Reject more reserved paths

What does this MR do?

This adds some paths that shouldn't be used as a path for a namespace or project because they are used by GitLab itself. It will also rename existing projects or namespaces so they don't have invalid paths.

The validation of paths for Group is now dependent on whether or not the Group has a parent or not: For example a group with path: 'api' is not allowed without a parent, because it would conflict with our routes for the GitLab-api. But it is allowed to create a group or project under another namespace with path set to 'api'. (Fe: gitlab-org/api)

There now is a failing spec whenever a new route is introduced but it is not added to one of the reserved path collections in the DynamicPathValidator.

All paths (in Namespace, User and Project) are now validated by the DynamicPathValidator.

The following paths are rejected in this MR:

Top level

• api
• autocomplete
• member
• explore
• uploads
• import
• notification_settings
• abuse_reports
• invites
• koding
• health_check
• jwt
• oauth
• sent_notifications
• -
• users

Before wildcards

• info/lfs/objects
• gitlab-lfs/objects
• environments/folders

For sub-groups

• activity
• avatar
• edit
• group_members
• issues
• labels
• merge_requests
• milestones
• projects
• subgroups

We would need to know the count of these queries on GitLab.com to know the impact of the migrations in this MR:

Top level namespaces to be renamed

SELECT COUNT(*) FROM "namespaces" WHERE "namespaces"."parent_id" IS NULL AND ("namespaces"."path" ILIKE 'api' OR "namespaces"."path" ILIKE 'autocomplete' OR "namespaces"."path" ILIKE 'member' OR "namespaces"."path" ILIKE 'explore' OR "namespaces"."path" ILIKE 'uploads' OR "namespaces"."path" ILIKE 'import' OR "namespaces"."path" ILIKE 'notification_settings' OR "namespaces"."path" ILIKE 'abuse_reports' OR "namespaces"."path" ILIKE 'invites' OR "namespaces"."path" ILIKE 'koding' OR "namespaces"."path" ILIKE 'health_check' OR "namespaces"."path" ILIKE 'jwt' OR "namespaces"."path" ILIKE 'oauth' OR "namespaces"."path" ILIKE 'sent_notifications' OR "namespaces"."path" ILIKE '-' OR "namespaces"."path" ILIKE 'users')

Top level namespaces to be renamed: 9

Child Namespaces to be renamed

SELECT "namespaces".* FROM "namespaces" INNER JOIN "routes" ON "routes"."source_id" = "namespaces"."id" AND "routes"."source_type" = 'Namespace' WHERE ("namespaces"."parent_id" IS NOT NULL) AND ("routes"."path" ILIKE '%info/lfs/objects' OR "routes"."path" ILIKE '%gitlab-lfs/objects' OR "routes"."path" ILIKE '%environments/folders')

Child namespaces to be renamed: 0

Projects to be renamed

SELECT count("projects".*) FROM "projects" INNER JOIN "routes" ON "routes"."source_id" = "projects"."id" AND "routes"."source_type" = 'Project' WHERE ("routes"."path" ILIKE '%info/lfs/objects' OR "routes"."path" ILIKE '%gitlab-lfs/objects' OR "routes"."path" ILIKE '%environments/folders')

Projects to be renamed: 0

There's also a new migration helper to make adding a new reserved name easier. To create a migration to rename reserved paths you can now include the RenameReservedPathsMigration in you r migration. Which will provide 2 methods: rename_wildcard_paths which will rename child-namespaces & projects, and rename_root_paths which will rename top-level namespaces.

Why was this MR needed?

Right now it would be possible to create groups with these reserved names leaving them inaccessible later.

Closes #30272 (closed) #29126 (closed)