Add latest changes from gitlab-org/gitlab@master

2022-02-07 21:18:28 +00:00 · 2022-02-07 21:18:28 +00:00 · 2001877ccc
parent 6a7fcb14aa
commit 2001877ccc
12 changed files with 136 additions and 66 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-6a00f3acce45365ac71798296667385efe8a72bc
+269b04ae5248eea05fe2d6ca02e33fdd3f6cee76
--- a/app/assets/javascripts/clusters_list/components/install_agent_modal.vue
+++ b/app/assets/javascripts/clusters_list/components/install_agent_modal.vue
@ -408,8 +408,6 @@ export default {
      <gl-button
        v-if="isEmptyStateModal"
        variant="confirm"
        category="secondary"
        :data-track-action="$options.EVENT_ACTIONS_CLICK"
        :data-track-label="$options.EVENT_LABEL_MODAL"
        data-track-property="done"
--- a/app/controllers/projects/refs_controller.rb
+++ b/app/controllers/projects/refs_controller.rb
@ -18,7 +18,7 @@ class Projects::RefsController < Projects::ApplicationController
    respond_to do |format|
      format.html do
        new_path =
-          case params[:destination]
+          case permitted_params[:destination]
          when "tree"
            project_tree_path(@project, @id)
          when "blob"
@ -45,7 +45,7 @@ class Projects::RefsController < Projects::ApplicationController
  def logs_tree
    tree_summary = ::Gitlab::TreeSummary.new(
      @commit, @project, current_user,
-      path: @path, offset: params[:offset], limit: 25)
+      path: @path, offset: permitted_params[:offset], limit: 25)
    respond_to do |format|
      format.html { render_404 }
@ -62,6 +62,10 @@ class Projects::RefsController < Projects::ApplicationController
  private
  def validate_ref_id
-    return not_found if params[:id].present? && params[:id] !~ Gitlab::PathRegex.git_reference_regex
+    return not_found if permitted_params[:id].present? && permitted_params[:id] !~ Gitlab::PathRegex.git_reference_regex
  end
  def permitted_params
    params.permit(:id, :offset, :destination)
  end
 end
--- a/data/deprecations/14-8-protect-cns-chs.yml
+++ b/data/deprecations/14-8-protect-cns-chs.yml
@ -0,0 +1,20 @@
 - name: "Container Network and Host Security"
  announcement_milestone: "14.8"
  announcement_date: "2022-02-22"
  removal_milestone: "15.0"
  removal_date: "2022-05-22"
  breaking_change: true
  reporter: sam.white
  body: | # Do not modify this line, instead modify the lines below.
    All functionality related to GitLab's Container Network Security and Container Host Security categories is deprecated in GitLab 14.8 and scheduled for removal in GitLab 15.0. Users who need a replacement for this functionality are encouraged to evaluate the following open source projects as potential solutions that can be installed and managed outside of GitLab: [AppArmor](https://gitlab.com/apparmor/apparmor), [Cilium](https://github.com/cilium/cilium), [Falco](https://github.com/falcosecurity/falco), [FluentD](https://github.com/fluent/fluentd), [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/). To integrate these technologies into GitLab, add the desired Helm charts into your copy of the [Cluster Management Project Template](https://docs.gitlab.com/ee/user/clusters/management_project_template.html). Deploy these Helm charts in production by calling commands through the GitLab [Secure CI/CD Tunnel](https://docs.gitlab.com/ee/user/clusters/agent/repository.html#run-kubectl-commands-using-the-cicd-tunnel).
    As part of this change, the following specific capabilities within GitLab are now deprecated, and are scheduled for removal in GitLab 15.0:
    - The **Security & Compliance > Threat Monitoring** page.
    - The `Network Policy` security policy type, as found on the **Security & Compliance > Policies** page.
    - The ability to manage integrations with the following technologies through GitLab: AppArmor, Cilium, Falco, FluentD, and Pod Security Policies.
    - All APIs related to the above functionality.
    For additional context, or to provide feedback regarding this change, please reference our open [deprecation issue](https://gitlab.com/groups/gitlab-org/-/epics/7476).
 # The following items are not published on the docs page, but may be used in the future.
  stage: "Protect"
--- a/doc/administration/packages/container_registry.md
+++ b/doc/administration/packages/container_registry.md
@ -662,14 +662,14 @@ configurable in future releases.
 The Registry server listens on localhost at port `5000` by default,
 which is the address for which the Registry server should accept connections.
-In the examples below we set the Registry's port to `5001`.
+In the examples below we set the Registry's port to `5010`.
 **Omnibus GitLab**
 1. Open `/etc/gitlab/gitlab.rb` and set `registry['registry_http_addr']`:
   ```ruby
-   registry['registry_http_addr'] = "localhost:5001"
+   registry['registry_http_addr'] = "localhost:5010"
   ```
 1. Save the file and [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
@ -681,7 +681,7 @@ In the examples below we set the Registry's port to `5001`.
   ```yaml
   http:
-     addr: localhost:5001
+     addr: localhost:5010
   ```
 1. Save the file and restart the Registry server.
--- a/doc/api/merge_requests.md
+++ b/doc/api/merge_requests.md
@ -13,41 +13,6 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 Every API call to merge requests must be authenticated.
 **Important notes:**
 - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/29984) in GitLab 12.8, the mergeability (`merge_status`)
 of each merge request is checked asynchronously when a request is made to this endpoint. Poll this API endpoint
 to get updated status. This affects the `has_conflicts` property as it is dependent on the `merge_status`. It returns
 `false` unless `merge_status` is `cannot_be_merged`.
 - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/31890) in GitLab 13.0, listing merge requests may
 not proactively update `merge_status` (which also affects the `has_conflicts`), as this can be an expensive operation.
 If you need the value of these fields from this endpoint, set the `with_merge_status_recheck` parameter to
 `true` in the query.
 - `references.relative` is relative to the group or project that the merge request is being requested. When the merge request
 is fetched from its project, `relative` format would be the same as `short` format, and when requested across groups or projects, it is expected to be the same as `full` format.
 - If `approvals_before_merge` is not provided, it inherits the value from the target project. If provided, the following conditions must hold for it to take effect:
  - The target project's `approvals_before_merge` must be greater than zero. A
    value of zero disables approvals for that project.
  - The provided value of `approvals_before_merge` must be greater than the
    target project's `approvals_before_merge`.
  This API returns `HTTP 201 Created` for a successful response.
 - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/46190) in GitLab 13.6,
 diffs associated with the set of changes have the same size limitations applied as other diffs
 returned by the API or viewed via the UI. When these limits impact the results, the `overflow`
 field contains a value of `true`. Diff data without these limits applied can be retrieved by
 adding the `access_raw_diffs` parameter, accessing diffs not from the database but from Gitaly directly.
 This approach is generally slower and more resource-intensive, but isn't subject to size limits
 placed on database-backed diffs. [Limits inherent to Gitaly](../development/diffs.md#diff-limits)
 still apply.
 - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/349031) in GitLab 14.7,
 field `merge_user` can be either user who merged this merge request,
 user who set it to merge when pipeline succeeds or `null`.
 Field `merged_by` (user who merged this merge request or `null`) has been deprecated.
 ## List merge requests
 Get all merge requests the authenticated user has access to. By
@ -241,6 +206,14 @@ the `approvals_before_merge` parameter:
 ]
 ```
 ### Merge requests list response notes
 - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/31890) in GitLab 13.0, listing merge requests may
  not proactively update `merge_status` (which also affects the `has_conflicts`), as this can be an expensive operation.
  If you need the value of these fields from this endpoint, set the `with_merge_status_recheck` parameter to
  `true` in the query.
 - For notes on merge request object fields, read [Single merge request response notes](#single-merge-request-response-notes).
 ## List project merge requests
 Get all merge requests for this project.
@ -421,16 +394,6 @@ Parameters:
 ]
 ```
 The `merge_status` field may hold one of the following values:
 | Value                      | Interpretation                                                        |
 |----------------------------|-----------------------------------------------------------------------|
 | `unchecked`                | We have not checked this yet                                          |
 | `checking`                 | We are currently checking if the merge request can be merged          |
 | `can_be_merged`            | This merge request can be merged without conflict                     |
 | `cannot_be_merged`         | There are merge conflicts between the source and target branches      |
 | `cannot_be_merged_recheck` | Currently unchecked. Before the current changes, there were conflicts |
 Users on [GitLab Premium or higher](https://about.gitlab.com/pricing/) also see
 the `approvals_before_merge` parameter:
@ -445,6 +408,8 @@ the `approvals_before_merge` parameter:
 ]
 ```
 For important notes on response data, read [Merge requests list response notes](#merge-requests-list-response-notes).
 ## List group merge requests
 Get all merge requests for this group and its subgroups.
@ -627,6 +592,8 @@ the `approvals_before_merge` parameter:
 ]
 ```
 For important notes on response data, read [Merge requests list response notes](#merge-requests-list-response-notes).
 ## Get single MR
 Shows information about a single merge request.
@ -805,7 +772,26 @@ the `approvals_before_merge` parameter:
 }
 ```
-The `diff_refs` in the response correspond to the latest diff version of the merge request.
+### Single merge request response notes
 - The `merge_status` field may hold one of the following values:
  - `unchecked`: We have not checked this yet.
  - `checking`: We are currently checking if the merge request can be merged.
  - `can_be_merged`: This merge request can be merged without conflict.
  - `cannot_be_merged`: There are merge conflicts between the source and target branches.
  - `cannot_be_merged_recheck`: Currently unchecked. Before the current changes, there were conflicts.
 - The `diff_refs` in the response correspond to the latest diff version of the merge request.
 - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/29984) in GitLab 12.8, the mergeability (`merge_status`)
  of each merge request is checked asynchronously when a request is made to this endpoint. Poll this API endpoint
  to get updated status. This affects the `has_conflicts` property as it is dependent on the `merge_status`. It returns
  `false` unless `merge_status` is `cannot_be_merged`.
 - `references.relative` is relative to the group or project that the merge request is being requested. When the merge
  request is fetched from its project, `relative` format would be the same as `short` format, and when requested across
  groups or projects, it is expected to be the same as `full` format.
 - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/349031) in GitLab 14.7,
  field `merge_user` can be either user who merged this merge request,
  user who set it to merge when pipeline succeeds or `null`.
  Field `merged_by` (user who merged this merge request or `null`) has been deprecated.
 ## Get single MR participants
@ -885,6 +871,15 @@ Parameters:
 Shows information about the merge request including its files and changes.
 [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/46190) in GitLab 13.6,
 diffs associated with the set of changes have the same size limitations applied as other diffs
 returned by the API or viewed via the UI. When these limits impact the results, the `overflow`
 field contains a value of `true`. Diff data without these limits applied can be retrieved by
 adding the `access_raw_diffs` parameter, accessing diffs not from the database but from Gitaly directly.
 This approach is generally slower and more resource-intensive, but isn't subject to size limits
 placed on database-backed diffs. [Limits inherent to Gitaly](../development/diffs.md#diff-limits)
 still apply.
 ```plaintext
 GET /projects/:id/merge_requests/:merge_request_iid/changes
 ```
@ -1117,8 +1112,16 @@ POST /projects/:id/merge_requests
 | `remove_source_branch`     | boolean | no       | Flag indicating if a merge request should remove the source branch when merging. |
 | `allow_collaboration`      | boolean | no       | Allow commits from members who can merge to the target branch.                   |
 | `allow_maintainer_to_push` | boolean | no       | Alias of `allow_collaboration`.                                                  |
 | `approvals_before_merge` **(PREMIUM)** | integer | no | Number of approvals required before this can be merged (see below). |
 | `squash`                   | boolean | no       | Squash commits into a single commit when merging.                                |
 If `approvals_before_merge` is not provided, it inherits the value from the target project. If provided, the following conditions must hold for it to take effect:
 - The target project's `approvals_before_merge` must be greater than zero. A
  value of zero disables approvals for that project.
 - The provided value of `approvals_before_merge` must be greater than the
  target project's `approvals_before_merge`.
 ```json
 {
  "id": 1,
@ -1251,6 +1254,8 @@ the `approvals_before_merge` parameter:
 }
 ```
 For important notes on response data, read [Single merge request response notes](#single-merge-request-response-notes).
 ## Update MR
 Updates an existing merge request. You can change the target branch, title, or even close the MR.
@ -1430,6 +1435,8 @@ the `approvals_before_merge` parameter:
 }
 ```
 For important notes on response data, read [Single merge request response notes](#single-merge-request-response-notes).
 ## Delete a merge request
 Only for administrators and project owners. Deletes the merge request in question.
@ -1624,6 +1631,8 @@ the `approvals_before_merge` parameter:
 }
 ```
 For important notes on response data, read [Single merge request response notes](#single-merge-request-response-notes).
 ## Merge to default merge ref path
 Merge the changes between the merge request source and target branches into `refs/merge-requests/:iid/merge`
@ -1821,6 +1830,8 @@ the `approvals_before_merge` parameter:
 }
 ```
 For important notes on response data, read [Single merge request response notes](#single-merge-request-response-notes).
 ## Rebase a merge request
 Automatically rebase the `source_branch` of the merge request against its
@ -2130,6 +2141,8 @@ the `approvals_before_merge` parameter:
 }
 ```
 For important notes on response data, read [Single merge request response notes](#single-merge-request-response-notes).
 ## Unsubscribe from a merge request
 Unsubscribes the authenticated user from a merge request to not receive
@ -2298,6 +2311,8 @@ the `approvals_before_merge` parameter:
 }
 ```
 For important notes on response data, read [Single merge request response notes](#single-merge-request-response-notes).
 ## Create a to-do item
 Manually creates a to-do item for the current user on a merge request.
--- a/doc/api/projects.md
+++ b/doc/api/projects.md
@ -1258,7 +1258,6 @@ POST /projects
 | `requirements_access_level`                                 | string  | **{dotted-circle}** No | One of `disabled`, `private`, `enabled` or `public` |
 | `resolve_outdated_diff_discussions`                         | boolean | **{dotted-circle}** No | Automatically resolve merge request diffs discussions on lines changed with a push. |
 | `shared_runners_enabled`                                    | boolean | **{dotted-circle}** No | Enable shared runners for this project. |
 | `show_default_award_emojis`                                 | boolean | **{dotted-circle}** No | Show default award emojis. |
 | `snippets_access_level`                                     | string  | **{dotted-circle}** No | One of `disabled`, `private`, or `enabled`. |
 | `snippets_enabled`                                          | boolean | **{dotted-circle}** No | _(Deprecated)_ Enable snippets for this project. Use `snippets_access_level` instead. |
 | `squash_option`                                             | string  | **{dotted-circle}** No | One of `never`, `always`, `default_on`, or `default_off`. |
@ -1336,7 +1335,6 @@ POST /projects/user/:user_id
 | `requirements_access_level`                                 | string  | **{dotted-circle}** No | One of `disabled`, `private`, `enabled` or `public` |
 | `resolve_outdated_diff_discussions`                         | boolean | **{dotted-circle}** No | Automatically resolve merge request diffs discussions on lines changed with a push. |
 | `shared_runners_enabled`                                    | boolean | **{dotted-circle}** No | Enable shared runners for this project. |
 | `show_default_award_emojis`                                 | boolean | **{dotted-circle}** No | Show default award emojis. |
 | `snippets_access_level`                                     | string  | **{dotted-circle}** No | One of `disabled`, `private`, or `enabled`. |
 | `snippets_enabled`                                          | boolean | **{dotted-circle}** No | _(Deprecated)_ Enable snippets for this project. Use `snippets_access_level` instead. |
 | `squash_commit_template`                                    | string  | **{dotted-circle}** No | [Template](../user/project/merge_requests/commit_templates.md) used to create squash commit message in merge requests. _([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/345275) in GitLab 14.6.)_ |
@ -1437,7 +1435,6 @@ Supported attributes:
 | `restrict_user_defined_variables`                           | boolean        | **{dotted-circle}** No | Allow only users with the Maintainer role to pass user-defined variables when triggering a pipeline. For example when the pipeline is triggered in the UI, with the API, or by a trigger token. |
 | `service_desk_enabled`                                      | boolean        | **{dotted-circle}** No | Enable or disable Service Desk feature. |
 | `shared_runners_enabled`                                    | boolean        | **{dotted-circle}** No | Enable shared runners for this project. |
 | `show_default_award_emojis`                                 | boolean        | **{dotted-circle}** No | Show default award emojis. |
 | `snippets_access_level`                                     | string         | **{dotted-circle}** No | One of `disabled`, `private`, or `enabled`. |
 | `snippets_enabled`                                          | boolean        | **{dotted-circle}** No | _(Deprecated)_ Enable snippets for this project. Use `snippets_access_level` instead. |
 | `squash_commit_template`                                    | string         | **{dotted-circle}** No | [Template](../user/project/merge_requests/commit_templates.md) used to create squash commit message in merge requests. _([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/345275) in GitLab 14.6.)_ |
--- a/doc/architecture/blueprints/object_storage/index.md
+++ b/doc/architecture/blueprints/object_storage/index.md
@ -89,20 +89,23 @@ replaced by a mock implementation. Furthermore, the presence of a
 shared disk, both in CI and in local development, often hides broken
 implementations until we deploy on an HA environment.
-Shipping MinIO as part of the product will reduce the differences
+One consideration we can take is to investigate shipping MinIO as part of the product. This could reduce the differences
 between a cloud and a local installation, standardizing our file
 storage on a single technology.
-The removal of local disk operations will reduce the complexity of
+The removal of local disk operations would reduce the complexity of
 development as well as mitigate several security attack vectors as
 we no longer write user-provided data on the local storage.
-It will also reduce human errors as we will always run a local object
+It would also reduce human errors as we will always run a local object
 storage in development mode and any local file disk access should
 raise a red flag during the merge request review.
 This effort is described in [this epic](https://gitlab.com/groups/gitlab-org/-/epics/6099).
 Before considering any specific third-party technology, the
 open source software licensing implications should be considered. As of 23 April 2021, [MinIO is subject to the AGPL v3 license](https://github.com/minio/minio/commit/069432566fcfac1f1053677cc925ddafd750730a). GitLab Legal must be consulted before any decision is taken to ship MinIO as proposed in this blueprint.
 ### Enable direct upload by default on every upload
 Because every group of features requires its own bucket, we don't have
--- a/doc/development/changelog.md
+++ b/doc/development/changelog.md
@ -101,7 +101,9 @@ EE: true
 - _Any_ contribution from a community member, no matter how small, **may** have
  a changelog entry regardless of these guidelines if the contributor wants one.
 - Any [GLEX experiment](experiment_guide/gitlab_experiment.md) changes **should not** have a changelog entry.
- [Modifying](feature_flags/#changelog) a feature flag (flag removal, default-on setting).
+
 For more information, see
 [how to handle changelog entries with feature flags](feature_flags/index.md#changelog).
 ## Writing good changelog entries
--- a/doc/update/deprecations.md
+++ b/doc/update/deprecations.md
@ -727,6 +727,27 @@ The `merged_by` field in the [merge request API](https://docs.gitlab.com/ee/api/
 ## 14.8
 ### Container Network and Host Security
 WARNING:
 This feature will be changed or removed in 15.0
 as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
 Before updating GitLab, review the details carefully to determine if you need to make any
 changes to your code, settings, or workflow.
 All functionality related to GitLab's Container Network Security and Container Host Security categories is deprecated in GitLab 14.8 and scheduled for removal in GitLab 15.0. Users who need a replacement for this functionality are encouraged to evaluate the following open source projects as potential solutions that can be installed and managed outside of GitLab: [AppArmor](https://gitlab.com/apparmor/apparmor), [Cilium](https://github.com/cilium/cilium), [Falco](https://github.com/falcosecurity/falco), [FluentD](https://github.com/fluent/fluentd), [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/). To integrate these technologies into GitLab, add the desired Helm charts into your copy of the [Cluster Management Project Template](https://docs.gitlab.com/ee/user/clusters/management_project_template.html). Deploy these Helm charts in production by calling commands through the GitLab [Secure CI/CD Tunnel](https://docs.gitlab.com/ee/user/clusters/agent/repository.html#run-kubectl-commands-using-the-cicd-tunnel).
 As part of this change, the following specific capabilities within GitLab are now deprecated, and are scheduled for removal in GitLab 15.0:
 - The **Security & Compliance > Threat Monitoring** page.
 - The `Network Policy` security policy type, as found on the **Security & Compliance > Policies** page.
 - The ability to manage integrations with the following technologies through GitLab: AppArmor, Cilium, Falco, FluentD, and Pod Security Policies.
 - All APIs related to the above functionality.
 For additional context, or to provide feedback regarding this change, please reference our open [deprecation issue](https://gitlab.com/groups/gitlab-org/-/epics/7476).
 **Planned removal milestone: 15.0 (2022-05-22)**
 ### Deprecate Geo Admin UI Routes
 In GitLab 13.0, we introduced new project and design replication details routes in the Geo Admin UI. These routes are `/admin/geo/replication/projects` and `/admin/geo/replication/designs`. We kept the legacy routes and redirected them to the new routes. In GitLab 15.0, we will remove support for the legacy routes `/admin/geo/projects` and `/admin/geo/designs`. Please update any bookmarks or scripts that may use the legacy routes.
--- a/spec/controllers/projects/refs_controller_spec.rb
+++ b/spec/controllers/projects/refs_controller_spec.rb
@ -55,6 +55,15 @@ RSpec.describe Projects::RefsController do
      end
    end
    context 'when offset has an invalid format' do
      it 'renders JSON' do
        xhr_get(:json, offset: { wrong: :format })
        expect(response).to be_successful
        expect(json_response).to be_kind_of(Array)
      end
    end
    context 'when json is requested' do
      it 'renders JSON' do
        expect(::Gitlab::GitalyClient).to receive(:allow_ref_name_caching).and_call_original
--- a/spec/frontend/clusters_list/components/install_agent_modal_spec.js
+++ b/spec/frontend/clusters_list/components/install_agent_modal_spec.js
@ -309,12 +309,13 @@ describe('InstallAgentModal', () => {
  describe('when KAS is disabled', () => {
    const i18n = I18N_AGENT_MODAL.empty_state;
-    beforeEach(() => {
+    beforeEach(async () => {
      apolloProvider = createMockApollo([
        [getAgentConfigurations, jest.fn().mockResolvedValue(kasDisabledErrorResponse)],
      ]);
-      return mockSelectedAgentResponse();
+      createWrapper();
      await waitForPromises();
    });
    it('renders empty state image', () => {
@ -328,8 +329,8 @@ describe('InstallAgentModal', () => {
    });
    it('renders a cancel button', () => {
-      expect(findActionButton().isVisible()).toBe(true);
+      expect(findCancelButton().isVisible()).toBe(true);
-      expect(findActionButton().text()).toBe(i18n.done);
+      expect(findCancelButton().text()).toBe(i18n.done);
    });
    it("doesn't render a secondary button", () => {
`@ -1 +1 @@`
	`6a00f3acce45365ac71798296667385efe8a72bc`	`269b04ae5248eea05fe2d6ca02e33fdd3f6cee76`