kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2022-08-11 18:11:57 +00:00
parent c79523e395
commit 603ee53dbd
53 changed files with 533 additions and 266 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
GITALY_SERVER_VERSION
View File

@ -1 +1 @@
f20b8259797f3a1f3b59142c9789af97fcb0f69f
ac315ef254b265af5323387a1df1abb5d57daa95

6
app/assets/javascripts/related_issues/constants.js
View File

@ -136,7 +136,7 @@ export const issuablesFormCategoryHeaderTextMap = {
};
export const issuablesFormInputTextMap = {
[issuableTypesMap.ISSUE]: __('the following issue(s)'),
[issuableTypesMap.INCIDENT]: __('the following incident(s) or issue(s)'),
[issuableTypesMap.EPIC]: __('the following epic(s)'),
[issuableTypesMap.ISSUE]: __('the following issues'),
[issuableTypesMap.INCIDENT]: __('the following incidents or issues'),
[issuableTypesMap.EPIC]: __('the following epics'),
};

17
app/controllers/projects_controller.rb
View File

@ -46,6 +46,10 @@ class ProjectsController < Projects::ApplicationController
push_frontend_feature_flag(:work_items_hierarchy, @project)
end
before_action only: :edit do
push_frontend_feature_flag(:split_operations_visibility_permissions, @project)
end
layout :determine_layout
feature_category :projects, [
@ -416,10 +420,19 @@ class ProjectsController < Projects::ApplicationController
pages_access_level
metrics_dashboard_access_level
analytics_access_level
operations_access_level
security_and_compliance_access_level
container_registry_access_level
]
] + operations_feature_attributes
end
def operations_feature_attributes
if Feature.enabled?(:split_operations_visibility_permissions, project)
%i[
environments_access_level feature_flags_access_level
]
else
%i[operations_access_level]
end
end
def project_setting_attributes

3
app/helpers/projects_helper.rb
View File

@ -640,7 +640,8 @@ module ProjectsHelper
enforceAuthChecksOnUploads: project.enforce_auth_checks_on_uploads?,
securityAndComplianceAccessLevel: project.security_and_compliance_access_level,
containerRegistryAccessLevel: feature.container_registry_access_level,
environmentsAccessLevel: feature.environments_access_level
environmentsAccessLevel: feature.environments_access_level,
featureFlagsAccessLevel: feature.feature_flags_access_level
}
end

4
app/models/concerns/project_features_compatibility.rb
View File

@ -98,6 +98,10 @@ module ProjectFeaturesCompatibility
write_feature_attribute_string(:environments_access_level, value)
end
def feature_flags_access_level=(value)
write_feature_attribute_string(:feature_flags_access_level, value)
end
# TODO: Remove this method after we drop support for project create/edit APIs to set the
# container_registry_enabled attribute. They can instead set the container_registry_access_level
# attribute.

2
app/models/project.rb
View File

@ -451,7 +451,7 @@ class Project < ApplicationRecord
:repository_access_level, :package_registry_access_level, :pages_access_level,
:metrics_dashboard_access_level, :analytics_access_level,
:operations_access_level, :security_and_compliance_access_level,
:container_registry_access_level, :environments_access_level,
:container_registry_access_level, :environments_access_level, :feature_flags_access_level,
to: :project_feature, allow_nil: true
delegate :show_default_award_emojis, :show_default_award_emojis=,

1
app/models/project_feature.rb
View File

@ -22,6 +22,7 @@ class ProjectFeature < ApplicationRecord
container_registry
package_registry
environments
feature_flags
].freeze
EXPORTABLE_FEATURES = (FEATURES - [:security_and_compliance, :pages]).freeze

7
app/policies/project_policy.rb
View File

@ -210,6 +210,7 @@ class ProjectPolicy < BasePolicy
operations
security_and_compliance
environments
feature_flags
]
features.each do |f|
@ -389,6 +390,12 @@ class ProjectPolicy < BasePolicy
prevent(*create_read_update_admin_destroy(:deployment))
end
rule { split_operations_visibility_permissions & feature_flags_disabled }.policy do
prevent(*create_read_update_admin_destroy(:feature_flag))
prevent(:admin_feature_flags_user_lists)
prevent(:admin_feature_flags_client)
end
rule { can?(:metrics_dashboard) }.policy do
enable :read_prometheus
enable :read_deployment

15
app/views/shared/members/_requests.html.haml
View File

@ -5,15 +5,16 @@
- return if requesters.empty?
.card.gl-mt-3{ data: { testid: 'access-requests' } }
.card-header
= _("Users requesting access to")
= render Pajamas::CardComponent.new(card_options: { class: 'gl-mt-3 gl-mb-5', data: { testid: 'access-requests' } }, body_options: { class: 'gl-p-0' }) do |c|
- c.header do
= _('Users requesting access to')
%strong= membership_source.name
= gl_badge_tag requesters.size
= render 'shared/members/manage_access_button', path: membership_source.is_a?(Project) ? project_project_members_path(@project, tab: 'access_requests') : group_group_members_path(@group, tab: 'access_requests')
%ul.content-list.members-list
= render partial: 'shared/members/member',
collection: requesters, as: :member,
locals: { membership_source: membership_source,
- c.body do
%ul.content-list.members-list
= render partial: 'shared/members/member',
collection: requesters, as: :member,
locals: { membership_source: membership_source,
group: group,
current_user_is_group_owner: current_user_is_group_owner }

4
config/initializers/00_deprecations.rb
View File

@ -25,7 +25,9 @@ rails7_deprecation_warnings = [
# https://gitlab.com/gitlab-org/gitlab/-/issues/342492
/Rendering actions with '\.' in the name is deprecated/,
# https://gitlab.com/gitlab-org/gitlab/-/issues/333086
/default_hash is deprecated/
/default_hash is deprecated/,
# https://gitlab.com/gitlab-org/gitlab/-/issues/369970
/Passing an Active Record object to `\w+` directly is deprecated/
]
ActiveSupport::Deprecation.disallowed_warnings.concat rails7_deprecation_warnings

70
config/locales/devise.zh-cn.yml Normal file
View File

@ -0,0 +1,70 @@
# Additional translations at https://github.com/plataformatec/devise/wiki/I18n
zh-CN:
devise:
confirmations:
confirmed: "您的电子邮件地址已成功确认。"
send_instructions: "您将收到一封电子邮件,说明如何在几分钟内确认您的电子邮件地址。"
send_paranoid_instructions: "如果您的电子邮件地址存在于我们的数据库中,您将在几分钟内收到一封电子邮件,其中包含如何确认您的电子邮件地址的说明。"
failure:
already_authenticated: "您已经登录。"
inactive: "您的帐户尚未激活。"
invalid: "无效的登录信息或密码。"
locked: "您的帐户已锁定。"
last_attempt: "在您的帐户被锁定之前,您还有一次尝试机会。"
not_found_in_database: "无效的登录信息或密码。"
timeout: "您的会话已过期,请重新登录。"
unauthenticated: "您需要先登录或注册,然后才能继续。"
unconfirmed: "在继续之前,您必须确认您的电子邮件地址。请检查您的电子邮件,获取我们发送给您的链接,或单击“重新发送确认电子邮件”。"
blocked: "您的帐户已被封禁。如果您认为存在错误,请联系您的管理员。"
forbidden: "您的帐户没有登录所需的权限。如果您认为存在错误,请联系您的管理员。"
blocked_pending_approval: "您的帐户正在等待管理员的批准,因此被阻止。如果您认为存在错误,请联系您的管理员。"
mailer:
confirmation_instructions:
subject: "确认说明"
reset_password_instructions:
subject: "重置密码说明"
unlock_instructions:
subject: "解锁说明"
password_change:
subject: "密码已更改"
password_change_by_admin:
subject: "密码已由管理员更改"
user_admin_approval:
subject: "欢迎使用极狐GitLab"
omniauth_callbacks:
failure: "无法通过 %{kind} 对您进行身份验证,原因:\"%{reason}\"。"
success: "已成功通过 %{kind} 帐户进行身份验证。"
passwords:
no_token: "如果没有密码重置电子邮件,您将无法访问此页面。如果您确实从密码重置电子邮件访问此页面,请确保您使用了提供的完整 URL。"
send_instructions: "您将收到一封电子邮件,其中包含有关如何在几分钟内重置密码的说明。"
send_paranoid_instructions: "如果您的电子邮件地址存在于我们的数据库中,您将在几分钟后在您的电子邮件地址中收到一个密码恢复链接。"
updated: "您已成功更改密码。您现在已登录。"
updated_not_active: "您已成功更改密码。"
registrations:
destroyed: "再见!您的帐户已成功注销。我们希望很快再见到您。"
signed_up: "欢迎!您已成功注册。"
signed_up_but_inactive: "您已成功注册。但是,由于您的帐户尚未激活,我们无法让您登录。"
signed_up_but_locked: "您已成功注册。但是,由于您的帐户被锁定,我们无法让您登录。"
signed_up_but_unconfirmed: "带有确认链接的消息已发送到您的电子邮件地址。请点击链接激活您的帐户。"
signed_up_but_blocked_pending_approval: "您已成功注册。但是,由于您的帐户正在等待管理员的批准,我们无法让您登录。"
update_needs_confirmation: "您已成功更新您的帐户,但我们需要验证您的新电子邮件地址。请检查您的电子邮件并点击确认链接,确认您的新电子邮件地址。"
updated: "您的帐户已成功更新。"
sessions:
signed_in: "登录成功。"
signed_out: "登出成功。"
already_signed_out: "登出成功。"
unlocks:
send_instructions: "您将收到一封电子邮件,说明如何在几分钟内解锁您的帐户。"
send_paranoid_instructions: "如果您的帐户存在,您将在几分钟内收到一封电子邮件,其中包含如何解锁它的说明。"
unlocked: "您的帐户已成功解锁。请登录以继续。"
errors:
messages:
already_confirmed: "已确认,请尝试登录"
confirmation_period_expired: "需要在 %{period} 内确认,请在下方重新请求新的确认电子邮件"
expired: "已过期,请重新请求新的确认电子邮件"
not_found: "未找到"
not_locked: "未被锁定"
not_saved:
one: "发生 1 个错误,禁止保存此 %{resource}"
other: "发生 %{count} 个错误,禁止保存此 %{resource}"

6
doc/administration/auditor_users.md
View File

@ -55,3 +55,9 @@ If you are signed in with auditor access, you:
you can push commits or comment on issues.
- Can access the same resources using the GitLab UI or API.
- Can't view the Admin Area, or perform any administration actions.
## Maintain auditor users using API
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/366404) in GitLab 15.3.
Administrators can use the GitLab API to [create](../api/users.md#user-creation) and [modify](../api/users.md#user-modification) auditor users.

2
doc/administration/geo/disaster_recovery/index.md
View File

@ -581,7 +581,7 @@ and after that you also need two extra steps.
gitlab_rails['auto_migrate'] = false
```
(For more details about these settings you can read [Configure the primary server](../setup/database.md#step-1-configure-the-primary-server))
(For more details about these settings you can read [Configure the primary server](../setup/database.md#step-1-configure-the-primary-site))
1. Save the file and reconfigure GitLab for the database listen changes and
the replication slot changes to be applied:

221
doc/administration/geo/setup/database.md
View File

@ -8,7 +8,7 @@ type: howto
# Geo database replication **(PREMIUM SELF)**
This document describes the minimal required steps to replicate your primary
GitLab database to a secondary node's database. You may have to change some
GitLab database to a secondary site's database. You may have to change some
values, based on attributes including your database's setup and size.
NOTE:
@ -41,31 +41,31 @@ instructions on setting up replication with a Patroni cluster.
### PostgreSQL replication
The GitLab **primary** node where the write operations happen connects to
the **primary** database server, and **secondary** nodes
The GitLab **primary** site where the write operations happen connects to
the **primary** database server, and **secondary** sites
connect to their own database servers (which are read-only).
We recommend using [PostgreSQL replication slots](https://medium.com/@tk512/replication-slots-in-postgresql-b4b03d277c75)
to ensure that the **primary** node retains all the data necessary for the **secondary** nodes to
to ensure that the **primary** site retains all the data necessary for the **secondary** sites to
recover. See below for more details.
The following guide assumes that:
- You are using Omnibus and therefore you are using PostgreSQL 12 or later
which includes the [`pg_basebackup` tool](https://www.postgresql.org/docs/12/app-pgbasebackup.html).
- You have a **primary** node already set up (the GitLab server you are
- You have a **primary** site already set up (the GitLab server you are
replicating from), running Omnibus' PostgreSQL (or equivalent version), and
you have a new **secondary** server set up with the same
you have a new **secondary** site set up with the same
[versions of PostgreSQL](../index.md#requirements-for-running-geo),
OS, and GitLab on all nodes.
OS, and GitLab on all sites.
WARNING:
Geo works with streaming replication. Logical replication is not supported at this time.
There is an [issue where support is being discussed](https://gitlab.com/gitlab-org/gitlab/-/issues/7420).
#### Step 1. Configure the **primary** server
#### Step 1. Configure the **primary** site
1. SSH into your GitLab **primary** server and login as root:
1. SSH into your GitLab **primary** site and login as root:
```shell
sudo -i
@ -81,13 +81,13 @@ There is an [issue where support is being discussed](https://gitlab.com/gitlab-o
gitlab_rails['geo_node_name'] = '<site_name_here>'
```
1. Reconfigure the **primary** node for the change to take effect:
1. Reconfigure the **primary** site for the change to take effect:
```shell
gitlab-ctl reconfigure
```
1. Execute the command below to define the node as **primary** node:
1. Execute the command below to define the site as **primary** site:
```shell
gitlab-ctl set-geo-primary-node
@ -154,17 +154,17 @@ There is an [issue where support is being discussed](https://gitlab.com/gitlab-o
1. Configure PostgreSQL to listen on network interfaces:
For security reasons, PostgreSQL does not listen on any network interfaces
by default. However, Geo requires the **secondary** node to be able to
connect to the **primary** node's database. For this reason, we need the address of
each node.
by default. However, Geo requires the **secondary** site to be able to
connect to the **primary** site's database. For this reason, we need the IP address of
each site.
NOTE:
For external PostgreSQL instances, see [additional instructions](external_database.md).
If you are using a cloud provider, you can lookup the addresses for each
Geo node through your cloud provider's management console.
Geo site through your cloud provider's management console.
To lookup the address of a Geo node, SSH in to the Geo node and execute:
To lookup the address of a Geo site, SSH in to the Geo site and execute:
```shell
##
@ -183,11 +183,11 @@ There is an [issue where support is being discussed](https://gitlab.com/gitlab-o
| Configuration | Address |
|:----------------------------------------|:----------------------------------------------------------------------|
| `postgresql['listen_address']` | **Primary** node's public or VPC private address. |
| `postgresql['md5_auth_cidr_addresses']` | **Primary** and **Secondary** nodes' public or VPC private addresses. |
| `postgresql['listen_address']` | **Primary** site's public or VPC private address. |
| `postgresql['md5_auth_cidr_addresses']` | **Primary** and **Secondary** sites' public or VPC private addresses. |
If you are using Google Cloud Platform, SoftLayer, or any other vendor that
provides a virtual private cloud (VPC) you can use the **primary** and **secondary** nodes
provides a virtual private cloud (VPC) you can use the **primary** and **secondary** sites
private addresses (corresponds to "internal address" for Google Cloud Platform) for
`postgresql['md5_auth_cidr_addresses']` and `postgresql['listen_address']`.
@ -201,10 +201,10 @@ There is an [issue where support is being discussed](https://gitlab.com/gitlab-o
`127.0.0.1`. For more information, see [omnibus-5258](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/5258).
Depending on your network configuration, the suggested addresses may not
be correct. If your **primary** node and **secondary** nodes connect over a local
be correct. If your **primary** site and **secondary** sites connect over a local
area network, or a virtual network connecting availability zones like
[Amazon's VPC](https://aws.amazon.com/vpc/) or [Google's VPC](https://cloud.google.com/vpc/)
you should use the **secondary** node's private address for `postgresql['md5_auth_cidr_addresses']`.
you should use the **secondary** site's private address for `postgresql['md5_auth_cidr_addresses']`.
Edit `/etc/gitlab/gitlab.rb` and add the following, replacing the IP
addresses with addresses appropriate to your network configuration:
@ -225,13 +225,13 @@ There is an [issue where support is being discussed](https://gitlab.com/gitlab-o
## Primary address
## - replace '<primary_node_ip>' with the public or VPC address of your Geo primary node
##
postgresql['listen_address'] = '<primary_node_ip>'
postgresql['listen_address'] = '<primary_site_ip>'
##
# Allow PostgreSQL client authentication from the primary and secondary IPs. These IPs may be
# public or VPC addresses in CIDR format, for example ['198.51.100.1/32', '198.51.100.2/32']
##
postgresql['md5_auth_cidr_addresses'] = ['<primary_node_ip>/32', '<secondary_node_ip>/32']
postgresql['md5_auth_cidr_addresses'] = ['<primary_site_ip>/32', '<secondary_site_ip>/32']
##
## Replication settings
@ -247,10 +247,10 @@ There is an [issue where support is being discussed](https://gitlab.com/gitlab-o
gitlab_rails['auto_migrate'] = false
```
1. Optional: If you want to add another **secondary** node, the relevant setting would look like:
1. Optional: If you want to add another **secondary** site, the relevant setting would look like:
```ruby
postgresql['md5_auth_cidr_addresses'] = ['<primary_node_ip>/32', '<secondary_node_ip>/32', '<another_secondary_node_ip>/32']
postgresql['md5_auth_cidr_addresses'] = ['<primary_site_ip>/32', '<secondary_site_ip>/32', '<another_secondary_site_ip>/32']
```
You may also want to edit the `wal_keep_segments` and `max_wal_senders` to match your
@ -287,20 +287,20 @@ There is an [issue where support is being discussed](https://gitlab.com/gitlab-o
1. Now that the PostgreSQL server is set up to accept remote connections, run
`netstat -plnt | grep 5432` to make sure that PostgreSQL is listening on port
`5432` to the **primary** server's private address.
`5432` to the **primary** site's private address.
1. A certificate was automatically generated when GitLab was reconfigured. This
is used automatically to protect your PostgreSQL traffic from
eavesdroppers, but to protect against active ("man-in-the-middle") attackers,
the **secondary** node needs a copy of the certificate. Make a copy of the PostgreSQL
`server.crt` file on the **primary** node by running this command:
the **secondary** site needs a copy of the certificate. Make a copy of the PostgreSQL
`server.crt` file on the **primary** site by running this command:
```shell
cat ~gitlab-psql/data/server.crt
```
Copy the output into a clipboard or into a local file. You
need it when setting up the **secondary** node! The certificate is not sensitive
need it when setting up the **secondary** site! The certificate is not sensitive
data.
However, this certificate is created with a generic `PostgreSQL` Common Name. For this,
@ -323,7 +323,7 @@ There is an [issue where support is being discussed](https://gitlab.com/gitlab-o
#### Step 2. Configure the **secondary** server
1. SSH into your GitLab **secondary** server and login as root:
1. SSH into your GitLab **secondary** site and login as root:
```shell
sudo -i
@ -337,28 +337,28 @@ There is an [issue where support is being discussed](https://gitlab.com/gitlab-o
```
NOTE:
This step is important so we don't try to execute anything before the node is fully configured.
This step is important so we don't try to execute anything before the site is fully configured.
1. [Check TCP connectivity](../../raketasks/maintenance.md) to the **primary** node's PostgreSQL server:
1. [Check TCP connectivity](../../raketasks/maintenance.md) to the **primary** site's PostgreSQL server:
```shell
gitlab-rake gitlab:tcp_check[<primary_node_ip>,5432]
gitlab-rake gitlab:tcp_check[<primary_site_ip>,5432]
```
NOTE:
If this step fails, you may be using the wrong IP address, or a firewall may
be preventing access to the server. Check the IP address, paying close
be preventing access to the site. Check the IP address, paying close
attention to the difference between public and private addresses and ensure
that, if a firewall is present, the **secondary** node is permitted to connect to the
**primary** node on port 5432.
that, if a firewall is present, the **secondary** site is permitted to connect to the
**primary** site on port 5432.
1. Create a file `server.crt` in the **secondary** server, with the content you got on the last step of the **primary** node's setup:
1. Create a file `server.crt` in the **secondary** site, with the content you got on the last step of the **primary** site's setup:
```shell
editor server.crt
```
1. Set up PostgreSQL TLS verification on the **secondary** node:
1. Set up PostgreSQL TLS verification on the **secondary** site:
Install the `server.crt` file:
@ -373,9 +373,9 @@ There is an [issue where support is being discussed](https://gitlab.com/gitlab-o
PostgreSQL now only recognizes that exact certificate when verifying TLS
connections. The certificate can only be replicated by someone with access
to the private key, which is **only** present on the **primary** node.
to the private key, which is **only** present on the **primary** site.
1. Test that the `gitlab-psql` user can connect to the **primary** node's database
1. Test that the `gitlab-psql` user can connect to the **primary** site's database
(the default Omnibus database name is `gitlabhq_production`):
```shell
@ -385,7 +385,7 @@ There is an [issue where support is being discussed](https://gitlab.com/gitlab-o
-U gitlab_replicator \
-d "dbname=gitlabhq_production sslmode=verify-ca" \
-W \
-h <primary_node_ip>
-h <primary_site_ip>
```
NOTE:
@ -396,11 +396,11 @@ There is an [issue where support is being discussed](https://gitlab.com/gitlab-o
When prompted enter the _plaintext_ password you set in the first step for the
`gitlab_replicator` user. If all worked correctly, you should see
the list of **primary** node's databases.
the list of **primary** site's databases.
A failure to connect here indicates that the TLS configuration is incorrect.
Ensure that the contents of `~gitlab-psql/data/server.crt` on the **primary** node
match the contents of `~gitlab-psql/.postgresql/root.crt` on the **secondary** node.
Ensure that the contents of `~gitlab-psql/data/server.crt` on the **primary** site
match the contents of `~gitlab-psql/.postgresql/root.crt` on the **secondary** site.
1. Configure PostgreSQL:
@ -419,14 +419,14 @@ There is an [issue where support is being discussed](https://gitlab.com/gitlab-o
##
## Secondary address
## - replace '<secondary_node_ip>' with the public or VPC address of your Geo secondary node
## - replace '<secondary_site_ip>' with the public or VPC address of your Geo secondary site
##
postgresql['listen_address'] = '<secondary_node_ip>'
postgresql['md5_auth_cidr_addresses'] = ['<secondary_node_ip>/32']
postgresql['listen_address'] = '<secondary_site_ip>'
postgresql['md5_auth_cidr_addresses'] = ['<secondary_site_ip>/32']
##
## Database credentials password (defined previously in primary node)
## - replicate same values here as defined in primary node
## Database credentials password (defined previously in primary site)
## - replicate same values here as defined in primary site
##
postgresql['sql_replication_password'] = '<md5_hash_of_your_password>'
postgresql['sql_user_password'] = '<md5_hash_of_your_password>'
@ -434,7 +434,7 @@ There is an [issue where support is being discussed](https://gitlab.com/gitlab-o
```
For external PostgreSQL instances, see [additional instructions](external_database.md).
If you bring a former **primary** node back online to serve as a **secondary** node, then you also must remove `roles(['geo_primary_role'])` or `geo_primary_role['enable'] = true`.
If you bring a former **primary** site back online to serve as a **secondary** site, then you also must remove `roles(['geo_primary_role'])` or `geo_primary_role['enable'] = true`.
1. Reconfigure GitLab for the changes to take effect:
@ -450,24 +450,24 @@ There is an [issue where support is being discussed](https://gitlab.com/gitlab-o
#### Step 3. Initiate the replication process
Below we provide a script that connects the database on the **secondary** node to
the database on the **primary** node, replicates the database, and creates the
Below we provide a script that connects the database on the **secondary** site to
the database on the **primary** site, replicates the database, and creates the
needed files for streaming replication.
The directories used are the defaults that are set up in Omnibus. If you have
changed any defaults, configure it as you see fit replacing the directories and paths.
WARNING:
Make sure to run this on the **secondary** server as it removes all PostgreSQL's
Make sure to run this on the **secondary** site as it removes all PostgreSQL's
data before running `pg_basebackup`.
1. SSH into your GitLab **secondary** server and login as root:
1. SSH into your GitLab **secondary** site and login as root:
```shell
sudo -i
```
1. Choose a database-friendly name to use for your **secondary** node to
1. Choose a database-friendly name to use for your **secondary** site to
use as the replication slot name. For example, if your domain is
`secondary.geo.example.com`, you may use `secondary_example` as the slot
name as shown in the commands below.
@ -475,13 +475,13 @@ data before running `pg_basebackup`.
1. Execute the command below to start a backup/restore and begin the replication
WARNING:
Each Geo **secondary** node must have its own unique replication slot name.
Each Geo **secondary** site must have its own unique replication slot name.
Using the same slot name between two secondaries breaks PostgreSQL replication.
```shell
gitlab-ctl replicate-geo-database \
--slot-name=<secondary_node_name> \
--host=<primary_node_ip> \
--slot-name=<secondary_site_name> \
--host=<primary_site_ip> \
--sslmode=verify-ca
```
@ -515,7 +515,7 @@ data before running `pg_basebackup`.
- Change the `--slot-name` to the name of the replication slot
to be used on the **primary** database. The script attempts to create the
replication slot automatically if it does not exist.
- If you're repurposing an old server into a Geo **secondary** node, you must
- If you're repurposing an old site into a Geo **secondary** site, you must
add `--force` to the command line.
- When not in a production machine you can disable backup step if you
really sure this is what you want by adding `--skip-backup`
@ -539,7 +539,7 @@ see [High Availability with Omnibus GitLab](../../postgresql/replication_and_fai
To change the password for the [replication user](https://wiki.postgresql.org/wiki/Streaming_Replication)
when using Omnibus-managed PostgreSQL instances:
On the GitLab Geo **primary** server:
On the GitLab Geo **primary** site:
1. The default value for the replication user is `gitlab_replicator`, but if you've set a custom replication
user in your `/etc/gitlab/gitlab.rb` under the `postgresql['sql_replication_user']` setting, make sure to
@ -573,19 +573,18 @@ On the GitLab Geo **primary** server:
sudo gitlab-ctl restart postgresql
```
Until the password is updated on any **secondary** servers, the [PostgreSQL log](../../logs/index.md#postgresql-logs) on
Until the password is updated on any **secondary** sites, the [PostgreSQL log](../../logs/index.md#postgresql-logs) on
the secondaries will report the following error message:
```console
FATAL: could not connect to the primary server: FATAL: password authentication failed for user "gitlab_replicator"
```
On all GitLab Geo **secondary** servers:
On all GitLab Geo **secondary** sites:
1. The first step isn't necessary from a configuration perspective, because the hashed `'sql_replication_password'`
is not used on the GitLab Geo **secondary**. However in the event that **secondary** needs to be promoted
to the GitLab Geo **primary**, make sure to match the `'sql_replication_password'` in the secondary
server configuration.
is not used on the GitLab Geo **secondary** sites. However in the event that **secondary** site needs to be promoted
to the GitLab Geo **primary**, make sure to match the `'sql_replication_password'` in the **secondary** site configuration.
Edit `/etc/gitlab/gitlab.rb`:
@ -615,6 +614,28 @@ In GitLab 14.0, Patroni replaced `repmgr` as the supported
NOTE:
If you still haven't [migrated from repmgr to Patroni](#migrating-from-repmgr-to-patroni) you're highly advised to do so.
### Migrating from repmgr to Patroni
1. Before migrating, we recommend that there is no replication lag between the **primary** and **secondary** sites and that replication is paused. In GitLab 13.2 and later, you can pause and resume replication with `gitlab-ctl geo-replication-pause` and `gitlab-ctl geo-replication-resume` on a Geo secondary database node.
1. Follow the [instructions to migrate repmgr to Patroni](../../postgresql/replication_and_failover.md#switching-from-repmgr-to-patroni). When configuring Patroni on each **primary** site database node, add `patroni['replication_slots'] = { '<slot_name>' => 'physical' }`
to `gitlab.rb` where `<slot_name>` is the name of the replication slot for your **secondary** site. This ensures that Patroni recognizes the replication slot as permanent and not drop it upon restarting.
1. If database replication to the **secondary** site was paused before migration, resume replication once Patroni is confirmed working on the **primary** site.
### Migrating a single PostgreSQL node to Patroni
Before the introduction of Patroni, Geo had no Omnibus support for HA setups on the **secondary** site.
With Patroni it's now possible to support that. To migrate the existing PostgreSQL to Patroni:
1. Make sure you have a Consul cluster setup on the secondary (similar to how you set it up on the **primary** site).
1. [Configure a permanent replication slot](#step-1-configure-patroni-permanent-replication-slot-on-the-primary-site).
1. [Configure the internal load balancer](#step-2-configure-the-internal-load-balancer-on-the-primary-site).
1. [Configure a PgBouncer node](#step-3-configure-pgbouncer-nodes-on-the-secondary-site)
1. [Configure a Standby Cluster](#step-4-configure-a-standby-cluster-on-the-secondary-site)
on that single node machine.
You end up with a “Standby Cluster” with a single node. That allows you to later on add additional Patroni nodes by following the same instructions above.
### Patroni support
Patroni is the official replication management solution for Geo. It
@ -647,11 +668,11 @@ and other database best practices.
##### Step 1. Configure Patroni permanent replication slot on the primary site
To set up database replication with Patroni on a secondary node, we must
configure a _permanent replication slot_ on the primary node's Patroni cluster,
To set up database replication with Patroni on a secondary site, we must
configure a _permanent replication slot_ on the primary site's Patroni cluster,
and ensure password authentication is used.
For each Patroni instance on the primary site **starting on the Patroni
On each node running a Patroni instance on the primary site **starting on the Patroni
Leader instance**:
1. SSH into your Patroni instance and login as root:
@ -754,7 +775,7 @@ backend postgresql
Refer to your preferred Load Balancer's documentation for further guidance.
##### Step 3. Configure a PgBouncer node on the secondary site
##### Step 3. Configure PgBouncer nodes on the secondary site
A production-ready and highly available configuration requires at least
three Consul nodes, a minimum of one PgBouncer node, but it's recommended to have
@ -763,7 +784,7 @@ more than one PgBouncer service nodes. The internal load balancer provides a sin
endpoint for connecting to the PgBouncer cluster. For more information,
see [High Availability with Omnibus GitLab](../../postgresql/replication_and_failover.md).
Follow the minimal configuration for the PgBouncer node:
On each node running a PgBouncer instance on the **secondary** site:
1. SSH into your PgBouncer node and login as root:
@ -819,11 +840,10 @@ Follow the minimal configuration for the PgBouncer node:
##### Step 4. Configure a Standby cluster on the secondary site
NOTE:
If you are converting a secondary site to a Patroni Cluster, you must start
on the PostgreSQL instance. It becomes the Patroni Standby Leader instance,
and then you can switchover to another replica if you need.
If you are converting a secondary site with a single PostgreSQL instance to a Patroni Cluster, you must start on the PostgreSQL instance. It becomes the Patroni Standby Leader instance,
and then you can switch over to another replica if you need.
For each Patroni instance on the secondary site:
For each node running a Patroni instance on the secondary site:
1. SSH into your Patroni node and login as root:
@ -893,39 +913,29 @@ For each Patroni instance on the secondary site:
gitlab-ctl start patroni
```
### Migrating from repmgr to Patroni
### Migrating a single tracking database node to Patroni
1. Before migrating, we recommend that there is no replication lag between the primary and secondary sites and that replication is paused. In GitLab 13.2 and later, you can pause and resume replication with `gitlab-ctl geo-replication-pause` and `gitlab-ctl geo-replication-resume` on a Geo secondary database node.
1. Follow the [instructions to migrate repmgr to Patroni](../../postgresql/replication_and_failover.md#switching-from-repmgr-to-patroni). When configuring Patroni on each primary site database node, add `patroni['replication_slots'] = { '<slot_name>' => 'physical' }`
to `gitlab.rb` where `<slot_name>` is the name of the replication slot for your Geo secondary. This ensures that Patroni recognizes the replication slot as permanent and not drop it upon restarting.
1. If database replication to the secondary was paused before migration, resume replication once Patroni is confirmed working on the primary.
Before the introduction of Patroni, Geo had no Omnibus support for HA setups on
the secondary site.
### Migrating a single PostgreSQL node to Patroni
With Patroni, it's now possible to support that. Due to some restrictions on the
Patroni implementation on Omnibus that do not allow us to manage two different
clusters on the same machine, we recommend setting up a new Patroni cluster for
the tracking database by following the same instructions above.
Before the introduction of Patroni, Geo had no Omnibus support for HA setups on the secondary node.
With Patroni it's now possible to support that. To migrate the existing PostgreSQL to Patroni:
1. Make sure you have a Consul cluster setup on the secondary (similar to how you set it up on the primary).
1. [Configure a permanent replication slot](#step-1-configure-patroni-permanent-replication-slot-on-the-primary-site).
1. [Configure the internal load balancer](#step-2-configure-the-internal-load-balancer-on-the-primary-site).
1. [Configure a PgBouncer node](#step-3-configure-a-pgbouncer-node-on-the-secondary-site)
1. [Configure a Standby Cluster](#step-4-configure-a-standby-cluster-on-the-secondary-site)
on that single node machine.
You end up with a "Standby Cluster" with a single node. That allows you to later on add additional Patroni nodes
by following the same instructions above.
The secondary nodes backfill the new tracking database, and no data
synchronization is required.
### Configuring Patroni cluster for the tracking PostgreSQL database
Secondary sites use a separate PostgreSQL installation as a tracking database to
**Secondary** sites use a separate PostgreSQL installation as a tracking database to
keep track of replication status and automatically recover from potential replication issues.
Omnibus automatically configures a tracking database when `roles(['geo_secondary_role'])` is set.
If you want to run this database in a highly available configuration, don't use the `geo_secondary_role` above.
Instead, follow the instructions below.
A production-ready and secure setup requires at least three Consul nodes, two
A production-ready and secure setup for the tracking PostgreSQL DB requires at least three Consul nodes, two
Patroni nodes and one PgBouncer node on the secondary site.
Because of [omnibus-6587](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/6587), Consul can't track multiple
@ -934,9 +944,9 @@ services, so these must be different than the nodes used for the Standby Cluster
Be sure to use [password credentials](../../postgresql/replication_and_failover.md#database-authorization-for-patroni)
and other database best practices.
#### Step 1. Configure a PgBouncer node on the secondary site
#### Step 1. Configure PgBouncer nodes on the secondary site
Follow the minimal configuration for the PgBouncer node for the tracking database:
On each node running the PgBouncer service for the PostgreSQL tracking database:
1. SSH into your PgBouncer node and login as root:
@ -998,7 +1008,7 @@ Follow the minimal configuration for the PgBouncer node for the tracking databas
#### Step 2. Configure a Patroni cluster
For each Patroni instance on the secondary site for the tracking database:
On each node running a Patroni instance on the secondary site for the PostgreSQL tracking database:
1. SSH into your Patroni node and login as root:
@ -1062,7 +1072,7 @@ For each Patroni instance on the secondary site for the tracking database:
gitlab-ctl reconfigure
```
#### Step 3. Configure the tracking database on the secondary nodes
#### Step 3. Configure the tracking database on the secondary sites
For each node running the `gitlab-rails`, `sidekiq`, and `geo-logcursor` services:
@ -1099,19 +1109,6 @@ For each node running the `gitlab-rails`, `sidekiq`, and `geo-logcursor` service
gitlab-rake db:migrate:geo
```
### Migrating a single tracking database node to Patroni
Before the introduction of Patroni, Geo had no Omnibus support for HA setups on
the secondary node.
With Patroni, it's now possible to support that. Due to some restrictions on the
Patroni implementation on Omnibus that do not allow us to manage two different
clusters on the same machine, we recommend setting up a new Patroni cluster for
the tracking database by following the same instructions above.
The secondary nodes backfill the new tracking database, and no data
synchronization is required.
## Troubleshooting
Read the [troubleshooting document](../replication/troubleshooting.md).

12
doc/api/users.md
View File

@ -427,7 +427,8 @@ GET /users/:id?with_custom_attributes=true
## User creation **(FREE SELF)**
> The `namespace_id` field in the response was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/82045) in GitLab 14.10.
> - The `namespace_id` field in the response was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/82045) in GitLab 14.10.
> - Ability to create an auditor user was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/366404) in GitLab 15.3.
Creates a new user. Note only administrators can create new
users. Either `password`, `reset_password`, or `force_random_password`
@ -452,7 +453,8 @@ Parameters:
| Attribute | Required | Description |
| :----------------------------------- | :------- | :------------------------------------------------------------------------------------------------------------------------------------------------------ |
| `admin` | No | User is an administrator - true or false (default) |
| `admin` | No | User is an administrator. Valid values are `true` or `false`. Defaults to false.
| `auditor` **(PREMIUM)** | No | User is an auditor. Valid values are `true` or `false`. Defaults to false. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/366404) in GitLab 15.3. |
| `avatar` | No | Image file for user's avatar |
| `bio` | No | User's biography |
| `can_create_group` | No | User can create groups - true or false |
@ -484,7 +486,8 @@ Parameters:
## User modification **(FREE SELF)**
> The `namespace_id` field in the response was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/82045) in GitLab 14.10.
> - The `namespace_id` field in the response was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/82045) in GitLab 14.10.
> - Ability to modify an auditor user was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/366404) in GitLab 15.3.
Modifies an existing user. Only administrators can change attributes of a user.
@ -496,7 +499,8 @@ Parameters:
| Attribute | Required | Description |
| :----------------------------------- | :------- | :------------------------------------------------------------------------------------------------------------------------------------------------------ |
| `admin` | No | User is an administrator - true or false (default) |
| `admin` | No |User is an administrator. Valid values are `true` or `false`. Defaults to false.
| `auditor` **(PREMIUM)** | No | User is an auditor. Valid values are `true` or `false`. Defaults to false. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/366404) in GitLab 15.3.(default) |
| `avatar` | No | Image file for user's avatar |
| `bio` | No | User's biography |
| `can_create_group` | No | User can create groups - true or false |

2
doc/development/backend/ruby_style_guide.md
View File

@ -16,6 +16,8 @@ document the new rule. For every new guideline, add it in a new section and link
[version history note](../documentation/versions.md#add-a-version-history-item)
to provide context and serve as a reference.
See also [guidelines for reusing abstractions](../reusing_abstractions.md).
Everything listed here can be [reopened for discussion](https://about.gitlab.com/handbook/values/#disagree-commit-and-disagree).
## Instance variable access using `attr_reader`

45
doc/development/new_fe_guide/modules/widget_extensions.md
View File

@ -311,16 +311,16 @@ To generate these known events for a single widget:
1. Generate known events on the command line with the following command.
Replace `test_reports` with your appropriate name slug:
```shell
bundle exec rails generate gitlab:usage_metric_definition \
counts.i_code_review_merge_request_widget_test_reports_count_view \
counts.i_code_review_merge_request_widget_test_reports_count_full_report_clicked \
counts.i_code_review_merge_request_widget_test_reports_count_expand \
counts.i_code_review_merge_request_widget_test_reports_count_expand_success \
counts.i_code_review_merge_request_widget_test_reports_count_expand_warning \
counts.i_code_review_merge_request_widget_test_reports_count_expand_failed \
--dir=all
```
```shell
bundle exec rails generate gitlab:usage_metric_definition \
counts.i_code_review_merge_request_widget_test_reports_count_view \
counts.i_code_review_merge_request_widget_test_reports_count_full_report_clicked \
counts.i_code_review_merge_request_widget_test_reports_count_expand \
counts.i_code_review_merge_request_widget_test_reports_count_expand_success \
counts.i_code_review_merge_request_widget_test_reports_count_expand_warning \
counts.i_code_review_merge_request_widget_test_reports_count_expand_failed \
--dir=all
```
1. Modify each newly generated file to match the existing files for the merge request widget extension telemetry.
- Find existing examples by doing a glob search, like: `metrics/**/*_i_code_review_merge_request_widget_*`
@ -333,9 +333,10 @@ To generate these known events for a single widget:
1. `introduced_by_url` = `'[your MR]'`
1. `options.events` = (the event in the command from above that generated this file, like `i_code_review_merge_request_widget_test_reports_count_view`)
- This value is how the telemetry events are linked to "metrics" so this is probably one of the more important values.
1. `data_source` = `redis`
1. `data_category` = `optional`
1. Repeat steps 5 and 6 for the HLL metrics. Replace `test_reports` with your appropriate name slug.
1. `data_source` = `redis`
1. `data_category` = `optional`
1. Generate known HLL events on the command line with the following command.
Replace `test_reports` with your appropriate name slug.
```shell
bundle exec rails generate gitlab:usage_metric_definition:redis_hll code_review \
@ -348,7 +349,7 @@ To generate these known events for a single widget:
--class_name=RedisHLLMetric
```
- In step 6 for HLL, change the `data_source` to `redis_hll`.
1. Repeat step 6, but change the `data_source` to `redis_hll`.
1. Add each of the HLL metrics to `lib/gitlab/usage_data_counters/known_events/code_review_events.yml`:
1. `name` = (the event)
1. `redis_slot` = `code_review`
@ -397,14 +398,14 @@ Every placeholder contains starting and ending tags. For example, `success` uses
`Hello %{success_start}world%{success_end}`. The extension then
adds the start and end tags with the correct styling classes.
| Placeholder | Style |
|---|---|
| success | `gl-font-weight-bold gl-text-green-500` |
| danger | `gl-font-weight-bold gl-text-red-500` |
| critical | `gl-font-weight-bold gl-text-red-800` |
| same | `gl-font-weight-bold gl-text-gray-700` |
| strong | `gl-font-weight-bold` |
| small | `gl-font-sm` |
| Placeholder | Style |
|-------------|-----------------------------------------|
| success | `gl-font-weight-bold gl-text-green-500` |
| danger | `gl-font-weight-bold gl-text-red-500` |
| critical | `gl-font-weight-bold gl-text-red-800` |
| same | `gl-font-weight-bold gl-text-gray-700` |
| strong | `gl-font-weight-bold` |
| small | `gl-font-sm` |
## Action buttons

21
doc/development/reusing_abstractions.md
View File

@ -147,6 +147,27 @@ Legacy classes inherited from `BaseService` for historical reasons.
In Service classes the use of `execute` and `#execute` is preferred over `call` and `#call`.
Model properties should be passed to the constructor in a `params` hash, and will be assigned directly.
To pass extra parameters (which need to be processed, and are not model properties),
include an `options` hash in the constructor and store it in an instance variable:
```ruby
# container: Project, or Group
# current_user: Current user
# params: Model properties from the controller, already allowlisted with strong parameters
# options: Configuration for this service, can be any of the following:
# notify: Whether to send a notifcation to the current user
# cc: Email address to copy when sending a notification
def initialize(container:, current_user: nil, params: {}, options: {})
super(container, current_user, params)
@options = options
end
```
View the [initial discussion](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/90008#note_988744060)
and [further discussion](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/90853#note_1053425083).
Classes that are not service objects should be [created elsewhere](directory_structure.md#use-namespaces-to-define-bounded-contexts), such as in `lib`.
#### ServiceResponse

10
doc/integration/advanced_search/elasticsearch.md
View File

@ -163,6 +163,12 @@ If you see an error such as `Permission denied - /home/git/gitlab-elasticsearch-
may need to set the `production -> elasticsearch -> indexer_path` setting in your `gitlab.yml` file to
`/usr/local/bin/gitlab-elasticsearch-indexer`, which is where the binary is installed.
### View indexing errors
Errors from the [GitLab Elasticsearch Indexer](https://gitlab.com/gitlab-org/gitlab-elasticsearch-indexer) are reported in
the [`sidekiq.log`](../../administration/logs/index.md#sidekiqlog) file with a `json.exception.class` of `Gitlab::Elastic::Indexer::Error`.
These errors may occur when indexing Git repository data.
## Enable Advanced Search
For GitLab instances with more than 50GB repository data you can follow the instructions for [how to index large instances efficiently](#how-to-index-large-instances-efficiently) below.
@ -576,8 +582,8 @@ due to large volumes of data being indexed.
WARNING:
Indexing a large instance generates a lot of Sidekiq jobs.
Make sure to prepare for this task by having a
[Scalable and Highly Available Setup](../../administration/reference_architectures/index.md) or creating
Make sure to prepare for this task by having a
[scalable setup](../../administration/reference_architectures/index.md) or creating
[extra Sidekiq processes](../../administration/operations/extra_sidekiq_processes.md).
1. [Configure your Elasticsearch host and port](#enable-advanced-search).

31
doc/user/application_security/container_scanning/index.md
View File

@ -7,7 +7,12 @@ info: To determine the technical writer assigned to the Stage/Group associated w
# Container Scanning **(FREE)**
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/3672) in GitLab 10.4.
> - Improved support for FIPS [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/263482) in GitLab 13.6 by upgrading `CS_MAJOR_VERSION` from `2` to `3`.
> - Integration with Trivy [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/322656) in GitLab 13.9 by upgrading `CS_MAJOR_VERSION` from `3` to `4`.
> - Integration with Clair [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/321451) in GitLab 13.9.
> - Default container scanning with Trivy [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/61850) in GitLab 14.0.
> - Integration with Grype as an alternative scanner [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/326279) in GitLab 14.0.
> - [Changed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/86092) the major analyzer version from `4` to `5` in GitLab 15.0.
> - [Moved](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/86783) from GitLab Ultimate to GitLab Free in 15.0.
Your application's Docker image may itself be based on Docker images that contain known
@ -798,27 +803,5 @@ For information on this, see the [general Application Security troubleshooting s
## Changes
- GitLab 13.6 [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/263482) better support for
[FIPS](https://csrc.nist.gov/publications/detail/fips/140/2/final) by upgrading the
`CS_MAJOR_VERSION` from `2` to `3`. Version `3` of the `container_scanning` Docker image uses
[`centos:centos8`](https://hub.docker.com/_/centos)
as the new base. It also removes the use of the [start.sh](https://gitlab.com/gitlab-org/security-products/analyzers/klar/-/merge_requests/77)
script and instead executes the analyzer by default. Any customizations made to the
`container_scanning` job's [`before_script`](../../../ci/yaml/index.md#before_script)
and [`after_script`](../../../ci/yaml/index.md#after_script)
blocks may not work with the new version. To roll back to the previous [`alpine:3.11.3`](https://hub.docker.com/_/alpine)-based
Docker image, you can specify the major version through the [`CS_MAJOR_VERSION`](#available-cicd-variables)
variable.
- GitLab 13.9 [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/322656) integration with
[Trivy](https://github.com/aquasecurity/trivy) by upgrading `CS_MAJOR_VERSION` from `3` to `4`.
- GitLab 13.9 [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/321451) the integration with
[Clair](https://github.com/quay/clair/).
- GitLab 14.0 [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/61850)
an integration with [Trivy](https://github.com/aquasecurity/trivy)
as the default for container scanning, and also [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/326279)
an integration with [Grype](https://github.com/anchore/grype)
as an alternative scanner.
- GitLab 15.0 changed the major analyzer version from `4` to `5`.
Other changes to the container scanning analyzer can be found in the project's
Changes to the container scanning analyzer can be found in the project's
[changelog](https://gitlab.com/gitlab-org/security-products/analyzers/container-scanning/-/blob/master/CHANGELOG.md).

11
doc/user/infrastructure/clusters/manage/management_project_applications/certmanager.md
View File

@ -18,6 +18,17 @@ uncomment this line from your `helmfile.yaml`:
- path: applications/cert-manager/helmfile.yaml
```
And update the `applications/cert-manager/helmfile.yaml` with a valid email address.
```yaml
values:
- letsEncryptClusterIssuer:
#
# IMPORTANT: This value MUST be set to a valid email.
#
email: example@example.com
```
NOTE:
If your Kubernetes version is earlier than 1.20 and you are
[migrating from GitLab Managed Apps to a cluster management project](../../../../clusters/migrating_from_gma_to_project_template.md),

8
doc/user/project/merge_requests/approvals/settings.md
View File

@ -137,9 +137,15 @@ However, approvals are reset if the target branch is changed.
If you only want to remove approvals by Code Owners whose files have been changed:
Prerequisite:
- You must have at least the Maintainer role for a project.
To do this:
1. On the top bar, select **Menu > Projects** and find your project.
1. On the left sidebar, select **Settings > General**.
1. Expand **Merge request (MR) approvals**.
1. Expand **Merge request approvals**.
1. Select **Remove approvals by Code Owners if their files changed**.
1. Select **Save changes**.

2
lib/bulk_imports/pipeline.rb
View File

@ -12,7 +12,7 @@ module BulkImports
FailedError = Class.new(StandardError)
CACHE_KEY_EXPIRATION = 2.hours
NDJSON_EXPORT_TIMEOUT = 30.minutes
NDJSON_EXPORT_TIMEOUT = 90.minutes
def initialize(context)
@context = context

2
lib/gitlab/import_export/project/import_export.yml
View File

@ -286,6 +286,7 @@ included_attributes:
- :container_registry_access_level
- :package_registry_access_level
- :environments_access_level
- :feature_flags_access_level
prometheus_metrics:
- :created_at
- :updated_at
@ -691,6 +692,7 @@ included_attributes:
- :container_registry_access_level
- :package_registry_access_level
- :environments_access_level
- :feature_flags_access_level
- :allow_merge_on_skipped_pipeline
- :auto_devops_deploy_strategy
- :auto_devops_enabled

3
lib/gitlab/object_hierarchy.rb
View File

@ -65,7 +65,8 @@ module Gitlab
# Note: By default the order is breadth-first
# rubocop: disable CodeReuse/ActiveRecord
def base_and_ancestors(upto: nil, hierarchy_order: nil)
cte = base_and_ancestors_cte(upto, hierarchy_order)
upto_id = upto.try(:id) || upto
cte = base_and_ancestors_cte(upto_id, hierarchy_order)
recursive_query = if hierarchy_order
# othewise depth won't be available for outer query

2
lib/tasks/gitlab/tw/codeowners.rake
View File

@ -51,7 +51,7 @@ namespace :tw do
CodeOwnerRule.new('Infrastructure', '@sselhorn'),
CodeOwnerRule.new('Integrations', '@kpaizee'),
CodeOwnerRule.new('Knowledge', '@aqualls'),
CodeOwnerRule.new('Memory', '@sselhorn'),
CodeOwnerRule.new('Application Performance', '@sselhorn'),
CodeOwnerRule.new('Monitor', '@msedlakjakubowski'),
CodeOwnerRule.new('Observability', 'msedlakjakubowski'),
CodeOwnerRule.new('Optimize', '@fneill'),

26
locale/gitlab.pot
View File

@ -18667,7 +18667,7 @@ msgstr ""
msgid "GroupSettings|Auto DevOps pipeline was updated for the group"
msgstr ""
msgid "GroupSettings|Automatically ban users who download more than the specified number of projects within the specified interval."
msgid "GroupSettings|Automatically ban users who download more than a specified number of repositories in a given time."
msgstr ""
msgid "GroupSettings|Available only on the top-level group. Applies to all subgroups. Groups already shared with a group outside %{group} are still shared unless removed manually."
@ -18715,6 +18715,9 @@ msgstr ""
msgid "GroupSettings|Export group"
msgstr ""
msgid "GroupSettings|Git abuse rate limit"
msgstr ""
msgid "GroupSettings|Group members are not notified if the group is mentioned."
msgstr ""
@ -18727,15 +18730,9 @@ msgstr ""
msgid "GroupSettings|If the parent group's visibility is lower than the group's current visibility, visibility levels for subgroups and projects will be changed to match the new parent group's visibility."
msgstr ""
msgid "GroupSettings|Interval (seconds)"
msgstr ""
msgid "GroupSettings|Members cannot invite groups outside of %{group} and its subgroups"
msgstr ""
msgid "GroupSettings|Number of projects"
msgstr ""
msgid "GroupSettings|Organizations and contacts can be created and associated with issues."
msgstr ""
@ -18754,9 +18751,6 @@ msgstr ""
msgid "GroupSettings|Prevent forking setting was not saved"
msgstr ""
msgid "GroupSettings|Project download rate limit"
msgstr ""
msgid "GroupSettings|Projects in %{group} cannot be shared with other groups"
msgstr ""
@ -18781,15 +18775,9 @@ msgstr ""
msgid "GroupSettings|Set the initial name and protections for the default branch of new repositories created in the group."
msgstr ""
msgid "GroupSettings|Set to 0 to disable limiting."
msgstr ""
msgid "GroupSettings|The Auto DevOps pipeline runs if no alternative CI configuration file is found."
msgstr ""
msgid "GroupSettings|The maximum number of unique projects a user can download within the specified interval before they're banned. Set to 0 to disable limiting."
msgstr ""
msgid "GroupSettings|The projects in this subgroup can be selected as templates for new projects created in the group. %{link_start}Learn more.%{link_end}"
msgstr ""
@ -47326,13 +47314,13 @@ msgstr ""
msgid "the correct format."
msgstr ""
msgid "the following epic(s)"
msgid "the following epics"
msgstr ""
msgid "the following incident(s) or issue(s)"
msgid "the following incidents or issues"
msgstr ""
msgid "the following issue(s)"
msgid "the following issues"
msgstr ""
msgid "the wiki"

2
package.json
View File

@ -51,7 +51,7 @@
"@babel/preset-env": "^7.18.2",
"@gitlab/at.js": "1.5.7",
"@gitlab/favicon-overlay": "2.0.0",
"@gitlab/svgs": "2.32.0",
"@gitlab/svgs": "2.33.0",
"@gitlab/ui": "42.25.0",
"@gitlab/visual-review-tools": "1.7.3",
"@rails/actioncable": "6.1.4-7",

1
rubocop/cop/gitlab/feature_available_usage.rb
View File

@ -24,6 +24,7 @@ module RuboCop
security_and_compliance
container_registry
environments
feature_flags
].freeze
EE_FEATURES = %i[requirements].freeze
ALL_FEATURES = (FEATURES + EE_FEATURES).freeze

85
spec/controllers/projects_controller_spec.rb
View File

@ -878,28 +878,79 @@ RSpec.describe ProjectsController do
end
context 'with project feature attributes' do
using RSpec::Parameterized::TableSyntax
let(:initial_value) { ProjectFeature::PRIVATE }
let(:update_to) { ProjectFeature::ENABLED }
where(:feature, :initial_value, :update_to) do
:metrics_dashboard_access_level | ProjectFeature::PRIVATE | ProjectFeature::ENABLED
:container_registry_access_level | ProjectFeature::ENABLED | ProjectFeature::PRIVATE
before do
project.project_feature.update!(feature_access_level => initial_value)
end
def update_project_feature
put :update, params: {
namespace_id: project.namespace,
id: project.path,
project: {
project_feature_attributes: {
feature_access_level.to_s => update_to
}
}
}
end
shared_examples 'feature update success' do
it 'updates access level successfully' do
expect { update_project_feature }.to change {
project.reload.project_feature.public_send(feature_access_level)
}.from(initial_value).to(update_to)
end
end
shared_examples 'feature update failure' do
it 'cannot update access level' do
expect { update_project_feature }.not_to change {
project.reload.project_feature.public_send(feature_access_level)
}
end
end
where(:feature_access_level) do
%i[
metrics_dashboard_access_level
container_registry_access_level
environments_access_level
feature_flags_access_level
]
end
with_them do
it "updates the project_feature new" do
params = {
namespace_id: project.namespace,
id: project.path,
project: {
project_feature_attributes: {
"#{feature}": update_to
}
}
}
it_behaves_like 'feature update success'
end
expect { put :update, params: params }.to change {
project.reload.project_feature.public_send(feature)
}.from(initial_value).to(update_to)
context 'for feature_access_level operations_access_level' do
let(:feature_access_level) { :operations_access_level }
include_examples 'feature update failure'
end
context 'with feature flag split_operations_visibility_permissions disabled' do
before do
stub_feature_flags(split_operations_visibility_permissions: false)
end
context 'for feature_access_level operations_access_level' do
let(:feature_access_level) { :operations_access_level }
include_examples 'feature update success'
end
where(:feature_access_level) do
%i[
environments_access_level feature_flags_access_level
]
end
with_them do
it_behaves_like 'feature update failure'
end
end
end

1
spec/factories/projects.rb
View File

@ -38,6 +38,7 @@ FactoryBot.define do
container_registry_access_level { ProjectFeature::ENABLED }
security_and_compliance_access_level { ProjectFeature::PRIVATE }
environments_access_level { ProjectFeature::ENABLED }
feature_flags_access_level { ProjectFeature::ENABLED }
# we can't assign the delegated `#ci_cd_settings` attributes directly, as the
# `#ci_cd_settings` relation needs to be created first

4
spec/frontend/boards/components/board_new_item_spec.js
View File

@ -93,7 +93,7 @@ describe('BoardNewItem', () => {
titleInput().setValue('Foo');
await glForm().trigger('submit');
expect(wrapper.emitted('form-submit')).toBeTruthy();
expect(wrapper.emitted('form-submit')).toHaveLength(1);
expect(wrapper.emitted('form-submit')[0]).toEqual([
{
title: 'Foo',
@ -131,7 +131,7 @@ describe('BoardNewItem', () => {
await glForm().trigger('reset');
expect(titleInput().element.value).toBe('');
expect(wrapper.emitted('form-cancel')).toBeTruthy();
expect(wrapper.emitted('form-cancel')).toHaveLength(1);
});
});
});

2
spec/frontend/clusters/agents/components/activity_history_item_spec.js
View File

@ -23,7 +23,7 @@ describe('ActivityHistoryItem', () => {
};
const findHistoryItem = () => wrapper.findComponent(HistoryItem);
const findTimeAgo = () => wrapper.find(TimeAgoTooltip);
const findTimeAgo = () => wrapper.findComponent(TimeAgoTooltip);
afterEach(() => {
wrapper.destroy();

2
spec/frontend/clusters/agents/components/create_token_modal_spec.js
View File

@ -55,7 +55,7 @@ describe('CreateTokenModal', () => {
const findAgentInstructions = () => findModal().findComponent(AgentToken);
const findButtonByVariant = (variant) =>
findModal()
.findAll(GlButton)
.findAllComponents(GlButton)
.wrappers.find((button) => button.props('variant') === variant);
const findActionButton = () => findButtonByVariant('confirm');
const findCancelButton = () => wrapper.findByTestId('agent-token-close-button');

4
spec/frontend/clusters/agents/components/token_table_spec.js
View File

@ -136,8 +136,8 @@ describe('ClusterAgentTokenTable', () => {
const token = tokens.at(lineNumber);
expect(token.text()).toContain(description);
expect(token.find(GlTruncate).exists()).toBe(truncatesText);
expect(token.find(GlTooltip).exists()).toBe(hasTooltip);
expect(token.findComponent(GlTruncate).exists()).toBe(truncatesText);
expect(token.findComponent(GlTooltip).exists()).toBe(hasTooltip);
},
);

4
spec/frontend/clusters/components/new_cluster_spec.js
View File

@ -12,9 +12,9 @@ describe('NewCluster', () => {
await nextTick();
};
const findDescription = () => wrapper.find(GlSprintf);
const findDescription = () => wrapper.findComponent(GlSprintf);
const findLink = () => wrapper.find(GlLink);
const findLink = () => wrapper.findComponent(GlLink);
beforeEach(() => {
return createWrapper();

4
spec/frontend/clusters/forms/components/integration_form_spec.js
View File

@ -32,8 +32,8 @@ describe('ClusterIntegrationForm', () => {
wrapper = null;
};
const findSubmitButton = () => wrapper.find(GlButton);
const findGlToggle = () => wrapper.find(GlToggle);
const findSubmitButton = () => wrapper.findComponent(GlButton);
const findGlToggle = () => wrapper.findComponent(GlToggle);
afterEach(() => {
destroyWrapper();

8
spec/frontend/diffs/store/utils_spec.js
View File

@ -424,8 +424,8 @@ describe('DiffsStoreUtils', () => {
expect(firstChar).not.toBe('+');
expect(firstChar).not.toBe('-');
expect(preparedDiff.diff_files[0].renderIt).toBeTruthy();
expect(preparedDiff.diff_files[0].collapsed).toBeFalsy();
expect(preparedDiff.diff_files[0].renderIt).toBe(true);
expect(preparedDiff.diff_files[0].collapsed).toBe(false);
});
it('guarantees an empty array for both diff styles', () => {
@ -506,8 +506,8 @@ describe('DiffsStoreUtils', () => {
});
it('sets the renderIt and collapsed attribute on files', () => {
expect(preparedDiffFiles[0].renderIt).toBeTruthy();
expect(preparedDiffFiles[0].collapsed).toBeFalsy();
expect(preparedDiffFiles[0].renderIt).toBe(true);
expect(preparedDiffFiles[0].collapsed).toBeUndefined();
});
it('guarantees an empty array of lines for both diff styles', () => {

4
spec/frontend/dropzone_input_spec.js
View File

@ -29,7 +29,9 @@ describe('dropzone_input', () => {
it('returns valid dropzone when successfully initialize', () => {
const dropzone = dropzoneInput($(TEMPLATE));
expect(dropzone.version).toBeTruthy();
expect(dropzone).toMatchObject({
version: expect.any(String),
});
});
describe('handlePaste', () => {

24
spec/frontend/error_tracking_settings/components/project_dropdown_spec.js
View File

@ -41,23 +41,23 @@ describe('error tracking settings project dropdown', () => {
describe('empty project list', () => {
it('renders the dropdown', () => {
expect(wrapper.find('#project-dropdown').exists()).toBeTruthy();
expect(wrapper.find(GlDropdown).exists()).toBeTruthy();
expect(wrapper.find('#project-dropdown').exists()).toBe(true);
expect(wrapper.find(GlDropdown).exists()).toBe(true);
});
it('shows helper text', () => {
expect(wrapper.find('.js-project-dropdown-label').exists()).toBeTruthy();
expect(wrapper.find('.js-project-dropdown-label').exists()).toBe(true);
expect(wrapper.find('.js-project-dropdown-label').text()).toContain(
'To enable project selection',
);
});
it('does not show an error', () => {
expect(wrapper.find('.js-project-dropdown-error').exists()).toBeFalsy();
expect(wrapper.find('.js-project-dropdown-error').exists()).toBe(false);
});
it('does not contain any dropdown items', () => {
expect(wrapper.find(GlDropdownItem).exists()).toBeFalsy();
expect(wrapper.find(GlDropdownItem).exists()).toBe(false);
expect(wrapper.find(GlDropdown).props('text')).toBe('No projects available');
});
});
@ -70,12 +70,12 @@ describe('error tracking settings project dropdown', () => {
});
it('renders the dropdown', () => {
expect(wrapper.find('#project-dropdown').exists()).toBeTruthy();
expect(wrapper.find(GlDropdown).exists()).toBeTruthy();
expect(wrapper.find('#project-dropdown').exists()).toBe(true);
expect(wrapper.find(GlDropdown).exists()).toBe(true);
});
it('contains a number of dropdown items', () => {
expect(wrapper.find(GlDropdownItem).exists()).toBeTruthy();
expect(wrapper.find(GlDropdownItem).exists()).toBe(true);
expect(wrapper.findAll(GlDropdownItem).length).toBe(2);
});
});
@ -89,8 +89,8 @@ describe('error tracking settings project dropdown', () => {
});
it('does not show helper text', () => {
expect(wrapper.find('.js-project-dropdown-label').exists()).toBeFalsy();
expect(wrapper.find('.js-project-dropdown-error').exists()).toBeFalsy();
expect(wrapper.find('.js-project-dropdown-label').exists()).toBe(false);
expect(wrapper.find('.js-project-dropdown-error').exists()).toBe(false);
});
});
@ -105,8 +105,8 @@ describe('error tracking settings project dropdown', () => {
});
it('displays a error', () => {
expect(wrapper.find('.js-project-dropdown-label').exists()).toBeFalsy();
expect(wrapper.find('.js-project-dropdown-error').exists()).toBeTruthy();
expect(wrapper.find('.js-project-dropdown-label').exists()).toBe(false);
expect(wrapper.find('.js-project-dropdown-error').exists()).toBe(true);
});
});
});

2
spec/frontend/ide/stores/actions/tree_spec.js
View File

@ -134,7 +134,7 @@ describe('Multi-file store tree actions', () => {
it('toggles the tree open', async () => {
await store.dispatch('toggleTreeOpen', tree.path);
expect(tree.opened).toBeTruthy();
expect(tree.opened).toBe(true);
});
});

2
spec/frontend/ide/stores/mutations/merge_request_spec.js
View File

@ -30,7 +30,7 @@ describe('IDE store merge request mutations', () => {
const newMr = localState.projects.abcproject.mergeRequests[1];
expect(newMr.title).toBe('mr');
expect(newMr.active).toBeTruthy();
expect(newMr.active).toBe(true);
});
it('keeps original data', () => {

4
spec/frontend/issuable/related_issues/components/add_issuable_form_spec.js
View File

@ -157,8 +157,8 @@ describe('AddIssuableForm', () => {
describe('categorized issuables', () => {
it.each`
issuableType | pathIdSeparator | contextHeader | contextFooter
${issuableTypesMap.ISSUE} | ${PathIdSeparator.Issue} | ${'The current issue'} | ${'the following issue(s)'}
${issuableTypesMap.EPIC} | ${PathIdSeparator.Epic} | ${'The current epic'} | ${'the following epic(s)'}
${issuableTypesMap.ISSUE} | ${PathIdSeparator.Issue} | ${'The current issue'} | ${'the following issues'}
${issuableTypesMap.EPIC} | ${PathIdSeparator.Epic} | ${'The current epic'} | ${'the following epics'}
`(
'show header text as "$contextHeader" and footer text as "$contextFooter" issuableType is set to $issuableType',
({ issuableType, contextHeader, contextFooter }) => {

2
spec/frontend/sidebar/assignees_spec.js
View File

@ -70,7 +70,7 @@ describe('Assignee component', () => {
wrapper.find('[data-testid="assign-yourself"]').trigger('click');
await nextTick();
expect(wrapper.emitted('assign-self')).toBeTruthy();
expect(wrapper.emitted('assign-self')).toHaveLength(1);
});
});

4
spec/frontend/vue_shared/components/markdown/header_spec.js
View File

@ -125,8 +125,8 @@ describe('Markdown field header component', () => {
),
]);
expect(wrapper.emitted('preview-markdown')).toBeFalsy();
expect(wrapper.emitted('write-markdown')).toBeFalsy();
expect(wrapper.emitted('preview-markdown')).toBeUndefined();
expect(wrapper.emitted('write-markdown')).toBeUndefined();
});
it('blurs preview link after click', () => {

2
spec/frontend/vue_shared/components/metric_images/metric_images_tab_spec.js
View File

@ -114,7 +114,7 @@ describe('Metric images tab', () => {
await waitForPromises();
expect(findModal().attributes('visible')).toBeFalsy();
expect(findModal().attributes('visible')).toBeUndefined();
});
it('should add files and url when selected', async () => {

3
spec/helpers/projects_helper_spec.rb
View File

@ -967,7 +967,8 @@ RSpec.describe ProjectsHelper do
showDefaultAwardEmojis: project.show_default_award_emojis?,
securityAndComplianceAccessLevel: project.security_and_compliance_access_level,
containerRegistryAccessLevel: project.project_feature.container_registry_access_level,
environmentsAccessLevel: project.project_feature.environments_access_level
environmentsAccessLevel: project.project_feature.environments_access_level,
featureFlagsAccessLevel: project.project_feature.feature_flags_access_level
)
end

1
spec/lib/gitlab/import_export/safe_model_attributes.yml
View File

@ -584,6 +584,7 @@ ProjectFeature:
- container_registry_access_level
- package_registry_access_level
- environments_access_level
- feature_flags_access_level
- created_at
- updated_at
ProtectedBranch::MergeAccessLevel:

4
spec/models/concerns/project_features_compatibility_spec.rb
View File

@ -5,7 +5,9 @@ require 'spec_helper'
RSpec.describe ProjectFeaturesCompatibility do
let(:project) { create(:project) }
let(:features_enabled) { %w(issues wiki builds merge_requests snippets security_and_compliance) }
let(:features) { features_enabled + %w(repository pages operations container_registry package_registry environments) }
let(:features) do
features_enabled + %w(repository pages operations container_registry package_registry environments feature_flags)
end
# We had issues_enabled, snippets_enabled, builds_enabled, merge_requests_enabled and issues_enabled fields on projects table
# All those fields got moved to a new table called project_feature and are now integers instead of booleans

1
spec/models/project_spec.rb
View File

@ -833,6 +833,7 @@ RSpec.describe Project, factory_default: :keep do
it { is_expected.to delegate_method(:container_registry_enabled?).to(:project_feature) }
it { is_expected.to delegate_method(:container_registry_access_level).to(:project_feature) }
it { is_expected.to delegate_method(:environments_access_level).to(:project_feature) }
it { is_expected.to delegate_method(:feature_flags_access_level).to(:project_feature) }
describe 'read project settings' do
%i(

82
spec/policies/project_policy_spec.rb
View File

@ -2100,6 +2100,77 @@ RSpec.describe ProjectPolicy do
end
end
describe 'feature flags feature' do
using RSpec::Parameterized::TableSyntax
let(:guest_permissions) { [] }
let(:developer_permissions) do
guest_permissions + [
:read_feature_flag, :create_feature_flag, :update_feature_flag, :destroy_feature_flag, :admin_feature_flag,
:admin_feature_flags_user_lists
]
end
let(:maintainer_permissions) do
developer_permissions + [:admin_feature_flags_client]
end
where(:project_visibility, :access_level, :role, :allowed) do
:public | ProjectFeature::ENABLED | :maintainer | true
:public | ProjectFeature::ENABLED | :developer | true
:public | ProjectFeature::ENABLED | :guest | true
:public | ProjectFeature::ENABLED | :anonymous | true
:public | ProjectFeature::PRIVATE | :maintainer | true
:public | ProjectFeature::PRIVATE | :developer | true
:public | ProjectFeature::PRIVATE | :guest | true
:public | ProjectFeature::PRIVATE | :anonymous | false
:public | ProjectFeature::DISABLED | :maintainer | false
:public | ProjectFeature::DISABLED | :developer | false
:public | ProjectFeature::DISABLED | :guest | false
:public | ProjectFeature::DISABLED | :anonymous | false
:internal | ProjectFeature::ENABLED | :maintainer | true
:internal | ProjectFeature::ENABLED | :developer | true
:internal | ProjectFeature::ENABLED | :guest | true
:internal | ProjectFeature::ENABLED | :anonymous | false
:internal | ProjectFeature::PRIVATE | :maintainer | true
:internal | ProjectFeature::PRIVATE | :developer | true
:internal | ProjectFeature::PRIVATE | :guest | true
:internal | ProjectFeature::PRIVATE | :anonymous | false
:internal | ProjectFeature::DISABLED | :maintainer | false
:internal | ProjectFeature::DISABLED | :developer | false
:internal | ProjectFeature::DISABLED | :guest | false
:internal | ProjectFeature::DISABLED | :anonymous | false
:private | ProjectFeature::ENABLED | :maintainer | true
:private | ProjectFeature::ENABLED | :developer | true
:private | ProjectFeature::ENABLED | :guest | false
:private | ProjectFeature::ENABLED | :anonymous | false
:private | ProjectFeature::PRIVATE | :maintainer | true
:private | ProjectFeature::PRIVATE | :developer | true
:private | ProjectFeature::PRIVATE | :guest | false
:private | ProjectFeature::PRIVATE | :anonymous | false
:private | ProjectFeature::DISABLED | :maintainer | false
:private | ProjectFeature::DISABLED | :developer | false
:private | ProjectFeature::DISABLED | :guest | false
:private | ProjectFeature::DISABLED | :anonymous | false
end
with_them do
let(:current_user) { user_subject(role) }
let(:project) { project_subject(project_visibility) }
it 'allows/disallows the abilities based on the feature flags access level' do
project.project_feature.update!(feature_flags_access_level: access_level)
if allowed
expect_allowed(*permissions_abilities(role))
else
expect_disallowed(*permissions_abilities(role))
end
end
end
end
describe 'access_security_and_compliance' do
context 'when the "Security & Compliance" is enabled' do
before do
@ -2566,4 +2637,15 @@ RSpec.describe ProjectPolicy do
anonymous
end
end
def permissions_abilities(role)
case role
when :maintainer
maintainer_permissions
when :developer
developer_permissions
else
guest_permissions
end
end
end

4
spec/spec_helper.rb
View File

@ -53,10 +53,8 @@ end
require 'rainbow/ext/string'
Rainbow.enabled = false
# Require JH first because we need override some EE methods with JH methods,
# if we load EE first, we can't find JH modules in prepend_mod method
require_relative('../jh/spec/spec_helper') if Gitlab.jh?
require_relative('../ee/spec/spec_helper') if Gitlab.ee?
require_relative('../jh/spec/spec_helper') if Gitlab.jh?
# Requires supporting ruby files with custom matchers and macros, etc,
# in spec/support/ and its subdirectories.

8
yarn.lock
View File

@ -1051,10 +1051,10 @@
stylelint-declaration-strict-value "1.8.0"
stylelint-scss "4.2.0"
"@gitlab/svgs@2.32.0":
version "2.32.0"
resolved "https://registry.yarnpkg.com/@gitlab/svgs/-/svgs-2.32.0.tgz#eb66dc76cc6242d97d16e05acb0dbad4f56555a0"
integrity sha512-ElblTUE26pddJS6EzHHtMHPkZ7JPB7vt3C2RoY9W3JPPSrcsOudeeLN5oW7Pz3MoXR3G0U/Wg+Bhe4M1STD+tA==
"@gitlab/svgs@2.33.0":
version "2.33.0"
resolved "https://registry.yarnpkg.com/@gitlab/svgs/-/svgs-2.33.0.tgz#e970ae10ee558e1e2b01116b2fe6ea25161a4609"
integrity sha512-8B5pGmZ6QnywxmWCmqMTkJfPlETbx4R7AK7si8Jf2DyWZ7Agfg9NOdgBq++IuiVjbxBO7VTQcZbVSavxrce6QA==
"@gitlab/ui@42.25.0":
version "42.25.0"