kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2022-04-06 21:08:15 +00:00
parent da6cd333e7
commit 02c6800ac5
36 changed files with 751 additions and 176 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

133
app/assets/javascripts/import_entities/components/import_status.vue
View File

@ -1,10 +1,66 @@
<script>
import { GlIcon } from '@gitlab/ui';
import STATUS_MAP from '../constants';
import { GlAccordion, GlAccordionItem, GlBadge, GlIcon } from '@gitlab/ui';
import { convertObjectPropsToCamelCase } from '~/lib/utils/common_utils';
import { __, s__ } from '~/locale';
import { STATUSES } from '../constants';
const STATISTIC_ITEMS = {
diff_note: __('Diff notes'),
issue: __('Issues'),
label: __('Labels'),
milestone: __('Milestones'),
note: __('Notes'),
pull_request: s__('GithubImporter|Pull requests'),
pull_request_merged_by: s__('GithubImporter|PR mergers'),
pull_request_review: s__('GithubImporter|PR reviews'),
release: __('Releases'),
};
// support both camel case and snake case versions
Object.assign(STATISTIC_ITEMS, convertObjectPropsToCamelCase(STATISTIC_ITEMS));
const SCHEDULED_STATUS = {
icon: 'status-scheduled',
text: __('Pending'),
variant: 'muted',
};
const STATUS_MAP = {
[STATUSES.NONE]: {
icon: 'status-waiting',
text: __('Not started'),
variant: 'muted',
},
[STATUSES.SCHEDULING]: SCHEDULED_STATUS,
[STATUSES.SCHEDULED]: SCHEDULED_STATUS,
[STATUSES.CREATED]: SCHEDULED_STATUS,
[STATUSES.STARTED]: {
icon: 'status-running',
text: __('Importing...'),
variant: 'info',
},
[STATUSES.FAILED]: {
icon: 'status-failed',
text: __('Failed'),
variant: 'danger',
},
[STATUSES.CANCELLED]: {
icon: 'status-stopped',
text: __('Cancelled'),
variant: 'neutral',
},
};
function isIncompleteImport(stats) {
return Object.keys(stats.fetched).some((key) => stats.fetched[key] !== stats.imported[key]);
}
export default {
name: 'ImportStatus',
components: {
GlAccordion,
GlAccordionItem,
GlBadge,
GlIcon,
},
props: {
@ -12,19 +68,88 @@ export default {
type: String,
required: true,
},
stats: {
type: Object,
required: false,
default: () => ({ fetched: {}, imported: {} }),
},
},
computed: {
knownStats() {
const knownStatisticKeys = Object.keys(STATISTIC_ITEMS);
return Object.keys(this.stats.fetched).filter((key) => knownStatisticKeys.includes(key));
},
hasStats() {
return this.stats && this.knownStats.length > 0;
},
mappedStatus() {
if (this.status === STATUSES.FINISHED) {
const isIncomplete = this.stats && isIncompleteImport(this.stats);
return {
icon: 'status-success',
...(isIncomplete
? {
text: __('Partial import'),
variant: 'warning',
}
: {
text: __('Complete'),
variant: 'success',
}),
};
}
return STATUS_MAP[this.status];
},
},
methods: {
getStatisticIconProps(key) {
const fetched = this.stats.fetched[key];
const imported = this.stats.imported[key];
if (fetched === imported) {
return { name: 'status-success', class: 'gl-text-green-400' };
} else if (imported === 0) {
return { name: 'status-scheduled', class: 'gl-text-gray-400' };
}
return { name: 'status-running', class: 'gl-text-blue-400' };
},
},
STATISTIC_ITEMS,
};
</script>
<template>
<div>
<gl-icon :name="mappedStatus.icon" :class="mappedStatus.iconClass" :size="12" class="gl-mr-2" />
<span>{{ mappedStatus.text }}</span>
<div class="gl-display-inline-block gl-w-13">
<gl-badge :icon="mappedStatus.icon" :variant="mappedStatus.variant" size="md" class="gl-mr-2">
{{ mappedStatus.text }}
</gl-badge>
</div>
<gl-accordion v-if="hasStats" :header-level="3">
<gl-accordion-item :title="__('Details')">
<ul class="gl-p-0 gl-list-style-none gl-font-sm">
<li v-for="key in knownStats" :key="key">
<div class="gl-display-flex gl-w-20 gl-align-items-center">
<gl-icon
:size="12"
class="gl-mr-3 gl-flex-shrink-0"
v-bind="getStatisticIconProps(key)"
/>
<span class="">{{ $options.STATISTIC_ITEMS[key] }}</span>
<span class="gl-ml-auto">
{{ stats.imported[key] || 0 }}/{{ stats.fetched[key] }}
</span>
</div>
</li>
</ul>
</gl-accordion-item>
</gl-accordion>
</div>
</template>

41
app/assets/javascripts/import_entities/constants.js
View File

@ -1,5 +1,3 @@
import { __ } from '~/locale';
// The `scheduling` status is only present on the client-side,
// it is used as the status when we are requesting to start an import.
@ -13,42 +11,3 @@ export const STATUSES = {
SCHEDULING: 'scheduling',
CANCELLED: 'cancelled',
};
const SCHEDULED_STATUS = {
icon: 'status-scheduled',
text: __('Pending'),
iconClass: 'gl-text-orange-400',
};
const STATUS_MAP = {
[STATUSES.NONE]: {
icon: 'status-waiting',
text: __('Not started'),
iconClass: 'gl-text-gray-400',
},
[STATUSES.SCHEDULING]: SCHEDULED_STATUS,
[STATUSES.SCHEDULED]: SCHEDULED_STATUS,
[STATUSES.CREATED]: SCHEDULED_STATUS,
[STATUSES.STARTED]: {
icon: 'status-running',
text: __('Importing...'),
iconClass: 'gl-text-blue-400',
},
[STATUSES.FINISHED]: {
icon: 'status-success',
text: __('Complete'),
iconClass: 'gl-text-green-400',
},
[STATUSES.FAILED]: {
icon: 'status-failed',
text: __('Failed'),
iconClass: 'gl-text-red-600',
},
[STATUSES.CANCELLED]: {
icon: 'status-stopped',
text: __('Cancelled'),
iconClass: 'gl-text-red-600',
},
};
export default STATUS_MAP;

14
app/assets/javascripts/import_entities/import_projects/components/provider_repo_table_row.vue
View File

@ -69,6 +69,10 @@ export default {
return getImportStatus(this.repo);
},
stats() {
return this.repo.importedProject?.stats;
},
importTarget() {
return this.getImportTarget(this.repo.importSource.id);
},
@ -101,11 +105,11 @@ export default {
<template>
<tr
class="gl-h-11 gl-border-0 gl-border-solid gl-border-t-1 gl-border-gray-100 gl-h-11"
class="gl-h-11 gl-border-0 gl-border-solid gl-border-t-1 gl-border-gray-100 gl-h-11 gl-vertical-align-top"
data-qa-selector="project_import_row"
:data-qa-source-project="repo.importSource.fullName"
>
<td class="gl-p-4">
<td class="gl-p-4 gl-vertical-align-top">
<gl-link :href="repo.importSource.providerLink" target="_blank" data-testid="providerLink"
>{{ repo.importSource.fullName }}
<gl-icon v-if="repo.importSource.providerLink" name="external-link" />
@ -156,10 +160,10 @@ export default {
</template>
<template v-else-if="repo.importedProject">{{ displayFullPath }}</template>
</td>
<td class="gl-p-4" data-qa-selector="import_status_indicator">
<import-status :status="importStatus" />
<td class="gl-p-4 gl-vertical-align-top" data-qa-selector="import_status_indicator">
<import-status :status="importStatus" :stats="stats" />
</td>
<td data-testid="actions">
<td data-testid="actions" class="gl-vertical-align-top gl-pt-4">
<gl-button
v-if="isFinished"
class="btn btn-default"

6
app/assets/javascripts/import_entities/import_projects/store/mutations.js
View File

@ -113,7 +113,11 @@ export default {
updatedProjects.forEach((updatedProject) => {
const repo = state.repositories.find((p) => p.importedProject?.id === updatedProject.id);
if (repo?.importedProject) {
repo.importedProject.importStatus = updatedProject.importStatus;
repo.importedProject = {
...repo.importedProject,
stats: updatedProject.stats,
importStatus: updatedProject.importStatus,
};
}
});
},

1
app/assets/javascripts/jira_connect/subscriptions/components/app.vue
View File

@ -94,6 +94,7 @@ export default {
v-if="shouldShowAlert"
:variant="alert.variant"
:title="alert.title"
class="gl-mb-5"
data-testid="jira-connect-persisted-alert"
@dismiss="setAlert"
>

8
app/assets/javascripts/jira_connect/subscriptions/components/subscriptions_list.vue
View File

@ -1,5 +1,5 @@
<script>
import { GlButton, GlTable } from '@gitlab/ui';
import { GlButton, GlTableLite } from '@gitlab/ui';
import { isEmpty } from 'lodash';
import { mapMutations } from 'vuex';
import { removeSubscription } from '~/jira_connect/subscriptions/api';
@ -12,7 +12,7 @@ import GroupItemName from './group_item_name.vue';
export default {
components: {
GlButton,
GlTable,
GlTableLite,
GroupItemName,
TimeagoTooltip,
},
@ -78,7 +78,7 @@ export default {
</script>
<template>
<gl-table :items="subscriptions" :fields="$options.fields">
<gl-table-lite :items="subscriptions" :fields="$options.fields">
<template #cell(name)="{ item }">
<group-item-name :group="item.group" />
</template>
@ -95,5 +95,5 @@ export default {
>{{ __('Unlink') }}</gl-button
>
</template>
</gl-table>
</gl-table-lite>
</template>

45
app/assets/javascripts/search_settings/components/search_settings.vue
View File

@ -1,6 +1,6 @@
<script>
import { GlSearchBoxByType } from '@gitlab/ui';
import { uniq, escapeRegExp } from 'lodash';
import { escapeRegExp } from 'lodash';
import {
EXCLUDED_NODES,
HIDE_CLASS,
@ -60,41 +60,42 @@ const hideSectionsExcept = (sectionSelector, visibleSections) => {
});
};
const transformMatchElement = (element, searchTerm) => {
const textStr = element.textContent;
const highlightTextNode = (textNode, searchTerm) => {
const escapedSearchTerm = new RegExp(`(${escapeRegExp(searchTerm)})`, 'gi');
const textList = textNode.data.split(escapedSearchTerm);
return textList.reduce((documentFragment, text) => {
let addElement;
const textList = textStr.split(escapedSearchTerm);
const replaceFragment = document.createDocumentFragment();
textList.forEach((text) => {
let addElement = document.createTextNode(text);
if (escapedSearchTerm.test(text)) {
addElement = document.createElement('mark');
addElement.className = `${HIGHLIGHT_CLASS} ${NONE_PADDING_CLASS}`;
addElement.textContent = text;
escapedSearchTerm.lastIndex = 0;
} else {
addElement = document.createTextNode(text);
}
replaceFragment.appendChild(addElement);
});
return replaceFragment;
documentFragment.appendChild(addElement);
return documentFragment;
}, document.createDocumentFragment());
};
const highlightElements = (elements = [], searchTerm) => {
elements.forEach((element) => {
const replaceFragment = transformMatchElement(element, searchTerm);
element.innerHTML = '';
element.appendChild(replaceFragment);
const highlightText = (textNodes = [], searchTerm) => {
textNodes.forEach((textNode) => {
const fragmentWithHighlights = highlightTextNode(textNode, searchTerm);
textNode.parentElement.replaceChild(fragmentWithHighlights, textNode);
});
};
const displayResults = ({ sectionSelector, expandSection, searchTerm }, matches) => {
const elements = matches.map((match) => match.parentElement);
const sections = uniq(elements.map((element) => findSettingsSection(sectionSelector, element)));
const displayResults = ({ sectionSelector, expandSection, searchTerm }, matchingTextNodes) => {
const sections = Array.from(
new Set(matchingTextNodes.map((node) => findSettingsSection(sectionSelector, node))),
);
hideSectionsExcept(sectionSelector, sections);
sections.forEach(expandSection);
highlightElements(elements, searchTerm);
highlightText(matchingTextNodes, searchTerm);
};
const clearResults = (params) => {
@ -114,13 +115,13 @@ const search = (root, searchTerm) => {
: NodeFilter.FILTER_REJECT;
},
});
const results = [];
const textNodes = [];
for (let currentNode = iterator.nextNode(); currentNode; currentNode = iterator.nextNode()) {
results.push(currentNode);
textNodes.push(currentNode);
}
return results;
return textNodes;
};
export default {

10
app/assets/stylesheets/page_bundles/import.scss vendored
View File

@ -1,18 +1,22 @@
@import 'mixins_and_variables_and_functions';
.import-jobs-from-col {
width: 37%;
}
.import-jobs-to-col {
width: 39%;
width: 37%;
}
.import-jobs-status-col {
width: 15%;
width: 25%;
}
.import-jobs-cta-col {
width: 1%;
}
.import-entities-target-select {
&.disabled {
.import-entities-target-select-separator {

3
app/finders/users_finder.rb
View File

@ -55,7 +55,8 @@ class UsersFinder
private
def base_scope
User.all.order_id_desc
scope = current_user&.admin? ? User.all : User.without_forbidden_states
scope.order_id_desc
end
def by_username(users)

9
app/models/ci/secure_file.rb
View File

@ -11,13 +11,10 @@ module Ci
self.limit_scope = :project
self.limit_name = 'project_ci_secure_files'
attr_accessor :file_checksum
belongs_to :project, optional: false
validates :file, presence: true, file_size: { maximum: FILE_SIZE_LIMIT }
validates :checksum, :file_store, :name, :permissions, :project_id, presence: true
validate :validate_upload_checksum, on: :create
before_validation :assign_checksum
@ -36,11 +33,5 @@ module Ci
def assign_checksum
self.checksum = file.checksum if file.present? && file_changed?
end
def validate_upload_checksum
unless self.file_checksum.nil?
errors.add(:file_checksum, _("Secure Files|File did not match the provided checksum")) unless self.file_checksum == self.checksum
end
end
end
end

3
app/models/user.rb
View File

@ -46,6 +46,8 @@ class User < ApplicationRecord
:public_email
].freeze
FORBIDDEN_SEARCH_STATES = %w(blocked banned ldap_blocked).freeze
add_authentication_token_field :incoming_email_token, token_generator: -> { SecureRandom.hex.to_i(16).to_s(36) }
add_authentication_token_field :feed_token
add_authentication_token_field :static_object_token, encrypted: :optional
@ -469,6 +471,7 @@ class User < ApplicationRecord
scope :with_no_activity, -> { with_state(:active).human_or_service_user.where(last_activity_on: nil) }
scope :by_provider_and_extern_uid, ->(provider, extern_uid) { joins(:identities).merge(Identity.with_extern_uid(provider, extern_uid)) }
scope :by_ids_or_usernames, -> (ids, usernames) { where(username: usernames).or(where(id: ids)) }
scope :without_forbidden_states, -> { confirmed.where.not(state: FORBIDDEN_SEARCH_STATES) }
strip_attributes! :name

10
app/models/user_custom_attribute.rb
View File

@ -5,4 +5,14 @@ class UserCustomAttribute < ApplicationRecord
validates :user_id, :key, :value, presence: true
validates :key, uniqueness: { scope: [:user_id] }
def self.upsert_custom_attributes(custom_attributes)
created_at = Date.today
updated_at = Date.today
custom_attributes.map! do |custom_attribute|
custom_attribute.merge({ created_at: created_at, updated_at: updated_at })
end
upsert_all(custom_attributes, unique_by: [:user_id, :key])
end
end

17
db/post_migrate/20220404183350_add_forbidden_state_index_to_users.rb Normal file
View File

@ -0,0 +1,17 @@
# frozen_string_literal: true
class AddForbiddenStateIndexToUsers < Gitlab::Database::Migration[1.0]
disable_ddl_transaction!
INDEX_NAME = 'users_forbidden_state_idx'
def up
add_concurrent_index :users, :id,
name: INDEX_NAME,
where: "confirmed_at IS NOT NULL AND (state <> ALL (ARRAY['blocked', 'banned', 'ldap_blocked']))"
end
def down
remove_concurrent_index_by_name :users, INDEX_NAME
end
end

1
db/schema_migrations/20220404183350 Normal file
View File

@ -0,0 +1 @@
fcf7a6569afb7fdb95834179df5632ad14165d27476eb020e9db07e504f75f32

2
db/structure.sql
View File

@ -29680,6 +29680,8 @@ CREATE UNIQUE INDEX unique_merge_request_metrics_by_merge_request_id ON merge_re
CREATE INDEX user_follow_users_followee_id_idx ON user_follow_users USING btree (followee_id);
CREATE INDEX users_forbidden_state_idx ON users USING btree (id) WHERE ((confirmed_at IS NOT NULL) AND ((state)::text <> ALL (ARRAY['blocked'::text, 'banned'::text, 'ldap_blocked'::text])));
CREATE UNIQUE INDEX vulnerability_feedback_unique_idx ON vulnerability_feedback USING btree (project_id, category, feedback_type, project_fingerprint);
CREATE UNIQUE INDEX vulnerability_occurrence_pipelines_on_unique_keys ON vulnerability_occurrence_pipelines USING btree (occurrence_id, pipeline_id);

44
doc/administration/reference_architectures/10k_users.md
View File

@ -1533,6 +1533,26 @@ On each node:
# Recommended to be enabled for improved performance but can notably increase disk I/O
# Refer to https://docs.gitlab.com/ee/administration/gitaly/configure_gitaly.html#pack-objects-cache for more info
gitaly['pack_objects_cache_enabled'] = true
# Configure the Consul agent
consul['enable'] = true
## Enable service discovery for Prometheus
consul['monitoring_service_discovery'] = true
# START user configuration
# Please set the real values as explained in Required Information section
#
## The IPs of the Consul server nodes
## You can also use FQDNs and intermix them with IPs
consul['configuration'] = {
retry_join: %w(10.6.0.11 10.6.0.12 10.6.0.13),
}
# Set the network addresses that the exporters will listen on for monitoring
node_exporter['listen_address'] = '0.0.0.0:9100'
gitaly['prometheus_listen_addr'] = '0.0.0.0:9236'
#
# END user configuration
```
1. Append the following to `/etc/gitlab/gitlab.rb` for each respective server:
@ -2095,6 +2115,30 @@ To configure the Monitoring node:
retry_join: %w(10.6.0.11 10.6.0.12 10.6.0.13)
}
# Configure Prometheus to scrape services not covered by discovery
prometheus['scrape_configs'] = [
{
'job_name': 'pgbouncer',
'static_configs' => [
'targets' => [
"10.6.0.31:9188",
"10.6.0.32:9188",
"10.6.0.33:9188",
],
],
},
{
'job_name': 'praefect',
'static_configs' => [
'targets' => [
"10.6.0.131:9652",
"10.6.0.132:9652",
"10.6.0.133:9652",
],
],
},
]
# Nginx - For Grafana access
nginx['enable'] = true
```

44
doc/administration/reference_architectures/25k_users.md
View File

@ -1537,6 +1537,26 @@ On each node:
# Recommended to be enabled for improved performance but can notably increase disk I/O
# Refer to https://docs.gitlab.com/ee/administration/gitaly/configure_gitaly.html#pack-objects-cache for more info
gitaly['pack_objects_cache_enabled'] = true
# Configure the Consul agent
consul['enable'] = true
## Enable service discovery for Prometheus
consul['monitoring_service_discovery'] = true
# START user configuration
# Please set the real values as explained in Required Information section
#
## The IPs of the Consul server nodes
## You can also use FQDNs and intermix them with IPs
consul['configuration'] = {
retry_join: %w(10.6.0.11 10.6.0.12 10.6.0.13),
}
# Set the network addresses that the exporters will listen on for monitoring
node_exporter['listen_address'] = '0.0.0.0:9100'
gitaly['prometheus_listen_addr'] = '0.0.0.0:9236'
#
# END user configuration
```
1. Append the following to `/etc/gitlab/gitlab.rb` for each respective server:
@ -2100,6 +2120,30 @@ To configure the Monitoring node:
retry_join: %w(10.6.0.11 10.6.0.12 10.6.0.13)
}
# Configure Prometheus to scrape services not covered by discovery
prometheus['scrape_configs'] = [
{
'job_name': 'pgbouncer',
'static_configs' => [
'targets' => [
"10.6.0.31:9188",
"10.6.0.32:9188",
"10.6.0.33:9188",
],
],
},
{
'job_name': 'praefect',
'static_configs' => [
'targets' => [
"10.6.0.131:9652",
"10.6.0.132:9652",
"10.6.0.133:9652",
],
],
},
]
# Nginx - For Grafana access
nginx['enable'] = true
```

44
doc/administration/reference_architectures/3k_users.md
View File

@ -1477,6 +1477,26 @@ On each node:
# Recommended to be enabled for improved performance but can notably increase disk I/O
# Refer to https://docs.gitlab.com/ee/administration/gitaly/configure_gitaly.html#pack-objects-cache for more info
gitaly['pack_objects_cache_enabled'] = true
# Configure the Consul agent
consul['enable'] = true
## Enable service discovery for Prometheus
consul['monitoring_service_discovery'] = true
# START user configuration
# Please set the real values as explained in Required Information section
#
## The IPs of the Consul server nodes
## You can also use FQDNs and intermix them with IPs
consul['configuration'] = {
retry_join: %w(10.6.0.11 10.6.0.12 10.6.0.13),
}
# Set the network addresses that the exporters will listen on for monitoring
node_exporter['listen_address'] = '0.0.0.0:9100'
gitaly['prometheus_listen_addr'] = '0.0.0.0:9236'
#
# END user configuration
```
1. Append the following to `/etc/gitlab/gitlab.rb` for each respective server:
@ -2020,6 +2040,30 @@ running [Prometheus](../monitoring/prometheus/index.md) and
retry_join: %w(10.6.0.11 10.6.0.12 10.6.0.13)
}
# Configure Prometheus to scrape services not covered by discovery
prometheus['scrape_configs'] = [
{
'job_name': 'pgbouncer',
'static_configs' => [
'targets' => [
"10.6.0.21:9188",
"10.6.0.22:9188",
"10.6.0.23:9188",
],
],
},
{
'job_name': 'praefect',
'static_configs' => [
'targets' => [
"10.6.0.131:9652",
"10.6.0.132:9652",
"10.6.0.133:9652",
],
],
},
]
# Nginx - For Grafana access
nginx['enable'] = true
```

44
doc/administration/reference_architectures/50k_users.md
View File

@ -1546,6 +1546,26 @@ On each node:
# Recommended to be enabled for improved performance but can notably increase disk I/O
# Refer to https://docs.gitlab.com/ee/administration/gitaly/configure_gitaly.html#pack-objects-cache for more info
gitaly['pack_objects_cache_enabled'] = true
# Configure the Consul agent
consul['enable'] = true
## Enable service discovery for Prometheus
consul['monitoring_service_discovery'] = true
# START user configuration
# Please set the real values as explained in Required Information section
#
## The IPs of the Consul server nodes
## You can also use FQDNs and intermix them with IPs
consul['configuration'] = {
retry_join: %w(10.6.0.11 10.6.0.12 10.6.0.13),
}
# Set the network addresses that the exporters will listen on for monitoring
node_exporter['listen_address'] = '0.0.0.0:9100'
gitaly['prometheus_listen_addr'] = '0.0.0.0:9236'
#
# END user configuration
```
1. Append the following to `/etc/gitlab/gitlab.rb` for each respective server:
@ -2116,6 +2136,30 @@ To configure the Monitoring node:
retry_join: %w(10.6.0.11 10.6.0.12 10.6.0.13)
}
# Configure Prometheus to scrape services not covered by discovery
prometheus['scrape_configs'] = [
{
'job_name': 'pgbouncer',
'static_configs' => [
'targets' => [
"10.6.0.31:9188",
"10.6.0.32:9188",
"10.6.0.33:9188",
],
],
},
{
'job_name': 'praefect',
'static_configs' => [
'targets' => [
"10.6.0.131:9652",
"10.6.0.132:9652",
"10.6.0.133:9652",
],
],
},
]
# Nginx - For Grafana access
nginx['enable'] = true
```

44
doc/administration/reference_architectures/5k_users.md
View File

@ -1475,6 +1475,26 @@ On each node:
# Recommended to be enabled for improved performance but can notably increase disk I/O
# Refer to https://docs.gitlab.com/ee/administration/gitaly/configure_gitaly.html#pack-objects-cache for more info
gitaly['pack_objects_cache_enabled'] = true
# Configure the Consul agent
consul['enable'] = true
## Enable service discovery for Prometheus
consul['monitoring_service_discovery'] = true
# START user configuration
# Please set the real values as explained in Required Information section
#
## The IPs of the Consul server nodes
## You can also use FQDNs and intermix them with IPs
consul['configuration'] = {
retry_join: %w(10.6.0.11 10.6.0.12 10.6.0.13),
}
# Set the network addresses that the exporters will listen on for monitoring
node_exporter['listen_address'] = '0.0.0.0:9100'
gitaly['prometheus_listen_addr'] = '0.0.0.0:9236'
#
# END user configuration
```
1. Append the following to `/etc/gitlab/gitlab.rb` for each respective server:
@ -2020,6 +2040,30 @@ running [Prometheus](../monitoring/prometheus/index.md) and
retry_join: %w(10.6.0.11 10.6.0.12 10.6.0.13)
}
# Configure Prometheus to scrape services not covered by discovery
prometheus['scrape_configs'] = [
{
'job_name': 'pgbouncer',
'static_configs' => [
'targets' => [
"10.6.0.31:9188",
"10.6.0.32:9188",
"10.6.0.33:9188",
],
],
},
{
'job_name': 'praefect',
'static_configs' => [
'targets' => [
"10.6.0.131:9652",
"10.6.0.132:9652",
"10.6.0.133:9652",
],
],
},
]
# Nginx - For Grafana access
nginx['enable'] = true
```

7
doc/administration/troubleshooting/gitlab_rails_cheat_sheet.md
View File

@ -257,6 +257,13 @@ ProjectDestroyWorker.perform_async(project.id, user.id, {})
# or Projects::DestroyService.new(project, user).execute
```
If this fails, display why it doesn't work with:
```ruby
project = Project.find_by_full_path('<project_path>')
project.delete_error
```
### Remove fork relationship manually
```ruby

1
doc/api/secure_files.md
View File

@ -105,7 +105,6 @@ Supported attributes:
| `project_id` | integer/string | **{check-circle}** Yes | The ID or [URL-encoded path of the project](index.md#namespaced-path-encoding) owned by the authenticated user. |
| `name` | string | **{check-circle}** Yes | The `name` of the file being uploaded. |
| `file` | file | **{check-circle}** Yes | The `file` being uploaded (5 MB limit). |
| `file_checksum` | file | **{dotted-circle}** No | An optional sha256 checksum of the file to be uploaded. If provided, the checksum must match the uploaded file, or the upload will fail to validate. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/355653) in GitLab 14.10. |
| `permissions` | string | **{dotted-circle}** No | The file is created with the specified permissions when created in the CI/CD job. Available types are: `read_only` (default), `read_write`, and `execute`. |
Example request:

35
doc/topics/git/troubleshooting_git.md
View File

@ -232,3 +232,38 @@ too small, the error persists.
Modifying the server is not always an option, and introduces more potential risk.
Attempt local changes first.
## Password expired error on Git fetch via SSH for LDAP user
If `git fetch` returns this `HTTP 403 Forbidden` error on a self-managed instance of
GitLab, the password expiration date (`users.password_expires_at`) for this user in the
GitLab database is a date in the past:
```plaintext
Your password expired. Please access GitLab from a web browser to update your password.
```
Requests made with a SSO account and where `password_expires_at` is not `null`
return this error:
```plaintext
"403 Forbidden - Your password expired. Please access GitLab from a web browser to update your password."
```
To resolve this issue, you can update the password expiration by either:
- Using the `gitlab-rails console`:
```ruby
gitlab-rails console
user.update!(password_expires_at: nil)
```
- Using `gitlab-psql`:
```sql
# gitlab-psql
UPDATE users SET password_expires_at = null WHERE username='<USERNAME>';
```
The bug was reported [in this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/332455).

5
doc/user/project/repository/mirror/index.md
View File

@ -10,6 +10,11 @@ disqus_identifier: 'https://docs.gitlab.com/ee/workflow/repository_mirroring.htm
You can _mirror_ a repository to and from external sources. You can select which repository
serves as the source. Branches, tags, and commits can be mirrored.
NOTE:
SCP-style URLs are **not** supported. However, the work for implementing SCP-style URLs is tracked
in [this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/18993).
Subscribe to the issue to follow its progress.
Several mirroring methods exist:
- [Push](push.md): for mirroring a GitLab repository to another location.

4
lib/api/ci/secure_files.rb
View File

@ -62,14 +62,12 @@ module API
requires :name, type: String, desc: 'The name of the file'
requires :file, types: [Rack::Multipart::UploadedFile, ::API::Validations::Types::WorkhorseFile], desc: 'The secure file to be uploaded'
optional :permissions, type: String, desc: 'The file permissions', default: 'read_only', values: %w[read_only read_write execute]
optional :file_checksum, type: String, desc: 'An optional sha256 checksum of the file to be uploaded'
end
route_setting :authentication, basic_auth_personal_access_token: true, job_token_allowed: true
post ':id/secure_files' do
secure_file = user_project.secure_files.new(
name: params[:name],
permissions: params[:permissions] || :read_only,
file_checksum: params[:file_checksum]
permissions: params[:permissions] || :read_only
)
secure_file.file = params[:file]

21
locale/gitlab.pot
View File

@ -13016,6 +13016,9 @@ msgstr ""
msgid "Diff limits"
msgstr ""
msgid "Diff notes"
msgstr ""
msgid "Difference between start date and now"
msgstr ""
@ -17085,6 +17088,15 @@ msgstr ""
msgid "Gitea Import"
msgstr ""
msgid "GithubImporter|PR mergers"
msgstr ""
msgid "GithubImporter|PR reviews"
msgstr ""
msgid "GithubImporter|Pull requests"
msgstr ""
msgid "GithubIntegration|Create a %{token_link_start}personal access token%{token_link_end} with %{status_html} access granted and paste it here."
msgstr ""
@ -25642,6 +25654,9 @@ msgstr ""
msgid "NoteForm|Note"
msgstr ""
msgid "Notes"
msgstr ""
msgid "Notes rate limit"
msgstr ""
@ -27010,6 +27025,9 @@ msgstr ""
msgid "Part of merge request changes"
msgstr ""
msgid "Partial import"
msgstr ""
msgid "Participants"
msgstr ""
@ -33128,9 +33146,6 @@ msgstr ""
msgid "Secure Files"
msgstr ""
msgid "Secure Files|File did not match the provided checksum"
msgstr ""
msgid "Secure token that identifies an external storage request."
msgstr ""

2
qa/spec/specs/allure_report_spec.rb
View File

@ -66,7 +66,7 @@ describe QA::Runtime::AllureReport do
described_class.configure!
end
it 'configures Allure options' do
it 'configures Allure options', quarantine: 'https://gitlab.com/gitlab-org/gitlab/-/issues/357816' do
aggregate_failures do
expect(allure_config.results_directory).to eq('tmp/allure-results')
expect(allure_config.clean_results_directory).to eq(true)

50
spec/finders/users_finder_spec.rb
View File

@ -11,10 +11,10 @@ RSpec.describe UsersFinder do
context 'with a normal user' do
let_it_be(:user) { create(:user) }
it 'returns all users' do
it 'returns searchable users' do
users = described_class.new(user).execute
expect(users).to contain_exactly(user, normal_user, blocked_user, external_user, omniauth_user, internal_user, admin_user, project_bot)
expect(users).to contain_exactly(user, normal_user, external_user, omniauth_user, internal_user, admin_user, project_bot)
end
it 'filters by username' do
@ -36,9 +36,9 @@ RSpec.describe UsersFinder do
end
it 'filters by search' do
users = described_class.new(user, search: 'orando').execute
users = described_class.new(user, search: 'ohndo').execute
expect(users).to contain_exactly(blocked_user)
expect(users).to contain_exactly(normal_user)
end
it 'does not filter by private emails search' do
@ -47,18 +47,6 @@ RSpec.describe UsersFinder do
expect(users).to be_empty
end
it 'filters by blocked users' do
users = described_class.new(user, blocked: true).execute
expect(users).to contain_exactly(blocked_user)
end
it 'filters by active users' do
users = described_class.new(user, active: true).execute
expect(users).to contain_exactly(user, normal_user, external_user, omniauth_user, admin_user, project_bot)
end
it 'filters by external users' do
users = described_class.new(user, external: true).execute
@ -68,7 +56,7 @@ RSpec.describe UsersFinder do
it 'filters by non external users' do
users = described_class.new(user, non_external: true).execute
expect(users).to contain_exactly(user, normal_user, blocked_user, omniauth_user, internal_user, admin_user, project_bot)
expect(users).to contain_exactly(user, normal_user, omniauth_user, internal_user, admin_user, project_bot)
end
it 'filters by created_at' do
@ -85,13 +73,7 @@ RSpec.describe UsersFinder do
it 'filters by non internal users' do
users = described_class.new(user, non_internal: true).execute
expect(users).to contain_exactly(user, normal_user, external_user, blocked_user, omniauth_user, admin_user, project_bot)
end
it 'filters by without project bots' do
users = described_class.new(user, without_project_bots: true).execute
expect(users).to contain_exactly(user, normal_user, external_user, blocked_user, omniauth_user, internal_user, admin_user)
expect(users).to contain_exactly(user, normal_user, external_user, omniauth_user, admin_user, project_bot)
end
it 'does not filter by custom attributes' do
@ -100,18 +82,18 @@ RSpec.describe UsersFinder do
custom_attributes: { foo: 'bar' }
).execute
expect(users).to contain_exactly(user, normal_user, blocked_user, external_user, omniauth_user, internal_user, admin_user, project_bot)
expect(users).to contain_exactly(user, normal_user, external_user, omniauth_user, internal_user, admin_user, project_bot)
end
it 'orders returned results' do
users = described_class.new(user, sort: 'id_asc').execute
expect(users).to eq([normal_user, admin_user, blocked_user, external_user, omniauth_user, internal_user, project_bot, user])
expect(users).to eq([normal_user, admin_user, external_user, omniauth_user, internal_user, project_bot, user])
end
it 'does not filter by admins' do
users = described_class.new(user, admins: true).execute
expect(users).to contain_exactly(user, normal_user, external_user, admin_user, blocked_user, omniauth_user, internal_user, project_bot)
expect(users).to contain_exactly(user, normal_user, external_user, admin_user, omniauth_user, internal_user, project_bot)
end
end
@ -127,7 +109,19 @@ RSpec.describe UsersFinder do
it 'returns all users' do
users = described_class.new(admin).execute
expect(users).to contain_exactly(admin, normal_user, blocked_user, external_user, omniauth_user, internal_user, admin_user, project_bot)
expect(users).to contain_exactly(admin, normal_user, blocked_user, unconfirmed_user, banned_user, external_user, omniauth_user, internal_user, admin_user, project_bot)
end
it 'filters by blocked users' do
users = described_class.new(admin, blocked: true).execute
expect(users).to contain_exactly(blocked_user)
end
it 'filters by active users' do
users = described_class.new(admin, active: true).execute
expect(users).to contain_exactly(admin, normal_user, unconfirmed_user, external_user, omniauth_user, admin_user, project_bot)
end
it 'returns only admins' do

145
spec/frontend/import_entities/components/import_status_spec.js Normal file
View File

@ -0,0 +1,145 @@
import { GlAccordionItem, GlBadge, GlIcon } from '@gitlab/ui';
import { shallowMount } from '@vue/test-utils';
import ImportStatus from '~/import_entities/components/import_status.vue';
import { STATUSES } from '~/import_entities/constants';
describe('Import entities status component', () => {
let wrapper;
const createComponent = (propsData) => {
wrapper = shallowMount(ImportStatus, {
propsData,
});
};
afterEach(() => {
wrapper.destroy();
});
describe('success status', () => {
const getStatusText = () => wrapper.findComponent(GlBadge).text();
it('displays finished status as complete when no stats are provided', () => {
createComponent({
status: STATUSES.FINISHED,
});
expect(getStatusText()).toBe('Complete');
});
it('displays finished status as complete when all stats items were processed', () => {
const statItems = { label: 100, note: 200 };
createComponent({
status: STATUSES.FINISHED,
stats: {
fetched: { ...statItems },
imported: { ...statItems },
},
});
expect(getStatusText()).toBe('Complete');
});
it('displays finished status as partial when all stats items were processed', () => {
const statItems = { label: 100, note: 200 };
createComponent({
status: STATUSES.FINISHED,
stats: {
fetched: { ...statItems },
imported: { ...statItems, label: 50 },
},
});
expect(getStatusText()).toBe('Partial import');
});
});
describe('details drawer', () => {
const findDetailsDrawer = () => wrapper.findComponent(GlAccordionItem);
it('renders details drawer to be present when stats are provided', () => {
createComponent({
status: 'created',
stats: { fetched: { label: 1 }, imported: { label: 0 } },
});
expect(findDetailsDrawer().exists()).toBe(true);
});
it('does not render details drawer when no stats are provided', () => {
createComponent({
status: 'created',
});
expect(findDetailsDrawer().exists()).toBe(false);
});
it('does not render details drawer when stats are empty', () => {
createComponent({
status: 'created',
stats: { fetched: {}, imported: {} },
});
expect(findDetailsDrawer().exists()).toBe(false);
});
it('does not render details drawer when no known stats are provided', () => {
createComponent({
status: 'created',
stats: {
fetched: {
UNKNOWN_STAT: 100,
},
imported: {
UNKNOWN_STAT: 0,
},
},
});
expect(findDetailsDrawer().exists()).toBe(false);
});
});
describe('stats display', () => {
const getStatusIcon = () =>
wrapper.findComponent(GlAccordionItem).findComponent(GlIcon).props().name;
const createComponentWithStats = ({ fetched, imported }) => {
createComponent({
status: 'created',
stats: {
fetched: { label: fetched },
imported: { label: imported },
},
});
};
it('displays scheduled status when imported is 0', () => {
createComponentWithStats({
fetched: 100,
imported: 0,
});
expect(getStatusIcon()).toBe('status-scheduled');
});
it('displays running status when imported is not equal to fetched', () => {
createComponentWithStats({
fetched: 100,
imported: 10,
});
expect(getStatusIcon()).toBe('status-running');
});
it('displays success status when imported is equal to fetched', () => {
createComponentWithStats({
fetched: 100,
imported: 100,
});
expect(getStatusIcon()).toBe('status-success');
});
});
});

7
spec/frontend/import_entities/import_projects/components/provider_repo_table_row_spec.js
View File

@ -98,6 +98,8 @@ describe('ProviderRepoTableRow', () => {
});
describe('when rendering imported project', () => {
const FAKE_STATS = {};
const repo = {
importSource: {
id: 'remote-1',
@ -109,6 +111,7 @@ describe('ProviderRepoTableRow', () => {
fullPath: 'fullPath',
importSource: 'importSource',
importStatus: STATUSES.FINISHED,
stats: FAKE_STATS,
},
};
@ -134,6 +137,10 @@ describe('ProviderRepoTableRow', () => {
it('does not render import button', () => {
expect(findImportButton().exists()).toBe(false);
});
it('passes stats to import status component', () => {
expect(wrapper.find(ImportStatus).props().stats).toBe(FAKE_STATS);
});
});
describe('when rendering incompatible project', () => {

29
spec/frontend/import_entities/import_projects/store/mutations_spec.js
View File

@ -232,6 +232,35 @@ describe('import_projects store mutations', () => {
updatedProjects[0].importStatus,
);
});
it('updates import stats of project', () => {
const repoId = 1;
state = {
repositories: [
{ importedProject: { id: repoId, stats: {} }, importStatus: STATUSES.STARTED },
],
};
const newStats = {
fetched: {
label: 10,
},
imported: {
label: 1,
},
};
const updatedProjects = [
{
id: repoId,
importStatus: STATUSES.FINISHED,
stats: newStats,
},
];
mutations[types.RECEIVE_JOBS_SUCCESS](state, updatedProjects);
expect(state.repositories[0].importedProject.stats).toStrictEqual(newStats);
});
});
describe(`${types.REQUEST_NAMESPACES}`, () => {

41
spec/frontend/search_settings/components/search_settings_spec.js
View File

@ -1,5 +1,6 @@
import { GlSearchBoxByType } from '@gitlab/ui';
import { shallowMount } from '@vue/test-utils';
import { setHTMLFixture } from 'helpers/fixtures';
import SearchSettings from '~/search_settings/components/search_settings.vue';
import { HIGHLIGHT_CLASS, HIDE_CLASS } from '~/search_settings/constants';
import { isExpanded, expandSection, closeSection } from '~/settings_panels';
@ -11,7 +12,8 @@ describe('search_settings/components/search_settings.vue', () => {
const GENERAL_SETTINGS_ID = 'js-general-settings';
const ADVANCED_SETTINGS_ID = 'js-advanced-settings';
const EXTRA_SETTINGS_ID = 'js-extra-settings';
const TEXT_CONTAIN_SEARCH_TERM = `This text contain ${SEARCH_TERM} and <script>alert("111")</script> others.`;
const TEXT_CONTAIN_SEARCH_TERM = `This text contain ${SEARCH_TERM}.`;
const TEXT_WITH_SIBLING_ELEMENTS = `${SEARCH_TERM} <a data-testid="sibling" href="#">Learn more</a>.`;
let wrapper;
@ -42,13 +44,7 @@ describe('search_settings/components/search_settings.vue', () => {
});
};
const matchParentElement = () => {
const highlightedList = Array.from(document.querySelectorAll(`.${HIGHLIGHT_CLASS}`));
return highlightedList.map((element) => {
return element.parentNode;
});
};
const findMatchSiblingElement = () => document.querySelector(`[data-testid="sibling"]`);
const findSearchBox = () => wrapper.find(GlSearchBoxByType);
const search = (term) => {
findSearchBox().vm.$emit('input', term);
@ -56,7 +52,7 @@ describe('search_settings/components/search_settings.vue', () => {
const clearSearch = () => search('');
beforeEach(() => {
setFixtures(`
setHTMLFixture(`
<div>
<div class="js-search-app"></div>
<div id="${ROOT_ID}">
@ -69,6 +65,7 @@ describe('search_settings/components/search_settings.vue', () => {
<section id="${EXTRA_SETTINGS_ID}" class="settings">
<span>${SEARCH_TERM}</span>
<span>${TEXT_CONTAIN_SEARCH_TERM}</span>
<span>${TEXT_WITH_SIBLING_ELEMENTS}</span>
</section>
</div>
</div>
@ -99,7 +96,7 @@ describe('search_settings/components/search_settings.vue', () => {
it('highlight elements that match the search term', () => {
search(SEARCH_TERM);
expect(highlightedElementsCount()).toBe(2);
expect(highlightedElementsCount()).toBe(3);
});
it('highlight only search term and not the whole line', () => {
@ -108,14 +105,26 @@ describe('search_settings/components/search_settings.vue', () => {
expect(highlightedTextNodes()).toBe(true);
});
it('prevents search xss', () => {
// Regression test for https://gitlab.com/gitlab-org/gitlab/-/issues/350494
it('preserves elements that are siblings of matches', () => {
const snapshot = `
<a
data-testid="sibling"
href="#"
>
Learn more
</a>
`;
expect(findMatchSiblingElement()).toMatchInlineSnapshot(snapshot);
search(SEARCH_TERM);
const parentNodeList = matchParentElement();
parentNodeList.forEach((element) => {
const scriptElement = element.getElementsByTagName('script');
expect(scriptElement.length).toBe(0);
});
expect(findMatchSiblingElement()).toMatchInlineSnapshot(snapshot);
clearSearch();
expect(findMatchSiblingElement()).toMatchInlineSnapshot(snapshot);
});
describe('default', () => {

17
spec/models/user_spec.rb
View File

@ -6642,6 +6642,23 @@ RSpec.describe User do
end
end
describe '.without_forbidden_states' do
let_it_be(:normal_user) { create(:user, username: 'johndoe') }
let_it_be(:admin_user) { create(:user, :admin, username: 'iamadmin') }
let_it_be(:blocked_user) { create(:user, :blocked, username: 'notsorandom') }
let_it_be(:banned_user) { create(:user, :banned, username: 'iambanned') }
let_it_be(:external_user) { create(:user, :external) }
let_it_be(:unconfirmed_user) { create(:user, confirmed_at: nil) }
let_it_be(:omniauth_user) { create(:omniauth_user, provider: 'twitter', extern_uid: '123456') }
let_it_be(:internal_user) { User.alert_bot.tap { |u| u.confirm } }
it 'does not return blocked, banned or unconfirmed users' do
expect(described_class.without_forbidden_states).to match_array([
normal_user, admin_user, external_user, omniauth_user, internal_user
])
end
end
describe 'user_project' do
it 'returns users project matched by username and public visibility' do
user = create(:user)

32
spec/requests/api/ci/secure_files_spec.rb
View File

@ -257,22 +257,6 @@ RSpec.describe API::Ci::SecureFiles do
expect(Base64.encode64(response.body)).to eq(Base64.encode64(fixture_file_upload('spec/fixtures/ci_secure_files/upload-keystore.jks').read))
end
it 'uploads and validates a secure file with a provided checksum' do
params = {
file: fixture_file_upload('spec/fixtures/ci_secure_files/upload-keystore.jks'),
name: 'upload-keystore.jks',
permissions: 'execute',
file_checksum: Digest::SHA256.hexdigest(File.read(fixture_file_upload('spec/fixtures/ci_secure_files/upload-keystore.jks')))
}
expect do
post api("/projects/#{project.id}/secure_files", maintainer), params: params
end.to change {project.secure_files.count}.by(1)
expect(response).to have_gitlab_http_status(:created)
expect(json_response['name']).to eq('upload-keystore.jks')
end
it 'returns an error when the file checksum fails to validate' do
secure_file.update!(checksum: 'foo')
@ -283,22 +267,6 @@ RSpec.describe API::Ci::SecureFiles do
expect(response.code).to eq("500")
end
it 'returns an error when the user provided file checksum fails to validate' do
post_params = {
file: fixture_file_upload('spec/fixtures/ci_secure_files/upload-keystore.jks'),
name: 'upload-keystore.jks',
permissions: 'read_write',
file_checksum: 'foo'
}
expect do
post api("/projects/#{project.id}/secure_files", maintainer), params: post_params
end.not_to change { project.secure_files.count }
expect(response).to have_gitlab_http_status(:bad_request)
expect(json_response['message']['file_checksum']).to include(_("Secure Files|File did not match the provided checksum"))
end
it 'returns an error when no file is uploaded' do
post_params = {
name: 'upload-keystore.jks'

4
spec/requests/api/users_spec.rb
View File

@ -338,12 +338,14 @@ RSpec.describe API::Users do
expect(response).to match_response_schema('public_api/v4/user/basics')
expect(json_response.first.keys).not_to include 'is_admin'
end
end
context "when admin" do
context 'exclude_internal param' do
let_it_be(:internal_user) { User.alert_bot }
it 'returns all users when it is not set' do
get api("/users?exclude_internal=false", user)
get api("/users?exclude_internal=false", admin)
expect(response).to match_response_schema('public_api/v4/user/basics')
expect(response).to include_pagination_headers

4
spec/support/shared_contexts/finders/users_finder_shared_contexts.rb
View File

@ -3,8 +3,10 @@
RSpec.shared_context 'UsersFinder#execute filter by project context' do
let_it_be(:normal_user) { create(:user, username: 'johndoe') }
let_it_be(:admin_user) { create(:user, :admin, username: 'iamadmin') }
let_it_be(:banned_user) { create(:user, :banned, username: 'iambanned') }
let_it_be(:blocked_user) { create(:user, :blocked, username: 'notsorandom') }
let_it_be(:external_user) { create(:user, :external) }
let_it_be(:unconfirmed_user) { create(:user, confirmed_at: nil) }
let_it_be(:omniauth_user) { create(:omniauth_user, provider: 'twitter', extern_uid: '123456') }
let_it_be(:internal_user) { User.alert_bot }
let_it_be(:internal_user) { User.alert_bot.tap { |u| u.confirm } }
end