diff --git a/GITLAB_PAGES_VERSION b/GITLAB_PAGES_VERSION
index 21998d3c2d9..9db5ea12f52 100644
--- a/GITLAB_PAGES_VERSION
+++ b/GITLAB_PAGES_VERSION
@@ -1 +1 @@
-1.47.0
+1.48.0
diff --git a/app/assets/javascripts/issues_list/components/new_issue_dropdown.vue b/app/assets/javascripts/issues_list/components/new_issue_dropdown.vue
index 037fd9be542..e749579af80 100644
--- a/app/assets/javascripts/issues_list/components/new_issue_dropdown.vue
+++ b/app/assets/javascripts/issues_list/components/new_issue_dropdown.vue
@@ -71,8 +71,11 @@ export default {
hasSelectedProject() {
return this.selectedProject.id;
},
+ projectsWithIssuesEnabled() {
+ return this.projects.filter((project) => project.issuesEnabled);
+ },
showNoSearchResultsText() {
- return !this.projects.length && this.search;
+ return !this.projectsWithIssuesEnabled.length && this.search;
},
},
methods: {
@@ -110,7 +113,7 @@ export default {
diff --git a/app/assets/javascripts/issues_list/queries/search_projects.query.graphql b/app/assets/javascripts/issues_list/queries/search_projects.query.graphql
index df1f330139a..75463f643a2 100644
--- a/app/assets/javascripts/issues_list/queries/search_projects.query.graphql
+++ b/app/assets/javascripts/issues_list/queries/search_projects.query.graphql
@@ -3,6 +3,7 @@ query searchProjects($fullPath: ID!, $search: String) {
projects(search: $search, includeSubgroups: true) {
nodes {
id
+ issuesEnabled
name
nameWithNamespace
webUrl
diff --git a/app/controllers/profiles_controller.rb b/app/controllers/profiles_controller.rb
index 69257081cc9..6330a6aa107 100644
--- a/app/controllers/profiles_controller.rb
+++ b/app/controllers/profiles_controller.rb
@@ -63,7 +63,7 @@ class ProfilesController < Profiles::ApplicationController
# rubocop: disable CodeReuse/ActiveRecord
def audit_log
- @events = AuditEvent.where(entity_type: "User", entity_id: current_user.id)
+ @events = AuthenticationEvent.where(user: current_user)
.order("created_at DESC")
.page(params[:page])
diff --git a/app/views/profiles/_event_table.html.haml b/app/views/profiles/_event_table.html.haml
index f74902a3c3b..67c649a9fce 100644
--- a/app/views/profiles/_event_table.html.haml
+++ b/app/views/profiles/_event_table.html.haml
@@ -3,10 +3,11 @@
%ul.content-list
- events.each do |event|
- %li
- %span.description
- = audit_icon(event.details[:with], css_class: 'gl-mr-2')
- = _('Signed in with %{authentication} authentication') % { authentication: event.details[:with]}
- %span.float-right= time_ago_with_tooltip(event.created_at)
+ - if event.success?
+ %li
+ %span.description
+ = audit_icon('key', css_class: 'gl-mr-2')
+ = _('Signed in with %{authentication} authentication') % { authentication: event.provider }
+ %span.float-right= time_ago_with_tooltip(event.created_at)
= paginate events, theme: "gitlab"
diff --git a/app/views/profiles/audit_log.html.haml b/app/views/profiles/audit_log.html.haml
index aec855c790e..4bbb4a21b39 100644
--- a/app/views/profiles/audit_log.html.haml
+++ b/app/views/profiles/audit_log.html.haml
@@ -6,6 +6,6 @@
%h4.gl-mt-0
= page_title
%p
- = _('This is a security log of important events involving your account.')
+ = _('This is a security log of authentication events involving your account.')
.col-lg-8
= render 'event_table', events: @events
diff --git a/app/views/shared/deploy_tokens/_form.html.haml b/app/views/shared/deploy_tokens/_form.html.haml
index e049afbc40b..902a0cad483 100644
--- a/app/views/shared/deploy_tokens/_form.html.haml
+++ b/app/views/shared/deploy_tokens/_form.html.haml
@@ -36,7 +36,7 @@
.text-secondary= s_('DeployTokens|Allows read-only access to registry images.')
%fieldset.form-group.form-check
- = f.check_box :write_registry, class: 'form-check-input'
+ = f.check_box :write_registry, class: 'form-check-input', data: { qa_selector: 'deploy_token_write_registry_checkbox' }
= f.label :write_registry, 'write_registry', class: 'label-bold form-check-label'
.text-secondary= s_('DeployTokens|Allows read and write access to registry images.')
diff --git a/doc/user/project/settings/index.md b/doc/user/project/settings/index.md
index e2ce8c12185..996d0e463f4 100644
--- a/doc/user/project/settings/index.md
+++ b/doc/user/project/settings/index.md
@@ -258,7 +258,7 @@ Use the switches to enable or disable the following features:
| **Wiki** | ✓ | Enables a separate system for [documentation](../wiki/). |
| **Snippets** | ✓ | Enables [sharing of code and text](../../snippets.md). |
| **Pages** | ✓ | Allows you to [publish static websites](../pages/). |
-| **Operations** | ✓ | Control access to [operations dashboard](../../../operations/index.md). |
+| **Operations** | ✓ | Control access to Operations-related features, including [Operations Dashboard](../../../operations/index.md), [Environments and Deployments](../../../ci/environments/index.md), [Feature Flags](../../../operations/feature_flags.md). |
| **Metrics Dashboard** | ✓ | Control access to [metrics dashboard](../integrations/prometheus.md). |
Some features depend on others:
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index c16b9e706c6..0d2e1352e2b 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -35286,7 +35286,7 @@ msgstr ""
msgid "This is a private email address %{helpIcon} generated just for you. Anyone who has it can create issues or merge requests as if they were you. If that happens, %{resetLinkStart}reset this token%{resetLinkEnd}."
msgstr ""
-msgid "This is a security log of important events involving your account."
+msgid "This is a security log of authentication events involving your account."
msgstr ""
msgid "This is a self-managed instance of GitLab."
diff --git a/qa/qa/page/project/settings/deploy_tokens.rb b/qa/qa/page/project/settings/deploy_tokens.rb
index 7b61c81154a..407d57bc54e 100644
--- a/qa/qa/page/project/settings/deploy_tokens.rb
+++ b/qa/qa/page/project/settings/deploy_tokens.rb
@@ -12,6 +12,7 @@ module QA
element :deploy_token_read_package_registry_checkbox
element :deploy_token_write_package_registry_checkbox
element :deploy_token_read_registry_checkbox
+ element :deploy_token_write_registry_checkbox
element :create_deploy_token_button
end
@@ -29,11 +30,12 @@ module QA
fill_element(:deploy_token_expires_at_field, expires_at.to_s + "\n")
end
- def fill_scopes(read_repository: false, read_registry: false, read_package_registry: false, write_package_registry: false)
- check_element(:deploy_token_read_repository_checkbox) if read_repository
- check_element(:deploy_token_read_package_registry_checkbox) if read_package_registry
- check_element(:deploy_token_write_package_registry_checkbox) if write_package_registry
- check_element(:deploy_token_read_registry_checkbox) if read_registry
+ def fill_scopes(scopes)
+ check_element(:deploy_token_read_repository_checkbox) if scopes.include? :read_repository
+ check_element(:deploy_token_read_package_registry_checkbox) if scopes.include? :read_package_registry
+ check_element(:deploy_token_write_package_registry_checkbox) if scopes.include? :write_package_registry
+ check_element(:deploy_token_read_registry_checkbox) if scopes.include? :read_registry
+ check_element(:deploy_token_write_registry_checkbox) if scopes.include? :write_registry
end
def add_token
diff --git a/qa/qa/resource/deploy_token.rb b/qa/qa/resource/deploy_token.rb
index 151454c37b1..f5d3b87fc2b 100644
--- a/qa/qa/resource/deploy_token.rb
+++ b/qa/qa/resource/deploy_token.rb
@@ -4,6 +4,7 @@ module QA
module Resource
class DeployToken < Base
attr_accessor :name, :expires_at
+ attr_writer :scopes
attribute :username do
Page::Project::Settings::Repository.perform do |repository_page|
@@ -37,7 +38,7 @@ module QA
setting.expand_deploy_tokens do |page|
page.fill_token_name(name)
page.fill_token_expires_at(expires_at)
- page.fill_scopes(read_repository: true, read_package_registry: true, write_package_registry: true)
+ page.fill_scopes(@scopes)
page.add_token
end
diff --git a/qa/qa/specs/features/browser_ui/5_package/container_registry/container_registry_omnibus_spec.rb b/qa/qa/specs/features/browser_ui/5_package/container_registry/container_registry_omnibus_spec.rb
index ffc76204731..51735d79fbd 100644
--- a/qa/qa/specs/features/browser_ui/5_package/container_registry/container_registry_omnibus_spec.rb
+++ b/qa/qa/specs/features/browser_ui/5_package/container_registry/container_registry_omnibus_spec.rb
@@ -3,10 +3,27 @@
module QA
RSpec.describe 'Package', :orchestrated, only: { pipeline: :main } do
describe 'Self-managed Container Registry' do
+ using RSpec::Parameterized::TableSyntax
+
let(:project) do
Resource::Project.fabricate_via_api! do |project|
project.name = 'project-with-registry'
project.template_name = 'express'
+ project.visibility = :private
+ end
+ end
+
+ let(:project_deploy_token) do
+ Resource::DeployToken.fabricate_via_browser_ui! do |deploy_token|
+ deploy_token.name = 'registry-deploy-token'
+ deploy_token.project = project
+ deploy_token.scopes = [
+ :read_repository,
+ :read_package_registry,
+ :write_package_registry,
+ :read_registry,
+ :write_registry
+ ]
end
end
@@ -19,6 +36,8 @@ module QA
end
end
+ let(:personal_access_token) { Runtime::Env.personal_access_token }
+
before do
Flow::Login.sign_in
project.visit!
@@ -26,68 +45,92 @@ module QA
after do
runner.remove_via_api!
+ project.remove_via_api!
end
- context 'when tls is enabled' do
- it "pushes image and deletes tag", :registry_tls, testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/quality/test_cases/1911' do
- Resource::Repository::Commit.fabricate_via_api! do |commit|
- commit.project = project
- commit.commit_message = 'Add .gitlab-ci.yml'
- commit.add_files([{
- file_path: '.gitlab-ci.yml',
- content:
- <<~YAML
- build:
- image: docker:19.03.12
- stage: build
- services:
- - name: docker:19.03.12-dind
- command:
- - /bin/sh
- - -c
- - |
- apk add --no-cache openssl
- true | openssl s_client -showcerts -connect gitlab.test:5050 > /usr/local/share/ca-certificates/gitlab.test.crt
- update-ca-certificates
- dockerd-entrypoint.sh || exit
- variables:
- IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
- script:
- - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD gitlab.test:5050
- - docker build -t $IMAGE_TAG .
- - docker push $IMAGE_TAG
- tags:
- - "runner-for-#{project.name}"
- YAML
- }])
+ where(:authentication_token_type, :token_name) do
+ :personal_access_token | 'Personal Access Token'
+ :project_deploy_token | 'Deploy Token'
+ :ci_job_token | 'Job Token'
+ end
+
+ with_them do
+ let(:auth_token) do
+ case authentication_token_type
+ when :personal_access_token
+ "\"#{personal_access_token}\""
+ when :project_deploy_token
+ "\"#{project_deploy_token.password}\""
+ when :ci_job_token
+ '$CI_JOB_TOKEN'
end
+ end
- Flow::Pipeline.visit_latest_pipeline
-
- Page::Project::Pipeline::Show.perform do |pipeline|
- pipeline.click_job('build')
+ let(:auth_user) do
+ case authentication_token_type
+ when :personal_access_token
+ "$CI_REGISTRY_USER"
+ when :project_deploy_token
+ "\"#{project_deploy_token.username}\""
+ when :ci_job_token
+ 'gitlab-ci-token'
end
+ end
- Page::Project::Job::Show.perform do |job|
- expect(job).to be_successful(timeout: 800)
- end
+ context "when tls is disabled" do
+ it "using a #{params[:token_name]}, pushes image and deletes tag", :registry do
+ Resource::Repository::Commit.fabricate_via_api! do |commit|
+ commit.project = project
+ commit.commit_message = 'Add .gitlab-ci.yml'
+ commit.add_files([{
+ file_path: '.gitlab-ci.yml',
+ content:
+ <<~YAML
+ build:
+ image: docker:19.03.12
+ stage: build
+ services:
+ - name: docker:19.03.12-dind
+ command: ["--insecure-registry=gitlab.test:5050"]
+ variables:
+ IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
+ script:
+ - docker login -u #{auth_user} -p #{auth_token} gitlab.test:5050
+ - docker build -t $IMAGE_TAG .
+ - docker push $IMAGE_TAG
+ tags:
+ - "runner-for-#{project.name}"
+ YAML
+ }])
+ end
- Page::Project::Menu.perform(&:go_to_container_registry)
+ Flow::Pipeline.visit_latest_pipeline
- Page::Project::Registry::Show.perform do |registry|
- expect(registry).to have_registry_repository(project.path_with_namespace)
+ Page::Project::Pipeline::Show.perform do |pipeline|
+ pipeline.click_job('build')
+ end
- registry.click_on_image(project.path_with_namespace)
- expect(registry).to have_tag('master')
+ Page::Project::Job::Show.perform do |job|
+ expect(job).to be_successful(timeout: 800)
+ end
- registry.click_delete
- expect(registry).not_to have_tag('master')
+ Page::Project::Menu.perform(&:go_to_container_registry)
+
+ Page::Project::Registry::Show.perform do |registry|
+ expect(registry).to have_registry_repository(project.path_with_namespace)
+
+ registry.click_on_image(project.path_with_namespace)
+ expect(registry).to have_tag('master')
+
+ registry.click_delete
+ expect(registry).not_to have_tag('master')
+ end
end
end
end
- context "when tls is disabled" do
- it "pushes image and deletes tag", :registry, testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/quality/test_cases/2378' do
+ context "when tls is enabled" do
+ it "pushes image and deletes tag", :registry_tls, testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/quality/test_cases/2378' do
Resource::Repository::Commit.fabricate_via_api! do |commit|
commit.project = project
commit.commit_message = 'Add .gitlab-ci.yml'
@@ -100,7 +143,14 @@ module QA
stage: build
services:
- name: docker:19.03.12-dind
- command: ["--insecure-registry=gitlab.test:5050"]
+ command:
+ - /bin/sh
+ - -c
+ - |
+ apk add --no-cache openssl
+ true | openssl s_client -showcerts -connect gitlab.test:5050 > /usr/local/share/ca-certificates/gitlab.test.crt
+ update-ca-certificates
+ dockerd-entrypoint.sh || exit
variables:
IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
script:
@@ -119,8 +169,8 @@ module QA
pipeline.click_job('build')
end
- Page::Project::Job::Show.perform do |job|
- expect(job).to be_successful(timeout: 800)
+ Support::Retrier.retry_until(max_duration: 800, sleep_interval: 10) do
+ project.pipelines.last[:status] == 'success'
end
Page::Project::Menu.perform(&:go_to_container_registry)
diff --git a/qa/qa/specs/features/browser_ui/5_package/package_registry/npm/npm_instance_level_spec.rb b/qa/qa/specs/features/browser_ui/5_package/package_registry/npm/npm_instance_level_spec.rb
index e603eb1c2a3..0fdd4b44518 100644
--- a/qa/qa/specs/features/browser_ui/5_package/package_registry/npm/npm_instance_level_spec.rb
+++ b/qa/qa/specs/features/browser_ui/5_package/package_registry/npm/npm_instance_level_spec.rb
@@ -19,6 +19,11 @@ module QA
Resource::DeployToken.fabricate_via_browser_ui! do |deploy_token|
deploy_token.name = 'npm-deploy-token'
deploy_token.project = project
+ deploy_token.scopes = [
+ :read_repository,
+ :read_package_registry,
+ :write_package_registry
+ ]
end
end
diff --git a/qa/qa/specs/features/browser_ui/5_package/package_registry/npm/npm_project_level_spec.rb b/qa/qa/specs/features/browser_ui/5_package/package_registry/npm/npm_project_level_spec.rb
index f269cac4492..db306a24533 100644
--- a/qa/qa/specs/features/browser_ui/5_package/package_registry/npm/npm_project_level_spec.rb
+++ b/qa/qa/specs/features/browser_ui/5_package/package_registry/npm/npm_project_level_spec.rb
@@ -19,6 +19,11 @@ module QA
Resource::DeployToken.fabricate_via_browser_ui! do |deploy_token|
deploy_token.name = 'npm-deploy-token'
deploy_token.project = project
+ deploy_token.scopes = [
+ :read_repository,
+ :read_package_registry,
+ :write_package_registry
+ ]
end
end
diff --git a/qa/qa/specs/features/browser_ui/6_release/deploy_token/add_deploy_token_spec.rb b/qa/qa/specs/features/browser_ui/6_release/deploy_token/add_deploy_token_spec.rb
index 23625ab645d..81ccc585cf9 100644
--- a/qa/qa/specs/features/browser_ui/6_release/deploy_token/add_deploy_token_spec.rb
+++ b/qa/qa/specs/features/browser_ui/6_release/deploy_token/add_deploy_token_spec.rb
@@ -12,6 +12,7 @@ module QA
deploy_token = Resource::DeployToken.fabricate_via_browser_ui! do |resource|
resource.name = deploy_token_name
resource.expires_at = one_week_from_now
+ resource.scopes = [:read_repository]
end
expect(deploy_token.username.length).to be > 0
diff --git a/qa/spec/support/shared_contexts/packages_registry_shared_context.rb b/qa/spec/support/shared_contexts/packages_registry_shared_context.rb
index b0ad5a7cd33..e686d254a44 100644
--- a/qa/spec/support/shared_contexts/packages_registry_shared_context.rb
+++ b/qa/spec/support/shared_contexts/packages_registry_shared_context.rb
@@ -45,6 +45,11 @@ module QA
Resource::DeployToken.fabricate_via_browser_ui! do |deploy_token|
deploy_token.name = 'package-deploy-token'
deploy_token.project = package_project
+ deploy_token.scopes = [
+ :read_repository,
+ :read_package_registry,
+ :write_package_registry
+ ]
end
end
diff --git a/spec/controllers/profiles_controller_spec.rb b/spec/controllers/profiles_controller_spec.rb
index 4959003d788..9a1f8a8442d 100644
--- a/spec/controllers/profiles_controller_spec.rb
+++ b/spec/controllers/profiles_controller_spec.rb
@@ -125,6 +125,8 @@ RSpec.describe ProfilesController, :request_store do
end
describe 'GET audit_log' do
+ let(:auth_event) { create(:authentication_event, user: user) }
+
it 'tracks search event', :snowplow do
sign_in(user)
@@ -136,6 +138,14 @@ RSpec.describe ProfilesController, :request_store do
user: user
)
end
+
+ it 'loads page correctly' do
+ sign_in(user)
+
+ get :audit_log
+
+ expect(response).to have_gitlab_http_status(:success)
+ end
end
describe 'PUT update_username' do
diff --git a/spec/factories/authentication_event.rb b/spec/factories/authentication_event.rb
index ff539c6f5c4..e02698fac38 100644
--- a/spec/factories/authentication_event.rb
+++ b/spec/factories/authentication_event.rb
@@ -7,5 +7,13 @@ FactoryBot.define do
user_name { 'Jane Doe' }
ip_address { '127.0.0.1' }
result { :failed }
+
+ trait :successful do
+ result { :success }
+ end
+
+ trait :failed do
+ result { :failed }
+ end
end
end
diff --git a/spec/frontend/issues_list/components/new_issue_dropdown_spec.js b/spec/frontend/issues_list/components/new_issue_dropdown_spec.js
index 1fcaa99cf5a..1c9a87e8af2 100644
--- a/spec/frontend/issues_list/components/new_issue_dropdown_spec.js
+++ b/spec/frontend/issues_list/components/new_issue_dropdown_spec.js
@@ -8,7 +8,7 @@ import { DASH_SCOPE, joinPaths } from '~/lib/utils/url_utility';
import {
emptySearchProjectsQueryResponse,
project1,
- project2,
+ project3,
searchProjectsQueryResponse,
} from '../mock_data';
@@ -72,7 +72,7 @@ describe('NewIssueDropdown component', () => {
expect(inputSpy).toHaveBeenCalledTimes(1);
});
- it('renders expected dropdown items', async () => {
+ it('renders projects with issues enabled', async () => {
wrapper = mountComponent({ mountFn: mount });
await showDropdown();
@@ -80,7 +80,7 @@ describe('NewIssueDropdown component', () => {
const listItems = wrapper.findAll('li');
expect(listItems.at(0).text()).toBe(project1.nameWithNamespace);
- expect(listItems.at(1).text()).toBe(project2.nameWithNamespace);
+ expect(listItems.at(1).text()).toBe(project3.nameWithNamespace);
});
it('renders `No matches found` when there are no matches', async () => {
diff --git a/spec/frontend/issues_list/mock_data.js b/spec/frontend/issues_list/mock_data.js
index 25664cc2842..19a8af4d9c2 100644
--- a/spec/frontend/issues_list/mock_data.js
+++ b/spec/frontend/issues_list/mock_data.js
@@ -262,6 +262,7 @@ export const urlParamsWithSpecialValues = {
export const project1 = {
id: 'gid://gitlab/Group/26',
+ issuesEnabled: true,
name: 'Super Mario Project',
nameWithNamespace: 'Mushroom Kingdom / Super Mario Project',
webUrl: 'https://127.0.0.1:3000/mushroom-kingdom/super-mario-project',
@@ -269,16 +270,25 @@ export const project1 = {
export const project2 = {
id: 'gid://gitlab/Group/59',
+ issuesEnabled: false,
name: 'Mario Kart Project',
nameWithNamespace: 'Mushroom Kingdom / Mario Kart Project',
webUrl: 'https://127.0.0.1:3000/mushroom-kingdom/mario-kart-project',
};
+export const project3 = {
+ id: 'gid://gitlab/Group/103',
+ issuesEnabled: true,
+ name: 'Mario Party Project',
+ nameWithNamespace: 'Mushroom Kingdom / Mario Party Project',
+ webUrl: 'https://127.0.0.1:3000/mushroom-kingdom/mario-party-project',
+};
+
export const searchProjectsQueryResponse = {
data: {
group: {
projects: {
- nodes: [project1, project2],
+ nodes: [project1, project2, project3],
},
},
},
diff --git a/spec/views/profiles/audit_log.html.haml_spec.rb b/spec/views/profiles/audit_log.html.haml_spec.rb
new file mode 100644
index 00000000000..d5f6a2d64e7
--- /dev/null
+++ b/spec/views/profiles/audit_log.html.haml_spec.rb
@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe 'profiles/audit_log' do
+ let(:user) { create(:user) }
+
+ before do
+ assign(:user, user)
+ assign(:events, AuthenticationEvent.all.page(params[:page]))
+ allow(controller).to receive(:current_user).and_return(user)
+ end
+
+ context 'when user has successful and failure events' do
+ before do
+ create(:authentication_event, :successful, user: user)
+ create(:authentication_event, :failed, user: user)
+ end
+
+ it 'only shows successful events' do
+ render
+
+ expect(rendered).to have_text('Signed in with standard authentication', count: 1)
+ end
+ end
+end