kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2021-02-03 06:10:04 +00:00
parent 3f64903c39
commit 8bb66ea7e1
24 changed files with 150 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/controllers/projects/pipelines/tests_controller.rb
View File

@ -42,9 +42,13 @@ module Projects
end
def test_suite
builds.map do |build|
suite = builds.map do |build|
build.collect_test_reports!(Gitlab::Ci::Reports::TestReports.new)
end.sum
Gitlab::Ci::Reports::TestFailureHistory.new(suite.failed.values, project).load!
suite
end
# rubocop: enable CodeReuse/ActiveRecord
end

6
app/helpers/application_settings_helper.rb
View File

@ -181,7 +181,7 @@ module ApplicationSettingsHelper
:asset_proxy_enabled,
:asset_proxy_secret_key,
:asset_proxy_url,
:asset_proxy_whitelist,
:asset_proxy_allowlist,
:static_objects_external_storage_auth_token,
:static_objects_external_storage_url,
:authorized_keys_enabled,
@ -355,9 +355,11 @@ module ApplicationSettingsHelper
]
end
# ok to remove in REST API v5
def deprecated_attributes
[
:admin_notification_email # ok to remove in REST API v5
:admin_notification_email,
:asset_proxy_whitelist
]
end

2
app/models/application_setting.rb
View File

@ -43,7 +43,7 @@ class ApplicationSetting < ApplicationRecord
serialize :domain_allowlist, Array # rubocop:disable Cop/ActiveRecordSerialize
serialize :domain_denylist, Array # rubocop:disable Cop/ActiveRecordSerialize
serialize :repository_storages # rubocop:disable Cop/ActiveRecordSerialize
serialize :asset_proxy_whitelist, Array # rubocop:disable Cop/ActiveRecordSerialize
serialize :asset_proxy_allowlist, Array # rubocop:disable Cop/ActiveRecordSerialize
cache_markdown_field :sign_in_text
cache_markdown_field :help_page_text

6
app/models/application_setting_implementation.rb
View File

@ -269,13 +269,13 @@ module ApplicationSettingImplementation
self.protected_paths = strings_to_array(values)
end
def asset_proxy_whitelist=(values)
def asset_proxy_allowlist=(values)
values = strings_to_array(values) if values.is_a?(String)
# make sure we always whitelist the running host
# make sure we always allow the running host
values << Gitlab.config.gitlab.host unless values.include?(Gitlab.config.gitlab.host)
self[:asset_proxy_whitelist] = values
self[:asset_proxy_allowlist] = values
end
def repository_storages

2
app/services/application_settings/update_service.rb
View File

@ -6,7 +6,7 @@ module ApplicationSettings
attr_reader :params, :application_setting
MARKDOWN_CACHE_INVALIDATING_PARAMS = %w(asset_proxy_enabled asset_proxy_url asset_proxy_secret_key asset_proxy_whitelist).freeze
MARKDOWN_CACHE_INVALIDATING_PARAMS = %w(asset_proxy_enabled asset_proxy_url asset_proxy_secret_key asset_proxy_allowlist).freeze
def execute
result = update_settings

4
app/views/shared/empty_states/_snippets.html.haml
View File

@ -12,7 +12,7 @@
= s_('SnippetsEmptyState|Store, share, and embed small pieces of code and text.')
.mt-2<
- if button_path
= link_to s_('SnippetsEmptyState|New snippet'), button_path, class: 'btn btn-success', title: s_('SnippetsEmptyState|New snippet'), id: 'new_snippet_link', data: { qa_selector: 'create_first_snippet_link' }
= link_to s_('SnippetsEmptyState|Documentation'), help_page_path('user/snippets.md'), class: 'btn btn-default', title: s_('SnippetsEmptyState|Documentation')
= link_to s_('SnippetsEmptyState|New snippet'), button_path, class: 'btn gl-button btn-success', title: s_('SnippetsEmptyState|New snippet'), id: 'new_snippet_link', data: { qa_selector: 'create_first_snippet_link' }
= link_to s_('SnippetsEmptyState|Documentation'), help_page_path('user/snippets.md'), class: 'btn gl-button btn-default', title: s_('SnippetsEmptyState|Documentation')
- else
%h4.text-center= s_('SnippetsEmptyState|There are no snippets to show.')

5
changelogs/unreleased/295621-rename-asset-proxy-whitelist-setting.yml Normal file
View File

@ -0,0 +1,5 @@
---
title: Rename asset_proxy_whitelist column on application_settings
merge_request: 50824
author:
type: changed

5
changelogs/unreleased/btn-default-lock-unlock.yml Normal file
View File

@ -0,0 +1,5 @@
---
title: Add btn-default class for unlock button in locked files page
merge_request: 52858
author: Yogi (@yo)
type: other

5
changelogs/unreleased/gl-button-snippets.yml Normal file
View File

@ -0,0 +1,5 @@
---
title: Apply new GitLab UI for buttons in empty project snippets placeholder
merge_request: 53157
author: Yogi (@yo)
type: other

21
db/migrate/20210105052034_rename_asset_proxy_whitelist_on_application_settings.rb Normal file
View File

@ -0,0 +1,21 @@
# frozen_string_literal: true
class RenameAssetProxyWhitelistOnApplicationSettings < ActiveRecord::Migration[6.0]
include Gitlab::Database::MigrationHelpers::V2
DOWNTIME = false
disable_ddl_transaction!
def up
rename_column_concurrently :application_settings,
:asset_proxy_whitelist,
:asset_proxy_allowlist
end
def down
undo_rename_column_concurrently :application_settings,
:asset_proxy_whitelist,
:asset_proxy_allowlist
end
end

21
db/post_migrate/20210105052229_clean_up_asset_proxy_whitelist_rename_on_application_settings.rb Normal file
View File

@ -0,0 +1,21 @@
# frozen_string_literal: true
class CleanUpAssetProxyWhitelistRenameOnApplicationSettings < ActiveRecord::Migration[6.0]
include Gitlab::Database::MigrationHelpers::V2
DOWNTIME = false
disable_ddl_transaction!
def up
cleanup_concurrent_column_rename :application_settings,
:asset_proxy_whitelist,
:asset_proxy_allowlist
end
def down
undo_cleanup_concurrent_column_rename :application_settings,
:asset_proxy_whitelist,
:asset_proxy_allowlist
end
end

1
db/schema_migrations/20210105052034 Normal file
View File

@ -0,0 +1 @@
4eef64fb237f783cdb07e012356d48a4ec9afc349721de1c53cf3def95e83858

1
db/schema_migrations/20210105052229 Normal file
View File

@ -0,0 +1 @@
ef994f0c65154825906fb0952b9b3073f4cb0692f01c90280edf06a4ea2ec339

2
db/structure.sql
View File

@ -9293,7 +9293,6 @@ CREATE TABLE application_settings (
instance_administration_project_id bigint,
asset_proxy_enabled boolean DEFAULT false NOT NULL,
asset_proxy_url character varying,
asset_proxy_whitelist text,
encrypted_asset_proxy_secret_key text,
encrypted_asset_proxy_secret_key_iv character varying,
static_objects_external_storage_url character varying(255),
@ -9412,6 +9411,7 @@ CREATE TABLE application_settings (
container_registry_cleanup_tags_service_max_list_size integer DEFAULT 200 NOT NULL,
enforce_ssh_key_expiration boolean DEFAULT false NOT NULL,
git_two_factor_session_expiry integer DEFAULT 15 NOT NULL,
asset_proxy_allowlist text,
CONSTRAINT app_settings_container_reg_cleanup_tags_max_list_size_positive CHECK ((container_registry_cleanup_tags_service_max_list_size >= 0)),
CONSTRAINT app_settings_registry_exp_policies_worker_capacity_positive CHECK ((container_registry_expiration_policies_worker_capacity >= 0)),
CONSTRAINT check_17d9558205 CHECK ((char_length((kroki_url)::text) <= 1024)),

6
doc/api/settings.md
View File

@ -77,6 +77,7 @@ Example response:
"asset_proxy_enabled": true,
"asset_proxy_url": "https://assets.example.com",
"asset_proxy_whitelist": ["example.com", "*.example.com", "your-instance.com"],
"asset_proxy_allowlist": ["example.com", "*.example.com", "your-instance.com"],
"npm_package_requests_forwarding": true,
"snippet_size_limit": 52428800,
"issues_create_limit": 300,
@ -166,7 +167,7 @@ Example response:
"local_markdown_version": 0,
"asset_proxy_enabled": true,
"asset_proxy_url": "https://assets.example.com",
"asset_proxy_whitelist": ["example.com", "*.example.com", "your-instance.com"],
"asset_proxy_allowlist": ["example.com", "*.example.com", "your-instance.com"],
"geo_node_allowed_ips": "0.0.0.0/0, ::/0",
"allow_local_requests_from_hooks_and_services": true,
"allow_local_requests_from_web_hooks_and_services": true,
@ -219,7 +220,8 @@ listed in the descriptions of the relevant settings.
| `asset_proxy_enabled` | boolean | no | (**If enabled, requires:** `asset_proxy_url`) Enable proxying of assets. GitLab restart is required to apply changes. |
| `asset_proxy_secret_key` | string | no | Shared secret with the asset proxy server. GitLab restart is required to apply changes. |
| `asset_proxy_url` | string | no | URL of the asset proxy server. GitLab restart is required to apply changes. |
| `asset_proxy_whitelist` | string or array of strings | no | Assets that match these domain(s) are **not** proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes. |
| `asset_proxy_whitelist` | string or array of strings | no | (Deprecated: Use `asset_proxy_allowlist` instead) Assets that match these domain(s) are **not** proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes. |
| `asset_proxy_allowlist` | string or array of strings | no | Assets that match these domain(s) are **not** proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes. |
| `authorized_keys_enabled` | boolean | no | By default, we write to the `authorized_keys` file to support Git over SSH without additional configuration. GitLab can be optimized to authenticate SSH keys via the database file. Only disable this if you have configured your OpenSSH server to use the AuthorizedKeysCommand. |
| `auto_devops_domain` | string | no | Specify a domain to use by default for every project's Auto Review Apps and Auto Deploy stages. |
| `auto_devops_enabled` | boolean | no | Enable Auto DevOps for projects by default. It automatically builds, tests, and deploys applications based on a predefined CI/CD configuration. |

3
doc/security/asset_proxy.md
View File

@ -51,7 +51,8 @@ To install a Camo server as an asset proxy:
| `asset_proxy_enabled` | Enable proxying of assets. If enabled, requires: `asset_proxy_url`). |
| `asset_proxy_secret_key` | Shared secret with the asset proxy server. |
| `asset_proxy_url` | URL of the asset proxy server. |
| `asset_proxy_whitelist` | Assets that match these domain(s) are NOT proxied. Wildcards allowed. Your GitLab installation URL is automatically whitelisted. |
| `asset_proxy_whitelist` | (Deprecated: Use `asset_proxy_allowlist` instead) Assets that match these domain(s) are NOT proxied. Wildcards allowed. Your GitLab installation URL is automatically allowed. |
| `asset_proxy_allowlist` | Assets that match these domain(s) are NOT proxied. Wildcards allowed. Your GitLab installation URL is automatically allowed. |
1. Restart the server for the changes to take effect. Each time you change any values for the asset
proxy, you need to restart the server.

1
lib/api/entities/application_setting.rb
View File

@ -31,6 +31,7 @@ module API
expose :password_authentication_enabled_for_web, as: :password_authentication_enabled
expose :password_authentication_enabled_for_web, as: :signin_enabled
expose :allow_local_requests_from_web_hooks_and_services, as: :allow_local_requests_from_hooks_and_services
expose :asset_proxy_allowlist, as: :asset_proxy_whitelist
end
end
end

8
lib/api/settings.rb
View File

@ -42,7 +42,8 @@ module API
optional :asset_proxy_enabled, type: Boolean, desc: 'Enable proxying of assets'
optional :asset_proxy_url, type: String, desc: 'URL of the asset proxy server'
optional :asset_proxy_secret_key, type: String, desc: 'Shared secret with the asset proxy server'
optional :asset_proxy_whitelist, type: Array[String], coerce_with: Validations::Types::CommaSeparatedToArray.coerce, desc: 'Assets that match these domain(s) will NOT be proxied. Wildcards allowed. Your GitLab installation URL is automatically whitelisted.'
optional :asset_proxy_whitelist, type: Array[String], coerce_with: Validations::Types::CommaSeparatedToArray.coerce, desc: 'Deprecated: Use :asset_proxy_allowlist instead. Assets that match these domain(s) will NOT be proxied. Wildcards allowed. Your GitLab installation URL is automatically whitelisted.'
optional :asset_proxy_allowlist, type: Array[String], coerce_with: Validations::Types::CommaSeparatedToArray.coerce, desc: 'Assets that match these domain(s) will NOT be proxied. Wildcards allowed. Your GitLab installation URL is automatically allowed.'
optional :container_registry_token_expire_delay, type: Integer, desc: 'Authorization token duration (minutes)'
optional :default_artifacts_expire_in, type: String, desc: "Set the default expiration time for each job's artifacts"
optional :default_ci_config_path, type: String, desc: 'The instance default CI configuration path for new projects'
@ -211,6 +212,11 @@ module API
attrs[:abuse_notification_email] = attrs.delete(:admin_notification_email)
end
# support legacy names, can be removed in v5
if attrs.has_key?(:asset_proxy_whitelist)
attrs[:asset_proxy_allowlist] = attrs.delete(:asset_proxy_whitelist)
end
# since 13.0 it's not possible to disable hashed storage - support can be removed in 14.0
attrs.delete(:hashed_storage_enabled) if attrs.has_key?(:hashed_storage_enabled)

4
lib/banzai/filter/asset_proxy_filter.rb
View File

@ -59,7 +59,9 @@ module Banzai
end
def self.determine_allowlist(application_settings)
application_settings.asset_proxy_whitelist.presence || [Gitlab.config.gitlab.host]
application_settings.try(:asset_proxy_allowlist).presence ||
application_settings.try(:asset_proxy_whitelist).presence ||
[Gitlab.config.gitlab.host]
end
end
end

24
spec/controllers/projects/pipelines/tests_controller_spec.rb
View File

@ -34,20 +34,38 @@ RSpec.describe Projects::Pipelines::TestsController do
end
describe 'GET #show.json' do
context 'when pipeline has build report results' do
let(:pipeline) { create(:ci_pipeline, :with_report_results, project: project) }
context 'when pipeline has builds with test reports' do
let(:main_pipeline) { create(:ci_pipeline, :with_test_reports_with_three_failures, project: project) }
let(:pipeline) { create(:ci_pipeline, :with_test_reports_with_three_failures, project: project, ref: 'new-feature') }
let(:suite_name) { 'test' }
let(:build_ids) { pipeline.latest_builds.pluck(:id) }
before do
build = main_pipeline.builds.last
build.update_column(:finished_at, 1.day.ago) # Just to be sure we are included in the report window
# The JUnit fixture for the given build has 3 failures.
# This service will create 1 test case failure record for each.
Ci::TestFailureHistoryService.new(main_pipeline).execute
end
it 'renders test suite data' do
get_tests_show_json(build_ids)
expect(response).to have_gitlab_http_status(:ok)
expect(json_response['name']).to eq('test')
# Each test failure in this pipeline has a matching failure in the default branch
recent_failures = json_response['test_cases'].map { |tc| tc['recent_failures'] }
expect(recent_failures).to eq([
{ 'count' => 1, 'base_branch' => 'master' },
{ 'count' => 1, 'base_branch' => 'master' },
{ 'count' => 1, 'base_branch' => 'master' }
])
end
end
context 'when pipeline does not have build report results' do
context 'when pipeline has no builds that matches the given build_ids' do
let(:pipeline) { create(:ci_empty_pipeline) }
let(:suite_name) { 'test' }

16
spec/lib/banzai/filter/asset_proxy_filter_spec.rb
View File

@ -28,7 +28,7 @@ RSpec.describe Banzai::Filter::AssetProxyFilter do
stub_application_setting(asset_proxy_enabled: true)
stub_application_setting(asset_proxy_secret_key: 'shared-secret')
stub_application_setting(asset_proxy_url: 'https://assets.example.com')
stub_application_setting(asset_proxy_whitelist: %w(gitlab.com *.mydomain.com))
stub_application_setting(asset_proxy_allowlist: %w(gitlab.com *.mydomain.com))
described_class.initialize_settings
@ -39,16 +39,26 @@ RSpec.describe Banzai::Filter::AssetProxyFilter do
expect(Gitlab.config.asset_proxy.domain_regexp).to eq(/^(gitlab\.com|.*?\.mydomain\.com)$/i)
end
context 'when whitelist is empty' do
context 'when allowlist is empty' do
it 'defaults to the install domain' do
stub_application_setting(asset_proxy_enabled: true)
stub_application_setting(asset_proxy_whitelist: [])
stub_application_setting(asset_proxy_allowlist: [])
described_class.initialize_settings
expect(Gitlab.config.asset_proxy.allowlist).to eq [Gitlab.config.gitlab.host]
end
end
it 'supports deprecated whitelist settings' do
stub_application_setting(asset_proxy_enabled: true)
stub_application_setting(asset_proxy_whitelist: %w(foo.com bar.com))
stub_application_setting(asset_proxy_allowlist: [])
described_class.initialize_settings
expect(Gitlab.config.asset_proxy.allowlist).to eq %w(foo.com bar.com)
end
end
context 'when properly configured' do

18
spec/models/application_setting_spec.rb
View File

@ -635,28 +635,28 @@ RSpec.describe ApplicationSetting do
end
end
describe '#asset_proxy_whitelist' do
describe '#asset_proxy_allowlist' do
context 'when given an Array' do
it 'sets the domains and adds current running host' do
setting.asset_proxy_whitelist = ['example.com', 'assets.example.com']
expect(setting.asset_proxy_whitelist).to eq(['example.com', 'assets.example.com', 'localhost'])
setting.asset_proxy_allowlist = ['example.com', 'assets.example.com']
expect(setting.asset_proxy_allowlist).to eq(['example.com', 'assets.example.com', 'localhost'])
end
end
context 'when given a String' do
it 'sets multiple domains with spaces' do
setting.asset_proxy_whitelist = 'example.com *.example.com'
expect(setting.asset_proxy_whitelist).to eq(['example.com', '*.example.com', 'localhost'])
setting.asset_proxy_allowlist = 'example.com *.example.com'
expect(setting.asset_proxy_allowlist).to eq(['example.com', '*.example.com', 'localhost'])
end
it 'sets multiple domains with newlines and a space' do
setting.asset_proxy_whitelist = "example.com\n *.example.com"
expect(setting.asset_proxy_whitelist).to eq(['example.com', '*.example.com', 'localhost'])
setting.asset_proxy_allowlist = "example.com\n *.example.com"
expect(setting.asset_proxy_allowlist).to eq(['example.com', '*.example.com', 'localhost'])
end
it 'sets multiple domains with commas' do
setting.asset_proxy_whitelist = "example.com, *.example.com"
expect(setting.asset_proxy_whitelist).to eq(['example.com', '*.example.com', 'localhost'])
setting.asset_proxy_allowlist = "example.com, *.example.com"
expect(setting.asset_proxy_allowlist).to eq(['example.com', '*.example.com', 'localhost'])
end
end
end

18
spec/requests/api/settings_spec.rb
View File

@ -199,6 +199,14 @@ RSpec.describe API::Settings, 'Settings' do
expect(json_response['allow_local_requests_from_hooks_and_services']).to eq(true)
end
it 'supports legacy asset_proxy_whitelist' do
put api("/application/settings", admin),
params: { asset_proxy_whitelist: ['example.com', '*.example.com'] }
expect(response).to have_gitlab_http_status(:ok)
expect(json_response['asset_proxy_allowlist']).to eq(['example.com', '*.example.com', 'localhost'])
end
it 'disables ability to switch to legacy storage' do
put api("/application/settings", admin),
params: { hashed_storage_enabled: false }
@ -362,24 +370,24 @@ RSpec.describe API::Settings, 'Settings' do
asset_proxy_enabled: true,
asset_proxy_url: 'http://assets.example.com',
asset_proxy_secret_key: 'shared secret',
asset_proxy_whitelist: ['example.com', '*.example.com']
asset_proxy_allowlist: ['example.com', '*.example.com']
}
expect(response).to have_gitlab_http_status(:ok)
expect(json_response['asset_proxy_enabled']).to be(true)
expect(json_response['asset_proxy_url']).to eq('http://assets.example.com')
expect(json_response['asset_proxy_secret_key']).to be_nil
expect(json_response['asset_proxy_whitelist']).to eq(['example.com', '*.example.com', 'localhost'])
expect(json_response['asset_proxy_allowlist']).to eq(['example.com', '*.example.com', 'localhost'])
end
it 'allows a string for asset_proxy_whitelist' do
it 'allows a string for asset_proxy_allowlist' do
put api('/application/settings', admin),
params: {
asset_proxy_whitelist: 'example.com, *.example.com'
asset_proxy_allowlist: 'example.com, *.example.com'
}
expect(response).to have_gitlab_http_status(:ok)
expect(json_response['asset_proxy_whitelist']).to eq(['example.com', '*.example.com', 'localhost'])
expect(json_response['asset_proxy_allowlist']).to eq(['example.com', '*.example.com', 'localhost'])
end
end

2
spec/services/application_settings/update_service_spec.rb
View File

@ -122,7 +122,7 @@ RSpec.describe ApplicationSettings::UpdateService do
it_behaves_like 'invalidates markdown cache', { asset_proxy_enabled: true }
it_behaves_like 'invalidates markdown cache', { asset_proxy_url: 'http://test.com' }
it_behaves_like 'invalidates markdown cache', { asset_proxy_secret_key: 'another secret' }
it_behaves_like 'invalidates markdown cache', { asset_proxy_whitelist: ['domain.com'] }
it_behaves_like 'invalidates markdown cache', { asset_proxy_allowlist: ['domain.com'] }
context 'when also setting the local_markdown_version' do
let(:params) { { asset_proxy_enabled: true, local_markdown_version: 12 } }