kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Add latest changes from gitlab-org/gitlab@master

Browse source
This commit is contained in:
GitLab Bot 2022-01-17 21:15:21 +00:00
parent d409d12963
commit 513726cb73
34 changed files with 811 additions and 140 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
app/graphql/types/ci/pipeline_message_type.rb Normal file
View file

@ -0,0 +1,16 @@
# frozen_string_literal: true
module Types
module Ci
# rubocop: disable Graphql/AuthorizeTypes
class PipelineMessageType < BaseObject
graphql_name 'PipelineMessage'
field :id, GraphQL::Types::ID, null: false,
description: 'ID of the pipeline message.'
field :content, GraphQL::Types::String, null: false,
description: 'Content of the pipeline message.'
end
end
end

3
app/graphql/types/ci/pipeline_type.rb
View file

@ -172,6 +172,9 @@ module Types
description: 'Reference path to the branch from which the pipeline was triggered.',
method: :source_ref_path
field :warning_messages, [Types::Ci::PipelineMessageType], null: true,
description: 'Pipeline warning messages.'
def detailed_status
object.detailed_status(current_user)
end

39
app/models/clusters/agent_token.rb
View file

@ -10,9 +10,6 @@ module Clusters
self.table_name = 'cluster_agent_tokens'
# The `UPDATE_USED_COLUMN_EVERY` defines how often the token DB entry can be updated
UPDATE_USED_COLUMN_EVERY = (40.minutes..55.minutes).freeze
belongs_to :agent, class_name: 'Clusters::Agent', optional: false
belongs_to :created_by_user, class_name: 'User', optional: true
@ -28,41 +25,5 @@ module Clusters
active: 0,
revoked: 1
}
def track_usage
track_values = { last_used_at: Time.current.utc }
cache_attributes(track_values)
if can_update_track_values?
log_activity_event!(track_values[:last_used_at]) unless agent.connected?
# Use update_column so updated_at is skipped
update_columns(track_values)
end
end
private
def can_update_track_values?
# Use a random threshold to prevent beating DB updates.
last_used_at_max_age = Random.rand(UPDATE_USED_COLUMN_EVERY)
real_last_used_at = read_attribute(:last_used_at)
# Handle too many updates from high token traffic
real_last_used_at.nil? ||
(Time.current - real_last_used_at) >= last_used_at_max_age
end
def log_activity_event!(recorded_at)
Clusters::Agents::CreateActivityEventService.new( # rubocop: disable CodeReuse/ServiceClass
agent,
kind: :agent_connected,
level: :info,
recorded_at: recorded_at,
agent_token: self
).execute
end
end
end

54
app/services/clusters/agent_tokens/track_usage_service.rb Normal file
View file

@ -0,0 +1,54 @@
# frozen_string_literal: true
module Clusters
module AgentTokens
class TrackUsageService
# The `UPDATE_USED_COLUMN_EVERY` defines how often the token DB entry can be updated
UPDATE_USED_COLUMN_EVERY = (40.minutes..55.minutes).freeze
delegate :agent, to: :token
def initialize(token)
@token = token
end
def execute
track_values = { last_used_at: Time.current.utc }
token.cache_attributes(track_values)
if can_update_track_values?
log_activity_event!(track_values[:last_used_at]) unless agent.connected?
# Use update_column so updated_at is skipped
token.update_columns(track_values)
end
end
private
attr_reader :token
def can_update_track_values?
# Use a random threshold to prevent beating DB updates.
last_used_at_max_age = Random.rand(UPDATE_USED_COLUMN_EVERY)
real_last_used_at = token.read_attribute(:last_used_at)
# Handle too many updates from high token traffic
real_last_used_at.nil? ||
(Time.current - real_last_used_at) >= last_used_at_max_age
end
def log_activity_event!(recorded_at)
Clusters::Agents::CreateActivityEventService.new(
agent,
kind: :agent_connected,
level: :info,
recorded_at: recorded_at,
agent_token: token
).execute
end
end
end
end

26
data/deprecations/14-6-Enforce-validation-of-security-schemas.yml Normal file
View file

@ -0,0 +1,26 @@
- name: "Enforced validation of security report schemas" # The name of the feature to be deprecated
announcement_milestone: "14.7" # The milestone when this feature was first announced as deprecated.
announcement_date: "2022-01-22" # The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
removal_milestone: "15.0" # The milestone when this feature is planned to be removed
body: | # Do not modify this line, instead modify the lines below.
[Security report schemas](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/releases)
versions earlier than 14.0.0 will no longer be supported in GitLab 15.0. Reports that do not pass validation
against the schema version declared in the report will also no longer be supported in GitLab 15.0.
Security tools that [integrate with GitLab by outputting security reports](https://docs.gitlab.com/ee/development/integrations/secure.html#report)
as pipeline job artifacts are affected. You must ensure that all output reports adhere to the correct
schema with a minimum version of 14.0.0. Reports with a lower version or that fail to validate
against the declared schema version will not be processed, and vulnerability
findings will not display in MRs, pipelines, or Vulnerability Reports.
To help with the transition, from GitLab 14.10, non-compliant reports will display a
[warning](https://gitlab.com/gitlab-org/gitlab/-/issues/335789#note_672853791)
in the Vulnerability Report.
# The following items are not published on the docs page, but may be used in the future.
stage: Secure # (optional - may be required in the future) String value of the stage that the feature was created in. e.g., Growth
tiers: [Core, Premium, Ultimate] # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
issue_url: https://gitlab.com/groups/gitlab-org/-/epics/6968 # (optional) This is a link to the deprecation issue in GitLab
documentation_url: # (optional) This is a link to the current documentation page
image_url: # (optional) This is a link to a thumbnail image depicting the feature
video_url: # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
removal_date: # (optional - may be required in the future) YYYY-MM-DD format. This should almost always be the 22nd of a month (YYYY-MM-22), the date of the milestone release when this feature is planned to be removed

23
data/deprecations/14-6-container-scanning-schemas-below-14.yml Normal file
View file

@ -0,0 +1,23 @@
- name: "Container scanning schemas below 14.0.0" # The name of the feature to be deprecated
announcement_milestone: "14.7" # The milestone when this feature was first announced as deprecated.
announcement_date: "2022-01-22" # The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
removal_milestone: "15.0" # The milestone when this feature is planned to be removed
body: | # Do not modify this line, instead modify the lines below.
[Container scanning report schemas](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/releases)
versions earlier than 14.0.0 will no longer be supported in GitLab 15.0. Reports that do not pass validation
against the schema version declared in the report will also no longer be supported in GitLab 15.0.
Third-party tools that [integrate with GitLab by outputting a container scanning security report](https://docs.gitlab.com/ee/development/integrations/secure.html#report)
as a pipeline job artifact are affected. You must ensure that all output reports adhere to the correct schema with a minimum version of 14.0.0. Reports with a lower version or that fail to validate against the declared schema version will not be processed, and vulnerability findings will not display in MRs, pipelines, or Vulnerability Reports.
To help with the transition, from GitLab 14.10, non-compliant reports will display a
[warning](https://gitlab.com/gitlab-org/gitlab/-/issues/335789#note_672853791)
in the Vulnerability Report.
# The following items are not published on the docs page, but may be used in the future.
stage: # (optional - may be required in the future) String value of the stage that the feature was created in. e.g., Growth
tiers: # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
issue_url: # (optional) This is a link to the deprecation issue in GitLab
documentation_url: # (optional) This is a link to the current documentation page
image_url: # (optional) This is a link to a thumbnail image depicting the feature
video_url: # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
removal_date: # (optional - may be required in the future) YYYY-MM-DD format. This should almost always be the 22nd of a month (YYYY-MM-22), the date of the milestone release when this feature is planned to be removed

26
data/deprecations/14-6-coverage-fuzzing-schemas-below-14.yml Normal file
View file

@ -0,0 +1,26 @@
- name: "Coverage guided fuzzing schemas below 14.0.0" # The name of the feature to be deprecated
announcement_milestone: "14.7" # The milestone when this feature was first announced as deprecated.
announcement_date: "2022-01-22" # The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
removal_milestone: "15.0" # The milestone when this feature is planned to be removed
body: | # Do not modify this line, instead modify the lines below.
[Coverage guided fuzzing report schemas](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/releases)
below version 14.0.0 will no longer be supported in GitLab 15.0. Reports that do not pass validation
against the schema version declared in the report will also no longer be supported in GitLab 15.0.
Third-party tools that [integrate with GitLab by outputting a coverage guided fuzzing security report](https://docs.gitlab.com/ee/development/integrations/secure.html#report)
as a pipeline job artifact are affected. You must ensure that all output reports adhere to the correct
schema with a minimum version of 14.0.0. Any reports with a lower version or that fail to validate
against the declared schema version will not be processed, and vulnerability
findings will not display in MRs, pipelines, or Vulnerability Reports.
To help with the transition, from GitLab 14.10, non-compliant reports will display a
[warning](https://gitlab.com/gitlab-org/gitlab/-/issues/335789#note_672853791)
in the Vulnerability Report.
# The following items are not published on the docs page, but may be used in the future.
stage: # (optional - may be required in the future) String value of the stage that the feature was created in. e.g., Growth
tiers: # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
issue_url: # (optional) This is a link to the deprecation issue in GitLab
documentation_url: # (optional) This is a link to the current documentation page
image_url: # (optional) This is a link to a thumbnail image depicting the feature
video_url: # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
removal_date: # (optional - may be required in the future) YYYY-MM-DD format. This should almost always be the 22nd of a month (YYYY-MM-22), the date of the milestone release when this feature is planned to be removed

26
data/deprecations/14-6-dast-schemas-below-14.yml Normal file
View file

@ -0,0 +1,26 @@
- name: "DAST schemas below 14.0.0" # The name of the feature to be deprecated
announcement_milestone: "14.7" # The milestone when this feature was first announced as deprecated.
announcement_date: "2022-01-22" # The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
removal_milestone: "15.0" # The milestone when this feature is planned to be removed
body: | # Do not modify this line, instead modify the lines below.
[DAST report schemas](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/releases)
versions earlier than 14.0.0 will no longer be supported in GitLab 15.0. Reports that do not pass validation
against the schema version declared in the report will also no longer be supported as of GitLab 15.0.
Third-party tools that [integrate with GitLab by outputting a DAST security report](https://docs.gitlab.com/ee/development/integrations/secure.html#report)
as a pipeline job artifact are affected. You must ensure that all output reports adhere to the correct
schema with a minimum version of 14.0.0. Reports with a lower version or that fail to validate
against the declared schema version will not be processed, and vulnerability
findings will not display in MRs, pipelines, or Vulnerability Reports.
To help with the transition, from GitLab 14.10, non-compliant reports will cause a
[warning to be displayed](https://gitlab.com/gitlab-org/gitlab/-/issues/335789#note_672853791)
in the Vulnerability Report.
# The following items are not published on the docs page, but may be used in the future.
stage: # (optional - may be required in the future) String value of the stage that the feature was created in. e.g., Growth
tiers: # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
issue_url: # (optional) This is a link to the deprecation issue in GitLab
documentation_url: # (optional) This is a link to the current documentation page
image_url: # (optional) This is a link to a thumbnail image depicting the feature
video_url: # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
removal_date: # (optional - may be required in the future) YYYY-MM-DD format. This should almost always be the 22nd of a month (YYYY-MM-22), the date of the milestone release when this feature is planned to be removed

26
data/deprecations/14-6-dependency-scanning-schemas-below-14.yml Normal file
View file

@ -0,0 +1,26 @@
- name: "Dependency scanning schemas below 14.0.0" # The name of the feature to be deprecated
announcement_milestone: "14.7" # The milestone when this feature was first announced as deprecated.
announcement_date: "2022-01-22" # The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
removal_milestone: "15.0" # The milestone when this feature is planned to be removed
body: | # Do not modify this line, instead modify the lines below.
[Dependency scanning report schemas](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/releases)
versions earlier than 14.0.0 will no longer be supported in GitLab 15.0. Reports that do not pass validation
against the schema version declared in the report will also no longer be supported as of GitLab 15.0.
Third-party tools that [integrate with GitLab by outputting a Dependency scanning security report](https://docs.gitlab.com/ee/development/integrations/secure.html#report)
as a pipeline job artifact are affected. You must ensure that all output reports adhere to the correct
schema with a minimum version of 14.0.0. Reports with a lower version or that fail to validate
against the declared schema version will not be processed, and vulnerability
findings will not display in MRs, pipelines, or Vulnerability Reports.
To help with the transition, from GitLab 14.10, non-compliant reports will cause a
[warning to be displayed](https://gitlab.com/gitlab-org/gitlab/-/issues/335789#note_672853791)
in the Vulnerability Report.
# The following items are not published on the docs page, but may be used in the future.
stage: # (optional - may be required in the future) String value of the stage that the feature was created in. e.g., Growth
tiers: # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
issue_url: # (optional) This is a link to the deprecation issue in GitLab
documentation_url: # (optional) This is a link to the current documentation page
image_url: # (optional) This is a link to a thumbnail image depicting the feature
video_url: # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
removal_date: # (optional - may be required in the future) YYYY-MM-DD format. This should almost always be the 22nd of a month (YYYY-MM-22), the date of the milestone release when this feature is planned to be removed

26
data/deprecations/14-6-sast-schemas-below-14.yml Normal file
View file

@ -0,0 +1,26 @@
- name: "SAST schemas below 14.0.0" # The name of the feature to be deprecated
announcement_milestone: "14.7" # The milestone when this feature was first announced as deprecated.
announcement_date: "2022-01-22" # The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
removal_milestone: "15.0" # The milestone when this feature is planned to be removed
body: | # Do not modify this line, instead modify the lines below.
[SAST report schemas](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/releases)
versions earlier than 14.0.0 will no longer be supported in GitLab 15.0. Reports that do not pass validation
against the schema version declared in the report will also no longer be supported as of GitLab 15.0.
Third-party tools that [integrate with GitLab by outputting a SAST security report](https://docs.gitlab.com/ee/development/integrations/secure.html#report)
as a pipeline job artifact are affected. You must ensure that all output reports adhere to the correct
schema with a minimum version of 14.0.0. Reports with a lower version or that fail to validate
against the declared schema version will not be processed, and vulnerability
findings will not display in MRs, pipelines, or Vulnerability Reports.
To help with the transition, from GitLab 14.10, non-compliant reports will display a
[warning](https://gitlab.com/gitlab-org/gitlab/-/issues/335789#note_672853791)
in the Vulnerability Report.
# The following items are not published on the docs page, but may be used in the future.
stage: # (optional - may be required in the future) String value of the stage that the feature was created in. e.g., Growth
tiers: # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
issue_url: # (optional) This is a link to the deprecation issue in GitLab
documentation_url: # (optional) This is a link to the current documentation page
image_url: # (optional) This is a link to a thumbnail image depicting the feature
video_url: # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
removal_date: # (optional - may be required in the future) YYYY-MM-DD format. This should almost always be the 22nd of a month (YYYY-MM-22), the date of the milestone release when this feature is planned to be removed

26
data/deprecations/14-6-secret-detection-schemas-below-14.yml Normal file
View file

@ -0,0 +1,26 @@
- name: "Secret detection schemas below 14.0.0" # The name of the feature to be deprecated
announcement_milestone: "14.7" # The milestone when this feature was first announced as deprecated.
announcement_date: "2022-01-22" # The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
removal_milestone: "15.0" # The milestone when this feature is planned to be removed
body: | # Do not modify this line, instead modify the lines below.
[Secret detection report schemas](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/releases)
versions earlier than 14.0.0 will no longer be supported in GitLab 15.0. Reports that do not pass validation
against the schema version declared in the report will also no longer be supported as of GitLab 15.0.
Third-party tools that [integrate with GitLab by outputting a Secret detection security report](https://docs.gitlab.com/ee/development/integrations/secure.html#report)
as a pipeline job artifact are affected. You must ensure that all output reports adhere to the correct
schema with a minimum version of 14.0.0. Reports with a lower version or that fail to validate
against the declared schema version will not be processed, and vulnerability
findings will not display in MRs, pipelines, or Vulnerability Reports.
To help with the transition, from GitLab 14.10, non-compliant reports will display a
[warning](https://gitlab.com/gitlab-org/gitlab/-/issues/335789#note_672853791)
in the Vulnerability Report.
# The following items are not published on the docs page, but may be used in the future.
stage: # (optional - may be required in the future) String value of the stage that the feature was created in. e.g., Growth
tiers: # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
issue_url: # (optional) This is a link to the deprecation issue in GitLab
documentation_url: # (optional) This is a link to the current documentation page
image_url: # (optional) This is a link to a thumbnail image depicting the feature
video_url: # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
removal_date: # (optional - may be required in the future) YYYY-MM-DD format. This should almost always be the 22nd of a month (YYYY-MM-22), the date of the milestone release when this feature is planned to be removed

16
db/post_migrate/20220116175851_add_author_index_to_design_management_versions.rb Normal file
View file

@ -0,0 +1,16 @@
# frozen_string_literal: true
class AddAuthorIndexToDesignManagementVersions < Gitlab::Database::Migration[1.0]
TABLE = :design_management_versions
INDEX_NAME = 'index_design_management_versions_on_author_id'
disable_ddl_transaction!
def up
add_concurrent_index TABLE, :author_id, where: 'author_id IS NOT NULL', name: INDEX_NAME
end
def down
remove_concurrent_index TABLE, :author_id, name: INDEX_NAME
end
end

1
db/schema_migrations/20220116175851 Normal file
View file

@ -0,0 +1 @@
3fa0d827ab8051d270a13ae5facb1560a87f9f4fef81368b9fbb5d6291948721

10
doc/api/graphql/reference/index.md
View file

@ -13024,6 +13024,7 @@ Represents a file or directory in the project repository that has been locked.
| <a id="pipelineuser"></a>`user` | [`UserCore`](#usercore) | Pipeline user. |
| <a id="pipelineuserpermissions"></a>`userPermissions` | [`PipelinePermissions!`](#pipelinepermissions) | Permissions for the current user on the resource. |
| <a id="pipelineusesneeds"></a>`usesNeeds` | [`Boolean`](#boolean) | Indicates if the pipeline has jobs with `needs` dependencies. |
| <a id="pipelinewarningmessages"></a>`warningMessages` | [`[PipelineMessage!]`](#pipelinemessage) | Pipeline warning messages. |
| <a id="pipelinewarnings"></a>`warnings` | [`Boolean!`](#boolean) | Indicates if a pipeline has warnings. |
#### Fields with arguments
@ -13136,6 +13137,15 @@ Represents the Geo sync and verification state of a pipeline artifact.
| <a id="pipelineartifactregistryretrycount"></a>`retryCount` | [`Int`](#int) | Number of consecutive failed sync attempts of the PipelineArtifactRegistry. |
| <a id="pipelineartifactregistrystate"></a>`state` | [`RegistryState`](#registrystate) | Sync state of the PipelineArtifactRegistry. |
### `PipelineMessage`
#### Fields
| Name | Type | Description |
| ---- | ---- | ----------- |
| <a id="pipelinemessagecontent"></a>`content` | [`String!`](#string) | Content of the pipeline message. |
| <a id="pipelinemessageid"></a>`id` | [`ID!`](#id) | ID of the pipeline message. |
### `PipelinePermissions`
#### Fields

123
doc/update/deprecations.md
View file

@ -306,6 +306,93 @@ Planned removal milestone: 15.0 (2022-05-22)
## 14.7
### Container scanning schemas below 14.0.0
[Container scanning report schemas](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/releases)
versions earlier than 14.0.0 will no longer be supported in GitLab 15.0. Reports that do not pass validation
against the schema version declared in the report will also no longer be supported in GitLab 15.0.
Third-party tools that [integrate with GitLab by outputting a container scanning security report](https://docs.gitlab.com/ee/development/integrations/secure.html#report)
as a pipeline job artifact are affected. You must ensure that all output reports adhere to the correct schema with a minimum version of 14.0.0. Reports with a lower version or that fail to validate against the declared schema version will not be processed, and vulnerability findings will not display in MRs, pipelines, or Vulnerability Reports.
To help with the transition, from GitLab 14.10, non-compliant reports will display a
[warning](https://gitlab.com/gitlab-org/gitlab/-/issues/335789#note_672853791)
in the Vulnerability Report.
Planned removal milestone: 15.0 ()
### Coverage guided fuzzing schemas below 14.0.0
[Coverage guided fuzzing report schemas](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/releases)
below version 14.0.0 will no longer be supported in GitLab 15.0. Reports that do not pass validation
against the schema version declared in the report will also no longer be supported in GitLab 15.0.
Third-party tools that [integrate with GitLab by outputting a coverage guided fuzzing security report](https://docs.gitlab.com/ee/development/integrations/secure.html#report)
as a pipeline job artifact are affected. You must ensure that all output reports adhere to the correct
schema with a minimum version of 14.0.0. Any reports with a lower version or that fail to validate
against the declared schema version will not be processed, and vulnerability
findings will not display in MRs, pipelines, or Vulnerability Reports.
To help with the transition, from GitLab 14.10, non-compliant reports will display a
[warning](https://gitlab.com/gitlab-org/gitlab/-/issues/335789#note_672853791)
in the Vulnerability Report.
Planned removal milestone: 15.0 ()
### DAST schemas below 14.0.0
[DAST report schemas](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/releases)
versions earlier than 14.0.0 will no longer be supported in GitLab 15.0. Reports that do not pass validation
against the schema version declared in the report will also no longer be supported as of GitLab 15.0.
Third-party tools that [integrate with GitLab by outputting a DAST security report](https://docs.gitlab.com/ee/development/integrations/secure.html#report)
as a pipeline job artifact are affected. You must ensure that all output reports adhere to the correct
schema with a minimum version of 14.0.0. Reports with a lower version or that fail to validate
against the declared schema version will not be processed, and vulnerability
findings will not display in MRs, pipelines, or Vulnerability Reports.
To help with the transition, from GitLab 14.10, non-compliant reports will cause a
[warning to be displayed](https://gitlab.com/gitlab-org/gitlab/-/issues/335789#note_672853791)
in the Vulnerability Report.
Planned removal milestone: 15.0 ()
### Dependency scanning schemas below 14.0.0
[Dependency scanning report schemas](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/releases)
versions earlier than 14.0.0 will no longer be supported in GitLab 15.0. Reports that do not pass validation
against the schema version declared in the report will also no longer be supported as of GitLab 15.0.
Third-party tools that [integrate with GitLab by outputting a Dependency scanning security report](https://docs.gitlab.com/ee/development/integrations/secure.html#report)
as a pipeline job artifact are affected. You must ensure that all output reports adhere to the correct
schema with a minimum version of 14.0.0. Reports with a lower version or that fail to validate
against the declared schema version will not be processed, and vulnerability
findings will not display in MRs, pipelines, or Vulnerability Reports.
To help with the transition, from GitLab 14.10, non-compliant reports will cause a
[warning to be displayed](https://gitlab.com/gitlab-org/gitlab/-/issues/335789#note_672853791)
in the Vulnerability Report.
Planned removal milestone: 15.0 ()
### Enforced validation of security report schemas
[Security report schemas](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/releases)
versions earlier than 14.0.0 will no longer be supported in GitLab 15.0. Reports that do not pass validation
against the schema version declared in the report will also no longer be supported in GitLab 15.0.
Security tools that [integrate with GitLab by outputting security reports](https://docs.gitlab.com/ee/development/integrations/secure.html#report)
as pipeline job artifacts are affected. You must ensure that all output reports adhere to the correct
schema with a minimum version of 14.0.0. Reports with a lower version or that fail to validate
against the declared schema version will not be processed, and vulnerability
findings will not display in MRs, pipelines, or Vulnerability Reports.
To help with the transition, from GitLab 14.10, non-compliant reports will display a
[warning](https://gitlab.com/gitlab-org/gitlab/-/issues/335789#note_672853791)
in the Vulnerability Report.
Planned removal milestone: 15.0 ()
### Godep support in License Compliance
The Godep dependency manager for Golang was deprecated in 2020 by Go and
@ -352,6 +439,42 @@ only supported report file in 15.0, but this is the first step towards GitLab su
Planned removal milestone: 15.0 (2022-05-22)
### SAST schemas below 14.0.0
[SAST report schemas](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/releases)
versions earlier than 14.0.0 will no longer be supported in GitLab 15.0. Reports that do not pass validation
against the schema version declared in the report will also no longer be supported as of GitLab 15.0.
Third-party tools that [integrate with GitLab by outputting a SAST security report](https://docs.gitlab.com/ee/development/integrations/secure.html#report)
as a pipeline job artifact are affected. You must ensure that all output reports adhere to the correct
schema with a minimum version of 14.0.0. Reports with a lower version or that fail to validate
against the declared schema version will not be processed, and vulnerability
findings will not display in MRs, pipelines, or Vulnerability Reports.
To help with the transition, from GitLab 14.10, non-compliant reports will display a
[warning](https://gitlab.com/gitlab-org/gitlab/-/issues/335789#note_672853791)
in the Vulnerability Report.
Planned removal milestone: 15.0 ()
### Secret detection schemas below 14.0.0
[Secret detection report schemas](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/releases)
versions earlier than 14.0.0 will no longer be supported in GitLab 15.0. Reports that do not pass validation
against the schema version declared in the report will also no longer be supported as of GitLab 15.0.
Third-party tools that [integrate with GitLab by outputting a Secret detection security report](https://docs.gitlab.com/ee/development/integrations/secure.html#report)
as a pipeline job artifact are affected. You must ensure that all output reports adhere to the correct
schema with a minimum version of 14.0.0. Reports with a lower version or that fail to validate
against the declared schema version will not be processed, and vulnerability
findings will not display in MRs, pipelines, or Vulnerability Reports.
To help with the transition, from GitLab 14.10, non-compliant reports will display a
[warning](https://gitlab.com/gitlab-org/gitlab/-/issues/335789#note_672853791)
in the Vulnerability Report.
Planned removal milestone: 15.0 ()
### Sidekiq metrics and health checks configuration
Exporting Sidekiq metrics and health checks using a single process and port is deprecated.

2
lib/api/internal/kubernetes.rb
View file

@ -53,7 +53,7 @@ module API
def check_agent_token
unauthorized! unless agent_token
agent_token.track_usage
Clusters::AgentTokens::TrackUsageService.new(agent_token).execute
end
end

3
lib/gitlab/config/entry/node.rb
View file

@ -143,8 +143,7 @@ module Gitlab
deprecation = entry.deprecation
add_warning(
"`#{entry.key}` is deprecated in " \
"#{deprecation[:deprecated]} and will be removed in #{deprecation[:removed]} " \
"- read more: #{deprecation[:documentation]}"
"#{deprecation[:deprecated]} and will be removed in #{deprecation[:removed]}."
)
end
end

5
qa/Rakefile
View file

@ -59,4 +59,9 @@ desc "Deletes projects directly under the provided group"
task :delete_projects do
QA::Tools::DeleteProjects.new.run
end
desc "Deletes resources created during E2E test runs"
task :delete_test_resources, :file_pattern do |t, args|
QA::Tools::DeleteTestResources.new(args[:file_pattern]).run
end
# rubocop:enable Rails/RakeEnvironment

33
qa/qa/resource/base.rb
View file

@ -71,28 +71,33 @@ module QA
resource_web_url = yield
resource.web_url = resource_web_url
QA::Tools::TestResourceDataProcessor.collect(resource, resource_identifier(resource))
resource
end
def resource_identifier(resource)
if resource.respond_to?(:username) && resource.username
"with username '#{resource.username}'"
elsif resource.respond_to?(:full_path) && resource.full_path
"with full_path '#{resource.full_path}'"
elsif resource.respond_to?(:name) && resource.name
"with name '#{resource.name}'"
elsif resource.respond_to?(:id) && resource.id
"with id '#{resource.id}'"
elsif resource.respond_to?(:iid) && resource.iid
"with iid '#{resource.iid}'"
end
rescue QA::Resource::Base::NoValueError
nil
end
def log_fabrication(method, resource, parents, args)
start = Time.now
Support::FabricationTracker.start_fabrication
result = yield.tap do
fabrication_time = Time.now - start
resource_identifier = begin
if resource.respond_to?(:username) && resource.username
"with username '#{resource.username}'"
elsif resource.respond_to?(:full_path) && resource.full_path
"with full_path '#{resource.full_path}'"
elsif resource.respond_to?(:name) && resource.name
"with name '#{resource.name}'"
elsif resource.respond_to?(:id) && resource.id
"with id '#{resource.id}'"
end
rescue QA::Resource::Base::NoValueError
nil
end
fabrication_http_method = if resource.api_fabrication_http_method == :get
if self.include?(Reusable)
@ -108,7 +113,7 @@ module QA
Runtime::Logger.debug do
msg = ["==#{'=' * parents.size}>"]
msg << "#{fabrication_http_method} a #{name}"
msg << resource_identifier if resource_identifier
msg << resource_identifier(resource) if resource_identifier(resource)
msg << "as a dependency of #{parents.last}" if parents.any?
msg << "via #{method}"
msg << "in #{fabrication_time} seconds"

5
qa/qa/runtime/env.rb
View file

@ -429,6 +429,11 @@ module QA
running_in_ci? && enabled?(ENV['QA_EXPORT_TEST_METRICS'], default: true)
end
def test_resources_created_filepath
file_name = running_in_ci? ? "test-resources-#{SecureRandom.hex(3)}.json" : 'test-resources.json'
ENV.fetch('QA_TEST_RESOURCES_CREATED_FILEPATH', File.join(Path.qa_root, 'tmp', file_name))
end
private
def remote_grid_credentials

85
qa/qa/tools/delete_test_resources.rb Normal file
View file

@ -0,0 +1,85 @@
# frozen_string_literal: true
# This script reads from test_resources.txt file to collect data about resources to delete
# Deletes all deletable resources that E2E tests created
# Resource type: Sandbox, User, Fork and RSpec::Mocks::Double are not included
#
# Required environment variables: GITLAB_QA_ACCESS_TOKEN and GITLAB_ADDRESS
# When in CI also requires: QA_TEST_RESOURCES_FILE_PATTERN
# Run `rake delete_test_resources[<file_pattern>]`
module QA
module Tools
class DeleteTestResources
include Support::API
def initialize(file_pattern = nil)
raise ArgumentError, "Please provide GITLAB_ADDRESS" unless ENV['GITLAB_ADDRESS']
raise ArgumentError, "Please provide GITLAB_QA_ACCESS_TOKEN" unless ENV['GITLAB_QA_ACCESS_TOKEN']
@api_client = Runtime::API::Client.new(ENV['GITLAB_ADDRESS'], personal_access_token: ENV['GITLAB_QA_ACCESS_TOKEN'])
@file_pattern = file_pattern
end
def run
puts 'Deleting test created resources...'
if Runtime::Env.running_in_ci?
raise ArgumentError, 'Please provide QA_TEST_RESOURCES_FILE_PATTERN' unless ENV['QA_TEST_RESOURCES_FILE_PATTERN']
Dir.glob(@file_pattern).each do |file|
delete_resources(load_file(file))
end
else
file = Runtime::Env.test_resources_created_filepath
raise ArgumentError, "'#{file}' either does not exist or empty." if !File.exist?(file) || File.zero?(file)
delete_resources(load_file(file))
end
puts "\nDone"
end
private
def load_file(json)
JSON.parse(File.read(json))
end
def delete_resources(resources)
failures = []
resources.each_key do |type|
next if resources[type].empty?
resources[type].each do |resource|
next if resource_not_found?(resource['api_path'])
msg = resource['info'] ? "#{type} - #{resource['info']}" : "#{type} at #{resource['api_path']}"
puts "\nDeleting #{msg}..."
delete_response = delete(Runtime::API::Request.new(@api_client, resource['api_path']).url)
if delete_response.code == 202
print "\e[32m.\e[0m"
else
print "\e[31mF\e[0m"
failures << msg
end
end
end
unless failures.empty?
puts "\nFailed to delete #{failures.length} resources:\n"
puts failures
end
end
def resource_not_found?(api_path)
get_response = get Runtime::API::Request.new(@api_client, api_path).url
get_response.code.eql? 404
end
end
end
end

66
qa/qa/tools/test_resource_data_processor.rb Normal file
View file

@ -0,0 +1,66 @@
# frozen_string_literal: true
# This script collects all resources created during each test execution
# Save the data and write it to a JSON file at the end of suite
module QA
module Tools
class TestResourceDataProcessor
@resources ||= Hash.new { |hsh, key| hsh[key] = [] }
class << self
# Ignoring rspec-mocks, sandbox, user and fork resources
# TODO: Will need to figure out which user resources can be collected, ignore for now
#
# Collecting resources created in E2E tests
# Data is a Hash of resources with keys as resource type (group, project, issue, etc.)
# Each type contains an array of resource object (hash) of the same type
# E.g: { "QA::Resource::Project": [ { info: 'foo', api_path: '/foo'}, {...} ] }
def collect(resource, info)
return if resource.api_response.nil? ||
resource.is_a?(RSpec::Mocks::Double) ||
resource.is_a?(Resource::Sandbox) ||
resource.is_a?(Resource::User) ||
resource.is_a?(Resource::Fork)
api_path = if resource.respond_to?(:api_delete_path)
resource.api_delete_path.gsub('%2F', '/')
elsif resource.respond_to?(:api_get_path)
resource.api_get_path.gsub('%2F', '/')
else
'Cannot find resource API path'
end
type = resource.class.name
@resources[type] << { info: info, api_path: api_path }
end
# If JSON file exists and not empty, read and load file content
# Merge what is saved in @resources into the content from file
# Overwrite file content with the new data hash
# Otherwise create file and write data hash to file for the first time
def write_to_file
return if @resources.empty?
file = Runtime::Env.test_resources_created_filepath
FileUtils.mkdir_p('tmp/')
FileUtils.touch(file)
data = nil
if File.zero?(file)
data = @resources
else
data = JSON.parse(File.read(file))
@resources.each_pair do |key, val|
data[key].nil? ? data[key] = val : val.each { |item| data[key] << item }
end
end
File.open(file, 'w') { |f| f.write(JSON.pretty_generate(data.each_value(&:uniq!))) }
end
end
end
end
end

32
qa/spec/runtime/env_spec.rb
View file

@ -360,4 +360,36 @@ RSpec.describe QA::Runtime::Env do
end
end
end
describe '.test_resources_created_filepath' do
context 'when not in CI' do
before do
allow(described_class).to receive(:running_in_ci?).and_return(false)
end
it 'returns default path if QA_TEST_RESOURCES_CREATED_FILEPATH is not defined' do
stub_env('QA_TEST_RESOURCES_CREATED_FILEPATH', nil)
expect(described_class.test_resources_created_filepath).to include('tmp/test-resources.json')
end
it 'returns path if QA_TEST_RESOURCES_CREATED_FILEPATH is defined' do
stub_env('QA_TEST_RESOURCES_CREATED_FILEPATH', 'path/to_file')
expect(described_class.test_resources_created_filepath).to eq('path/to_file')
end
end
context 'when in CI' do
before do
allow(described_class).to receive(:running_in_ci?).and_return(true)
allow(SecureRandom).to receive(:hex).with(3).and_return('abc123')
stub_env('QA_TEST_RESOURCES_CREATED_FILEPATH', nil)
end
it 'returns path with random hex in file name' do
expect(described_class.test_resources_created_filepath).to include('tmp/test-resources-abc123.json')
end
end
end
end

3
qa/spec/spec_helper.rb
View file

@ -67,6 +67,9 @@ RSpec.configure do |config|
config.after(:suite) do |suite|
# If any tests failed, leave the resources behind to help troubleshoot
QA::Resource::ReusableProject.remove_all_via_api! unless suite.reporter.failed_examples.present?
# Write all test created resources to JSON file
QA::Tools::TestResourceDataProcessor.write_to_file
end
config.append_after(:suite) do

33
qa/spec/tools/test_resources_data_processor_spec.rb Normal file
View file

@ -0,0 +1,33 @@
# frozen_string_literal: true
RSpec.describe QA::Tools::TestResourceDataProcessor do
let(:info) { 'information' }
let(:api_path) { '/foo' }
let(:result) { [{ info: info, api_path: api_path }] }
describe '.collect' do
context 'when resource is not restricted' do
let(:resource) { instance_double(QA::Resource::Project, api_delete_path: '/foo', api_response: 'foo') }
it 'collects resource' do
expect(described_class.collect(resource, info)).to eq(result)
end
end
context 'when resource api response is nil' do
let(:resource) { double(QA::Resource::Project, api_delete_path: '/foo', api_response: nil) }
it 'does not collect resource' do
expect(described_class.collect(resource, info)).to eq(nil)
end
end
context 'when resource is restricted' do
let(:resource) { double(QA::Resource::Sandbox, api_delete_path: '/foo', api_response: 'foo') }
it 'does not collect resource' do
expect(described_class.collect(resource, info)).to eq(nil)
end
end
end
end

9
spec/factories/ci/pipeline_message.rb Normal file
View file

@ -0,0 +1,9 @@
# frozen_string_literal: true
FactoryBot.define do
factory :ci_pipeline_message, class: 'Ci::PipelineMessage' do
pipeline factory: :ci_pipeline
content { 'warning' }
severity { 1 }
end
end

15
spec/graphql/types/ci/pipeline_message_type_spec.rb Normal file
View file

@ -0,0 +1,15 @@
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Types::Ci::PipelineMessageType do
specify { expect(described_class.graphql_name).to eq('PipelineMessage') }
it 'contains attributes related to a pipeline message' do
expected_fields = %w[
id content
]
expect(described_class).to have_graphql_fields(*expected_fields)
end
end

2
spec/graphql/types/ci/pipeline_type_spec.rb
View file

@ -14,7 +14,7 @@ RSpec.describe Types::Ci::PipelineType do
coverage created_at updated_at started_at finished_at committed_at
stages user retryable cancelable jobs source_job job job_artifacts downstream
upstream path project active user_permissions warnings commit commit_path uses_needs
test_report_summary test_suite ref ref_path
test_report_summary test_suite ref ref_path warning_messages
]
if Gitlab.ee?

2
spec/lib/gitlab/ci/config/entry/root_spec.rb
View file

@ -70,7 +70,7 @@ RSpec.describe Gitlab::Ci::Config::Entry::Root do
it 'returns array of types as stages with a warning' do
expect(root.stages_value).to eq %w[test deploy]
expect(root.warnings).to eq(["root `types` is deprecated in 9.0 and will be removed in 15.0 - read more: https://docs.gitlab.com/ee/ci/yaml/#deprecated-keywords"])
expect(root.warnings).to match_array(["root `types` is deprecated in 9.0 and will be removed in 15.0."])
end
it 'logs usage of types keyword' do

79
spec/models/clusters/agent_token_spec.rb
View file

@ -49,83 +49,4 @@ RSpec.describe Clusters::AgentToken do
expect(agent_token.token.length).to be >= 50
end
end
describe '#track_usage', :clean_gitlab_redis_cache do
let_it_be(:agent) { create(:cluster_agent) }
let(:agent_token) { create(:cluster_agent_token, agent: agent) }
subject { agent_token.track_usage }
context 'when last_used_at was updated recently' do
before do
agent_token.update!(last_used_at: 10.minutes.ago)
end
it 'updates cache but not database' do
expect { subject }.not_to change { agent_token.reload.read_attribute(:last_used_at) }
expect_redis_update
end
end
context 'when last_used_at was not updated recently' do
it 'updates cache and database' do
does_db_update
expect_redis_update
end
context 'with invalid token' do
before do
agent_token.description = SecureRandom.hex(2000)
end
it 'still updates caches and database' do
expect(agent_token).to be_invalid
does_db_update
expect_redis_update
end
end
context 'agent is not connected' do
before do
allow(agent).to receive(:connected?).and_return(false)
end
it 'creates an activity event' do
expect { subject }.to change { agent.activity_events.count }
event = agent.activity_events.last
expect(event).to have_attributes(
kind: 'agent_connected',
level: 'info',
recorded_at: agent_token.reload.read_attribute(:last_used_at),
agent_token: agent_token
)
end
end
context 'agent is connected' do
before do
allow(agent).to receive(:connected?).and_return(true)
end
it 'does not create an activity event' do
expect { subject }.not_to change { agent.activity_events.count }
end
end
end
def expect_redis_update
Gitlab::Redis::Cache.with do |redis|
redis_key = "cache:#{described_class.name}:#{agent_token.id}:attributes"
expect(redis.get(redis_key)).to be_present
end
end
def does_db_update
expect { subject }.to change { agent_token.reload.read_attribute(:last_used_at) }
end
end
end

2
spec/requests/api/graphql/ci/config_spec.rb
View file

@ -233,7 +233,7 @@ RSpec.describe 'Query.ciConfig' do
it 'returns a warning' do
post_graphql_query
expect(graphql_data['ciConfig']['warnings']).to include('root `types` is deprecated in 9.0 and will be removed in 15.0 - read more: https://docs.gitlab.com/ee/ci/yaml/#deprecated-keywords')
expect(graphql_data['ciConfig']['warnings']).to include('root `types` is deprecated in 9.0 and will be removed in 15.0.')
end
end

44
spec/requests/api/graphql/ci/pipelines_spec.rb
View file

@ -283,6 +283,50 @@ RSpec.describe 'Query.project(fullPath).pipelines' do
end
end
describe 'warningMessages' do
let_it_be(:pipeline) { create(:ci_pipeline, project: project) }
let_it_be(:warning_message) { create(:ci_pipeline_message, pipeline: pipeline, content: 'warning') }
let(:pipelines_graphql_data) { graphql_data.dig(*%w[project pipelines nodes]).first }
let(:query) do
%(
query {
project(fullPath: "#{project.full_path}") {
pipelines {
nodes {
warningMessages {
content
}
}
}
}
}
)
end
it 'returns pipeline warnings' do
post_graphql(query, current_user: user)
expect(pipelines_graphql_data['warningMessages']).to contain_exactly(
a_hash_including('content' => 'warning')
)
end
it 'avoids N+1 queries' do
control_count = ActiveRecord::QueryRecorder.new do
post_graphql(query, current_user: user)
end
pipeline_2 = create(:ci_pipeline, project: project)
create(:ci_pipeline_message, pipeline: pipeline_2, content: 'warning')
expect do
post_graphql(query, current_user: user)
end.not_to exceed_query_limit(control_count)
end
end
describe '.jobs(securityReportTypes)' do
let_it_be(:query) do
%(

6
spec/requests/api/internal/kubernetes_spec.rb
View file

@ -53,7 +53,9 @@ RSpec.describe API::Internal::Kubernetes do
shared_examples 'agent token tracking' do
it 'tracks token usage' do
expect { response }.to change { agent_token.reload.read_attribute(:last_used_at) }
expect do
send_request(headers: { 'Authorization' => "Bearer #{agent_token.token}" })
end.to change { agent_token.reload.read_attribute(:last_used_at) }
end
end
@ -149,7 +151,7 @@ RSpec.describe API::Internal::Kubernetes do
let(:agent) { agent_token.agent }
let(:project) { agent.project }
shared_examples 'agent token tracking'
include_examples 'agent token tracking'
it 'returns expected data', :aggregate_failures do
send_request(headers: { 'Authorization' => "Bearer #{agent_token.token}" })

84
spec/services/clusters/agent_tokens/track_usage_service_spec.rb Normal file
View file

@ -0,0 +1,84 @@
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Clusters::AgentTokens::TrackUsageService do
let_it_be(:agent) { create(:cluster_agent) }
describe '#execute', :clean_gitlab_redis_cache do
let(:agent_token) { create(:cluster_agent_token, agent: agent) }
subject { described_class.new(agent_token).execute }
context 'when last_used_at was updated recently' do
before do
agent_token.update!(last_used_at: 10.minutes.ago)
end
it 'updates cache but not database' do
expect { subject }.not_to change { agent_token.reload.read_attribute(:last_used_at) }
expect_redis_update
end
end
context 'when last_used_at was not updated recently' do
it 'updates cache and database' do
does_db_update
expect_redis_update
end
context 'with invalid token' do
before do
agent_token.description = SecureRandom.hex(2000)
end
it 'still updates caches and database' do
expect(agent_token).to be_invalid
does_db_update
expect_redis_update
end
end
context 'agent is not connected' do
before do
allow(agent).to receive(:connected?).and_return(false)
end
it 'creates an activity event' do
expect { subject }.to change { agent.activity_events.count }
event = agent.activity_events.last
expect(event).to have_attributes(
kind: 'agent_connected',
level: 'info',
recorded_at: agent_token.reload.read_attribute(:last_used_at),
agent_token: agent_token
)
end
end
context 'agent is connected' do
before do
allow(agent).to receive(:connected?).and_return(true)
end
it 'does not create an activity event' do
expect { subject }.not_to change { agent.activity_events.count }
end
end
end
def expect_redis_update
Gitlab::Redis::Cache.with do |redis|
redis_key = "cache:#{agent_token.class}:#{agent_token.id}:attributes"
expect(redis.get(redis_key)).to be_present
end
end
def does_db_update
expect { subject }.to change { agent_token.reload.read_attribute(:last_used_at) }
end
end
end