From 040df42a88a5ea4c11e16be977383517585b67b6 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Thu, 16 Dec 2021 21:14:09 +0000 Subject: [PATCH] Add latest changes from gitlab-org/gitlab@master --- app/policies/group_policy.rb | 13 +++ .../groups/runners/_group_runners.html.haml | 2 +- .../creations/_new_submit.html.haml | 6 +- .../projects/merge_requests/show.html.haml | 8 +- .../runners/_runner_type_badge.html.haml | 9 +-- .../postgresql/replication_and_failover.md | 2 +- .../compliance/license_compliance/index.md | 5 +- spec/policies/group_policy_spec.rb | 80 +++++++++++++++++++ .../runners/_group_runners.html.haml_spec.rb | 5 +- 9 files changed, 110 insertions(+), 20 deletions(-) diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index 73abe006889..5c4990ffd9b 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -77,6 +77,11 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy condition(:crm_enabled, score: 0, scope: :subject) { Feature.enabled?(:customer_relations, @subject) } + with_scope :subject + condition(:group_runner_registration_allowed, score: 0, scope: :subject) do + Feature.disabled?(:runner_registration_control) || Gitlab::CurrentSettings.valid_runner_registrars.include?('group') + end + rule { can?(:read_group) & design_management_enabled }.policy do enable :read_design_activity end @@ -200,6 +205,10 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy enable :read_nested_project_resources end + rule { can?(:admin_group_runners) }.policy do + enable :register_group_runners + end + rule { owner }.enable :create_subgroup rule { maintainer & maintainer_can_create_group }.enable :create_subgroup @@ -262,6 +271,10 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy prevent :admin_crm_organization end + rule { ~group_runner_registration_allowed }.policy do + prevent :register_group_runners + end + def access_level(for_any_session: false) return GroupMember::NO_ACCESS if @user.nil? return GroupMember::NO_ACCESS unless user_is_user? diff --git a/app/views/groups/runners/_group_runners.html.haml b/app/views/groups/runners/_group_runners.html.haml index 1cccce9f59a..e7cfc87ac88 100644 --- a/app/views/groups/runners/_group_runners.html.haml +++ b/app/views/groups/runners/_group_runners.html.haml @@ -10,7 +10,7 @@ = _('These runners are shared across projects in this group.') = _('Group runners can be managed with the %{link}.').html_safe % { link: link } - - if can?(current_user, :admin_pipeline, @group) && valid_runner_registrars.include?('group') + - if can?(current_user, :register_group_runners, @group) - if params[:ci_runner_templates] %hr = render partial: 'ci/runner/setup_runner_in_aws', diff --git a/app/views/projects/merge_requests/creations/_new_submit.html.haml b/app/views/projects/merge_requests/creations/_new_submit.html.haml index eb5d052ec19..0036f1b4bde 100644 --- a/app/views/projects/merge_requests/creations/_new_submit.html.haml +++ b/app/views/projects/merge_requests/creations/_new_submit.html.haml @@ -26,16 +26,16 @@ %li.commits-tab.new-tab = link_to url_for(safe_params), data: {target: 'div#commits', action: 'new', toggle: 'tabvue'} do Commits - %span.badge.gl-tab-counter-badge.badge-muted.badge-pill.gl-badge.sm= @total_commit_count + = gl_badge_tag @total_commit_count, { size: :sm }, { class: 'gl-tab-counter-badge' } - if @pipelines.any? %li.builds-tab = link_to url_for(safe_params.merge(action: 'pipelines')), data: {target: 'div#pipelines', action: 'pipelines', toggle: 'tabvue'} do Pipelines - %span.badge.gl-tab-counter-badge.badge-muted.badge-pill.gl-badge.sm= @pipelines.size + = gl_badge_tag @pipelines.size, { size: :sm }, { class: 'gl-tab-counter-badge' } %li.diffs-tab = link_to url_for(safe_params.merge(action: 'diffs')), data: {target: 'div#diffs', action: 'diffs', toggle: 'tabvue', qa_selector: 'diffs_tab'} do Changes - %span.badge.gl-tab-counter-badge.badge-muted.badge-pill.gl-badge.sm= @merge_request.diff_size + = gl_badge_tag @merge_request.diff_size, { size: :sm }, { class: 'gl-tab-counter-badge' } #diff-notes-app.tab-content #new.commits.tab-pane.active diff --git a/app/views/projects/merge_requests/show.html.haml b/app/views/projects/merge_requests/show.html.haml index 2154ef6b596..eb1c9712c52 100644 --- a/app/views/projects/merge_requests/show.html.haml +++ b/app/views/projects/merge_requests/show.html.haml @@ -25,21 +25,21 @@ = render "projects/merge_requests/tabs/tab", class: "notes-tab", qa_selector: "notes_tab" do = tab_link_for @merge_request, :show, force_link: @commit.present? do = _("Overview") - %span.badge.badge-pill.gl-badge.badge-muted.sm= @merge_request.related_notes.user.count + = gl_badge_tag @merge_request.related_notes.user.count, { size: :sm } - if @merge_request.source_project = render "projects/merge_requests/tabs/tab", name: "commits", class: "commits-tab", qa_selector: "commits_tab" do = tab_link_for @merge_request, :commits do = _("Commits") - %span.badge.badge-pill.gl-badge.badge-muted.sm= @commits_count + = gl_badge_tag @commits_count, { size: :sm } - if @number_of_pipelines.nonzero? = render "projects/merge_requests/tabs/tab", name: "pipelines", class: "pipelines-tab" do = tab_link_for @merge_request, :pipelines do = _("Pipelines") - %span.badge.badge-pill.gl-badge.badge-muted.sm.js-pipelines-mr-count= @number_of_pipelines + = gl_badge_tag @number_of_pipelines, { size: :sm }, { class: 'js-pipelines-mr-count' } = render "projects/merge_requests/tabs/tab", name: "diffs", class: "diffs-tab", id: "diffs-tab", qa_selector: "diffs_tab" do = tab_link_for @merge_request, :diffs do = _("Changes") - %span.badge.badge-pill.gl-badge.badge-muted.sm= @diffs_count + = gl_badge_tag @diffs_count, { size: :sm } .d-flex.flex-wrap.align-items-center.justify-content-lg-end #js-vue-discussion-counter diff --git a/app/views/shared/runners/_runner_type_badge.html.haml b/app/views/shared/runners/_runner_type_badge.html.haml index e0318006f09..c6a18c804da 100644 --- a/app/views/shared/runners/_runner_type_badge.html.haml +++ b/app/views/shared/runners/_runner_type_badge.html.haml @@ -1,10 +1,7 @@ - if runner.instance_type? - %span.badge.badge-pill.gl-badge.badge-success - = s_('Runners|shared') + = gl_badge_tag s_('Runners|shared'), variant: :success - elsif runner.group_type? - %span.badge.badge-pill.gl-badge.badge-success - = s_('Runners|group') + = gl_badge_tag s_('Runners|group'), variant: :success - else - %span.badge.badge-pill.gl-badge.badge-info - = s_('Runners|specific') + = gl_badge_tag s_('Runners|specific'), variant: :info diff --git a/doc/administration/postgresql/replication_and_failover.md b/doc/administration/postgresql/replication_and_failover.md index 9f5016e370f..5777f35bfcf 100644 --- a/doc/administration/postgresql/replication_and_failover.md +++ b/doc/administration/postgresql/replication_and_failover.md @@ -761,7 +761,7 @@ Run `gitlab-ctl patroni members` to query Patroni for a summary of the cluster s To verify the status of replication: ```shell -echo 'select * from pg_stat_wal_receiver\x\g\x \n select * from pg_stat_replication\x\g\x' | gitlab-psql +echo -e 'select * from pg_stat_wal_receiver\x\g\x \n select * from pg_stat_replication\x\g\x' | gitlab-psql ``` The same command can be run on all three database servers. It returns any information diff --git a/doc/user/compliance/license_compliance/index.md b/doc/user/compliance/license_compliance/index.md index 2a711e9a6c3..f89165e7e2d 100644 --- a/doc/user/compliance/license_compliance/index.md +++ b/doc/user/compliance/license_compliance/index.md @@ -26,8 +26,9 @@ You can take advantage of License Compliance by either: [Auto License Compliance](../../../topics/autodevops/stages.md#auto-license-compliance), provided by [Auto DevOps](../../../topics/autodevops/index.md). -The [License Finder](https://github.com/pivotal/LicenseFinder) scan tool runs as part of the CI/CD -pipeline, and detects the licenses in use. GitLab checks the License Compliance report, compares the +To detect the licenses in use, License Compliance uses the [License Finder](https://github.com/pivotal/LicenseFinder) scan tool that runs as part of the CI/CD pipeline. +For the job to activate, License Finder needs to find a compatible package definition in the project directory. For details, see the [Activation on License Finder documentation](https://github.com/pivotal/LicenseFinder#activation). +GitLab checks the License Compliance report, compares the licenses between the source and target branches, and shows the information right on the merge request. Denied licenses are indicated by a `x` red icon next to them as well as new licenses that need a decision from you. In addition, you can [manually allow or deny](#policies) licenses in your diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index fc4fbace790..7822ee2b92e 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -1033,6 +1033,86 @@ RSpec.describe GroupPolicy do end end + describe 'register_group_runners' do + shared_examples 'expected outcome based on runner registration control' do + context 'with runner_registration_control FF disabled' do + before do + stub_feature_flags(runner_registration_control: false) + end + + it { is_expected.to be_allowed(:register_group_runners) } + end + + context 'with runner_registration_control FF enabled' do + before do + stub_feature_flags(runner_registration_control: true) + end + + context 'with group runner registration disabled' do + before do + stub_application_setting(valid_runner_registrars: ['project']) + end + + it { is_expected.to be_disallowed(:register_group_runners) } + end + end + end + + context 'admin' do + let(:current_user) { admin } + + context 'when admin mode is enabled', :enable_admin_mode do + it { is_expected.to be_allowed(:register_group_runners) } + + it_behaves_like 'expected outcome based on runner registration control' + end + + context 'when admin mode is disabled' do + it { is_expected.to be_disallowed(:register_group_runners) } + end + end + + context 'with owner' do + let(:current_user) { owner } + + it { is_expected.to be_allowed(:register_group_runners) } + + it_behaves_like 'expected outcome based on runner registration control' + end + + context 'with maintainer' do + let(:current_user) { maintainer } + + it { is_expected.to be_allowed(:register_group_runners) } + + it_behaves_like 'expected outcome based on runner registration control' + end + + context 'with reporter' do + let(:current_user) { reporter } + + it { is_expected.to be_disallowed(:register_group_runners) } + end + + context 'with guest' do + let(:current_user) { guest } + + it { is_expected.to be_disallowed(:register_group_runners) } + end + + context 'with non member' do + let(:current_user) { create(:user) } + + it { is_expected.to be_disallowed(:register_group_runners) } + end + + context 'with anonymous' do + let(:current_user) { nil } + + it { is_expected.to be_disallowed(:register_group_runners) } + end + end + context 'with customer_relations feature flag disabled' do let(:current_user) { owner } diff --git a/spec/views/groups/runners/_group_runners.html.haml_spec.rb b/spec/views/groups/runners/_group_runners.html.haml_spec.rb index 0d47409c658..3a8686ab046 100644 --- a/spec/views/groups/runners/_group_runners.html.haml_spec.rb +++ b/spec/views/groups/runners/_group_runners.html.haml_spec.rb @@ -11,12 +11,11 @@ RSpec.describe 'groups/runners/group_runners.html.haml' do @group = group allow(view).to receive(:current_user).and_return(user) allow(view).to receive(:reset_registration_token_group_settings_ci_cd_path).and_return('banana_url') - allow(view).to receive(:can?).with(user, :admin_pipeline, group).and_return(true) end context 'when group runner registration is allowed' do before do - stub_application_setting(valid_runner_registrars: ['group']) + allow(view).to receive(:can?).with(user, :register_group_runners, group).and_return(true) end it 'enables the Remove group button for a group' do @@ -29,7 +28,7 @@ RSpec.describe 'groups/runners/group_runners.html.haml' do context 'when group runner registration is not allowed' do before do - stub_application_setting(valid_runner_registrars: ['project']) + allow(view).to receive(:can?).with(user, :register_group_runners, group).and_return(false) end it 'does not enable the the Remove group button for a group' do