Add latest changes from gitlab-org/gitlab@master
This commit is contained in:
parent
347c7a7517
commit
3256c55b0f
|
@ -1057,3 +1057,142 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
|
||||||
/lib/system_check/incoming_email/imap_authentication_check.rb @gitlab-org/manage/authentication-and-authorization/approvers
|
/lib/system_check/incoming_email/imap_authentication_check.rb @gitlab-org/manage/authentication-and-authorization/approvers
|
||||||
/lib/tasks/gitlab/password.rake @gitlab-org/manage/authentication-and-authorization/approvers
|
/lib/tasks/gitlab/password.rake @gitlab-org/manage/authentication-and-authorization/approvers
|
||||||
/lib/tasks/tokens.rake @gitlab-org/manage/authentication-and-authorization/approvers
|
/lib/tasks/tokens.rake @gitlab-org/manage/authentication-and-authorization/approvers
|
||||||
|
|
||||||
|
[Compliance]
|
||||||
|
/ee/app/services/audit_events/build_service.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/services/audit_events/custom_audit_event_service_spec.rb @gitlab-org/manage/compliance
|
||||||
|
/app/models/audit_event.rb @gitlab-org/manage/compliance
|
||||||
|
/app/services/audit_event_service.rb @gitlab-org/manage/compliance
|
||||||
|
/app/services/concerns/audit_event_save_type.rb @gitlab-org/manage/compliance
|
||||||
|
/app/views/profiles/audit_log.html.haml @gitlab-org/manage/compliance
|
||||||
|
/config/feature_flags/development/custom_headers_streaming_audit_events_ui.yml @gitlab-org/manage/compliance
|
||||||
|
/data/deprecations/14-3-repository-push-audit-events.yml @gitlab-org/manage/compliance
|
||||||
|
/data/removals/15_0/removal_manage_repository_push_audit_event.yml @gitlab-org/manage/compliance
|
||||||
|
/db/docs/audit_events.yml @gitlab-org/manage/compliance
|
||||||
|
/db/docs/audit_events_external_audit_event_destinations.yml @gitlab-org/manage/compliance
|
||||||
|
/db/docs/audit_events_streaming_headers.yml @gitlab-org/manage/compliance
|
||||||
|
/db/migrate/20210819185500_create_external_audit_event_destinations_table.rb @gitlab-org/manage/compliance
|
||||||
|
/db/migrate/20220524141800_create_audit_events_streaming_headers.rb @gitlab-org/manage/compliance
|
||||||
|
/db/post_migrate/20210331105335_drop_non_partitioned_audit_events.rb @gitlab-org/manage/compliance
|
||||||
|
/db/post_migrate/20220119094503_populate_audit_event_streaming_verification_token.rb @gitlab-org/manage/compliance
|
||||||
|
/doc/administration/audit_event_streaming.md @gitlab-org/manage/compliance
|
||||||
|
/doc/administration/audit_events.md @gitlab-org/manage/compliance
|
||||||
|
/doc/administration/audit_reports.md @gitlab-org/manage/compliance
|
||||||
|
/doc/administration/auditor_users.md @gitlab-org/manage/compliance
|
||||||
|
/doc/api/audit_events.md @gitlab-org/manage/compliance
|
||||||
|
/doc/api/graphql/audit_report.md @gitlab-org/manage/compliance
|
||||||
|
/ee/app/assets/javascripts/audit_events/components/audit_events_app.vue @gitlab-org/manage/compliance
|
||||||
|
/ee/app/assets/javascripts/audit_events/components/audit_events_export_button.vue @gitlab-org/manage/compliance
|
||||||
|
/ee/app/assets/javascripts/audit_events/components/audit_events_filter.vue @gitlab-org/manage/compliance
|
||||||
|
/ee/app/assets/javascripts/audit_events/components/audit_events_log.vue @gitlab-org/manage/compliance
|
||||||
|
/ee/app/assets/javascripts/audit_events/components/audit_events_stream.vue @gitlab-org/manage/compliance
|
||||||
|
/ee/app/assets/javascripts/audit_events/components/audit_events_table.vue @gitlab-org/manage/compliance
|
||||||
|
/ee/app/assets/javascripts/audit_events/components/tokens/shared/ @gitlab-org/manage/compliance
|
||||||
|
/ee/app/assets/javascripts/audit_events/init_audit_events.js @gitlab-org/manage/compliance
|
||||||
|
/ee/app/controllers/admin/audit_log_reports_controller.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/app/controllers/admin/audit_logs_controller.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/app/controllers/concerns/audit_events/audit_events_params.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/app/controllers/groups/audit_events_controller.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/app/controllers/projects/audit_events_controller.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/app/finders/audit_event_finder.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/app/graphql/types/audit_events/external_audit_event_destination_type.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/app/helpers/audit_events_helper.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/app/helpers/auditor_user_helper.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/app/models/audit_events/external_audit_event_destination.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/app/models/concerns/auditable.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/app/models/ee/audit_event.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/app/policies/audit_events/external_audit_event_destination_policy.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/app/presenters/audit_event_presenter.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/app/serializers/audit_event_entity.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/app/serializers/audit_event_serializer.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/app/services/ci/audit_variable_change_service.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/app/services/ee/audit_event_service.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/app/views/admin/users/_auditor_access_level_radio.html.haml @gitlab-org/manage/compliance
|
||||||
|
/ee/app/views/admin/users/_auditor_user_badge.html.haml @gitlab-org/manage/compliance
|
||||||
|
/ee/app/views/shared/icons/_icon_audit_events_purple.svg @gitlab-org/manage/compliance
|
||||||
|
/ee/app/views/shared/promotions/_promote_audit_events.html.haml @gitlab-org/manage/compliance
|
||||||
|
/ee/app/workers/audit_events/audit_event_streaming_worker.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/config/events/1652263097_groups__audit_events__index_click_streams_tab.yml @gitlab-org/manage/compliance
|
||||||
|
/ee/config/events/202108302307_admin_audit_logs_index_click_date_range_button.yml @gitlab-org/manage/compliance
|
||||||
|
/ee/config/events/202108302307_groups__audit_events_controller_search_audit_event.yml @gitlab-org/manage/compliance
|
||||||
|
/ee/config/events/202108302307_profiles_controller_search_audit_event.yml @gitlab-org/manage/compliance
|
||||||
|
/ee/config/events/202108302307_projects__audit_events_controller_search_audit_event.yml @gitlab-org/manage/compliance
|
||||||
|
/ee/config/events/202111041910_admin__audit_logs_controller_search_audit_event.yml @gitlab-org/manage/compliance
|
||||||
|
/ee/config/feature_flags/development/audit_event_streaming_git_operations.yml @gitlab-org/manage/compliance
|
||||||
|
/ee/config/feature_flags/development/audit_log_group_level.yml @gitlab-org/manage/compliance
|
||||||
|
/ee/config/metrics/counts_28d/20210216183930_g_compliance_audit_events_monthly.yml @gitlab-org/manage/compliance
|
||||||
|
/ee/config/metrics/counts_28d/20210216183934_i_compliance_audit_events_monthly.yml @gitlab-org/manage/compliance
|
||||||
|
/ee/config/metrics/counts_28d/20210216183942_a_compliance_audit_events_api_monthly.yml @gitlab-org/manage/compliance
|
||||||
|
/ee/config/metrics/counts_28d/20211130085433_g_manage_compliance_audit_event_destinations.yml @gitlab-org/manage/compliance
|
||||||
|
/ee/config/metrics/counts_7d/20210216183906_g_compliance_audit_events.yml @gitlab-org/manage/compliance
|
||||||
|
/ee/config/metrics/counts_7d/20210216183908_i_compliance_audit_events.yml @gitlab-org/manage/compliance
|
||||||
|
/ee/config/metrics/counts_7d/20210216183912_a_compliance_audit_events_api.yml @gitlab-org/manage/compliance
|
||||||
|
/ee/config/metrics/counts_7d/20210216183928_g_compliance_audit_events_weekly.yml @gitlab-org/manage/compliance
|
||||||
|
/ee/config/metrics/counts_7d/20210216183932_i_compliance_audit_events_weekly.yml @gitlab-org/manage/compliance
|
||||||
|
/ee/config/metrics/counts_7d/20210216183940_a_compliance_audit_events_api_weekly.yml @gitlab-org/manage/compliance
|
||||||
|
/ee/config/metrics/counts_all/20211130085433_g_manage_compliance_audit_event_destinations.yml @gitlab-org/manage/compliance
|
||||||
|
/ee/lib/api/audit_events.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/lib/audit/external_status_check_changes_auditor.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/lib/audit/group_merge_request_approval_setting_changes_auditor.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/lib/audit/group_push_rules_changes_auditor.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/lib/ee/api/entities/audit_event.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/lib/ee/audit/ @gitlab-org/manage/compliance
|
||||||
|
/ee/lib/gitlab/audit/auditor.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/controllers/admin/audit_log_reports_controller_spec.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/controllers/admin/audit_logs_controller_spec.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/controllers/groups/audit_events_controller_spec.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/controllers/projects/audit_events_controller_spec.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/factories/audit_events/external_audit_event_destinations.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/features/admin/admin_audit_logs_spec.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/features/groups/audit_events_spec.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/features/projects/audit_events_spec.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/finders/audit_event_finder_spec.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/fixtures/api/schemas/public_api/v4/audit_event.json @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/fixtures/api/schemas/public_api/v4/audit_events.json @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/frontend/audit_events/components/__snapshots__/ @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/frontend/audit_events/components/audit_events_app_spec.js @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/frontend/audit_events/components/audit_events_export_button_spec.js @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/frontend/audit_events/components/audit_events_filter_spec.js @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/frontend/audit_events/components/audit_events_logs_spec.js @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/frontend/audit_events/components/audit_events_stream_spec.js @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/frontend/audit_events/components/audit_events_table_spec.js @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/frontend/audit_events/components/tokens/shared/ @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/graphql/types/audit_events/exterrnal_audit_event_destination_type_spec.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/helpers/audit_events_helper_spec.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/lib/audit/external_status_check_changes_auditor_spec.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/lib/audit/group_merge_request_approval_setting_changes_auditor_spec.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/lib/audit/group_push_rules_changes_auditor_spec.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/lib/ee/audit/ @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/lib/gitlab/audit/auditor_spec.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/models/audit_events/external_audit_event_destination_spec.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/models/concerns/auditable_spec.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/models/ee/audit_event_spec.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/presenters/audit_event_presenter_spec.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/requests/admin/audit_events_spec.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/requests/api/audit_events_spec.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/requests/api/graphql/group/external_audit_event_destinations_spec.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/requests/groups/audit_events_spec.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/requests/projects/audit_events_spec.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/serializers/audit_event_entity_spec.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/serializers/audit_event_serializer_spec.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/services/audit_event_service_spec.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/support/shared_contexts/audit_event_not_licensed_shared_context.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/support/shared_contexts/audit_event_queue_shared_context.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/support/shared_examples/audit/ @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/support/shared_examples/features/audit_events_filter_shared_examples.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/support/shared_examples/services/audit_event_logging_shared_examples.rb @gitlab-org/manage/compliance
|
||||||
|
/ee/spec/workers/audit_events/audit_event_streaming_worker_spec.rb @gitlab-org/manage/compliance
|
||||||
|
/lib/gitlab/audit_json_logger.rb @gitlab-org/manage/compliance
|
||||||
|
/qa/qa/ee/page/admin/monitoring/ @gitlab-org/manage/compliance
|
||||||
|
/qa/qa/specs/features/ee/browser_ui/1_manage/group/group_audit_logs_1_spec.rb @gitlab-org/manage/compliance
|
||||||
|
/qa/qa/specs/features/ee/browser_ui/1_manage/group/group_audit_logs_2_spec.rb @gitlab-org/manage/compliance
|
||||||
|
/qa/qa/specs/features/ee/browser_ui/1_manage/instance/ @gitlab-org/manage/compliance
|
||||||
|
/qa/qa/specs/features/ee/browser_ui/1_manage/project/project_audit_logs_spec.rb @gitlab-org/manage/compliance
|
||||||
|
/spec/factories/audit_events.rb @gitlab-org/manage/compliance
|
||||||
|
/spec/migrations/populate_audit_event_streaming_verification_token_spec.rb @gitlab-org/manage/compliance
|
||||||
|
/spec/models/audit_event_spec.rb @gitlab-org/manage/compliance
|
||||||
|
/spec/services/audit_event_service_spec.rb @gitlab-org/manage/compliance
|
||||||
|
/spec/services/concerns/audit_event_save_type_spec.rb @gitlab-org/manage/compliance
|
||||||
|
/spec/support/shared_examples/sends_git_audit_streaming_event_shared_examples.rb @gitlab-org/manage/compliance
|
||||||
|
/spec/views/profiles/audit_log.html.haml_spec.rb @gitlab-org/manage/compliance
|
||||||
|
/vendor/project_templates/hipaa_audit_protocol.tar.gz @gitlab-org/manage/compliance
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
445024454b60b661cc7bc7782c9e9367517f42e2
|
157e6b6ad8fd7aa0ebdd43727f00b81f34b100a1
|
||||||
|
|
|
@ -33,7 +33,7 @@ module Ci
|
||||||
"project-full-path" => project.full_path,
|
"project-full-path" => project.full_path,
|
||||||
"project-namespace" => project.namespace.full_path,
|
"project-namespace" => project.namespace.full_path,
|
||||||
"runner-help-page-path" => help_page_path('ci/runners/index'),
|
"runner-help-page-path" => help_page_path('ci/runners/index'),
|
||||||
"simulate-pipeline-help-page-path" => help_page_path('ci/lint', anchor: 'simulate-a-pipeline'),
|
"simulate-pipeline-help-page-path" => help_page_path('ci/pipeline_editor/index', anchor: 'simulate-a-cicd-pipeline'),
|
||||||
"total-branches" => total_branches,
|
"total-branches" => total_branches,
|
||||||
"validate-tab-illustration-path" => image_path('illustrations/project-run-CICD-pipelines-sm.svg'),
|
"validate-tab-illustration-path" => image_path('illustrations/project-run-CICD-pipelines-sm.svg'),
|
||||||
"yml-help-page-path" => help_page_path('ci/yaml/index')
|
"yml-help-page-path" => help_page_path('ci/yaml/index')
|
||||||
|
|
|
@ -639,7 +639,8 @@ module ProjectsHelper
|
||||||
warnAboutPotentiallyUnwantedCharacters: project.warn_about_potentially_unwanted_characters?,
|
warnAboutPotentiallyUnwantedCharacters: project.warn_about_potentially_unwanted_characters?,
|
||||||
enforceAuthChecksOnUploads: project.enforce_auth_checks_on_uploads?,
|
enforceAuthChecksOnUploads: project.enforce_auth_checks_on_uploads?,
|
||||||
securityAndComplianceAccessLevel: project.security_and_compliance_access_level,
|
securityAndComplianceAccessLevel: project.security_and_compliance_access_level,
|
||||||
containerRegistryAccessLevel: feature.container_registry_access_level
|
containerRegistryAccessLevel: feature.container_registry_access_level,
|
||||||
|
environmentsAccessLevel: feature.environments_access_level
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -22,14 +22,14 @@ module SearchHelper
|
||||||
resource_results(term)
|
resource_results(term)
|
||||||
when :generic
|
when :generic
|
||||||
[
|
[
|
||||||
generic_results(term),
|
recent_items_autocomplete(term),
|
||||||
recent_items_autocomplete(term)
|
generic_results(term)
|
||||||
]
|
]
|
||||||
else
|
else
|
||||||
[
|
[
|
||||||
generic_results(term),
|
recent_items_autocomplete(term),
|
||||||
resource_results(term),
|
resource_results(term),
|
||||||
recent_items_autocomplete(term)
|
generic_results(term)
|
||||||
]
|
]
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -94,6 +94,10 @@ module ProjectFeaturesCompatibility
|
||||||
write_feature_attribute_string(:container_registry_access_level, value)
|
write_feature_attribute_string(:container_registry_access_level, value)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def environments_access_level=(value)
|
||||||
|
write_feature_attribute_string(:environments_access_level, value)
|
||||||
|
end
|
||||||
|
|
||||||
# TODO: Remove this method after we drop support for project create/edit APIs to set the
|
# TODO: Remove this method after we drop support for project create/edit APIs to set the
|
||||||
# container_registry_enabled attribute. They can instead set the container_registry_access_level
|
# container_registry_enabled attribute. They can instead set the container_registry_access_level
|
||||||
# attribute.
|
# attribute.
|
||||||
|
|
|
@ -446,7 +446,7 @@ class Project < ApplicationRecord
|
||||||
:repository_access_level, :package_registry_access_level, :pages_access_level,
|
:repository_access_level, :package_registry_access_level, :pages_access_level,
|
||||||
:metrics_dashboard_access_level, :analytics_access_level,
|
:metrics_dashboard_access_level, :analytics_access_level,
|
||||||
:operations_access_level, :security_and_compliance_access_level,
|
:operations_access_level, :security_and_compliance_access_level,
|
||||||
:container_registry_access_level,
|
:container_registry_access_level, :environments_access_level,
|
||||||
to: :project_feature, allow_nil: true
|
to: :project_feature, allow_nil: true
|
||||||
|
|
||||||
delegate :show_default_award_emojis, :show_default_award_emojis=,
|
delegate :show_default_award_emojis, :show_default_award_emojis=,
|
||||||
|
|
|
@ -21,6 +21,7 @@ class ProjectFeature < ApplicationRecord
|
||||||
security_and_compliance
|
security_and_compliance
|
||||||
container_registry
|
container_registry
|
||||||
package_registry
|
package_registry
|
||||||
|
environments
|
||||||
].freeze
|
].freeze
|
||||||
|
|
||||||
EXPORTABLE_FEATURES = (FEATURES - [:security_and_compliance, :pages]).freeze
|
EXPORTABLE_FEATURES = (FEATURES - [:security_and_compliance, :pages]).freeze
|
||||||
|
|
|
@ -209,6 +209,7 @@ class ProjectPolicy < BasePolicy
|
||||||
analytics
|
analytics
|
||||||
operations
|
operations
|
||||||
security_and_compliance
|
security_and_compliance
|
||||||
|
environments
|
||||||
]
|
]
|
||||||
|
|
||||||
features.each do |f|
|
features.each do |f|
|
||||||
|
@ -366,7 +367,11 @@ class ProjectPolicy < BasePolicy
|
||||||
prevent(:metrics_dashboard)
|
prevent(:metrics_dashboard)
|
||||||
end
|
end
|
||||||
|
|
||||||
rule { operations_disabled }.policy do
|
condition(:split_operations_visibility_permissions) do
|
||||||
|
::Feature.enabled?(:split_operations_visibility_permissions, @subject)
|
||||||
|
end
|
||||||
|
|
||||||
|
rule { ~split_operations_visibility_permissions & operations_disabled }.policy do
|
||||||
prevent(*create_read_update_admin_destroy(:feature_flag))
|
prevent(*create_read_update_admin_destroy(:feature_flag))
|
||||||
prevent(*create_read_update_admin_destroy(:environment))
|
prevent(*create_read_update_admin_destroy(:environment))
|
||||||
prevent(*create_read_update_admin_destroy(:sentry_issue))
|
prevent(*create_read_update_admin_destroy(:sentry_issue))
|
||||||
|
@ -379,6 +384,11 @@ class ProjectPolicy < BasePolicy
|
||||||
prevent(:read_prometheus)
|
prevent(:read_prometheus)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
rule { split_operations_visibility_permissions & environments_disabled }.policy do
|
||||||
|
prevent(*create_read_update_admin_destroy(:environment))
|
||||||
|
prevent(*create_read_update_admin_destroy(:deployment))
|
||||||
|
end
|
||||||
|
|
||||||
rule { can?(:metrics_dashboard) }.policy do
|
rule { can?(:metrics_dashboard) }.policy do
|
||||||
enable :read_prometheus
|
enable :read_prometheus
|
||||||
enable :read_deployment
|
enable :read_deployment
|
||||||
|
|
|
@ -284,6 +284,7 @@ included_attributes:
|
||||||
- :security_and_compliance_access_level
|
- :security_and_compliance_access_level
|
||||||
- :container_registry_access_level
|
- :container_registry_access_level
|
||||||
- :package_registry_access_level
|
- :package_registry_access_level
|
||||||
|
- :environments_access_level
|
||||||
prometheus_metrics:
|
prometheus_metrics:
|
||||||
- :created_at
|
- :created_at
|
||||||
- :updated_at
|
- :updated_at
|
||||||
|
@ -686,6 +687,7 @@ included_attributes:
|
||||||
- :security_and_compliance_access_level
|
- :security_and_compliance_access_level
|
||||||
- :container_registry_access_level
|
- :container_registry_access_level
|
||||||
- :package_registry_access_level
|
- :package_registry_access_level
|
||||||
|
- :environments_access_level
|
||||||
- :allow_merge_on_skipped_pipeline
|
- :allow_merge_on_skipped_pipeline
|
||||||
- :auto_devops_deploy_strategy
|
- :auto_devops_deploy_strategy
|
||||||
- :auto_devops_enabled
|
- :auto_devops_enabled
|
||||||
|
|
|
@ -67,6 +67,28 @@ module QA
|
||||||
|
|
||||||
it_behaves_like 'repository storage move'
|
it_behaves_like 'repository storage move'
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# Note: This test doesn't have the :orchestrated tag because it runs in the Test::Integration::Praefect
|
||||||
|
# scenario with other tests that aren't considered orchestrated.
|
||||||
|
# It also runs on staging using nfs-file07 as non-cluster storage and nfs-file22 as cluster/praefect storage
|
||||||
|
context 'when moving from Gitaly Cluster to Gitaly', :requires_praefect, testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/369204' do
|
||||||
|
let(:source_storage) { { type: :praefect, name: QA::Runtime::Env.praefect_repository_storage } }
|
||||||
|
let(:destination_storage) { { type: :gitaly, name: QA::Runtime::Env.non_cluster_repository_storage } }
|
||||||
|
let(:project) do
|
||||||
|
Resource::Project.fabricate_via_api! do |project|
|
||||||
|
project.name = 'repo-storage-move'
|
||||||
|
project.initialize_with_readme = true
|
||||||
|
project.repository_storage = source_storage[:name]
|
||||||
|
project.api_client = Runtime::API::Client.as_admin
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
before do
|
||||||
|
praefect_manager.gitlab = 'gitlab-gitaly-cluster'
|
||||||
|
end
|
||||||
|
|
||||||
|
it_behaves_like 'repository storage move'
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -23,6 +23,7 @@ module RuboCop
|
||||||
operations
|
operations
|
||||||
security_and_compliance
|
security_and_compliance
|
||||||
container_registry
|
container_registry
|
||||||
|
environments
|
||||||
].freeze
|
].freeze
|
||||||
EE_FEATURES = %i[requirements].freeze
|
EE_FEATURES = %i[requirements].freeze
|
||||||
ALL_FEATURES = (FEATURES + EE_FEATURES).freeze
|
ALL_FEATURES = (FEATURES + EE_FEATURES).freeze
|
||||||
|
|
|
@ -37,6 +37,7 @@ FactoryBot.define do
|
||||||
operations_access_level { ProjectFeature::ENABLED }
|
operations_access_level { ProjectFeature::ENABLED }
|
||||||
container_registry_access_level { ProjectFeature::ENABLED }
|
container_registry_access_level { ProjectFeature::ENABLED }
|
||||||
security_and_compliance_access_level { ProjectFeature::PRIVATE }
|
security_and_compliance_access_level { ProjectFeature::PRIVATE }
|
||||||
|
environments_access_level { ProjectFeature::ENABLED }
|
||||||
|
|
||||||
# we can't assign the delegated `#ci_cd_settings` attributes directly, as the
|
# we can't assign the delegated `#ci_cd_settings` attributes directly, as the
|
||||||
# `#ci_cd_settings` relation needs to be created first
|
# `#ci_cd_settings` relation needs to be created first
|
||||||
|
|
|
@ -63,7 +63,7 @@ RSpec.describe Ci::PipelineEditorHelper do
|
||||||
"project-full-path" => project.full_path,
|
"project-full-path" => project.full_path,
|
||||||
"project-namespace" => project.namespace.full_path,
|
"project-namespace" => project.namespace.full_path,
|
||||||
"runner-help-page-path" => help_page_path('ci/runners/index'),
|
"runner-help-page-path" => help_page_path('ci/runners/index'),
|
||||||
"simulate-pipeline-help-page-path" => help_page_path('ci/lint', anchor: 'simulate-a-pipeline'),
|
"simulate-pipeline-help-page-path" => help_page_path('ci/pipeline_editor/index', anchor: 'simulate-a-cicd-pipeline'),
|
||||||
"total-branches" => project.repository.branches.length,
|
"total-branches" => project.repository.branches.length,
|
||||||
"validate-tab-illustration-path" => 'illustrations/validate.svg',
|
"validate-tab-illustration-path" => 'illustrations/validate.svg',
|
||||||
"yml-help-page-path" => help_page_path('ci/yaml/index')
|
"yml-help-page-path" => help_page_path('ci/yaml/index')
|
||||||
|
@ -94,7 +94,7 @@ RSpec.describe Ci::PipelineEditorHelper do
|
||||||
"project-full-path" => project.full_path,
|
"project-full-path" => project.full_path,
|
||||||
"project-namespace" => project.namespace.full_path,
|
"project-namespace" => project.namespace.full_path,
|
||||||
"runner-help-page-path" => help_page_path('ci/runners/index'),
|
"runner-help-page-path" => help_page_path('ci/runners/index'),
|
||||||
"simulate-pipeline-help-page-path" => help_page_path('ci/lint', anchor: 'simulate-a-pipeline'),
|
"simulate-pipeline-help-page-path" => help_page_path('ci/pipeline_editor/index', anchor: 'simulate-a-cicd-pipeline'),
|
||||||
"total-branches" => 0,
|
"total-branches" => 0,
|
||||||
"validate-tab-illustration-path" => 'illustrations/validate.svg',
|
"validate-tab-illustration-path" => 'illustrations/validate.svg',
|
||||||
"yml-help-page-path" => help_page_path('ci/yaml/index')
|
"yml-help-page-path" => help_page_path('ci/yaml/index')
|
||||||
|
|
|
@ -966,7 +966,8 @@ RSpec.describe ProjectsHelper do
|
||||||
operationsAccessLevel: project.project_feature.operations_access_level,
|
operationsAccessLevel: project.project_feature.operations_access_level,
|
||||||
showDefaultAwardEmojis: project.show_default_award_emojis?,
|
showDefaultAwardEmojis: project.show_default_award_emojis?,
|
||||||
securityAndComplianceAccessLevel: project.security_and_compliance_access_level,
|
securityAndComplianceAccessLevel: project.security_and_compliance_access_level,
|
||||||
containerRegistryAccessLevel: project.project_feature.container_registry_access_level
|
containerRegistryAccessLevel: project.project_feature.container_registry_access_level,
|
||||||
|
environmentsAccessLevel: project.project_feature.environments_access_level
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -74,19 +74,21 @@ RSpec.describe SearchHelper do
|
||||||
expect(result.keys).to match_array(%i[category id value label url avatar_url])
|
expect(result.keys).to match_array(%i[category id value label url avatar_url])
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'includes the users recently viewed issues', :aggregate_failures do
|
it 'includes the users recently viewed issues and project with correct order', :aggregate_failures do
|
||||||
recent_issues = instance_double(::Gitlab::Search::RecentIssues)
|
recent_issues = instance_double(::Gitlab::Search::RecentIssues)
|
||||||
expect(::Gitlab::Search::RecentIssues).to receive(:new).with(user: user).and_return(recent_issues)
|
expect(::Gitlab::Search::RecentIssues).to receive(:new).with(user: user).and_return(recent_issues)
|
||||||
project1 = create(:project, :with_avatar, namespace: user.namespace)
|
project1 = create(:project, :with_avatar, namespace: user.namespace)
|
||||||
project2 = create(:project, namespace: user.namespace)
|
project2 = create(:project, namespace: user.namespace)
|
||||||
issue1 = create(:issue, title: 'issue 1', project: project1)
|
issue1 = create(:issue, title: 'issue 1', project: project1)
|
||||||
issue2 = create(:issue, title: 'issue 2', project: project2)
|
issue2 = create(:issue, title: 'issue 2', project: project2)
|
||||||
|
project = create(:project, title: 'the search term')
|
||||||
|
project.add_developer(user)
|
||||||
|
|
||||||
expect(recent_issues).to receive(:search).with('the search term').and_return(Issue.id_in_ordered([issue1.id, issue2.id]))
|
expect(recent_issues).to receive(:search).with('the search term').and_return(Issue.id_in_ordered([issue1.id, issue2.id]))
|
||||||
|
|
||||||
results = search_autocomplete_opts("the search term")
|
results = search_autocomplete_opts("the search term")
|
||||||
|
|
||||||
expect(results.count).to eq(2)
|
expect(results.count).to eq(3)
|
||||||
|
|
||||||
expect(results[0]).to include({
|
expect(results[0]).to include({
|
||||||
category: 'Recent issues',
|
category: 'Recent issues',
|
||||||
|
@ -103,6 +105,13 @@ RSpec.describe SearchHelper do
|
||||||
url: Gitlab::Routing.url_helpers.project_issue_path(issue2.project, issue2),
|
url: Gitlab::Routing.url_helpers.project_issue_path(issue2.project, issue2),
|
||||||
avatar_url: '' # This project didn't have an avatar so set this to ''
|
avatar_url: '' # This project didn't have an avatar so set this to ''
|
||||||
})
|
})
|
||||||
|
|
||||||
|
expect(results[2]).to include({
|
||||||
|
category: 'Projects',
|
||||||
|
id: project.id,
|
||||||
|
label: project.full_name,
|
||||||
|
url: Gitlab::Routing.url_helpers.project_path(project)
|
||||||
|
})
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'includes the users recently viewed issues with the exact same name', :aggregate_failures do
|
it 'includes the users recently viewed issues with the exact same name', :aggregate_failures do
|
||||||
|
|
|
@ -584,6 +584,7 @@ ProjectFeature:
|
||||||
- security_and_compliance_access_level
|
- security_and_compliance_access_level
|
||||||
- container_registry_access_level
|
- container_registry_access_level
|
||||||
- package_registry_access_level
|
- package_registry_access_level
|
||||||
|
- environments_access_level
|
||||||
- created_at
|
- created_at
|
||||||
- updated_at
|
- updated_at
|
||||||
ProtectedBranch::MergeAccessLevel:
|
ProtectedBranch::MergeAccessLevel:
|
||||||
|
|
|
@ -5,7 +5,7 @@ require 'spec_helper'
|
||||||
RSpec.describe ProjectFeaturesCompatibility do
|
RSpec.describe ProjectFeaturesCompatibility do
|
||||||
let(:project) { create(:project) }
|
let(:project) { create(:project) }
|
||||||
let(:features_enabled) { %w(issues wiki builds merge_requests snippets security_and_compliance) }
|
let(:features_enabled) { %w(issues wiki builds merge_requests snippets security_and_compliance) }
|
||||||
let(:features) { features_enabled + %w(repository pages operations container_registry package_registry) }
|
let(:features) { features_enabled + %w(repository pages operations container_registry package_registry environments) }
|
||||||
|
|
||||||
# We had issues_enabled, snippets_enabled, builds_enabled, merge_requests_enabled and issues_enabled fields on projects table
|
# We had issues_enabled, snippets_enabled, builds_enabled, merge_requests_enabled and issues_enabled fields on projects table
|
||||||
# All those fields got moved to a new table called project_feature and are now integers instead of booleans
|
# All those fields got moved to a new table called project_feature and are now integers instead of booleans
|
||||||
|
|
|
@ -831,6 +831,7 @@ RSpec.describe Project, factory_default: :keep do
|
||||||
it { is_expected.to delegate_method(:last_pipeline).to(:commit).allow_nil }
|
it { is_expected.to delegate_method(:last_pipeline).to(:commit).allow_nil }
|
||||||
it { is_expected.to delegate_method(:container_registry_enabled?).to(:project_feature) }
|
it { is_expected.to delegate_method(:container_registry_enabled?).to(:project_feature) }
|
||||||
it { is_expected.to delegate_method(:container_registry_access_level).to(:project_feature) }
|
it { is_expected.to delegate_method(:container_registry_access_level).to(:project_feature) }
|
||||||
|
it { is_expected.to delegate_method(:environments_access_level).to(:project_feature) }
|
||||||
|
|
||||||
describe 'read project settings' do
|
describe 'read project settings' do
|
||||||
%i(
|
%i(
|
||||||
|
|
|
@ -1930,6 +1930,10 @@ RSpec.describe ProjectPolicy do
|
||||||
describe 'operations feature' do
|
describe 'operations feature' do
|
||||||
using RSpec::Parameterized::TableSyntax
|
using RSpec::Parameterized::TableSyntax
|
||||||
|
|
||||||
|
before do
|
||||||
|
stub_feature_flags(split_operations_visibility_permissions: false)
|
||||||
|
end
|
||||||
|
|
||||||
let(:guest_operations_permissions) { [:read_environment, :read_deployment] }
|
let(:guest_operations_permissions) { [:read_environment, :read_deployment] }
|
||||||
|
|
||||||
let(:developer_operations_permissions) do
|
let(:developer_operations_permissions) do
|
||||||
|
@ -2002,30 +2006,6 @@ RSpec.describe ProjectPolicy do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def project_subject(project_type)
|
|
||||||
case project_type
|
|
||||||
when :public
|
|
||||||
public_project
|
|
||||||
when :internal
|
|
||||||
internal_project
|
|
||||||
else
|
|
||||||
private_project
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
def user_subject(role)
|
|
||||||
case role
|
|
||||||
when :maintainer
|
|
||||||
maintainer
|
|
||||||
when :developer
|
|
||||||
developer
|
|
||||||
when :guest
|
|
||||||
guest
|
|
||||||
when :anonymous
|
|
||||||
anonymous
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
def permissions_abilities(role)
|
def permissions_abilities(role)
|
||||||
case role
|
case role
|
||||||
when :maintainer
|
when :maintainer
|
||||||
|
@ -2039,6 +2019,87 @@ RSpec.describe ProjectPolicy do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe 'environments feature' do
|
||||||
|
using RSpec::Parameterized::TableSyntax
|
||||||
|
|
||||||
|
let(:guest_environments_permissions) { [:read_environment, :read_deployment] }
|
||||||
|
|
||||||
|
let(:developer_environments_permissions) do
|
||||||
|
guest_environments_permissions + [
|
||||||
|
:create_environment, :create_deployment, :update_environment, :update_deployment, :destroy_environment
|
||||||
|
]
|
||||||
|
end
|
||||||
|
|
||||||
|
let(:maintainer_environments_permissions) do
|
||||||
|
developer_environments_permissions + [:admin_environment, :admin_deployment]
|
||||||
|
end
|
||||||
|
|
||||||
|
where(:project_visibility, :access_level, :role, :allowed) do
|
||||||
|
:public | ProjectFeature::ENABLED | :maintainer | true
|
||||||
|
:public | ProjectFeature::ENABLED | :developer | true
|
||||||
|
:public | ProjectFeature::ENABLED | :guest | true
|
||||||
|
:public | ProjectFeature::ENABLED | :anonymous | true
|
||||||
|
:public | ProjectFeature::PRIVATE | :maintainer | true
|
||||||
|
:public | ProjectFeature::PRIVATE | :developer | true
|
||||||
|
:public | ProjectFeature::PRIVATE | :guest | true
|
||||||
|
:public | ProjectFeature::PRIVATE | :anonymous | false
|
||||||
|
:public | ProjectFeature::DISABLED | :maintainer | false
|
||||||
|
:public | ProjectFeature::DISABLED | :developer | false
|
||||||
|
:public | ProjectFeature::DISABLED | :guest | false
|
||||||
|
:public | ProjectFeature::DISABLED | :anonymous | false
|
||||||
|
:internal | ProjectFeature::ENABLED | :maintainer | true
|
||||||
|
:internal | ProjectFeature::ENABLED | :developer | true
|
||||||
|
:internal | ProjectFeature::ENABLED | :guest | true
|
||||||
|
:internal | ProjectFeature::ENABLED | :anonymous | false
|
||||||
|
:internal | ProjectFeature::PRIVATE | :maintainer | true
|
||||||
|
:internal | ProjectFeature::PRIVATE | :developer | true
|
||||||
|
:internal | ProjectFeature::PRIVATE | :guest | true
|
||||||
|
:internal | ProjectFeature::PRIVATE | :anonymous | false
|
||||||
|
:internal | ProjectFeature::DISABLED | :maintainer | false
|
||||||
|
:internal | ProjectFeature::DISABLED | :developer | false
|
||||||
|
:internal | ProjectFeature::DISABLED | :guest | false
|
||||||
|
:internal | ProjectFeature::DISABLED | :anonymous | false
|
||||||
|
:private | ProjectFeature::ENABLED | :maintainer | true
|
||||||
|
:private | ProjectFeature::ENABLED | :developer | true
|
||||||
|
:private | ProjectFeature::ENABLED | :guest | false
|
||||||
|
:private | ProjectFeature::ENABLED | :anonymous | false
|
||||||
|
:private | ProjectFeature::PRIVATE | :maintainer | true
|
||||||
|
:private | ProjectFeature::PRIVATE | :developer | true
|
||||||
|
:private | ProjectFeature::PRIVATE | :guest | false
|
||||||
|
:private | ProjectFeature::PRIVATE | :anonymous | false
|
||||||
|
:private | ProjectFeature::DISABLED | :maintainer | false
|
||||||
|
:private | ProjectFeature::DISABLED | :developer | false
|
||||||
|
:private | ProjectFeature::DISABLED | :guest | false
|
||||||
|
:private | ProjectFeature::DISABLED | :anonymous | false
|
||||||
|
end
|
||||||
|
|
||||||
|
with_them do
|
||||||
|
let(:current_user) { user_subject(role) }
|
||||||
|
let(:project) { project_subject(project_visibility) }
|
||||||
|
|
||||||
|
it 'allows/disallows the abilities based on the environments feature access level' do
|
||||||
|
project.project_feature.update!(environments_access_level: access_level)
|
||||||
|
|
||||||
|
if allowed
|
||||||
|
expect_allowed(*permissions_abilities(role))
|
||||||
|
else
|
||||||
|
expect_disallowed(*permissions_abilities(role))
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def permissions_abilities(role)
|
||||||
|
case role
|
||||||
|
when :maintainer
|
||||||
|
maintainer_environments_permissions
|
||||||
|
when :developer
|
||||||
|
developer_environments_permissions
|
||||||
|
else
|
||||||
|
guest_environments_permissions
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
describe 'access_security_and_compliance' do
|
describe 'access_security_and_compliance' do
|
||||||
context 'when the "Security & Compliance" is enabled' do
|
context 'when the "Security & Compliance" is enabled' do
|
||||||
before do
|
before do
|
||||||
|
@ -2481,4 +2542,28 @@ RSpec.describe ProjectPolicy do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def project_subject(project_type)
|
||||||
|
case project_type
|
||||||
|
when :public
|
||||||
|
public_project
|
||||||
|
when :internal
|
||||||
|
internal_project
|
||||||
|
else
|
||||||
|
private_project
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def user_subject(role)
|
||||||
|
case role
|
||||||
|
when :maintainer
|
||||||
|
maintainer
|
||||||
|
when :developer
|
||||||
|
developer
|
||||||
|
when :guest
|
||||||
|
guest
|
||||||
|
when :anonymous
|
||||||
|
anonymous
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -11,6 +11,7 @@ RSpec.describe Tooling::FindCodeowners do
|
||||||
allow(subject).to receive(:load_config).and_return(
|
allow(subject).to receive(:load_config).and_return(
|
||||||
'[Section name]': {
|
'[Section name]': {
|
||||||
'@group': {
|
'@group': {
|
||||||
|
entries: %w[whatever entries],
|
||||||
allow: {
|
allow: {
|
||||||
keywords: %w[dir0 file],
|
keywords: %w[dir0 file],
|
||||||
patterns: ['/%{keyword}/**/*', '/%{keyword}']
|
patterns: ['/%{keyword}/**/*', '/%{keyword}']
|
||||||
|
@ -31,8 +32,11 @@ RSpec.describe Tooling::FindCodeowners do
|
||||||
end
|
end
|
||||||
end.to output(<<~CODEOWNERS).to_stdout
|
end.to output(<<~CODEOWNERS).to_stdout
|
||||||
[Section name]
|
[Section name]
|
||||||
|
whatever @group
|
||||||
|
entries @group
|
||||||
/dir0/dir1/ @group
|
/dir0/dir1/ @group
|
||||||
/file @group
|
/file @group
|
||||||
|
|
||||||
CODEOWNERS
|
CODEOWNERS
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -57,21 +61,33 @@ RSpec.describe Tooling::FindCodeowners do
|
||||||
patterns: ['%{keyword}']
|
patterns: ['%{keyword}']
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
'[Compliance]': {
|
||||||
|
'@gitlab-org/manage/compliance': {
|
||||||
|
entries: %w[
|
||||||
|
/ee/app/services/audit_events/build_service.rb
|
||||||
|
],
|
||||||
|
allow: {
|
||||||
|
patterns: %w[
|
||||||
|
/ee/app/services/audit_events/*
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'expands the allow and deny list with keywords and patterns' do
|
it 'expands the allow and deny list with keywords and patterns' do
|
||||||
subject.load_definitions.each do |section, group_defintions|
|
group_defintions = subject.load_definitions[:'[Authentication and Authorization]']
|
||||||
group_defintions.each do |group, definitions|
|
|
||||||
expect(definitions[:allow]).to be_an(Array)
|
group_defintions.each do |group, definitions|
|
||||||
expect(definitions[:deny]).to be_an(Array)
|
expect(definitions[:allow]).to be_an(Array)
|
||||||
end
|
expect(definitions[:deny]).to be_an(Array)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'expands the auth group' do
|
it 'expands the patterns for the auth group' do
|
||||||
auth = subject.load_definitions.dig(
|
auth = subject.load_definitions.dig(
|
||||||
:'[Authentication and Authorization]',
|
:'[Authentication and Authorization]',
|
||||||
:'@gitlab-org/manage/authentication-and-authorization')
|
:'@gitlab-org/manage/authentication-and-authorization')
|
||||||
|
@ -95,6 +111,21 @@ RSpec.describe Tooling::FindCodeowners do
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it 'retains the array and expands the patterns for the compliance group' do
|
||||||
|
compliance = subject.load_definitions.dig(
|
||||||
|
:'[Compliance]',
|
||||||
|
:'@gitlab-org/manage/compliance')
|
||||||
|
|
||||||
|
expect(compliance).to eq(
|
||||||
|
entries: %w[
|
||||||
|
/ee/app/services/audit_events/build_service.rb
|
||||||
|
],
|
||||||
|
allow: %w[
|
||||||
|
/ee/app/services/audit_events/*
|
||||||
|
]
|
||||||
|
)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe '#load_config' do
|
describe '#load_config' do
|
||||||
|
|
|
@ -55,3 +55,24 @@
|
||||||
- '/lib/gitlab/conan_token.rb'
|
- '/lib/gitlab/conan_token.rb'
|
||||||
patterns:
|
patterns:
|
||||||
- '%{keyword}'
|
- '%{keyword}'
|
||||||
|
|
||||||
|
'[Compliance]':
|
||||||
|
'@gitlab-org/manage/compliance':
|
||||||
|
entries:
|
||||||
|
- '/ee/app/services/audit_events/build_service.rb'
|
||||||
|
- '/ee/spec/services/audit_events/custom_audit_event_service_spec.rb'
|
||||||
|
allow:
|
||||||
|
keywords:
|
||||||
|
- audit
|
||||||
|
patterns:
|
||||||
|
- '**%{keyword}**'
|
||||||
|
deny:
|
||||||
|
keywords:
|
||||||
|
- '*.png'
|
||||||
|
- '*bundler-audit*'
|
||||||
|
- '/ee/app/services/audit_events/*'
|
||||||
|
- '/ee/spec/services/audit_events/*'
|
||||||
|
- '/ee/spec/services/ci/*'
|
||||||
|
- '/ee/spec/services/personal_access_tokens/*'
|
||||||
|
patterns:
|
||||||
|
- '%{keyword}'
|
||||||
|
|
|
@ -9,37 +9,10 @@ module Tooling
|
||||||
puts section
|
puts section
|
||||||
|
|
||||||
group_defintions.each do |group, list|
|
group_defintions.each do |group, list|
|
||||||
matched_files = git_ls_files.each_line.select do |line|
|
print_entries(group, list[:entries]) if list[:entries]
|
||||||
list[:allow].find do |pattern|
|
print_expanded_entries(group, list) if list[:allow]
|
||||||
path = "/#{line.chomp}"
|
|
||||||
|
|
||||||
path_matches?(pattern, path) &&
|
puts
|
||||||
list[:deny].none? { |pattern| path_matches?(pattern, path) }
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
consolidated = consolidate_paths(matched_files)
|
|
||||||
consolidated_again = consolidate_paths(consolidated)
|
|
||||||
|
|
||||||
# Consider the directory structure is a tree structure:
|
|
||||||
# https://en.wikipedia.org/wiki/Tree_(data_structure)
|
|
||||||
# After we consolidated the leaf entries, it could be possible that
|
|
||||||
# we can consolidate further for the new leaves. Repeat this
|
|
||||||
# process until we see no improvements.
|
|
||||||
while consolidated_again.size < consolidated.size
|
|
||||||
consolidated = consolidated_again
|
|
||||||
consolidated_again = consolidate_paths(consolidated)
|
|
||||||
end
|
|
||||||
|
|
||||||
consolidated.each do |line|
|
|
||||||
path = line.chomp
|
|
||||||
|
|
||||||
if File.directory?(path)
|
|
||||||
puts "/#{path}/ #{group}"
|
|
||||||
else
|
|
||||||
puts "/#{path} #{group}"
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -50,10 +23,20 @@ module Tooling
|
||||||
result.each do |section, group_defintions|
|
result.each do |section, group_defintions|
|
||||||
group_defintions.each do |group, definitions|
|
group_defintions.each do |group, definitions|
|
||||||
definitions.transform_values! do |rules|
|
definitions.transform_values! do |rules|
|
||||||
rules[:keywords].flat_map do |keyword|
|
case rules
|
||||||
rules[:patterns].map do |pattern|
|
when Hash
|
||||||
pattern % { keyword: keyword }
|
case rules[:keywords]
|
||||||
|
when Array
|
||||||
|
rules[:keywords].flat_map do |keyword|
|
||||||
|
rules[:patterns].map do |pattern|
|
||||||
|
pattern % { keyword: keyword }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
else
|
||||||
|
rules[:patterns]
|
||||||
end
|
end
|
||||||
|
when Array
|
||||||
|
rules
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -118,6 +101,49 @@ module Tooling
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
|
def print_entries(group, entries)
|
||||||
|
entries.each do |entry|
|
||||||
|
puts "#{entry} #{group}"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def print_expanded_entries(group, list)
|
||||||
|
matched_files = git_ls_files.each_line.select do |line|
|
||||||
|
list[:allow].find do |pattern|
|
||||||
|
path = "/#{line.chomp}"
|
||||||
|
|
||||||
|
path_matches?(pattern, path) &&
|
||||||
|
(
|
||||||
|
list[:deny].nil? ||
|
||||||
|
list[:deny].none? { |pattern| path_matches?(pattern, path) }
|
||||||
|
)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
consolidated = consolidate_paths(matched_files)
|
||||||
|
consolidated_again = consolidate_paths(consolidated)
|
||||||
|
|
||||||
|
# Consider the directory structure is a tree structure:
|
||||||
|
# https://en.wikipedia.org/wiki/Tree_(data_structure)
|
||||||
|
# After we consolidated the leaf entries, it could be possible that
|
||||||
|
# we can consolidate further for the new leaves. Repeat this
|
||||||
|
# process until we see no improvements.
|
||||||
|
while consolidated_again.size < consolidated.size
|
||||||
|
consolidated = consolidated_again
|
||||||
|
consolidated_again = consolidate_paths(consolidated)
|
||||||
|
end
|
||||||
|
|
||||||
|
consolidated.each do |line|
|
||||||
|
path = line.chomp
|
||||||
|
|
||||||
|
if File.directory?(path)
|
||||||
|
puts "/#{path}/ #{group}"
|
||||||
|
else
|
||||||
|
puts "/#{path} #{group}"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
def find_dir_maxdepth_1(dir)
|
def find_dir_maxdepth_1(dir)
|
||||||
`find #{dir} -maxdepth 1`
|
`find #{dir} -maxdepth 1`
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue