root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2022-12-05 09:09:49 +00:00
parent 130b909c4f
commit 1e02d1c756
9 changed files with 14 additions and 198 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/models/concerns/sensitive_serializable_hash.rb
View File

@ -19,8 +19,6 @@ module SensitiveSerializableHash
# In general, prefer NOT to use serializable_hash / to_json / as_json in favor
# of serializers / entities instead which has an allowlist of attributes
def serializable_hash(options = nil)
return super if options && options[:unsafe_serialization_hash]
options = options.try(:dup) || {}
options[:except] = Array(options[:except]).dup

32
app/services/clusters/applications/install_service.rb
View File

@ -1,32 +0,0 @@
# frozen_string_literal: true
module Clusters
module Applications
class InstallService < BaseHelmService
def execute
return unless app.scheduled?
app.make_installing!
install
end
private
def install
log_event(:begin_install)
helm_api.install(install_command)
log_event(:schedule_wait_for_installation)
ClusterWaitForAppInstallationWorker.perform_in(
ClusterWaitForAppInstallationWorker::INTERVAL, app.name, app.id)
rescue Kubeclient::HttpError => e
log_error(e)
app.make_errored!(_('Kubernetes error: %{error_code}') % { error_code: e.error_code })
rescue StandardError => e
log_error(e)
app.make_errored!(_('Failed to install.'))
end
end
end
end

46
doc/user/application_security/dast/proxy-based.md
View File

@ -472,8 +472,6 @@ An on-demand DAST scan:
- Is associated with your project's default branch.
- Is saved on creation so it can be run later.
### On-demand scan modes
An on-demand scan can be run in active or passive mode:
- _Passive mode_ is the default and runs a ZAP Baseline Scan.
@ -482,35 +480,20 @@ An on-demand scan can be run in active or passive mode:
### View on-demand DAST scans
To view running completed and scheduled on-demand DAST scans for a project, go to
**Security & Compliance > On-demand Scans** in the left sidebar.
To view on-demand scans, from your project's home page, go to **Security & Compliance > On-demand
scans** in the left sidebar.
- To view both running and completed scans, select **All**.
- To view running scans only, select **Running**.
- To view finished scans, select **Finished**. A finished scan is a scan that either succeeded,
failed, or was canceled.
- To view scheduled scans, select **Scheduled**. It shows on-demand scans that have a schedule
set up. Those are _not_ included in the **All** tab.
- To view saved on-demand scan profiles, select **Scan library**.
Those are _not_ included in the **All** tab.
On-demand scans are grouped by their status. The scan library contains all available on-demand
scans.
#### Cancel an on-demand scan
From the **On-demand scans** page you can:
To cancel a pending or running on-demand scan, select **Cancel** (**{cancel}**) in the
on-demand scans list.
#### Retry an on-demand scan
To retry a scan that failed or succeeded with warnings, select **Retry** (**{retry}**) in the
on-demand scans list.
#### View an on-demand scan's results
To view a finished scan's results, select **View results** in the on-demand scans list.
#### Edit an on-demand scan
To edit an on-demand scan's settings, select **Edit** (**{pencil}**) in the **Scheduled** tab.
- [Run](#run-an-on-demand-dast-scan) an on-demand scan.
- View the results of an on-demand scan.
- Cancel (**{cancel}**) a pending or running on-demand scan.
- Retry (**{retry}**) a scan that failed, or succeeded with warnings.
- [Edit](#edit-an-on-demand-scan) (**{pencil}**) an on-demand scan's settings.
- [Delete](#delete-an-on-demand-scan) a on-demand scan.
### Run an on-demand DAST scan
@ -593,13 +576,6 @@ To schedule a scan:
1. To run the on-demand scan immediately, select **Save and run scan**. To [run](#run-a-saved-on-demand-scan) it according to the schedule you set, select
**Save scan**.
#### List saved on-demand scans
To list saved on-demand scans:
1. From your project's home page, go to **Security & Compliance > On-demand Scans**.
1. Select the **Scan library** tab.
#### View details of an on-demand scan
To view details of an on-demand scan:

2
doc/user/project/integrations/webhooks.md
View File

@ -8,7 +8,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
[Webhooks](https://en.wikipedia.org/wiki/Webhook) are custom HTTP callbacks
that you define. They are usually triggered by an
event, such as pushing code to a repository or posting a comment on a blog.
event, such as pushing code to a repository or posting a comment on an issue.
When the event occurs, the source app makes an HTTP request to the URI
configured for the webhook. The action to take may be anything. For example,
you can use webhooks to:

6
doc/user/read_only_namespaces.md
View File

@ -7,12 +7,10 @@ noindex: true
# Read-only namespaces **(FREE SAAS)**
In GitLab SaaS, a top-level namespace is placed in a read-only state when it either:
In GitLab SaaS, a top-level namespace is placed in a read-only state when it either:
- Exceeds the [free user limit](free_user_limit.md) when the namespace visibility is private.
- Exceeds the [free user limit](free_user_limit.md) when the namespace visibility is private.
- Exceeds the [storage usage quota](usage_quotas.md), regardless of namespace visibility.
placed in a read-only state when it exceeds the [free user limit](free_user_limit.md)
or the [storage usage quota](usage_quotas.md).
While a namespace is in a read-only state, a banner appears at the
top of the page.

3
locale/gitlab.pot
View File

@ -16669,9 +16669,6 @@ msgstr ""
msgid "Failed to get ref."
msgstr ""
msgid "Failed to install."
msgstr ""
msgid "Failed to load"
msgstr ""

33
spec/models/concerns/sensitive_serializable_hash_spec.rb
View File

@ -35,12 +35,6 @@ RSpec.describe SensitiveSerializableHash do
expect(model.serializable_hash).not_to include('super_secret')
end
context 'unsafe_serialization_hash option' do
it 'includes the field in serializable_hash' do
expect(model.serializable_hash(unsafe_serialization_hash: true)).to include('super_secret')
end
end
it 'does not change parent class attributes_exempt_from_serializable_hash' do
expect(test_class.attributes_exempt_from_serializable_hash).to contain_exactly(:super_secret)
expect(another_class.attributes_exempt_from_serializable_hash).to contain_exactly(:sub_secret)
@ -65,21 +59,6 @@ RSpec.describe SensitiveSerializableHash do
expect(model.as_json).not_to include(attribute)
end
end
context 'unsafe_serialization_hash option' do
it 'includes the field in serializable_hash' do
attributes.each do |attribute|
expect(model.attributes).to include(attribute) # double-check the attribute does exist
# Do not expect binary columns to appear in JSON
next if klass.columns_hash[attribute]&.type == :binary
expect(model.serializable_hash(unsafe_serialization_hash: true)).to include(attribute)
expect(model.to_json(unsafe_serialization_hash: true)).to include(attribute)
expect(model.as_json(unsafe_serialization_hash: true)).to include(attribute)
end
end
end
end
end
@ -120,18 +99,6 @@ RSpec.describe SensitiveSerializableHash do
expect(model.as_json).not_to include(attribute)
end
end
context 'unsafe_serialization_hash option' do
it 'includes the field in serializable_hash' do
attributes.each do |attribute|
expect(model.attributes).to include(attribute) # double-check the attribute does exist
expect(model.serializable_hash(unsafe_serialization_hash: true)).to include(attribute)
expect(model.to_json(unsafe_serialization_hash: true)).to include(attribute)
expect(model.as_json(unsafe_serialization_hash: true)).to include(attribute)
end
end
end
end
end

8
spec/models/hooks/web_hook_spec.rb
View File

@ -678,17 +678,9 @@ RSpec.describe WebHook do
expect { hook.to_json }.not_to raise_error
end
it 'does not error, when serializing unsafe attributes' do
expect { hook.to_json(unsafe_serialization_hash: true) }.not_to raise_error
end
it 'does not contain binary attributes' do
expect(hook.to_json).not_to include('encrypted_url_variables')
end
it 'does not contain binary attributes, even when serializing unsafe attributes' do
expect(hook.to_json(unsafe_serialization_hash: true)).not_to include('encrypted_url_variables')
end
end
describe '#interpolated_url' do

80
spec/services/clusters/applications/install_service_spec.rb
View File

@ -1,80 +0,0 @@
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Clusters::Applications::InstallService do
describe '#execute' do
let(:application) { create(:clusters_applications_helm, :scheduled) }
let!(:install_command) { application.install_command }
let(:service) { described_class.new(application) }
let(:helm_client) { instance_double(Gitlab::Kubernetes::Helm::API) }
before do
allow(service).to receive(:install_command).and_return(install_command)
allow(service).to receive(:helm_api).and_return(helm_client)
end
context 'when there are no errors' do
before do
expect(helm_client).to receive(:install).with(install_command)
allow(ClusterWaitForAppInstallationWorker).to receive(:perform_in).and_return(nil)
end
it 'make the application installing' do
expect(application.cluster).not_to be_nil
service.execute
expect(application).to be_installing
end
it 'schedule async installation status check' do
expect(ClusterWaitForAppInstallationWorker).to receive(:perform_in).once
service.execute
end
end
context 'when k8s cluster communication fails' do
let(:error) { Kubeclient::HttpError.new(500, 'system failure', nil) }
before do
expect(helm_client).to receive(:install).with(install_command).and_raise(error)
end
include_examples 'logs kubernetes errors' do
let(:error_name) { 'Kubeclient::HttpError' }
let(:error_message) { 'system failure' }
let(:error_code) { 500 }
end
it 'make the application errored' do
service.execute
expect(application).to be_errored
expect(application.status_reason).to match('Kubernetes error: 500')
end
end
context 'a non kubernetes error happens' do
let(:application) { create(:clusters_applications_helm, :scheduled) }
let(:error) { StandardError.new('something bad happened') }
before do
expect(helm_client).to receive(:install).with(install_command).and_raise(error)
end
include_examples 'logs kubernetes errors' do
let(:error_name) { 'StandardError' }
let(:error_message) { 'something bad happened' }
let(:error_code) { nil }
end
it 'make the application errored' do
service.execute
expect(application).to be_errored
expect(application.status_reason).to eq('Failed to install.')
end
end
end
end