Add latest changes from gitlab-org/gitlab@master

2022-10-26 06:10:55 +00:00 · 2022-10-26 06:10:55 +00:00 · 5fe91268ac
parent 9c590535c8
commit 5fe91268ac
12 changed files with 30 additions and 62 deletions
--- a/.gitlab/ci/rules.gitlab-ci.yml
+++ b/.gitlab/ci/rules.gitlab-ci.yml
@ -849,6 +849,8 @@
      when: never
    - <<: *if-merge-request-labels-run-all-jest
    - <<: *if-merge-request-labels-frontend-and-feature-flag
+    - <<: *if-merge-request
+      changes: ["{package.json,yarn.lock}"]
    - <<: *if-merge-request
      changes: [".gitlab/ci/rules.gitlab-ci.yml", ".gitlab/ci/frontend.gitlab-ci.yml"]
    - <<: *if-automated-merge-request
@ -867,6 +869,9 @@
      when: never
    - <<: *if-merge-request-labels-frontend-and-feature-flag
      when: never
+    - <<: *if-merge-request
+      changes: ["{package.json,yarn.lock}"]
+      when: never
    - <<: *if-merge-request
      changes: [".gitlab/ci/rules.gitlab-ci.yml", ".gitlab/ci/frontend.gitlab-ci.yml"]
      when: never
@ -878,6 +883,8 @@
    - !reference [".strict-ee-only-rules", rules]
    - <<: *if-merge-request-labels-as-if-foss
    - <<: *if-merge-request-labels-run-all-jest
+    - <<: *if-merge-request
+      changes: ["{package.json,yarn.lock}"]
    - <<: *if-security-merge-request
      changes: *code-backstage-patterns

@ -887,6 +894,9 @@
    - !reference [".frontend:rules:minimal-default-rules", rules]
    - <<: *if-merge-request-labels-run-all-jest
      when: never
+    - <<: *if-merge-request
+      changes: ["{package.json,yarn.lock}"]
+      when: never
    - <<: *if-fork-merge-request
      when: never
    - <<: *if-merge-request
--- a/2
+++ b/2
@ -340,7 +340,7 @@ gem 'pg_query', '~> 2.1.4'
 gem 'premailer-rails', '~> 1.10.3'

 # LabKit: Tracing and Correlation
-gem 'gitlab-labkit', '~> 0.24.0'
+gem 'gitlab-labkit', '~> 0.26.0'
 gem 'thrift', '>= 0.16.0'

 # I18n
--- a/Gemfile.checksum
+++ b/Gemfile.checksum
@ -205,7 +205,7 @@
 {"name":"gitlab-dangerfiles","version":"3.6.1","platform":"ruby","checksum":"f7b69b093d52acb89095d411cb7b8849f5f3b9e76f8baa4c99b5671f1564865f"},
 {"name":"gitlab-experiment","version":"0.7.1","platform":"ruby","checksum":"166dddb3aa83428bcaa93c35684ed01dc4d61f321fd2ae40b020806dc54a7824"},
 {"name":"gitlab-fog-azure-rm","version":"1.3.0","platform":"ruby","checksum":"2fef5317d6515f95f803099afa860fe3019ce6e1907bf49f66b5e06468a617b5"},
-{"name":"gitlab-labkit","version":"0.24.0","platform":"ruby","checksum":"8f16e5aa4e0a05be58958fe880bdd53c84b659a081ea9981d2b510922a4a0548"},
+{"name":"gitlab-labkit","version":"0.26.0","platform":"ruby","checksum":"718f1a8fe685780c2d78ecb25cc626e58e8b866a9f59565a5f705a1b84109517"},
 {"name":"gitlab-license","version":"2.2.1","platform":"ruby","checksum":"39fcf6be8b2887df8afe01b5dcbae8d08b7c5d937ff56b0fb40484a8c4f02d30"},
 {"name":"gitlab-mail_room","version":"0.0.9","platform":"ruby","checksum":"6700374b5c0aa9d9ad4e711aeb677f0b7d415a6d01d3baa699efab25349d851c"},
 {"name":"gitlab-markup","version":"1.8.1","platform":"ruby","checksum":"ab1f9fd016977497c2af25b76341dea670533014f406861834a0bd99f646707b"},
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -569,14 +569,14 @@ GEM
      fog-json (~> 1.2.0)
      mime-types
      ms_rest_azure (~> 0.12.0)
-    gitlab-labkit (0.24.0)
+    gitlab-labkit (0.26.0)
      actionpack (>= 5.0.0, < 8.0.0)
      activesupport (>= 5.0.0, < 8.0.0)
      grpc (>= 1.37)
      jaeger-client (~> 1.1.0)
      opentracing (~> 0.4)
      pg_query (~> 2.1)
-      redis (> 3.0.0, < 5.0.0)
+      redis (> 3.0.0, < 6.0.0)
    gitlab-license (2.2.1)
    gitlab-mail_room (0.0.9)
    gitlab-markup (1.8.1)
@ -1632,7 +1632,7 @@ DEPENDENCIES
  gitlab-dangerfiles (~> 3.6.1)
  gitlab-experiment (~> 0.7.1)
  gitlab-fog-azure-rm (~> 1.3.0)
-  gitlab-labkit (~> 0.24.0)
+  gitlab-labkit (~> 0.26.0)
  gitlab-license (~> 2.2.1)
  gitlab-mail_room (~> 0.0.9)
  gitlab-markup (~> 1.8.0)
--- a/app/controllers/concerns/preview_markdown.rb
+++ b/app/controllers/concerns/preview_markdown.rb
@ -41,7 +41,7 @@ module PreviewMarkdown
    case controller_name
    when 'wikis'           then { pipeline: :wiki, wiki: wiki, page_slug: params[:id] }
    when 'snippets'        then { skip_project_check: true }
-    when 'groups'          then { group: group }
+    when 'groups'          then { group: group, issuable_reference_expansion_enabled: true }
    when 'projects'        then projects_filter_params
    when 'timeline_events' then timeline_events_filter_params
    else {}
--- a/app/finders/clusters/agent_authorizations_finder.rb
+++ b/app/finders/clusters/agent_authorizations_finder.rb
@ -24,15 +24,7 @@ module Clusters

    # rubocop: disable CodeReuse/ActiveRecord
    def project_authorizations
-      namespace_ids = if project.group
-                        if include_descendants?
-                          all_namespace_ids
-                        else
-                          ancestor_namespace_ids
-                        end
-                      else
-                        project.namespace_id
-                      end
+      namespace_ids = project.group ? all_namespace_ids : project.namespace_id

      Clusters::Agents::ProjectAuthorization
        .where(project_id: project.id)
@ -57,35 +49,21 @@ module Clusters
        authorizations[:group_id].eq(ordered_ancestors_cte.table[:id])
      ).join_sources

-      authorized_groups = Clusters::Agents::GroupAuthorization
+      Clusters::Agents::GroupAuthorization
        .with(ordered_ancestors_cte.to_arel)
        .joins(cte_join_sources)
        .joins(agent: :project)
        .with_available_ci_access_fields(project)
+        .where(projects: { namespace_id: all_namespace_ids })
        .order(Arel.sql('agent_id, array_position(ARRAY(SELECT id FROM ordered_ancestors)::bigint[], agent_group_authorizations.group_id)'))
        .select('DISTINCT ON (agent_id) agent_group_authorizations.*')
        .preload(agent: :project)
-
-      authorized_groups = if include_descendants?
-                            authorized_groups.where(projects: { namespace_id: all_namespace_ids })
-                          else
-                            authorized_groups.where('projects.namespace_id IN (SELECT id FROM ordered_ancestors)')
-                          end
-
-      authorized_groups.to_a
+        .to_a
    end
    # rubocop: enable CodeReuse/ActiveRecord

-    def ancestor_namespace_ids
-      project.ancestors.select(:id)
-    end
-
    def all_namespace_ids
      project.root_ancestor.self_and_descendants.select(:id)
    end
-
-    def include_descendants?
-      Feature.enabled?(:agent_authorization_include_descendants, project)
-    end
  end
 end
--- a/config/feature_flags/development/agent_authorization_include_descendants.yml
+++ b/config/feature_flags/development/agent_authorization_include_descendants.yml
@ -1,8 +0,0 @@
---
-name: agent_authorization_include_descendants
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/95774
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/371310
-milestone: '15.5'
-type: development
-group: group::configure
-default_enabled: false
--- a/doc/user/clusters/agent/ci_cd_workflow.md
+++ b/doc/user/clusters/agent/ci_cd_workflow.md
@ -58,7 +58,8 @@ Authorization configuration can take one or two minutes to propagate.

 ### Authorize the agent to access your projects

-> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/327850) in GitLab 14.4.
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/327850) in GitLab 14.4.
+> - [Changed](https://gitlab.com/gitlab-org/gitlab/-/issues/346566) to remove hierarchy restrictions in GitLab 15.6.

 To authorize the agent to access the GitLab project where you keep Kubernetes manifests:

@ -72,7 +73,7 @@ To authorize the agent to access the GitLab project where you keep Kubernetes ma
       - id: path/to/project
   ```

-   - The Kubernetes projects must be in the same group hierarchy as the project where the agent's configuration is.
+   - Authorized projects must have the same root group as the agent's configuration project.
   - You can install additional agents into the same cluster to accommodate additional hierarchies.
   - You can authorize up to 100 projects.

@ -81,7 +82,8 @@ Choose the context to run `kubectl` commands from your CI/CD scripts.

 ### Authorize the agent to access projects in your groups

-> [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/5784) in GitLab 14.3.
+> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/5784) in GitLab 14.3.
+> - [Changed](https://gitlab.com/gitlab-org/gitlab/-/issues/346566) to remove hierarchy restrictions in GitLab 15.6.

 To authorize the agent to access all of the GitLab projects in a group or subgroup:

@ -95,7 +97,7 @@ To authorize the agent to access all of the GitLab projects in a group or subgro
       - id: path/to/group/subgroup
   ```

-   - The Kubernetes projects must be in the same group hierarchy as the project where the agent's configuration is.
+   - Authorized groups must have the same root group as the agent's configuration project.
   - You can install additional agents into the same cluster to accommodate additional hierarchies.
   - All of the subgroups of an authorized group also have access to the same agent (without being specified individually).
   - You can authorize up to 100 groups.
--- a/doc/user/clusters/agent/install/index.md
+++ b/doc/user/clusters/agent/install/index.md
@ -45,6 +45,8 @@ For configuration settings, the agent uses a YAML file in the GitLab project. Yo
 - You use [a GitOps workflow](../gitops.md#gitops-workflow-steps).
 - You use [a GitLab CI/CD workflow](../ci_cd_workflow.md#gitlab-cicd-workflow-steps) and want to authorize a different project to use the agent.

+Otherwise it is optional.
+
 To create an agent configuration file:

 1. Choose a name for your agent. The agent name follows the
--- a/qa/Gemfile
+++ b/qa/Gemfile
@ -7,7 +7,7 @@ gem 'activesupport', '~> 6.1.4.7' # This should stay in sync with the root's Gem
 gem 'allure-rspec', '~> 2.18.0'
 gem 'capybara', '~> 3.37.1'
 gem 'capybara-screenshot', '~> 1.0.26'
-gem 'rake', '~> 13'
+gem 'rake', '~> 13', '>= 13.0.6'
 gem 'rspec', '~> 3.11'
 gem 'selenium-webdriver', '~> 4.5'
 gem 'airborne', '~> 0.3.7', require: false # airborne is messing with rspec sandboxed mode so not requiring by default
--- a/qa/Gemfile.lock
+++ b/qa/Gemfile.lock
@ -323,7 +323,7 @@ DEPENDENCIES
  parallel_tests (~> 3.13)
  pry-byebug (~> 3.10.1)
  rainbow (~> 3.1.1)
-  rake (~> 13)
+  rake (~> 13, >= 13.0.6)
  rest-client (~> 2.1.0)
  rotp (~> 6.2.0)
  rspec (~> 3.11)
--- a/spec/finders/clusters/agent_authorizations_finder_spec.rb
+++ b/spec/finders/clusters/agent_authorizations_finder_spec.rb
@ -64,14 +64,6 @@ RSpec.describe Clusters::AgentAuthorizationsFinder do
        let!(:project_authorization) { create(:agent_project_authorization, agent: non_ancestor_agent, project: requesting_project) }

        it { is_expected.to match_array([project_authorization]) }
-
-        context 'agent_authorization_include_descendants feature flag is disabled' do
-          before do
-            stub_feature_flags(agent_authorization_include_descendants: false)
-          end
-
-          it { is_expected.to be_empty }
-        end
      end

      context 'with project authorizations present' do
@ -138,14 +130,6 @@ RSpec.describe Clusters::AgentAuthorizationsFinder do
        let!(:group_authorization) { create(:agent_group_authorization, agent: non_ancestor_agent, group: bottom_level_group) }

        it { is_expected.to match_array([group_authorization]) }
-
-        context 'agent_authorization_include_descendants feature flag is disabled' do
-          before do
-            stub_feature_flags(agent_authorization_include_descendants: false)
-          end
-
-          it { is_expected.to be_empty }
-        end
      end

      it_behaves_like 'access_as' do