kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Add latest changes from gitlab-org/gitlab@master

Browse source
This commit is contained in:
GitLab Bot 2021-10-27 00:13:04 +00:00
parent ef2f70470a
commit 2385fdce54
42 changed files with 837 additions and 689 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
app/controllers/concerns/group_tree.rb
View file

@ -38,13 +38,7 @@ module GroupTree
#
# Pagination needs to be applied before loading the ancestors to
# make sure ancestors are not cut off by pagination.
filtered_groups_relation = Group.where(id: filtered_groups.select(:id))
if Feature.enabled?(:linear_group_tree_ancestor_scopes, current_user, default_enabled: :yaml)
filtered_groups_relation.self_and_ancestors
else
Gitlab::ObjectHierarchy.new(filtered_groups_relation).base_and_ancestors
end
Group.where(id: filtered_groups.select(:id)).self_and_ancestors
end
# rubocop: enable CodeReuse/ActiveRecord
end

2
app/finders/ci/pipelines_for_merge_request_finder.rb
View file

@ -42,6 +42,8 @@ module Ci
triggered_for_branch.for_sha(commit_shas)
end
pipelines = pipelines.allow_cross_joins_across_databases(url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/336891')
sort(pipelines)
end
end

4
app/helpers/clusters_helper.rb
View file

@ -12,8 +12,8 @@ module ClustersHelper
end
end
def display_cluster_agents?(_clusterable)
false
def display_cluster_agents?(clusterable)
clusterable.is_a?(Project)
end
def js_cluster_agents_list_data(clusterable_project)

1
app/helpers/projects_helper.rb
View file

@ -583,6 +583,7 @@ module ProjectsHelper
%w[
environments
clusters
cluster_agents
functions
error_tracking
alert_management

4
app/models/ci/build.rb
View file

@ -10,7 +10,6 @@ module Ci
include Presentable
include Importable
include Ci::HasRef
include IgnorableColumns
BuildArchivedError = Class.new(StandardError)
@ -70,9 +69,6 @@ module Ci
delegate :gitlab_deploy_token, to: :project
delegate :trigger_short_token, to: :trigger_request, allow_nil: true
ignore_columns :id_convert_to_bigint, remove_with: '14.5', remove_after: '2021-10-22'
ignore_columns :stage_id_convert_to_bigint, remove_with: '14.5', remove_after: '2021-10-22'
##
# Since Gitlab 11.5, deployments records started being created right after
# `ci_builds` creation. We can look up a relevant `environment` through

2
app/models/ci/build_metadata.rb
View file

@ -37,8 +37,6 @@ module Ci
job_timeout_source: 4
}
ignore_column :build_id_convert_to_bigint, remove_with: '14.5', remove_after: '2021-10-22'
ignore_columns :id_convert_to_bigint, remove_with: '14.5', remove_after: '2021-10-22'
ignore_columns :runner_features, remove_with: '14.7', remove_after: '2021-11-22'
def update_timeout_state

8
app/models/ci/build_need.rb
View file

@ -3,7 +3,6 @@
module Ci
class BuildNeed < Ci::ApplicationRecord
include BulkInsertSafe
include IgnorableColumns
belongs_to :build, class_name: "Ci::Processable", foreign_key: :build_id, inverse_of: :needs
@ -13,12 +12,5 @@ module Ci
scope :scoped_build, -> { where('ci_builds.id=ci_build_needs.build_id') }
scope :artifacts, -> { where(artifacts: true) }
# TODO: Remove once build_id_convert_to_bigint is not an "ignored" column anymore (see .ignore_columns above)
# There is a database-side trigger to populate this column. This is unexpected in the context
# of cloning an instance, e.g. when retrying the job. Hence we exclude the ignored column explicitly here.
def attributes
super.except('build_id_convert_to_bigint')
end
end
end

2
app/models/ci/build_runner_session.rb
View file

@ -4,8 +4,6 @@ module Ci
# The purpose of this class is to store Build related runner session.
# Data will be removed after transitioning from running to any state.
class BuildRunnerSession < Ci::ApplicationRecord
include IgnorableColumns
TERMINAL_SUBPROTOCOL = 'terminal.gitlab.com'
DEFAULT_SERVICE_NAME = 'build'
DEFAULT_PORT_NAME = 'default_port'

1
app/models/ci/build_trace_chunk.rb
View file

@ -7,7 +7,6 @@ module Ci
include ::Checksummable
include ::Gitlab::ExclusiveLeaseHelpers
include ::Gitlab::OptimisticLocking
include IgnorableColumns
belongs_to :build, class_name: "Ci::Build", foreign_key: :build_id

3
app/models/ci/job_artifact.rb
View file

@ -10,9 +10,6 @@ module Ci
include Artifactable
include FileStoreMounter
include EachBatch
include IgnorableColumns
ignore_columns %i[id_convert_to_bigint job_id_convert_to_bigint], remove_with: '14.5', remove_after: '2021-11-22'
TEST_REPORT_FILE_TYPES = %w[junit].freeze
COVERAGE_REPORT_FILE_TYPES = %w[cobertura].freeze

3
app/models/ci/sources/pipeline.rb
View file

@ -4,9 +4,6 @@ module Ci
module Sources
class Pipeline < Ci::ApplicationRecord
include Ci::NamespacedModelName
include IgnorableColumns
ignore_columns 'source_job_id_convert_to_bigint', remove_with: '14.5', remove_after: '2021-11-22'
self.table_name = "ci_sources_pipelines"

1
app/models/ci/stage.rb
View file

@ -6,7 +6,6 @@ module Ci
include Ci::HasStatus
include Gitlab::OptimisticLocking
include Presentable
include IgnorableColumns
enum status: Ci::HasStatus::STATUSES_ENUM

1
app/models/deployment.rb
View file

@ -8,7 +8,6 @@ class Deployment < ApplicationRecord
include Importable
include Gitlab::Utils::StrongMemoize
include FastDestroyAll
include IgnorableColumns
StatusUpdateError = Class.new(StandardError)
StatusSyncError = Class.new(StandardError)

3
app/models/event.rb
View file

@ -9,9 +9,6 @@ class Event < ApplicationRecord
include Gitlab::Utils::StrongMemoize
include UsageStatistics
include ShaAttribute
include IgnorableColumns
ignore_columns :id_convert_to_bigint, remove_with: '14.5', remove_after: '2021-10-22'
default_scope { reorder(nil) } # rubocop:disable Cop/DefaultScope

3
app/models/push_event_payload.rb
View file

@ -2,9 +2,6 @@
class PushEventPayload < ApplicationRecord
extend SuppressCompositePrimaryKeyWarning
include IgnorableColumns
ignore_columns :event_id_convert_to_bigint, remove_with: '14.4', remove_after: '2021-10-22'
include ShaAttribute

8
config/feature_flags/development/linear_group_tree_ancestor_scopes.yml
View file

@ -1,8 +0,0 @@
---
name: linear_group_tree_ancestor_scopes
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/70503
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/341117
milestone: '14.4'
type: development
group: group::access
default_enabled: false

4
config/initializers/0_acts_as_taggable.rb
View file

@ -9,7 +9,3 @@ ActsAsTaggableOn.tags_counter = false
# validate that counter cache is disabled
raise "Counter cache is not disabled" if
ActsAsTaggableOn::Tagging.reflections["tag"].options[:counter_cache]
ActsAsTaggableOn::Tagging.include IgnorableColumns
ActsAsTaggableOn::Tagging.ignore_column :id_convert_to_bigint, remove_with: '14.5', remove_after: '2021-10-22'
ActsAsTaggableOn::Tagging.ignore_column :taggable_id_convert_to_bigint, remove_with: '14.5', remove_after: '2021-10-22'

2
doc/administration/auth/ldap/google_secure_ldap.md
View file

@ -35,7 +35,7 @@ The steps below cover:
credentials' and 'Read user information'. Select 'Add LDAP Client'
NOTE:
If you plan to use GitLab [LDAP Group Sync](index.md#group-sync)
If you plan to use GitLab [LDAP Group Sync](ldap_synchronization.md#group-sync)
, turn on 'Read group information'.
![Add LDAP Client Step 2](img/google_secure_ldap_add_step_2.png)

382
doc/administration/auth/ldap/index.md
View file

@ -46,39 +46,6 @@ You should only use LDAP integration if your LDAP users cannot:
- Share email addresses. LDAP users with the same email address can share the same GitLab
account.
## Disable anonymous LDAP authentication
GitLab doesn't support TLS client authentication. Complete these steps on your LDAP server.
1. Disable anonymous authentication.
1. Enable one of the following authentication types:
- Simple authentication.
- Simple Authentication and Security Layer (SASL) authentication.
The TLS client authentication setting in your LDAP server cannot be mandatory and clients cannot be
authenticated with the TLS protocol.
## Deleting users
Users deleted from the LDAP server:
- Are immediately blocked from signing in to GitLab.
- [No longer consume a license](../../../user/admin_area/moderate_users.md).
However, these users can continue to use Git with SSH until the next time the
[LDAP check cache runs](#adjust-ldap-user-sync-schedule).
To delete the account immediately, you can manually
[block the user](../../../user/admin_area/moderate_users.md#block-a-user).
## Google Secure LDAP
> Introduced in GitLab 11.9.
[Google Cloud Identity](https://cloud.google.com/identity/) provides a Secure
LDAP service that can be configured with GitLab for authentication and group sync.
See [Google Secure LDAP](google_secure_ldap.md) for detailed configuration instructions.
## Configure LDAP
To configure LDAP integration, add your LDAP server settings in:
@ -273,7 +240,7 @@ For more information about `LDAP_MATCHING_RULE_IN_CHAIN` filters, see
[Search Filter Syntax](https://docs.microsoft.com/en-us/windows/win32/adsi/search-filter-syntax).
Support for nested members in the user filter shouldn't be confused with
[group sync nested groups](#supported-ldap-group-typesattributes) support.
[group sync nested groups](ldap_synchronization.md#supported-ldap-group-typesattributes) support.
GitLab does not support the custom filter syntax used by OmniAuth LDAP.
@ -515,342 +482,43 @@ If you configure multiple LDAP servers, use a unique naming convention for the
`label` section of each entry. That label is used as the display name of the tab
shown on the sign-in page.
## User sync **(PREMIUM SELF)**
## Disable anonymous LDAP authentication
Once per day, GitLab runs a worker to check and update GitLab
users against LDAP.
GitLab doesn't support TLS client authentication. Complete these steps on your LDAP server.
The process executes the following access checks:
1. Disable anonymous authentication.
1. Enable one of the following authentication types:
- Simple authentication.
- Simple Authentication and Security Layer (SASL) authentication.
- Ensure the user is still present in LDAP.
- If the LDAP server is Active Directory, ensure the user is active (not
blocked/disabled state). This check is performed only if
`active_directory: true` is set in the LDAP configuration.
The TLS client authentication setting in your LDAP server cannot be mandatory and clients cannot be
authenticated with the TLS protocol.
In Active Directory, a user is marked as disabled/blocked if the user
account control attribute (`userAccountControl:1.2.840.113556.1.4.803`)
has bit 2 set.
## Deleting users
<!-- vale gitlab.Spelling = NO -->
Users deleted from the LDAP server:
For more information, see [Bitmask Searches in LDAP](https://ctovswild.com/2009/09/03/bitmask-searches-in-ldap/).
- Are immediately blocked from signing in to GitLab.
- [No longer consume a license](../../../user/admin_area/moderate_users.md).
<!-- vale gitlab.Spelling = YES -->
However, these users can continue to use Git with SSH until the next time the
[LDAP check cache runs](ldap_synchronization.md#adjust-ldap-user-sync-schedule).
The user is set to an `ldap_blocked` state in GitLab if the previous conditions
fail. This means the user cannot sign in or push or pull code.
To delete the account immediately, you can manually
[block the user](../../../user/admin_area/moderate_users.md#block-a-user).
The process also updates the following user information:
## Google Secure LDAP
- Email address
- SSH public keys (if `sync_ssh_keys` is set)
- Kerberos identity (if Kerberos is enabled)
> Introduced in GitLab 11.9.
The LDAP sync process:
[Google Cloud Identity](https://cloud.google.com/identity/) provides a Secure
LDAP service that can be configured with GitLab for authentication and group sync.
See [Google Secure LDAP](google_secure_ldap.md) for detailed configuration instructions.
- Updates existing users.
- Creates new users on first sign in.
## Synchronize users and groups
### Adjust LDAP user sync schedule **(PREMIUM SELF)**
By default, GitLab runs a worker once per day at 01:30 a.m. server time to
check and update GitLab users against LDAP.
You can manually configure LDAP user sync times by setting the
following configuration values, in cron format. If needed, you can
use a [crontab generator](http://www.crontabgenerator.com).
The example below shows how to set LDAP user
sync to run once every 12 hours at the top of the hour.
**Omnibus installations**
1. Edit `/etc/gitlab/gitlab.rb`:
```ruby
gitlab_rails['ldap_sync_worker_cron'] = "0 */12 * * *"
```
1. [Reconfigure GitLab](../../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
**Source installations**
1. Edit `config/gitlab.yaml`:
```yaml
cron_jobs:
ldap_sync_worker_cron:
"0 */12 * * *"
```
1. [Restart GitLab](../../restart_gitlab.md#installations-from-source) for the changes to take effect.
## Group Sync **(PREMIUM SELF)**
If your LDAP supports the `memberof` property, when the user signs in for the
first time GitLab triggers a sync for groups the user should be a member of.
That way they don't have to wait for the hourly sync to be granted
access to their groups and projects.
A group sync process runs every hour on the hour, and `group_base` must be set
in LDAP configuration for LDAP synchronizations based on group CN to work. This allows
GitLab group membership to be automatically updated based on LDAP group members.
The `group_base` configuration should be a base LDAP 'container', such as an
'organization' or 'organizational unit', that contains LDAP groups that should
be available to GitLab. For example, `group_base` could be
`ou=groups,dc=example,dc=com`. In the configuration file it looks like the
following.
**Omnibus configuration**
1. Edit `/etc/gitlab/gitlab.rb`:
```ruby
gitlab_rails['ldap_servers'] = {
'main' => {
# snip...
'group_base' => 'ou=groups,dc=example,dc=com',
}
}
```
1. [Apply your changes to GitLab](../../restart_gitlab.md#omnibus-gitlab-reconfigure).
**Source configuration**
1. Edit `/home/git/gitlab/config/gitlab.yml`:
```yaml
production:
ldap:
servers:
main:
# snip...
group_base: ou=groups,dc=example,dc=com
```
1. [Restart GitLab](../../restart_gitlab.md#installations-from-source) for the changes to take effect.
To take advantage of group sync, group owners or maintainers must [create one
or more LDAP group links](#add-group-links).
### Add group links **(PREMIUM SELF)**
For information on adding group links by using CNs and filters, refer to the
[GitLab groups documentation](../../../user/group/index.md#manage-group-memberships-via-ldap).
### Administrator sync **(PREMIUM SELF)**
As an extension of group sync, you can automatically manage your global GitLab
administrators. Specify a group CN for `admin_group` and all members of the
LDAP group are given administrator privileges. The configuration looks
like the following.
NOTE:
Administrators are not synced unless `group_base` is also
specified alongside `admin_group`. Also, only specify the CN of the `admin_group`,
as opposed to the full DN.
Additionally, if an LDAP user has an `admin` role, but is not a member of the `admin_group`
group, GitLab revokes their `admin` role when syncing.
**Omnibus configuration**
1. Edit `/etc/gitlab/gitlab.rb`:
```ruby
gitlab_rails['ldap_servers'] = {
'main' => {
# snip...
'group_base' => 'ou=groups,dc=example,dc=com',
'admin_group' => 'my_admin_group',
}
}
```
1. [Apply your changes to GitLab](../../restart_gitlab.md#omnibus-gitlab-reconfigure).
**Source configuration**
1. Edit `/home/git/gitlab/config/gitlab.yml`:
```yaml
production:
ldap:
servers:
main:
# snip...
group_base: ou=groups,dc=example,dc=com
admin_group: my_admin_group
```
1. [Restart GitLab](../../restart_gitlab.md#installations-from-source) for the changes to take effect.
### Global group memberships lock **(PREMIUM SELF)**
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/1793) in GitLab 12.0.
"Lock memberships to LDAP synchronization" setting allows instance administrators
to lock down user abilities to invite new members to a group.
When enabled, the following applies:
- Only administrator can manage memberships of any group including access levels.
- Users are not allowed to share project with other groups or invite members to
a project created in a group.
To enable it, you must:
1. [Configure LDAP](#configure-ldap).
1. On the top bar, select **Menu > Admin**.
1. On the left sidebar, select **Settings > General**.
1. Expand the **Visibility and access controls** section.
1. Ensure the **Lock memberships to LDAP synchronization** checkbox is selected.
### Adjust LDAP group sync schedule **(PREMIUM SELF)**
By default, GitLab runs a group sync process every hour, on the hour.
The values shown are in cron format. If needed, you can use a
[Crontab Generator](http://www.crontabgenerator.com).
WARNING:
Do not start the sync process too frequently as this
could lead to multiple syncs running concurrently. This concern is primarily
for installations with a large number of LDAP users. Review the
[LDAP group sync benchmark metrics](#benchmarks) to see how
your installation compares before proceeding.
You can manually configure LDAP group sync times by setting the
following configuration values. The example below shows how to set group
sync to run once every two hours at the top of the hour.
**Omnibus installations**
1. Edit `/etc/gitlab/gitlab.rb`:
```ruby
gitlab_rails['ldap_group_sync_worker_cron'] = "0 */2 * * * *"
```
1. [Reconfigure GitLab](../../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
**Source installations**
1. Edit `config/gitlab.yaml`:
```yaml
cron_jobs:
ldap_group_sync_worker_cron:
"*/30 * * * *"
```
1. [Restart GitLab](../../restart_gitlab.md#installations-from-source) for the changes to take effect.
### External groups **(PREMIUM SELF)**
Using the `external_groups` setting allows you to mark all users belonging
to these groups as [external users](../../../user/permissions.md#external-users).
Group membership is checked periodically through the `LdapGroupSync` background
task.
**Omnibus configuration**
1. Edit `/etc/gitlab/gitlab.rb`:
```ruby
gitlab_rails['ldap_servers'] = {
'main' => {
# snip...
'external_groups' => ['interns', 'contractors'],
}
}
```
1. [Apply your changes to GitLab](../../restart_gitlab.md#omnibus-gitlab-reconfigure).
**Source configuration**
1. Edit `config/gitlab.yaml`:
```yaml
production:
ldap:
servers:
main:
# snip...
external_groups: ['interns', 'contractors']
```
1. [Restart GitLab](../../restart_gitlab.md#installations-from-source) for the changes to take effect.
### Group sync technical details
This section outlines what LDAP queries are executed and what behavior you
can expect from group sync.
Group member access are downgraded from a higher level if their LDAP group
membership changes. For example, if a user the Owner role in a group and the
next group sync reveals they should only have the Developer role, their
access is adjusted accordingly. The only exception is if the user is the
last owner in a group. Groups need at least one owner to fulfill
administrative duties.
#### Supported LDAP group types/attributes
GitLab supports LDAP groups that use member attributes:
- `member`
- `submember`
- `uniquemember`
- `memberof`
- `memberuid`
This means group sync supports (at least) LDAP groups with the following object
classes:
- `groupOfNames`
- `posixGroup`
- `groupOfUniqueNames`
Other object classes should work if members are defined as one of the
mentioned attributes.
Active Directory supports nested groups. Group sync recursively resolves
membership if `active_directory: true` is set in the configuration file.
##### Nested group memberships
Nested group memberships are resolved only if the nested group
is found in the configured `group_base`. For example, if GitLab sees a
nested group with DN `cn=nested_group,ou=special_groups,dc=example,dc=com` but
the configured `group_base` is `ou=groups,dc=example,dc=com`, `cn=nested_group`
is ignored.
#### Queries
- Each LDAP group is queried a maximum of one time with base `group_base` and
filter `(cn=<cn_from_group_link>)`.
- If the LDAP group has the `memberuid` attribute, GitLab executes another
LDAP query per member to obtain each user's full DN. These queries are
executed with base `base`, scope 'base object', and a filter depending on
whether `user_filter` is set. Filter may be `(uid=<uid_from_group>)` or a
joining of `user_filter`.
#### Benchmarks
Group sync was written to be as performant as possible. Data is cached, database
queries are optimized, and LDAP queries are minimized. The last benchmark run
revealed the following metrics:
For 20,000 LDAP users, 11,000 LDAP groups, and 1,000 GitLab groups with 10
LDAP group links each:
- Initial sync (no existing members assigned in GitLab) took 1.8 hours
- Subsequent syncs (checking membership, no writes) took 15 minutes
These metrics are meant to provide a baseline and performance may vary based on
any number of factors. This benchmark was extreme and most instances don't
have near this many users or groups. Disk speed, database performance,
network and LDAP server response time affects these metrics.
For more information on synchronizing users and groups between LDAP and GitLab, see
[LDAP synchronization](ldap_synchronization.md).
## Troubleshooting

32
doc/administration/auth/ldap/ldap-troubleshooting.md
View file

@ -229,7 +229,7 @@ ldapsearch -H ldaps://$host:$port -D "$bind_dn" -y bind_dn_password.txt -b "$ba
#### Sync all users **(PREMIUM SELF)**
The output from a manual [user sync](index.md#user-sync) can show you what happens when
The output from a manual [user sync](ldap_synchronization.md#user-sync) can show you what happens when
GitLab tries to sync its users against LDAP. Enter the [rails console](#rails-console)
and then run:
@ -239,8 +239,7 @@ Rails.logger.level = Logger::DEBUG
LdapSyncWorker.new.perform
```
Next, [learn how to read the
output](#example-console-output-after-a-user-sync).
Next, [learn how to read the output](#example-console-output-after-a-user-sync).
##### Example console output after a user sync **(PREMIUM SELF)**
@ -342,9 +341,8 @@ LDAP group sync, but for some reason it's not happening. There are several
things to check to debug the situation.
- Ensure LDAP configuration has a `group_base` specified.
[This configuration](index.md#group-sync) is required for group sync to work properly.
- Ensure the correct [LDAP group link is added to the GitLab
group](index.md#add-group-links).
[This configuration](ldap_synchronization.md#group-sync) is required for group sync to work properly.
- Ensure the correct [LDAP group link is added to the GitLab group](ldap_synchronization.md#add-group-links).
- Check that the user has an LDAP identity:
1. Sign in to GitLab as an administrator user.
1. On the top bar, select **Menu > Admin**.
@ -354,7 +352,7 @@ things to check to debug the situation.
1. Select the **Identities** tab. There should be an LDAP identity with
an LDAP DN as the 'Identifier'. If not, this user hasn't signed in with
LDAP yet and must do so first.
- You've waited an hour or [the configured interval](index.md#adjust-ldap-group-sync-schedule) for
- You've waited an hour or [the configured interval](ldap_synchronization.md#adjust-ldap-group-sync-schedule) for
the group to sync. To speed up the process, either go to the GitLab group **Group information > Members**
and press **Sync now** (sync one group) or [run the group sync Rake task](../../raketasks/ldap.md#run-a-group-sync)
(sync all groups).
@ -366,8 +364,7 @@ the rails console.
1. Choose a GitLab group to test with. This group should have an LDAP group link
already configured.
1. [Enable debug logging, find the above GitLab group, and sync it with LDAP](#sync-one-group).
1. Look through the output of the sync. See [example log
output](#example-console-output-after-a-group-sync)
1. Look through the output of the sync. See [example log output](#example-console-output-after-a-group-sync)
for how to read the output.
1. If you still aren't able to see why the user isn't being added, [query the LDAP group directly](#query-a-group-in-ldap)
to see what members are listed.
@ -377,20 +374,20 @@ the rails console.
#### Administrator privileges not granted
When [Administrator sync](index.md#administrator-sync) has been configured
When [Administrator sync](ldap_synchronization.md#administrator-sync) has been configured
but the configured users aren't granted the correct administrator privileges, confirm
the following are true:
- A [`group_base` is also configured](index.md#group-sync).
- A [`group_base` is also configured](ldap_synchronization.md#group-sync).
- The configured `admin_group` in the `gitlab.rb` is a CN, rather than a DN or an array.
- This CN falls under the scope of the configured `group_base`.
- The members of the `admin_group` have already signed into GitLab with their LDAP
credentials. GitLab only grants the Administrator role to the users whose
accounts are already connected to LDAP.
If all the above are true and the users are still not getting access, [run a manual
group sync](#sync-all-groups) in the rails console and [look through the
output](#example-console-output-after-a-group-sync) to see what happens when
If all the above are true and the users are still not getting access,
[run a manual group sync](#sync-all-groups) in the rails console and
[look through the output](#example-console-output-after-a-group-sync) to see what happens when
GitLab syncs the `admin_group`.
#### Sync all groups
@ -399,7 +396,7 @@ NOTE:
To sync all groups manually when debugging is unnecessary,
[use the Rake task](../../raketasks/ldap.md#run-a-group-sync) instead.
The output from a manual [group sync](index.md#group-sync) can show you what happens
The output from a manual [group sync](ldap_synchronization.md#group-sync) can show you what happens
when GitLab syncs its LDAP group memberships against LDAP.
```ruby
@ -494,7 +491,7 @@ this line indicates the sync is finished:
Finished syncing admin users for 'ldapmain' provider
```
If [administrator sync](index.md#administrator-sync) is not configured, you see a message
If [administrator sync](ldap_synchronization.md#administrator-sync) is not configured, you see a message
stating as such:
```shell
@ -610,8 +607,7 @@ If a user account is blocked or unblocked due to the LDAP configuration, a
message is [logged to `application.log`](../../logs.md#applicationlog).
If there is an unexpected error during an LDAP lookup (configuration error,
timeout), the sign-in is rejected and a message is [logged to
`production.log`](../../logs.md#productionlog).
timeout), the sign-in is rejected and a message is [logged to `production.log`](../../logs.md#productionlog).
### ldapsearch

349
doc/administration/auth/ldap/ldap_synchronization.md Normal file
View file

@ -0,0 +1,349 @@
---
stage: Manage
group: Access
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
---
# LDAP synchronization **(PREMIUM SELF)**
If you have [configured LDAP to work with GitLab](index.md), GitLab can automatically synchronize
users and groups. This process updates user and group information.
You can change when synchronization occurs.
## User sync
Once per day, GitLab runs a worker to check and update GitLab
users against LDAP.
The process executes the following access checks:
- Ensure the user is still present in LDAP.
- If the LDAP server is Active Directory, ensure the user is active (not
blocked/disabled state). This check is performed only if
`active_directory: true` is set in the LDAP configuration.
In Active Directory, a user is marked as disabled/blocked if the user
account control attribute (`userAccountControl:1.2.840.113556.1.4.803`)
has bit 2 set.
<!-- vale gitlab.Spelling = NO -->
For more information, see [Bitmask Searches in LDAP](https://ctovswild.com/2009/09/03/bitmask-searches-in-ldap/).
<!-- vale gitlab.Spelling = YES -->
The user is set to an `ldap_blocked` state in GitLab if the previous conditions
fail. This means the user cannot sign in or push or pull code.
The process also updates the following user information:
- Email address
- SSH public keys (if `sync_ssh_keys` is set)
- Kerberos identity (if Kerberos is enabled)
The LDAP sync process:
- Updates existing users.
- Creates new users on first sign in.
### Adjust LDAP user sync schedule
By default, GitLab runs a worker once per day at 01:30 a.m. server time to
check and update GitLab users against LDAP.
You can manually configure LDAP user sync times by setting the
following configuration values, in cron format. If needed, you can
use a [crontab generator](http://www.crontabgenerator.com).
The example below shows how to set LDAP user
sync to run once every 12 hours at the top of the hour.
**Omnibus installations**
1. Edit `/etc/gitlab/gitlab.rb`:
```ruby
gitlab_rails['ldap_sync_worker_cron'] = "0 */12 * * *"
```
1. [Reconfigure GitLab](../../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
**Source installations**
1. Edit `config/gitlab.yaml`:
```yaml
cron_jobs:
ldap_sync_worker_cron:
"0 */12 * * *"
```
1. [Restart GitLab](../../restart_gitlab.md#installations-from-source) for the changes to take effect.
## Group sync
If your LDAP supports the `memberof` property, when the user signs in for the
first time GitLab triggers a sync for groups the user should be a member of.
That way they don't have to wait for the hourly sync to be granted
access to their groups and projects.
A group sync process runs every hour on the hour, and `group_base` must be set
in LDAP configuration for LDAP synchronizations based on group CN to work. This allows
GitLab group membership to be automatically updated based on LDAP group members.
The `group_base` configuration should be a base LDAP 'container', such as an
'organization' or 'organizational unit', that contains LDAP groups that should
be available to GitLab. For example, `group_base` could be
`ou=groups,dc=example,dc=com`. In the configuration file it looks like the
following.
**Omnibus configuration**
1. Edit `/etc/gitlab/gitlab.rb`:
```ruby
gitlab_rails['ldap_servers'] = {
'main' => {
# snip...
'group_base' => 'ou=groups,dc=example,dc=com',
}
}
```
1. [Apply your changes to GitLab](../../restart_gitlab.md#omnibus-gitlab-reconfigure).
**Source configuration**
1. Edit `/home/git/gitlab/config/gitlab.yml`:
```yaml
production:
ldap:
servers:
main:
# snip...
group_base: ou=groups,dc=example,dc=com
```
1. [Restart GitLab](../../restart_gitlab.md#installations-from-source) for the changes to take effect.
To take advantage of group sync, group owners or maintainers must [create one
or more LDAP group links](#add-group-links).
### Add group links
For information on adding group links by using CNs and filters, refer to the
[GitLab groups documentation](../../../user/group/index.md#manage-group-memberships-via-ldap).
### Administrator sync
As an extension of group sync, you can automatically manage your global GitLab
administrators. Specify a group CN for `admin_group` and all members of the
LDAP group are given administrator privileges. The configuration looks
like the following.
NOTE:
Administrators are not synced unless `group_base` is also
specified alongside `admin_group`. Also, only specify the CN of the `admin_group`,
as opposed to the full DN.
Additionally, if an LDAP user has an `admin` role, but is not a member of the `admin_group`
group, GitLab revokes their `admin` role when syncing.
**Omnibus configuration**
1. Edit `/etc/gitlab/gitlab.rb`:
```ruby
gitlab_rails['ldap_servers'] = {
'main' => {
# snip...
'group_base' => 'ou=groups,dc=example,dc=com',
'admin_group' => 'my_admin_group',
}
}
```
1. [Apply your changes to GitLab](../../restart_gitlab.md#omnibus-gitlab-reconfigure).
**Source configuration**
1. Edit `/home/git/gitlab/config/gitlab.yml`:
```yaml
production:
ldap:
servers:
main:
# snip...
group_base: ou=groups,dc=example,dc=com
admin_group: my_admin_group
```
1. [Restart GitLab](../../restart_gitlab.md#installations-from-source) for the changes to take effect.
### Global group memberships lock
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/1793) in GitLab 12.0.
"Lock memberships to LDAP synchronization" setting allows instance administrators
to lock down user abilities to invite new members to a group.
When enabled, the following applies:
- Only administrator can manage memberships of any group including access levels.
- Users are not allowed to share project with other groups or invite members to
a project created in a group.
To enable it, you must:
1. [Configure LDAP](index.md#configure-ldap).
1. On the top bar, select **Menu > Admin**.
1. On the left sidebar, select **Settings > General**.
1. Expand the **Visibility and access controls** section.
1. Ensure the **Lock memberships to LDAP synchronization** checkbox is selected.
### Adjust LDAP group sync schedule
By default, GitLab runs a group sync process every hour, on the hour.
The values shown are in cron format. If needed, you can use a
[Crontab Generator](http://www.crontabgenerator.com).
WARNING:
Do not start the sync process too frequently as this
could lead to multiple syncs running concurrently. This concern is primarily
for installations with a large number of LDAP users. Review the
[LDAP group sync benchmark metrics](#benchmarks) to see how
your installation compares before proceeding.
You can manually configure LDAP group sync times by setting the
following configuration values. The example below shows how to set group
sync to run once every two hours at the top of the hour.
**Omnibus installations**
1. Edit `/etc/gitlab/gitlab.rb`:
```ruby
gitlab_rails['ldap_group_sync_worker_cron'] = "0 */2 * * * *"
```
1. [Reconfigure GitLab](../../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
**Source installations**
1. Edit `config/gitlab.yaml`:
```yaml
cron_jobs:
ldap_group_sync_worker_cron:
"*/30 * * * *"
```
1. [Restart GitLab](../../restart_gitlab.md#installations-from-source) for the changes to take effect.
### External groups
Using the `external_groups` setting allows you to mark all users belonging
to these groups as [external users](../../../user/permissions.md#external-users).
Group membership is checked periodically through the `LdapGroupSync` background
task.
**Omnibus configuration**
1. Edit `/etc/gitlab/gitlab.rb`:
```ruby
gitlab_rails['ldap_servers'] = {
'main' => {
# snip...
'external_groups' => ['interns', 'contractors'],
}
}
```
1. [Apply your changes to GitLab](../../restart_gitlab.md#omnibus-gitlab-reconfigure).
**Source configuration**
1. Edit `config/gitlab.yaml`:
```yaml
production:
ldap:
servers:
main:
# snip...
external_groups: ['interns', 'contractors']
```
1. [Restart GitLab](../../restart_gitlab.md#installations-from-source) for the changes to take effect.
### Group sync technical details
This section outlines what LDAP queries are executed and what behavior you
can expect from group sync.
Group member access are downgraded from a higher level if their LDAP group
membership changes. For example, if a user the Owner role in a group and the
next group sync reveals they should only have the Developer role, their
access is adjusted accordingly. The only exception is if the user is the
last owner in a group. Groups need at least one owner to fulfill
administrative duties.
#### Supported LDAP group types/attributes
GitLab supports LDAP groups that use member attributes:
- `member`
- `submember`
- `uniquemember`
- `memberof`
- `memberuid`
This means group sync supports (at least) LDAP groups with the following object
classes:
- `groupOfNames`
- `posixGroup`
- `groupOfUniqueNames`
Other object classes should work if members are defined as one of the
mentioned attributes.
Active Directory supports nested groups. Group sync recursively resolves
membership if `active_directory: true` is set in the configuration file.
##### Nested group memberships
Nested group memberships are resolved only if the nested group
is found in the configured `group_base`. For example, if GitLab sees a
nested group with DN `cn=nested_group,ou=special_groups,dc=example,dc=com` but
the configured `group_base` is `ou=groups,dc=example,dc=com`, `cn=nested_group`
is ignored.
#### Queries
- Each LDAP group is queried a maximum of one time with base `group_base` and
filter `(cn=<cn_from_group_link>)`.
- If the LDAP group has the `memberuid` attribute, GitLab executes another
LDAP query per member to obtain each user's full DN. These queries are
executed with base `base`, scope 'base object', and a filter depending on
whether `user_filter` is set. Filter may be `(uid=<uid_from_group>)` or a
joining of `user_filter`.
#### Benchmarks
Group sync was written to be as performant as possible. Data is cached, database
queries are optimized, and LDAP queries are minimized. The last benchmark run
revealed the following metrics:
For 20,000 LDAP users, 11,000 LDAP groups, and 1,000 GitLab groups with 10
LDAP group links each:
- Initial sync (no existing members assigned in GitLab) took 1.8 hours
- Subsequent syncs (checking membership, no writes) took 15 minutes
These metrics are meant to provide a baseline and performance may vary based on
any number of factors. This benchmark was extreme and most instances don't
have near this many users or groups. Disk speed, database performance,
network and LDAP server response time affects these metrics.

4
doc/administration/compliance.md
View file

@ -22,8 +22,8 @@ relevant compliance standards.
|**[Email all users of a project, group, or entire server](../tools/email.md)**<br>An administrator can email groups of users based on project or group membership, or email everyone using the GitLab instance. This is great for scheduled maintenance or upgrades. | Premium+ | **{dotted-circle}** No | Instance |
|**[Omnibus package supports log forwarding](https://docs.gitlab.com/omnibus/settings/logs.html#udp-log-forwarding)**<br>Forward your logs to a central system. | Premium+ | **{dotted-circle}** No | Instance |
|**[Lock project membership to group](../user/group/index.md#prevent-members-from-being-added-to-a-group)**<br>Group owners can prevent new members from being added to projects within a group. | Premium+ | **{check-circle}** Yes | Group |
|**[LDAP group sync](auth/ldap/index.md#group-sync)**<br>GitLab Enterprise Edition gives administrators the ability to automatically sync groups and manage SSH keys, permissions, and authentication, so you can focus on building your product, not configuring your tools. | Premium+ | **{dotted-circle}** No | Instance |
|**[LDAP group sync filters](auth/ldap/index.md#group-sync)**<br>GitLab Enterprise Edition Premium gives more flexibility to synchronize with LDAP based on filters, meaning you can leverage LDAP attributes to map GitLab permissions. | Premium+ | **{dotted-circle}** No | Instance |
|**[LDAP group sync](auth/ldap/ldap_synchronization.md#group-sync)**<br>GitLab Enterprise Edition gives administrators the ability to automatically sync groups and manage SSH keys, permissions, and authentication, so you can focus on building your product, not configuring your tools. | Premium+ | **{dotted-circle}** No | Instance |
|**[LDAP group sync filters](auth/ldap/ldap_synchronization.md#group-sync)**<br>GitLab Enterprise Edition Premium gives more flexibility to synchronize with LDAP based on filters, meaning you can leverage LDAP attributes to map GitLab permissions. | Premium+ | **{dotted-circle}** No | Instance |
|**[Audit events](audit_events.md)**<br>To maintain the integrity of your code, GitLab Enterprise Edition Premium gives administrators the ability to view any modifications made within the GitLab server in an advanced audit events system, so you can control, analyze, and track every change. | Premium+ | **{check-circle}** Yes | Instance, Group, Project |
|**[Auditor users](auditor_users.md)**<br>Auditor users are users who are given read-only access to all projects, groups, and other resources on the GitLab instance. | Premium+ | **{dotted-circle}** No | Instance |
|**[Credentials inventory](../user/admin_area/credentials_inventory.md)**<br>With a credentials inventory, GitLab administrators can keep track of the credentials used by all of the users in their GitLab instance. | Ultimate | **{dotted-circle}** No | Instance |

2
doc/administration/get_started.md
View file

@ -44,7 +44,7 @@ Get started:
**More resources**
- Learn more about [running multiple Agile teams](https://www.youtube.com/watch?v=VR2r1TJCDew).
- Sync group memberships [by using LDAP](../administration/auth/ldap/index.md#group-sync).
- Sync group memberships [by using LDAP](../administration/auth/ldap/ldap_synchronization.md#group-sync).
- Manage user access with inherited permissions. Use up to 20 levels of subgroups to organize both teams and projects.
- Learn more about [inherited permissions](../user/project/members/index.md#inherited-membership).
- View [nested category examples](../user/group/subgroups/index.md#overview).

6
doc/administration/raketasks/ldap.md
View file

@ -38,13 +38,13 @@ rake gitlab:ldap:check[50]
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/14735) in GitLab 12.2.
The following task runs a [group sync](../auth/ldap/index.md#group-sync) immediately. This is valuable
when you'd like to update all configured group memberships against LDAP without
The following task runs a [group sync](../auth/ldap/ldap_synchronization.md#group-sync) immediately.
This is valuable when you'd like to update all configured group memberships against LDAP without
waiting for the next scheduled group sync to be run.
NOTE:
If you'd like to change the frequency at which a group sync is performed,
[adjust the cron schedule](../auth/ldap/index.md#adjust-ldap-group-sync-schedule)
[adjust the cron schedule](../auth/ldap/ldap_synchronization.md#adjust-ldap-group-sync-schedule)
instead.
**Omnibus Installation**

14
doc/subscriptions/bronze_starter.md
View file

@ -50,15 +50,15 @@ the tiers are no longer mentioned in GitLab documentation:
- [Group management through LDAP](../administration/auth/ldap/ldap-troubleshooting.md#group-memberships)
- Syncing information through LDAP:
- Groups: [one group](../administration/auth/ldap/ldap-troubleshooting.md#sync-one-group),
[all groups programmatically](../administration/auth/ldap/index.md#group-sync),
[group sync schedule](../administration/auth/ldap/index.md#adjust-ldap-group-sync-schedule), and
[all groups programmatically](../administration/auth/ldap/ldap_synchronization.md#group-sync),
[group sync schedule](../administration/auth/ldap/ldap_synchronization.md#adjust-ldap-group-sync-schedule), and
[all groups manually](../administration/auth/ldap/ldap-troubleshooting.md#sync-all-groups)
- [Configuration settings](../administration/auth/ldap/index.md#ldap-sync-configuration-settings)
- Users: [all users](../administration/auth/ldap/index.md#user-sync),
[administrators](../administration/auth/ldap/index.md#administrator-sync),
[user sync schedule](../administration/auth/ldap/index.md#adjust-ldap-user-sync-schedule)
- [Adding group links](../administration/auth/ldap/index.md#add-group-links)
- [Lock memberships to LDAP synchronization](../administration/auth/ldap/index.md#global-group-memberships-lock)
- Users: [all users](../administration/auth/ldap/ldap_synchronization.md#user-sync),
[administrators](../administration/auth/ldap/ldap_synchronization.md#administrator-sync),
[user sync schedule](../administration/auth/ldap/ldap_synchronization.md#adjust-ldap-user-sync-schedule)
- [Adding group links](../administration/auth/ldap/ldap_synchronization.md#add-group-links)
- [Lock memberships to LDAP synchronization](../administration/auth/ldap/ldap_synchronization.md#global-group-memberships-lock)
- Rake tasks for [LDAP tasks](../administration/raketasks/ldap.md), including
[syncing groups](../administration/raketasks/ldap.md#run-a-group-sync)
- Logging:

10
doc/user/admin_area/merge_requests_approvals.md
View file

@ -5,7 +5,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
type: reference, concepts
---
# Merge request approval rules **(PREMIUM SELF)**
# Merge request approvals **(PREMIUM SELF)**
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/39060) in GitLab 12.8.
@ -13,16 +13,16 @@ Merge request approval rules prevent users from overriding certain settings on t
level. When enabled at the instance level, these settings are no longer editable on the
project level.
To enable merge request approval rules for an instance:
To enable merge request approval settings for an instance:
1. On the top bar, select **Menu > Admin**.
1. On the left sidebar, select **{push-rules}** **Push Rules**, and expand **Merge request (MR) approvals**.
1. Set the required rule.
1. On the left sidebar, select **{push-rules}** **Push Rules**, and expand **Merge request approvals**.
1. Choose the required options.
1. Click **Save changes**.
## Available rules
Merge request approval rules that can be set at an instance level are:
Merge request approval settings that can be set at an instance level are:
- **Prevent approval by author**. Prevents project
maintainers from allowing request authors to merge their own merge requests.

2
doc/user/group/index.md
View file

@ -329,7 +329,7 @@ Group syncing allows LDAP groups to be mapped to GitLab groups. This provides mo
Group links can be created by using either a CN or a filter. To create these group links, go to the group's **Settings > LDAP Synchronization** page. After configuring the link, it may take more than an hour for the users to sync with the GitLab group.
For more information on the administration of LDAP and group sync, refer to the [main LDAP documentation](../../administration/auth/ldap/index.md#group-sync).
For more information on the administration of LDAP and group sync, refer to the [main LDAP documentation](../../administration/auth/ldap/ldap_synchronization.md#group-sync).
NOTE:
When you add LDAP synchronization, if an LDAP user is a group member and they are not part of the LDAP group, they are removed from the group.

31
doc/user/packages/generic_packages/index.md
View file

@ -48,6 +48,7 @@ PUT /projects/:id/packages/generic/:package_name/:package_version/:file_name?sta
| `package_version` | string | yes | The package version. The following regex validates this: `\A(\.?[\w\+-]+\.?)+\z`. You can test your version strings on [Rubular](https://rubular.com/r/aNCV0wG5K14uq8).
| `file_name` | string | yes | The filename. It can contain only lowercase letters (`a-z`), uppercase letter (`A-Z`), numbers (`0-9`), dots (`.`), hyphens (`-`), or underscores (`_`).
| `status` | string | no | The package status. It can be `default` (default) or `hidden`. Hidden packages do not appear in the UI or [package API list endpoints](../../../api/packages.md).
| `select` | string | no | The response payload. By default, the response is empty. Valid values are: `package_file`. `package_file` returns details of the package file record created by this request.
Provide the file context in the request body.
@ -59,7 +60,7 @@ curl --header "PRIVATE-TOKEN: <your_access_token>" \
"https://gitlab.example.com/api/v4/projects/24/packages/generic/my_package/0.0.1/file.txt?status=hidden"
```
Example response:
Example response without attribute `select`:
```json
{
@ -67,6 +68,34 @@ Example response:
}
```
Example response with attribute `select = package_file`:
```json
{
"id": 1,
"package_id": 1,
"created_at": "2021-10-12T12:05:23.387Z",
"updated_at": "2021-10-12T12:05:23.387Z",
"size": 0,
"file_store": 1,
"file_md5": null,
"file_sha1": null,
"file_name": "file.txt",
"file": {
"url": "/6b/86/6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b/packages/26/files/36/file.txt"
},
"file_sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"verification_retry_at": null,
"verified_at": null,
"verification_failure": null,
"verification_retry_count": null,
"verification_checksum": null,
"verification_state": 0,
"verification_started_at": null,
"new_file_path": null
}
```
### Publishing a package with the same name or version
When you publish a package with the same name and version as an existing package, the new package

50
doc/user/packages/index.md
View file

@ -10,56 +10,6 @@ The GitLab [Package Registry](package_registry/index.md) acts as a private or pu
for a variety of common package managers. You can publish and share
packages, which can be easily consumed as a dependency in downstream projects.
WARNING:
Not all package manager formats are ready for production use. To view each format's status, see the
table's **Status** column.
The Package Registry supports the following formats:
| Package type | GitLab version | Status |
| ------------ | -------------- |------- |
| [Maven](maven_repository/index.md) | 11.3+ | Stable |
| [npm](npm_registry/index.md) | 11.7+ | Stable |
| [NuGet](nuget_repository/index.md) | 12.8+ | Stable |
| [PyPI](pypi_repository/index.md) | 12.10+ | Stable |
| [Generic packages](generic_packages/index.md) | 13.5+ | Stable |
| [Composer](composer_repository/index.md) | 13.2+ | [Beta](https://gitlab.com/groups/gitlab-org/-/epics/6817) |
| [Conan](conan_repository/index.md) | 12.6+ | [Beta](https://gitlab.com/groups/gitlab-org/-/epics/6816) |
| [Helm](helm_repository/index.md) | 14.1+ | [Beta](https://gitlab.com/groups/gitlab-org/-/epics/6366) |
| [Debian](debian_repository/index.md) | 14.2+ | [Alpha](https://gitlab.com/groups/gitlab-org/-/epics/6057) |
| [Go](go_proxy/index.md) | 13.1+ | [Alpha](https://gitlab.com/groups/gitlab-org/-/epics/3043) |
| [Ruby gems](rubygems_registry/index.md) | 13.10+ | [Alpha](https://gitlab.com/groups/gitlab-org/-/epics/3200) |
Status:
- Alpha: behind a feature flag and not officially supported.
- Beta: several known issues that may prevent expected use.
- Stable: ready for production use.
You can also use the [API](../../api/packages.md) to administer the Package Registry.
## Accepting contributions
The below table lists formats that are not supported, but are accepting Community contributions for. Consider contributing to GitLab. This [development documentation](../../development/packages.md)
guides you through the process.
<!-- vale gitlab.Spelling = NO -->
| Format | Status |
| ------ | ------ |
| Chef | [#36889](https://gitlab.com/gitlab-org/gitlab/-/issues/36889) |
| CocoaPods | [#36890](https://gitlab.com/gitlab-org/gitlab/-/issues/36890) |
| Conda | [#36891](https://gitlab.com/gitlab-org/gitlab/-/issues/36891) |
| CRAN | [#36892](https://gitlab.com/gitlab-org/gitlab/-/issues/36892) |
| Opkg | [#36894](https://gitlab.com/gitlab-org/gitlab/-/issues/36894) |
| P2 | [#36895](https://gitlab.com/gitlab-org/gitlab/-/issues/36895) |
| Puppet | [#36897](https://gitlab.com/gitlab-org/gitlab/-/issues/36897) |
| RPM | [#5932](https://gitlab.com/groups/gitlab-org/-/epics/5128) |
| SBT | [#36898](https://gitlab.com/gitlab-org/gitlab/-/issues/36898) |
| Swift | [#12233](https://gitlab.com/gitlab-org/gitlab/-/issues/12233) |
| Vagrant | [#36899](https://gitlab.com/gitlab-org/gitlab/-/issues/36899) |
<!-- vale gitlab.Spelling = YES -->
## Container Registry
The GitLab [Container Registry](container_registry/index.md) is a secure and private registry for container images. It's built on open source software and completely integrated within GitLab. Use GitLab CI/CD to create and publish images. Use the GitLab [API](../../api/container_registry.md) to manage the registry across groups and projects.

60
doc/user/packages/package_registry/index.md
View file

@ -8,9 +8,9 @@ info: To determine the technical writer assigned to the Stage/Group associated w
> [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/221259) to GitLab Free in 13.3.
With the GitLab Package Registry, you can use GitLab as a private or public registry
for a variety of common package managers. You can publish and share
packages, which can be easily consumed as a dependency in downstream projects.
With the GitLab Package Registry, you can use GitLab as a private or public registry for a variety
of [supported package managers](#supported-package-managers).
You can publish and share packages, which can be consumed as a dependency in downstream projects.
## View packages
@ -124,3 +124,57 @@ Learn how to use the GitLab Package Registry to build your own custom package wo
to publish all of your packages to one project.
- Publish multiple different packages from one [monorepo project](../workflows/working_with_monorepos.md).
## Supported package managers
WARNING:
Not all package manager formats are ready for production use. To view each format's status, see the
table's **Status** column.
The Package Registry supports the following formats:
| Package type | GitLab version | Status |
| ------------ | -------------- |------- |
| [Maven](../maven_repository/index.md) | 11.3+ | Stable |
| [npm](../npm_registry/index.md) | 11.7+ | Stable |
| [NuGet](../nuget_repository/index.md) | 12.8+ | Stable |
| [PyPI](../pypi_repository/index.md) | 12.10+ | Stable |
| [Generic packages](../generic_packages/index.md) | 13.5+ | Stable |
| [Composer](../composer_repository/index.md) | 13.2+ | [Beta](https://gitlab.com/groups/gitlab-org/-/epics/6817) |
| [Conan](../conan_repository/index.md) | 12.6+ | [Beta](https://gitlab.com/groups/gitlab-org/-/epics/6816) |
| [Helm](../helm_repository/index.md) | 14.1+ | [Beta](https://gitlab.com/groups/gitlab-org/-/epics/6366) |
| [Debian](../debian_repository/index.md) | 14.2+ | [Alpha](https://gitlab.com/groups/gitlab-org/-/epics/6057) |
| [Go](../go_proxy/index.md) | 13.1+ | [Alpha](https://gitlab.com/groups/gitlab-org/-/epics/3043) |
| [Ruby gems](../rubygems_registry/index.md) | 13.10+ | [Alpha](https://gitlab.com/groups/gitlab-org/-/epics/3200) |
Status:
- Alpha: behind a feature flag and not officially supported.
- Beta: several known issues that may prevent expected use.
- Stable: ready for production use.
You can also use the [API](../../../api/packages.md) to administer the Package Registry.
## Accepting contributions
This table lists unsupported package manager formats that we are accepting contributions for.
Consider contributing to GitLab. This [development documentation](../../../development/packages.md)
guides you through the process.
<!-- vale gitlab.Spelling = NO -->
| Format | Status |
| ------ | ------ |
| Chef | [#36889](https://gitlab.com/gitlab-org/gitlab/-/issues/36889) |
| CocoaPods | [#36890](https://gitlab.com/gitlab-org/gitlab/-/issues/36890) |
| Conda | [#36891](https://gitlab.com/gitlab-org/gitlab/-/issues/36891) |
| CRAN | [#36892](https://gitlab.com/gitlab-org/gitlab/-/issues/36892) |
| Opkg | [#36894](https://gitlab.com/gitlab-org/gitlab/-/issues/36894) |
| P2 | [#36895](https://gitlab.com/gitlab-org/gitlab/-/issues/36895) |
| Puppet | [#36897](https://gitlab.com/gitlab-org/gitlab/-/issues/36897) |
| RPM | [#5932](https://gitlab.com/groups/gitlab-org/-/epics/5128) |
| SBT | [#36898](https://gitlab.com/gitlab-org/gitlab/-/issues/36898) |
| Swift | [#12233](https://gitlab.com/gitlab-org/gitlab/-/issues/12233) |
| Vagrant | [#36899](https://gitlab.com/gitlab-org/gitlab/-/issues/36899) |
<!-- vale gitlab.Spelling = YES -->

6
doc/user/permissions.md
View file

@ -384,8 +384,10 @@ An administrator can flag a user as external by either of the following methods:
1. On the left sidebar, select **Overview > Users** to create a new user or edit an existing one.
There, you can find the option to flag the user as external.
Additionally users can be set as external users using [SAML groups](../integration/saml.md#external-groups)
and [LDAP groups](../administration/auth/ldap/index.md#external-groups).
Additionally users can be set as external users using:
- [SAML groups](../integration/saml.md#external-groups).
- [LDAP groups](../administration/auth/ldap/ldap_synchronization.md#external-groups).
### Setting new users to external

13
doc/user/project/import/fogbugz.md
View file

@ -16,15 +16,16 @@ users.
To import your project from FogBugz:
1. From your GitLab dashboard, select **New project**.
1. Select the **FogBugz** button.
![FogBugz](img/fogbugz_import_select_fogbogz.png)
1. Sign in to GitLab.
1. On the top bar, select **New** (**{plus}**).
1. Select **New project/repository**.
1. Select **Import project**.
1. Select **FogBugz**.
1. Enter your FogBugz URL, email address, and password.
![Login](img/fogbugz_import_login.png)
1. Create a mapping from FogBugz users to GitLab users.
![User Map](img/fogbugz_import_user_map.png)
1. Select **Import** for the projects you want to import.
1. For the projects you want to import, select **Import**.
![Import Project](img/fogbugz_import_select_project.png)
1. After the import finishes, click the link to go to the project
1. After the import finishes, select the link to go to the project
dashboard. Follow the directions to push your existing repository.
![Finished](img/fogbugz_import_finished.png)

BIN
doc/user/project/import/img/fogbugz_import_login.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 13 KiB

BIN
doc/user/project/import/img/fogbugz_import_select_fogbogz.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 12 KiB

9
lib/api/generic_packages.rb
View file

@ -54,6 +54,7 @@ module API
requires :file_name, type: String, desc: 'Package file name', regexp: Gitlab::Regex.generic_package_file_name_regex, file_path: true
optional :status, type: String, values: ALLOWED_STATUSES, desc: 'Package status'
requires :file, type: ::API::Validations::Types::WorkhorseFile, desc: 'The package file to be published (generated by Multipart middleware)'
optional :select, type: String, values: %w[package_file]
end
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true, deploy_token_allowed: true
@ -65,11 +66,15 @@ module API
track_package_event('push_package', :generic, project: project, user: current_user, namespace: project.namespace)
create_package_file_params = declared_params.merge(build: current_authenticated_job)
::Packages::Generic::CreatePackageFileService
package_file = ::Packages::Generic::CreatePackageFileService
.new(project, current_user, create_package_file_params)
.execute
created!
if params[:select] == 'package_file'
present package_file
else
created!
end
rescue ObjectStorage::RemoteStoreError => e
Gitlab::ErrorTracking.track_exception(e, extra: { file_name: params[:file_name], project_id: project.id })

8
spec/controllers/concerns/group_tree_spec.rb
View file

@ -102,13 +102,5 @@ RSpec.describe GroupTree do
end
it_behaves_like 'returns filtered groups'
context 'when feature flag :linear_group_tree_ancestor_scopes is disabled' do
before do
stub_feature_flags(linear_group_tree_ancestor_scopes: false)
end
it_behaves_like 'returns filtered groups'
end
end
end

44
spec/features/clusters/create_agent_spec.rb Normal file
View file

@ -0,0 +1,44 @@
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe 'Cluster agent registration', :js do
let_it_be(:project) { create(:project, :custom_repo, files: { '.gitlab/agents/example-agent-1/config.yaml' => '' }) }
let_it_be(:current_user) { create(:user, maintainer_projects: [project]) }
before do
allow(Gitlab::Kas).to receive(:enabled?).and_return(true)
allow(Gitlab::Kas).to receive(:internal_url).and_return('kas.example.internal')
allow_next_instance_of(Gitlab::Kas::Client) do |client|
allow(client).to receive(:list_agent_config_files).and_return([
double(agent_name: 'example-agent-1', path: '.gitlab/agents/example-agent-1/config.yaml'),
double(agent_name: 'example-agent-2', path: '.gitlab/agents/example-agent-2/config.yaml')
])
end
allow(Devise).to receive(:friendly_token).and_return('example-agent-token')
sign_in(current_user)
visit project_clusters_path(project)
end
it 'allows the user to select an agent to install, and displays the resulting agent token' do
click_link('GitLab Agent managed clusters')
click_button('Integrate with the GitLab Agent')
expect(page).to have_content('Install new Agent')
click_button('Select an Agent')
click_button('example-agent-2')
click_button('Next')
expect(page).to have_content('The token value will not be shown again after you close this window.')
expect(page).to have_content('example-agent-token')
expect(page).to have_content('docker run --pull=always --rm')
click_button('Done')
expect(page).to have_link('example-agent-2')
expect(page).to have_no_content('Install new Agent')
end
end

57
spec/features/projects/cluster_agents_spec.rb Normal file
View file

@ -0,0 +1,57 @@
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe 'ClusterAgents', :js do
let_it_be(:token) { create(:cluster_agent_token, description: 'feature test token')}
let(:agent) { token.agent }
let(:project) { agent.project }
let(:user) { project.creator }
before do
gitlab_sign_in(user)
end
context 'when user does not have any agents and visits the index page' do
let(:empty_project) { create(:project) }
before do
empty_project.add_maintainer(user)
visit project_clusters_path(empty_project)
end
it 'displays empty state', :aggregate_failures do
click_link 'GitLab Agent managed clusters'
expect(page).to have_content('Integrate with the GitLab Agent')
expect(page).to have_selector('.empty-state')
end
end
context 'when user has an agent' do
context 'when visiting the index page' do
before do
visit project_clusters_path(project)
end
it 'displays a table with agent', :aggregate_failures do
click_link 'GitLab Agent managed clusters'
expect(page).to have_content(agent.name)
expect(page).to have_selector('[data-testid="cluster-agent-list-table"] tbody tr', count: 1)
end
end
context 'when visiting the show page' do
before do
visit project_cluster_agent_path(project, agent.name)
end
it 'displays agent and token information', :aggregate_failures do
expect(page).to have_content(agent.name)
expect(page).to have_content(token.description)
end
end
end
end

332
spec/frontend/fixtures/api_markdown.yml
View file

@ -2,63 +2,75 @@
# spec/frontend/fixtures/api_markdown.rb and
# spec/frontend/content_editor/extensions/markdown_processing_spec.js
---
- name: attachment_image
context: group
markdown: '![test-file](/uploads/aa45a38ec2cfe97433281b10bbff042c/test-file.png)'
- name: attachment_image
context: project
markdown: '![test-file](/uploads/aa45a38ec2cfe97433281b10bbff042c/test-file.png)'
- name: attachment_image
context: project_wiki
markdown: '![test-file](test-file.png)'
- name: attachment_link
context: group
markdown: '[test-file](/uploads/aa45a38ec2cfe97433281b10bbff042c/test-file.zip)'
- name: attachment_link
context: project
markdown: '[test-file](/uploads/aa45a38ec2cfe97433281b10bbff042c/test-file.zip)'
- name: attachment_link
context: project_wiki
markdown: '[test-file](test-file.zip)'
- name: audio
markdown: '![Sample Audio](https://gitlab.com/gitlab.mp3)'
- name: audio_and_video_in_lists
markdown: |-
* ![Sample Audio](https://gitlab.com/1.mp3)
* ![Sample Video](https://gitlab.com/2.mp4)
1. ![Sample Video](https://gitlab.com/1.mp4)
2. ![Sample Audio](https://gitlab.com/2.mp3)
* [x] ![Sample Audio](https://gitlab.com/1.mp3)
* [x] ![Sample Audio](https://gitlab.com/2.mp3)
* [x] ![Sample Video](https://gitlab.com/3.mp4)
- name: blockquote
markdown: |-
> This is a blockquote
>
> This is another one
- name: bold
markdown: '**bold**'
- name: emphasis
markdown: '_emphasized text_'
- name: inline_code
markdown: '`code`'
- name: inline_diff
- name: bullet_list_style_1
markdown: |-
* {-deleted-}
* {+added+}
- name: strike
markdown: '~~del~~'
- name: horizontal_rule
markdown: '---'
- name: html_marks
* list item 1
* list item 2
* embedded list item 3
- name: bullet_list_style_2
markdown: |-
* Content editor is ~~great~~<ins>amazing</ins>.
* If the changes <abbr title="Looks good to merge">LGTM</abbr>, please <abbr title="Merge when pipeline succeeds">MWPS</abbr>.
* The English song <q>Oh I do like to be beside the seaside</q> looks like this in Hebrew: <span dir="rtl">אה, אני אוהב להיות ליד חוף הים</span>. In the computer's memory, this is stored as <bdo dir="ltr">אה, אני אוהב להיות ליד חוף הים</bdo>.
* <cite>The Scream</cite> by Edvard Munch. Painted in 1893.
* <dfn>HTML</dfn> is the standard markup language for creating web pages.
* Do not forget to buy <mark>milk</mark> today.
* This is a paragraph and <small>smaller text goes here</small>.
* The concert starts at <time datetime="20:00">20:00</time> and you'll be able to enjoy the band for at least <time datetime="PT2H30M">2h 30m</time>.
* Press <kbd>Ctrl</kbd> + <kbd>C</kbd> to copy text (Windows).
* WWF's goal is to: <q>Build a future where people live in harmony with nature.</q> We hope they succeed.
* The error occured was: <samp>Keyboard not found. Press F1 to continue.</samp>
* The area of a triangle is: 1/2 x <var>b</var> x <var>h</var>, where <var>b</var> is the base, and <var>h</var> is the vertical height.
* <ruby>漢<rt>ㄏㄢˋ</rt></ruby>
* C<sub>7</sub>H<sub>16</sub> + O<sub>2</sub> → CO<sub>2</sub> + H<sub>2</sub>O
* The **Pythagorean theorem** is often expressed as <var>a<sup>2</sup></var> + <var>b<sup>2</sup></var> = <var>c<sup>2</sup></var>
- name: div
- list item 1
- list item 2
* embedded list item 3
- name: bullet_list_style_3
markdown: |-
<div>plain text</div>
<div>
just a plain ol' div, not much to _expect_!
</div>
- name: figure
+ list item 1
+ list item 2
- embedded list item 3
- name: code_block
markdown: |-
<figure>
![Elephant at sunset](elephant-sunset.jpg)
<figcaption>An elephant at sunset</figcaption>
</figure>
<figure>
![A crocodile wearing crocs](croc-crocs.jpg)
<figcaption>
A crocodile wearing _crocs_!
</figcaption>
</figure>
```javascript
console.log('hello world')
```
- name: color_chips
markdown: |-
- `#F00`
- `#F00A`
- `#FF0000`
- `#FF0000AA`
- `RGB(0,255,0)`
- `RGB(0%,100%,0%)`
- `RGBA(0,255,0,0.3)`
- `HSL(540,70%,50%)`
- `HSLA(540,70%,50%,0.3)`
- name: description_list
markdown: |-
<dl>
@ -106,31 +118,57 @@
```
</details>
- name: link
markdown: '[GitLab](https://gitlab.com)'
- name: attachment_link
context: project_wiki
markdown: '[test-file](test-file.zip)'
- name: attachment_link
context: project
markdown: '[test-file](/uploads/aa45a38ec2cfe97433281b10bbff042c/test-file.zip)'
- name: attachment_link
context: group
markdown: '[test-file](/uploads/aa45a38ec2cfe97433281b10bbff042c/test-file.zip)'
- name: attachment_image
context: project_wiki
markdown: '![test-file](test-file.png)'
- name: attachment_image
context: project
markdown: '![test-file](/uploads/aa45a38ec2cfe97433281b10bbff042c/test-file.png)'
- name: attachment_image
context: group
markdown: '![test-file](/uploads/aa45a38ec2cfe97433281b10bbff042c/test-file.png)'
- name: code_block
- name: div
markdown: |-
```javascript
console.log('hello world')
```
<div>plain text</div>
<div>
just a plain ol' div, not much to _expect_!
</div>
- name: emoji
markdown: ':sparkles: :heart: :100:'
- name: emphasis
markdown: '_emphasized text_'
- name: figure
markdown: |-
<figure>
![Elephant at sunset](elephant-sunset.jpg)
<figcaption>An elephant at sunset</figcaption>
</figure>
<figure>
![A crocodile wearing crocs](croc-crocs.jpg)
<figcaption>
A crocodile wearing _crocs_!
</figcaption>
</figure>
- name: frontmatter_json
markdown: |-
;;;
{
"title": "Page title"
}
;;;
- name: frontmatter_toml
markdown: |-
+++
title = "Page title"
+++
- name: frontmatter_yaml
markdown: |-
---
title: Page title
---
- name: hard_break
markdown: |-
This is a line after a\
hard break
- name: headings
markdown: |-
# Heading 1
@ -144,29 +182,44 @@
##### Heading 5
###### Heading 6
- name: blockquote
- name: horizontal_rule
markdown: '---'
- name: html_marks
markdown: |-
> This is a blockquote
>
> This is another one
- name: thematic_break
* Content editor is ~~great~~<ins>amazing</ins>.
* If the changes <abbr title="Looks good to merge">LGTM</abbr>, please <abbr title="Merge when pipeline succeeds">MWPS</abbr>.
* The English song <q>Oh I do like to be beside the seaside</q> looks like this in Hebrew: <span dir="rtl">אה, אני אוהב להיות ליד חוף הים</span>. In the computer's memory, this is stored as <bdo dir="ltr">אה, אני אוהב להיות ליד חוף הים</bdo>.
* <cite>The Scream</cite> by Edvard Munch. Painted in 1893.
* <dfn>HTML</dfn> is the standard markup language for creating web pages.
* Do not forget to buy <mark>milk</mark> today.
* This is a paragraph and <small>smaller text goes here</small>.
* The concert starts at <time datetime="20:00">20:00</time> and you'll be able to enjoy the band for at least <time datetime="PT2H30M">2h 30m</time>.
* Press <kbd>Ctrl</kbd> + <kbd>C</kbd> to copy text (Windows).
* WWF's goal is to: <q>Build a future where people live in harmony with nature.</q> We hope they succeed.
* The error occured was: <samp>Keyboard not found. Press F1 to continue.</samp>
* The area of a triangle is: 1/2 x <var>b</var> x <var>h</var>, where <var>b</var> is the base, and <var>h</var> is the vertical height.
* <ruby>漢<rt>ㄏㄢˋ</rt></ruby>
* C<sub>7</sub>H<sub>16</sub> + O<sub>2</sub> → CO<sub>2</sub> + H<sub>2</sub>O
* The **Pythagorean theorem** is often expressed as <var>a<sup>2</sup></var> + <var>b<sup>2</sup></var> = <var>c<sup>2</sup></var>
- name: image
markdown: '![alt text](https://gitlab.com/logo.png)'
- name: inline_code
markdown: '`code`'
- name: inline_diff
markdown: |-
---
- name: bullet_list_style_1
* {-deleted-}
* {+added+}
- name: link
markdown: '[GitLab](https://gitlab.com)'
- name: math
markdown: |-
* list item 1
* list item 2
* embedded list item 3
- name: bullet_list_style_2
markdown: |-
- list item 1
- list item 2
* embedded list item 3
- name: bullet_list_style_3
markdown: |-
+ list item 1
+ list item 2
- embedded list item 3
This math is inline $`a^2+b^2=c^2`$.
This is on a separate line:
```math
a^2+b^2=c^2
```
- name: ordered_list
markdown: |-
1. list item 1
@ -177,14 +230,6 @@
134. list item 1
135. list item 2
136. list item 3
- name: task_list
markdown: |-
* [x] hello
* [x] world
* [ ] example
* [ ] of nested
* [x] task list
* [ ] items
- name: ordered_task_list
markdown: |-
1. [x] hello
@ -198,12 +243,12 @@
4893. [x] hello
4894. [x] world
4895. [ ] example
- name: image
markdown: '![alt text](https://gitlab.com/logo.png)'
- name: hard_break
- name: reference
context: project_wiki
markdown: |-
This is a line after a\
hard break
Hi @gitlab - thank you for reporting this ~bug (#1) we hope to fix it in %1.1 as part of !1
- name: strike
markdown: '~~del~~'
- name: table
markdown: |-
| header | header |
@ -212,27 +257,6 @@
| ~~strike~~ | cell with _italic_ |
# content after table
- name: emoji
markdown: ':sparkles: :heart: :100:'
- name: reference
context: project_wiki
markdown: |-
Hi @gitlab - thank you for reporting this ~bug (#1) we hope to fix it in %1.1 as part of !1
- name: audio
markdown: '![Sample Audio](https://gitlab.com/gitlab.mp3)'
- name: video
markdown: '![Sample Video](https://gitlab.com/gitlab.mp4)'
- name: audio_and_video_in_lists
markdown: |-
* ![Sample Audio](https://gitlab.com/1.mp3)
* ![Sample Video](https://gitlab.com/2.mp4)
1. ![Sample Video](https://gitlab.com/1.mp4)
2. ![Sample Audio](https://gitlab.com/2.mp3)
* [x] ![Sample Audio](https://gitlab.com/1.mp3)
* [x] ![Sample Audio](https://gitlab.com/2.mp3)
* [x] ![Sample Video](https://gitlab.com/3.mp4)
- name: table_of_contents
markdown: |-
[[_TOC_]]
@ -248,42 +272,18 @@
# Sit amit
### I don't know
- name: task_list
markdown: |-
* [x] hello
* [x] world
* [ ] example
* [ ] of nested
* [x] task list
* [ ] items
- name: thematic_break
markdown: |-
---
- name: video
markdown: '![Sample Video](https://gitlab.com/gitlab.mp4)'
- name: word_break
markdown: Fernstraßen<wbr>bau<wbr>privat<wbr>finanzierungs<wbr>gesetz
- name: frontmatter_yaml
markdown: |-
---
title: Page title
---
- name: frontmatter_toml
markdown: |-
+++
title = "Page title"
+++
- name: frontmatter_json
markdown: |-
;;;
{
"title": "Page title"
}
;;;
- name: color_chips
markdown: |-
- `#F00`
- `#F00A`
- `#FF0000`
- `#FF0000AA`
- `RGB(0,255,0)`
- `RGB(0%,100%,0%)`
- `RGBA(0,255,0,0.3)`
- `HSL(540,70%,50%)`
- `HSLA(540,70%,50%,0.3)`
- name: math
markdown: |-
This math is inline $`a^2+b^2=c^2`$.
This is on a separate line:
```math
a^2+b^2=c^2
```

20
spec/helpers/clusters_helper_spec.rb
View file

@ -152,4 +152,24 @@ RSpec.describe ClustersHelper do
end
end
end
describe '#display_cluster_agents?' do
subject { helper.display_cluster_agents?(clusterable) }
context 'when clusterable is a project' do
let(:clusterable) { build(:project) }
it 'allows agents to display' do
expect(subject).to be_truthy
end
end
context 'when clusterable is a group' do
let(:clusterable) { build(:group) }
it 'does not allow agents to display' do
expect(subject).to be_falsey
end
end
end
end

31
spec/requests/api/generic_packages_spec.rb
View file

@ -297,6 +297,37 @@ RSpec.describe API::GenericPackages do
end
end
context 'with select' do
context 'with a valid value' do
context 'package_file' do
let(:params) { super().merge(select: 'package_file') }
it 'returns a package file' do
headers = workhorse_headers.merge(auth_header)
upload_file(params, headers)
aggregate_failures do
expect(response).to have_gitlab_http_status(:ok)
expect(json_response).to have_key('id')
end
end
end
end
context 'with an invalid value' do
let(:params) { super().merge(select: 'invalid_value') }
it 'returns a package file' do
headers = workhorse_headers.merge(auth_header)
upload_file(params, headers)
expect(response).to have_gitlab_http_status(:bad_request)
end
end
end
context 'with a status' do
context 'valid status' do
let(:params) { super().merge(status: 'hidden') }

4
spec/support/database/cross-join-allowlist.yml
View file

@ -1,6 +1,3 @@
- "./ee/spec/finders/ee/namespaces/projects_finder_spec.rb"
- "./ee/spec/graphql/ee/resolvers/namespace_projects_resolver_spec.rb"
- "./ee/spec/models/project_spec.rb"
- "./ee/spec/requests/api/ci/minutes_spec.rb"
- "./ee/spec/services/ci/minutes/additional_packs/change_namespace_service_spec.rb"
- "./ee/spec/services/ci/minutes/additional_packs/create_service_spec.rb"
@ -8,7 +5,6 @@
- "./spec/features/groups/packages_spec.rb"
- "./spec/features/projects/infrastructure_registry_spec.rb"
- "./spec/features/projects/packages_spec.rb"
- "./spec/finders/ci/pipelines_for_merge_request_finder_spec.rb"
- "./spec/lib/api/entities/package_spec.rb"
- "./spec/lib/gitlab/background_migration/copy_ci_builds_columns_to_security_scans_spec.rb"
- "./spec/lib/gitlab/background_migration/migrate_pages_metadata_spec.rb"