From 17b492274d1071f9dce56d1a3f2d57c94c38e709 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Thu, 7 Jul 2022 18:09:40 +0000 Subject: [PATCH] Add latest changes from gitlab-org/gitlab@master --- .dockerignore | 10 +- .../projects/merge_requests_controller.rb | 1 + app/policies/merge_request_policy.rb | 2 +- app/views/profiles/accounts/show.html.haml | 8 +- ...delayed_project_import_schedule_worker.yml | 8 -- doc/administration/operations/puma.md | 90 ++++++++++++++++++ doc/administration/troubleshooting/debug.md | 88 ----------------- doc/api/graphql/reference/index.md | 3 +- doc/ci/runners/saas/macos_saas_runner.md | 2 + doc/integration/github.md | 2 +- doc/integration/kerberos.md | 4 +- .../group/saml_sso/img/unlink_group_saml.png | Bin 9399 -> 0 bytes doc/user/group/saml_sso/index.md | 4 +- doc/user/project/import/bitbucket.md | 6 +- locale/gitlab.pot | 16 ++-- qa/Dockerfile | 3 +- spec/features/invites_spec.rb | 2 +- spec/features/profiles/account_spec.rb | 2 +- spec/policies/merge_request_policy_spec.rb | 62 ++++++++++-- 19 files changed, 178 insertions(+), 135 deletions(-) delete mode 100644 config/feature_flags/development/delayed_project_import_schedule_worker.yml delete mode 100644 doc/user/group/saml_sso/img/unlink_group_saml.png diff --git a/.dockerignore b/.dockerignore index b2aef4d31cd..e145f368cb1 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,9 +1,9 @@ # `build_from_dir` can't find Dockerfile when `.dockerignore` is "*" # See https://github.com/swipely/docker-api/issues/484 -# Ignore all folders except qa/, config/initializers and the root of lib/ since -# the files we need to build the QA image are in these folders. -# Following are the files we need: +# Ignore all folders except the following files we need to build the QA image: # - ./config/initializers/0_inject_enterprise_edition_module.rb +# - ./config/feature_flags +# - ./ee/config/feature_flags # - ./ee/app/models/license.rb # - ./lib/gitlab_edition.rb # - ./lib/gitlab/utils.rb @@ -28,7 +28,9 @@ /docker/ /ee/bin/ /ee/changelogs/ -/ee/config/ +/ee/config/events/ +/ee/config/metrics/ +/ee/config/routes/ /ee/db/ /ee/fixtures/ /ee/lib/ diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb index 5dafc941f72..6794278eb96 100644 --- a/app/controllers/projects/merge_requests_controller.rb +++ b/app/controllers/projects/merge_requests_controller.rb @@ -87,6 +87,7 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo :rebase, :discussions, :pipelines, + :coverage_reports, :test_reports, :codequality_mr_diff_reports, :codequality_reports, diff --git a/app/policies/merge_request_policy.rb b/app/policies/merge_request_policy.rb index 96002d98afe..bda327cb661 100644 --- a/app/policies/merge_request_policy.rb +++ b/app/policies/merge_request_policy.rb @@ -14,7 +14,7 @@ class MergeRequestPolicy < IssuablePolicy prevent :accept_merge_request end - rule { can?(:update_merge_request) }.policy do + rule { can?(:update_merge_request) & is_project_member }.policy do enable :approve_merge_request end diff --git a/app/views/profiles/accounts/show.html.haml b/app/views/profiles/accounts/show.html.haml index de09e78c695..cdd5a9ae7a1 100644 --- a/app/views/profiles/accounts/show.html.haml +++ b/app/views/profiles/accounts/show.html.haml @@ -17,9 +17,9 @@ .row.gl-mt-3.js-search-settings-section .col-lg-4.profile-settings-sidebar %h4.gl-mt-0 - = s_('Profiles|Two-Factor Authentication') + = s_('Profiles|Two-factor authentication') %p - = s_("Profiles|Increase your account's security by enabling Two-Factor Authentication (2FA)") + = s_("Profiles|Increase your account's security by enabling two-factor authentication (2FA).") .col-lg-8 %p #{_('Status')}: #{current_user.two_factor_enabled? ? _('Enabled') : _('Disabled')} @@ -35,9 +35,9 @@ .row.gl-mt-3.js-search-settings-section .col-lg-4.profile-settings-sidebar %h4.gl-mt-0 - = s_('Profiles|Social sign-in') + = s_('Profiles|Service sign-in') %p - = s_('Profiles|Activate signin with one of the following services') + = s_('Profiles|Connect a service for sign-in.') .col-lg-8 = render 'providers', providers: button_based_providers, group_saml_identities: local_assigns[:group_saml_identities] .col-lg-12 diff --git a/config/feature_flags/development/delayed_project_import_schedule_worker.yml b/config/feature_flags/development/delayed_project_import_schedule_worker.yml deleted file mode 100644 index cdf42fbb8ec..00000000000 --- a/config/feature_flags/development/delayed_project_import_schedule_worker.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -name: delayed_project_import_schedule_worker -introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/87438 -rollout_issue_url: https://gitlab.com/gitlab-com/gl-infra/scalability/-/issues/1681 -milestone: '15.0' -type: development -group: group::scalability -default_enabled: false diff --git a/doc/administration/operations/puma.md b/doc/administration/operations/puma.md index 0025ca109e5..6b4577ad651 100644 --- a/doc/administration/operations/puma.md +++ b/doc/administration/operations/puma.md @@ -279,6 +279,96 @@ To switch from Unicorn to Puma: 1. Optional. For multi-node deployments, configure the load balancer to use the [readiness check](../load_balancer.md#readiness-check). +## Troubleshooting Puma + +### 502 Gateway Timeout after Puma spins at 100% CPU + +This error occurs when the Web server times out (default: 60 s) after not +hearing back from the Puma worker. If the CPU spins to 100% while this is in +progress, there may be something taking longer than it should. + +To fix this issue, we first need to figure out what is happening. The +following tips are only recommended if you do not mind users being affected by +downtime. Otherwise, skip to the next section. + +1. Load the problematic URL +1. Run `sudo gdb -p ` to attach to the Puma process. +1. In the GDB window, type: + + ```plaintext + call (void) rb_backtrace() + ``` + +1. This forces the process to generate a Ruby backtrace. Check + `/var/log/gitlab/puma/puma_stderr.log` for the backtrace. For example, you may see: + + ```plaintext + from /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/metrics/sampler.rb:33:in `block in start' + from /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/metrics/sampler.rb:33:in `loop' + from /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/metrics/sampler.rb:36:in `block (2 levels) in start' + from /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/metrics/sampler.rb:44:in `sample' + from /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/metrics/sampler.rb:68:in `sample_objects' + from /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/metrics/sampler.rb:68:in `each_with_object' + from /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/metrics/sampler.rb:68:in `each' + from /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/metrics/sampler.rb:69:in `block in sample_objects' + from /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/metrics/sampler.rb:69:in `name' + ``` + +1. To see the current threads, run: + + ```plaintext + thread apply all bt + ``` + +1. Once you're done debugging with `gdb`, be sure to detach from the process and exit: + + ```plaintext + detach + exit + ``` + +GDB reports an error if the Puma process terminates before you can run these commands. +To buy more time, you can always raise the +Puma worker timeout. For omnibus users, you can edit `/etc/gitlab/gitlab.rb` and +increase it from 60 seconds to 600: + +```ruby +gitlab_rails['env'] = { + 'GITLAB_RAILS_RACK_TIMEOUT' => 600 +} +``` + +For source installations, set the environment variable. +Refer to [Puma Worker timeout](../operations/puma.md#change-the-worker-timeout). + +[Reconfigure](../restart_gitlab.md#omnibus-gitlab-reconfigure) GitLab for the changes to take effect. + +#### Troubleshooting without affecting other users + +The previous section attached to a running Puma process, which may have +undesirable effects on users trying to access GitLab during this time. If you +are concerned about affecting others during a production system, you can run a +separate Rails process to debug the issue: + +1. Log in to your GitLab account. +1. Copy the URL that is causing problems (for example, `https://gitlab.com/ABC`). +1. Create a Personal Access Token for your user (User Settings -> Access Tokens). +1. Bring up the [GitLab Rails console.](../operations/rails_console.md#starting-a-rails-console-session) +1. At the Rails console, run: + + ```ruby + app.get '/?private_token=' + ``` + + For example: + + ```ruby + app.get 'https://gitlab.com/gitlab-org/gitlab-foss/-/issues/1?private_token=123456' + ``` + +1. In a new window, run `top`. It should show this Ruby process using 100% CPU. Write down the PID. +1. Follow step 2 from the previous section on using GDB. + ## Related topics - [Use a dedicated metrics server to export web metrics](../monitoring/prometheus/puma_exporter.md) diff --git a/doc/administration/troubleshooting/debug.md b/doc/administration/troubleshooting/debug.md index 53c71996493..13eef59fdbb 100644 --- a/doc/administration/troubleshooting/debug.md +++ b/doc/administration/troubleshooting/debug.md @@ -166,94 +166,6 @@ in Omnibus, run as root: Many of the tips to diagnose issues below apply to many different situations. We use one concrete example to illustrate what you can do to learn what is going wrong. -### 502 Gateway Timeout after Unicorn spins at 100% CPU - -This error occurs when the Web server times out (default: 60 s) after not -hearing back from the Unicorn worker. If the CPU spins to 100% while this in -progress, there may be something taking longer than it should. - -To fix this issue, we first need to figure out what is happening. The -following tips are only recommended if you do not mind users being affected by -downtime. Otherwise skip to the next section. - -1. Load the problematic URL -1. Run `sudo gdb -p ` to attach to the Puma process. -1. In the GDB window, type: - - ```plaintext - call (void) rb_backtrace() - ``` - -1. This forces the process to generate a Ruby backtrace. Check - `/var/log/gitlab/puma/puma_stderr.log` for the backtrace. For example, you may see: - - ```plaintext - from /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/metrics/sampler.rb:33:in `block in start' - from /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/metrics/sampler.rb:33:in `loop' - from /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/metrics/sampler.rb:36:in `block (2 levels) in start' - from /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/metrics/sampler.rb:44:in `sample' - from /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/metrics/sampler.rb:68:in `sample_objects' - from /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/metrics/sampler.rb:68:in `each_with_object' - from /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/metrics/sampler.rb:68:in `each' - from /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/metrics/sampler.rb:69:in `block in sample_objects' - from /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/metrics/sampler.rb:69:in `name' - ``` - -1. To see the current threads, run: - - ```plaintext - thread apply all bt - ``` - -1. Once you're done debugging with `gdb`, be sure to detach from the process and exit: - - ```plaintext - detach - exit - ``` - -If the Puma process terminates before you are able to run these -commands, GDB reports an error. To buy more time, you can always raise the -Puma worker timeout. For omnibus users, you can edit `/etc/gitlab/gitlab.rb` and -increase it from 60 seconds to 600: - -```ruby -gitlab_rails['env'] = { - 'GITLAB_RAILS_RACK_TIMEOUT' => 600 -} -``` - -For source installations, set the environment variable. -Refer to [Puma Worker timeout](../operations/puma.md#change-the-worker-timeout). - -[Reconfigure](../restart_gitlab.md#omnibus-gitlab-reconfigure) GitLab for the changes to take effect. - -#### Troubleshooting without affecting other users - -The previous section attached to a running Unicorn process, and this may have -undesirable effects for users trying to access GitLab during this time. If you -are concerned about affecting others during a production system, you can run a -separate Rails process to debug the issue: - -1. Log in to your GitLab account. -1. Copy the URL that is causing problems (for example, `https://gitlab.com/ABC`). -1. Create a Personal Access Token for your user (User Settings -> Access Tokens). -1. Bring up the [GitLab Rails console.](../operations/rails_console.md#starting-a-rails-console-session) -1. At the Rails console, run: - - ```ruby - app.get '/?private_token=' - ``` - - For example: - - ```ruby - app.get 'https://gitlab.com/gitlab-org/gitlab-foss/-/issues/1?private_token=123456' - ``` - -1. In a new window, run `top`. It should show this Ruby process using 100% CPU. Write down the PID. -1. Follow step 2 from the previous section on using GDB. - ### GitLab: API is not accessible This often occurs when GitLab Shell attempts to request authorization via the diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md index 4dcae2ccc4c..1e63f3fdb04 100644 --- a/doc/api/graphql/reference/index.md +++ b/doc/api/graphql/reference/index.md @@ -5481,7 +5481,8 @@ Input type: `VulnerabilityFindingDismissInput` | `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | | `comment` | [`String`](#string) | Comment why finding should be dismissed. | | `dismissalReason` | [`VulnerabilityDismissalReason`](#vulnerabilitydismissalreason) | Reason why finding should be dismissed. | -| `id` | [`VulnerabilitiesFindingID!`](#vulnerabilitiesfindingid) | ID of the finding to be dismissed. | +| `id` **{warning-solid}** | [`VulnerabilitiesFindingID`](#vulnerabilitiesfindingid) | **Deprecated:** Use `uuid`. Deprecated in 15.2. | +| `uuid` | [`String`](#string) | UUID of the finding to be dismissed. | #### Fields diff --git a/doc/ci/runners/saas/macos_saas_runner.md b/doc/ci/runners/saas/macos_saas_runner.md index 65404c89f9a..2f61a74a06c 100644 --- a/doc/ci/runners/saas/macos_saas_runner.md +++ b/doc/ci/runners/saas/macos_saas_runner.md @@ -18,6 +18,8 @@ CI/CD minutes used on GitLab SaaS macOS runners are included in your CI/CD minut Refer to the CI/CD minutes [cost factor](../../../ci/pipelines/cicd_minutes.md#cost-factor) for the cost factor applied to the GitLab SaaS macOS runners. +Jobs handled by macOS shared runners on GitLab.com **time out after 2 hours**, regardless of the timeout configured in a project. + ## Access request process While in limited availability, to run CI jobs on the macOS runners, GitLab SaaS customer namespaces must be explicitly added to the macOS `allow-list`. Customers who participated in the beta have already been added. diff --git a/doc/integration/github.md b/doc/integration/github.md index 3c14e8db4de..3011155f825 100644 --- a/doc/integration/github.md +++ b/doc/integration/github.md @@ -218,4 +218,4 @@ To fix this issue, you must activate GitHub sign-in in GitLab: 1. On the top bar, in the top right corner, select your avatar. 1. Select **Edit profile**. 1. On the left sidebar, select **Account**. -1. In the **Social sign-in** section, select **Connect to GitHub**. +1. In the **Service sign-in** section, select **Connect to GitHub**. diff --git a/doc/integration/kerberos.md b/doc/integration/kerberos.md index 78c92631e4f..257ba4e6708 100644 --- a/doc/integration/kerberos.md +++ b/doc/integration/kerberos.md @@ -125,8 +125,8 @@ If you're not an administrator: 1. In the top-right corner, select your avatar. 1. Select **Edit profile**. 1. On the left sidebar, select **Account**. -1. In the **Social sign-in** section, select **Connect Kerberos SPNEGO**. - If you don't see a **Social sign-in** Kerberos option, follow the +1. In the **Service sign-in** section, select **Connect Kerberos SPNEGO**. + If you don't see a **Service sign-in** Kerberos option, follow the requirements in [Enable single sign-on](#enable-single-sign-on). In either case, you should now be able to sign in to your GitLab account diff --git a/doc/user/group/saml_sso/img/unlink_group_saml.png b/doc/user/group/saml_sso/img/unlink_group_saml.png deleted file mode 100644 index 9d53a9bf407eedfc89bf0231116a4af1a31871d6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9399 zcmbVx2RNH=+qYRoOQ~HWrL}6tj=e{WicOV-AXX4tX=_ufRMel^tCk52RR@; zM4*mH7+fUK!;63-B2rKe^nyCL!F>TRxHH02k$bbLl^cL?ROGghG7vNHQir=Bbb@{0 zCc%cL4#92?a*o`}N&tmG5J7TpA=P1_A;Be_q@K zYd(%nAc%(6pSB1qMQ#^gUoViTXh1-KNPvV0(#Kg;Tux3-R17Ez1PT)n!l)omUudAP zCyM7U4H|HigAc;X7lHHy{MHDCA^m(6xe1>BD+G8T;{WLNME#j3LdHaYOGL#*#C`|$ zN3KTrIAMf|a*Glo68+ume*`D`-{bz5?B52%UvR>-`Az;k z<_L?w2PNE-pxTEp21VXXsSrjerI(Hsiin8m_V1fm7jkQhh=`QvuD+=z9*oS*+r;1jN;r6t1d3q1ZDk3T*>!Q&4pNJ;Sci=7KRF$o18e|DLY zlKLtw{$lIeHF|9S4<>SAA7ioIogEft#`B8{K7Iija#CVaT6!KaVsf@)JRZQsdA|Mq z`#zpq5w^4V>87ys#>NKwZGPr!)R*Zvcvu*3>$;)SGbVTN-br;*`fyR6>zGKVi}Mr4 z8#fR4_XPO>f-IDFP^hdZ-}L0PzFTxndX$`k68Uxh7^E=|9jT#9Xk%le3iMH4`*&fH zI~z0YM?335NI3p*g;*PVPm#|)s4gt0SBLv5BdWI+lRyKaa8^=5Q2jWWl_=^>nC@hi8D_slc{a=gOA+Yuj{p~F+A|g`w z-RZQFMl*TQ&9T~$XU+10H;la#qg`~I4P@s!3Oh!ZmS%86qch6`uP=@^6T=+7Hlzzd ze6xbhM;ErppznK&<7$VNyq=bnl)knNOj^Fc_vVI0=hjB0mu@V6UEMu)4#_bUxG~fB z_Go=dN0_~Dewz_!nI7$haB@uXHZ*he;g-GIkQwqmKe{9_prp3Nt!VP=mqGm5H&b(K zbnQfQ&vf1R?(sSPwy0Web#L3umZob8KZoG+xKL|ZMkT9|l(ON)u@9PZcZwUoXsgJ# zR=kKS>@oFw9+UX=5~C!pqxxXJ(^;LHO+e2?Plf1im6SdzJjln@T;*cr!^YCjs;cVY z>E*(~9n<)(+V?NpI^y!19T(UFnAw)Q&f zOH4(mUN?PYqvsrIEDVWEP)hl18#Em8!-HDkb)+ADxN{PFU1 zk@wwEY{Eo85TEdHs)gy7=oJkJ+y4)c> zweL*ghDcZD;c>fMpWHdcnjcxkN-lk(XxQZlkF_7YmFu;FNRm5NcU#KT9`zJII_6!m%pE zvM{Y#>DB#m=*|b87Cm;QBLk7s*smvgpOyPh4rFR23m(DCS$WY0AuBx@=#uSj=;o+| zIFE2T8oJ(BOe6J8(SBtuvK{#PS4bE|@peUE-EUV{@NP?TfAfRSQgsxPPvE zDgSn#{rqUVlvhy`V{%S*>xA=>0(V+3UqTBewV3V2ZU=55z;s|GLu4Y=A+(dn|-e{`A%$SEJZ9x{BRP!Yhk z>Z2Fi0y-NX?(_}2c?TY&Qx?0?R@bs}iFZ8}f@1gz=~1ZqCORyvwcA4eaLZ3sMd2{Y z4(PwXAT5rtk&yl3J|C=_xf|~=t>YyZfjaS?+JisrCM{mBgLs+ng$*@q&nCAl-{EBs z?KGnQ?)QZa>6*q2%OG`QPVx~lXt)sw9=TY0|EiSoU5SG@b7<@kKsRsRrxz(b`sqGz z*sofYWkG;2t1BX;mC|7YM;xg~#lZOC;2uZuu#AFnq_9Q^e6y?ENiH4LmqHm~e#42U zPkw#uK6SrUL&x_`f!iOI8`F4g0;K4GWM9N$24iGV4$HBWnqP5Dn(@{at)KEf{v+dfLp4}ewV17WwaZf3U<4KWp}dF;<^XXyA` z8p`-=qOKbzCff%!Eq##?zJVbxJg6`zbYD4fEc_Jod9M6!jsDYdEKI8GNGXH49G0M5 zc$eBh?htDJFfLXvo~r?a%NKO_8++~*Kqpu|vMRt_X3EN|8LelRs0ZJ^g!?SM8@))s zm=M&vnZ3Zlr4Q9lf{HP2~m_vRcU-Y89syF zxXzoIaNue){IbjvpAX$DD<*eMs&$gw-!>Ua!QPv^o}|f!WBS}8F}?PjGKQ>ZI(!01G7ZQc&HLK1;4u`2q|bT>}Z}PC1P^0`%AH-I$uYl)ExxW z9k6CU6f&NdNkpoP?WaUeSlfklDK}^xKliQZx(1F5h#G~woaJ#vxS0=q>k5P{?`UZqmv5DK zqUdZ}qpp&6!=S)b2^jHFARIFFbn~8dLqOL?<(<^wkuEuqI`a~Uzc@y87`$HCU!xiCDq{jFHKKmh0 zL+C3w@l~rndI;QEvSjQE43tM#3#qGZI5Na`xC_b_HdqB<`w|7)+1DKi@|TJZlWT@;n)n zdL76HQtsY72~A$QZ}A=dAX}&`X2cM$hy8^TLwx=*zNL~JmB5)3X&GOLH_pUj`8S94 zIYYs^pCWi)P5E{2Ci*KaJmqB&3&@}hZP#?gHs6n_R>LH7xnf-cim4pVES&4@5m4eJtk(U)}x|V))p%^{Elb?N$PxLRLgW2^lJ@UP&OSc*%N1*oQ0i?zZ~LgSM!8*29nEH0hWD9rubFH*sTP7XZYMv!d1DDhEl=Pd9q5q@I?lbvJ5q2;ESmV z{ei{t2>NXI7{@BnyuC5iSzMi7mrCbrgwd$FFvhH!s8KAv5afa|=cup~UBV zOzj~nUf`uin96X+F%VZlz}S-f&Y{Oc2s-%qiOz`n6U^MrlZjpA8POCj^dfWaX}}Mq z*|S`{{^qI62qY}~eqe`i;&UyuBog_qpNG3J(yIB`T<~x*jwz^-FH3suV0;O@zNls;iTDaIj-HXnn9y}BiEq6{>LVN-Z;GC@(7m;BxH}6%w8EC6} zYE(1!>IQVBca>5olw%Qx7gM>lBPQ0m*ERg@d^&WPuKG=l9@I}dP`Swgm~(|UC~@_m z^F#290`%q*yXD1)$WF}%iLJICFS1`)B8O?~B$*dP1Cr)EdOX50$K*MFp7%-zSt!vY z_@?GPbR3+4_!6s|qTXtu{PVi*8;;$DXX=zVi-nEBjxaICXW)+**n6&^CD|RI-H}Xq5yr_;$9+=$)I&3D$g#nr3?2hT}*5;bUZq zxaPPkR9PjvS+{U%4|6hW#h~9wbJW1?wD>}fL{K##a1Re^`n; zB!67>=|%MwTKnf&QG10&EO~;OAdjZ&BB%|JVIErnORJ#fUH-jQRTX7K{Pt@I6;&zZ z_vf$sf0F;?#CsRv;2E>~nQQS-S$O#|REpaY%7Iq!mMEj*M%|d;Soh`}esM+izmDut8bT5wXls8Conz9Y)kA=#Q z-^kxl7N|_>9OUUO{!s?ytKK?Z)1!DNY5QoMwU5Xdo%Cr%af~!u*Mk}u?76YUsX0I# zIvBvy(MbH$Gx#c=f1Ww}_N$ky6oQHi-Cz6#2YPjgwx52u3rWF{tc?P6X!?QZ{&rfK z?EHOXQvCyzZ?{jP3iZ#|F}3?)$@wsvR;66Vcpw@j%EOoc`2mw~+eM)6eN(r9Z*=!& zKDg2>TzSmG!TwU6B%oRof3y-4cj>%u`2o_n`}V~$ObJ&kle?>JIAoRNfRN<^Q~$gd zoNgEMQzUC6GI&^uA#sW7DJ_6U2Pu)+nsVrJ*^V5Kh7Fib%|0wBWIVT%8x(HarXKmY zLJZc+ll}-ce7T#>>1@vTRKRV_X8tFqPQx>+Pm6}`(~?$?7QoMc36R-QPg0qU!}qJ_ zn8_^N$;!$RRU${v24-W(7S~tu9)kf?9`9okoM!B9@SD_kBz>FC>a1Gk2C}&pad3~_ zj2p=46>3m1&L23wOG0z%vPU$q0lHm##7j)ItLT{OgWGP@a5|J2wf;Ec7W~LUKzeb* zVXUHG*$8YB*sWH-SZ_q4+c~t?e`{!Qm}$94;aJMuau|N{g~sy&$6UZa*A@){WG$7| zr3oO*xlT>^q|T<*PMFebTD*rjEU3&5U70NMg=%5byoy0qt&`Tzvf}A&H04Nf@gKyz zx(5C9(RIt?*5&sh-0gf@CI>}EqD!sa1mnaCg_%XWv6jhvHtN(=>{&Y`I4VT zT1#?{0lQIm?F}HM!dy+blwHQR==_Ic} zUO(KxvDPJ6EFd(q%N2iewdlU)`CAgP zOng{XpC;!#=4Y^EPexIFujX1y`^1ycMF%Z;QXA59+RHZ6GNr!d=c%t;Ki|_)?z81C zYw&Cr+$Ujh7%3I4ptkhZm%A>!VAEFWpl9LbMTAx7Eg7iJZV@0Zd$S4P!y@YM4-ZKys_SP>o{Fp3pXHB##&i?(EvBViUWWa@|CmTbil1*AXOu&;#Dh6}O zfFWy(`F%jPT0GQQeDC|Rsbc`EwqUH+Y2*ipQMq1$;E_|tD$^)@~0co%(vZU=pqEtM-RR*-AIu(wB9WEA;lS zTuoGBxw4md)vgj^&JjB__Tcn%_tyxu9j&Oh{+)nNlk!P(cF~?O5HDSYNG7Mzd*K0> zCZ1|~u9~)LoZOs>cm8;uyg0D)-7NUREWJaMmtm?nXq`t;Aa$MVC8U*^uQ^}v+RBS7 znOHElt5&s0$2-O;DZ$%?a_QWxFDqj}s~B@kAP=ec9A&McXP2nA>!S{j=^yIH&byNG zFYcc-Sf&l~O)T}=%cEL8GZ^Fx>s~x7d6uobvAVWJ{+)W^m~G0ex81GFp)$3#S}$?7 z1hVYZYg_VDHb@4w#?T^>+cP65EMe4rXgrb`tK&NpGBBkL&>9pF88j?qzvsje)s{Yh zo2HqykML>tHCbY8h)DZ#l**UgNP9?=>h$(!r?-NW5`}R>8uJM-Fv2ZAh;8EN3a7t8 zP8~DS{uL|XZIC{eB)IlVpm$a269e0Ox-8@SrCPU+TzV-zc^Z0p7djp|ZC=?WO-aP{ zxj`p}XAyyRS2-^52n5ycAZd8=af+pN|ELD}iF>r~&%@~fBOiC_qvPwzKS2O>?Vy&Z zT~fu|vqx^ukn|)oq4ys>imih_U#T!J+xm6XQS=Hjj^(#|!fPYWlw)rD_7p=TQ>-#i zV@CgwIy%t|TS0nnkmUNrIoznYMpe>JYIYez0Tcb^^vLpJqh)QI^U;kTBvn}_H>#Qn zKhCc}WjkeQKr zg#F|wL#$@#>nvGy&{>wT0okG*a%Im_Vt4Qyw{xCwh4s_gN7oK=R z6y+#PF%Hb&$%ZkEldhTKS$w}X`5BQ%mgy}ysu2!8NQy8q7NywiE?s8QoXmk$J1CRO zu&+v1i9L>rK+9g1t9(O2hRh`m$l+K=Z%mMqKkmwEEv1s|YK!W8!Ri~ebiK;K4!WGj z4xXd9w_zDgp|4E!P#~5%Z0mABr4>HI`-qDJJV))1Z+(w?j98^wIN~io2?B%XwaDJ+ ztEv=#BYO{$sks);Z$mMElb@WN8YTFhl)`Cb^$JSt1%2Gee1yJ(bg{zEQ7b=pU%C-~ zpp?mgB&tKZ*jU#W=dp8|!5b2ph9T3nqfa#5cOsfs>Z3M! z;n%@mWtpzp^?B@EYB*Se$@O$E9v}vLa5F;SjU-E*hM=Ns3DIzNYsFKt4#{^8Z+0Ga zdJdnF+AIaC2?iNh`dOg0=;whqe3SGN0mPbJ?==AQG$oB)5zl-_&uE&(>|YjD-6bh6 zALS%*LxA58y0Yi9+5fH_vf<6&fWlpSEQxRO^K}_Aqd9hLX`FaQmDeSSh(E< z>tQV@w3K@AJs}dZ&zHH zGBa$ks8FB^=Kyl2K5(W4LiB5+M?I*ME((J+s*JunBVc{MMj@=CQOVX+C76|9`23}y)*nF)P_s#qFIKlHEH^VtF<+PIyHREi6|Vc?jRm^SsT9A6BBIc4 zYFlcd{MPJ$k?5lReQ9PZXI6Fnbd&rL|cJ;u+yAgxpdWXM5%noosx6aePI@s z24!qV@e84!tCq8u&rT?jWX?a+J;rz zfFMt&i?Y$|srNnCHMHPODZwLWHd1h$a(6mC_;Z?Ve_yNJk`i=<#j6Mo$&?aM9Ta8_$Rz-8M&lGEA z3+^sz(lNj|jC;Yb6Fc*u!Vyb2&FFY|jwj5-#7{2{^@kiLO8T_jLu(+rtb%H2h#3`ZyKVFZI+nRq*ur)J#6D#hQ~~XJ4SHw=%u;bk(VAgt1%rPo}BX@GDn! z%(~=SekFnDhZ3jf);{X> zF0Qq?0v+#t`_^G-t6ib{30*B#$+7sl1=IX<4vV2LsCrZt&;Es>vE+y zp2!$8UvEgOKLB@Cx~#atR?5U+(BV=;8fu$MjZL&CB%p>p?6(&fFsv`x*RKdOXNcqJ zQ~cm6{DrLB?>^y`p+-MXE?k%NKmb;UR$35^=LBE1d1%g6eIJbP8S1f)ZyrO#gf+p{ zXzs7@IN{2+h`Lef<&`f3ri$;fSYfyKwmzodIBi+!t2qrqeA2(lg!rc0eh8l3vzue= zr+any7|rb>5T1{@Y#k5yj|7_gPtiXK!j5n>ckdl*!Rj=C4syX8Y!-UDubDEdrTiMB zQ(3H>1g6VTyh+&m2l5XBXMp~`NwjjFb?}f>HCW~xPfAZLU%59qbBFM6ACa!6p+<$8 HefWO?7t3Xc diff --git a/doc/user/group/saml_sso/index.md b/doc/user/group/saml_sso/index.md index d056839c167..80e7a5903fa 100644 --- a/doc/user/group/saml_sso/index.md +++ b/doc/user/group/saml_sso/index.md @@ -398,9 +398,7 @@ For example, to unlink the `MyOrg` account: 1. On the top bar, in the top right corner, select your avatar. 1. Select **Edit profile**. 1. On the left sidebar, select **Account**. -1. In the **Social sign-in** section, select **Disconnect** next to the connected account. - -![Unlink Group SAML](img/unlink_group_saml.png) +1. In the **Service sign-in** section, select **Disconnect** next to the connected account. ## Group Sync diff --git a/doc/user/project/import/bitbucket.md b/doc/user/project/import/bitbucket.md index ff2b8674434..dff5a602e8a 100644 --- a/doc/user/project/import/bitbucket.md +++ b/doc/user/project/import/bitbucket.md @@ -58,7 +58,7 @@ For user contributions to be mapped, each user must complete the following befor If they don't match, modify the public name in the Atlassian account settings to match the username in the Bitbucket account settings. -1. Connect your Bitbucket account in [GitLab profile social sign-in](https://gitlab.com/-/profile/account). +1. Connect your Bitbucket account in [GitLab profile service sign-in](https://gitlab.com/-/profile/account). 1. [Set your public email](../../profile/index.md#set-your-public-email). @@ -97,7 +97,7 @@ If you've accidentally started the import process with the wrong account, follow the username in the Bitbucket account settings must match the public name in the Atlassian account settings. If these names match but user mapping still fails, the user may have modified their Bitbucket username after connecting their Bitbucket account in the -[GitLab profile social sign-in](https://gitlab.com/-/profile/account). +[GitLab profile service sign-in](https://gitlab.com/-/profile/account). To fix this, the user must verify that their Bitbucket external UID in the GitLab database matches their current Bitbucket public name, and reconnect if there's a mismatch: @@ -106,7 +106,7 @@ current Bitbucket public name, and reconnect if there's a mismatch: 1. In the API's response, the `identities` attribute contains the Bitbucket account that exists in the GitLab database. If the `extern_uid` doesn't match the current Bitbucket public name, the - user should reconnect their Bitbucket account in the [GitLab profile social sign-in](https://gitlab.com/-/profile/account). + user should reconnect their Bitbucket account in the [GitLab profile service sign-in](https://gitlab.com/-/profile/account). 1. Following reconnection, the user should use the API again to verify that their `extern_uid` in the GitLab database now matches their current Bitbucket public name. diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 4c678865d3b..4043a18da86 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -29456,9 +29456,6 @@ msgstr "" msgid "Profiles|Account scheduled for removal." msgstr "" -msgid "Profiles|Activate signin with one of the following services" -msgstr "" - msgid "Profiles|Active" msgstr "" @@ -29513,6 +29510,9 @@ msgstr "" msgid "Profiles|Connect %{provider}" msgstr "" +msgid "Profiles|Connect a service for sign-in." +msgstr "" + msgid "Profiles|Connected Accounts" msgstr "" @@ -29591,7 +29591,7 @@ msgstr "" msgid "Profiles|Incoming email token was successfully reset" msgstr "" -msgid "Profiles|Increase your account's security by enabling Two-Factor Authentication (2FA)" +msgid "Profiles|Increase your account's security by enabling two-factor authentication (2FA)." msgstr "" msgid "Profiles|Invalid password" @@ -29678,15 +29678,15 @@ msgstr "" msgid "Profiles|Select a service to sign in with." msgstr "" +msgid "Profiles|Service sign-in" +msgstr "" + msgid "Profiles|Set new profile picture" msgstr "" msgid "Profiles|Set your local time zone." msgstr "" -msgid "Profiles|Social sign-in" -msgstr "" - msgid "Profiles|Some options are unavailable for LDAP accounts" msgstr "" @@ -29720,7 +29720,7 @@ msgstr "" msgid "Profiles|Title" msgstr "" -msgid "Profiles|Two-Factor Authentication" +msgid "Profiles|Two-factor authentication" msgstr "" msgid "Profiles|Type your %{confirmationValue} to confirm:" diff --git a/qa/Dockerfile b/qa/Dockerfile index fee5b4f6095..832ad8f7ebc 100644 --- a/qa/Dockerfile +++ b/qa/Dockerfile @@ -40,8 +40,9 @@ COPY ./config/initializers/0_inject_enterprise_edition_module.rb /home/gitlab/co # Copy VERSION to ensure the COPY succeeds to copy at least one file since ee/app/models/license.rb isn't present in FOSS # The [b] part makes ./ee/app/models/license.r[b] a pattern that is allowed to return no files (which is the case in FOSS) COPY VERSION ./ee/app/models/license.r[b] /home/gitlab/ee/app/models/ -COPY ./config/bundler_setup.rb /home/gitlab/config/ +COPY VERSION ./ee/config/feature_flag[s] /home/gitlab/ee/config/feature_flags/ COPY ./config/feature_flags /home/gitlab/config/feature_flags +COPY ./config/bundler_setup.rb /home/gitlab/config/ COPY ./lib/gitlab_edition.rb /home/gitlab/lib/ COPY ./lib/gitlab/utils.rb /home/gitlab/lib/gitlab/ COPY ./INSTALLATION_TYPE ./VERSION /home/gitlab/ diff --git a/spec/features/invites_spec.rb b/spec/features/invites_spec.rb index 965e97baadd..9311cb63abb 100644 --- a/spec/features/invites_spec.rb +++ b/spec/features/invites_spec.rb @@ -72,7 +72,7 @@ RSpec.describe 'Group or Project invitations', :aggregate_failures do end end - context 'when invite is sent before account is created - ldap or social sign in for manual acceptance edge case' do + context 'when invite is sent before account is created - ldap or service sign in for manual acceptance edge case' do let(:user) { create(:user, email: 'user@example.com') } context 'when invite clicked and not signed in' do diff --git a/spec/features/profiles/account_spec.rb b/spec/features/profiles/account_spec.rb index 6a4a1fca008..4fe0c3d035e 100644 --- a/spec/features/profiles/account_spec.rb +++ b/spec/features/profiles/account_spec.rb @@ -9,7 +9,7 @@ RSpec.describe 'Profile > Account', :js do sign_in(user) end - describe 'Social sign-in' do + describe 'Service sign-in' do context 'when an identity does not exist' do before do allow(Devise).to receive_messages(omniauth_configs: { google_oauth2: {} }) diff --git a/spec/policies/merge_request_policy_spec.rb b/spec/policies/merge_request_policy_spec.rb index e05de25f182..dd42e1b9313 100644 --- a/spec/policies/merge_request_policy_spec.rb +++ b/spec/policies/merge_request_policy_spec.rb @@ -51,7 +51,8 @@ RSpec.describe MergeRequestPolicy do end context 'when merge request is public' do - let(:merge_request) { create(:merge_request, source_project: project, target_project: project, author: author) } + let(:merge_request) { create(:merge_request, source_project: project, target_project: project, author: user) } + let(:user) { author } context 'and user is anonymous' do subject { permissions(nil, merge_request) } @@ -61,19 +62,62 @@ RSpec.describe MergeRequestPolicy do end end - describe 'the author, who became a guest' do - subject { permissions(author, merge_request) } + context 'and user is author' do + subject { permissions(user, merge_request) } - it do - is_expected.to be_allowed(:update_merge_request) + context 'and the user is a guest' do + let(:user) { guest } + + it do + is_expected.to be_allowed(:update_merge_request) + end + + it do + is_expected.to be_allowed(:reopen_merge_request) + end + + it do + is_expected.to be_allowed(:approve_merge_request) + end end - it do - is_expected.to be_allowed(:reopen_merge_request) + context 'and the user is a group member' do + let(:project) { create(:project, :public, group: group) } + let(:group) { create(:group) } + let(:user) { non_team_member } + + before do + group.add_guest(non_team_member) + end + + it do + is_expected.to be_allowed(:approve_merge_request) + end end - it do - is_expected.to be_allowed(:approve_merge_request) + context 'and the user is a member of a shared group' do + let(:user) { non_team_member } + + before do + group = create(:group) + project.project_group_links.create!( + group: group, + group_access: Gitlab::Access::DEVELOPER) + + group.add_guest(non_team_member) + end + + it do + is_expected.to be_allowed(:approve_merge_request) + end + end + + context 'and the user is not a project member' do + let(:user) { non_team_member } + + it do + is_expected.not_to be_allowed(:approve_merge_request) + end end end end