diff --git a/app/assets/javascripts/lib/utils/confirm_via_gl_modal/confirm_modal.vue b/app/assets/javascripts/lib/utils/confirm_via_gl_modal/confirm_modal.vue index fd52c498ee0..a7fb322174b 100644 --- a/app/assets/javascripts/lib/utils/confirm_via_gl_modal/confirm_modal.vue +++ b/app/assets/javascripts/lib/utils/confirm_via_gl_modal/confirm_modal.vue @@ -26,6 +26,16 @@ export default { required: false, default: 'confirm', }, + secondaryText: { + type: String, + required: false, + default: '', + }, + secondaryVariant: { + type: String, + required: false, + default: 'confirm', + }, modalHtmlMessage: { type: String, required: false, @@ -47,6 +57,18 @@ export default { }, }; }, + secondaryAction() { + if (!this.secondaryText) { + return null; + } + + return { + text: this.secondaryText, + attributes: { + variant: this.secondaryVariant, + }, + }; + }, cancelAction() { return this.hideCancel ? null : this.$options.cancelAction; }, @@ -69,6 +91,7 @@ export default { :title="title" :action-primary="primaryAction" :action-cancel="cancelAction" + :action-secondary="secondaryAction" :hide-header="!shouldShowHeader" @primary="$emit('confirmed')" @hidden="$emit('closed')" diff --git a/app/assets/javascripts/lib/utils/confirm_via_gl_modal/confirm_via_gl_modal.js b/app/assets/javascripts/lib/utils/confirm_via_gl_modal/confirm_via_gl_modal.js index a8a89d0644a..1adb6f9c26f 100644 --- a/app/assets/javascripts/lib/utils/confirm_via_gl_modal/confirm_via_gl_modal.js +++ b/app/assets/javascripts/lib/utils/confirm_via_gl_modal/confirm_via_gl_modal.js @@ -2,7 +2,15 @@ import Vue from 'vue'; export function confirmAction( message, - { primaryBtnVariant, primaryBtnText, modalHtmlMessage, title, hideCancel } = {}, + { + primaryBtnVariant, + primaryBtnText, + secondaryBtnVariant, + secondaryBtnText, + modalHtmlMessage, + title, + hideCancel, + } = {}, ) { return new Promise((resolve) => { let confirmed = false; @@ -16,6 +24,8 @@ export function confirmAction( 'confirm-modal', { props: { + secondaryText: secondaryBtnText, + secondaryVariant: secondaryBtnVariant, primaryVariant: primaryBtnVariant, primaryText: primaryBtnText, title, diff --git a/app/finders/keys_finder.rb b/app/finders/keys_finder.rb index 9c357e12205..4b5cc02f012 100644 --- a/app/finders/keys_finder.rb +++ b/app/finders/keys_finder.rb @@ -52,11 +52,11 @@ class KeysFinder end def valid_fingerprint_param? - if fingerprint_type == "sha256" - Base64.decode64(fingerprint).length == 32 - else - fingerprint =~ /^(\h{2}:){15}\h{2}/ - end + return Base64.decode64(fingerprint).length == 32 if fingerprint_type == "sha256" + + return false if Gitlab::FIPS.enabled? + + fingerprint =~ /^(\h{2}:){15}\h{2}/ end def fingerprint_query diff --git a/app/views/projects/runners/_runner.html.haml b/app/views/projects/runners/_runner.html.haml index 5eaf6c9d22b..d6e8844e6bc 100644 --- a/app/views/projects/runners/_runner.html.haml +++ b/app/views/projects/runners/_runner.html.haml @@ -8,7 +8,7 @@ %span = "##{runner.id} (#{runner.short_sha})" - if runner.locked? - %span.has-tooltip{ title: _('Locked to current projects') } + %span.has-tooltip{ title: s_('Runners|Runner is locked and available for currently assigned projects only. Only administrators can change the assigned projects.') } = sprite_icon('lock') .gl-ml-2 .btn-group.btn-group-sm diff --git a/config/feature_flags/development/import_project_from_remote_file.yml b/config/feature_flags/development/import_project_from_remote_file.yml deleted file mode 100644 index 09f40a92ad1..00000000000 --- a/config/feature_flags/development/import_project_from_remote_file.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -name: import_project_from_remote_file -introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/59033 -rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/330039 -milestone: '13.12' -type: development -group: group::import -default_enabled: true diff --git a/doc/administration/raketasks/doctor.md b/doc/administration/raketasks/doctor.md deleted file mode 100644 index 457077462a6..00000000000 --- a/doc/administration/raketasks/doctor.md +++ /dev/null @@ -1,11 +0,0 @@ ---- -redirect_to: 'check.md#verify-database-values-can-be-decrypted-using-the-current-secrets' -remove_date: '2022-03-04' ---- - -This document was moved to [another location](check.md#verify-database-values-can-be-decrypted-using-the-current-secrets). - - - - - diff --git a/doc/development/feature_flags/process.md b/doc/development/feature_flags/process.md deleted file mode 100644 index f98366beb6b..00000000000 --- a/doc/development/feature_flags/process.md +++ /dev/null @@ -1,11 +0,0 @@ ---- -redirect_to: 'https://about.gitlab.com/handbook/product-development-flow/feature-flag-lifecycle/' -remove_date: '2022-03-01' ---- - -This document was moved to [another location](https://about.gitlab.com/handbook/product-development-flow/feature-flag-lifecycle/). - - - - - diff --git a/doc/install/pivotal/index.md b/doc/install/pivotal/index.md deleted file mode 100644 index 56dde411884..00000000000 --- a/doc/install/pivotal/index.md +++ /dev/null @@ -1,11 +0,0 @@ ---- -redirect_to: '../index.md' -remove_date: '2022-03-08' ---- - -This document was removed. For information about installing GitLab, see [this page](../index.md). - - - - - diff --git a/doc/user/application_security/iac_scanning/index.md b/doc/user/application_security/iac_scanning/index.md index 292c4bf848f..a4d2f8b2e44 100644 --- a/doc/user/application_security/iac_scanning/index.md +++ b/doc/user/application_security/iac_scanning/index.md @@ -44,7 +44,7 @@ GitLab IaC scanning supports a variety of IaC configuration files. Our IaC secur | Terraform 2 | [KICS](https://kics.io/) | 14.5 | 1. IaC scanning can analyze Azure Resource Manager templates in JSON format. If you write templates in the [Bicep](https://docs.microsoft.com/en-us/azure/azure-resource-manager/bicep/overview) language, you must use [the bicep CLI](https://docs.microsoft.com/en-us/azure/azure-resource-manager/bicep/bicep-cli) to convert your Bicep files into JSON before GitLab IaC scanning can analyze them. -1. Terraform modules in a custom registry are not scanned for vulnerabilities. You can follow [this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/357004) for the proposed feature. +1. Terraform modules in a custom registry are not scanned for vulnerabilities. You can follow [this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/357004) for the proposed feature. ### Making IaC analyzers available to all GitLab tiers @@ -55,13 +55,13 @@ All open source (OSS) analyzers are available with the GitLab Free tier. Future Different features are available in different [GitLab tiers](https://about.gitlab.com/pricing/), as shown in the following table: -| Capability | In Free | In Ultimate | -|:---------------------------------------------------------------------------------------|:--------------------|:-------------------| -| [Configure IaC Scanners](#configuration) | **{check-circle}** | **{check-circle}** | -| View [JSON Report](#reports-json-format) | **{check-circle}** | **{check-circle}** | -| Presentation of JSON Report in merge request | **{dotted-circle}** | **{check-circle}** | -| [Address vulnerabilities](../../application_security/vulnerabilities/index.md) | **{dotted-circle}** | **{check-circle}** | -| [Access to Security Dashboard](../../application_security/security_dashboard/index.md) | **{dotted-circle}** | **{check-circle}** | +| Capability | In Free & Premium | In Ultimate | +|:----------------------------------------------------------------|:--------------------|:-------------------| +| [Configure IaC scanner](#configuration) | **{check-circle}** | **{check-circle}** | +| Download [JSON Report](#reports-json-format) | **{check-circle}** | **{check-circle}** | +| See new findings in merge request widget | **{dotted-circle}** | **{check-circle}** | +| [Manage vulnerabilities](../vulnerabilities/index.md) | **{dotted-circle}** | **{check-circle}** | +| [Access the Security Dashboard](../security_dashboard/index.md) | **{dotted-circle}** | **{check-circle}** | ## Contribute your scanner diff --git a/doc/user/application_security/sast/index.md b/doc/user/application_security/sast/index.md index 4f22ea14da9..0b470e8404e 100644 --- a/doc/user/application_security/sast/index.md +++ b/doc/user/application_security/sast/index.md @@ -141,17 +141,17 @@ All open source (OSS) analyzers have been moved to the GitLab Free tier as of Gi Different features are available in different [GitLab tiers](https://about.gitlab.com/pricing/), as shown in the following table: -| Capability | In Free | In Ultimate | -|:---------------------------------------------------------------------------------------|:--------------------|:-------------------| -| [Configure SAST Scanners](#configuration) | **{check-circle}** | **{check-circle}** | -| [Customize SAST Settings](#available-cicd-variables) | **{check-circle}** | **{check-circle}** | -| View [JSON Report](#reports-json-format) | **{check-circle}** | **{check-circle}** | -| Presentation of JSON Report in Merge Request | **{dotted-circle}** | **{check-circle}** | -| [Address vulnerabilities](../../application_security/vulnerabilities/index.md) | **{dotted-circle}** | **{check-circle}** | -| [Access to Security Dashboard](../../application_security/security_dashboard/index.md) | **{dotted-circle}** | **{check-circle}** | -| [Configure SAST in the UI](#configure-sast-in-the-ui) | **{dotted-circle}** | **{check-circle}** | -| [Customize SAST Rulesets](#customize-rulesets) | **{dotted-circle}** | **{check-circle}** | -| [False Positive Detection](#false-positive-detection) | **{dotted-circle}** | **{check-circle}** | +| Capability | In Free & Premium | In Ultimate | +|:----------------------------------------------------------------|:--------------------|:-------------------| +| [Configure SAST scanners](#configuration) | **{check-circle}** | **{check-circle}** | +| [Customize SAST settings](#available-cicd-variables) | **{check-circle}** | **{check-circle}** | +| Download [JSON Report](#reports-json-format) | **{check-circle}** | **{check-circle}** | +| See new findings in merge request widget | **{dotted-circle}** | **{check-circle}** | +| [Manage vulnerabilities](../vulnerabilities/index.md) | **{dotted-circle}** | **{check-circle}** | +| [Access the Security Dashboard](../security_dashboard/index.md) | **{dotted-circle}** | **{check-circle}** | +| [Configure SAST in the UI](#configure-sast-in-the-ui) | **{dotted-circle}** | **{check-circle}** | +| [Customize SAST rulesets](#customize-rulesets) | **{dotted-circle}** | **{check-circle}** | +| [Detect False Positives](#false-positive-detection) | **{dotted-circle}** | **{check-circle}** | ## Contribute your scanner @@ -524,7 +524,7 @@ Several passthrouh types generate a configuration for the target analyzer: the configuration. - If there is a filename collision between files in both repositories, files from the `sast` repository overwrite files from the `myrules` repository, - as `sast-rules` has higher precedence. + as `sast-rules` has higher precedence. - The `raw` entry creates a file named `insecure.yml` under `/sgrules`. The full path is `/sgrules/insecure.yml`. - The `url` entry fetches a configuration made available through a URL and @@ -991,7 +991,7 @@ Support for custom certificate authorities was introduced in the following versi | `phpcs-security-audit` | [v2.8.2](https://gitlab.com/gitlab-org/security-products/analyzers/phpcs-security-audit/-/releases/v2.8.2) | | `pmd-apex` | [v2.1.0](https://gitlab.com/gitlab-org/security-products/analyzers/pmd-apex/-/releases/v2.1.0) | | `security-code-scan` | [v2.7.3](https://gitlab.com/gitlab-org/security-products/analyzers/security-code-scan/-/releases/v2.7.3) | -| `semgrep` | [v0.0.1](https://gitlab.com/gitlab-org/security-products/analyzers/semgrep/-/releases/v0.0.1) | +| `semgrep` | [v0.0.1](https://gitlab.com/gitlab-org/security-products/analyzers/semgrep/-/releases/v0.0.1) | | `sobelow` | [v2.2.0](https://gitlab.com/gitlab-org/security-products/analyzers/sobelow/-/releases/v2.2.0) | | `spotbugs` | [v2.7.1](https://gitlab.com/gitlab-org/security-products/analyzers/spotbugs/-/releases/v2.7.1) | diff --git a/doc/user/application_security/secret_detection/index.md b/doc/user/application_security/secret_detection/index.md index 0a9680615a4..cf8bcb0e3e3 100644 --- a/doc/user/application_security/secret_detection/index.md +++ b/doc/user/application_security/secret_detection/index.md @@ -60,13 +60,14 @@ as shown in the following table: | Capability | In Free & Premium | In Ultimate | |:----------------------------------------------------------------|:--------------------|:-------------------| -| [Configure Secret Detection Scanners](#configuration) | **{check-circle}** | **{check-circle}** | -| [Customize Secret Detection Settings](#customizing-settings) | **{check-circle}** | **{check-circle}** | -| View [JSON Report](../sast/index.md#reports-json-format) | **{check-circle}** | **{check-circle}** | -| Presentation of JSON Report in merge request | **{dotted-circle}** | **{check-circle}** | +| [Configure Secret Detection scanner](#configuration) | **{check-circle}** | **{check-circle}** | +| [Customize Secret Detection settings](#customizing-settings) | **{check-circle}** | **{check-circle}** | +| Download [JSON Report](../sast/index.md#reports-json-format) | **{check-circle}** | **{check-circle}** | +| See new findings in the merge request widget | **{dotted-circle}** | **{check-circle}** | | View identified secrets in the pipelines' **Security** tab | **{dotted-circle}** | **{check-circle}** | -| [Interaction with Vulnerabilities](../vulnerabilities/index.md) | **{dotted-circle}** | **{check-circle}** | -| [Access to Security Dashboard](../security_dashboard/index.md) | **{dotted-circle}** | **{check-circle}** | +| [Manage vulnerabilities](../vulnerabilities/index.md) | **{dotted-circle}** | **{check-circle}** | +| [Access the Security Dashboard](../security_dashboard/index.md) | **{dotted-circle}** | **{check-circle}** | +| [Customize Secret Detection rulesets](#custom-rulesets) | **{dotted-circle}** | **{check-circle}** | ## Configuration diff --git a/doc/user/compliance/compliance_report/img/failed_icon_v13_3.png b/doc/user/compliance/compliance_report/img/failed_icon_v13_3.png deleted file mode 100644 index c3f386c9dee..00000000000 Binary files a/doc/user/compliance/compliance_report/img/failed_icon_v13_3.png and /dev/null differ diff --git a/doc/user/compliance/compliance_report/img/success_icon_v13_3.png b/doc/user/compliance/compliance_report/img/success_icon_v13_3.png deleted file mode 100644 index ea6ca924f81..00000000000 Binary files a/doc/user/compliance/compliance_report/img/success_icon_v13_3.png and /dev/null differ diff --git a/doc/user/compliance/compliance_report/img/warning_icon_v13_3.png b/doc/user/compliance/compliance_report/img/warning_icon_v13_3.png deleted file mode 100644 index 168a7021948..00000000000 Binary files a/doc/user/compliance/compliance_report/img/warning_icon_v13_3.png and /dev/null differ diff --git a/doc/user/compliance/compliance_report/index.md b/doc/user/compliance/compliance_report/index.md index 27783a063da..77dbefa0755 100644 --- a/doc/user/compliance/compliance_report/index.md +++ b/doc/user/compliance/compliance_report/index.md @@ -9,17 +9,19 @@ info: To determine the technical writer assigned to the Stage/Group associated w > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/36524) in GitLab 12.8 as Compliance Dashboard. > - [Renamed](https://gitlab.com/gitlab-org/gitlab/-/issues/299360) to compliance report in GitLab 14.2. +> - [Replaced](https://gitlab.com/groups/gitlab-org/-/epics/5237) by merge request violations in GitLab 14.6 [with a flag](../../../administration/feature_flags.md) named `compliance_violations_report`. Disabled by default. +> - GraphQL API [introduced](https://gitlab.com/groups/gitlab-org/-/epics/7222) in GitLab 14.9. +> - [Generally available](https://gitlab.com/groups/gitlab-org/-/epics/5237) in GitLab 14.10. [Feature flag `compliance_violations_report`](https://gitlab.com/gitlab-org/gitlab/-/issues/346266) removed. Compliance report gives you the ability to see a group's merge request activity. It provides a high-level view for all projects in the group. For example, code approved for merging into production. -You can use the report to: +You can use the report to get: -- Get an overview of the latest merge request for each project. -- See if merge requests were approved and by whom. -- See merge request authors. -- See the latest [CI/CD pipeline](../../../ci/pipelines/index.md) result for each merge request. +- A list of compliance violations from all merged merge requests within the group. +- The reason and severity of each compliance violation. +- A link to the merge request that caused each compliance violation. ## View the compliance report for a group @@ -32,8 +34,36 @@ To view the compliance report: 1. On the top bar, select **Menu > Groups** and find your group. 1. On the left sidebar, select **Security & Compliance > Compliance report**. -NOTE: -The compliance report shows only the latest merge request on each project. +### Severity levels scale + +The following is a list of available violation severity levels, ranked from most to least severe: + +| Icon | Severity level | +|:----------------------------------------------|:---------------| +| **{severity-critical, 18, gl-fill-red-800}** | Critical | +| **{severity-high, 18, gl-fill-red-600}** | High | +| **{severity-medium, 18, gl-fill-orange-400}** | Medium | +| **{severity-low, 18, gl-fill-orange-300}** | Low | +| **{severity-info, 18, gl-fill-blue-400}** | Info | + +### Violation types + +The following is a list of violations that are either: + +- Already available. +- Aren't available, but which we are tracking in issues. + +| Violation | Severity level | Category | Description | Availability | +|:-------------------------------------|:----------------|:---------------------------------------------------------------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------------------------------------------------------------------------------| +| Author approved merge request | High | [Separation of duties](#separation-of-duties) | The author of the merge request approved their own merge request. [Learn more](../../project/merge_requests/approvals/settings.md#prevent-approval-by-author). | [Available in GitLab 14.10](https://gitlab.com/groups/gitlab-org/-/epics/6870) | +| Committers approved merge request | High | [Separation of duties](#separation-of-duties) | The committers of the merge request approved the merge request they contributed to. [Learn more](../../project/merge_requests/approvals/settings.md#prevent-approvals-by-users-who-add-commits). | [Available in GitLab 14.10](https://gitlab.com/groups/gitlab-org/-/epics/6870) | +| Fewer than two approvals | High | [Separation of duties](#separation-of-duties) | The merge request was merged with fewer than two approvals. [Learn more](../../project/merge_requests/approvals/rules.md). | [Available in GitLab 14.10](https://gitlab.com/groups/gitlab-org/-/epics/6870) | +| Pipeline failed | Medium | [Pipeline results](../../../ci/pipelines/index.md) | The merge requests pipeline failed and was merged. | [Unavailable](https://gitlab.com/gitlab-org/gitlab/-/issues/346011) | +| Pipeline passed with warnings | Info | [Pipeline results](../../../ci/pipelines/index.md) | The merge request pipeline passed with warnings and was merged. | [Unavailable](https://gitlab.com/gitlab-org/gitlab/-/issues/346011) | +| Code coverage down more than 10% | High | [Code coverage](../../../ci/pipelines/settings.md#merge-request-test-coverage-results) | The code coverage report for the merge request indicates a reduction in coverage of more than 10%. | [Unavailable](https://gitlab.com/gitlab-org/gitlab/-/issues/346011) | +| Code coverage down between 5% to 10% | Medium | [Code coverage](../../../ci/pipelines/settings.md#merge-request-test-coverage-results) | The code coverage report for the merge request indicates a reduction in coverage of between 5% to 10%. | [Unavailable](https://gitlab.com/gitlab-org/gitlab/-/issues/346011) | +| Code coverage down between 1% to 5% | Low | [Code coverage](../../../ci/pipelines/settings.md#merge-request-test-coverage-results) | The code coverage report for the merge request indicates a reduction in coverage of between 1% to 5%. | [Unavailable](https://gitlab.com/gitlab-org/gitlab/-/issues/346011) | +| Code coverage down less than 1% | Info | [Code coverage](../../../ci/pipelines/settings.md#merge-request-test-coverage-results) | The code coverage report for the merge request indicates a reduction in coverage of less than 1%. | [Unavailable](https://gitlab.com/gitlab-org/gitlab/-/issues/346011) | ## Merge request drawer @@ -51,30 +81,15 @@ request: - A list of users that approved the merge request. - The user that merged the merge request. -## Approval status and separation of duties - -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/217939) in GitLab 13.3. +## Separation of duties We support a separation of duties policy between users who create and approve merge requests. -The approval status column can help you identify violations of this policy. Our criteria for the separation of duties is as follows: - [A merge request author is **not** allowed to approve their merge request](../../project/merge_requests/approvals/settings.md#prevent-approval-by-author) - [A merge request committer is **not** allowed to approve a merge request they have added commits to](../../project/merge_requests/approvals/settings.md#prevent-approvals-by-users-who-add-commits) - [The minimum number of approvals required to merge a merge request is **at least** two](../../project/merge_requests/approvals/rules.md) -The **Approval status** column shows you at a glance whether a merge request is complying with the above. -This column has four states: - -| State | Description | -|:------|:------------| -| Empty | The merge request approval status is unknown | -| ![Failed](img/failed_icon_v13_3.png) | The merge request **does not** comply with any of the above criteria | -| ![Warning](img/warning_icon_v13_3.png) | The merge request complies with **some** of the above criteria | -| ![Success](img/success_icon_v13_3.png) | The merge request complies with **all** of the above criteria | - -If you see a non-success state, review the criteria for the merge request's project to ensure it complies with the separation of duties. - ## Chain of Custody report > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/213364) in GitLab 13.3. @@ -105,64 +120,3 @@ You can generate a commit-specific Chain of Custody report for a given commit SH NOTE: The Chain of Custody report download is a CSV file, with a maximum size of 15 MB. The remaining records are truncated when this limit is reached. - -## Merge request violations - -> - Introduced in GitLab 14.6. [Deployed behind the `compliance_violations_report` flag](../../../administration/feature_flags.md). Disabled by default. -> - GraphQL API [introduced](https://gitlab.com/groups/gitlab-org/-/epics/7222) in GitLab 14.9. - -FLAG: -On self-managed GitLab, by default this feature is not available. To make it available, -ask an administrator to [enable the feature flag](../../../administration/feature_flags.md) named `compliance_violations_report`. -On GitLab.com, this feature is not available. This feature is not ready for production use. - -Merge request violations provide a view of all the [separation of duties](#approval-status-and-separation-of-duties) compliance violations -that exist in projects in a specific group. For each separation of duties compliance violation, you can see: - -- A list of compliance violations. -- The severity of each compliance violation. -- Reason for the compliance violation. -- A link to the merge request that caused the compliance violation. - -Merge request violations can be accessed: - -- In the GitLab UI. -- Using the [GraphQL API](../../../api/graphql/reference/index.md#complianceviolation) (GitLab 14.9 and later). - -### View merge request violations - -To view merge request violations: - -1. On the top bar, select **Menu > Groups** and find your group. -1. On the left sidebar, select **Security & Compliance > Compliance report**. - -### Severity levels scale - -The following is a list of available violation severity levels, ranked from most to least severe: - -| Icon | Severity level | -|:----------------------------------------------|:---------------| -| **{severity-critical, 18, gl-fill-red-800}** | Critical | -| **{severity-high, 18, gl-fill-red-600}** | High | -| **{severity-medium, 18, gl-fill-orange-400}** | Medium | -| **{severity-low, 18, gl-fill-orange-300}** | Low | -| **{severity-info, 18, gl-fill-blue-400}** | Info | - -### Violation types - -The following is a list of violations that are either: - -- Already available. -- Aren't available, but which we are tracking in issues. - -| Violation | Severity level | Category | Description | Availability | -|:-------------------------------------|:----------------|:----------------------------------------------------------------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------------------------------------------------------------------| -| Author approved merge request | High | [Separation of duties](#approval-status-and-separation-of-duties) | The author of the merge request approved their own merge request. [Learn more](../../project/merge_requests/approvals/settings.md#prevent-approval-by-author). | [Unavailable](https://gitlab.com/groups/gitlab-org/-/epics/6870) | -| Committers approved merge request | High | [Separation of duties](#approval-status-and-separation-of-duties) | The committers of the merge request approved the merge request they contributed to. [Learn more](../../project/merge_requests/approvals/settings.md#prevent-approvals-by-users-who-add-commits). | [Unavailable](https://gitlab.com/groups/gitlab-org/-/epics/6870) | -| Fewer than two approvals | High | [Separation of duties](#approval-status-and-separation-of-duties) | The merge request was merged with fewer than two approvals. [Learn more](../../project/merge_requests/approvals/rules.md). | [Unavailable](https://gitlab.com/groups/gitlab-org/-/epics/6870) | -| Pipeline failed | Medium | [Pipeline results](../../../ci/pipelines/index.md) | The merge requests pipeline failed and was merged. | [Unavailable](https://gitlab.com/gitlab-org/gitlab/-/issues/346011) | -| Pipeline passed with warnings | Info | [Pipeline results](../../../ci/pipelines/index.md) | The merge request pipeline passed with warnings and was merged. | [Unavailable](https://gitlab.com/gitlab-org/gitlab/-/issues/346011) | -| Code coverage down more than 10% | High | [Code coverage](../../../ci/pipelines/settings.md#merge-request-test-coverage-results) | The code coverage report for the merge request indicates a reduction in coverage of more than 10%. | [Unavailable](https://gitlab.com/gitlab-org/gitlab/-/issues/346011) | -| Code coverage down between 5% to 10% | Medium | [Code coverage](../../../ci/pipelines/settings.md#merge-request-test-coverage-results) | The code coverage report for the merge request indicates a reduction in coverage of between 5% to 10%. | [Unavailable](https://gitlab.com/gitlab-org/gitlab/-/issues/346011) | -| Code coverage down between 1% to 5% | Low | [Code coverage](../../../ci/pipelines/settings.md#merge-request-test-coverage-results) | The code coverage report for the merge request indicates a reduction in coverage of between 1% to 5%. | [Unavailable](https://gitlab.com/gitlab-org/gitlab/-/issues/346011) | -| Code coverage down less than 1% | Info | [Code coverage](../../../ci/pipelines/settings.md#merge-request-test-coverage-results) | The code coverage report for the merge request indicates a reduction in coverage of less than 1%. | [Unavailable](https://gitlab.com/gitlab-org/gitlab/-/issues/346011) | diff --git a/doc/user/project/code_owners.md b/doc/user/project/code_owners.md index fefc27063a6..37771fb4762 100644 --- a/doc/user/project/code_owners.md +++ b/doc/user/project/code_owners.md @@ -124,8 +124,8 @@ Only one CODEOWNERS pattern can match per file path. ### Organize Code Owners by putting them into sections -> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/12137) in GitLab 13.2 behind a feature flag, enabled by default. -> - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/42389) in GitLab 13.4. +> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/12137) in GitLab 13.2 [with a flag](../../administration/feature_flags.md) named `sectional_codeowners`. Disabled by default. +> - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/42389) in GitLab 13.4. Feature flag `sectional_codeowners` removed. You can organize Code Owners by putting them into named sections. diff --git a/doc/user/project/issues/issue_data_and_actions.md b/doc/user/project/issues/issue_data_and_actions.md deleted file mode 100644 index e9f3f4be1c3..00000000000 --- a/doc/user/project/issues/issue_data_and_actions.md +++ /dev/null @@ -1,11 +0,0 @@ ---- -redirect_to: 'index.md' -remove_date: '2022-02-24' ---- - -This file was moved to [another location](index.md). - - - - - diff --git a/doc/user/project/pages/custom_domains_ssl_tls_certification/lets_encrypt_integration.md b/doc/user/project/pages/custom_domains_ssl_tls_certification/lets_encrypt_integration.md index dd5e8c85757..cb22a200514 100644 --- a/doc/user/project/pages/custom_domains_ssl_tls_certification/lets_encrypt_integration.md +++ b/doc/user/project/pages/custom_domains_ssl_tls_certification/lets_encrypt_integration.md @@ -8,7 +8,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w # GitLab Pages integration with Let's Encrypt **(FREE)** -> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/28996) in GitLab 12.1. For versions earlier than GitLab 12.1, see the [manual Let's Encrypt instructions](../lets_encrypt_for_gitlab_pages.md). +> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/28996) in GitLab 12.1. The GitLab Pages integration with Let's Encrypt (LE) allows you to use LE certificates for your Pages website with custom domains diff --git a/doc/user/project/pages/lets_encrypt_for_gitlab_pages.md b/doc/user/project/pages/lets_encrypt_for_gitlab_pages.md deleted file mode 100644 index 7779f87b459..00000000000 --- a/doc/user/project/pages/lets_encrypt_for_gitlab_pages.md +++ /dev/null @@ -1,11 +0,0 @@ ---- -redirect_to: 'custom_domains_ssl_tls_certification/lets_encrypt_integration.md' -remove_date: '2022-03-14' ---- - -This file was moved to [another location](custom_domains_ssl_tls_certification/lets_encrypt_integration.md). - - - - - diff --git a/doc/user/project/protected_branches.md b/doc/user/project/protected_branches.md index 292530e6c9c..06396b5cd62 100644 --- a/doc/user/project/protected_branches.md +++ b/doc/user/project/protected_branches.md @@ -147,8 +147,8 @@ Deploy keys are not available in the **Allowed to merge** dropdown list. ## Allow force push on a protected branch -> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/15611) in GitLab 13.10 behind a disabled feature flag. -> - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/323431) in GitLab 14.0. +> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/15611) in GitLab 13.10 [with a flag](../../administration/feature_flags.md) named `allow_force_push_to_protected_branches`. Disabled by default. +> - [Enabled on GitLab.com and self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/323431) in GitLab 14.0. Feature flag `allow_force_push_to_protected_branches` removed. You can allow [force pushes](../../topics/git/git_rebase.md#force-push) to protected branches. diff --git a/doc/user/project/repository/repository_mirroring.md b/doc/user/project/repository/repository_mirroring.md deleted file mode 100644 index 8fbe5aec6a3..00000000000 --- a/doc/user/project/repository/repository_mirroring.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -redirect_to: 'mirror/index.md' -remove_date: '2022-03-22' ---- - -This document was moved to [another location](mirror/index.md). - - - \ No newline at end of file diff --git a/lib/api/project_import.rb b/lib/api/project_import.rb index fae170d638b..bd8faefa803 100644 --- a/lib/api/project_import.rb +++ b/lib/api/project_import.rb @@ -135,8 +135,6 @@ module API success Entities::ProjectImportStatus end post 'remote-import' do - not_found! unless ::Feature.enabled?(:import_project_from_remote_file, default_enabled: :yaml) - check_rate_limit! :project_import, scope: [current_user, :project_import] response = ::Import::GitlabProjects::CreateProjectService.new( diff --git a/lib/gitlab/ci/parsers/security/common.rb b/lib/gitlab/ci/parsers/security/common.rb index 2d8a182e808..1bc9bd719f9 100644 --- a/lib/gitlab/ci/parsers/security/common.rb +++ b/lib/gitlab/ci/parsers/security/common.rb @@ -14,6 +14,7 @@ module Gitlab def initialize(json_data, report, vulnerability_finding_signatures_enabled = false, validate: false) @json_data = json_data @report = report + @project = report.project @validate = validate @vulnerability_finding_signatures_enabled = vulnerability_finding_signatures_enabled end @@ -51,22 +52,27 @@ module Gitlab # # After 15.0 we will enforce schema validation by default # See: https://gitlab.com/groups/gitlab-org/-/epics/6968 - schema_validation_passed = schema_validator.valid? + schema_validator.deprecation_warnings.each { |deprecation_warning| report.add_warning('Schema', deprecation_warning) } if validate - schema_validator.errors.each { |error| report.add_error('Schema', error) } unless schema_validation_passed + schema_validation_passed = schema_validator.valid? + + # Validation warnings are errors + schema_validator.errors.each { |error| report.add_error('Schema', error) } + schema_validator.warnings.each { |warning| report.add_error('Schema', warning) } schema_validation_passed else - # We treat all schema validation errors as warnings + # Validation warnings are warnings schema_validator.errors.each { |error| report.add_warning('Schema', error) } + schema_validator.warnings.each { |warning| report.add_warning('Schema', warning) } true end end def schema_validator - @schema_validator ||= ::Gitlab::Ci::Parsers::Security::Validators::SchemaValidator.new(report.type, report_data, report.version) + @schema_validator ||= ::Gitlab::Ci::Parsers::Security::Validators::SchemaValidator.new(report.type, report_data, report.version, project: @project) end def report_data @@ -136,7 +142,7 @@ module Gitlab metadata_version: report_version, details: data['details'] || {}, signatures: signatures, - project_id: report.project_id, + project_id: @project.id, vulnerability_finding_signatures_enabled: @vulnerability_finding_signatures_enabled)) end @@ -279,7 +285,7 @@ module Gitlab report_type: report.type, primary_identifier_fingerprint: primary_identifier&.fingerprint, location_fingerprint: location_fingerprint, - project_id: report.project_id + project_id: @project.id } if uuid_v5_name_components.values.any?(&:nil?) diff --git a/lib/gitlab/ci/parsers/security/validators/schema_validator.rb b/lib/gitlab/ci/parsers/security/validators/schema_validator.rb index 88853ea4fb6..ffe9d506c7d 100644 --- a/lib/gitlab/ci/parsers/security/validators/schema_validator.rb +++ b/lib/gitlab/ci/parsers/security/validators/schema_validator.rb @@ -26,19 +26,19 @@ module Gitlab 8.0.0-rc1 8.0.1-rc1 8.1.0-rc1 9.0.0-rc1].freeze # These come from https://app.periscopedata.com/app/gitlab/895813/Secure-Scan-metrics?widget=12248944&udv=1385516 - KNOWN_VERSIONS_TO_DEPRECATE = %w[0.1 1.0 1.0.0 1.2 1.3 10.0.0 12.1.0 13.1.0 2.0 2.1 2.1.0 2.3 2.3.0 2.4 3.0 3.0.0 3.0.6 3.13.2 V2.7.0].freeze + KNOWN_VERSIONS_TO_REMOVE = %w[0.1 1.0 1.0.0 1.2 1.3 10.0.0 12.1.0 13.1.0 2.0 2.1 2.1.0 2.3 2.3.0 2.4 3.0 3.0.0 3.0.6 3.13.2 V2.7.0].freeze - VERSIONS_TO_DEPRECATE_IN_15_0 = (PREVIOUS_RELEASES + KNOWN_VERSIONS_TO_DEPRECATE).freeze + VERSIONS_TO_REMOVE_IN_15_0 = (PREVIOUS_RELEASES + KNOWN_VERSIONS_TO_REMOVE).freeze DEPRECATED_VERSIONS = { - cluster_image_scanning: VERSIONS_TO_DEPRECATE_IN_15_0, - container_scanning: VERSIONS_TO_DEPRECATE_IN_15_0, - coverage_fuzzing: VERSIONS_TO_DEPRECATE_IN_15_0, - dast: VERSIONS_TO_DEPRECATE_IN_15_0, - api_fuzzing: VERSIONS_TO_DEPRECATE_IN_15_0, - dependency_scanning: VERSIONS_TO_DEPRECATE_IN_15_0, - sast: VERSIONS_TO_DEPRECATE_IN_15_0, - secret_detection: VERSIONS_TO_DEPRECATE_IN_15_0 + cluster_image_scanning: VERSIONS_TO_REMOVE_IN_15_0, + container_scanning: VERSIONS_TO_REMOVE_IN_15_0, + coverage_fuzzing: VERSIONS_TO_REMOVE_IN_15_0, + dast: VERSIONS_TO_REMOVE_IN_15_0, + api_fuzzing: VERSIONS_TO_REMOVE_IN_15_0, + dependency_scanning: VERSIONS_TO_REMOVE_IN_15_0, + sast: VERSIONS_TO_REMOVE_IN_15_0, + secret_detection: VERSIONS_TO_REMOVE_IN_15_0 }.freeze class Schema @@ -86,15 +86,18 @@ module Gitlab end end - def initialize(report_type, report_data, report_version = nil) + def initialize(report_type, report_data, report_version = nil, project: nil) @report_type = report_type&.to_sym @report_data = report_data @report_version = report_version + @project = project @errors = [] @warnings = [] + @deprecation_warnings = [] populate_errors populate_warnings + populate_deprecation_warnings end def valid? @@ -102,25 +105,46 @@ module Gitlab end def populate_errors - if Feature.enabled?(:enforce_security_report_validation) - @errors += schema.validate(report_data).map { |error| JSONSchemer::Errors.pretty(error) } + schema_validation_errors = schema.validate(report_data).map { |error| JSONSchemer::Errors.pretty(error) } + + log_warnings(problem_type: 'schema_validation_fails') unless schema_validation_errors.empty? + + if Feature.enabled?(:enforce_security_report_validation, @project) + @errors += schema_validation_errors else - @warnings += schema.validate(report_data).map { |error| JSONSchemer::Errors.pretty(error) } + @warnings += schema_validation_errors end end def populate_warnings - add_deprecated_report_version_message if report_uses_deprecated_schema_version? add_unsupported_report_version_message if !report_uses_supported_schema_version? && !report_uses_deprecated_schema_version? end + def populate_deprecation_warnings + add_deprecated_report_version_message if report_uses_deprecated_schema_version? + end + def add_deprecated_report_version_message + log_warnings(problem_type: 'using_deprecated_schema_version') + message = "Version #{report_version} for report type #{report_type} has been deprecated, supported versions for this report type are: #{supported_schema_versions}" - add_message_as(level: :warning, message: message) + add_message_as(level: :deprecation_warning, message: message) + end + + def log_warnings(problem_type:) + Gitlab::AppLogger.info( + message: 'security report schema validation problem', + security_report_type: report_type, + security_report_version: report_version, + project_id: @project.id, + security_report_failure: problem_type + ) end def add_unsupported_report_version_message - if Feature.enabled?(:enforce_security_report_validation) + log_warnings(problem_type: 'using_unsupported_schema_version') + + if Feature.enabled?(:enforce_security_report_validation, @project) handle_unsupported_report_version(treat_as: :error) else handle_unsupported_report_version(treat_as: :warning) @@ -152,6 +176,8 @@ module Gitlab def add_message_as(level:, message:) case level + when :deprecation_warning + @deprecation_warnings << message when :error @errors << message when :warning @@ -159,7 +185,7 @@ module Gitlab end end - attr_reader :errors, :warnings + attr_reader :errors, :warnings, :deprecation_warnings private diff --git a/lib/gitlab/ci/reports/security/report.rb b/lib/gitlab/ci/reports/security/report.rb index 8c528056d0c..70f2919d38d 100644 --- a/lib/gitlab/ci/reports/security/report.rb +++ b/lib/gitlab/ci/reports/security/report.rb @@ -9,6 +9,7 @@ module Gitlab attr_accessor :scan, :scanned_resources, :errors, :analyzer, :version, :schema_validation_status, :warnings delegate :project_id, to: :pipeline + delegate :project, to: :pipeline def initialize(type, pipeline, created_at) @type = type @@ -38,6 +39,10 @@ module Gitlab errors.present? end + def warnings? + warnings.present? + end + def add_scanner(scanner) scanners[scanner.key] ||= scanner end diff --git a/lib/gitlab/diff/file.rb b/lib/gitlab/diff/file.rb index 89822af2455..90e7a5f71a0 100644 --- a/lib/gitlab/diff/file.rb +++ b/lib/gitlab/diff/file.rb @@ -375,7 +375,7 @@ module Gitlab end def rendered - return unless use_renderable_diff? && ipynb? + return unless use_renderable_diff? && ipynb? && modified_file? && !too_large? strong_memoize(:rendered) { Rendered::Notebook::DiffFile.new(self) } end @@ -410,7 +410,7 @@ module Gitlab end def ipynb? - modified_file? && file_path.ends_with?('.ipynb') + file_path.ends_with?('.ipynb') end # We can't use Object#try because Blob doesn't inherit from Object, but diff --git a/lib/gitlab/usage_data_counters/known_events/epic_events.yml b/lib/gitlab/usage_data_counters/known_events/epic_events.yml index 3d877497339..dacf37b8e8e 100644 --- a/lib/gitlab/usage_data_counters/known_events/epic_events.yml +++ b/lib/gitlab/usage_data_counters/known_events/epic_events.yml @@ -194,3 +194,9 @@ redis_slot: project_management aggregation: daily feature_flag: track_epics_activity + +- name: g_project_management_epic_related_removed + category: epics_usage + redis_slot: project_management + aggregation: daily + feature_flag: track_epics_activity diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 950faf2e2ae..225658b04ab 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -22773,9 +22773,6 @@ msgstr "" msgid "Locked the discussion." msgstr "" -msgid "Locked to current projects" -msgstr "" - msgid "Locks give the ability to lock specific file or folder." msgstr "" diff --git a/spec/factories/keys.rb b/spec/factories/keys.rb index 2af1c6cc62d..6b800e3d790 100644 --- a/spec/factories/keys.rb +++ b/spec/factories/keys.rb @@ -19,6 +19,12 @@ FactoryBot.define do user end + factory :personal_key_4096 do + user + + key { SSHData::PrivateKey::RSA.generate(4096, unsafe_allow_small_key: true).public_key.openssh(comment: 'dummy@gitlab.com') } + end + factory :another_key do factory :another_deploy_key, class: 'DeployKey' end @@ -74,6 +80,8 @@ FactoryBot.define do qpPN5jAskkAUzOh5L/M+dmq2jNn03U9xwORCYPZj+fFM9bL99/0knsV0ypZDZyWH dummy@gitlab.com KEY end + + factory :rsa_deploy_key_5120, class: 'DeployKey' end factory :rsa_key_8192 do diff --git a/spec/finders/keys_finder_spec.rb b/spec/finders/keys_finder_spec.rb index 277c852c953..332aa7afde1 100644 --- a/spec/finders/keys_finder_spec.rb +++ b/spec/finders/keys_finder_spec.rb @@ -5,23 +5,22 @@ require 'spec_helper' RSpec.describe KeysFinder do subject { described_class.new(params).execute } - let(:user) { create(:user) } - let(:params) { {} } - - let!(:key_1) do - create(:personal_key, + let_it_be(:user) { create(:user) } + let_it_be(:key_1) do + create(:rsa_key_4096, last_used_at: 7.days.ago, user: user, - key: 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJejgt1016k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa++Oi7Qkr8prgHc4soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0=', - fingerprint: 'ba:81:59:68:d7:6c:cd:02:02:bf:6a:9b:55:4e:af:d1', - fingerprint_sha256: 'nUhzNyftwADy8AH3wFY31tAKs7HufskYTte2aXo/lCg') + fingerprint: 'df:73:db:29:3c:a5:32:cf:09:17:7e:8e:9d:de:d7:f7', + fingerprint_sha256: 'ByDU7hQ1JB95l6p53rHrffc4eXvEtqGUtQhS+Dhyy7g') end - let!(:key_2) { create(:personal_key, last_used_at: nil, user: user) } - let!(:key_3) { create(:personal_key, last_used_at: 2.days.ago) } + let_it_be(:key_2) { create(:personal_key_4096, last_used_at: nil, user: user) } + let_it_be(:key_3) { create(:personal_key_4096, last_used_at: 2.days.ago) } + + let(:params) { {} } context 'key_type' do - let!(:deploy_key) { create(:deploy_key) } + let_it_be(:deploy_key) { create(:deploy_key) } context 'when `key_type` is `ssh`' do before do @@ -64,35 +63,41 @@ RSpec.describe KeysFinder do end context 'with valid fingerprints' do - let!(:deploy_key) do - create(:deploy_key, - user: user, - key: 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJejgt1017k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa++Oi7Qkr8prgHc4soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0=', - fingerprint: '8a:4a:12:92:0b:50:47:02:d4:5a:8e:a9:44:4e:08:b4', - fingerprint_sha256: '4DPHOVNh53i9dHb5PpY2vjfyf5qniTx1/pBFPoZLDdk') - end + let_it_be(:deploy_key) { create(:rsa_deploy_key_5120, user: user) } context 'personal key with valid MD5 params' do context 'with an existent fingerprint' do before do - params[:fingerprint] = 'ba:81:59:68:d7:6c:cd:02:02:bf:6a:9b:55:4e:af:d1' + params[:fingerprint] = 'df:73:db:29:3c:a5:32:cf:09:17:7e:8e:9d:de:d7:f7' end it 'returns the key' do expect(subject).to eq(key_1) expect(subject.user).to eq(user) end + + context 'with FIPS mode', :fips_mode do + it 'raises InvalidFingerprint' do + expect { subject }.to raise_error(KeysFinder::InvalidFingerprint) + end + end end context 'deploy key with an existent fingerprint' do before do - params[:fingerprint] = '8a:4a:12:92:0b:50:47:02:d4:5a:8e:a9:44:4e:08:b4' + params[:fingerprint] = 'fe:fa:3a:4d:7d:51:ec:bf:c7:64:0c:96:d0:17:8a:d0' end it 'returns the key' do expect(subject).to eq(deploy_key) expect(subject.user).to eq(user) end + + context 'with FIPS mode', :fips_mode do + it 'raises InvalidFingerprint' do + expect { subject }.to raise_error(KeysFinder::InvalidFingerprint) + end + end end context 'with a non-existent fingerprint' do @@ -103,13 +108,19 @@ RSpec.describe KeysFinder do it 'returns nil' do expect(subject).to be_nil end + + context 'with FIPS mode', :fips_mode do + it 'raises InvalidFingerprint' do + expect { subject }.to raise_error(KeysFinder::InvalidFingerprint) + end + end end end context 'personal key with valid SHA256 params' do context 'with an existent fingerprint' do before do - params[:fingerprint] = 'SHA256:nUhzNyftwADy8AH3wFY31tAKs7HufskYTte2aXo/lCg' + params[:fingerprint] = 'SHA256:ByDU7hQ1JB95l6p53rHrffc4eXvEtqGUtQhS+Dhyy7g' end it 'returns key' do @@ -120,7 +131,7 @@ RSpec.describe KeysFinder do context 'deploy key with an existent fingerprint' do before do - params[:fingerprint] = 'SHA256:4DPHOVNh53i9dHb5PpY2vjfyf5qniTx1/pBFPoZLDdk' + params[:fingerprint] = 'SHA256:PCCupLbFHScm4AbEufbGDvhBU27IM0MVAor715qKQK8' end it 'returns key' do diff --git a/spec/frontend/lib/utils/confirm_via_gl_modal/confirm_modal_spec.js b/spec/frontend/lib/utils/confirm_via_gl_modal/confirm_modal_spec.js index e06d1384610..d6131b1a1d7 100644 --- a/spec/frontend/lib/utils/confirm_via_gl_modal/confirm_modal_spec.js +++ b/spec/frontend/lib/utils/confirm_via_gl_modal/confirm_modal_spec.js @@ -5,12 +5,23 @@ import ConfirmModal from '~/lib/utils/confirm_via_gl_modal/confirm_modal.vue'; describe('Confirm Modal', () => { let wrapper; let modal; + const SECONDARY_TEXT = 'secondaryText'; + const SECONDARY_VARIANT = 'danger'; - const createComponent = ({ primaryText, primaryVariant, title, hideCancel = false } = {}) => { + const createComponent = ({ + primaryText, + primaryVariant, + secondaryText, + secondaryVariant, + title, + hideCancel = false, + } = {}) => { wrapper = mount(ConfirmModal, { propsData: { primaryText, primaryVariant, + secondaryText, + secondaryVariant, hideCancel, title, }, @@ -65,6 +76,19 @@ describe('Confirm Modal', () => { expect(props.actionCancel).toBeNull(); }); + it('should not show secondary Button when secondary Text is not set', () => { + createComponent(); + const props = findGlModal().props(); + expect(props.actionSecondary).toBeNull(); + }); + + it('should show secondary Button when secondaryText is set', () => { + createComponent({ secondaryText: SECONDARY_TEXT, secondaryVariant: SECONDARY_VARIANT }); + const actionSecondary = findGlModal().props('actionSecondary'); + expect(actionSecondary.text).toEqual(SECONDARY_TEXT); + expect(actionSecondary.attributes.variant).toEqual(SECONDARY_VARIANT); + }); + it('should set the modal title when the `title` prop is set', () => { const title = 'Modal title'; createComponent({ title }); diff --git a/spec/graphql/mutations/ci/runner/delete_spec.rb b/spec/graphql/mutations/ci/runner/delete_spec.rb index c0f979e43cc..ee640b21918 100644 --- a/spec/graphql/mutations/ci/runner/delete_spec.rb +++ b/spec/graphql/mutations/ci/runner/delete_spec.rb @@ -37,7 +37,9 @@ RSpec.describe Mutations::Ci::Runner::Delete do it 'raises an error' do mutation_params[:id] = two_projects_runner.to_global_id - expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable) + expect_graphql_error_to_be_created(Gitlab::Graphql::Errors::ResourceNotAvailable) do + subject + end end end end @@ -115,7 +117,10 @@ RSpec.describe Mutations::Ci::Runner::Delete do allow_next_instance_of(::Ci::Runners::UnregisterRunnerService) do |service| expect(service).not_to receive(:execute) end - expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable) + + expect_graphql_error_to_be_created(Gitlab::Graphql::Errors::ResourceNotAvailable) do + subject + end end end end diff --git a/spec/graphql/resolvers/blobs_resolver_spec.rb b/spec/graphql/resolvers/blobs_resolver_spec.rb index 4b75351147c..a666ed2a9fc 100644 --- a/spec/graphql/resolvers/blobs_resolver_spec.rb +++ b/spec/graphql/resolvers/blobs_resolver_spec.rb @@ -75,10 +75,9 @@ RSpec.describe Resolvers::BlobsResolver do let(:ref) { 'ma:in' } it 'raises an ArgumentError' do - expect { resolve_blobs }.to raise_error( - Gitlab::Graphql::Errors::ArgumentError, - 'Ref is not valid' - ) + expect_graphql_error_to_be_created(Gitlab::Graphql::Errors::ArgumentError, 'Ref is not valid') do + resolve_blobs + end end end @@ -86,10 +85,9 @@ RSpec.describe Resolvers::BlobsResolver do let(:ref) { '' } it 'raises an ArgumentError' do - expect { resolve_blobs }.to raise_error( - Gitlab::Graphql::Errors::ArgumentError, - 'Ref is not valid' - ) + expect_graphql_error_to_be_created(Gitlab::Graphql::Errors::ArgumentError, 'Ref is not valid') do + resolve_blobs + end end end end diff --git a/spec/graphql/resolvers/group_members/notification_email_resolver_spec.rb b/spec/graphql/resolvers/group_members/notification_email_resolver_spec.rb index fcf67120b0e..8d0b8f9398d 100644 --- a/spec/graphql/resolvers/group_members/notification_email_resolver_spec.rb +++ b/spec/graphql/resolvers/group_members/notification_email_resolver_spec.rb @@ -35,7 +35,9 @@ RSpec.describe Resolvers::GroupMembers::NotificationEmailResolver do let(:current_user) { create(:user) } it 'raises ResourceNotAvailable error' do - expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable) + expect_graphql_error_to_be_created(Gitlab::Graphql::Errors::ResourceNotAvailable) do + subject + end end end end diff --git a/spec/graphql/resolvers/users_resolver_spec.rb b/spec/graphql/resolvers/users_resolver_spec.rb index b01cc0d43e3..1ba296912a3 100644 --- a/spec/graphql/resolvers/users_resolver_spec.rb +++ b/spec/graphql/resolvers/users_resolver_spec.rb @@ -74,7 +74,9 @@ RSpec.describe Resolvers::UsersResolver do let_it_be(:current_user) { nil } it 'prohibits search without usernames passed' do - expect { resolve_users }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable) + expect_graphql_error_to_be_created(Gitlab::Graphql::Errors::ResourceNotAvailable) do + resolve_users + end end it 'allows to search by username' do diff --git a/spec/graphql/resolvers/work_item_resolver_spec.rb b/spec/graphql/resolvers/work_item_resolver_spec.rb index c7e2beecb51..bfa0cf1d8a2 100644 --- a/spec/graphql/resolvers/work_item_resolver_spec.rb +++ b/spec/graphql/resolvers/work_item_resolver_spec.rb @@ -22,7 +22,9 @@ RSpec.describe Resolvers::WorkItemResolver do let(:current_user) { create(:user) } it 'raises a resource not available error' do - expect { resolved_work_item }.to raise_error(::Gitlab::Graphql::Errors::ResourceNotAvailable) + expect_graphql_error_to_be_created(Gitlab::Graphql::Errors::ResourceNotAvailable) do + resolved_work_item + end end end diff --git a/spec/lib/gitlab/ci/parsers/security/common_spec.rb b/spec/lib/gitlab/ci/parsers/security/common_spec.rb index 063fee077af..4942e869be6 100644 --- a/spec/lib/gitlab/ci/parsers/security/common_spec.rb +++ b/spec/lib/gitlab/ci/parsers/security/common_spec.rb @@ -42,11 +42,13 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do let(:validate) { false } let(:valid?) { false } let(:errors) { ['foo'] } + let(:warnings) { ['bar'] } before do allow_next_instance_of(validator_class) do |instance| allow(instance).to receive(:valid?).and_return(valid?) allow(instance).to receive(:errors).and_return(errors) + allow(instance).to receive(:warnings).and_return(warnings) end allow(parser).to receive_messages(create_scanner: true, create_scan: true) @@ -55,12 +57,17 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do it 'instantiates the validator with correct params' do parse_report - expect(validator_class).to have_received(:new).with(report.type, {}, report.version) + expect(validator_class).to have_received(:new).with(report.type, {}, report.version, project: pipeline.project) end context 'when the report data is not valid according to the schema' do it 'adds warnings to the report' do - expect { parse_report }.to change { report.warnings }.from([]).to([{ message: 'foo', type: 'Schema' }]) + expect { parse_report }.to change { report.warnings }.from([]).to( + [ + { message: 'foo', type: 'Schema' }, + { message: 'bar', type: 'Schema' } + ] + ) end it 'keeps the execution flow as normal' do @@ -74,9 +81,14 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do context 'when the report data is valid according to the schema' do let(:valid?) { true } let(:errors) { [] } + let(:warnings) { [] } + + it 'does not add errors to the report' do + expect { parse_report }.not_to change { report.errors } + end it 'does not add warnings to the report' do - expect { parse_report }.not_to change { report.errors } + expect { parse_report }.not_to change { report.warnings } end it 'keeps the execution flow as normal' do @@ -92,11 +104,13 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do let(:validate) { true } let(:valid?) { false } let(:errors) { ['foo'] } + let(:warnings) { ['bar'] } before do allow_next_instance_of(validator_class) do |instance| allow(instance).to receive(:valid?).and_return(valid?) allow(instance).to receive(:errors).and_return(errors) + allow(instance).to receive(:warnings).and_return(warnings) end allow(parser).to receive_messages(create_scanner: true, create_scan: true) @@ -105,12 +119,17 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do it 'instantiates the validator with correct params' do parse_report - expect(validator_class).to have_received(:new).with(report.type, {}, report.version) + expect(validator_class).to have_received(:new).with(report.type, {}, report.version, project: pipeline.project) end context 'when the report data is not valid according to the schema' do it 'adds errors to the report' do - expect { parse_report }.to change { report.errors }.from([]).to([{ message: 'foo', type: 'Schema' }]) + expect { parse_report }.to change { report.errors }.from([]).to( + [ + { message: 'foo', type: 'Schema' }, + { message: 'bar', type: 'Schema' } + ] + ) end it 'does not try to create report entities' do @@ -124,11 +143,16 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do context 'when the report data is valid according to the schema' do let(:valid?) { true } let(:errors) { [] } + let(:warnings) { [] } it 'does not add errors to the report' do expect { parse_report }.not_to change { report.errors }.from([]) end + it 'does not add warnings to the report' do + expect { parse_report }.not_to change { report.warnings }.from([]) + end + it 'keeps the execution flow as normal' do parse_report diff --git a/spec/lib/gitlab/ci/parsers/security/validators/schema_validator_spec.rb b/spec/lib/gitlab/ci/parsers/security/validators/schema_validator_spec.rb index 5f8f0d55186..9267a76e231 100644 --- a/spec/lib/gitlab/ci/parsers/security/validators/schema_validator_spec.rb +++ b/spec/lib/gitlab/ci/parsers/security/validators/schema_validator_spec.rb @@ -3,7 +3,9 @@ require 'spec_helper' RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do - let(:validator) { described_class.new(report_type, report_data, report_version) } + let_it_be(:project) { create(:project) } + + let(:validator) { described_class.new(report_type, report_data, report_version, project: project) } describe 'SUPPORTED_VERSIONS' do schema_path = Rails.root.join("lib", "gitlab", "ci", "parsers", "security", "validators", "schemas") @@ -75,6 +77,18 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do end it { is_expected.to be_falsey } + + it 'logs related information' do + expect(Gitlab::AppLogger).to receive(:info).with( + message: "security report schema validation problem", + security_report_type: report_type, + security_report_version: report_version, + project_id: project.id, + security_report_failure: 'schema_validation_fails' + ) + + subject + end end end @@ -91,6 +105,18 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do end it { is_expected.to be_truthy } + + it 'logs related information' do + expect(Gitlab::AppLogger).to receive(:info).with( + message: "security report schema validation problem", + security_report_type: report_type, + security_report_version: report_version, + project_id: project.id, + security_report_failure: 'using_deprecated_schema_version' + ) + + subject + end end context 'and the report does not pass schema validation' do @@ -142,6 +168,18 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do end it { is_expected.to be_falsey } + + it 'logs related information' do + expect(Gitlab::AppLogger).to receive(:info).with( + message: "security report schema validation problem", + security_report_type: report_type, + security_report_version: report_version, + project_id: project.id, + security_report_failure: 'using_unsupported_schema_version' + ) + + subject + end end context 'and the report is invalid' do @@ -211,13 +249,29 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do } end - let(:expected_errors) do - [ - 'root is missing required keys: vulnerabilities' - ] + context 'if enforce_security_report_validation is enabled' do + before do + stub_feature_flags(enforce_security_report_validation: project) + end + + let(:expected_errors) do + [ + 'root is missing required keys: vulnerabilities' + ] + end + + it { is_expected.to match_array(expected_errors) } end - it { is_expected.to match_array(expected_errors) } + context 'if enforce_security_report_validation is disabled' do + before do + stub_feature_flags(enforce_security_report_validation: false) + end + + let(:expected_errors) { [] } + + it { is_expected.to match_array(expected_errors) } + end end end @@ -355,6 +409,83 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do end end + describe '#deprecation_warnings' do + subject { validator.deprecation_warnings } + + context 'when given a supported schema version' do + let(:report_type) { :dast } + let(:report_version) { described_class::SUPPORTED_VERSIONS[report_type].last } + + let(:expected_deprecation_warnings) { [] } + + context 'and the report is valid' do + let(:report_data) do + { + 'version' => report_version, + 'vulnerabilities' => [] + } + end + + it { is_expected.to match_array(expected_deprecation_warnings) } + end + + context 'and the report is invalid' do + let(:report_data) do + { + 'version' => report_version + } + end + + it { is_expected.to match_array(expected_deprecation_warnings) } + end + end + + context 'when given a deprecated schema version' do + let(:report_type) { :dast } + let(:report_version) { described_class::DEPRECATED_VERSIONS[report_type].last } + let(:expected_deprecation_warnings) do + [ + "Version V2.7.0 for report type dast has been deprecated, supported versions for this report type are: 14.0.0, 14.0.1, 14.0.2, 14.0.3, 14.0.4, 14.0.5, 14.0.6, 14.1.0" + ] + end + + context 'and the report passes schema validation' do + let(:report_data) do + { + 'version' => report_version, + 'vulnerabilities' => [] + } + end + + it { is_expected.to match_array(expected_deprecation_warnings) } + end + + context 'and the report does not pass schema validation' do + let(:report_data) do + { + 'version' => 'V2.7.0' + } + end + + it { is_expected.to match_array(expected_deprecation_warnings) } + end + end + + context 'when given an unsupported schema version' do + let(:report_type) { :dast } + let(:report_version) { "21.37.0" } + let(:expected_deprecation_warnings) { [] } + let(:report_data) do + { + 'version' => report_version, + 'vulnerabilities' => [] + } + end + + it { is_expected.to match_array(expected_deprecation_warnings) } + end + end + describe '#warnings' do subject { validator.warnings } @@ -382,9 +513,29 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do } end - let(:expected_warnings) { [] } + context 'if enforce_security_report_validation is enabled' do + before do + stub_feature_flags(enforce_security_report_validation: project) + end - it { is_expected.to match_array(expected_warnings) } + let(:expected_warnings) { [] } + + it { is_expected.to match_array(expected_warnings) } + end + + context 'if enforce_security_report_validation is disabled' do + before do + stub_feature_flags(enforce_security_report_validation: false) + end + + let(:expected_warnings) do + [ + 'root is missing required keys: vulnerabilities' + ] + end + + it { is_expected.to match_array(expected_warnings) } + end end end @@ -399,32 +550,24 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do } end - let(:expected_warnings) do - [ - "Version V2.7.0 for report type dast has been deprecated, supported versions for this report type are: 14.0.0, 14.0.1, 14.0.2, 14.0.3, 14.0.4, 14.0.5, 14.0.6, 14.1.0" - ] - end + let(:expected_warnings) { [] } it { is_expected.to match_array(expected_warnings) } end context 'and the report does not pass schema validation' do + let(:report_data) do + { + 'version' => 'V2.7.0' + } + end + context 'and enforce_security_report_validation is enabled' do before do stub_feature_flags(enforce_security_report_validation: true) end - let(:report_data) do - { - 'version' => 'V2.7.0' - } - end - - let(:expected_warnings) do - [ - "Version V2.7.0 for report type dast has been deprecated, supported versions for this report type are: 14.0.0, 14.0.1, 14.0.2, 14.0.3, 14.0.4, 14.0.5, 14.0.6, 14.1.0" - ] - end + let(:expected_warnings) { [] } it { is_expected.to match_array(expected_warnings) } end @@ -434,15 +577,8 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do stub_feature_flags(enforce_security_report_validation: false) end - let(:report_data) do - { - 'version' => 'V2.7.0' - } - end - let(:expected_warnings) do [ - "Version V2.7.0 for report type dast has been deprecated, supported versions for this report type are: 14.0.0, 14.0.1, 14.0.2, 14.0.3, 14.0.4, 14.0.5, 14.0.6, 14.1.0", "property '/version' does not match pattern: ^[0-9]+\\.[0-9]+\\.[0-9]+$", "root is missing required keys: vulnerabilities" ] diff --git a/spec/lib/gitlab/ci/reports/security/report_spec.rb b/spec/lib/gitlab/ci/reports/security/report_spec.rb index 4dc1eca3859..ab0efb90901 100644 --- a/spec/lib/gitlab/ci/reports/security/report_spec.rb +++ b/spec/lib/gitlab/ci/reports/security/report_spec.rb @@ -184,6 +184,22 @@ RSpec.describe Gitlab::Ci::Reports::Security::Report do end end + describe 'warnings?' do + subject { report.warnings? } + + context 'when the report does not have any errors' do + it { is_expected.to be_falsey } + end + + context 'when the report has warnings' do + before do + report.add_warning('foo', 'bar') + end + + it { is_expected.to be_truthy } + end + end + describe '#primary_scanner_order_to' do let(:scanner_1) { build(:ci_reports_security_scanner) } let(:scanner_2) { build(:ci_reports_security_scanner) } diff --git a/spec/lib/gitlab/diff/file_spec.rb b/spec/lib/gitlab/diff/file_spec.rb index 52ae05af087..cb5f08c5dc6 100644 --- a/spec/lib/gitlab/diff/file_spec.rb +++ b/spec/lib/gitlab/diff/file_spec.rb @@ -76,10 +76,34 @@ RSpec.describe Gitlab::Diff::File do end describe '#rendered' do - let(:commit) { project.commit("532c837") } + context 'when not ipynb' do + it 'is nil' do + expect(diff_file.rendered).to be_nil + end + end - it 'creates a NotebookDiffFile for rendering' do - expect(diff_file.rendered).to be_kind_of(Gitlab::Diff::Rendered::Notebook::DiffFile) + context 'when ipynb' do + let(:commit) { project.commit("532c837") } + + it 'creates a NotebookDiffFile for rendering' do + expect(diff_file.rendered).to be_kind_of(Gitlab::Diff::Rendered::Notebook::DiffFile) + end + + context 'when too large' do + it 'is nil' do + expect(diff).to receive(:too_large?).and_return(true) + + expect(diff_file.rendered).to be_nil + end + end + + context 'when not modified' do + it 'is nil' do + expect(diff_file).to receive(:modified_file?).and_return(false) + + expect(diff_file.rendered).to be_nil + end + end end end diff --git a/spec/requests/api/keys_spec.rb b/spec/requests/api/keys_spec.rb index 49b8f4a8520..67c3de324dc 100644 --- a/spec/requests/api/keys_spec.rb +++ b/spec/requests/api/keys_spec.rb @@ -3,10 +3,11 @@ require 'spec_helper' RSpec.describe API::Keys do - let(:user) { create(:user) } - let(:admin) { create(:admin) } - let(:key) { create(:key, user: user, expires_at: 1.day.from_now) } - let(:email) { create(:email, user: user) } + let_it_be(:user) { create(:user) } + let_it_be(:admin) { create(:admin) } + let_it_be(:email) { create(:email, user: user) } + let_it_be(:key) { create(:rsa_key_4096, user: user, expires_at: 1.day.from_now) } + let_it_be(:fingerprint_md5) { 'df:73:db:29:3c:a5:32:cf:09:17:7e:8e:9d:de:d7:f7' } describe 'GET /keys/:uid' do context 'when unauthenticated' do @@ -24,7 +25,6 @@ RSpec.describe API::Keys do end it 'returns single ssh key with user information' do - user.keys << key get api("/keys/#{key.id}", admin) expect(response).to have_gitlab_http_status(:ok) expect(json_response['title']).to eq(key.title) @@ -43,23 +43,50 @@ RSpec.describe API::Keys do describe 'GET /keys?fingerprint=' do it 'returns authentication error' do - get api("/keys?fingerprint=#{key.fingerprint}") + get api("/keys?fingerprint=#{fingerprint_md5}") expect(response).to have_gitlab_http_status(:unauthorized) end it 'returns authentication error when authenticated as user' do - get api("/keys?fingerprint=#{key.fingerprint}", user) + get api("/keys?fingerprint=#{fingerprint_md5}", user) expect(response).to have_gitlab_http_status(:forbidden) end context 'when authenticated as admin' do - it 'returns 404 for non-existing SSH md5 fingerprint' do - get api("/keys?fingerprint=11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11", admin) + context 'MD5 fingerprint' do + it 'returns 404 for non-existing SSH md5 fingerprint' do + get api("/keys?fingerprint=11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11", admin) - expect(response).to have_gitlab_http_status(:not_found) - expect(json_response['message']).to eq('404 Key Not Found') + expect(response).to have_gitlab_http_status(:not_found) + expect(json_response['message']).to eq('404 Key Not Found') + end + + it 'returns user if SSH md5 fingerprint found' do + get api("/keys?fingerprint=#{fingerprint_md5}", admin) + + expect(response).to have_gitlab_http_status(:ok) + expect(json_response['title']).to eq(key.title) + expect(json_response['user']['id']).to eq(user.id) + expect(json_response['user']['username']).to eq(user.username) + end + + context 'with FIPS mode', :fips_mode do + it 'returns 404 for non-existing SSH md5 fingerprint' do + get api("/keys?fingerprint=11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11", admin) + + expect(response).to have_gitlab_http_status(:bad_request) + expect(json_response['message']).to eq('Failed to return the key') + end + + it 'returns 404 for existing SSH md5 fingerprint' do + get api("/keys?fingerprint=#{fingerprint_md5}", admin) + + expect(response).to have_gitlab_http_status(:bad_request) + expect(json_response['message']).to eq('Failed to return the key') + end + end end it 'returns 404 for non-existing SSH sha256 fingerprint' do @@ -69,20 +96,7 @@ RSpec.describe API::Keys do expect(json_response['message']).to eq('404 Key Not Found') end - it 'returns user if SSH md5 fingerprint found' do - user.keys << key - - get api("/keys?fingerprint=#{key.fingerprint}", admin) - - expect(response).to have_gitlab_http_status(:ok) - expect(json_response['title']).to eq(key.title) - expect(json_response['user']['id']).to eq(user.id) - expect(json_response['user']['username']).to eq(user.username) - end - it 'returns user if SSH sha256 fingerprint found' do - user.keys << key - get api("/keys?fingerprint=#{URI.encode_www_form_component("SHA256:" + key.fingerprint_sha256)}", admin) expect(response).to have_gitlab_http_status(:ok) @@ -92,8 +106,6 @@ RSpec.describe API::Keys do end it 'returns user if SSH sha256 fingerprint found' do - user.keys << key - get api("/keys?fingerprint=#{URI.encode_www_form_component("sha256:" + key.fingerprint_sha256)}", admin) expect(response).to have_gitlab_http_status(:ok) @@ -103,7 +115,7 @@ RSpec.describe API::Keys do end it "does not include the user's `is_admin` flag" do - get api("/keys?fingerprint=#{key.fingerprint}", admin) + get api("/keys?fingerprint=#{URI.encode_www_form_component("sha256:" + key.fingerprint_sha256)}", admin) expect(json_response['user']['is_admin']).to be_nil end diff --git a/spec/requests/api/project_import_spec.rb b/spec/requests/api/project_import_spec.rb index 6f1494a672c..d8067321944 100644 --- a/spec/requests/api/project_import_spec.rb +++ b/spec/requests/api/project_import_spec.rb @@ -306,63 +306,49 @@ RSpec.describe API::ProjectImport, :aggregate_failures do it_behaves_like 'requires authentication' - it 'returns NOT FOUND when the feature is disabled' do - stub_feature_flags(import_project_from_remote_file: false) + context 'when the response is successful' do + it 'schedules the import successfully' do + project = create( + :project, + namespace: user.namespace, + name: 'test-import', + path: 'test-import' + ) - subject + service_response = ServiceResponse.success(payload: project) + expect_next(::Import::GitlabProjects::CreateProjectService) + .to receive(:execute) + .and_return(service_response) - expect(response).to have_gitlab_http_status(:not_found) + subject + + expect(response).to have_gitlab_http_status(:created) + expect(json_response).to include({ + 'id' => project.id, + 'name' => 'test-import', + 'name_with_namespace' => "#{user.namespace.name} / test-import", + 'path' => 'test-import', + 'path_with_namespace' => "#{user.namespace.path}/test-import" + }) + end end - context 'when the feature flag is enabled' do - before do - stub_feature_flags(import_project_from_remote_file: true) - end + context 'when the service returns an error' do + it 'fails to schedule the import' do + service_response = ServiceResponse.error( + message: 'Failed to import', + http_status: :bad_request + ) + expect_next(::Import::GitlabProjects::CreateProjectService) + .to receive(:execute) + .and_return(service_response) - context 'when the response is successful' do - it 'schedules the import successfully' do - project = create( - :project, - namespace: user.namespace, - name: 'test-import', - path: 'test-import' - ) + subject - service_response = ServiceResponse.success(payload: project) - expect_next(::Import::GitlabProjects::CreateProjectService) - .to receive(:execute) - .and_return(service_response) - - subject - - expect(response).to have_gitlab_http_status(:created) - expect(json_response).to include({ - 'id' => project.id, - 'name' => 'test-import', - 'name_with_namespace' => "#{user.namespace.name} / test-import", - 'path' => 'test-import', - 'path_with_namespace' => "#{user.namespace.path}/test-import" - }) - end - end - - context 'when the service returns an error' do - it 'fails to schedule the import' do - service_response = ServiceResponse.error( - message: 'Failed to import', - http_status: :bad_request - ) - expect_next(::Import::GitlabProjects::CreateProjectService) - .to receive(:execute) - .and_return(service_response) - - subject - - expect(response).to have_gitlab_http_status(:bad_request) - expect(json_response).to eq({ - 'message' => 'Failed to import' - }) - end + expect(response).to have_gitlab_http_status(:bad_request) + expect(json_response).to eq({ + 'message' => 'Failed to import' + }) end end end