root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2024-05-07 21:11:58 +00:00
parent d6475c4321
commit 0d3de8bbe9
37 changed files with 467 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.rubocop_todo/layout/line_length.yml
View File

@ -1206,7 +1206,6 @@ Layout/LineLength:
- 'ee/lib/gitlab/usage/metrics/instrumentations/approval_project_rules_with_user_metric.rb'
- 'ee/lib/gitlab/usage/metrics/instrumentations/count_ci_builds_metric.rb'
- 'ee/lib/gitlab/usage/metrics/instrumentations/license_metric.rb'
- 'ee/lib/gitlab/usage_data_counters/license_testing_counter.rb'
- 'ee/lib/system_check/geo/authorized_keys_check.rb'
- 'ee/lib/system_check/geo/current_node_check.rb'
- 'ee/lib/system_check/geo/geo_database_configured_check.rb'

1
Gemfile
View File

@ -82,6 +82,7 @@ gem 'omniauth-google-oauth2', '~> 1.1' # rubocop:todo Gemfile/MissingFeatureCate
gem 'omniauth-oauth2-generic', '~> 0.2.2' # rubocop:todo Gemfile/MissingFeatureCategory
gem 'omniauth-saml', '~> 2.1.0' # rubocop:todo Gemfile/MissingFeatureCategory
gem 'omniauth-shibboleth-redux', '~> 2.0', require: 'omniauth-shibboleth' # rubocop:todo Gemfile/MissingFeatureCategory
gem 'omniauth-twitter', '~> 1.4' # rubocop:todo Gemfile/MissingFeatureCategory
gem 'omniauth_crowd', '~> 2.4.0', path: 'vendor/gems/omniauth_crowd' # See vendor/gems/omniauth_crowd/README.md # rubocop:todo Gemfile/MissingFeatureCategory
gem 'omniauth_openid_connect', '~> 0.6.1' # rubocop:todo Gemfile/MissingFeatureCategory
# Locked until Ruby 3.0 upgrade since upgrading will pull in an updated net-smtp gem.

2
Gemfile.checksum
View File

@ -435,10 +435,12 @@
{"name":"omniauth-azure-activedirectory-v2","version":"2.0.0","platform":"ruby","checksum":"c484cedd52cd233e3c216c4b3ed667ec07d20e51c550a613b65a0f90fe8ad072"},
{"name":"omniauth-github","version":"2.0.1","platform":"ruby","checksum":"8ff8e70ac6d6db9d52485eef52cfa894938c941496e66b52b5e2773ade3ccad4"},
{"name":"omniauth-google-oauth2","version":"1.1.1","platform":"ruby","checksum":"4496f126e84eaf760f9c6a5c69e5e7511f98092d7f25ad79fd2c0ae5e09b5039"},
{"name":"omniauth-oauth","version":"1.2.0","platform":"ruby","checksum":"e7a78658498dc83aa3f3be1a776425c0f06a60d45d9236dbe5e98e61fadf827b"},
{"name":"omniauth-oauth2","version":"1.8.0","platform":"ruby","checksum":"b2f8e9559cc7e2d4efba57607691d6d2b634b879fc5b5b6ccfefa3da85089e78"},
{"name":"omniauth-oauth2-generic","version":"0.2.8","platform":"ruby","checksum":"ce6e8539019d5ebf2f48867072b9f248f148bb4cbe7166dee655865abfae7613"},
{"name":"omniauth-saml","version":"2.1.0","platform":"ruby","checksum":"969cb7ba271891d09dfa57b206fc274f43203c52727492517decda93decc6906"},
{"name":"omniauth-shibboleth-redux","version":"2.0.0","platform":"ruby","checksum":"e9b353fd103405fcc8549e8510b9cad857acf0b286d764fac5dba8a93ab8ffe1"},
{"name":"omniauth-twitter","version":"1.4.0","platform":"ruby","checksum":"c5cc6c77cd767745ffa9ebbd5fbd694a3fa99d1d2d82a4d7def0bf3b6131b264"},
{"name":"omniauth_openid_connect","version":"0.6.1","platform":"ruby","checksum":"5f1318f5b19b05e339ff494def060b57a503b1e3ea83c3a0ced6cc014407d423"},
{"name":"open4","version":"1.3.4","platform":"ruby","checksum":"a1df037310624ecc1ea1d81264b11c83e96d0c3c1c6043108d37d396dcd0f4b1"},
{"name":"openid_connect","version":"1.3.0","platform":"ruby","checksum":"a796855096850cc01140e37ea6ae9fd14f2be818b9b5bc698418063dfe228770"},

7
Gemfile.lock
View File

@ -1193,6 +1193,9 @@ GEM
oauth2 (~> 2.0.6)
omniauth (~> 2.0)
omniauth-oauth2 (~> 1.8.0)
omniauth-oauth (1.2.0)
oauth
omniauth (>= 1.0, < 3)
omniauth-oauth2 (1.8.0)
oauth2 (>= 1.4, < 3)
omniauth (~> 2.0)
@ -1204,6 +1207,9 @@ GEM
ruby-saml (~> 1.12)
omniauth-shibboleth-redux (2.0.0)
omniauth (>= 2.0.0)
omniauth-twitter (1.4.0)
omniauth-oauth (~> 1.1)
rack
omniauth_openid_connect (0.6.1)
omniauth (>= 1.9, < 3)
openid_connect (~> 1.1)
@ -2115,6 +2121,7 @@ DEPENDENCIES
omniauth-salesforce (~> 1.0.5)!
omniauth-saml (~> 2.1.0)
omniauth-shibboleth-redux (~> 2.0)
omniauth-twitter (~> 1.4)
omniauth_crowd (~> 2.4.0)!
omniauth_openid_connect (~> 0.6.1)
openid_connect (= 1.3.0)

BIN
app/assets/images/auth_buttons/twitter_64.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.6 KiB

6
app/graphql/mutations/work_items/create.rb
View File

@ -16,6 +16,9 @@ module Mutations
MUTUALLY_EXCLUSIVE_ARGUMENTS_ERROR = 'Please provide either projectPath or namespacePath argument, but not both.'
DISABLED_FF_ERROR = 'namespace_level_work_items feature flag is disabled. Only project paths allowed.'
argument :assignees_widget, ::Types::WorkItems::Widgets::AssigneesInputType,
required: false,
description: 'Input for assignees widget.'
argument :confidential, GraphQL::Types::Boolean,
required: false,
description: 'Sets the work item confidentiality.'
@ -29,6 +32,9 @@ module Mutations
argument :hierarchy_widget, ::Types::WorkItems::Widgets::HierarchyCreateInputType,
required: false,
description: 'Input for hierarchy widget.'
argument :labels_widget, ::Types::WorkItems::Widgets::LabelsCreateInputType,
required: false,
description: 'Input for labels widget.'
argument :milestone_widget, ::Types::WorkItems::Widgets::MilestoneInputType,
required: false,
description: 'Input for milestone widget.'

16
app/graphql/types/work_items/widgets/labels_create_input_type.rb Normal file
View File

@ -0,0 +1,16 @@
# frozen_string_literal: true
module Types
module WorkItems
module Widgets
class LabelsCreateInputType < BaseInputObject
graphql_name 'WorkItemWidgetLabelsCreateInput'
argument :label_ids, [::Types::GlobalIDType[::Label]],
required: true,
description: 'IDs of labels to be added to the work item.',
prepare: ->(label_ids, _ctx) { label_ids.map(&:model_id) }
end
end
end
end

32
app/services/work_items/callbacks/assignees.rb
View File

@ -3,32 +3,30 @@
module WorkItems
module Callbacks
class Assignees < Base
def before_create
set_assignee_ids
end
def before_update
params[:assignee_ids] = [] if excluded_in_new_type?
return unless params.present? && params.has_key?(:assignee_ids)
return unless has_permission?(:set_work_item_metadata)
assignee_ids = filter_assignees_count(params[:assignee_ids])
assignee_ids = filter_assignee_permissions(assignee_ids)
return if assignee_ids.sort == work_item.assignee_ids.sort
work_item.assignee_ids = assignee_ids
work_item.touch
set_assignee_ids
end
private
def filter_assignees_count(assignee_ids)
return assignee_ids if work_item.allows_multiple_assignees?
def set_assignee_ids
params[:assignee_ids] = [] if excluded_in_new_type?
return unless params.has_key?(:assignee_ids) && has_permission?(:set_work_item_metadata)
assignee_ids.first(1)
new_assignee_ids = filter_assignee_ids(params[:assignee_ids])
return if new_assignee_ids.sort == work_item.assignee_ids.sort
work_item.assignee_ids = new_assignee_ids
end
def filter_assignee_permissions(assignee_ids)
assignees = User.id_in(assignee_ids)
def filter_assignee_ids(assignee_ids)
assignee_ids = assignee_ids.first(1) unless work_item.allows_multiple_assignees?
assignees = User.id_in(assignee_ids)
assignees.select { |assignee| assignee.can?(:read_work_item, work_item) }.map(&:id)
end
end

18
config/events/users_clicked_license_testing_visit_external_website.yml Normal file
View File

@ -0,0 +1,18 @@
---
description: Tracks click on licence-compliance details to visit external information website
internal_events: true
action: click_external_link_license_compliance
identifiers:
- project
- user
- namespace
product_section: sec
product_stage: secure
product_group: static_analysis
milestone: '17.0'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/150952
distributions:
- ee
tiers:
- premium
- ultimate

18
config/events/users_visiting_testing_license_compliance_full_report.yml Normal file
View File

@ -0,0 +1,18 @@
---
description: Tracks click on licence-compliance full report button
internal_events: true
action: click_full_report_license_compliance
identifiers:
- project
- user
- namespace
product_section: sec
product_stage: secure
product_group: static_analysis
milestone: '17.0'
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/150952
distributions:
- ee
tiers:
- premium
- ultimate

20
config/gitlab.yml.example
View File

@ -1014,7 +1014,7 @@ production: &base
## OmniAuth settings
omniauth:
# Allow login via Google, GitHub, etc. using OmniAuth providers
# Allow login via Twitter, Google, etc. using OmniAuth providers
# enabled: true
# Uncomment this to automatically sign in with a specific omniauth provider's without
@ -1022,7 +1022,7 @@ production: &base
# auto_sign_in_with_provider: saml
# Sync user's profile from the specified Omniauth providers every time the user logs in (default: empty).
# Define the allowed providers using an array, e.g. ["saml", "google_oauth2"],
# Define the allowed providers using an array, e.g. ["saml", "twitter"],
# or as true/false to allow all providers or none.
# When authenticating using LDAP, the user's email is always synced.
# sync_profile_from_provider: []
@ -1035,7 +1035,7 @@ production: &base
# CAUTION!
# This allows users to login without having a user account first. Define the allowed providers
# using an array, e.g. ["saml", "google_oauth2"], or as true/false to allow all providers or none.
# using an array, e.g. ["saml", "twitter"], or as true/false to allow all providers or none.
# User accounts will be created automatically when authentication was successful.
allow_single_sign_on: ["saml"]
@ -1057,10 +1057,10 @@ production: &base
# Allow users with existing accounts to sign in and auto link their account via OmniAuth
# login, without having to do a manual login first and manually add OmniAuth. Links on email.
# Define the allowed providers using an array, e.g. ["saml", "google_oauth2"], or as true/false to
# Define the allowed providers using an array, e.g. ["saml", "twitter"], or as true/false to
# allow all providers or none.
# (default: false)
auto_link_user: ["saml", "google_oauth2"]
auto_link_user: ["saml", "twitter"]
# Set different Omniauth providers as external so that all users creating accounts
# via these providers will not be able to have access to internal projects. You
@ -1071,11 +1071,11 @@ production: &base
# CAUTION!
# This allows users to login with the specified providers without two factor. Define the allowed providers
# using an array, e.g. ["saml", 'google_oauth2'], or as true/false to allow all providers or none.
# using an array, e.g. ["twitter", 'google_oauth2'], or as true/false to allow all providers or none.
# This option should only be configured for providers which already have two factor.
# This configration dose not apply to SAML.
# (default: false)
allow_bypass_two_factor: ["saml", "google_oauth2"]
allow_bypass_two_factor: ["twitter", 'google_oauth2']
## Auth providers
# Uncomment the following lines and fill in the data of the auth provider you want to use
@ -1105,6 +1105,9 @@ production: &base
# app_id: 'YOUR_APP_ID',
# app_secret: 'YOUR_APP_SECRET',
# args: { access_type: 'offline', approval_prompt: '' } }
# - { name: 'twitter',
# app_id: 'YOUR_APP_ID',
# app_secret: 'YOUR_APP_SECRET' }
# - { name: 'jwt',
# args: {
# secret: 'YOUR_APP_SECRET',
@ -1603,6 +1606,9 @@ test:
app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET',
args: { access_type: 'offline', approval_prompt: '' } }
- { name: 'twitter',
app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET' }
- { name: 'jwt',
app_secret: 'YOUR_APP_SECRET',
args: {

2
doc/administration/backup_restore/backup_cli.md
View File

@ -4,7 +4,7 @@ group: Geo
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
---
## Back up and Restore GitLab with `gitlab-backup-cli`
# Back up and Restore GitLab with `gitlab-backup-cli`
DETAILS:
**Tier:** Free, Premium, Ultimate

4
doc/administration/backup_restore/backup_gitlab.md
View File

@ -1349,8 +1349,8 @@ When considering using file system data transfer or snapshots:
- Don't use these methods to migrate from one operating system to another. The operating systems of the source and destination should be as similar as possible. For example,
don't use these methods to migrate from Ubuntu to RHEL.
- Data consistency is very important. You should stop GitLab with `sudo gitlab-ctl stop` before taking doing a file system transfer (with `rsync`, for example) or taking a
snapshot.
- Data consistency is very important. You should stop GitLab (`sudo gitlab-ctl stop`) before
doing a file system transfer (with `rsync`, for example) or taking a snapshot.
Example: Amazon Elastic Block Store (EBS)

2
doc/administration/reference_architectures/10k_users.md
View File

@ -4,7 +4,7 @@ group: Distribution
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
---
# Reference architecture: 200 RPS or up to 10,000 users
# Reference architecture: Up to 200 RPS or 10,000 users
DETAILS:
**Tier:** Premium, Ultimate

2
doc/administration/reference_architectures/1k_users.md
View File

@ -4,7 +4,7 @@ group: Distribution
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
---
# Reference architecture: 20 RPS or up to 1,000 users
# Reference architecture: Up to 20 RPS or 1,000 users
DETAILS:
**Tier:** Free, Premium, Ultimate

2
doc/administration/reference_architectures/25k_users.md
View File

@ -4,7 +4,7 @@ group: Distribution
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
---
# Reference architecture: 500 RPS or up to 25,000 users
# Reference architecture: Up to 500 RPS or 25,000 users
DETAILS:
**Tier:** Premium, Ultimate

2
doc/administration/reference_architectures/2k_users.md
View File

@ -4,7 +4,7 @@ group: Distribution
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
---
# Reference architecture: 40 RPS or up to 2,000 users
# Reference architecture: Up to 40 RPS or 2,000 users
DETAILS:
**Tier:** Free, Premium, Ultimate

2
doc/administration/reference_architectures/3k_users.md
View File

@ -4,7 +4,7 @@ group: Distribution
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
---
# Reference architecture: 60 RPS or up to 3,000 users
# Reference architecture: Up to 60 RPS or 3,000 users
DETAILS:
**Tier:** Premium, Ultimate

2
doc/administration/reference_architectures/50k_users.md
View File

@ -4,7 +4,7 @@ group: Distribution
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
---
# Reference architecture: 1000 RPS or up to 50,000 users
# Reference architecture: Up to 1000 RPS or 50,000 users
DETAILS:
**Tier:** Premium, Ultimate

2
doc/administration/reference_architectures/5k_users.md
View File

@ -4,7 +4,7 @@ group: Distribution
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
---
# Reference architecture: 100 RPS or up to 5,000 users
# Reference architecture: Up to 100 RPS or 5,000 users
DETAILS:
**Tier:** Premium, Ultimate

12
doc/administration/reference_architectures/index.md
View File

@ -41,12 +41,12 @@ Below is the list of Linux package based reference architectures:
Below is a list of Cloud Native Hybrid reference architectures, where select recommended components can be run in Kubernetes:
- [40 RPS or Up to 2,000 users](2k_users.md#cloud-native-hybrid-reference-architecture-with-helm-charts-alternative) <span style="color: darkgrey;">_API: 40 RPS, Web: 4 RPS, Git (Pull): 4 RPS, Git (Push): 1 RPS_</span>
- [60 RPS or Up to 3,000 users](3k_users.md#cloud-native-hybrid-reference-architecture-with-helm-charts-alternative) <span style="color: darkgrey;">_API: 60 RPS, Web: 6 RPS, Git (Pull): 6 RPS, Git (Push): 1 RPS_</span>
- [100 RPS or Up to 5,000 users](5k_users.md#cloud-native-hybrid-reference-architecture-with-helm-charts-alternative) <span style="color: darkgrey;">_API: 100 RPS, Web: 10 RPS, Git (Pull): 10 RPS, Git (Push): 2 RPS_</span>
- [200 RPS or Up to 10,000 users](10k_users.md#cloud-native-hybrid-reference-architecture-with-helm-charts-alternative) <span style="color: darkgrey;">_API: 200 RPS, Web: 20 RPS, Git (Pull): 20 RPS, Git (Push): 4 RPS_</span>
- [500 RPS or Up to 25,000 users](25k_users.md#cloud-native-hybrid-reference-architecture-with-helm-charts-alternative) <span style="color: darkgrey;">_API: 500 RPS, Web: 50 RPS, Git (Pull): 50 RPS, Git (Push): 10 RPS_</span>
- [1000 RPS or Up to 50,000 users](50k_users.md#cloud-native-hybrid-reference-architecture-with-helm-charts-alternative) <span style="color: darkgrey;">_API: 1000 RPS, Web: 100 RPS, Git (Pull): 100 RPS, Git (Push): 20 RPS_</span>
- [Up to 40 RPS or 2,000 users](2k_users.md#cloud-native-hybrid-reference-architecture-with-helm-charts-alternative) <span style="color: darkgrey;">_API: 40 RPS, Web: 4 RPS, Git (Pull): 4 RPS, Git (Push): 1 RPS_</span>
- [Up to 60 RPS or 3,000 users](3k_users.md#cloud-native-hybrid-reference-architecture-with-helm-charts-alternative) <span style="color: darkgrey;">_API: 60 RPS, Web: 6 RPS, Git (Pull): 6 RPS, Git (Push): 1 RPS_</span>
- [Up to 100 RPS or 5,000 users](5k_users.md#cloud-native-hybrid-reference-architecture-with-helm-charts-alternative) <span style="color: darkgrey;">_API: 100 RPS, Web: 10 RPS, Git (Pull): 10 RPS, Git (Push): 2 RPS_</span>
- [Up to 200 RPS or 10,000 users](10k_users.md#cloud-native-hybrid-reference-architecture-with-helm-charts-alternative) <span style="color: darkgrey;">_API: 200 RPS, Web: 20 RPS, Git (Pull): 20 RPS, Git (Push): 4 RPS_</span>
- [Up to 500 RPS or 25,000 users](25k_users.md#cloud-native-hybrid-reference-architecture-with-helm-charts-alternative) <span style="color: darkgrey;">_API: 500 RPS, Web: 50 RPS, Git (Pull): 50 RPS, Git (Push): 10 RPS_</span>
- [Up to 1000 RPS or 50,000 users](50k_users.md#cloud-native-hybrid-reference-architecture-with-helm-charts-alternative) <span style="color: darkgrey;">_API: 1000 RPS, Web: 100 RPS, Git (Pull): 100 RPS, Git (Push): 20 RPS_</span>
## Before you start

10
doc/api/graphql/reference/index.md
View File

@ -9445,6 +9445,7 @@ Input type: `WorkItemCreateInput`
| Name | Type | Description |
| ---- | ---- | ----------- |
| <a id="mutationworkitemcreateassigneeswidget"></a>`assigneesWidget` | [`WorkItemWidgetAssigneesInput`](#workitemwidgetassigneesinput) | Input for assignees widget. |
| <a id="mutationworkitemcreateclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
| <a id="mutationworkitemcreatecolorwidget"></a>`colorWidget` | [`WorkItemWidgetColorInput`](#workitemwidgetcolorinput) | Input for color widget. |
| <a id="mutationworkitemcreateconfidential"></a>`confidential` | [`Boolean`](#boolean) | Sets the work item confidentiality. |
@ -9453,6 +9454,7 @@ Input type: `WorkItemCreateInput`
| <a id="mutationworkitemcreatehealthstatuswidget"></a>`healthStatusWidget` | [`WorkItemWidgetHealthStatusInput`](#workitemwidgethealthstatusinput) | Input for health status widget. |
| <a id="mutationworkitemcreatehierarchywidget"></a>`hierarchyWidget` | [`WorkItemWidgetHierarchyCreateInput`](#workitemwidgethierarchycreateinput) | Input for hierarchy widget. |
| <a id="mutationworkitemcreateiterationwidget"></a>`iterationWidget` | [`WorkItemWidgetIterationInput`](#workitemwidgetiterationinput) | Iteration widget of the work item. |
| <a id="mutationworkitemcreatelabelswidget"></a>`labelsWidget` | [`WorkItemWidgetLabelsCreateInput`](#workitemwidgetlabelscreateinput) | Input for labels widget. |
| <a id="mutationworkitemcreatemilestonewidget"></a>`milestoneWidget` | [`WorkItemWidgetMilestoneInput`](#workitemwidgetmilestoneinput) | Input for milestone widget. |
| <a id="mutationworkitemcreatenamespacepath"></a>`namespacePath` | [`ID`](#id) | Full path of the namespace(project or group) the work item is created in. |
| <a id="mutationworkitemcreateprojectpath"></a>`projectPath` **{warning-solid}** | [`ID`](#id) | **Deprecated:** Please use namespace_path instead. That will cover for both projects and groups. Deprecated in GitLab 15.10. |
@ -37705,6 +37707,14 @@ Attributes for value stream stage.
| ---- | ---- | ----------- |
| <a id="workitemwidgetiterationinputiterationid"></a>`iterationId` | [`IterationID`](#iterationid) | Iteration to assign to the work item. |
### `WorkItemWidgetLabelsCreateInput`
#### Arguments
| Name | Type | Description |
| ---- | ---- | ----------- |
| <a id="workitemwidgetlabelscreateinputlabelids"></a>`labelIds` | [`[LabelID!]!`](#labelid) | IDs of labels to be added to the work item. |
### `WorkItemWidgetLabelsUpdateInput`
#### Arguments

BIN
doc/ci/environments/img/kubernetes_dashboard_deployments_v16_9.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 73 KiB

61
doc/ci/environments/kubernetes_dashboard.md
View File

@ -102,6 +102,65 @@ A dashboard displays one of the following status badges:
| **Unknown** | The sync status of the deployment couldn't be retrieved. |
| **Unavailable** | The `Kustomization` or `HelmRelease` resource couldn't be retrieved. |
## Detailed dashboard
> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/11351) in GitLab 16.4, [with a flag](../../administration/feature_flags.md) named `k8s_dashboard`. Disabled by default.
> - [Enabled on GitLab.com](https://gitlab.com/gitlab-org/gitlab/-/issues/424237) in GitLab 16.7 for a subset of users.
FLAG:
The availability of this feature is controlled by a feature flag.
For more information, see the history.
This feature is available for testing, but not ready for production use.
The detailed dashboard provides information about the following Kubernetes resources:
- Pods
- Services
- Deployments
- ReplicaSets
- StatefulSets
- DaemonSets
- Jobs
- CronJobs
Each dashboard displays a list of resources with their statuses, namespaces, and age.
You can select a resource to open a drawer with more information, including labels
and YAML-formatted status, annotations, and spec.
![Kubernetes dashboard UI](img/kubernetes_dashboard_deployments_v16_9.png)
Because of the focus shift described in [this issue](https://gitlab.com/gitlab-org/ci-cd/deploy-stage/environments-group/general/-/issues/53#note_1720060812), work on the detailed dashboard is paused.
To provide feedback on the detailed dashboard, see [issue 460279](https://gitlab.com/gitlab-org/gitlab/-/issues/460279).
### View a detailed dashboard
Prerequisites:
- A GitLab agent for Kubernetes is [configured](../../user/clusters/agent/install/index.md) and shared with the environment's project, or its parent group, using the [`user_access`](../../user/clusters/agent/user_access.md) keyword.
The detailed dashboard is not linked from the sidebar navigation.
To view a detailed dashboard:
1. Find your agent for Kubernetes ID:
1. On the left sidebar, select **Search or go to** and find your project.
1. Select **Operate > Kubernetes clusters**.
1. Copy the numerical ID of the agent you want to access.
1. Go to one of the following URLs, replacing `<agent_id>` with your agent ID:
| Resource type | URL |
| --- | --- |
| Pods | `https://myinstance.gitlab.com/-/kubernetes/<agent_id>/pods`|
| Services | `https://myinstance.gitlab.com/-/kubernetes/<agent_id>/services` |
| Deployments | `https://myinstance.gitlab.com/-/kubernetes/<agent_id>/deployments` |
| ReplicaSets | `https://myinstance.gitlab.com/-/kubernetes/<agent_id>/replicaSets` |
| StatefulSets | `https://myinstance.gitlab.com/-/kubernetes/<agent_id>/statefulSets` |
| DaemonSets | `https://myinstance.gitlab.com/-/kubernetes/<agent_id>/daemonSets` |
| Jobs | `https://myinstance.gitlab.com/-/kubernetes/<agent_id>/jobs` |
| CronJobs | `https://myinstance.gitlab.com/-/kubernetes/<agent_id>/cronJobs` |
The detailed dashboard is displayed.
## Troubleshooting
When working with the Dashboard for Kubernetes, you might encounter the following issues.
@ -114,7 +173,7 @@ This error happens when a user is not allowed to do the specified operation in t
To resolve, check your [RBAC configuration](../../user/clusters/agent/user_access.md#configure-kubernetes-access). If the RBAC is properly configured, contact your Kubernetes administrator.
## GitLab agent dropdown list is empty
### GitLab agent dropdown list is empty
When you configure a new environment, the **GitLab agent** dropdown list might be empty, even if you have configured Kubernetes clusters.

BIN
doc/integration/img/twitter_app_api_keys.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 24 KiB

BIN
doc/integration/img/twitter_app_details.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 39 KiB

41
doc/integration/omniauth.md
View File

@ -10,7 +10,7 @@ DETAILS:
**Tier:** Free, Premium, Ultimate
**Offering:** Self-managed
Users can sign in to GitLab by using their credentials from Google, GitHub, and other popular services.
Users can sign in to GitLab by using their credentials from Twitter, GitHub, and other popular services.
[OmniAuth](https://rubygems.org/gems/omniauth/) is the Rack framework that GitLab uses to provide this authentication.
When configured, additional sign-in options are displayed on the sign-in page.
@ -37,6 +37,7 @@ GitLab supports the following OmniAuth providers.
| [Salesforce](salesforce.md) | `salesforce` |
| [SAML](saml.md) | `saml` |
| [Shibboleth](shibboleth.md) | `shibboleth` |
| [Twitter](twitter.md) | `twitter` |
## Configure common settings
@ -62,9 +63,9 @@ To change the OmniAuth settings:
```ruby
# CAUTION!
# This allows users to sign in without having a user account first. Define the allowed providers
# using an array, for example, ["saml", "google_oauth2"], or as true/false to allow all providers or none.
# using an array, for example, ["saml", "twitter"], or as true/false to allow all providers or none.
# User accounts will be created automatically when authentication was successful.
gitlab_rails['omniauth_allow_single_sign_on'] = ['saml', 'google_oauth2']
gitlab_rails['omniauth_allow_single_sign_on'] = ['saml', 'twitter']
gitlab_rails['omniauth_auto_link_ldap_user'] = true
gitlab_rails['omniauth_block_auto_created_users'] = true
```
@ -90,7 +91,7 @@ To change the OmniAuth settings:
appConfig:
omniauth:
enabled: true
allowSingleSignOn: ['saml', 'google_oauth2']
allowSingleSignOn: ['saml', 'twitter']
autoLinkLdapUser: false
blockAutoCreatedUsers: true
```
@ -114,7 +115,7 @@ To change the OmniAuth settings:
gitlab:
environment:
GITLAB_OMNIBUS_CONFIG: |
gitlab_rails['omniauth_allow_single_sign_on'] = ['saml', 'google_oauth2']
gitlab_rails['omniauth_allow_single_sign_on'] = ['saml', 'twitter']
gitlab_rails['omniauth_auto_link_ldap_user'] = true
gitlab_rails['omniauth_block_auto_created_users'] = true
```
@ -132,15 +133,15 @@ To change the OmniAuth settings:
```yaml
## OmniAuth settings
omniauth:
# Allow sign-in by using Google, GitLab, etc. using OmniAuth providers
# Allow sign-in by using Twitter, Google, etc. using OmniAuth providers
# Versions prior to 11.4 require this to be set to true
# enabled: true
# CAUTION!
# This allows users to sign in without having a user account first. Define the allowed providers
# using an array, for example, ["saml", "google_oauth2"], or as true/false to allow all providers or none.
# using an array, for example, ["saml", "twitter"], or as true/false to allow all providers or none.
# User accounts will be created automatically when authentication was successful.
allow_single_sign_on: ["saml", "google_oauth2"]
allow_single_sign_on: ["saml", "twitter"]
auto_link_ldap_user: true
@ -236,13 +237,13 @@ users created with OmniAuth.
If you're an existing user, after your GitLab account is
created, you can activate an OmniAuth provider. For example, if you originally signed in with LDAP, you can enable an OmniAuth
provider like Google.
provider like Twitter.
1. Sign in to GitLab with your GitLab credentials, LDAP, or another OmniAuth provider.
1. On the left sidebar, select your avatar.
1. Select **Edit profile**.
1. On the left sidebar, select **Account**.
1. In the **Connected Accounts** section, select the OmniAuth provider, such as Google.
1. In the **Connected Accounts** section, select the OmniAuth provider, such as Twitter.
1. You are redirected to the provider. After you authorize GitLab,
you are redirected back to GitLab.
@ -292,21 +293,21 @@ omniauth:
You can automatically link OmniAuth users with existing GitLab users if their email addresses match.
The following example enables automatic linking
for the OpenID Connect provider and the Google OAuth provider.
for the OpenID Connect provider and the Twitter OAuth provider.
::Tabs
:::TabTitle Linux package (Omnibus)
```ruby
gitlab_rails['omniauth_auto_link_user'] = ["openid_connect", "google_oauth2"]
gitlab_rails['omniauth_auto_link_user'] = ["openid_connect", "twitter"]
```
:::TabTitle Self-compiled (source)
```yaml
omniauth:
auto_link_user: ["openid_connect", "google_oauth2"]
auto_link_user: ["openid_connect", "twitter"]
```
::EndTabs
@ -334,14 +335,14 @@ accounts are upgraded to full internal accounts.
:::TabTitle Linux package (Omnibus)
```ruby
gitlab_rails['omniauth_external_providers'] = ['saml', 'google_oauth2']
gitlab_rails['omniauth_external_providers'] = ['twitter', 'google_oauth2']
```
:::TabTitle Self-compiled (source)
```yaml
omniauth:
external_providers: ['saml', 'google_oauth2']
external_providers: ['twitter', 'google_oauth2']
```
::EndTabs
@ -408,7 +409,7 @@ When authenticating using LDAP, the user's name and email are always synced.
:::TabTitle Linux package (Omnibus)
```ruby
gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml', 'google_oauth2']
gitlab_rails['omniauth_sync_profile_from_provider'] = ['twitter', 'google_oauth2']
gitlab_rails['omniauth_sync_profile_attributes'] = ['name', 'email', 'location']
```
@ -416,7 +417,7 @@ gitlab_rails['omniauth_sync_profile_attributes'] = ['name', 'email', 'location']
```yaml
omniauth:
sync_profile_from_provider: ['saml', 'google_oauth2']
sync_profile_from_provider: ['twitter', 'google_oauth2']
sync_profile_attributes: ['email', 'location']
```
@ -432,7 +433,7 @@ account to bypass 2FA. Otherwise, they are prompted to set up 2FA when they sign
To bypass 2FA, you can either:
- Define the allowed providers using an array (for example, `['saml', 'google_oauth2']`).
- Define the allowed providers using an array (for example, `['twitter', 'google_oauth2']`).
- Specify `true` to allow all providers, or `false` to allow none.
This option should be configured only for providers that already have 2FA. The default is `false`.
@ -444,14 +445,14 @@ This configuration doesn't apply to SAML.
:::TabTitle Linux package (Omnibus)
```ruby
gitlab_rails['omniauth_allow_bypass_two_factor'] = ['saml', 'google_oauth2']
gitlab_rails['omniauth_allow_bypass_two_factor'] = ['twitter', 'google_oauth2']
```
:::TabTitle Self-compiled (source)
```yaml
omniauth:
allow_bypass_two_factor: ['saml', 'google_oauth2']
allow_bypass_two_factor: ['twitter', 'google_oauth2']
```
::EndTabs

108
doc/integration/twitter.md
View File

@ -4,12 +4,112 @@ group: Authentication
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
---
# Twitter OAuth 1.0a OmniAuth Provider (removed)
# Twitter OAuth 1.0a OmniAuth Provider (deprecated)
DETAILS:
**Tier:** Free, Premium, Ultimate
**Offering:** Self-managed
This feature was [deprecated](https://gitlab.com/gitlab-com/Product/-/issues/11417) in GitLab 16.3
and [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/420978) in 17.0.
Use [another supported OmniAuth provider](omniauth.md#supported-providers) instead.
<!--- start_remove The following content will be removed on remove_date: '2024-05-17' -->
WARNING:
This feature was [deprecated](https://gitlab.com/gitlab-com/Product/-/issues/11417) in GitLab 16.3 and is planned for removal in 17.0. Use [another supported OmniAuth provider](omniauth.md#supported-providers) instead. This change is a breaking change.
<!--- end_remove -->
NOTE:
Twitter OAuth 2.0 support is [not supported](https://gitlab.com/gitlab-org/gitlab/-/issues/366213).
To enable the Twitter OmniAuth provider you must register your application with
Twitter. Twitter generates a client ID and secret key for you to use.
## Create a new Twitter application
1. Sign in to [Twitter Application Management](https://developer.twitter.com/apps).
1. Select **Create new app**.
1. Fill in the application details.
- **Name**: This can be anything. Consider something like `<Organization>'s GitLab`, `<Your Name>'s GitLab` or
something else descriptive.
- **Description**: Create a description.
- **Website**: The URL to your GitLab installation. For example, `https://gitlab.example.com`
- **Callback URL**: `https://gitlab.example.com/users/auth/twitter/callback`
- **Developer Agreement**: Select **Yes, I agree**.
![Twitter App Details](img/twitter_app_details.png)
1. Select **Create your Twitter application**.
## Configure the application settings
1. Select the **Settings** tab.
1. Underneath the **Callback URL**, select the **Allow this application to be used to Sign in with Twitter** checkbox.
1. Select **Update settings** to save the changes.
1. Select the **Keys and Access Tokens** tab.
1. Find your **API key** and **API secret**. Keep this tab open as you continue configuration.
![Twitter app](img/twitter_app_api_keys.png)
## Configure your application on the GitLab server
1. On your GitLab server, open the configuration file.
For Linux package installations:
```shell
sudo editor /etc/gitlab/gitlab.rb
```
For self-compiled installations:
```shell
cd /home/git/gitlab
sudo -u git -H editor config/gitlab.yml
```
1. Configure the [common settings](omniauth.md#configure-common-settings)
to add `twitter` as a single sign-on provider. This enables Just-In-Time
account provisioning for users who do not have an existing GitLab account.
1. Add the provider configuration.
For Linux package installations:
```ruby
gitlab_rails['omniauth_providers'] = [
{
name: "twitter",
# label: "Provider name", # optional label for login button, defaults to "Twitter"
app_id: "<your_api_key>",
app_secret: "<your_api_secret>"
}
]
```
For self-compiled installations:
```yaml
- { name: 'twitter',
# label: 'Provider name', # optional label for login button, defaults to "Twitter"
app_id: '<your_api_key>',
app_secret: '<your_api_secret>' }
```
1. Change `<your_api_key>` to the API key from the Twitter **Keys and Access Tokens** tab.
1. Change `<your_api_secret>` to the API secret from the Twitter **Keys and Access Tokens** tab.
1. Save the configuration file.
1. For the changes to take effect:
- For Linux package installations, [reconfigure GitLab](../administration/restart_gitlab.md#reconfigure-a-linux-package-installation).
- For self-compiled installations, [restart GitLab](../administration/restart_gitlab.md#self-compiled-installations).
On the sign-in page, find the Twitter option below the regular sign-in form. Select the option to begin the authentication process. Twitter asks you to sign in and authorize the GitLab application. After authorization,
you are returned to GitLab and signed in.

2
lib/gitlab/usage_data_counters/total_counter_redis_key_overrides.yml
View File

@ -24,3 +24,5 @@
'{event_counters}_delete_wiki_page': USAGE_WIKI_PAGES_DELETE
'{event_counters}_update_wiki_page': USAGE_WIKI_PAGES_UPDATE
'{event_counters}_view_wiki_page': USAGE_WIKI_PAGES_VIEW
'{event_counters}_click_full_report_license_compliance': USAGE_USERS_VISITING_TESTING_LICENSE_COMPLIANCE_FULL_REPORT
'{event_counters}_click_external_link_license_compliance': USAGE_USERS_CLICKING_LICENSE_TESTING_VISITING_EXTERNAL_WEBSITE

5
scripts/verify-tff-mapping
View File

@ -52,11 +52,6 @@ tests = [
spec/lib/gitlab/usage_data_counters/web_ide_counter_spec.rb
]
},
{
explanation: 'EE usage counters map to usage data spec',
changed_file: 'ee/lib/gitlab/usage_data_counters/license_testing_counter.rb',
expected: ['spec/lib/gitlab/usage_data_spec.rb']
},
{
explanation: 'https://gitlab.com/gitlab-org/quality/engineering-productivity/master-broken-incidents/-/issues/54#note_1160811638',

2
spec/features/oauth_login_spec.rb
View File

@ -15,7 +15,7 @@ RSpec.describe 'OAuth Login', :allow_forgery_protection, feature_category: :syst
stub_omniauth_provider(provider)
end
providers = [:github, :bitbucket, :gitlab, :google_oauth2,
providers = [:github, :twitter, :bitbucket, :gitlab, :google_oauth2,
:auth0, :salesforce, :alicloud]
around do |example|

1
spec/features/registrations/oauth_registration_spec.rb
View File

@ -16,6 +16,7 @@ RSpec.describe 'OAuth Registration', :js, :allow_forgery_protection, feature_cat
where(:provider, :additional_info) do
:github | {}
:twitter | {}
:bitbucket | {}
:gitlab | {}
:google_oauth2 | {}

9
spec/graphql/types/work_items/widgets/labels_create_input_type_spec.rb Normal file
View File

@ -0,0 +1,9 @@
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe ::Types::WorkItems::Widgets::LabelsCreateInputType, feature_category: :team_planning do
it { expect(described_class.graphql_name).to eq('WorkItemWidgetLabelsCreateInput') }
it { expect(described_class.arguments.keys).to contain_exactly('labelIds') }
end

93
spec/requests/api/graphql/mutations/work_items/create_spec.rb
View File

@ -241,6 +241,99 @@ RSpec.describe 'Create a work item', feature_category: :team_planning do
end
end
end
context 'with assignee widget input' do
let(:widgets_response) { mutation_response['workItem']['widgets'] }
let(:fields) do
<<~FIELDS
workItem {
widgets {
type
... on WorkItemWidgetAssignees {
assignees {
nodes {
id
username
}
}
}
}
}
errors
FIELDS
end
context 'when setting assignee on work item creation' do
let_it_be(:assignee) { create(:user, developer_of: project) }
let(:input) do
{
title: 'some WI',
workItemTypeId: WorkItems::Type.default_by_type(:task).to_gid.to_s,
assigneesWidget: { 'assigneeIds' => assignee.to_gid.to_s }
}
end
it "sets the work item's assignee" do
expect do
post_graphql_mutation(mutation, current_user: current_user)
end.to change(WorkItem, :count).by(1)
expect(response).to have_gitlab_http_status(:success)
expect(widgets_response).to include(
{
'assignees' => { 'nodes' => [{ 'id' => assignee.to_gid.to_s, 'username' => assignee.username }] },
'type' => 'ASSIGNEES'
}
)
end
end
end
context 'with labels widget input' do
let(:widgets_response) { mutation_response['workItem']['widgets'] }
let(:fields) do
<<~FIELDS
workItem {
widgets {
type
... on WorkItemWidgetLabels {
labels {
nodes { id }
}
}
}
}
errors
FIELDS
end
context 'when setting labels on work item creation' do
let_it_be(:label1) { create(:group_label, group: group) }
let_it_be(:label2) { create(:group_label, group: group) }
let(:label_ids) { [label1.to_gid.to_s, label2.to_gid.to_s] }
let(:input) do
{
title: 'some WI',
workItemTypeId: WorkItems::Type.default_by_type(:task).to_gid.to_s,
labelsWidget: { labelIds: label_ids }
}
end
it "sets the work item's labels" do
expect do
post_graphql_mutation(mutation, current_user: current_user)
end.to change(WorkItem, :count).by(1)
expect(response).to have_gitlab_http_status(:success)
expect(mutation_response['workItem']['widgets']).to include(
'labels' => { 'nodes' => label_ids.map { |l| { 'id' => l } } },
'type' => 'LABELS'
)
end
end
end
end
context 'the user is not allowed to create a work item' do

44
spec/services/work_items/callbacks/assignees_spec.rb
View File

@ -13,17 +13,13 @@ RSpec.describe WorkItems::Callbacks::Assignees, :freeze_time, feature_category:
let(:current_user) { reporter }
let(:params) { { assignee_ids: [new_assignee.id] } }
let(:service) { described_class.new(issuable: work_item, current_user: current_user, params: params) }
describe '#before_update' do
let(:service) { described_class.new(issuable: work_item, current_user: current_user, params: params) }
subject(:before_update_callback) { service.before_update }
it 'updates the assignees and sets updated_at to the current time' do
before_update_callback
shared_examples 'assignee callback' do
it 'updates the assignees' do
assignees_callback
expect(work_item.assignee_ids).to contain_exactly(new_assignee.id)
expect(work_item.updated_at).to be_like_time(Time.current)
end
context 'when passing an empty array' do
@ -34,10 +30,9 @@ RSpec.describe WorkItems::Callbacks::Assignees, :freeze_time, feature_category:
end
it 'removes existing assignees' do
before_update_callback
assignees_callback
expect(work_item.assignee_ids).to be_empty
expect(work_item.updated_at).to be_like_time(Time.current)
end
end
@ -45,10 +40,9 @@ RSpec.describe WorkItems::Callbacks::Assignees, :freeze_time, feature_category:
let(:current_user) { create(:user) }
it 'does not update the assignees' do
before_update_callback
assignees_callback
expect(work_item.assignee_ids).to be_empty
expect(work_item.updated_at).to be_like_time(1.day.ago)
end
end
@ -61,10 +55,9 @@ RSpec.describe WorkItems::Callbacks::Assignees, :freeze_time, feature_category:
end
it 'sets all the given assignees' do
before_update_callback
assignees_callback
expect(work_item.assignee_ids).to contain_exactly(new_assignee.id, reporter.id)
expect(work_item.updated_at).to be_like_time(Time.current)
end
end
@ -74,10 +67,9 @@ RSpec.describe WorkItems::Callbacks::Assignees, :freeze_time, feature_category:
end
it 'only sets the first assignee' do
before_update_callback
assignees_callback
expect(work_item.assignee_ids).to contain_exactly(new_assignee.id)
expect(work_item.updated_at).to be_like_time(Time.current)
end
end
end
@ -86,10 +78,9 @@ RSpec.describe WorkItems::Callbacks::Assignees, :freeze_time, feature_category:
let(:params) { { assignee_ids: [create(:user).id] } }
it 'does not set the assignee' do
before_update_callback
assignees_callback
expect(work_item.assignee_ids).to be_empty
expect(work_item.updated_at).to be_like_time(1.day.ago)
end
end
@ -99,10 +90,9 @@ RSpec.describe WorkItems::Callbacks::Assignees, :freeze_time, feature_category:
end
it 'does not touch updated_at' do
before_update_callback
assignees_callback
expect(work_item.assignee_ids).to contain_exactly(new_assignee.id)
expect(work_item.updated_at).to be_like_time(1.day.ago)
end
end
@ -115,10 +105,22 @@ RSpec.describe WorkItems::Callbacks::Assignees, :freeze_time, feature_category:
end
it "resets the work item's assignees" do
before_update_callback
assignees_callback
expect(work_item.assignee_ids).to be_empty
end
end
end
describe '#before_create' do
subject(:assignees_callback) { service.before_create }
it_behaves_like 'assignee callback'
end
describe '#before_update' do
subject(:assignees_callback) { service.before_update }
it_behaves_like 'assignee callback'
end
end

31
spec/services/work_items/update_service_spec.rb
View File

@ -563,6 +563,37 @@ RSpec.describe WorkItems::UpdateService, feature_category: :team_planning do
end
end
end
context 'for assignees widget' do
let_it_be(:assignee) { create(:user, developer_of: project) }
let(:widget_params) { { assignees_widget: { assignee_ids: [assignee.id] } } }
it 'updates assignees of the work item' do
expect do
update_work_item
work_item.reload
end.to change(work_item, :assignees).from([developer]).to([assignee]).and change(work_item, :updated_at)
end
it_behaves_like 'publish WorkItems::WorkItemUpdatedEvent event',
attributes: %w[
updated_at
updated_by_id
],
widgets: %w[
assignees_widget
]
context 'when work item validation fails' do
let(:opts) { { title: '' } }
it 'does not update assignees and returns validation errors' do
expect(update_work_item[:message]).to contain_exactly("Title can't be blank")
expect(work_item.reload.assignees).to contain_exactly(developer)
end
end
end
end
describe 'label updates' do

1
spec/support/rspec_order_todo.yml
View File

@ -2104,7 +2104,6 @@
- './ee/spec/requests/api/submodules_spec.rb'
- './ee/spec/requests/api/templates_spec.rb'
- './ee/spec/requests/api/todos_spec.rb'
- './ee/spec/requests/api/usage_data_spec.rb'
- './ee/spec/requests/api/users_spec.rb'
- './ee/spec/requests/api/vulnerabilities_spec.rb'
- './ee/spec/requests/api/vulnerability_exports_spec.rb'