SecureStore in Ibbb15ad2aa over 10 years
ago, however, the replication plugin was never adapted and then
unable to access the remote endpoint credentials when Gerrit
has a custom secure provider installed that would provide
data encryption at rest.
Replace the direct reading of the secure.config with the abstract
implementation of the Gerrit SecureStore, so that it can still
be working as expected with encrypted credentials.
Existing installations may have used a mix of encrypted and clear text
credentials in secure.config, leveraging the replication plugin bug
that was not accessing it using the correct API. Introduce a legacy
feature flag 'gerrit.useLegacyCredentials' that allow the Gerrit
admin to still use the legacy mode.
Whenever the replication plugin detects the legacy mode, it displays
a warning explaining what is happening and how to adjust the
configuration and enable full encryption in secure.config.
Release-Notes: Use SecureStore for reading username/password credentials
Bug: Issue 320715545
Change-Id: Ie5b6339d65d144536416cf070d52f11342b39fe6
M src/main/java/com/googlesource/gerrit/plugins/replication/AutoReloadConfigDecorator.java
M src/main/java/com/googlesource/gerrit/plugins/replication/AutoReloadSecureCredentialsFactoryDecorator.java
A src/main/java/com/googlesource/gerrit/plugins/replication/LegacyCredentialsFactory.java
M src/main/java/com/googlesource/gerrit/plugins/replication/ReplicationConfigImpl.java
M src/main/java/com/googlesource/gerrit/plugins/replication/SecureCredentialsFactory.java
M src/main/java/com/googlesource/gerrit/plugins/replication/api/ReplicationConfig.java
M src/main/resources/Documentation/config.md
M src/test/java/com/googlesource/gerrit/plugins/replication/AbstractConfigTest.java
A src/test/java/com/googlesource/gerrit/plugins/replication/AutoReloadSecureCredentialsFactoryDecoratorTest.java
https://gerrit-review.googlesource.com/429897
Branch: master
commit d1ad7d504171c8f68d2cf956bb3422fa84a8194f
Author: Luca Milanesio <luca.milanesio@gmail.com>
Date: Thu Jun 13 17:56:43 2024
Use SecureStore to access replication credentials
Gerrit introduced the SecureStore in Ibbb15ad2aa over 10 years
ago, however, the replication plugin was never adapted and then
unable to access the remote endpoint credentials when Gerrit
has a custom secure provider installed that would provide
data encryption at rest.
Replace the direct reading of the secure.config with the abstract
implementation of the Gerrit SecureStore, so that it can still
be working as expected with encrypted credentials.
Existing installations may have used a mix of encrypted and clear text
credentials in secure.config, leveraging the replication plugin bug
that was not accessing it using the correct API. Introduce a legacy
feature flag 'gerrit.useLegacyCredentials' that allow the Gerrit
admin to still use the legacy mode.
Whenever the replication plugin detects the legacy mode, it displays
a warning explaining what is happening and how to adjust the
configuration and enable full encryption in secure.config.
Release-Notes: Use SecureStore for reading username/password credentials
Bug:
Change-Id: Ie5b6339d65d144536416cf070d52f11342b39fe6
M src/main/java/com/googlesource/gerrit/plugins/replication/AutoReloadConfigDecorator.java
M src/main/java/com/googlesource/gerrit/plugins/replication/AutoReloadSecureCredentialsFactoryDecorator.java
A src/main/java/com/googlesource/gerrit/plugins/replication/LegacyCredentialsFactory.java
M src/main/java/com/googlesource/gerrit/plugins/replication/ReplicationConfigImpl.java
M src/main/java/com/googlesource/gerrit/plugins/replication/SecureCredentialsFactory.java
M src/main/java/com/googlesource/gerrit/plugins/replication/api/ReplicationConfig.java
M src/main/resources/Documentation/config.md
M src/test/java/com/googlesource/gerrit/plugins/replication/AbstractConfigTest.java
A src/test/java/com/googlesource/gerrit/plugins/replication/AutoReloadSecureCredentialsFactoryDecoratorTest.java
ek...@google.com <ek...@google.com> #4
OK, for us it doesn't seem to make any issues, hence I'm moving this into our backlog.
lu...@gmail.com <lu...@gmail.com> #5
It looks like the query with the 100s of OR is performed also for anonymous browsing, which is illogical: how can an anonymous browsing user trigger any block action?
ap...@google.com <ap...@google.com> #6
Project: gerrit
Branch: master
Author: Jacek Centkowski <
Link:
Don't sync bulk actions for anonymous user
Expand for full commit details
Don't sync bulk actions for anonymous user
There is no point in getting additional change details for bulk actions
for an anonymous user as bulk actions componenets are not shown in this
mode anyway. When user logs in list of changes will be refreshed anyway
an then details for bulk actions will be loaded.
Bug: Issue 365254275
Release-Notes: Don't sync bulk actions details for anonymous user.
Change-Id: I9b09991289a5ea555252c9f54a320c993e66e2e1
Files:
- M
polygerrit-ui/app/elements/change-list/gr-change-list-section/gr-change-list-section.ts
Hash: e7a95cc7e132a1b814f72faaa823db976345ec66
Date: Mon Oct 07 10:19:52 2024
Description
Affected Version: 3.10 (possibly also earlier versions)
What steps will reproduce the problem?
What is the expected output?
The list of changes should trigger a query for open changes
https://gerrit-review.googlesource.com/changes/?O=5000081&S=0&n=100&q=status%3Aopen&allow-incomplete-results=true
What do you see instead?
In addition to the above query you see the following one:
https://gerrit-review.googlesource.com/changes/?O=1010102&S=0&q=change%3A436677%20OR%20change%3A425398%20OR%20change%3A433239%20OR%20change%3A433240%20OR%20change%3A433238%20OR%20change%3A431917%20OR%20change%3A435877%20OR%20change%3A436558%20OR%20change%3A436557%20OR%20change%3A436517%20OR%20change%3A436597%20OR%20change%3A436537%20OR%20change%3A436277%20OR%20change%3A436258%20OR%20change%3A436477%20OR%20change%3A436257%20OR%20change%3A436259%20OR%20change%3A436260%20OR%20change%3A436418%20OR%20change%3A436417%20OR%20change%3A436457%20OR%20change%3A436397%20OR%20change%3A436437%20OR%20change%3A436399%20OR%20change%3A436398%20OR%20change%3A432279%20OR%20change%3A436377%20OR%20change%3A246495%20OR%20change%3A436357%20OR%20change%3A375726%20OR%20change%3A425521%20OR%20change%3A436337%20OR%20change%3A375374%20OR%20change%3A434998%20OR%20change%3A434997%20OR%20change%3A436237%20OR%20change%3A435078%20OR%20change%3A436239%20OR%20change%3A435399%20OR%20change%3A435998%20OR%20change%3A435957%20OR%20change%3A429518%20OR%20change%3A436097%20OR%20change%3A434699%20OR%20change%3A434698%20OR%20change%3A434697%20OR%20change%3A424298%20OR%20change%3A425505%20OR%20change%3A424300%20OR%20change%3A433998%20OR%20change%3A425522%20OR%20change%3A424299%20OR%20change%3A434237%20OR%20change%3A433997%20OR%20change%3A434297%20OR%20change%3A425917%20OR%20change%3A434298%20OR%20change%3A433999%20OR%20change%3A436039%20OR%20change%3A436037%20OR%20change%3A435018%20OR%20change%3A405457%20OR%20change%3A338837%20OR%20change%3A434797%20OR%20change%3A434798%20OR%20change%3A435338%20OR%20change%3A435297%20OR%20change%3A435677%20OR%20change%3A432097%20OR%20change%3A418881%20OR%20change%3A435337%20OR%20change%3A435857%20OR%20change%3A435917%20OR%20change%3A247442%20OR%20change%3A247054%20OR%20change%3A433477%20OR%20change%3A432277%20OR%20change%3A435578%20OR%20change%3A435537%20OR%20change%3A409722%20OR%20change%3A404437%20OR%20change%3A435318%20OR%20change%3A435317%20OR%20change%3A377074%20OR%20change%3A434557%20OR%20change%3A434897%20OR%20change%3A435237%20OR%20change%3A435217%20OR%20change%3A435197%20OR%20change%3A434999%20OR%20change%3A424580%20OR%20change%3A424039%20OR%20change%3A424577%20OR%20change%3A339338%20OR%20change%3A435137%20OR%20change%3A366336%20OR%20change%3A358180%20OR%20change%3A434157%20OR%20change%3A434589%20OR%20change%3A434837&allow-incomplete-results=true
What is the output of the JS console log (if applicable)?
Nothing relevant.
What is the performance record (seehttps://developers.google.com/web/tools /chrome-devtools/evaluate-performance/reference#record)(if applicable)?
Nothing relevant.
Please provide any additional information below.
Looks like the new mechanism was introduced for refreshing the status changes impacted by bulk actions (seehttps://gerrit-review.googlesource.com/c/gerrit/+/329492 ) and the feature flag is now enabled by default (see https://gerrit-review.googlesource.com/c/gerrit/+/345229 ). What I do not get is why this is triggered also when there is no intention to run any bulk action.