Add latest changes from gitlab-org/gitlab@master
This commit is contained in:
parent
347c7a7517
commit
3256c55b0f
|
@ -1057,3 +1057,142 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
|
|||
/lib/system_check/incoming_email/imap_authentication_check.rb @gitlab-org/manage/authentication-and-authorization/approvers
|
||||
/lib/tasks/gitlab/password.rake @gitlab-org/manage/authentication-and-authorization/approvers
|
||||
/lib/tasks/tokens.rake @gitlab-org/manage/authentication-and-authorization/approvers
|
||||
|
||||
[Compliance]
|
||||
/ee/app/services/audit_events/build_service.rb @gitlab-org/manage/compliance
|
||||
/ee/spec/services/audit_events/custom_audit_event_service_spec.rb @gitlab-org/manage/compliance
|
||||
/app/models/audit_event.rb @gitlab-org/manage/compliance
|
||||
/app/services/audit_event_service.rb @gitlab-org/manage/compliance
|
||||
/app/services/concerns/audit_event_save_type.rb @gitlab-org/manage/compliance
|
||||
/app/views/profiles/audit_log.html.haml @gitlab-org/manage/compliance
|
||||
/config/feature_flags/development/custom_headers_streaming_audit_events_ui.yml @gitlab-org/manage/compliance
|
||||
/data/deprecations/14-3-repository-push-audit-events.yml @gitlab-org/manage/compliance
|
||||
/data/removals/15_0/removal_manage_repository_push_audit_event.yml @gitlab-org/manage/compliance
|
||||
/db/docs/audit_events.yml @gitlab-org/manage/compliance
|
||||
/db/docs/audit_events_external_audit_event_destinations.yml @gitlab-org/manage/compliance
|
||||
/db/docs/audit_events_streaming_headers.yml @gitlab-org/manage/compliance
|
||||
/db/migrate/20210819185500_create_external_audit_event_destinations_table.rb @gitlab-org/manage/compliance
|
||||
/db/migrate/20220524141800_create_audit_events_streaming_headers.rb @gitlab-org/manage/compliance
|
||||
/db/post_migrate/20210331105335_drop_non_partitioned_audit_events.rb @gitlab-org/manage/compliance
|
||||
/db/post_migrate/20220119094503_populate_audit_event_streaming_verification_token.rb @gitlab-org/manage/compliance
|
||||
/doc/administration/audit_event_streaming.md @gitlab-org/manage/compliance
|
||||
/doc/administration/audit_events.md @gitlab-org/manage/compliance
|
||||
/doc/administration/audit_reports.md @gitlab-org/manage/compliance
|
||||
/doc/administration/auditor_users.md @gitlab-org/manage/compliance
|
||||
/doc/api/audit_events.md @gitlab-org/manage/compliance
|
||||
/doc/api/graphql/audit_report.md @gitlab-org/manage/compliance
|
||||
/ee/app/assets/javascripts/audit_events/components/audit_events_app.vue @gitlab-org/manage/compliance
|
||||
/ee/app/assets/javascripts/audit_events/components/audit_events_export_button.vue @gitlab-org/manage/compliance
|
||||
/ee/app/assets/javascripts/audit_events/components/audit_events_filter.vue @gitlab-org/manage/compliance
|
||||
/ee/app/assets/javascripts/audit_events/components/audit_events_log.vue @gitlab-org/manage/compliance
|
||||
/ee/app/assets/javascripts/audit_events/components/audit_events_stream.vue @gitlab-org/manage/compliance
|
||||
/ee/app/assets/javascripts/audit_events/components/audit_events_table.vue @gitlab-org/manage/compliance
|
||||
/ee/app/assets/javascripts/audit_events/components/tokens/shared/ @gitlab-org/manage/compliance
|
||||
/ee/app/assets/javascripts/audit_events/init_audit_events.js @gitlab-org/manage/compliance
|
||||
/ee/app/controllers/admin/audit_log_reports_controller.rb @gitlab-org/manage/compliance
|
||||
/ee/app/controllers/admin/audit_logs_controller.rb @gitlab-org/manage/compliance
|
||||
/ee/app/controllers/concerns/audit_events/audit_events_params.rb @gitlab-org/manage/compliance
|
||||
/ee/app/controllers/groups/audit_events_controller.rb @gitlab-org/manage/compliance
|
||||
/ee/app/controllers/projects/audit_events_controller.rb @gitlab-org/manage/compliance
|
||||
/ee/app/finders/audit_event_finder.rb @gitlab-org/manage/compliance
|
||||
/ee/app/graphql/types/audit_events/external_audit_event_destination_type.rb @gitlab-org/manage/compliance
|
||||
/ee/app/helpers/audit_events_helper.rb @gitlab-org/manage/compliance
|
||||
/ee/app/helpers/auditor_user_helper.rb @gitlab-org/manage/compliance
|
||||
/ee/app/models/audit_events/external_audit_event_destination.rb @gitlab-org/manage/compliance
|
||||
/ee/app/models/concerns/auditable.rb @gitlab-org/manage/compliance
|
||||
/ee/app/models/ee/audit_event.rb @gitlab-org/manage/compliance
|
||||
/ee/app/policies/audit_events/external_audit_event_destination_policy.rb @gitlab-org/manage/compliance
|
||||
/ee/app/presenters/audit_event_presenter.rb @gitlab-org/manage/compliance
|
||||
/ee/app/serializers/audit_event_entity.rb @gitlab-org/manage/compliance
|
||||
/ee/app/serializers/audit_event_serializer.rb @gitlab-org/manage/compliance
|
||||
/ee/app/services/ci/audit_variable_change_service.rb @gitlab-org/manage/compliance
|
||||
/ee/app/services/ee/audit_event_service.rb @gitlab-org/manage/compliance
|
||||
/ee/app/views/admin/users/_auditor_access_level_radio.html.haml @gitlab-org/manage/compliance
|
||||
/ee/app/views/admin/users/_auditor_user_badge.html.haml @gitlab-org/manage/compliance
|
||||
/ee/app/views/shared/icons/_icon_audit_events_purple.svg @gitlab-org/manage/compliance
|
||||
/ee/app/views/shared/promotions/_promote_audit_events.html.haml @gitlab-org/manage/compliance
|
||||
/ee/app/workers/audit_events/audit_event_streaming_worker.rb @gitlab-org/manage/compliance
|
||||
/ee/config/events/1652263097_groups__audit_events__index_click_streams_tab.yml @gitlab-org/manage/compliance
|
||||
/ee/config/events/202108302307_admin_audit_logs_index_click_date_range_button.yml @gitlab-org/manage/compliance
|
||||
/ee/config/events/202108302307_groups__audit_events_controller_search_audit_event.yml @gitlab-org/manage/compliance
|
||||
/ee/config/events/202108302307_profiles_controller_search_audit_event.yml @gitlab-org/manage/compliance
|
||||
/ee/config/events/202108302307_projects__audit_events_controller_search_audit_event.yml @gitlab-org/manage/compliance
|
||||
/ee/config/events/202111041910_admin__audit_logs_controller_search_audit_event.yml @gitlab-org/manage/compliance
|
||||
/ee/config/feature_flags/development/audit_event_streaming_git_operations.yml @gitlab-org/manage/compliance
|
||||
/ee/config/feature_flags/development/audit_log_group_level.yml @gitlab-org/manage/compliance
|
||||
/ee/config/metrics/counts_28d/20210216183930_g_compliance_audit_events_monthly.yml @gitlab-org/manage/compliance
|
||||
/ee/config/metrics/counts_28d/20210216183934_i_compliance_audit_events_monthly.yml @gitlab-org/manage/compliance
|
||||
/ee/config/metrics/counts_28d/20210216183942_a_compliance_audit_events_api_monthly.yml @gitlab-org/manage/compliance
|
||||
/ee/config/metrics/counts_28d/20211130085433_g_manage_compliance_audit_event_destinations.yml @gitlab-org/manage/compliance
|
||||
/ee/config/metrics/counts_7d/20210216183906_g_compliance_audit_events.yml @gitlab-org/manage/compliance
|
||||
/ee/config/metrics/counts_7d/20210216183908_i_compliance_audit_events.yml @gitlab-org/manage/compliance
|
||||
/ee/config/metrics/counts_7d/20210216183912_a_compliance_audit_events_api.yml @gitlab-org/manage/compliance
|
||||
/ee/config/metrics/counts_7d/20210216183928_g_compliance_audit_events_weekly.yml @gitlab-org/manage/compliance
|
||||
/ee/config/metrics/counts_7d/20210216183932_i_compliance_audit_events_weekly.yml @gitlab-org/manage/compliance
|
||||
/ee/config/metrics/counts_7d/20210216183940_a_compliance_audit_events_api_weekly.yml @gitlab-org/manage/compliance
|
||||
/ee/config/metrics/counts_all/20211130085433_g_manage_compliance_audit_event_destinations.yml @gitlab-org/manage/compliance
|
||||
/ee/lib/api/audit_events.rb @gitlab-org/manage/compliance
|
||||
/ee/lib/audit/external_status_check_changes_auditor.rb @gitlab-org/manage/compliance
|
||||
/ee/lib/audit/group_merge_request_approval_setting_changes_auditor.rb @gitlab-org/manage/compliance
|
||||
/ee/lib/audit/group_push_rules_changes_auditor.rb @gitlab-org/manage/compliance
|
||||
/ee/lib/ee/api/entities/audit_event.rb @gitlab-org/manage/compliance
|
||||
/ee/lib/ee/audit/ @gitlab-org/manage/compliance
|
||||
/ee/lib/gitlab/audit/auditor.rb @gitlab-org/manage/compliance
|
||||
/ee/spec/controllers/admin/audit_log_reports_controller_spec.rb @gitlab-org/manage/compliance
|
||||
/ee/spec/controllers/admin/audit_logs_controller_spec.rb @gitlab-org/manage/compliance
|
||||
/ee/spec/controllers/groups/audit_events_controller_spec.rb @gitlab-org/manage/compliance
|
||||
/ee/spec/controllers/projects/audit_events_controller_spec.rb @gitlab-org/manage/compliance
|
||||
/ee/spec/factories/audit_events/external_audit_event_destinations.rb @gitlab-org/manage/compliance
|
||||
/ee/spec/features/admin/admin_audit_logs_spec.rb @gitlab-org/manage/compliance
|
||||
/ee/spec/features/groups/audit_events_spec.rb @gitlab-org/manage/compliance
|
||||
/ee/spec/features/projects/audit_events_spec.rb @gitlab-org/manage/compliance
|
||||
/ee/spec/finders/audit_event_finder_spec.rb @gitlab-org/manage/compliance
|
||||
/ee/spec/fixtures/api/schemas/public_api/v4/audit_event.json @gitlab-org/manage/compliance
|
||||
/ee/spec/fixtures/api/schemas/public_api/v4/audit_events.json @gitlab-org/manage/compliance
|
||||
/ee/spec/frontend/audit_events/components/__snapshots__/ @gitlab-org/manage/compliance
|
||||
/ee/spec/frontend/audit_events/components/audit_events_app_spec.js @gitlab-org/manage/compliance
|
||||
/ee/spec/frontend/audit_events/components/audit_events_export_button_spec.js @gitlab-org/manage/compliance
|
||||
/ee/spec/frontend/audit_events/components/audit_events_filter_spec.js @gitlab-org/manage/compliance
|
||||
/ee/spec/frontend/audit_events/components/audit_events_logs_spec.js @gitlab-org/manage/compliance
|
||||
/ee/spec/frontend/audit_events/components/audit_events_stream_spec.js @gitlab-org/manage/compliance
|
||||
/ee/spec/frontend/audit_events/components/audit_events_table_spec.js @gitlab-org/manage/compliance
|
||||
/ee/spec/frontend/audit_events/components/tokens/shared/ @gitlab-org/manage/compliance
|
||||
/ee/spec/graphql/types/audit_events/exterrnal_audit_event_destination_type_spec.rb @gitlab-org/manage/compliance
|
||||
/ee/spec/helpers/audit_events_helper_spec.rb @gitlab-org/manage/compliance
|
||||
/ee/spec/lib/audit/external_status_check_changes_auditor_spec.rb @gitlab-org/manage/compliance
|
||||
/ee/spec/lib/audit/group_merge_request_approval_setting_changes_auditor_spec.rb @gitlab-org/manage/compliance
|
||||
/ee/spec/lib/audit/group_push_rules_changes_auditor_spec.rb @gitlab-org/manage/compliance
|
||||
/ee/spec/lib/ee/audit/ @gitlab-org/manage/compliance
|
||||
/ee/spec/lib/gitlab/audit/auditor_spec.rb @gitlab-org/manage/compliance
|
||||
/ee/spec/models/audit_events/external_audit_event_destination_spec.rb @gitlab-org/manage/compliance
|
||||
/ee/spec/models/concerns/auditable_spec.rb @gitlab-org/manage/compliance
|
||||
/ee/spec/models/ee/audit_event_spec.rb @gitlab-org/manage/compliance
|
||||
/ee/spec/presenters/audit_event_presenter_spec.rb @gitlab-org/manage/compliance
|
||||
/ee/spec/requests/admin/audit_events_spec.rb @gitlab-org/manage/compliance
|
||||
/ee/spec/requests/api/audit_events_spec.rb @gitlab-org/manage/compliance
|
||||
/ee/spec/requests/api/graphql/group/external_audit_event_destinations_spec.rb @gitlab-org/manage/compliance
|
||||
/ee/spec/requests/groups/audit_events_spec.rb @gitlab-org/manage/compliance
|
||||
/ee/spec/requests/projects/audit_events_spec.rb @gitlab-org/manage/compliance
|
||||
/ee/spec/serializers/audit_event_entity_spec.rb @gitlab-org/manage/compliance
|
||||
/ee/spec/serializers/audit_event_serializer_spec.rb @gitlab-org/manage/compliance
|
||||
/ee/spec/services/audit_event_service_spec.rb @gitlab-org/manage/compliance
|
||||
/ee/spec/support/shared_contexts/audit_event_not_licensed_shared_context.rb @gitlab-org/manage/compliance
|
||||
/ee/spec/support/shared_contexts/audit_event_queue_shared_context.rb @gitlab-org/manage/compliance
|
||||
/ee/spec/support/shared_examples/audit/ @gitlab-org/manage/compliance
|
||||
/ee/spec/support/shared_examples/features/audit_events_filter_shared_examples.rb @gitlab-org/manage/compliance
|
||||
/ee/spec/support/shared_examples/services/audit_event_logging_shared_examples.rb @gitlab-org/manage/compliance
|
||||
/ee/spec/workers/audit_events/audit_event_streaming_worker_spec.rb @gitlab-org/manage/compliance
|
||||
/lib/gitlab/audit_json_logger.rb @gitlab-org/manage/compliance
|
||||
/qa/qa/ee/page/admin/monitoring/ @gitlab-org/manage/compliance
|
||||
/qa/qa/specs/features/ee/browser_ui/1_manage/group/group_audit_logs_1_spec.rb @gitlab-org/manage/compliance
|
||||
/qa/qa/specs/features/ee/browser_ui/1_manage/group/group_audit_logs_2_spec.rb @gitlab-org/manage/compliance
|
||||
/qa/qa/specs/features/ee/browser_ui/1_manage/instance/ @gitlab-org/manage/compliance
|
||||
/qa/qa/specs/features/ee/browser_ui/1_manage/project/project_audit_logs_spec.rb @gitlab-org/manage/compliance
|
||||
/spec/factories/audit_events.rb @gitlab-org/manage/compliance
|
||||
/spec/migrations/populate_audit_event_streaming_verification_token_spec.rb @gitlab-org/manage/compliance
|
||||
/spec/models/audit_event_spec.rb @gitlab-org/manage/compliance
|
||||
/spec/services/audit_event_service_spec.rb @gitlab-org/manage/compliance
|
||||
/spec/services/concerns/audit_event_save_type_spec.rb @gitlab-org/manage/compliance
|
||||
/spec/support/shared_examples/sends_git_audit_streaming_event_shared_examples.rb @gitlab-org/manage/compliance
|
||||
/spec/views/profiles/audit_log.html.haml_spec.rb @gitlab-org/manage/compliance
|
||||
/vendor/project_templates/hipaa_audit_protocol.tar.gz @gitlab-org/manage/compliance
|
||||
|
|
|
@ -1 +1 @@
|
|||
445024454b60b661cc7bc7782c9e9367517f42e2
|
||||
157e6b6ad8fd7aa0ebdd43727f00b81f34b100a1
|
||||
|
|
|
@ -33,7 +33,7 @@ module Ci
|
|||
"project-full-path" => project.full_path,
|
||||
"project-namespace" => project.namespace.full_path,
|
||||
"runner-help-page-path" => help_page_path('ci/runners/index'),
|
||||
"simulate-pipeline-help-page-path" => help_page_path('ci/lint', anchor: 'simulate-a-pipeline'),
|
||||
"simulate-pipeline-help-page-path" => help_page_path('ci/pipeline_editor/index', anchor: 'simulate-a-cicd-pipeline'),
|
||||
"total-branches" => total_branches,
|
||||
"validate-tab-illustration-path" => image_path('illustrations/project-run-CICD-pipelines-sm.svg'),
|
||||
"yml-help-page-path" => help_page_path('ci/yaml/index')
|
||||
|
|
|
@ -639,7 +639,8 @@ module ProjectsHelper
|
|||
warnAboutPotentiallyUnwantedCharacters: project.warn_about_potentially_unwanted_characters?,
|
||||
enforceAuthChecksOnUploads: project.enforce_auth_checks_on_uploads?,
|
||||
securityAndComplianceAccessLevel: project.security_and_compliance_access_level,
|
||||
containerRegistryAccessLevel: feature.container_registry_access_level
|
||||
containerRegistryAccessLevel: feature.container_registry_access_level,
|
||||
environmentsAccessLevel: feature.environments_access_level
|
||||
}
|
||||
end
|
||||
|
||||
|
|
|
@ -22,14 +22,14 @@ module SearchHelper
|
|||
resource_results(term)
|
||||
when :generic
|
||||
[
|
||||
generic_results(term),
|
||||
recent_items_autocomplete(term)
|
||||
recent_items_autocomplete(term),
|
||||
generic_results(term)
|
||||
]
|
||||
else
|
||||
[
|
||||
generic_results(term),
|
||||
recent_items_autocomplete(term),
|
||||
resource_results(term),
|
||||
recent_items_autocomplete(term)
|
||||
generic_results(term)
|
||||
]
|
||||
end
|
||||
|
||||
|
|
|
@ -94,6 +94,10 @@ module ProjectFeaturesCompatibility
|
|||
write_feature_attribute_string(:container_registry_access_level, value)
|
||||
end
|
||||
|
||||
def environments_access_level=(value)
|
||||
write_feature_attribute_string(:environments_access_level, value)
|
||||
end
|
||||
|
||||
# TODO: Remove this method after we drop support for project create/edit APIs to set the
|
||||
# container_registry_enabled attribute. They can instead set the container_registry_access_level
|
||||
# attribute.
|
||||
|
|
|
@ -446,7 +446,7 @@ class Project < ApplicationRecord
|
|||
:repository_access_level, :package_registry_access_level, :pages_access_level,
|
||||
:metrics_dashboard_access_level, :analytics_access_level,
|
||||
:operations_access_level, :security_and_compliance_access_level,
|
||||
:container_registry_access_level,
|
||||
:container_registry_access_level, :environments_access_level,
|
||||
to: :project_feature, allow_nil: true
|
||||
|
||||
delegate :show_default_award_emojis, :show_default_award_emojis=,
|
||||
|
|
|
@ -21,6 +21,7 @@ class ProjectFeature < ApplicationRecord
|
|||
security_and_compliance
|
||||
container_registry
|
||||
package_registry
|
||||
environments
|
||||
].freeze
|
||||
|
||||
EXPORTABLE_FEATURES = (FEATURES - [:security_and_compliance, :pages]).freeze
|
||||
|
|
|
@ -209,6 +209,7 @@ class ProjectPolicy < BasePolicy
|
|||
analytics
|
||||
operations
|
||||
security_and_compliance
|
||||
environments
|
||||
]
|
||||
|
||||
features.each do |f|
|
||||
|
@ -366,7 +367,11 @@ class ProjectPolicy < BasePolicy
|
|||
prevent(:metrics_dashboard)
|
||||
end
|
||||
|
||||
rule { operations_disabled }.policy do
|
||||
condition(:split_operations_visibility_permissions) do
|
||||
::Feature.enabled?(:split_operations_visibility_permissions, @subject)
|
||||
end
|
||||
|
||||
rule { ~split_operations_visibility_permissions & operations_disabled }.policy do
|
||||
prevent(*create_read_update_admin_destroy(:feature_flag))
|
||||
prevent(*create_read_update_admin_destroy(:environment))
|
||||
prevent(*create_read_update_admin_destroy(:sentry_issue))
|
||||
|
@ -379,6 +384,11 @@ class ProjectPolicy < BasePolicy
|
|||
prevent(:read_prometheus)
|
||||
end
|
||||
|
||||
rule { split_operations_visibility_permissions & environments_disabled }.policy do
|
||||
prevent(*create_read_update_admin_destroy(:environment))
|
||||
prevent(*create_read_update_admin_destroy(:deployment))
|
||||
end
|
||||
|
||||
rule { can?(:metrics_dashboard) }.policy do
|
||||
enable :read_prometheus
|
||||
enable :read_deployment
|
||||
|
|
|
@ -284,6 +284,7 @@ included_attributes:
|
|||
- :security_and_compliance_access_level
|
||||
- :container_registry_access_level
|
||||
- :package_registry_access_level
|
||||
- :environments_access_level
|
||||
prometheus_metrics:
|
||||
- :created_at
|
||||
- :updated_at
|
||||
|
@ -686,6 +687,7 @@ included_attributes:
|
|||
- :security_and_compliance_access_level
|
||||
- :container_registry_access_level
|
||||
- :package_registry_access_level
|
||||
- :environments_access_level
|
||||
- :allow_merge_on_skipped_pipeline
|
||||
- :auto_devops_deploy_strategy
|
||||
- :auto_devops_enabled
|
||||
|
|
|
@ -67,6 +67,28 @@ module QA
|
|||
|
||||
it_behaves_like 'repository storage move'
|
||||
end
|
||||
|
||||
# Note: This test doesn't have the :orchestrated tag because it runs in the Test::Integration::Praefect
|
||||
# scenario with other tests that aren't considered orchestrated.
|
||||
# It also runs on staging using nfs-file07 as non-cluster storage and nfs-file22 as cluster/praefect storage
|
||||
context 'when moving from Gitaly Cluster to Gitaly', :requires_praefect, testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/369204' do
|
||||
let(:source_storage) { { type: :praefect, name: QA::Runtime::Env.praefect_repository_storage } }
|
||||
let(:destination_storage) { { type: :gitaly, name: QA::Runtime::Env.non_cluster_repository_storage } }
|
||||
let(:project) do
|
||||
Resource::Project.fabricate_via_api! do |project|
|
||||
project.name = 'repo-storage-move'
|
||||
project.initialize_with_readme = true
|
||||
project.repository_storage = source_storage[:name]
|
||||
project.api_client = Runtime::API::Client.as_admin
|
||||
end
|
||||
end
|
||||
|
||||
before do
|
||||
praefect_manager.gitlab = 'gitlab-gitaly-cluster'
|
||||
end
|
||||
|
||||
it_behaves_like 'repository storage move'
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -23,6 +23,7 @@ module RuboCop
|
|||
operations
|
||||
security_and_compliance
|
||||
container_registry
|
||||
environments
|
||||
].freeze
|
||||
EE_FEATURES = %i[requirements].freeze
|
||||
ALL_FEATURES = (FEATURES + EE_FEATURES).freeze
|
||||
|
|
|
@ -37,6 +37,7 @@ FactoryBot.define do
|
|||
operations_access_level { ProjectFeature::ENABLED }
|
||||
container_registry_access_level { ProjectFeature::ENABLED }
|
||||
security_and_compliance_access_level { ProjectFeature::PRIVATE }
|
||||
environments_access_level { ProjectFeature::ENABLED }
|
||||
|
||||
# we can't assign the delegated `#ci_cd_settings` attributes directly, as the
|
||||
# `#ci_cd_settings` relation needs to be created first
|
||||
|
|
|
@ -63,7 +63,7 @@ RSpec.describe Ci::PipelineEditorHelper do
|
|||
"project-full-path" => project.full_path,
|
||||
"project-namespace" => project.namespace.full_path,
|
||||
"runner-help-page-path" => help_page_path('ci/runners/index'),
|
||||
"simulate-pipeline-help-page-path" => help_page_path('ci/lint', anchor: 'simulate-a-pipeline'),
|
||||
"simulate-pipeline-help-page-path" => help_page_path('ci/pipeline_editor/index', anchor: 'simulate-a-cicd-pipeline'),
|
||||
"total-branches" => project.repository.branches.length,
|
||||
"validate-tab-illustration-path" => 'illustrations/validate.svg',
|
||||
"yml-help-page-path" => help_page_path('ci/yaml/index')
|
||||
|
@ -94,7 +94,7 @@ RSpec.describe Ci::PipelineEditorHelper do
|
|||
"project-full-path" => project.full_path,
|
||||
"project-namespace" => project.namespace.full_path,
|
||||
"runner-help-page-path" => help_page_path('ci/runners/index'),
|
||||
"simulate-pipeline-help-page-path" => help_page_path('ci/lint', anchor: 'simulate-a-pipeline'),
|
||||
"simulate-pipeline-help-page-path" => help_page_path('ci/pipeline_editor/index', anchor: 'simulate-a-cicd-pipeline'),
|
||||
"total-branches" => 0,
|
||||
"validate-tab-illustration-path" => 'illustrations/validate.svg',
|
||||
"yml-help-page-path" => help_page_path('ci/yaml/index')
|
||||
|
|
|
@ -966,7 +966,8 @@ RSpec.describe ProjectsHelper do
|
|||
operationsAccessLevel: project.project_feature.operations_access_level,
|
||||
showDefaultAwardEmojis: project.show_default_award_emojis?,
|
||||
securityAndComplianceAccessLevel: project.security_and_compliance_access_level,
|
||||
containerRegistryAccessLevel: project.project_feature.container_registry_access_level
|
||||
containerRegistryAccessLevel: project.project_feature.container_registry_access_level,
|
||||
environmentsAccessLevel: project.project_feature.environments_access_level
|
||||
)
|
||||
end
|
||||
|
||||
|
|
|
@ -74,19 +74,21 @@ RSpec.describe SearchHelper do
|
|||
expect(result.keys).to match_array(%i[category id value label url avatar_url])
|
||||
end
|
||||
|
||||
it 'includes the users recently viewed issues', :aggregate_failures do
|
||||
it 'includes the users recently viewed issues and project with correct order', :aggregate_failures do
|
||||
recent_issues = instance_double(::Gitlab::Search::RecentIssues)
|
||||
expect(::Gitlab::Search::RecentIssues).to receive(:new).with(user: user).and_return(recent_issues)
|
||||
project1 = create(:project, :with_avatar, namespace: user.namespace)
|
||||
project2 = create(:project, namespace: user.namespace)
|
||||
issue1 = create(:issue, title: 'issue 1', project: project1)
|
||||
issue2 = create(:issue, title: 'issue 2', project: project2)
|
||||
project = create(:project, title: 'the search term')
|
||||
project.add_developer(user)
|
||||
|
||||
expect(recent_issues).to receive(:search).with('the search term').and_return(Issue.id_in_ordered([issue1.id, issue2.id]))
|
||||
|
||||
results = search_autocomplete_opts("the search term")
|
||||
|
||||
expect(results.count).to eq(2)
|
||||
expect(results.count).to eq(3)
|
||||
|
||||
expect(results[0]).to include({
|
||||
category: 'Recent issues',
|
||||
|
@ -103,6 +105,13 @@ RSpec.describe SearchHelper do
|
|||
url: Gitlab::Routing.url_helpers.project_issue_path(issue2.project, issue2),
|
||||
avatar_url: '' # This project didn't have an avatar so set this to ''
|
||||
})
|
||||
|
||||
expect(results[2]).to include({
|
||||
category: 'Projects',
|
||||
id: project.id,
|
||||
label: project.full_name,
|
||||
url: Gitlab::Routing.url_helpers.project_path(project)
|
||||
})
|
||||
end
|
||||
|
||||
it 'includes the users recently viewed issues with the exact same name', :aggregate_failures do
|
||||
|
|
|
@ -584,6 +584,7 @@ ProjectFeature:
|
|||
- security_and_compliance_access_level
|
||||
- container_registry_access_level
|
||||
- package_registry_access_level
|
||||
- environments_access_level
|
||||
- created_at
|
||||
- updated_at
|
||||
ProtectedBranch::MergeAccessLevel:
|
||||
|
|
|
@ -5,7 +5,7 @@ require 'spec_helper'
|
|||
RSpec.describe ProjectFeaturesCompatibility do
|
||||
let(:project) { create(:project) }
|
||||
let(:features_enabled) { %w(issues wiki builds merge_requests snippets security_and_compliance) }
|
||||
let(:features) { features_enabled + %w(repository pages operations container_registry package_registry) }
|
||||
let(:features) { features_enabled + %w(repository pages operations container_registry package_registry environments) }
|
||||
|
||||
# We had issues_enabled, snippets_enabled, builds_enabled, merge_requests_enabled and issues_enabled fields on projects table
|
||||
# All those fields got moved to a new table called project_feature and are now integers instead of booleans
|
||||
|
|
|
@ -831,6 +831,7 @@ RSpec.describe Project, factory_default: :keep do
|
|||
it { is_expected.to delegate_method(:last_pipeline).to(:commit).allow_nil }
|
||||
it { is_expected.to delegate_method(:container_registry_enabled?).to(:project_feature) }
|
||||
it { is_expected.to delegate_method(:container_registry_access_level).to(:project_feature) }
|
||||
it { is_expected.to delegate_method(:environments_access_level).to(:project_feature) }
|
||||
|
||||
describe 'read project settings' do
|
||||
%i(
|
||||
|
|
|
@ -1930,6 +1930,10 @@ RSpec.describe ProjectPolicy do
|
|||
describe 'operations feature' do
|
||||
using RSpec::Parameterized::TableSyntax
|
||||
|
||||
before do
|
||||
stub_feature_flags(split_operations_visibility_permissions: false)
|
||||
end
|
||||
|
||||
let(:guest_operations_permissions) { [:read_environment, :read_deployment] }
|
||||
|
||||
let(:developer_operations_permissions) do
|
||||
|
@ -2002,30 +2006,6 @@ RSpec.describe ProjectPolicy do
|
|||
end
|
||||
end
|
||||
|
||||
def project_subject(project_type)
|
||||
case project_type
|
||||
when :public
|
||||
public_project
|
||||
when :internal
|
||||
internal_project
|
||||
else
|
||||
private_project
|
||||
end
|
||||
end
|
||||
|
||||
def user_subject(role)
|
||||
case role
|
||||
when :maintainer
|
||||
maintainer
|
||||
when :developer
|
||||
developer
|
||||
when :guest
|
||||
guest
|
||||
when :anonymous
|
||||
anonymous
|
||||
end
|
||||
end
|
||||
|
||||
def permissions_abilities(role)
|
||||
case role
|
||||
when :maintainer
|
||||
|
@ -2039,6 +2019,87 @@ RSpec.describe ProjectPolicy do
|
|||
end
|
||||
end
|
||||
|
||||
describe 'environments feature' do
|
||||
using RSpec::Parameterized::TableSyntax
|
||||
|
||||
let(:guest_environments_permissions) { [:read_environment, :read_deployment] }
|
||||
|
||||
let(:developer_environments_permissions) do
|
||||
guest_environments_permissions + [
|
||||
:create_environment, :create_deployment, :update_environment, :update_deployment, :destroy_environment
|
||||
]
|
||||
end
|
||||
|
||||
let(:maintainer_environments_permissions) do
|
||||
developer_environments_permissions + [:admin_environment, :admin_deployment]
|
||||
end
|
||||
|
||||
where(:project_visibility, :access_level, :role, :allowed) do
|
||||
:public | ProjectFeature::ENABLED | :maintainer | true
|
||||
:public | ProjectFeature::ENABLED | :developer | true
|
||||
:public | ProjectFeature::ENABLED | :guest | true
|
||||
:public | ProjectFeature::ENABLED | :anonymous | true
|
||||
:public | ProjectFeature::PRIVATE | :maintainer | true
|
||||
:public | ProjectFeature::PRIVATE | :developer | true
|
||||
:public | ProjectFeature::PRIVATE | :guest | true
|
||||
:public | ProjectFeature::PRIVATE | :anonymous | false
|
||||
:public | ProjectFeature::DISABLED | :maintainer | false
|
||||
:public | ProjectFeature::DISABLED | :developer | false
|
||||
:public | ProjectFeature::DISABLED | :guest | false
|
||||
:public | ProjectFeature::DISABLED | :anonymous | false
|
||||
:internal | ProjectFeature::ENABLED | :maintainer | true
|
||||
:internal | ProjectFeature::ENABLED | :developer | true
|
||||
:internal | ProjectFeature::ENABLED | :guest | true
|
||||
:internal | ProjectFeature::ENABLED | :anonymous | false
|
||||
:internal | ProjectFeature::PRIVATE | :maintainer | true
|
||||
:internal | ProjectFeature::PRIVATE | :developer | true
|
||||
:internal | ProjectFeature::PRIVATE | :guest | true
|
||||
:internal | ProjectFeature::PRIVATE | :anonymous | false
|
||||
:internal | ProjectFeature::DISABLED | :maintainer | false
|
||||
:internal | ProjectFeature::DISABLED | :developer | false
|
||||
:internal | ProjectFeature::DISABLED | :guest | false
|
||||
:internal | ProjectFeature::DISABLED | :anonymous | false
|
||||
:private | ProjectFeature::ENABLED | :maintainer | true
|
||||
:private | ProjectFeature::ENABLED | :developer | true
|
||||
:private | ProjectFeature::ENABLED | :guest | false
|
||||
:private | ProjectFeature::ENABLED | :anonymous | false
|
||||
:private | ProjectFeature::PRIVATE | :maintainer | true
|
||||
:private | ProjectFeature::PRIVATE | :developer | true
|
||||
:private | ProjectFeature::PRIVATE | :guest | false
|
||||
:private | ProjectFeature::PRIVATE | :anonymous | false
|
||||
:private | ProjectFeature::DISABLED | :maintainer | false
|
||||
:private | ProjectFeature::DISABLED | :developer | false
|
||||
:private | ProjectFeature::DISABLED | :guest | false
|
||||
:private | ProjectFeature::DISABLED | :anonymous | false
|
||||
end
|
||||
|
||||
with_them do
|
||||
let(:current_user) { user_subject(role) }
|
||||
let(:project) { project_subject(project_visibility) }
|
||||
|
||||
it 'allows/disallows the abilities based on the environments feature access level' do
|
||||
project.project_feature.update!(environments_access_level: access_level)
|
||||
|
||||
if allowed
|
||||
expect_allowed(*permissions_abilities(role))
|
||||
else
|
||||
expect_disallowed(*permissions_abilities(role))
|
||||
end
|
||||
end
|
||||
|
||||
def permissions_abilities(role)
|
||||
case role
|
||||
when :maintainer
|
||||
maintainer_environments_permissions
|
||||
when :developer
|
||||
developer_environments_permissions
|
||||
else
|
||||
guest_environments_permissions
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'access_security_and_compliance' do
|
||||
context 'when the "Security & Compliance" is enabled' do
|
||||
before do
|
||||
|
@ -2481,4 +2542,28 @@ RSpec.describe ProjectPolicy do
|
|||
end
|
||||
end
|
||||
end
|
||||
|
||||
def project_subject(project_type)
|
||||
case project_type
|
||||
when :public
|
||||
public_project
|
||||
when :internal
|
||||
internal_project
|
||||
else
|
||||
private_project
|
||||
end
|
||||
end
|
||||
|
||||
def user_subject(role)
|
||||
case role
|
||||
when :maintainer
|
||||
maintainer
|
||||
when :developer
|
||||
developer
|
||||
when :guest
|
||||
guest
|
||||
when :anonymous
|
||||
anonymous
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -11,6 +11,7 @@ RSpec.describe Tooling::FindCodeowners do
|
|||
allow(subject).to receive(:load_config).and_return(
|
||||
'[Section name]': {
|
||||
'@group': {
|
||||
entries: %w[whatever entries],
|
||||
allow: {
|
||||
keywords: %w[dir0 file],
|
||||
patterns: ['/%{keyword}/**/*', '/%{keyword}']
|
||||
|
@ -31,8 +32,11 @@ RSpec.describe Tooling::FindCodeowners do
|
|||
end
|
||||
end.to output(<<~CODEOWNERS).to_stdout
|
||||
[Section name]
|
||||
whatever @group
|
||||
entries @group
|
||||
/dir0/dir1/ @group
|
||||
/file @group
|
||||
|
||||
CODEOWNERS
|
||||
end
|
||||
end
|
||||
|
@ -57,21 +61,33 @@ RSpec.describe Tooling::FindCodeowners do
|
|||
patterns: ['%{keyword}']
|
||||
}
|
||||
}
|
||||
},
|
||||
'[Compliance]': {
|
||||
'@gitlab-org/manage/compliance': {
|
||||
entries: %w[
|
||||
/ee/app/services/audit_events/build_service.rb
|
||||
],
|
||||
allow: {
|
||||
patterns: %w[
|
||||
/ee/app/services/audit_events/*
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
)
|
||||
end
|
||||
|
||||
it 'expands the allow and deny list with keywords and patterns' do
|
||||
subject.load_definitions.each do |section, group_defintions|
|
||||
group_defintions = subject.load_definitions[:'[Authentication and Authorization]']
|
||||
|
||||
group_defintions.each do |group, definitions|
|
||||
expect(definitions[:allow]).to be_an(Array)
|
||||
expect(definitions[:deny]).to be_an(Array)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
it 'expands the auth group' do
|
||||
it 'expands the patterns for the auth group' do
|
||||
auth = subject.load_definitions.dig(
|
||||
:'[Authentication and Authorization]',
|
||||
:'@gitlab-org/manage/authentication-and-authorization')
|
||||
|
@ -95,6 +111,21 @@ RSpec.describe Tooling::FindCodeowners do
|
|||
]
|
||||
)
|
||||
end
|
||||
|
||||
it 'retains the array and expands the patterns for the compliance group' do
|
||||
compliance = subject.load_definitions.dig(
|
||||
:'[Compliance]',
|
||||
:'@gitlab-org/manage/compliance')
|
||||
|
||||
expect(compliance).to eq(
|
||||
entries: %w[
|
||||
/ee/app/services/audit_events/build_service.rb
|
||||
],
|
||||
allow: %w[
|
||||
/ee/app/services/audit_events/*
|
||||
]
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
describe '#load_config' do
|
||||
|
|
|
@ -55,3 +55,24 @@
|
|||
- '/lib/gitlab/conan_token.rb'
|
||||
patterns:
|
||||
- '%{keyword}'
|
||||
|
||||
'[Compliance]':
|
||||
'@gitlab-org/manage/compliance':
|
||||
entries:
|
||||
- '/ee/app/services/audit_events/build_service.rb'
|
||||
- '/ee/spec/services/audit_events/custom_audit_event_service_spec.rb'
|
||||
allow:
|
||||
keywords:
|
||||
- audit
|
||||
patterns:
|
||||
- '**%{keyword}**'
|
||||
deny:
|
||||
keywords:
|
||||
- '*.png'
|
||||
- '*bundler-audit*'
|
||||
- '/ee/app/services/audit_events/*'
|
||||
- '/ee/spec/services/audit_events/*'
|
||||
- '/ee/spec/services/ci/*'
|
||||
- '/ee/spec/services/personal_access_tokens/*'
|
||||
patterns:
|
||||
- '%{keyword}'
|
||||
|
|
|
@ -9,37 +9,10 @@ module Tooling
|
|||
puts section
|
||||
|
||||
group_defintions.each do |group, list|
|
||||
matched_files = git_ls_files.each_line.select do |line|
|
||||
list[:allow].find do |pattern|
|
||||
path = "/#{line.chomp}"
|
||||
print_entries(group, list[:entries]) if list[:entries]
|
||||
print_expanded_entries(group, list) if list[:allow]
|
||||
|
||||
path_matches?(pattern, path) &&
|
||||
list[:deny].none? { |pattern| path_matches?(pattern, path) }
|
||||
end
|
||||
end
|
||||
|
||||
consolidated = consolidate_paths(matched_files)
|
||||
consolidated_again = consolidate_paths(consolidated)
|
||||
|
||||
# Consider the directory structure is a tree structure:
|
||||
# https://en.wikipedia.org/wiki/Tree_(data_structure)
|
||||
# After we consolidated the leaf entries, it could be possible that
|
||||
# we can consolidate further for the new leaves. Repeat this
|
||||
# process until we see no improvements.
|
||||
while consolidated_again.size < consolidated.size
|
||||
consolidated = consolidated_again
|
||||
consolidated_again = consolidate_paths(consolidated)
|
||||
end
|
||||
|
||||
consolidated.each do |line|
|
||||
path = line.chomp
|
||||
|
||||
if File.directory?(path)
|
||||
puts "/#{path}/ #{group}"
|
||||
else
|
||||
puts "/#{path} #{group}"
|
||||
end
|
||||
end
|
||||
puts
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -50,11 +23,21 @@ module Tooling
|
|||
result.each do |section, group_defintions|
|
||||
group_defintions.each do |group, definitions|
|
||||
definitions.transform_values! do |rules|
|
||||
case rules
|
||||
when Hash
|
||||
case rules[:keywords]
|
||||
when Array
|
||||
rules[:keywords].flat_map do |keyword|
|
||||
rules[:patterns].map do |pattern|
|
||||
pattern % { keyword: keyword }
|
||||
end
|
||||
end
|
||||
else
|
||||
rules[:patterns]
|
||||
end
|
||||
when Array
|
||||
rules
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -118,6 +101,49 @@ module Tooling
|
|||
|
||||
private
|
||||
|
||||
def print_entries(group, entries)
|
||||
entries.each do |entry|
|
||||
puts "#{entry} #{group}"
|
||||
end
|
||||
end
|
||||
|
||||
def print_expanded_entries(group, list)
|
||||
matched_files = git_ls_files.each_line.select do |line|
|
||||
list[:allow].find do |pattern|
|
||||
path = "/#{line.chomp}"
|
||||
|
||||
path_matches?(pattern, path) &&
|
||||
(
|
||||
list[:deny].nil? ||
|
||||
list[:deny].none? { |pattern| path_matches?(pattern, path) }
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
consolidated = consolidate_paths(matched_files)
|
||||
consolidated_again = consolidate_paths(consolidated)
|
||||
|
||||
# Consider the directory structure is a tree structure:
|
||||
# https://en.wikipedia.org/wiki/Tree_(data_structure)
|
||||
# After we consolidated the leaf entries, it could be possible that
|
||||
# we can consolidate further for the new leaves. Repeat this
|
||||
# process until we see no improvements.
|
||||
while consolidated_again.size < consolidated.size
|
||||
consolidated = consolidated_again
|
||||
consolidated_again = consolidate_paths(consolidated)
|
||||
end
|
||||
|
||||
consolidated.each do |line|
|
||||
path = line.chomp
|
||||
|
||||
if File.directory?(path)
|
||||
puts "/#{path}/ #{group}"
|
||||
else
|
||||
puts "/#{path} #{group}"
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def find_dir_maxdepth_1(dir)
|
||||
`find #{dir} -maxdepth 1`
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue