kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2022-08-03 15:11:10 +00:00
parent 91035102b4
commit 849c67f6da
18 changed files with 335 additions and 573 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/channels/awareness_channel.rb
View File

@ -66,6 +66,7 @@ class AwarenessChannel < ApplicationCable::Channel # rubocop:disable Gitlab/Name
{
id: user.id,
name: user.name,
username: user.username,
avatar_url: user.avatar_url(size: 36),
last_activity: last_activity,
last_activity_humanized: ActionController::Base.helpers.distance_of_time_in_words(

3
app/models/ci/secure_file.rb
View File

@ -3,11 +3,8 @@
module Ci
class SecureFile < Ci::ApplicationRecord
include FileStoreMounter
include IgnorableColumns
include Limitable
ignore_column :permissions, remove_with: '15.2', remove_after: '2022-06-22'
FILE_SIZE_LIMIT = 5.megabytes.freeze
CHECKSUM_ALGORITHM = 'sha256'

12
app/views/groups/runners/show.html.haml
View File

@ -1,12 +1,8 @@
- add_page_specific_style 'page_bundles/runner_details'
- add_to_breadcrumbs _('Runners'), group_runners_path(@group)
- title = "##{@runner.id} (#{@runner.short_sha})"
- breadcrumb_title title
- page_title title
- if Feature.enabled?(:group_runner_view_ui, @group)
- title = "##{@runner.id} (#{@runner.short_sha})"
- breadcrumb_title title
- page_title title
#js-group-runner-show{ data: {runner_id: @runner.id, runners_path: group_runners_path(@group), edit_group_runner_path: edit_group_runner_path(@group, @runner)} }
- else
= render 'shared/runners/runner_details', runner: @runner
#js-group-runner-show{ data: {runner_id: @runner.id, runners_path: group_runners_path(@group), edit_group_runner_path: edit_group_runner_path(@group, @runner)} }

3
app/views/profiles/two_factor_auths/show.html.haml
View File

@ -21,8 +21,9 @@
- else
%p
- register_2fa_token = _('We recommend cloud-based mobile authenticator apps such as Authy, Duo Mobile, and LastPass. They can restore access if you lose your hardware device.')
- register_2fa_token = _('We recommend using cloud-based authenticator applications that can restore access if you lose your hardware device.')
= register_2fa_token.html_safe
= link_to _('What are some examples?'), help_page_path('user/profile/account/two_factor_authentication', anchor: 'enable-one-time-password'), target: '_blank', rel: 'noopener noreferrer'
.row.gl-mb-3
.col-md-4.gl-min-w-fit-content
.gl-p-2.gl-mb-3{ style: 'background: #fff' }

8
config/feature_flags/development/enforce_security_report_validation.yml
View File

@ -1,8 +0,0 @@
---
name: enforce_security_report_validation
introduced_by_url:
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/351000
milestone: '14.9'
type: development
group: group::threat insights
default_enabled: true

8
config/feature_flags/development/group_runner_view_ui.yml
View File

@ -1,8 +0,0 @@
---
name: group_runner_view_ui
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/89638/
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/364811
milestone: '15.1'
type: development
group: group::runner
default_enabled: false

8
db/docs/project_statistics.yml
View File

@ -3,7 +3,7 @@ table_name: project_statistics
classes:
- ProjectStatistics
feature_categories:
- source_code_management
description: TODO
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/commit/3ef4f74b1acc9399db320b53dffc592542de0126
milestone: '9.0'
- utilization
description: Records statistics about the usage of various product features
introduced_by_url: https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/7754
milestone: '8.16'

113
doc/administration/libravatar.md
View File

@ -11,32 +11,83 @@ GitLab by default supports the [Gravatar](https://gravatar.com) avatar service.
Libravatar is another service that delivers your avatar (profile picture) to
other websites. The Libravatar API is
[heavily based on gravatar](https://wiki.libravatar.org/api/), so you can
[heavily based on Gravatar](https://wiki.libravatar.org/api/), so you can
switch to the Libravatar avatar service or even your own Libravatar
server.
## Configuration
## Change the Libravatar service to your own service
In the [`gitlab.yml` gravatar section](https://gitlab.com/gitlab-org/gitlab/-/blob/672bd3902d86b78d730cea809fce312ec49d39d7/config/gitlab.yml.example#L122), set
In the [`gitlab.yml` gravatar section](https://gitlab.com/gitlab-org/gitlab/-/blob/68dac188ec6b1b03d53365e7579422f44cbe7a1c/config/gitlab.yml.example#L469-476), set
the configuration options as follows:
### For HTTP
**For Omnibus installations**
```yaml
gravatar:
enabled: true
# gravatar URLs: possible placeholders: %{hash} %{size} %{email} %{username}
plain_url: "http://cdn.libravatar.org/avatar/%{hash}?s=%{size}&d=identicon"
```
1. Edit `/etc/gitlab/gitlab.rb`:
### For HTTPS
```ruby
gitlab_rails['gravatar_enabled'] = true
#### For HTTPS
gitlab_rails['gravatar_ssl_url'] = "https://seccdn.libravatar.org/avatar/%{hash}?s=%{size}&d=identicon"
#### Use this line instead for HTTP
# gitlab_rails['gravatar_plain_url'] = "http://cdn.libravatar.org/avatar/%{hash}?s=%{size}&d=identicon"
```
```yaml
gravatar:
enabled: true
# gravatar URLs: possible placeholders: %{hash} %{size} %{email} %{username}
ssl_url: "https://seccdn.libravatar.org/avatar/%{hash}?s=%{size}&d=identicon"
```
1. To apply the changes, run `sudo gitlab-ctl reconfigure`.
**For installations from source**
1. Edit `config/gitlab.yml`:
```yaml
gravatar:
enabled: true
# default: https://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
plain_url: "http://cdn.libravatar.org/avatar/%{hash}?s=%{size}&d=identicon"
# default: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
ssl_url: https://seccdn.libravatar.org/avatar/%{hash}?s=%{size}&d=identicon"
```
1. Save the file, and then [restart](restart_gitlab.md#installations-from-source)
GitLab for the changes to take effect.
## Set the Libravatar service to default (Gravatar)
**For Omnibus installations**
1. Delete `gitlab_rails['gravatar_ssl_url']` or `gitlab_rails['gravatar_plain_url']` from `/etc/gitlab/gitlab.rb`.
1. To apply the changes, run `sudo gitlab-ctl reconfigure`.
**For installations from source**
1. Remove `gravatar:` section from `config/gitlab.yml`.
1. Save the file, then [restart](restart_gitlab.md#installations-from-source)
GitLab to apply the changes.
## Disable Gravatar service
To disable Gravatar, for example, to prohibit third-party services, complete the following steps:
**For Omnibus installations**
1. Edit `/etc/gitlab/gitlab.rb`:
```ruby
gitlab_rails['gravatar_enabled'] = false
```
1. To apply the changes, run `sudo gitlab-ctl reconfigure`.
**For installations from source**
1. Edit `config/gitlab.yml`:
```yaml
gravatar:
enabled: false
```
1. Save the file, then [restart](restart_gitlab.md#installations-from-source)
GitLab to apply the changes.
### Your own Libravatar server
@ -44,30 +95,10 @@ If you are [running your own Libravatar service](https://wiki.libravatar.org/run
the URL is different in the configuration, but you must provide the same
placeholders so GitLab can parse the URL correctly.
For example, you host a service on `http://libravatar.example.com` and the
`plain_url` you must supply in `gitlab.yml` is
For example, you host a service on `https://libravatar.example.com` and the
`ssl_url` you must supply in `gitlab.yml` is:
`http://libravatar.example.com/avatar/%{hash}?s=%{size}&d=identicon`
### Omnibus GitLab example
In `/etc/gitlab/gitlab.rb`:
#### For HTTP
```ruby
gitlab_rails['gravatar_enabled'] = true
gitlab_rails['gravatar_plain_url'] = "http://cdn.libravatar.org/avatar/%{hash}?s=%{size}&d=identicon"
```
#### For HTTPS
```ruby
gitlab_rails['gravatar_enabled'] = true
gitlab_rails['gravatar_ssl_url'] = "https://seccdn.libravatar.org/avatar/%{hash}?s=%{size}&d=identicon"
```
Then run `sudo gitlab-ctl reconfigure` for the changes to take effect.
`https://libravatar.example.com/avatar/%{hash}?s=%{size}&d=identicon`
## Default URL for missing images
@ -77,7 +108,7 @@ service.
To use a set other than `identicon`, replace the `&d=identicon` portion of the
URL with another supported set. For example, you can use the `retro` set, in
which case the URL would look like: `plain_url: "http://cdn.libravatar.org/avatar/%{hash}?s=%{size}&d=retro"`
which case the URL would look like: `ssl_url: "https://seccdn.libravatar.org/avatar/%{hash}?s=%{size}&d=retro"`
## Usage examples for Microsoft Office 365

2
doc/development/documentation/styleguide/index.md
View File

@ -150,7 +150,7 @@ the page is rendered to HTML. There can be only **one** level 1 heading per page
- For each subsection, increment the heading level. In other words, increment the number of `#` characters
in front of the heading.
- Avoid headings greater than `H5` (`#####`). If you need more than five headings, move the topics to a new page instead.
- Avoid headings greater than `H5` (`#####`). If you need more than five heading levels, move the topics to a new page instead.
Headings greater than `H5` do not display in the right sidebar navigation.
- Do not skip a level. For example: `##` > `####`.
- Leave one blank line before and after the heading.

3
doc/development/feature_flags/index.md
View File

@ -178,6 +178,9 @@ All validations are skipped when running in `RAILS_ENV=production`.
## Create a new feature flag
NOTE:
GitLab Pages uses [a different process](../pages/index.md#feature-flags) for feature flags.
The GitLab codebase provides [`bin/feature-flag`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/bin/feature-flag),
a dedicated tool to create new feature flag definitions.
The tool asks various questions about the new feature flag, then creates

26
doc/development/pages/index.md
View File

@ -236,3 +236,29 @@ make acceptance
# so we want to have the latest changes in the build that is tested
make && go test ./ -run TestRedirect
```
## Contributing
### Feature flags
WARNING:
All newly-introduced feature flags should be [disabled by default](https://about.gitlab.com/handbook/product-development-flow/feature-flag-lifecycle/#feature-flags-in-gitlab-development).
Consider adding a [feature flag](../feature_flags/index.md) for any non-trivial changes.
Feature flags can make the release and rollback of these changes easier, avoiding
incidents and downtime. To add a new feature flag to GitLab Pages:
1. Create the feature flag in
[`internal/feature/feature.go`](https://gitlab.com/gitlab-org/gitlab-pages/-/blob/master/internal/feature/feature.go),
which must be **off** by default.
1. Create an issue to track the feature flag using the `Feature Flag` template.
1. Add the `~"feature flag"` label to any merge requests that handle feature flags.
For GitLab Pages, the feature flags are controlled by environment variables at a global level. It
A deployment at the service level is required to change the state of a feature flag.
Example of an merge request enabling a GitLab Pages feature flag:
[Enforce GitLab Pages rate limits](https://gitlab.com/gitlab-com/gl-infra/k8s-workloads/gitlab-com/-/merge_requests/1500)
## Related topics
- [Feature flags in the development of GitLab](../feature_flags/index.md)

120
doc/user/infrastructure/iac/terraform_state.md
View File

@ -109,66 +109,6 @@ You should use a local terminal to run the commands needed for migrating to GitL
The following example demonstrates how to change the state name. The same workflow is needed to migrate to GitLab-managed Terraform state from a different state storage backend.
## Use your GitLab backend as a remote data source
You can use a GitLab-managed Terraform state backend as a
[Terraform data source](https://www.terraform.io/language/state/remote-state-data).
1. In your `main.tf` or other relevant file, declare these variables. Leave the values empty.
```hcl
variable "example_remote_state_address" {
type = string
description = "Gitlab remote state file address"
}
variable "example_username" {
type = string
description = "Gitlab username to query remote state"
}
variable "example_access_token" {
type = string
description = "GitLab access token to query remote state"
}
```
1. To override the values from the previous step, create a file named `example.auto.tfvars`. This file should **not** be versioned in your project repository.
```plaintext
example_remote_state_address = "https://gitlab.com/api/v4/projects/<TARGET-PROJECT-ID>/terraform/state/<TARGET-STATE-NAME>"
example_username = "<GitLab username>"
example_access_token = "<GitLab Personal Access Token>"
```
1. In a `.tf` file, define the data source by using [Terraform input variables](https://www.terraform.io/language/values/variables):
```hcl
data "terraform_remote_state" "example" {
backend = "http"
config = {
address = var.example_remote_state_address
username = var.example_username
password = var.example_access_token
}
}
```
- **address**: The URL of the remote state backend you want to use as a data source.
For example, `https://gitlab.com/api/v4/projects/<TARGET-PROJECT-ID>/terraform/state/<TARGET-STATE-NAME>`.
- **username**: The username to authenticate with the data source. If you are using
a [Personal Access Token](../../profile/personal_access_tokens.md) for
authentication, this value is your GitLab username. If you are using GitLab CI/CD, this value is `'gitlab-ci-token'`.
- **password**: The password to authenticate with the data source. If you are using a Personal Access Token for
authentication, this value is the token value (the token must have the **API** scope).
If you are using GitLab CI/CD, this value is the contents of the `${CI_JOB_TOKEN}` CI/CD variable.
Outputs from the data source can now be referenced in your Terraform resources
using `data.terraform_remote_state.example.outputs.<OUTPUT-NAME>`.
To read the Terraform state in the target project, you need at least the Developer role.
### Set up the initial backend
```shell
@ -264,6 +204,66 @@ commands will detect it and remind you to do so if necessary.
If you type `yes`, it copies your state from the old location to the new
location. You can then go back to running it in GitLab CI/CD.
## Use your GitLab backend as a remote data source
You can use a GitLab-managed Terraform state backend as a
[Terraform data source](https://www.terraform.io/language/state/remote-state-data).
1. In your `main.tf` or other relevant file, declare these variables. Leave the values empty.
```hcl
variable "example_remote_state_address" {
type = string
description = "Gitlab remote state file address"
}
variable "example_username" {
type = string
description = "Gitlab username to query remote state"
}
variable "example_access_token" {
type = string
description = "GitLab access token to query remote state"
}
```
1. To override the values from the previous step, create a file named `example.auto.tfvars`. This file should **not** be versioned in your project repository.
```plaintext
example_remote_state_address = "https://gitlab.com/api/v4/projects/<TARGET-PROJECT-ID>/terraform/state/<TARGET-STATE-NAME>"
example_username = "<GitLab username>"
example_access_token = "<GitLab Personal Access Token>"
```
1. In a `.tf` file, define the data source by using [Terraform input variables](https://www.terraform.io/language/values/variables):
```hcl
data "terraform_remote_state" "example" {
backend = "http"
config = {
address = var.example_remote_state_address
username = var.example_username
password = var.example_access_token
}
}
```
- **address**: The URL of the remote state backend you want to use as a data source.
For example, `https://gitlab.com/api/v4/projects/<TARGET-PROJECT-ID>/terraform/state/<TARGET-STATE-NAME>`.
- **username**: The username to authenticate with the data source. If you are using
a [Personal Access Token](../../profile/personal_access_tokens.md) for
authentication, this value is your GitLab username. If you are using GitLab CI/CD, this value is `'gitlab-ci-token'`.
- **password**: The password to authenticate with the data source. If you are using a Personal Access Token for
authentication, this value is the token value (the token must have the **API** scope).
If you are using GitLab CI/CD, this value is the contents of the `${CI_JOB_TOKEN}` CI/CD variable.
Outputs from the data source can now be referenced in your Terraform resources
using `data.terraform_remote_state.example.outputs.<OUTPUT-NAME>`.
To read the Terraform state in the target project, you need at least the Developer role.
## Manage Terraform state files
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/273592) in GitLab 13.8.

5
doc/user/project/repository/mirror/pull.md
View File

@ -28,6 +28,11 @@ local repository, GitLab stops updating the branch. This prevents data loss.
Deleted branches and tags in the upstream repository are not reflected in the
downstream repository.
NOTE:
Items deleted from the downstream pull mirror repository, but still in the upstream repository,
are restored upon the next pull. For example: a branch deleted _only_ in the mirrored repository
reappears after the next pull.
## How pull mirroring works
After you configure a GitLab repository as a pull mirror:

16
lib/gitlab/ci/parsers/security/validators/schema_validator.rb
View File

@ -93,11 +93,7 @@ module Gitlab
log_warnings(problem_type: 'schema_validation_fails') unless schema_validation_errors.empty?
if Feature.enabled?(:enforce_security_report_validation, @project)
@errors += schema_validation_errors
else
@warnings += schema_validation_errors
end
@errors += schema_validation_errors
end
def populate_warnings
@ -130,11 +126,7 @@ module Gitlab
def add_unsupported_report_version_message
log_warnings(problem_type: 'using_unsupported_schema_version')
if Feature.enabled?(:enforce_security_report_validation, @project)
handle_unsupported_report_version(treat_as: :error)
else
handle_unsupported_report_version(treat_as: :warning)
end
handle_unsupported_report_version
end
def report_uses_deprecated_schema_version?
@ -145,14 +137,14 @@ module Gitlab
SUPPORTED_VERSIONS[report_type].include?(report_version)
end
def handle_unsupported_report_version(treat_as:)
def handle_unsupported_report_version
if report_version.nil?
message = "Report version not provided, #{report_type} report type supports versions: #{supported_schema_versions}"
else
message = "Version #{report_version} for report type #{report_type} is unsupported, supported versions for this report type are: #{supported_schema_versions}"
end
add_message_as(level: treat_as, message: message)
add_message_as(level: :error, message: message)
end
def supported_schema_versions

9
locale/gitlab.pot
View File

@ -43512,9 +43512,6 @@ msgstr ""
msgid "We recommend a work email address."
msgstr ""
msgid "We recommend cloud-based mobile authenticator apps such as Authy, Duo Mobile, and LastPass. They can restore access if you lose your hardware device."
msgstr ""
msgid "We recommend leaving all SAST analyzers enabled"
msgstr ""
@ -43524,6 +43521,9 @@ msgstr ""
msgid "We recommend that you buy additional Pipeline minutes to resume normal service."
msgstr ""
msgid "We recommend using cloud-based authenticator applications that can restore access if you lose your hardware device."
msgstr ""
msgid "We sent you an email with reset password instructions"
msgstr ""
@ -43824,6 +43824,9 @@ msgstr ""
msgid "What are project audit events?"
msgstr ""
msgid "What are some examples?"
msgstr ""
msgid "What does the setting affect?"
msgstr ""

1
spec/channels/awareness_channel_spec.rb
View File

@ -36,6 +36,7 @@ RSpec.describe AwarenessChannel, :clean_gitlab_redis_shared_state, type: :channe
collaborator = {
id: user.id,
name: user.name,
username: user.username,
avatar_url: user.avatar_url(size: 36),
last_activity: Time.zone.now,
last_activity_humanized: ActionController::Base.helpers.distance_of_time_in_words(

84
spec/features/groups/group_runners_spec.rb
View File

@ -149,79 +149,39 @@ RSpec.describe "Group Runners" do
create(:ci_runner, :group, groups: [group], description: 'runner-foo', contacted_at: Time.zone.now)
end
context 'when group_runner_view_ui is disabled' do
before do
stub_feature_flags(group_runner_view_ui: false)
end
it 'user views runner details' do
visit group_runner_path(group, runner)
it 'user edits the runner to be protected' do
visit edit_group_runner_path(group, runner)
expect(page.find_field('runner[access_level]')).not_to be_checked
check 'runner_access_level'
click_button 'Save changes'
expect(page).to have_content 'Protected Yes'
end
context 'when a runner has a tag' do
before do
runner.update!(tag_list: ['tag'])
end
it 'user edits runner not to run untagged jobs' do
visit edit_group_runner_path(group, runner)
expect(page.find_field('runner[run_untagged]')).to be_checked
uncheck 'runner_run_untagged'
click_button 'Save changes'
expect(page).to have_content 'Can run untagged jobs No'
end
end
expect(page).to have_content "#{s_('Runners|Description')} runner-foo"
end
context 'when group_runner_view_ui is enabled' do
it 'user edits the runner to be protected' do
visit edit_group_runner_path(group, runner)
expect(page.find_field('runner[access_level]')).not_to be_checked
check 'runner_access_level'
click_button _('Save changes')
expect(page).to have_content "#{s_('Runners|Configuration')} #{s_('Runners|Protected')}"
end
context 'when a runner has a tag' do
before do
stub_feature_flags(group_runner_view_ui: true)
runner.update!(tag_list: ['tag1'])
end
it 'user views runner details' do
visit group_runner_path(group, runner)
expect(page).to have_content "#{s_('Runners|Description')} runner-foo"
end
it 'user edits the runner to be protected' do
it 'user edits runner not to run untagged jobs' do
visit edit_group_runner_path(group, runner)
expect(page.find_field('runner[access_level]')).not_to be_checked
page.find_field('runner[tag_list]').set('tag1, tag2')
check 'runner_access_level'
uncheck 'runner_run_untagged'
click_button _('Save changes')
expect(page).to have_content "#{s_('Runners|Configuration')} #{s_('Runners|Protected')}"
end
context 'when a runner has a tag' do
before do
runner.update!(tag_list: ['tag1'])
end
it 'user edits runner not to run untagged jobs' do
visit edit_group_runner_path(group, runner)
page.find_field('runner[tag_list]').set('tag1, tag2')
uncheck 'runner_run_untagged'
click_button _('Save changes')
# Tags can be in any order
expect(page).to have_content /#{s_('Runners|Tags')}.*tag1/
expect(page).to have_content /#{s_('Runners|Tags')}.*tag2/
end
# Tags can be in any order
expect(page).to have_content /#{s_('Runners|Tags')}.*tag1/
expect(page).to have_content /#{s_('Runners|Tags')}.*tag2/
end
end
end

486
spec/lib/gitlab/ci/parsers/security/validators/schema_validator_spec.rb
View File

@ -6,6 +6,10 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do
let_it_be(:project) { create(:project) }
let(:supported_dast_versions) { described_class::SUPPORTED_VERSIONS[:dast].join(', ') }
let(:deprecated_schema_version_message) { }
let(:missing_schema_version_message) do
"Report version not provided, dast report type supports versions: #{supported_dast_versions}"
end
let(:scanner) do
{
@ -24,7 +28,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do
expect(described_class::SUPPORTED_VERSIONS.keys).to eq(described_class::DEPRECATED_VERSIONS.keys)
end
context 'when a schema JSON file exists for a particular report type version' do
context 'when all files under schema path are explicitly listed' do
# We only care about the part that comes before report-format.json
# https://rubular.com/r/N8Juz7r8hYDYgD
filename_regex = /(?<report_type>[-\w]*)\-report-format.json/
@ -38,7 +42,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do
matches = filename_regex.match(file)
report_type = matches[:report_type].tr("-", "_").to_sym
it "#{report_type} #{version} is in the constant" do
it "#{report_type} #{version}" do
expect(described_class::SUPPORTED_VERSIONS[report_type]).to include(version)
end
end
@ -68,7 +72,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do
let(:report_type) { :dast }
let(:report_version) { described_class::SUPPORTED_VERSIONS[report_type].last }
context 'when the report is valid' do
context 'and the report is valid' do
let(:report_data) do
{
'version' => report_version,
@ -79,7 +83,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do
it { is_expected.to be_truthy }
end
context 'when the report is invalid' do
context 'and the report is invalid' do
let(:report_data) do
{
'version' => report_version
@ -118,7 +122,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do
stub_const("#{described_class}::DEPRECATED_VERSIONS", deprecations_hash)
end
context 'when the report passes schema validation' do
context 'and the report passes schema validation' do
let(:report_data) do
{
'version' => '10.0.0',
@ -143,34 +147,14 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do
end
end
context 'when the report does not pass schema validation' do
context 'when enforce_security_report_validation is enabled' do
before do
stub_feature_flags(enforce_security_report_validation: true)
end
let(:report_data) do
{
'version' => 'V2.7.0'
}
end
it { is_expected.to be_falsey }
context 'and the report does not pass schema validation' do
let(:report_data) do
{
'version' => 'V2.7.0'
}
end
context 'when enforce_security_report_validation is disabled' do
before do
stub_feature_flags(enforce_security_report_validation: false)
end
let(:report_data) do
{
'version' => 'V2.7.0'
}
end
it { is_expected.to be_truthy }
end
it { is_expected.to be_falsey }
end
end
@ -178,100 +162,67 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do
let(:report_type) { :dast }
let(:report_version) { "12.37.0" }
context 'when enforce_security_report_validation is enabled' do
before do
stub_feature_flags(enforce_security_report_validation: true)
context 'and the report is valid' do
let(:report_data) do
{
'version' => report_version,
'vulnerabilities' => []
}
end
context 'when the report is valid' do
let(:report_data) do
{
'version' => report_version,
'vulnerabilities' => []
}
end
it { is_expected.to be_falsey }
it { is_expected.to be_falsey }
it 'logs related information' do
expect(Gitlab::AppLogger).to receive(:info).with(
message: "security report schema validation problem",
security_report_type: report_type,
security_report_version: report_version,
project_id: project.id,
security_report_failure: 'using_unsupported_schema_version',
security_report_scanner_id: 'gemnasium',
security_report_scanner_version: '2.1.0'
)
subject
end
end
context 'and the report is invalid' do
let(:report_data) do
{
'version' => report_version
}
end
context 'and scanner information is empty' do
let(:scanner) { {} }
it 'logs related information' do
expect(Gitlab::AppLogger).to receive(:info).with(
message: "security report schema validation problem",
security_report_type: report_type,
security_report_version: report_version,
project_id: project.id,
security_report_failure: 'schema_validation_fails',
security_report_scanner_id: nil,
security_report_scanner_version: nil
)
expect(Gitlab::AppLogger).to receive(:info).with(
message: "security report schema validation problem",
security_report_type: report_type,
security_report_version: report_version,
project_id: project.id,
security_report_failure: 'using_unsupported_schema_version',
security_report_scanner_id: 'gemnasium',
security_report_scanner_version: '2.1.0'
security_report_scanner_id: nil,
security_report_scanner_version: nil
)
subject
end
end
context 'when the report is invalid' do
let(:report_data) do
{
'version' => report_version
}
end
context 'when scanner information is empty' do
let(:scanner) { {} }
it 'logs related information' do
expect(Gitlab::AppLogger).to receive(:info).with(
message: "security report schema validation problem",
security_report_type: report_type,
security_report_version: report_version,
project_id: project.id,
security_report_failure: 'schema_validation_fails',
security_report_scanner_id: nil,
security_report_scanner_version: nil
)
expect(Gitlab::AppLogger).to receive(:info).with(
message: "security report schema validation problem",
security_report_type: report_type,
security_report_version: report_version,
project_id: project.id,
security_report_failure: 'using_unsupported_schema_version',
security_report_scanner_id: nil,
security_report_scanner_version: nil
)
subject
end
end
it { is_expected.to be_falsey }
end
end
context 'when enforce_security_report_validation is disabled' do
before do
stub_feature_flags(enforce_security_report_validation: false)
end
context 'when the report is valid' do
let(:report_data) do
{
'version' => report_version,
'vulnerabilities' => []
}
end
it { is_expected.to be_truthy }
end
context 'when the report is invalid' do
let(:report_data) do
{
'version' => report_version
}
end
it { is_expected.to be_truthy }
end
it { is_expected.to be_falsey }
end
end
@ -284,19 +235,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do
}
end
before do
stub_feature_flags(enforce_security_report_validation: true)
end
it { is_expected.to be_falsey }
context 'when enforce_security_report_validation is disabled' do
before do
stub_feature_flags(enforce_security_report_validation: false)
end
it { is_expected.to be_truthy }
end
end
end
@ -307,7 +246,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do
let(:report_type) { :dast }
let(:report_version) { described_class::SUPPORTED_VERSIONS[report_type].last }
context 'when the report is valid' do
context 'and the report is valid' do
let(:report_data) do
{
'version' => report_version,
@ -318,34 +257,20 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do
it { is_expected.to be_empty }
end
context 'when the report is invalid' do
context 'and the report is invalid' do
let(:report_data) do
{
'version' => report_version
}
end
context 'when enforce_security_report_validation is enabled' do
before do
stub_feature_flags(enforce_security_report_validation: project)
end
let(:expected_errors) do
[
'root is missing required keys: vulnerabilities'
]
end
it { is_expected.to match_array(expected_errors) }
let(:expected_errors) do
[
'root is missing required keys: vulnerabilities'
]
end
context 'when enforce_security_report_validation is disabled' do
before do
stub_feature_flags(enforce_security_report_validation: false)
end
it { is_expected.to be_empty }
end
it { is_expected.to match_array(expected_errors) }
end
end
@ -363,7 +288,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do
stub_const("#{described_class}::DEPRECATED_VERSIONS", deprecations_hash)
end
context 'when the report passes schema validation' do
context 'and the report passes schema validation' do
let(:report_data) do
{
'version' => '10.0.0',
@ -374,41 +299,21 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do
it { is_expected.to be_empty }
end
context 'when the report does not pass schema validation' do
context 'when enforce_security_report_validation is enabled' do
before do
stub_feature_flags(enforce_security_report_validation: true)
end
let(:report_data) do
{
'version' => 'V2.7.0'
}
end
let(:expected_errors) do
[
"property '/version' does not match pattern: ^[0-9]+\\.[0-9]+\\.[0-9]+$",
"root is missing required keys: vulnerabilities"
]
end
it { is_expected.to match_array(expected_errors) }
context 'and the report does not pass schema validation' do
let(:report_data) do
{
'version' => 'V2.7.0'
}
end
context 'when enforce_security_report_validation is disabled' do
before do
stub_feature_flags(enforce_security_report_validation: false)
end
let(:report_data) do
{
'version' => 'V2.7.0'
}
end
it { is_expected.to be_empty }
let(:expected_errors) do
[
"property '/version' does not match pattern: ^[0-9]+\\.[0-9]+\\.[0-9]+$",
"root is missing required keys: vulnerabilities"
]
end
it { is_expected.to match_array(expected_errors) }
end
end
@ -416,71 +321,38 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do
let(:report_type) { :dast }
let(:report_version) { "12.37.0" }
context 'when enforce_security_report_validation is enabled' do
before do
stub_feature_flags(enforce_security_report_validation: true)
context 'and the report is valid' do
let(:report_data) do
{
'version' => report_version,
'vulnerabilities' => []
}
end
context 'when the report is valid' do
let(:report_data) do
{
'version' => report_version,
'vulnerabilities' => []
}
end
let(:expected_errors) do
[
"Version 12.37.0 for report type dast is unsupported, supported versions for this report type are: #{supported_dast_versions}"
]
end
it { is_expected.to match_array(expected_errors) }
let(:expected_errors) do
[
"Version 12.37.0 for report type dast is unsupported, supported versions for this report type are: #{supported_dast_versions}"
]
end
context 'when the report is invalid' do
let(:report_data) do
{
'version' => report_version
}
end
let(:expected_errors) do
[
"Version 12.37.0 for report type dast is unsupported, supported versions for this report type are: #{supported_dast_versions}",
"root is missing required keys: vulnerabilities"
]
end
it { is_expected.to match_array(expected_errors) }
end
it { is_expected.to match_array(expected_errors) }
end
context 'when enforce_security_report_validation is disabled' do
before do
stub_feature_flags(enforce_security_report_validation: false)
context 'and the report is invalid' do
let(:report_data) do
{
'version' => report_version
}
end
context 'when the report is valid' do
let(:report_data) do
{
'version' => report_version,
'vulnerabilities' => []
}
end
it { is_expected.to be_empty }
let(:expected_errors) do
[
"Version 12.37.0 for report type dast is unsupported, supported versions for this report type are: #{supported_dast_versions}",
"root is missing required keys: vulnerabilities"
]
end
context 'when the report is invalid' do
let(:report_data) do
{
'version' => report_version
}
end
it { is_expected.to be_empty }
end
it { is_expected.to match_array(expected_errors) }
end
end
@ -501,14 +373,6 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do
end
it { is_expected.to match_array(expected_errors) }
context 'when enforce_security_report_validation is disabled' do
before do
stub_feature_flags(enforce_security_report_validation: false)
end
it { is_expected.to be_empty }
end
end
end
@ -519,7 +383,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do
let(:report_type) { :dast }
let(:report_version) { described_class::SUPPORTED_VERSIONS[report_type].last }
context 'when the report is valid' do
context 'and the report is valid' do
let(:report_data) do
{
'version' => report_version,
@ -530,7 +394,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do
it { is_expected.to be_empty }
end
context 'when the report is invalid' do
context 'and the report is invalid' do
let(:report_data) do
{
'version' => report_version
@ -560,7 +424,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do
stub_const("#{described_class}::DEPRECATED_VERSIONS", deprecations_hash)
end
context 'when the report passes schema validation' do
context 'and the report passes schema validation' do
let(:report_data) do
{
'version' => report_version,
@ -571,7 +435,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do
it { is_expected.to match_array(expected_deprecation_warnings) }
end
context 'when the report does not pass schema validation' do
context 'and the report does not pass schema validation' do
let(:report_data) do
{
'version' => 'V2.7.0'
@ -604,7 +468,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do
let(:report_type) { :dast }
let(:report_version) { described_class::SUPPORTED_VERSIONS[report_type].last }
context 'when the report is valid' do
context 'and the report is valid' do
let(:report_data) do
{
'version' => report_version,
@ -615,34 +479,14 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do
it { is_expected.to be_empty }
end
context 'when the report is invalid' do
context 'and the report is invalid' do
let(:report_data) do
{
'version' => report_version
}
end
context 'when enforce_security_report_validation is enabled' do
before do
stub_feature_flags(enforce_security_report_validation: project)
end
it { is_expected.to be_empty }
end
context 'when enforce_security_report_validation is disabled' do
before do
stub_feature_flags(enforce_security_report_validation: false)
end
let(:expected_warnings) do
[
'root is missing required keys: vulnerabilities'
]
end
it { is_expected.to match_array(expected_warnings) }
end
it { is_expected.to be_empty }
end
end
@ -660,7 +504,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do
stub_const("#{described_class}::DEPRECATED_VERSIONS", deprecations_hash)
end
context 'when the report passes schema validation' do
context 'and the report passes schema validation' do
let(:report_data) do
{
'vulnerabilities' => []
@ -670,35 +514,14 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do
it { is_expected.to be_empty }
end
context 'when the report does not pass schema validation' do
context 'and the report does not pass schema validation' do
let(:report_data) do
{
'version' => 'V2.7.0'
}
end
context 'when enforce_security_report_validation is enabled' do
before do
stub_feature_flags(enforce_security_report_validation: true)
end
it { is_expected.to be_empty }
end
context 'when enforce_security_report_validation is disabled' do
before do
stub_feature_flags(enforce_security_report_validation: false)
end
let(:expected_warnings) do
[
"property '/version' does not match pattern: ^[0-9]+\\.[0-9]+\\.[0-9]+$",
"root is missing required keys: vulnerabilities"
]
end
it { is_expected.to match_array(expected_warnings) }
end
it { is_expected.to be_empty }
end
end
@ -706,71 +529,25 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do
let(:report_type) { :dast }
let(:report_version) { "12.37.0" }
context 'when enforce_security_report_validation is enabled' do
before do
stub_feature_flags(enforce_security_report_validation: true)
context 'and the report is valid' do
let(:report_data) do
{
'version' => report_version,
'vulnerabilities' => []
}
end
context 'when the report is valid' do
let(:report_data) do
{
'version' => report_version,
'vulnerabilities' => []
}
end
it { is_expected.to be_empty }
end
context 'when the report is invalid' do
let(:report_data) do
{
'version' => report_version
}
end
it { is_expected.to be_empty }
end
it { is_expected.to be_empty }
end
context 'when enforce_security_report_validation is disabled' do
before do
stub_feature_flags(enforce_security_report_validation: false)
context 'and the report is invalid' do
let(:report_data) do
{
'version' => report_version
}
end
context 'when the report is valid' do
let(:report_data) do
{
'version' => report_version,
'vulnerabilities' => []
}
end
let(:expected_warnings) do
[
"Version 12.37.0 for report type dast is unsupported, supported versions for this report type are: #{supported_dast_versions}"
]
end
it { is_expected.to match_array(expected_warnings) }
end
context 'when the report is invalid' do
let(:report_data) do
{
'version' => report_version
}
end
let(:expected_warnings) do
[
"Version 12.37.0 for report type dast is unsupported, supported versions for this report type are: #{supported_dast_versions}",
"root is missing required keys: vulnerabilities"
]
end
it { is_expected.to match_array(expected_warnings) }
end
it { is_expected.to be_empty }
end
end
@ -784,21 +561,6 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do
end
it { is_expected.to be_empty }
context 'when enforce_security_report_validation is disabled' do
before do
stub_feature_flags(enforce_security_report_validation: false)
end
let(:expected_warnings) do
[
"root is missing required keys: version",
"Report version not provided, dast report type supports versions: #{supported_dast_versions}"
]
end
it { is_expected.to match_array(expected_warnings) }
end
end
end
end