Add latest changes from gitlab-org/gitlab@master
This commit is contained in:
parent
7e964f54ed
commit
4001deba73
|
@ -26,6 +26,16 @@ export default {
|
|||
required: false,
|
||||
default: 'confirm',
|
||||
},
|
||||
secondaryText: {
|
||||
type: String,
|
||||
required: false,
|
||||
default: '',
|
||||
},
|
||||
secondaryVariant: {
|
||||
type: String,
|
||||
required: false,
|
||||
default: 'confirm',
|
||||
},
|
||||
modalHtmlMessage: {
|
||||
type: String,
|
||||
required: false,
|
||||
|
@ -47,6 +57,18 @@ export default {
|
|||
},
|
||||
};
|
||||
},
|
||||
secondaryAction() {
|
||||
if (!this.secondaryText) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return {
|
||||
text: this.secondaryText,
|
||||
attributes: {
|
||||
variant: this.secondaryVariant,
|
||||
},
|
||||
};
|
||||
},
|
||||
cancelAction() {
|
||||
return this.hideCancel ? null : this.$options.cancelAction;
|
||||
},
|
||||
|
@ -69,6 +91,7 @@ export default {
|
|||
:title="title"
|
||||
:action-primary="primaryAction"
|
||||
:action-cancel="cancelAction"
|
||||
:action-secondary="secondaryAction"
|
||||
:hide-header="!shouldShowHeader"
|
||||
@primary="$emit('confirmed')"
|
||||
@hidden="$emit('closed')"
|
||||
|
|
|
@ -2,7 +2,15 @@ import Vue from 'vue';
|
|||
|
||||
export function confirmAction(
|
||||
message,
|
||||
{ primaryBtnVariant, primaryBtnText, modalHtmlMessage, title, hideCancel } = {},
|
||||
{
|
||||
primaryBtnVariant,
|
||||
primaryBtnText,
|
||||
secondaryBtnVariant,
|
||||
secondaryBtnText,
|
||||
modalHtmlMessage,
|
||||
title,
|
||||
hideCancel,
|
||||
} = {},
|
||||
) {
|
||||
return new Promise((resolve) => {
|
||||
let confirmed = false;
|
||||
|
@ -16,6 +24,8 @@ export function confirmAction(
|
|||
'confirm-modal',
|
||||
{
|
||||
props: {
|
||||
secondaryText: secondaryBtnText,
|
||||
secondaryVariant: secondaryBtnVariant,
|
||||
primaryVariant: primaryBtnVariant,
|
||||
primaryText: primaryBtnText,
|
||||
title,
|
||||
|
|
|
@ -52,12 +52,12 @@ class KeysFinder
|
|||
end
|
||||
|
||||
def valid_fingerprint_param?
|
||||
if fingerprint_type == "sha256"
|
||||
Base64.decode64(fingerprint).length == 32
|
||||
else
|
||||
return Base64.decode64(fingerprint).length == 32 if fingerprint_type == "sha256"
|
||||
|
||||
return false if Gitlab::FIPS.enabled?
|
||||
|
||||
fingerprint =~ /^(\h{2}:){15}\h{2}/
|
||||
end
|
||||
end
|
||||
|
||||
def fingerprint_query
|
||||
fingerprint_attribute = FINGERPRINT_ATTRIBUTES[fingerprint_type]
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
%span
|
||||
= "##{runner.id} (#{runner.short_sha})"
|
||||
- if runner.locked?
|
||||
%span.has-tooltip{ title: _('Locked to current projects') }
|
||||
%span.has-tooltip{ title: s_('Runners|Runner is locked and available for currently assigned projects only. Only administrators can change the assigned projects.') }
|
||||
= sprite_icon('lock')
|
||||
.gl-ml-2
|
||||
.btn-group.btn-group-sm
|
||||
|
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
name: import_project_from_remote_file
|
||||
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/59033
|
||||
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/330039
|
||||
milestone: '13.12'
|
||||
type: development
|
||||
group: group::import
|
||||
default_enabled: true
|
|
@ -1,11 +0,0 @@
|
|||
---
|
||||
redirect_to: 'check.md#verify-database-values-can-be-decrypted-using-the-current-secrets'
|
||||
remove_date: '2022-03-04'
|
||||
---
|
||||
|
||||
This document was moved to [another location](check.md#verify-database-values-can-be-decrypted-using-the-current-secrets).
|
||||
|
||||
<!-- This redirect file can be deleted after 2022-03-04. -->
|
||||
<!-- Redirects that point to other docs in the same project expire in three months. -->
|
||||
<!-- Redirects that point to docs in a different project or site (for example, link is not relative and starts with `https:`) expire in one year. -->
|
||||
<!-- Before deletion, see: https://docs.gitlab.com/ee/development/documentation/redirects.html -->
|
|
@ -1,11 +0,0 @@
|
|||
---
|
||||
redirect_to: 'https://about.gitlab.com/handbook/product-development-flow/feature-flag-lifecycle/'
|
||||
remove_date: '2022-03-01'
|
||||
---
|
||||
|
||||
This document was moved to [another location](https://about.gitlab.com/handbook/product-development-flow/feature-flag-lifecycle/).
|
||||
|
||||
<!-- This redirect file can be deleted after 2022-03-01. -->
|
||||
<!-- Redirects that point to other docs in the same project expire in three months. -->
|
||||
<!-- Redirects that point to docs in a different project or site (for example, link is not relative and starts with `https:`) expire in one year. -->
|
||||
<!-- Before deletion, see: https://docs.gitlab.com/ee/development/documentation/redirects.html -->
|
|
@ -1,11 +0,0 @@
|
|||
---
|
||||
redirect_to: '../index.md'
|
||||
remove_date: '2022-03-08'
|
||||
---
|
||||
|
||||
This document was removed. For information about installing GitLab, see [this page](../index.md).
|
||||
|
||||
<!-- This redirect file can be deleted after <2022-03-08>. -->
|
||||
<!-- Redirects that point to other docs in the same project expire in three months. -->
|
||||
<!-- Redirects that point to docs in a different project or site (for example, link is not relative and starts with `https:`) expire in one year. -->
|
||||
<!-- Before deletion, see: https://docs.gitlab.com/ee/development/documentation/redirects.html -->
|
|
@ -55,13 +55,13 @@ All open source (OSS) analyzers are available with the GitLab Free tier. Future
|
|||
Different features are available in different [GitLab tiers](https://about.gitlab.com/pricing/),
|
||||
as shown in the following table:
|
||||
|
||||
| Capability | In Free | In Ultimate |
|
||||
|:---------------------------------------------------------------------------------------|:--------------------|:-------------------|
|
||||
| [Configure IaC Scanners](#configuration) | **{check-circle}** | **{check-circle}** |
|
||||
| View [JSON Report](#reports-json-format) | **{check-circle}** | **{check-circle}** |
|
||||
| Presentation of JSON Report in merge request | **{dotted-circle}** | **{check-circle}** |
|
||||
| [Address vulnerabilities](../../application_security/vulnerabilities/index.md) | **{dotted-circle}** | **{check-circle}** |
|
||||
| [Access to Security Dashboard](../../application_security/security_dashboard/index.md) | **{dotted-circle}** | **{check-circle}** |
|
||||
| Capability | In Free & Premium | In Ultimate |
|
||||
|:----------------------------------------------------------------|:--------------------|:-------------------|
|
||||
| [Configure IaC scanner](#configuration) | **{check-circle}** | **{check-circle}** |
|
||||
| Download [JSON Report](#reports-json-format) | **{check-circle}** | **{check-circle}** |
|
||||
| See new findings in merge request widget | **{dotted-circle}** | **{check-circle}** |
|
||||
| [Manage vulnerabilities](../vulnerabilities/index.md) | **{dotted-circle}** | **{check-circle}** |
|
||||
| [Access the Security Dashboard](../security_dashboard/index.md) | **{dotted-circle}** | **{check-circle}** |
|
||||
|
||||
## Contribute your scanner
|
||||
|
||||
|
|
|
@ -141,17 +141,17 @@ All open source (OSS) analyzers have been moved to the GitLab Free tier as of Gi
|
|||
Different features are available in different [GitLab tiers](https://about.gitlab.com/pricing/),
|
||||
as shown in the following table:
|
||||
|
||||
| Capability | In Free | In Ultimate |
|
||||
|:---------------------------------------------------------------------------------------|:--------------------|:-------------------|
|
||||
| [Configure SAST Scanners](#configuration) | **{check-circle}** | **{check-circle}** |
|
||||
| [Customize SAST Settings](#available-cicd-variables) | **{check-circle}** | **{check-circle}** |
|
||||
| View [JSON Report](#reports-json-format) | **{check-circle}** | **{check-circle}** |
|
||||
| Presentation of JSON Report in Merge Request | **{dotted-circle}** | **{check-circle}** |
|
||||
| [Address vulnerabilities](../../application_security/vulnerabilities/index.md) | **{dotted-circle}** | **{check-circle}** |
|
||||
| [Access to Security Dashboard](../../application_security/security_dashboard/index.md) | **{dotted-circle}** | **{check-circle}** |
|
||||
| Capability | In Free & Premium | In Ultimate |
|
||||
|:----------------------------------------------------------------|:--------------------|:-------------------|
|
||||
| [Configure SAST scanners](#configuration) | **{check-circle}** | **{check-circle}** |
|
||||
| [Customize SAST settings](#available-cicd-variables) | **{check-circle}** | **{check-circle}** |
|
||||
| Download [JSON Report](#reports-json-format) | **{check-circle}** | **{check-circle}** |
|
||||
| See new findings in merge request widget | **{dotted-circle}** | **{check-circle}** |
|
||||
| [Manage vulnerabilities](../vulnerabilities/index.md) | **{dotted-circle}** | **{check-circle}** |
|
||||
| [Access the Security Dashboard](../security_dashboard/index.md) | **{dotted-circle}** | **{check-circle}** |
|
||||
| [Configure SAST in the UI](#configure-sast-in-the-ui) | **{dotted-circle}** | **{check-circle}** |
|
||||
| [Customize SAST Rulesets](#customize-rulesets) | **{dotted-circle}** | **{check-circle}** |
|
||||
| [False Positive Detection](#false-positive-detection) | **{dotted-circle}** | **{check-circle}** |
|
||||
| [Customize SAST rulesets](#customize-rulesets) | **{dotted-circle}** | **{check-circle}** |
|
||||
| [Detect False Positives](#false-positive-detection) | **{dotted-circle}** | **{check-circle}** |
|
||||
|
||||
## Contribute your scanner
|
||||
|
||||
|
|
|
@ -60,13 +60,14 @@ as shown in the following table:
|
|||
|
||||
| Capability | In Free & Premium | In Ultimate |
|
||||
|:----------------------------------------------------------------|:--------------------|:-------------------|
|
||||
| [Configure Secret Detection Scanners](#configuration) | **{check-circle}** | **{check-circle}** |
|
||||
| [Customize Secret Detection Settings](#customizing-settings) | **{check-circle}** | **{check-circle}** |
|
||||
| View [JSON Report](../sast/index.md#reports-json-format) | **{check-circle}** | **{check-circle}** |
|
||||
| Presentation of JSON Report in merge request | **{dotted-circle}** | **{check-circle}** |
|
||||
| [Configure Secret Detection scanner](#configuration) | **{check-circle}** | **{check-circle}** |
|
||||
| [Customize Secret Detection settings](#customizing-settings) | **{check-circle}** | **{check-circle}** |
|
||||
| Download [JSON Report](../sast/index.md#reports-json-format) | **{check-circle}** | **{check-circle}** |
|
||||
| See new findings in the merge request widget | **{dotted-circle}** | **{check-circle}** |
|
||||
| View identified secrets in the pipelines' **Security** tab | **{dotted-circle}** | **{check-circle}** |
|
||||
| [Interaction with Vulnerabilities](../vulnerabilities/index.md) | **{dotted-circle}** | **{check-circle}** |
|
||||
| [Access to Security Dashboard](../security_dashboard/index.md) | **{dotted-circle}** | **{check-circle}** |
|
||||
| [Manage vulnerabilities](../vulnerabilities/index.md) | **{dotted-circle}** | **{check-circle}** |
|
||||
| [Access the Security Dashboard](../security_dashboard/index.md) | **{dotted-circle}** | **{check-circle}** |
|
||||
| [Customize Secret Detection rulesets](#custom-rulesets) | **{dotted-circle}** | **{check-circle}** |
|
||||
|
||||
## Configuration
|
||||
|
||||
|
|
Binary file not shown.
Before Width: | Height: | Size: 4.0 KiB |
Binary file not shown.
Before Width: | Height: | Size: 4.0 KiB |
Binary file not shown.
Before Width: | Height: | Size: 4.0 KiB |
|
@ -9,17 +9,19 @@ info: To determine the technical writer assigned to the Stage/Group associated w
|
|||
|
||||
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/36524) in GitLab 12.8 as Compliance Dashboard.
|
||||
> - [Renamed](https://gitlab.com/gitlab-org/gitlab/-/issues/299360) to compliance report in GitLab 14.2.
|
||||
> - [Replaced](https://gitlab.com/groups/gitlab-org/-/epics/5237) by merge request violations in GitLab 14.6 [with a flag](../../../administration/feature_flags.md) named `compliance_violations_report`. Disabled by default.
|
||||
> - GraphQL API [introduced](https://gitlab.com/groups/gitlab-org/-/epics/7222) in GitLab 14.9.
|
||||
> - [Generally available](https://gitlab.com/groups/gitlab-org/-/epics/5237) in GitLab 14.10. [Feature flag `compliance_violations_report`](https://gitlab.com/gitlab-org/gitlab/-/issues/346266) removed.
|
||||
|
||||
Compliance report gives you the ability to see a group's merge request activity. It provides a
|
||||
high-level view for all projects in the group. For example, code approved for merging into
|
||||
production.
|
||||
|
||||
You can use the report to:
|
||||
You can use the report to get:
|
||||
|
||||
- Get an overview of the latest merge request for each project.
|
||||
- See if merge requests were approved and by whom.
|
||||
- See merge request authors.
|
||||
- See the latest [CI/CD pipeline](../../../ci/pipelines/index.md) result for each merge request.
|
||||
- A list of compliance violations from all merged merge requests within the group.
|
||||
- The reason and severity of each compliance violation.
|
||||
- A link to the merge request that caused each compliance violation.
|
||||
|
||||
## View the compliance report for a group
|
||||
|
||||
|
@ -32,8 +34,36 @@ To view the compliance report:
|
|||
1. On the top bar, select **Menu > Groups** and find your group.
|
||||
1. On the left sidebar, select **Security & Compliance > Compliance report**.
|
||||
|
||||
NOTE:
|
||||
The compliance report shows only the latest merge request on each project.
|
||||
### Severity levels scale
|
||||
|
||||
The following is a list of available violation severity levels, ranked from most to least severe:
|
||||
|
||||
| Icon | Severity level |
|
||||
|:----------------------------------------------|:---------------|
|
||||
| **{severity-critical, 18, gl-fill-red-800}** | Critical |
|
||||
| **{severity-high, 18, gl-fill-red-600}** | High |
|
||||
| **{severity-medium, 18, gl-fill-orange-400}** | Medium |
|
||||
| **{severity-low, 18, gl-fill-orange-300}** | Low |
|
||||
| **{severity-info, 18, gl-fill-blue-400}** | Info |
|
||||
|
||||
### Violation types
|
||||
|
||||
The following is a list of violations that are either:
|
||||
|
||||
- Already available.
|
||||
- Aren't available, but which we are tracking in issues.
|
||||
|
||||
| Violation | Severity level | Category | Description | Availability |
|
||||
|:-------------------------------------|:----------------|:---------------------------------------------------------------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------------------------------------------------------------------------------|
|
||||
| Author approved merge request | High | [Separation of duties](#separation-of-duties) | The author of the merge request approved their own merge request. [Learn more](../../project/merge_requests/approvals/settings.md#prevent-approval-by-author). | [Available in GitLab 14.10](https://gitlab.com/groups/gitlab-org/-/epics/6870) |
|
||||
| Committers approved merge request | High | [Separation of duties](#separation-of-duties) | The committers of the merge request approved the merge request they contributed to. [Learn more](../../project/merge_requests/approvals/settings.md#prevent-approvals-by-users-who-add-commits). | [Available in GitLab 14.10](https://gitlab.com/groups/gitlab-org/-/epics/6870) |
|
||||
| Fewer than two approvals | High | [Separation of duties](#separation-of-duties) | The merge request was merged with fewer than two approvals. [Learn more](../../project/merge_requests/approvals/rules.md). | [Available in GitLab 14.10](https://gitlab.com/groups/gitlab-org/-/epics/6870) |
|
||||
| Pipeline failed | Medium | [Pipeline results](../../../ci/pipelines/index.md) | The merge requests pipeline failed and was merged. | [Unavailable](https://gitlab.com/gitlab-org/gitlab/-/issues/346011) |
|
||||
| Pipeline passed with warnings | Info | [Pipeline results](../../../ci/pipelines/index.md) | The merge request pipeline passed with warnings and was merged. | [Unavailable](https://gitlab.com/gitlab-org/gitlab/-/issues/346011) |
|
||||
| Code coverage down more than 10% | High | [Code coverage](../../../ci/pipelines/settings.md#merge-request-test-coverage-results) | The code coverage report for the merge request indicates a reduction in coverage of more than 10%. | [Unavailable](https://gitlab.com/gitlab-org/gitlab/-/issues/346011) |
|
||||
| Code coverage down between 5% to 10% | Medium | [Code coverage](../../../ci/pipelines/settings.md#merge-request-test-coverage-results) | The code coverage report for the merge request indicates a reduction in coverage of between 5% to 10%. | [Unavailable](https://gitlab.com/gitlab-org/gitlab/-/issues/346011) |
|
||||
| Code coverage down between 1% to 5% | Low | [Code coverage](../../../ci/pipelines/settings.md#merge-request-test-coverage-results) | The code coverage report for the merge request indicates a reduction in coverage of between 1% to 5%. | [Unavailable](https://gitlab.com/gitlab-org/gitlab/-/issues/346011) |
|
||||
| Code coverage down less than 1% | Info | [Code coverage](../../../ci/pipelines/settings.md#merge-request-test-coverage-results) | The code coverage report for the merge request indicates a reduction in coverage of less than 1%. | [Unavailable](https://gitlab.com/gitlab-org/gitlab/-/issues/346011) |
|
||||
|
||||
## Merge request drawer
|
||||
|
||||
|
@ -51,30 +81,15 @@ request:
|
|||
- A list of users that approved the merge request.
|
||||
- The user that merged the merge request.
|
||||
|
||||
## Approval status and separation of duties
|
||||
|
||||
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/217939) in GitLab 13.3.
|
||||
## Separation of duties
|
||||
|
||||
We support a separation of duties policy between users who create and approve merge requests.
|
||||
The approval status column can help you identify violations of this policy.
|
||||
Our criteria for the separation of duties is as follows:
|
||||
|
||||
- [A merge request author is **not** allowed to approve their merge request](../../project/merge_requests/approvals/settings.md#prevent-approval-by-author)
|
||||
- [A merge request committer is **not** allowed to approve a merge request they have added commits to](../../project/merge_requests/approvals/settings.md#prevent-approvals-by-users-who-add-commits)
|
||||
- [The minimum number of approvals required to merge a merge request is **at least** two](../../project/merge_requests/approvals/rules.md)
|
||||
|
||||
The **Approval status** column shows you at a glance whether a merge request is complying with the above.
|
||||
This column has four states:
|
||||
|
||||
| State | Description |
|
||||
|:------|:------------|
|
||||
| Empty | The merge request approval status is unknown |
|
||||
| ![Failed](img/failed_icon_v13_3.png) | The merge request **does not** comply with any of the above criteria |
|
||||
| ![Warning](img/warning_icon_v13_3.png) | The merge request complies with **some** of the above criteria |
|
||||
| ![Success](img/success_icon_v13_3.png) | The merge request complies with **all** of the above criteria |
|
||||
|
||||
If you see a non-success state, review the criteria for the merge request's project to ensure it complies with the separation of duties.
|
||||
|
||||
## Chain of Custody report
|
||||
|
||||
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/213364) in GitLab 13.3.
|
||||
|
@ -105,64 +120,3 @@ You can generate a commit-specific Chain of Custody report for a given commit SH
|
|||
NOTE:
|
||||
The Chain of Custody report download is a CSV file, with a maximum size of 15 MB.
|
||||
The remaining records are truncated when this limit is reached.
|
||||
|
||||
## Merge request violations
|
||||
|
||||
> - Introduced in GitLab 14.6. [Deployed behind the `compliance_violations_report` flag](../../../administration/feature_flags.md). Disabled by default.
|
||||
> - GraphQL API [introduced](https://gitlab.com/groups/gitlab-org/-/epics/7222) in GitLab 14.9.
|
||||
|
||||
FLAG:
|
||||
On self-managed GitLab, by default this feature is not available. To make it available,
|
||||
ask an administrator to [enable the feature flag](../../../administration/feature_flags.md) named `compliance_violations_report`.
|
||||
On GitLab.com, this feature is not available. This feature is not ready for production use.
|
||||
|
||||
Merge request violations provide a view of all the [separation of duties](#approval-status-and-separation-of-duties) compliance violations
|
||||
that exist in projects in a specific group. For each separation of duties compliance violation, you can see:
|
||||
|
||||
- A list of compliance violations.
|
||||
- The severity of each compliance violation.
|
||||
- Reason for the compliance violation.
|
||||
- A link to the merge request that caused the compliance violation.
|
||||
|
||||
Merge request violations can be accessed:
|
||||
|
||||
- In the GitLab UI.
|
||||
- Using the [GraphQL API](../../../api/graphql/reference/index.md#complianceviolation) (GitLab 14.9 and later).
|
||||
|
||||
### View merge request violations
|
||||
|
||||
To view merge request violations:
|
||||
|
||||
1. On the top bar, select **Menu > Groups** and find your group.
|
||||
1. On the left sidebar, select **Security & Compliance > Compliance report**.
|
||||
|
||||
### Severity levels scale
|
||||
|
||||
The following is a list of available violation severity levels, ranked from most to least severe:
|
||||
|
||||
| Icon | Severity level |
|
||||
|:----------------------------------------------|:---------------|
|
||||
| **{severity-critical, 18, gl-fill-red-800}** | Critical |
|
||||
| **{severity-high, 18, gl-fill-red-600}** | High |
|
||||
| **{severity-medium, 18, gl-fill-orange-400}** | Medium |
|
||||
| **{severity-low, 18, gl-fill-orange-300}** | Low |
|
||||
| **{severity-info, 18, gl-fill-blue-400}** | Info |
|
||||
|
||||
### Violation types
|
||||
|
||||
The following is a list of violations that are either:
|
||||
|
||||
- Already available.
|
||||
- Aren't available, but which we are tracking in issues.
|
||||
|
||||
| Violation | Severity level | Category | Description | Availability |
|
||||
|:-------------------------------------|:----------------|:----------------------------------------------------------------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------------------------------------------------------------------|
|
||||
| Author approved merge request | High | [Separation of duties](#approval-status-and-separation-of-duties) | The author of the merge request approved their own merge request. [Learn more](../../project/merge_requests/approvals/settings.md#prevent-approval-by-author). | [Unavailable](https://gitlab.com/groups/gitlab-org/-/epics/6870) |
|
||||
| Committers approved merge request | High | [Separation of duties](#approval-status-and-separation-of-duties) | The committers of the merge request approved the merge request they contributed to. [Learn more](../../project/merge_requests/approvals/settings.md#prevent-approvals-by-users-who-add-commits). | [Unavailable](https://gitlab.com/groups/gitlab-org/-/epics/6870) |
|
||||
| Fewer than two approvals | High | [Separation of duties](#approval-status-and-separation-of-duties) | The merge request was merged with fewer than two approvals. [Learn more](../../project/merge_requests/approvals/rules.md). | [Unavailable](https://gitlab.com/groups/gitlab-org/-/epics/6870) |
|
||||
| Pipeline failed | Medium | [Pipeline results](../../../ci/pipelines/index.md) | The merge requests pipeline failed and was merged. | [Unavailable](https://gitlab.com/gitlab-org/gitlab/-/issues/346011) |
|
||||
| Pipeline passed with warnings | Info | [Pipeline results](../../../ci/pipelines/index.md) | The merge request pipeline passed with warnings and was merged. | [Unavailable](https://gitlab.com/gitlab-org/gitlab/-/issues/346011) |
|
||||
| Code coverage down more than 10% | High | [Code coverage](../../../ci/pipelines/settings.md#merge-request-test-coverage-results) | The code coverage report for the merge request indicates a reduction in coverage of more than 10%. | [Unavailable](https://gitlab.com/gitlab-org/gitlab/-/issues/346011) |
|
||||
| Code coverage down between 5% to 10% | Medium | [Code coverage](../../../ci/pipelines/settings.md#merge-request-test-coverage-results) | The code coverage report for the merge request indicates a reduction in coverage of between 5% to 10%. | [Unavailable](https://gitlab.com/gitlab-org/gitlab/-/issues/346011) |
|
||||
| Code coverage down between 1% to 5% | Low | [Code coverage](../../../ci/pipelines/settings.md#merge-request-test-coverage-results) | The code coverage report for the merge request indicates a reduction in coverage of between 1% to 5%. | [Unavailable](https://gitlab.com/gitlab-org/gitlab/-/issues/346011) |
|
||||
| Code coverage down less than 1% | Info | [Code coverage](../../../ci/pipelines/settings.md#merge-request-test-coverage-results) | The code coverage report for the merge request indicates a reduction in coverage of less than 1%. | [Unavailable](https://gitlab.com/gitlab-org/gitlab/-/issues/346011) |
|
||||
|
|
|
@ -124,8 +124,8 @@ Only one CODEOWNERS pattern can match per file path.
|
|||
|
||||
### Organize Code Owners by putting them into sections
|
||||
|
||||
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/12137) in GitLab 13.2 behind a feature flag, enabled by default.
|
||||
> - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/42389) in GitLab 13.4.
|
||||
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/12137) in GitLab 13.2 [with a flag](../../administration/feature_flags.md) named `sectional_codeowners`. Disabled by default.
|
||||
> - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/42389) in GitLab 13.4. Feature flag `sectional_codeowners` removed.
|
||||
|
||||
You can organize Code Owners by putting them into named sections.
|
||||
|
||||
|
|
|
@ -1,11 +0,0 @@
|
|||
---
|
||||
redirect_to: 'index.md'
|
||||
remove_date: '2022-02-24'
|
||||
---
|
||||
|
||||
This file was moved to [another location](index.md).
|
||||
|
||||
<!-- This redirect file can be deleted after <2022-02-24>. -->
|
||||
<!-- Redirects that point to other docs in the same project expire in three months. -->
|
||||
<!-- Redirects that point to docs in a different project or site (for example, link is not relative and starts with `https:`) expire in one year. -->
|
||||
<!-- Before deletion, see: https://docs.gitlab.com/ee/development/documentation/redirects.html -->
|
|
@ -8,7 +8,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
|
|||
|
||||
# GitLab Pages integration with Let's Encrypt **(FREE)**
|
||||
|
||||
> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/28996) in GitLab 12.1. For versions earlier than GitLab 12.1, see the [manual Let's Encrypt instructions](../lets_encrypt_for_gitlab_pages.md).
|
||||
> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/28996) in GitLab 12.1.
|
||||
|
||||
The GitLab Pages integration with Let's Encrypt (LE) allows you
|
||||
to use LE certificates for your Pages website with custom domains
|
||||
|
|
|
@ -1,11 +0,0 @@
|
|||
---
|
||||
redirect_to: 'custom_domains_ssl_tls_certification/lets_encrypt_integration.md'
|
||||
remove_date: '2022-03-14'
|
||||
---
|
||||
|
||||
This file was moved to [another location](custom_domains_ssl_tls_certification/lets_encrypt_integration.md).
|
||||
|
||||
<!-- This redirect file can be deleted after <2022-03-14>. -->
|
||||
<!-- Redirects that point to other docs in the same project expire in three months. -->
|
||||
<!-- Redirects that point to docs in a different project or site (for example, link is not relative and starts with `https:`) expire in one year. -->
|
||||
<!-- Before deletion, see: https://docs.gitlab.com/ee/development/documentation/redirects.html -->
|
|
@ -147,8 +147,8 @@ Deploy keys are not available in the **Allowed to merge** dropdown list.
|
|||
|
||||
## Allow force push on a protected branch
|
||||
|
||||
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/15611) in GitLab 13.10 behind a disabled feature flag.
|
||||
> - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/323431) in GitLab 14.0.
|
||||
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/15611) in GitLab 13.10 [with a flag](../../administration/feature_flags.md) named `allow_force_push_to_protected_branches`. Disabled by default.
|
||||
> - [Enabled on GitLab.com and self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/323431) in GitLab 14.0. Feature flag `allow_force_push_to_protected_branches` removed.
|
||||
|
||||
You can allow [force pushes](../../topics/git/git_rebase.md#force-push) to
|
||||
protected branches.
|
||||
|
|
|
@ -1,9 +0,0 @@
|
|||
---
|
||||
redirect_to: 'mirror/index.md'
|
||||
remove_date: '2022-03-22'
|
||||
---
|
||||
|
||||
This document was moved to [another location](mirror/index.md).
|
||||
|
||||
<!-- This redirect file can be deleted after <2022-03-22>. -->
|
||||
<!-- Before deletion, see: https://docs.gitlab.com/ee/development/documentation/#move-or-rename-a-page -->
|
|
@ -135,8 +135,6 @@ module API
|
|||
success Entities::ProjectImportStatus
|
||||
end
|
||||
post 'remote-import' do
|
||||
not_found! unless ::Feature.enabled?(:import_project_from_remote_file, default_enabled: :yaml)
|
||||
|
||||
check_rate_limit! :project_import, scope: [current_user, :project_import]
|
||||
|
||||
response = ::Import::GitlabProjects::CreateProjectService.new(
|
||||
|
|
|
@ -14,6 +14,7 @@ module Gitlab
|
|||
def initialize(json_data, report, vulnerability_finding_signatures_enabled = false, validate: false)
|
||||
@json_data = json_data
|
||||
@report = report
|
||||
@project = report.project
|
||||
@validate = validate
|
||||
@vulnerability_finding_signatures_enabled = vulnerability_finding_signatures_enabled
|
||||
end
|
||||
|
@ -51,22 +52,27 @@ module Gitlab
|
|||
#
|
||||
# After 15.0 we will enforce schema validation by default
|
||||
# See: https://gitlab.com/groups/gitlab-org/-/epics/6968
|
||||
schema_validation_passed = schema_validator.valid?
|
||||
schema_validator.deprecation_warnings.each { |deprecation_warning| report.add_warning('Schema', deprecation_warning) }
|
||||
|
||||
if validate
|
||||
schema_validator.errors.each { |error| report.add_error('Schema', error) } unless schema_validation_passed
|
||||
schema_validation_passed = schema_validator.valid?
|
||||
|
||||
# Validation warnings are errors
|
||||
schema_validator.errors.each { |error| report.add_error('Schema', error) }
|
||||
schema_validator.warnings.each { |warning| report.add_error('Schema', warning) }
|
||||
|
||||
schema_validation_passed
|
||||
else
|
||||
# We treat all schema validation errors as warnings
|
||||
# Validation warnings are warnings
|
||||
schema_validator.errors.each { |error| report.add_warning('Schema', error) }
|
||||
schema_validator.warnings.each { |warning| report.add_warning('Schema', warning) }
|
||||
|
||||
true
|
||||
end
|
||||
end
|
||||
|
||||
def schema_validator
|
||||
@schema_validator ||= ::Gitlab::Ci::Parsers::Security::Validators::SchemaValidator.new(report.type, report_data, report.version)
|
||||
@schema_validator ||= ::Gitlab::Ci::Parsers::Security::Validators::SchemaValidator.new(report.type, report_data, report.version, project: @project)
|
||||
end
|
||||
|
||||
def report_data
|
||||
|
@ -136,7 +142,7 @@ module Gitlab
|
|||
metadata_version: report_version,
|
||||
details: data['details'] || {},
|
||||
signatures: signatures,
|
||||
project_id: report.project_id,
|
||||
project_id: @project.id,
|
||||
vulnerability_finding_signatures_enabled: @vulnerability_finding_signatures_enabled))
|
||||
end
|
||||
|
||||
|
@ -279,7 +285,7 @@ module Gitlab
|
|||
report_type: report.type,
|
||||
primary_identifier_fingerprint: primary_identifier&.fingerprint,
|
||||
location_fingerprint: location_fingerprint,
|
||||
project_id: report.project_id
|
||||
project_id: @project.id
|
||||
}
|
||||
|
||||
if uuid_v5_name_components.values.any?(&:nil?)
|
||||
|
|
|
@ -26,19 +26,19 @@ module Gitlab
|
|||
8.0.0-rc1 8.0.1-rc1 8.1.0-rc1 9.0.0-rc1].freeze
|
||||
|
||||
# These come from https://app.periscopedata.com/app/gitlab/895813/Secure-Scan-metrics?widget=12248944&udv=1385516
|
||||
KNOWN_VERSIONS_TO_DEPRECATE = %w[0.1 1.0 1.0.0 1.2 1.3 10.0.0 12.1.0 13.1.0 2.0 2.1 2.1.0 2.3 2.3.0 2.4 3.0 3.0.0 3.0.6 3.13.2 V2.7.0].freeze
|
||||
KNOWN_VERSIONS_TO_REMOVE = %w[0.1 1.0 1.0.0 1.2 1.3 10.0.0 12.1.0 13.1.0 2.0 2.1 2.1.0 2.3 2.3.0 2.4 3.0 3.0.0 3.0.6 3.13.2 V2.7.0].freeze
|
||||
|
||||
VERSIONS_TO_DEPRECATE_IN_15_0 = (PREVIOUS_RELEASES + KNOWN_VERSIONS_TO_DEPRECATE).freeze
|
||||
VERSIONS_TO_REMOVE_IN_15_0 = (PREVIOUS_RELEASES + KNOWN_VERSIONS_TO_REMOVE).freeze
|
||||
|
||||
DEPRECATED_VERSIONS = {
|
||||
cluster_image_scanning: VERSIONS_TO_DEPRECATE_IN_15_0,
|
||||
container_scanning: VERSIONS_TO_DEPRECATE_IN_15_0,
|
||||
coverage_fuzzing: VERSIONS_TO_DEPRECATE_IN_15_0,
|
||||
dast: VERSIONS_TO_DEPRECATE_IN_15_0,
|
||||
api_fuzzing: VERSIONS_TO_DEPRECATE_IN_15_0,
|
||||
dependency_scanning: VERSIONS_TO_DEPRECATE_IN_15_0,
|
||||
sast: VERSIONS_TO_DEPRECATE_IN_15_0,
|
||||
secret_detection: VERSIONS_TO_DEPRECATE_IN_15_0
|
||||
cluster_image_scanning: VERSIONS_TO_REMOVE_IN_15_0,
|
||||
container_scanning: VERSIONS_TO_REMOVE_IN_15_0,
|
||||
coverage_fuzzing: VERSIONS_TO_REMOVE_IN_15_0,
|
||||
dast: VERSIONS_TO_REMOVE_IN_15_0,
|
||||
api_fuzzing: VERSIONS_TO_REMOVE_IN_15_0,
|
||||
dependency_scanning: VERSIONS_TO_REMOVE_IN_15_0,
|
||||
sast: VERSIONS_TO_REMOVE_IN_15_0,
|
||||
secret_detection: VERSIONS_TO_REMOVE_IN_15_0
|
||||
}.freeze
|
||||
|
||||
class Schema
|
||||
|
@ -86,15 +86,18 @@ module Gitlab
|
|||
end
|
||||
end
|
||||
|
||||
def initialize(report_type, report_data, report_version = nil)
|
||||
def initialize(report_type, report_data, report_version = nil, project: nil)
|
||||
@report_type = report_type&.to_sym
|
||||
@report_data = report_data
|
||||
@report_version = report_version
|
||||
@project = project
|
||||
@errors = []
|
||||
@warnings = []
|
||||
@deprecation_warnings = []
|
||||
|
||||
populate_errors
|
||||
populate_warnings
|
||||
populate_deprecation_warnings
|
||||
end
|
||||
|
||||
def valid?
|
||||
|
@ -102,25 +105,46 @@ module Gitlab
|
|||
end
|
||||
|
||||
def populate_errors
|
||||
if Feature.enabled?(:enforce_security_report_validation)
|
||||
@errors += schema.validate(report_data).map { |error| JSONSchemer::Errors.pretty(error) }
|
||||
schema_validation_errors = schema.validate(report_data).map { |error| JSONSchemer::Errors.pretty(error) }
|
||||
|
||||
log_warnings(problem_type: 'schema_validation_fails') unless schema_validation_errors.empty?
|
||||
|
||||
if Feature.enabled?(:enforce_security_report_validation, @project)
|
||||
@errors += schema_validation_errors
|
||||
else
|
||||
@warnings += schema.validate(report_data).map { |error| JSONSchemer::Errors.pretty(error) }
|
||||
@warnings += schema_validation_errors
|
||||
end
|
||||
end
|
||||
|
||||
def populate_warnings
|
||||
add_deprecated_report_version_message if report_uses_deprecated_schema_version?
|
||||
add_unsupported_report_version_message if !report_uses_supported_schema_version? && !report_uses_deprecated_schema_version?
|
||||
end
|
||||
|
||||
def populate_deprecation_warnings
|
||||
add_deprecated_report_version_message if report_uses_deprecated_schema_version?
|
||||
end
|
||||
|
||||
def add_deprecated_report_version_message
|
||||
log_warnings(problem_type: 'using_deprecated_schema_version')
|
||||
|
||||
message = "Version #{report_version} for report type #{report_type} has been deprecated, supported versions for this report type are: #{supported_schema_versions}"
|
||||
add_message_as(level: :warning, message: message)
|
||||
add_message_as(level: :deprecation_warning, message: message)
|
||||
end
|
||||
|
||||
def log_warnings(problem_type:)
|
||||
Gitlab::AppLogger.info(
|
||||
message: 'security report schema validation problem',
|
||||
security_report_type: report_type,
|
||||
security_report_version: report_version,
|
||||
project_id: @project.id,
|
||||
security_report_failure: problem_type
|
||||
)
|
||||
end
|
||||
|
||||
def add_unsupported_report_version_message
|
||||
if Feature.enabled?(:enforce_security_report_validation)
|
||||
log_warnings(problem_type: 'using_unsupported_schema_version')
|
||||
|
||||
if Feature.enabled?(:enforce_security_report_validation, @project)
|
||||
handle_unsupported_report_version(treat_as: :error)
|
||||
else
|
||||
handle_unsupported_report_version(treat_as: :warning)
|
||||
|
@ -152,6 +176,8 @@ module Gitlab
|
|||
|
||||
def add_message_as(level:, message:)
|
||||
case level
|
||||
when :deprecation_warning
|
||||
@deprecation_warnings << message
|
||||
when :error
|
||||
@errors << message
|
||||
when :warning
|
||||
|
@ -159,7 +185,7 @@ module Gitlab
|
|||
end
|
||||
end
|
||||
|
||||
attr_reader :errors, :warnings
|
||||
attr_reader :errors, :warnings, :deprecation_warnings
|
||||
|
||||
private
|
||||
|
||||
|
|
|
@ -9,6 +9,7 @@ module Gitlab
|
|||
attr_accessor :scan, :scanned_resources, :errors, :analyzer, :version, :schema_validation_status, :warnings
|
||||
|
||||
delegate :project_id, to: :pipeline
|
||||
delegate :project, to: :pipeline
|
||||
|
||||
def initialize(type, pipeline, created_at)
|
||||
@type = type
|
||||
|
@ -38,6 +39,10 @@ module Gitlab
|
|||
errors.present?
|
||||
end
|
||||
|
||||
def warnings?
|
||||
warnings.present?
|
||||
end
|
||||
|
||||
def add_scanner(scanner)
|
||||
scanners[scanner.key] ||= scanner
|
||||
end
|
||||
|
|
|
@ -375,7 +375,7 @@ module Gitlab
|
|||
end
|
||||
|
||||
def rendered
|
||||
return unless use_renderable_diff? && ipynb?
|
||||
return unless use_renderable_diff? && ipynb? && modified_file? && !too_large?
|
||||
|
||||
strong_memoize(:rendered) { Rendered::Notebook::DiffFile.new(self) }
|
||||
end
|
||||
|
@ -410,7 +410,7 @@ module Gitlab
|
|||
end
|
||||
|
||||
def ipynb?
|
||||
modified_file? && file_path.ends_with?('.ipynb')
|
||||
file_path.ends_with?('.ipynb')
|
||||
end
|
||||
|
||||
# We can't use Object#try because Blob doesn't inherit from Object, but
|
||||
|
|
|
@ -194,3 +194,9 @@
|
|||
redis_slot: project_management
|
||||
aggregation: daily
|
||||
feature_flag: track_epics_activity
|
||||
|
||||
- name: g_project_management_epic_related_removed
|
||||
category: epics_usage
|
||||
redis_slot: project_management
|
||||
aggregation: daily
|
||||
feature_flag: track_epics_activity
|
||||
|
|
|
@ -22773,9 +22773,6 @@ msgstr ""
|
|||
msgid "Locked the discussion."
|
||||
msgstr ""
|
||||
|
||||
msgid "Locked to current projects"
|
||||
msgstr ""
|
||||
|
||||
msgid "Locks give the ability to lock specific file or folder."
|
||||
msgstr ""
|
||||
|
||||
|
|
|
@ -19,6 +19,12 @@ FactoryBot.define do
|
|||
user
|
||||
end
|
||||
|
||||
factory :personal_key_4096 do
|
||||
user
|
||||
|
||||
key { SSHData::PrivateKey::RSA.generate(4096, unsafe_allow_small_key: true).public_key.openssh(comment: 'dummy@gitlab.com') }
|
||||
end
|
||||
|
||||
factory :another_key do
|
||||
factory :another_deploy_key, class: 'DeployKey'
|
||||
end
|
||||
|
@ -74,6 +80,8 @@ FactoryBot.define do
|
|||
qpPN5jAskkAUzOh5L/M+dmq2jNn03U9xwORCYPZj+fFM9bL99/0knsV0ypZDZyWH dummy@gitlab.com
|
||||
KEY
|
||||
end
|
||||
|
||||
factory :rsa_deploy_key_5120, class: 'DeployKey'
|
||||
end
|
||||
|
||||
factory :rsa_key_8192 do
|
||||
|
|
|
@ -5,23 +5,22 @@ require 'spec_helper'
|
|||
RSpec.describe KeysFinder do
|
||||
subject { described_class.new(params).execute }
|
||||
|
||||
let(:user) { create(:user) }
|
||||
let(:params) { {} }
|
||||
|
||||
let!(:key_1) do
|
||||
create(:personal_key,
|
||||
let_it_be(:user) { create(:user) }
|
||||
let_it_be(:key_1) do
|
||||
create(:rsa_key_4096,
|
||||
last_used_at: 7.days.ago,
|
||||
user: user,
|
||||
key: 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJejgt1016k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa++Oi7Qkr8prgHc4soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0=',
|
||||
fingerprint: 'ba:81:59:68:d7:6c:cd:02:02:bf:6a:9b:55:4e:af:d1',
|
||||
fingerprint_sha256: 'nUhzNyftwADy8AH3wFY31tAKs7HufskYTte2aXo/lCg')
|
||||
fingerprint: 'df:73:db:29:3c:a5:32:cf:09:17:7e:8e:9d:de:d7:f7',
|
||||
fingerprint_sha256: 'ByDU7hQ1JB95l6p53rHrffc4eXvEtqGUtQhS+Dhyy7g')
|
||||
end
|
||||
|
||||
let!(:key_2) { create(:personal_key, last_used_at: nil, user: user) }
|
||||
let!(:key_3) { create(:personal_key, last_used_at: 2.days.ago) }
|
||||
let_it_be(:key_2) { create(:personal_key_4096, last_used_at: nil, user: user) }
|
||||
let_it_be(:key_3) { create(:personal_key_4096, last_used_at: 2.days.ago) }
|
||||
|
||||
let(:params) { {} }
|
||||
|
||||
context 'key_type' do
|
||||
let!(:deploy_key) { create(:deploy_key) }
|
||||
let_it_be(:deploy_key) { create(:deploy_key) }
|
||||
|
||||
context 'when `key_type` is `ssh`' do
|
||||
before do
|
||||
|
@ -64,35 +63,41 @@ RSpec.describe KeysFinder do
|
|||
end
|
||||
|
||||
context 'with valid fingerprints' do
|
||||
let!(:deploy_key) do
|
||||
create(:deploy_key,
|
||||
user: user,
|
||||
key: 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJejgt1017k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa++Oi7Qkr8prgHc4soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0=',
|
||||
fingerprint: '8a:4a:12:92:0b:50:47:02:d4:5a:8e:a9:44:4e:08:b4',
|
||||
fingerprint_sha256: '4DPHOVNh53i9dHb5PpY2vjfyf5qniTx1/pBFPoZLDdk')
|
||||
end
|
||||
let_it_be(:deploy_key) { create(:rsa_deploy_key_5120, user: user) }
|
||||
|
||||
context 'personal key with valid MD5 params' do
|
||||
context 'with an existent fingerprint' do
|
||||
before do
|
||||
params[:fingerprint] = 'ba:81:59:68:d7:6c:cd:02:02:bf:6a:9b:55:4e:af:d1'
|
||||
params[:fingerprint] = 'df:73:db:29:3c:a5:32:cf:09:17:7e:8e:9d:de:d7:f7'
|
||||
end
|
||||
|
||||
it 'returns the key' do
|
||||
expect(subject).to eq(key_1)
|
||||
expect(subject.user).to eq(user)
|
||||
end
|
||||
|
||||
context 'with FIPS mode', :fips_mode do
|
||||
it 'raises InvalidFingerprint' do
|
||||
expect { subject }.to raise_error(KeysFinder::InvalidFingerprint)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context 'deploy key with an existent fingerprint' do
|
||||
before do
|
||||
params[:fingerprint] = '8a:4a:12:92:0b:50:47:02:d4:5a:8e:a9:44:4e:08:b4'
|
||||
params[:fingerprint] = 'fe:fa:3a:4d:7d:51:ec:bf:c7:64:0c:96:d0:17:8a:d0'
|
||||
end
|
||||
|
||||
it 'returns the key' do
|
||||
expect(subject).to eq(deploy_key)
|
||||
expect(subject.user).to eq(user)
|
||||
end
|
||||
|
||||
context 'with FIPS mode', :fips_mode do
|
||||
it 'raises InvalidFingerprint' do
|
||||
expect { subject }.to raise_error(KeysFinder::InvalidFingerprint)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context 'with a non-existent fingerprint' do
|
||||
|
@ -103,13 +108,19 @@ RSpec.describe KeysFinder do
|
|||
it 'returns nil' do
|
||||
expect(subject).to be_nil
|
||||
end
|
||||
|
||||
context 'with FIPS mode', :fips_mode do
|
||||
it 'raises InvalidFingerprint' do
|
||||
expect { subject }.to raise_error(KeysFinder::InvalidFingerprint)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context 'personal key with valid SHA256 params' do
|
||||
context 'with an existent fingerprint' do
|
||||
before do
|
||||
params[:fingerprint] = 'SHA256:nUhzNyftwADy8AH3wFY31tAKs7HufskYTte2aXo/lCg'
|
||||
params[:fingerprint] = 'SHA256:ByDU7hQ1JB95l6p53rHrffc4eXvEtqGUtQhS+Dhyy7g'
|
||||
end
|
||||
|
||||
it 'returns key' do
|
||||
|
@ -120,7 +131,7 @@ RSpec.describe KeysFinder do
|
|||
|
||||
context 'deploy key with an existent fingerprint' do
|
||||
before do
|
||||
params[:fingerprint] = 'SHA256:4DPHOVNh53i9dHb5PpY2vjfyf5qniTx1/pBFPoZLDdk'
|
||||
params[:fingerprint] = 'SHA256:PCCupLbFHScm4AbEufbGDvhBU27IM0MVAor715qKQK8'
|
||||
end
|
||||
|
||||
it 'returns key' do
|
||||
|
|
|
@ -5,12 +5,23 @@ import ConfirmModal from '~/lib/utils/confirm_via_gl_modal/confirm_modal.vue';
|
|||
describe('Confirm Modal', () => {
|
||||
let wrapper;
|
||||
let modal;
|
||||
const SECONDARY_TEXT = 'secondaryText';
|
||||
const SECONDARY_VARIANT = 'danger';
|
||||
|
||||
const createComponent = ({ primaryText, primaryVariant, title, hideCancel = false } = {}) => {
|
||||
const createComponent = ({
|
||||
primaryText,
|
||||
primaryVariant,
|
||||
secondaryText,
|
||||
secondaryVariant,
|
||||
title,
|
||||
hideCancel = false,
|
||||
} = {}) => {
|
||||
wrapper = mount(ConfirmModal, {
|
||||
propsData: {
|
||||
primaryText,
|
||||
primaryVariant,
|
||||
secondaryText,
|
||||
secondaryVariant,
|
||||
hideCancel,
|
||||
title,
|
||||
},
|
||||
|
@ -65,6 +76,19 @@ describe('Confirm Modal', () => {
|
|||
expect(props.actionCancel).toBeNull();
|
||||
});
|
||||
|
||||
it('should not show secondary Button when secondary Text is not set', () => {
|
||||
createComponent();
|
||||
const props = findGlModal().props();
|
||||
expect(props.actionSecondary).toBeNull();
|
||||
});
|
||||
|
||||
it('should show secondary Button when secondaryText is set', () => {
|
||||
createComponent({ secondaryText: SECONDARY_TEXT, secondaryVariant: SECONDARY_VARIANT });
|
||||
const actionSecondary = findGlModal().props('actionSecondary');
|
||||
expect(actionSecondary.text).toEqual(SECONDARY_TEXT);
|
||||
expect(actionSecondary.attributes.variant).toEqual(SECONDARY_VARIANT);
|
||||
});
|
||||
|
||||
it('should set the modal title when the `title` prop is set', () => {
|
||||
const title = 'Modal title';
|
||||
createComponent({ title });
|
||||
|
|
|
@ -37,7 +37,9 @@ RSpec.describe Mutations::Ci::Runner::Delete do
|
|||
it 'raises an error' do
|
||||
mutation_params[:id] = two_projects_runner.to_global_id
|
||||
|
||||
expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
|
||||
expect_graphql_error_to_be_created(Gitlab::Graphql::Errors::ResourceNotAvailable) do
|
||||
subject
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -115,7 +117,10 @@ RSpec.describe Mutations::Ci::Runner::Delete do
|
|||
allow_next_instance_of(::Ci::Runners::UnregisterRunnerService) do |service|
|
||||
expect(service).not_to receive(:execute)
|
||||
end
|
||||
expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
|
||||
|
||||
expect_graphql_error_to_be_created(Gitlab::Graphql::Errors::ResourceNotAvailable) do
|
||||
subject
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -75,10 +75,9 @@ RSpec.describe Resolvers::BlobsResolver do
|
|||
let(:ref) { 'ma:in' }
|
||||
|
||||
it 'raises an ArgumentError' do
|
||||
expect { resolve_blobs }.to raise_error(
|
||||
Gitlab::Graphql::Errors::ArgumentError,
|
||||
'Ref is not valid'
|
||||
)
|
||||
expect_graphql_error_to_be_created(Gitlab::Graphql::Errors::ArgumentError, 'Ref is not valid') do
|
||||
resolve_blobs
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -86,10 +85,9 @@ RSpec.describe Resolvers::BlobsResolver do
|
|||
let(:ref) { '' }
|
||||
|
||||
it 'raises an ArgumentError' do
|
||||
expect { resolve_blobs }.to raise_error(
|
||||
Gitlab::Graphql::Errors::ArgumentError,
|
||||
'Ref is not valid'
|
||||
)
|
||||
expect_graphql_error_to_be_created(Gitlab::Graphql::Errors::ArgumentError, 'Ref is not valid') do
|
||||
resolve_blobs
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -35,7 +35,9 @@ RSpec.describe Resolvers::GroupMembers::NotificationEmailResolver do
|
|||
let(:current_user) { create(:user) }
|
||||
|
||||
it 'raises ResourceNotAvailable error' do
|
||||
expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
|
||||
expect_graphql_error_to_be_created(Gitlab::Graphql::Errors::ResourceNotAvailable) do
|
||||
subject
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -74,7 +74,9 @@ RSpec.describe Resolvers::UsersResolver do
|
|||
let_it_be(:current_user) { nil }
|
||||
|
||||
it 'prohibits search without usernames passed' do
|
||||
expect { resolve_users }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
|
||||
expect_graphql_error_to_be_created(Gitlab::Graphql::Errors::ResourceNotAvailable) do
|
||||
resolve_users
|
||||
end
|
||||
end
|
||||
|
||||
it 'allows to search by username' do
|
||||
|
|
|
@ -22,7 +22,9 @@ RSpec.describe Resolvers::WorkItemResolver do
|
|||
let(:current_user) { create(:user) }
|
||||
|
||||
it 'raises a resource not available error' do
|
||||
expect { resolved_work_item }.to raise_error(::Gitlab::Graphql::Errors::ResourceNotAvailable)
|
||||
expect_graphql_error_to_be_created(Gitlab::Graphql::Errors::ResourceNotAvailable) do
|
||||
resolved_work_item
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -42,11 +42,13 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do
|
|||
let(:validate) { false }
|
||||
let(:valid?) { false }
|
||||
let(:errors) { ['foo'] }
|
||||
let(:warnings) { ['bar'] }
|
||||
|
||||
before do
|
||||
allow_next_instance_of(validator_class) do |instance|
|
||||
allow(instance).to receive(:valid?).and_return(valid?)
|
||||
allow(instance).to receive(:errors).and_return(errors)
|
||||
allow(instance).to receive(:warnings).and_return(warnings)
|
||||
end
|
||||
|
||||
allow(parser).to receive_messages(create_scanner: true, create_scan: true)
|
||||
|
@ -55,12 +57,17 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do
|
|||
it 'instantiates the validator with correct params' do
|
||||
parse_report
|
||||
|
||||
expect(validator_class).to have_received(:new).with(report.type, {}, report.version)
|
||||
expect(validator_class).to have_received(:new).with(report.type, {}, report.version, project: pipeline.project)
|
||||
end
|
||||
|
||||
context 'when the report data is not valid according to the schema' do
|
||||
it 'adds warnings to the report' do
|
||||
expect { parse_report }.to change { report.warnings }.from([]).to([{ message: 'foo', type: 'Schema' }])
|
||||
expect { parse_report }.to change { report.warnings }.from([]).to(
|
||||
[
|
||||
{ message: 'foo', type: 'Schema' },
|
||||
{ message: 'bar', type: 'Schema' }
|
||||
]
|
||||
)
|
||||
end
|
||||
|
||||
it 'keeps the execution flow as normal' do
|
||||
|
@ -74,9 +81,14 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do
|
|||
context 'when the report data is valid according to the schema' do
|
||||
let(:valid?) { true }
|
||||
let(:errors) { [] }
|
||||
let(:warnings) { [] }
|
||||
|
||||
it 'does not add errors to the report' do
|
||||
expect { parse_report }.not_to change { report.errors }
|
||||
end
|
||||
|
||||
it 'does not add warnings to the report' do
|
||||
expect { parse_report }.not_to change { report.errors }
|
||||
expect { parse_report }.not_to change { report.warnings }
|
||||
end
|
||||
|
||||
it 'keeps the execution flow as normal' do
|
||||
|
@ -92,11 +104,13 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do
|
|||
let(:validate) { true }
|
||||
let(:valid?) { false }
|
||||
let(:errors) { ['foo'] }
|
||||
let(:warnings) { ['bar'] }
|
||||
|
||||
before do
|
||||
allow_next_instance_of(validator_class) do |instance|
|
||||
allow(instance).to receive(:valid?).and_return(valid?)
|
||||
allow(instance).to receive(:errors).and_return(errors)
|
||||
allow(instance).to receive(:warnings).and_return(warnings)
|
||||
end
|
||||
|
||||
allow(parser).to receive_messages(create_scanner: true, create_scan: true)
|
||||
|
@ -105,12 +119,17 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do
|
|||
it 'instantiates the validator with correct params' do
|
||||
parse_report
|
||||
|
||||
expect(validator_class).to have_received(:new).with(report.type, {}, report.version)
|
||||
expect(validator_class).to have_received(:new).with(report.type, {}, report.version, project: pipeline.project)
|
||||
end
|
||||
|
||||
context 'when the report data is not valid according to the schema' do
|
||||
it 'adds errors to the report' do
|
||||
expect { parse_report }.to change { report.errors }.from([]).to([{ message: 'foo', type: 'Schema' }])
|
||||
expect { parse_report }.to change { report.errors }.from([]).to(
|
||||
[
|
||||
{ message: 'foo', type: 'Schema' },
|
||||
{ message: 'bar', type: 'Schema' }
|
||||
]
|
||||
)
|
||||
end
|
||||
|
||||
it 'does not try to create report entities' do
|
||||
|
@ -124,11 +143,16 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do
|
|||
context 'when the report data is valid according to the schema' do
|
||||
let(:valid?) { true }
|
||||
let(:errors) { [] }
|
||||
let(:warnings) { [] }
|
||||
|
||||
it 'does not add errors to the report' do
|
||||
expect { parse_report }.not_to change { report.errors }.from([])
|
||||
end
|
||||
|
||||
it 'does not add warnings to the report' do
|
||||
expect { parse_report }.not_to change { report.warnings }.from([])
|
||||
end
|
||||
|
||||
it 'keeps the execution flow as normal' do
|
||||
parse_report
|
||||
|
||||
|
|
|
@ -3,7 +3,9 @@
|
|||
require 'spec_helper'
|
||||
|
||||
RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do
|
||||
let(:validator) { described_class.new(report_type, report_data, report_version) }
|
||||
let_it_be(:project) { create(:project) }
|
||||
|
||||
let(:validator) { described_class.new(report_type, report_data, report_version, project: project) }
|
||||
|
||||
describe 'SUPPORTED_VERSIONS' do
|
||||
schema_path = Rails.root.join("lib", "gitlab", "ci", "parsers", "security", "validators", "schemas")
|
||||
|
@ -75,6 +77,18 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do
|
|||
end
|
||||
|
||||
it { is_expected.to be_falsey }
|
||||
|
||||
it 'logs related information' do
|
||||
expect(Gitlab::AppLogger).to receive(:info).with(
|
||||
message: "security report schema validation problem",
|
||||
security_report_type: report_type,
|
||||
security_report_version: report_version,
|
||||
project_id: project.id,
|
||||
security_report_failure: 'schema_validation_fails'
|
||||
)
|
||||
|
||||
subject
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -91,6 +105,18 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do
|
|||
end
|
||||
|
||||
it { is_expected.to be_truthy }
|
||||
|
||||
it 'logs related information' do
|
||||
expect(Gitlab::AppLogger).to receive(:info).with(
|
||||
message: "security report schema validation problem",
|
||||
security_report_type: report_type,
|
||||
security_report_version: report_version,
|
||||
project_id: project.id,
|
||||
security_report_failure: 'using_deprecated_schema_version'
|
||||
)
|
||||
|
||||
subject
|
||||
end
|
||||
end
|
||||
|
||||
context 'and the report does not pass schema validation' do
|
||||
|
@ -142,6 +168,18 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do
|
|||
end
|
||||
|
||||
it { is_expected.to be_falsey }
|
||||
|
||||
it 'logs related information' do
|
||||
expect(Gitlab::AppLogger).to receive(:info).with(
|
||||
message: "security report schema validation problem",
|
||||
security_report_type: report_type,
|
||||
security_report_version: report_version,
|
||||
project_id: project.id,
|
||||
security_report_failure: 'using_unsupported_schema_version'
|
||||
)
|
||||
|
||||
subject
|
||||
end
|
||||
end
|
||||
|
||||
context 'and the report is invalid' do
|
||||
|
@ -211,6 +249,11 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do
|
|||
}
|
||||
end
|
||||
|
||||
context 'if enforce_security_report_validation is enabled' do
|
||||
before do
|
||||
stub_feature_flags(enforce_security_report_validation: project)
|
||||
end
|
||||
|
||||
let(:expected_errors) do
|
||||
[
|
||||
'root is missing required keys: vulnerabilities'
|
||||
|
@ -219,6 +262,17 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do
|
|||
|
||||
it { is_expected.to match_array(expected_errors) }
|
||||
end
|
||||
|
||||
context 'if enforce_security_report_validation is disabled' do
|
||||
before do
|
||||
stub_feature_flags(enforce_security_report_validation: false)
|
||||
end
|
||||
|
||||
let(:expected_errors) { [] }
|
||||
|
||||
it { is_expected.to match_array(expected_errors) }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context 'when given a deprecated schema version' do
|
||||
|
@ -355,6 +409,83 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do
|
|||
end
|
||||
end
|
||||
|
||||
describe '#deprecation_warnings' do
|
||||
subject { validator.deprecation_warnings }
|
||||
|
||||
context 'when given a supported schema version' do
|
||||
let(:report_type) { :dast }
|
||||
let(:report_version) { described_class::SUPPORTED_VERSIONS[report_type].last }
|
||||
|
||||
let(:expected_deprecation_warnings) { [] }
|
||||
|
||||
context 'and the report is valid' do
|
||||
let(:report_data) do
|
||||
{
|
||||
'version' => report_version,
|
||||
'vulnerabilities' => []
|
||||
}
|
||||
end
|
||||
|
||||
it { is_expected.to match_array(expected_deprecation_warnings) }
|
||||
end
|
||||
|
||||
context 'and the report is invalid' do
|
||||
let(:report_data) do
|
||||
{
|
||||
'version' => report_version
|
||||
}
|
||||
end
|
||||
|
||||
it { is_expected.to match_array(expected_deprecation_warnings) }
|
||||
end
|
||||
end
|
||||
|
||||
context 'when given a deprecated schema version' do
|
||||
let(:report_type) { :dast }
|
||||
let(:report_version) { described_class::DEPRECATED_VERSIONS[report_type].last }
|
||||
let(:expected_deprecation_warnings) do
|
||||
[
|
||||
"Version V2.7.0 for report type dast has been deprecated, supported versions for this report type are: 14.0.0, 14.0.1, 14.0.2, 14.0.3, 14.0.4, 14.0.5, 14.0.6, 14.1.0"
|
||||
]
|
||||
end
|
||||
|
||||
context 'and the report passes schema validation' do
|
||||
let(:report_data) do
|
||||
{
|
||||
'version' => report_version,
|
||||
'vulnerabilities' => []
|
||||
}
|
||||
end
|
||||
|
||||
it { is_expected.to match_array(expected_deprecation_warnings) }
|
||||
end
|
||||
|
||||
context 'and the report does not pass schema validation' do
|
||||
let(:report_data) do
|
||||
{
|
||||
'version' => 'V2.7.0'
|
||||
}
|
||||
end
|
||||
|
||||
it { is_expected.to match_array(expected_deprecation_warnings) }
|
||||
end
|
||||
end
|
||||
|
||||
context 'when given an unsupported schema version' do
|
||||
let(:report_type) { :dast }
|
||||
let(:report_version) { "21.37.0" }
|
||||
let(:expected_deprecation_warnings) { [] }
|
||||
let(:report_data) do
|
||||
{
|
||||
'version' => report_version,
|
||||
'vulnerabilities' => []
|
||||
}
|
||||
end
|
||||
|
||||
it { is_expected.to match_array(expected_deprecation_warnings) }
|
||||
end
|
||||
end
|
||||
|
||||
describe '#warnings' do
|
||||
subject { validator.warnings }
|
||||
|
||||
|
@ -382,10 +513,30 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do
|
|||
}
|
||||
end
|
||||
|
||||
context 'if enforce_security_report_validation is enabled' do
|
||||
before do
|
||||
stub_feature_flags(enforce_security_report_validation: project)
|
||||
end
|
||||
|
||||
let(:expected_warnings) { [] }
|
||||
|
||||
it { is_expected.to match_array(expected_warnings) }
|
||||
end
|
||||
|
||||
context 'if enforce_security_report_validation is disabled' do
|
||||
before do
|
||||
stub_feature_flags(enforce_security_report_validation: false)
|
||||
end
|
||||
|
||||
let(:expected_warnings) do
|
||||
[
|
||||
'root is missing required keys: vulnerabilities'
|
||||
]
|
||||
end
|
||||
|
||||
it { is_expected.to match_array(expected_warnings) }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context 'when given a deprecated schema version' do
|
||||
|
@ -399,33 +550,25 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do
|
|||
}
|
||||
end
|
||||
|
||||
let(:expected_warnings) do
|
||||
[
|
||||
"Version V2.7.0 for report type dast has been deprecated, supported versions for this report type are: 14.0.0, 14.0.1, 14.0.2, 14.0.3, 14.0.4, 14.0.5, 14.0.6, 14.1.0"
|
||||
]
|
||||
end
|
||||
let(:expected_warnings) { [] }
|
||||
|
||||
it { is_expected.to match_array(expected_warnings) }
|
||||
end
|
||||
|
||||
context 'and the report does not pass schema validation' do
|
||||
context 'and enforce_security_report_validation is enabled' do
|
||||
before do
|
||||
stub_feature_flags(enforce_security_report_validation: true)
|
||||
end
|
||||
|
||||
let(:report_data) do
|
||||
{
|
||||
'version' => 'V2.7.0'
|
||||
}
|
||||
end
|
||||
|
||||
let(:expected_warnings) do
|
||||
[
|
||||
"Version V2.7.0 for report type dast has been deprecated, supported versions for this report type are: 14.0.0, 14.0.1, 14.0.2, 14.0.3, 14.0.4, 14.0.5, 14.0.6, 14.1.0"
|
||||
]
|
||||
context 'and enforce_security_report_validation is enabled' do
|
||||
before do
|
||||
stub_feature_flags(enforce_security_report_validation: true)
|
||||
end
|
||||
|
||||
let(:expected_warnings) { [] }
|
||||
|
||||
it { is_expected.to match_array(expected_warnings) }
|
||||
end
|
||||
|
||||
|
@ -434,15 +577,8 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do
|
|||
stub_feature_flags(enforce_security_report_validation: false)
|
||||
end
|
||||
|
||||
let(:report_data) do
|
||||
{
|
||||
'version' => 'V2.7.0'
|
||||
}
|
||||
end
|
||||
|
||||
let(:expected_warnings) do
|
||||
[
|
||||
"Version V2.7.0 for report type dast has been deprecated, supported versions for this report type are: 14.0.0, 14.0.1, 14.0.2, 14.0.3, 14.0.4, 14.0.5, 14.0.6, 14.1.0",
|
||||
"property '/version' does not match pattern: ^[0-9]+\\.[0-9]+\\.[0-9]+$",
|
||||
"root is missing required keys: vulnerabilities"
|
||||
]
|
||||
|
|
|
@ -184,6 +184,22 @@ RSpec.describe Gitlab::Ci::Reports::Security::Report do
|
|||
end
|
||||
end
|
||||
|
||||
describe 'warnings?' do
|
||||
subject { report.warnings? }
|
||||
|
||||
context 'when the report does not have any errors' do
|
||||
it { is_expected.to be_falsey }
|
||||
end
|
||||
|
||||
context 'when the report has warnings' do
|
||||
before do
|
||||
report.add_warning('foo', 'bar')
|
||||
end
|
||||
|
||||
it { is_expected.to be_truthy }
|
||||
end
|
||||
end
|
||||
|
||||
describe '#primary_scanner_order_to' do
|
||||
let(:scanner_1) { build(:ci_reports_security_scanner) }
|
||||
let(:scanner_2) { build(:ci_reports_security_scanner) }
|
||||
|
|
|
@ -76,11 +76,35 @@ RSpec.describe Gitlab::Diff::File do
|
|||
end
|
||||
|
||||
describe '#rendered' do
|
||||
context 'when not ipynb' do
|
||||
it 'is nil' do
|
||||
expect(diff_file.rendered).to be_nil
|
||||
end
|
||||
end
|
||||
|
||||
context 'when ipynb' do
|
||||
let(:commit) { project.commit("532c837") }
|
||||
|
||||
it 'creates a NotebookDiffFile for rendering' do
|
||||
expect(diff_file.rendered).to be_kind_of(Gitlab::Diff::Rendered::Notebook::DiffFile)
|
||||
end
|
||||
|
||||
context 'when too large' do
|
||||
it 'is nil' do
|
||||
expect(diff).to receive(:too_large?).and_return(true)
|
||||
|
||||
expect(diff_file.rendered).to be_nil
|
||||
end
|
||||
end
|
||||
|
||||
context 'when not modified' do
|
||||
it 'is nil' do
|
||||
expect(diff_file).to receive(:modified_file?).and_return(false)
|
||||
|
||||
expect(diff_file.rendered).to be_nil
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe '#diff_lines' do
|
||||
|
|
|
@ -3,10 +3,11 @@
|
|||
require 'spec_helper'
|
||||
|
||||
RSpec.describe API::Keys do
|
||||
let(:user) { create(:user) }
|
||||
let(:admin) { create(:admin) }
|
||||
let(:key) { create(:key, user: user, expires_at: 1.day.from_now) }
|
||||
let(:email) { create(:email, user: user) }
|
||||
let_it_be(:user) { create(:user) }
|
||||
let_it_be(:admin) { create(:admin) }
|
||||
let_it_be(:email) { create(:email, user: user) }
|
||||
let_it_be(:key) { create(:rsa_key_4096, user: user, expires_at: 1.day.from_now) }
|
||||
let_it_be(:fingerprint_md5) { 'df:73:db:29:3c:a5:32:cf:09:17:7e:8e:9d:de:d7:f7' }
|
||||
|
||||
describe 'GET /keys/:uid' do
|
||||
context 'when unauthenticated' do
|
||||
|
@ -24,7 +25,6 @@ RSpec.describe API::Keys do
|
|||
end
|
||||
|
||||
it 'returns single ssh key with user information' do
|
||||
user.keys << key
|
||||
get api("/keys/#{key.id}", admin)
|
||||
expect(response).to have_gitlab_http_status(:ok)
|
||||
expect(json_response['title']).to eq(key.title)
|
||||
|
@ -43,18 +43,19 @@ RSpec.describe API::Keys do
|
|||
|
||||
describe 'GET /keys?fingerprint=' do
|
||||
it 'returns authentication error' do
|
||||
get api("/keys?fingerprint=#{key.fingerprint}")
|
||||
get api("/keys?fingerprint=#{fingerprint_md5}")
|
||||
|
||||
expect(response).to have_gitlab_http_status(:unauthorized)
|
||||
end
|
||||
|
||||
it 'returns authentication error when authenticated as user' do
|
||||
get api("/keys?fingerprint=#{key.fingerprint}", user)
|
||||
get api("/keys?fingerprint=#{fingerprint_md5}", user)
|
||||
|
||||
expect(response).to have_gitlab_http_status(:forbidden)
|
||||
end
|
||||
|
||||
context 'when authenticated as admin' do
|
||||
context 'MD5 fingerprint' do
|
||||
it 'returns 404 for non-existing SSH md5 fingerprint' do
|
||||
get api("/keys?fingerprint=11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11", admin)
|
||||
|
||||
|
@ -62,6 +63,32 @@ RSpec.describe API::Keys do
|
|||
expect(json_response['message']).to eq('404 Key Not Found')
|
||||
end
|
||||
|
||||
it 'returns user if SSH md5 fingerprint found' do
|
||||
get api("/keys?fingerprint=#{fingerprint_md5}", admin)
|
||||
|
||||
expect(response).to have_gitlab_http_status(:ok)
|
||||
expect(json_response['title']).to eq(key.title)
|
||||
expect(json_response['user']['id']).to eq(user.id)
|
||||
expect(json_response['user']['username']).to eq(user.username)
|
||||
end
|
||||
|
||||
context 'with FIPS mode', :fips_mode do
|
||||
it 'returns 404 for non-existing SSH md5 fingerprint' do
|
||||
get api("/keys?fingerprint=11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11", admin)
|
||||
|
||||
expect(response).to have_gitlab_http_status(:bad_request)
|
||||
expect(json_response['message']).to eq('Failed to return the key')
|
||||
end
|
||||
|
||||
it 'returns 404 for existing SSH md5 fingerprint' do
|
||||
get api("/keys?fingerprint=#{fingerprint_md5}", admin)
|
||||
|
||||
expect(response).to have_gitlab_http_status(:bad_request)
|
||||
expect(json_response['message']).to eq('Failed to return the key')
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
it 'returns 404 for non-existing SSH sha256 fingerprint' do
|
||||
get api("/keys?fingerprint=#{URI.encode_www_form_component("SHA256:nUhzNyftwADy8AH3wFY31tAKs7HufskYTte2aXo1lCg")}", admin)
|
||||
|
||||
|
@ -69,20 +96,7 @@ RSpec.describe API::Keys do
|
|||
expect(json_response['message']).to eq('404 Key Not Found')
|
||||
end
|
||||
|
||||
it 'returns user if SSH md5 fingerprint found' do
|
||||
user.keys << key
|
||||
|
||||
get api("/keys?fingerprint=#{key.fingerprint}", admin)
|
||||
|
||||
expect(response).to have_gitlab_http_status(:ok)
|
||||
expect(json_response['title']).to eq(key.title)
|
||||
expect(json_response['user']['id']).to eq(user.id)
|
||||
expect(json_response['user']['username']).to eq(user.username)
|
||||
end
|
||||
|
||||
it 'returns user if SSH sha256 fingerprint found' do
|
||||
user.keys << key
|
||||
|
||||
get api("/keys?fingerprint=#{URI.encode_www_form_component("SHA256:" + key.fingerprint_sha256)}", admin)
|
||||
|
||||
expect(response).to have_gitlab_http_status(:ok)
|
||||
|
@ -92,8 +106,6 @@ RSpec.describe API::Keys do
|
|||
end
|
||||
|
||||
it 'returns user if SSH sha256 fingerprint found' do
|
||||
user.keys << key
|
||||
|
||||
get api("/keys?fingerprint=#{URI.encode_www_form_component("sha256:" + key.fingerprint_sha256)}", admin)
|
||||
|
||||
expect(response).to have_gitlab_http_status(:ok)
|
||||
|
@ -103,7 +115,7 @@ RSpec.describe API::Keys do
|
|||
end
|
||||
|
||||
it "does not include the user's `is_admin` flag" do
|
||||
get api("/keys?fingerprint=#{key.fingerprint}", admin)
|
||||
get api("/keys?fingerprint=#{URI.encode_www_form_component("sha256:" + key.fingerprint_sha256)}", admin)
|
||||
|
||||
expect(json_response['user']['is_admin']).to be_nil
|
||||
end
|
||||
|
|
|
@ -306,19 +306,6 @@ RSpec.describe API::ProjectImport, :aggregate_failures do
|
|||
|
||||
it_behaves_like 'requires authentication'
|
||||
|
||||
it 'returns NOT FOUND when the feature is disabled' do
|
||||
stub_feature_flags(import_project_from_remote_file: false)
|
||||
|
||||
subject
|
||||
|
||||
expect(response).to have_gitlab_http_status(:not_found)
|
||||
end
|
||||
|
||||
context 'when the feature flag is enabled' do
|
||||
before do
|
||||
stub_feature_flags(import_project_from_remote_file: true)
|
||||
end
|
||||
|
||||
context 'when the response is successful' do
|
||||
it 'schedules the import successfully' do
|
||||
project = create(
|
||||
|
@ -365,7 +352,6 @@ RSpec.describe API::ProjectImport, :aggregate_failures do
|
|||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'POST /projects/remote-import-s3' do
|
||||
subject do
|
||||
|
|
Loading…
Reference in New Issue