From 2bb1dbf21f2a684b29c63be7e2594886884cd2ac Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Wed, 22 Jun 2022 18:09:56 +0000 Subject: [PATCH] Add latest changes from gitlab-org/gitlab@master --- .../clusters/integrations/prometheus.rb | 18 +- app/models/integration.rb | 6 +- app/models/integrations/irker.rb | 15 +- app/services/projects/destroy_service.rb | 2 +- app/services/web_hooks/destroy_service.rb | 3 - .../groups/_group_admin_settings.html.haml | 4 +- .../groups/settings/_permissions.html.haml | 14 +- .../_project_creation_level.html.haml | 2 +- .../_resource_access_token_creation.html.haml | 5 +- .../_subgroup_creation_level.html.haml | 2 +- .../settings/_two_factor_auth.html.haml | 8 +- .../shared/_allow_request_access.html.haml | 2 +- app/workers/all_queues.yml | 45 ---- .../applications/activate_service_worker.rb | 12 - .../applications/deactivate_service_worker.rb | 12 - app/workers/irker_worker.rb | 9 - app/workers/project_service_worker.rb | 16 -- app/workers/web_hooks/destroy_worker.rb | 27 --- .../rename_integrations_workers.yml | 8 - config/sidekiq_queues.yml | 6 - data/whats_new/202206220001_15_1.yml | 59 +++++ ...1900_schedule_backfill_ci_runner_semver.rb | 29 +++ db/schema_migrations/20220601151900 | 1 + doc/api/groups.md | 4 +- doc/development/geo.md | 216 ++++++++++++++++-- doc/security/two_factor_authentication.md | 19 +- doc/update/index.md | 9 +- doc/user/crm/index.md | 2 +- doc/user/group/index.md | 16 +- .../group/settings/group_access_tokens.md | 2 +- doc/user/group/subgroups/index.md | 13 +- .../backfill_ci_runner_semver.rb | 31 +++ lib/tasks/gitlab/web_hook.rake | 3 +- locale/gitlab.pot | 108 ++++----- spec/features/groups/group_settings_spec.rb | 4 +- .../backfill_ci_runner_semver_spec.rb | 54 +++++ .../clusters/integrations/prometheus_spec.rb | 26 --- spec/models/integration_spec.rb | 14 -- spec/models/integrations/irker_spec.rb | 14 -- .../services/projects/destroy_service_spec.rb | 6 +- spec/views/groups/edit.html.haml_spec.rb | 2 +- .../activate_integration_worker_spec.rb | 9 - .../deactivate_integration_worker_spec.rb | 9 - spec/workers/every_sidekiq_worker_spec.rb | 4 - .../integrations/execute_worker_spec.rb | 22 -- .../workers/integrations/irker_worker_spec.rb | 6 - spec/workers/web_hooks/destroy_worker_spec.rb | 64 ------ 47 files changed, 500 insertions(+), 462 deletions(-) delete mode 100644 app/workers/clusters/applications/activate_service_worker.rb delete mode 100644 app/workers/clusters/applications/deactivate_service_worker.rb delete mode 100644 app/workers/irker_worker.rb delete mode 100644 app/workers/project_service_worker.rb delete mode 100644 app/workers/web_hooks/destroy_worker.rb delete mode 100644 config/feature_flags/development/rename_integrations_workers.yml create mode 100644 data/whats_new/202206220001_15_1.yml create mode 100644 db/post_migrate/20220601151900_schedule_backfill_ci_runner_semver.rb create mode 100644 db/schema_migrations/20220601151900 create mode 100644 lib/gitlab/background_migration/backfill_ci_runner_semver.rb create mode 100644 spec/lib/gitlab/background_migration/backfill_ci_runner_semver_spec.rb delete mode 100644 spec/workers/web_hooks/destroy_worker_spec.rb diff --git a/app/models/clusters/integrations/prometheus.rb b/app/models/clusters/integrations/prometheus.rb index 0d6177beae7..899529ff49f 100644 --- a/app/models/clusters/integrations/prometheus.rb +++ b/app/models/clusters/integrations/prometheus.rb @@ -55,23 +55,13 @@ module Clusters private def activate_project_integrations - if Feature.enabled?(:rename_integrations_workers) - ::Clusters::Applications::ActivateIntegrationWorker - .perform_async(cluster_id, ::Integrations::Prometheus.to_param) - else - ::Clusters::Applications::ActivateServiceWorker - .perform_async(cluster_id, ::Integrations::Prometheus.to_param) - end + ::Clusters::Applications::ActivateIntegrationWorker + .perform_async(cluster_id, ::Integrations::Prometheus.to_param) end def deactivate_project_integrations - if Feature.enabled?(:rename_integrations_workers) - ::Clusters::Applications::DeactivateIntegrationWorker - .perform_async(cluster_id, ::Integrations::Prometheus.to_param) - else - ::Clusters::Applications::DeactivateServiceWorker - .perform_async(cluster_id, ::Integrations::Prometheus.to_param) - end + ::Clusters::Applications::DeactivateIntegrationWorker + .perform_async(cluster_id, ::Integrations::Prometheus.to_param) end end end diff --git a/app/models/integration.rb b/app/models/integration.rb index fe2f6806754..50170d42f3f 100644 --- a/app/models/integration.rb +++ b/app/models/integration.rb @@ -570,11 +570,7 @@ class Integration < ApplicationRecord def async_execute(data) return unless supported_events.include?(data[:object_kind]) - if Feature.enabled?(:rename_integrations_workers) - Integrations::ExecuteWorker.perform_async(id, data) - else - ProjectServiceWorker.perform_async(id, data) - end + Integrations::ExecuteWorker.perform_async(id, data) end # override if needed diff --git a/app/models/integrations/irker.rb b/app/models/integrations/irker.rb index 780f4bef0c9..0ec750a4b77 100644 --- a/app/models/integrations/irker.rb +++ b/app/models/integrations/irker.rb @@ -30,17 +30,10 @@ module Integrations def execute(data) return unless supported_events.include?(data[:object_kind]) - if Feature.enabled?(:rename_integrations_workers) - Integrations::IrkerWorker.perform_async( - project_id, channels, - colorize_messages, data, settings - ) - else - ::IrkerWorker.perform_async( - project_id, channels, - colorize_messages, data, settings - ) - end + Integrations::IrkerWorker.perform_async( + project_id, channels, + colorize_messages, data, settings + ) end def settings diff --git a/app/services/projects/destroy_service.rb b/app/services/projects/destroy_service.rb index bc5be5bdff3..79ab4828834 100644 --- a/app/services/projects/destroy_service.rb +++ b/app/services/projects/destroy_service.rb @@ -212,7 +212,7 @@ module Projects # produces smaller and faster queries to the database. def destroy_web_hooks! project.hooks.find_each do |web_hook| - result = ::WebHooks::DestroyService.new(current_user).sync_destroy(web_hook) + result = ::WebHooks::DestroyService.new(current_user).execute(web_hook) unless result[:status] == :success raise_error(s_('DeleteProject|Failed to remove webhooks. Please try again or contact administrator.')) diff --git a/app/services/web_hooks/destroy_service.rb b/app/services/web_hooks/destroy_service.rb index ecb530f0d2a..54c6c7ea71b 100644 --- a/app/services/web_hooks/destroy_service.rb +++ b/app/services/web_hooks/destroy_service.rb @@ -21,8 +21,5 @@ module WebHooks ServiceResponse.error(message: "Unable to destroy #{web_hook.model_name.human}") end end - - # Backwards compatibility with WebHooks::DestroyWorker - alias_method :sync_destroy, :execute end end diff --git a/app/views/groups/_group_admin_settings.html.haml b/app/views/groups/_group_admin_settings.html.haml index 0a170ebdb24..5d2b54b00b2 100644 --- a/app/views/groups/_group_admin_settings.html.haml +++ b/app/views/groups/_group_admin_settings.html.haml @@ -4,7 +4,7 @@ .col-sm-10 = f.gitlab_ui_checkbox_component :lfs_enabled, checkbox_options: { checked: @group.lfs_enabled? } do |c| = c.label do - = _('Allow projects within this group to use Git LFS') + = _('Projects in this group can use Git LFS') = link_to sprite_icon('question-o'), help_page_path('topics/git/lfs/index'), class: 'gl-ml-2' = c.help_text do = _('This setting can be overridden in each project.') @@ -24,7 +24,7 @@ .col-sm-2.col-form-label.pt-0 = f.label :require_two_factor_authentication, _('Two-factor authentication') .col-sm-10 - - label = _("Require all users in this group to set up two-factor authentication") + - label = _("All users in this group must set up two-factor authentication") - help_link = link_to sprite_icon('question-o'), help_page_path('security/two_factor_authentication', anchor: 'enforce-2fa-for-all-users-in-a-group'), class: 'gl-ml-2' = f.gitlab_ui_checkbox_component :require_two_factor_authentication, '%{label}%{help_link}'.html_safe % { label: label, help_link: help_link } .form-group.row diff --git a/app/views/groups/settings/_permissions.html.haml b/app/views/groups/settings/_permissions.html.haml index 319af7be22e..e35c0341ec0 100644 --- a/app/views/groups/settings/_permissions.html.haml +++ b/app/views/groups/settings/_permissions.html.haml @@ -7,27 +7,27 @@ - if @group.root? .form-group.gl-mb-3 = f.gitlab_ui_checkbox_component :prevent_sharing_groups_outside_hierarchy, - s_('GroupSettings|Prevent members from sending invitations to groups outside of %{group} and its subgroups').html_safe % { group: link_to_group(@group) }, + s_('GroupSettings|Members cannot invite groups outside of %{group} and its subgroups').html_safe % { group: link_to_group(@group) }, help_text: prevent_sharing_groups_outside_hierarchy_help_text(@group), checkbox_options: { disabled: !can_change_prevent_sharing_groups_outside_hierarchy?(@group) } .form-group.gl-mb-3 = f.gitlab_ui_checkbox_component :share_with_group_lock, - s_('GroupSettings|Prevent sharing a project within %{group} with other groups').html_safe % { group: link_to_group(@group) }, + s_('GroupSettings|Projects in %{group} cannot be shared with other groups').html_safe % { group: link_to_group(@group) }, checkbox_options: { disabled: !can_change_share_with_group_lock?(@group) }, help_text: share_with_group_lock_help_text(@group) .form-group.gl-mb-3 = f.gitlab_ui_checkbox_component :emails_disabled, - s_('GroupSettings|Disable email notifications'), + s_('GroupSettings|Email notifications are disabled'), checkbox_options: { checked: @group.emails_disabled?, disabled: !can_disable_group_emails?(@group) }, help_text: s_('GroupSettings|Overrides user notification preferences for all members of the group, subgroups, and projects.') .form-group.gl-mb-3 = f.gitlab_ui_checkbox_component :mentions_disabled, - s_('GroupSettings|Disable group mentions'), + s_('GroupSettings|Group mentions are disabled'), checkbox_options: { checked: @group.mentions_disabled? }, - help_text: s_('GroupSettings|Prevents group members from being notified if the group is mentioned.') + help_text: s_('GroupSettings|Group members are not notified if the group is mentioned.') = render 'groups/settings/resource_access_token_creation', f: f, group: @group = render_if_exists 'groups/settings/delayed_project_removal', f: f, group: @group @@ -48,8 +48,8 @@ %h5= _('Customer relations') .form-group.gl-mb-3 = f.gitlab_ui_checkbox_component :crm_enabled, - s_('GroupSettings|Enable customer relations'), + s_('GroupSettings|Customer relations is enabled'), checkbox_options: { checked: @group.crm_enabled? }, - help_text: s_('GroupSettings|Allows creating organizations and contacts and associating them with issues.') + help_text: s_('GroupSettings|Organizations and contacts can be created and associated with issues.') = f.submit _('Save changes'), class: 'btn gl-button btn-confirm gl-mt-3 js-dirty-submit', data: { qa_selector: 'save_permissions_changes_button' } diff --git a/app/views/groups/settings/_project_creation_level.html.haml b/app/views/groups/settings/_project_creation_level.html.haml index 36b714535d2..ef535b8a21c 100644 --- a/app/views/groups/settings/_project_creation_level.html.haml +++ b/app/views/groups/settings/_project_creation_level.html.haml @@ -1,3 +1,3 @@ .form-group - = f.label s_('ProjectCreationLevel|Allowed to create projects'), class: 'label-bold' + = f.label s_('ProjectCreationLevel|Roles allowed to create projects'), class: 'label-bold' = f.select :project_creation_level, options_for_select(::Gitlab::Access.project_creation_options, group.project_creation_level), {}, class: 'form-control', data: { qa_selector: 'project_creation_level_dropdown' } diff --git a/app/views/groups/settings/_resource_access_token_creation.html.haml b/app/views/groups/settings/_resource_access_token_creation.html.haml index 160f8ae1e07..d304dba3250 100644 --- a/app/views/groups/settings/_resource_access_token_creation.html.haml +++ b/app/views/groups/settings/_resource_access_token_creation.html.haml @@ -6,6 +6,5 @@ - link_start_project = ''.html_safe % { url: project_access_tokens_link } - link_start_group = ''.html_safe % { url: group_access_tokens_link } = f.gitlab_ui_checkbox_component :resource_access_token_creation_allowed, - s_('GroupSettings|Allow project and group access token creation'), - checkbox_options: { checked: group.namespace_settings.resource_access_token_creation_allowed?, data: { qa_selector: 'resource_access_token_creation_allowed_checkbox' } }, - help_text: s_('GroupSettings|Users can create %{link_start_project}project access tokens%{link_end} and %{link_start_group}group access tokens%{link_end} in this group.').html_safe % { link_start_project: link_start_project, link_start_group: link_start_group, link_end: ''.html_safe } + s_('GroupSettings|Users can create %{link_start_project}project access tokens%{link_end} and %{link_start_group}group access tokens%{link_end} in this group').html_safe % { link_start_project: link_start_project, link_start_group: link_start_group, link_end: ''.html_safe }, + checkbox_options: { checked: group.namespace_settings.resource_access_token_creation_allowed?, data: { qa_selector: 'resource_access_token_creation_allowed_checkbox' } } diff --git a/app/views/groups/settings/_subgroup_creation_level.html.haml b/app/views/groups/settings/_subgroup_creation_level.html.haml index f36ad192bad..d92610367ae 100644 --- a/app/views/groups/settings/_subgroup_creation_level.html.haml +++ b/app/views/groups/settings/_subgroup_creation_level.html.haml @@ -1,3 +1,3 @@ .form-group - = f.label s_('SubgroupCreationLevel|Allowed to create subgroups'), class: 'label-bold' + = f.label s_('SubgroupCreationLevel|Roles allowed to create subgroups'), class: 'label-bold' = f.select :subgroup_creation_level, options_for_select(::Gitlab::Access.subgroup_creation_options, group.subgroup_creation_level), {}, class: 'form-control' diff --git a/app/views/groups/settings/_two_factor_auth.html.haml b/app/views/groups/settings/_two_factor_auth.html.haml index f86bcb24e63..03813f6f8a2 100644 --- a/app/views/groups/settings/_two_factor_auth.html.haml +++ b/app/views/groups/settings/_two_factor_auth.html.haml @@ -8,14 +8,14 @@ .form-group = f.gitlab_ui_checkbox_component :require_two_factor_authentication, - _('Require all users in this group to set up two-factor authentication'), + _('All users in this group must set up two-factor authentication'), checkbox_options: { data: { qa_selector: 'require_2fa_checkbox' } } .form-group - = f.label :two_factor_grace_period, _('Time before enforced') + = f.label :two_factor_grace_period, _('Delay 2FA enforcement (hours)') = f.text_field :two_factor_grace_period, class: 'form-control form-control-sm w-auto gl-form-input gl-mb-3' - .form-text.text-muted= _('Time (in hours) that users are allowed to skip forced configuration of two-factor authentication.') + .form-text.text-muted= _("The maximum amount of time users have to set up two-factor authentication before it's enforced.") - unless group.has_parent? .form-group = f.gitlab_ui_checkbox_component :allow_mfa_for_subgroups, - _('Allow subgroups to set up their own two-factor authentication rules'), + _('Subgroups can set up their own two-factor authentication rules'), checkbox_options: { checked: group.namespace_settings&.allow_mfa_for_subgroups } diff --git a/app/views/shared/_allow_request_access.html.haml b/app/views/shared/_allow_request_access.html.haml index 608a0ca37d9..ab5f2fb1772 100644 --- a/app/views/shared/_allow_request_access.html.haml +++ b/app/views/shared/_allow_request_access.html.haml @@ -1,3 +1,3 @@ = form.gitlab_ui_checkbox_component :request_access_enabled, - _('Allow users to request access (if visibility is public or internal)'), + _('Users can request access (if visibility is public or internal)'), checkbox_options: { data: { qa_selector: 'request_access_checkbox' } } diff --git a/app/workers/all_queues.yml b/app/workers/all_queues.yml index 9bb6bd32386..3f34c6d3c0e 100644 --- a/app/workers/all_queues.yml +++ b/app/workers/all_queues.yml @@ -948,15 +948,6 @@ :weight: 1 :idempotent: false :tags: [] -- :name: gcp_cluster:clusters_applications_activate_service - :worker_name: Clusters::Applications::ActivateServiceWorker - :feature_category: :kubernetes_management - :has_external_dependencies: false - :urgency: :low - :resource_boundary: :unknown - :weight: 1 - :idempotent: false - :tags: [] - :name: gcp_cluster:clusters_applications_deactivate_integration :worker_name: Clusters::Applications::DeactivateIntegrationWorker :feature_category: :kubernetes_management @@ -966,15 +957,6 @@ :weight: 1 :idempotent: false :tags: [] -- :name: gcp_cluster:clusters_applications_deactivate_service - :worker_name: Clusters::Applications::DeactivateServiceWorker - :feature_category: :kubernetes_management - :has_external_dependencies: false - :urgency: :low - :resource_boundary: :unknown - :weight: 1 - :idempotent: false - :tags: [] - :name: gcp_cluster:clusters_applications_uninstall :worker_name: Clusters::Applications::UninstallWorker :feature_category: :kubernetes_management @@ -2434,15 +2416,6 @@ :weight: 2 :idempotent: false :tags: [] -- :name: irker - :worker_name: IrkerWorker - :feature_category: :integrations - :has_external_dependencies: false - :urgency: :low - :resource_boundary: :unknown - :weight: 1 - :idempotent: false - :tags: [] - :name: issuable_export_csv :worker_name: IssuableExportCsvWorker :feature_category: :team_planning @@ -2776,15 +2749,6 @@ :weight: 1 :idempotent: false :tags: [] -- :name: project_service - :worker_name: ProjectServiceWorker - :feature_category: :integrations - :has_external_dependencies: true - :urgency: :low - :resource_boundary: :unknown - :weight: 1 - :idempotent: false - :tags: [] - :name: projects_after_import :worker_name: Projects::AfterImportWorker :feature_category: :importers @@ -3101,15 +3065,6 @@ :weight: 1 :idempotent: false :tags: [] -- :name: web_hooks_destroy - :worker_name: WebHooks::DestroyWorker - :feature_category: :integrations - :has_external_dependencies: false - :urgency: :high - :resource_boundary: :unknown - :weight: 1 - :idempotent: true - :tags: [] - :name: web_hooks_log_destroy :worker_name: WebHooks::LogDestroyWorker :feature_category: :integrations diff --git a/app/workers/clusters/applications/activate_service_worker.rb b/app/workers/clusters/applications/activate_service_worker.rb deleted file mode 100644 index abc84bcd093..00000000000 --- a/app/workers/clusters/applications/activate_service_worker.rb +++ /dev/null @@ -1,12 +0,0 @@ -# frozen_string_literal: true - -# This worker was renamed in 15.1, we can delete it in 15.2. -# See: https://gitlab.com/gitlab-org/gitlab/-/issues/364112 -# -# rubocop:disable Scalability/IdempotentWorker -module Clusters - module Applications - class ActivateServiceWorker < ActivateIntegrationWorker - end - end -end diff --git a/app/workers/clusters/applications/deactivate_service_worker.rb b/app/workers/clusters/applications/deactivate_service_worker.rb deleted file mode 100644 index 88219b8b17e..00000000000 --- a/app/workers/clusters/applications/deactivate_service_worker.rb +++ /dev/null @@ -1,12 +0,0 @@ -# frozen_string_literal: true - -# This worker was renamed in 15.1, we can delete it in 15.2. -# See: https://gitlab.com/gitlab-org/gitlab/-/issues/364112 -# -# rubocop:disable Scalability/IdempotentWorker -module Clusters - module Applications - class DeactivateServiceWorker < DeactivateIntegrationWorker - end - end -end diff --git a/app/workers/irker_worker.rb b/app/workers/irker_worker.rb deleted file mode 100644 index a054021e418..00000000000 --- a/app/workers/irker_worker.rb +++ /dev/null @@ -1,9 +0,0 @@ -# frozen_string_literal: true - -# This worker was renamed in 15.1, we can delete it in 15.2. -# See: https://gitlab.com/gitlab-org/gitlab/-/issues/364112 -# -# rubocop: disable Gitlab/NamespacedClass -# rubocop:disable Scalability/IdempotentWorker -class IrkerWorker < Integrations::IrkerWorker -end diff --git a/app/workers/project_service_worker.rb b/app/workers/project_service_worker.rb deleted file mode 100644 index 56ac4bc046a..00000000000 --- a/app/workers/project_service_worker.rb +++ /dev/null @@ -1,16 +0,0 @@ -# frozen_string_literal: true - -# This worker was renamed in 15.1, we can delete it in 15.2. -# See: https://gitlab.com/gitlab-org/gitlab/-/issues/364112 -# -# rubocop: disable Gitlab/NamespacedClass -# rubocop: disable Scalability/IdempotentWorker -class ProjectServiceWorker < Integrations::ExecuteWorker - data_consistency :always - sidekiq_options retry: 3 - sidekiq_options dead: false - feature_category :integrations - urgency :low - - worker_has_external_dependencies! -end diff --git a/app/workers/web_hooks/destroy_worker.rb b/app/workers/web_hooks/destroy_worker.rb deleted file mode 100644 index 8f9b194f88a..00000000000 --- a/app/workers/web_hooks/destroy_worker.rb +++ /dev/null @@ -1,27 +0,0 @@ -# frozen_string_literal: true - -module WebHooks - class DestroyWorker - include ApplicationWorker - - DestroyError = Class.new(StandardError) - - data_consistency :always - sidekiq_options retry: 3 - feature_category :integrations - urgency :high - - idempotent! - - def perform(user_id, web_hook_id) - user = User.find_by_id(user_id) - hook = WebHook.find_by_id(web_hook_id) - - return unless user && hook - - result = ::WebHooks::DestroyService.new(user).sync_destroy(hook) - - result.track_and_raise_exception(as: DestroyError, web_hook_id: hook.id) - end - end -end diff --git a/config/feature_flags/development/rename_integrations_workers.yml b/config/feature_flags/development/rename_integrations_workers.yml deleted file mode 100644 index 307b21c0545..00000000000 --- a/config/feature_flags/development/rename_integrations_workers.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -name: rename_integrations_workers -introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/88558 -rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/364112 -milestone: '15.1' -type: development -group: group::integrations -default_enabled: true diff --git a/config/sidekiq_queues.yml b/config/sidekiq_queues.yml index 9989019a70d..ce4640e65e4 100644 --- a/config/sidekiq_queues.yml +++ b/config/sidekiq_queues.yml @@ -241,8 +241,6 @@ - 1 - - invalid_gpg_signature_update - 2 -- - irker - - 1 - - issuable_export_csv - 1 - - issuable_label_links_destroy @@ -357,8 +355,6 @@ - 1 - - project_import_schedule - 1 -- - project_service - - 1 - - project_template_export - 1 - - projects_after_import @@ -471,8 +467,6 @@ - 1 - - web_hook - 1 -- - web_hooks_destroy - - 1 - - web_hooks_log_destroy - 1 - - web_hooks_log_execution diff --git a/data/whats_new/202206220001_15_1.yml b/data/whats_new/202206220001_15_1.yml new file mode 100644 index 00000000000..76ef7fd1a46 --- /dev/null +++ b/data/whats_new/202206220001_15_1.yml @@ -0,0 +1,59 @@ +# This is a template for a "Whats New" release. +# A release typically contains multiple entries of features that we'd like to highlight. +# +# Below is an example of what a single entry should look like, it's required attributes, +# and what types we expect those attribute values to be. All attributes are required. +# +# For more information please refer to the handbook documentation here: +# https://about.gitlab.com/handbook/marketing/blog/release-posts/index.html#create-mr-for-whats-new-entries +# +# Please delete this line and above before submitting your merge request. + +- title: SAML Group Sync for self-managed GitLab + body: | # Do not modify this line, instead modify the lines below. + You can now map a group in your identity provider to a self-managed GitLab group using SAML group links. Previously, this feature was only available for GitLab.com. Group memberships are updated when a user logs into GitLab through their SAML provider. This new functionality decreases the workload for GitLab administrators and reduces onboarding time for group members. + stage: manage # String value of the stage that the feature was created in. e.g., Growth + self-managed: true + gitlab-com: true + packages: [Premium, Ultimate] + url: https://docs.gitlab.com/ee/user/group/saml_sso/group_sync.html + image_url: https://about.gitlab.com/images/15_1/SAML_Group_Sync.png # This should be a full URL, generally taken from the release post content. If a video, use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg + published_at: 2022-06-22 + release: 15.1 +- title: Enhancing visibility into Value Stream with DORA metrics + body: | # Do not modify this line, instead modify the lines below. + With the addition of the four [DORA metrics](https://docs.gitlab.com/ee/user/analytics/#devops-research-and-assessment-dora-key-metrics) tiles to the [Value Stream Analytics](https://docs.gitlab.com/ee/user/group/value_stream_analytics/) dashboard, you can now track team performance and value flow from ideation to customer delivery. Additionally, we added a new trend chart for the DORA [Time to restore service](https://docs.gitlab.com/ee/user/analytics/ci_cd_analytics.html) metric to provide insights into software stability and reliability trends. This new chart shows information about how long it takes an organization to recover from a failure in production. This is the third DORA chart that's available out of the box in GitLab. We plan to keep improving the visibility into DORA metrics and also add charts for the fourth metric- Change failure rate. + stage: manage # String value of the stage that the feature was created in. e.g., Growth + self-managed: true + gitlab-com: true + packages: [Free, Premium, Ultimate] + url: https://docs.gitlab.com/ee/user/analytics/ci_cd_analytics.html + image_url: https://about.gitlab.com/images/15_1/vsa_dora_n_ttrs.png # This should be a full URL, generally taken from the release post content. If a video, use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg + published_at: 2022-06-22 + release: 15.1 +- title: "SLSA-2 attestation included for build artifacts" + body: | # Do not modify this line, instead modify the lines below. + [Supply-chain Levels for Software Artifacts (SLSA)](https://github.com/slsa-framework/slsa) is a security framework that helps ensure the security and integrity of your software supply chain. By default, GitLab Runner is now capable of generating and producing SLSA-2 compliant attestation metadata for build artifacts. + If the artifact is stored in a registry, then the attestation metadata is stored alongside the artifact in that registry. Otherwise, the metadata is in rendered in a plain text `.json` file that's stored with the artifact. + This new attestation information can help you more easily verify that your build artifacts have not been tampered with. To enable this feature, simply set `RUNNER_GENERATE_ARTIFACTS_METADATA = "true"` in your `.gitlab-ci.yml` file. + As part of the Limited Availability release, CI jobs that run on the macOS runners will count toward your CI/CD minutes quota at a [cost factor](https://docs.gitlab.com/ee/ci/pipelines/cicd_minutes.html#cost-factor) of 6. + stage: verify + self-managed: true + gitlab-com: true + packages: [Free, Premium, Ultimate] + url: https://docs.gitlab.com/ee/ci/runners/configure_runners.html#artifact-attestation + image_url: https://www.youtube.com/embed/MlIdqrDgI8U + published_at: 2022-06-22 + release: 15.1 +- title: "Link to included CI/CD configuration from the pipeline editor" + body: | # Do not modify this line, instead modify the lines below. + A typical CI/CD configuration uses the `include` keyword to import configuration stored in other files or CI/CD templates. When editing or troubleshooting your configuration though, it can be difficult to understand how all the configuration works together because the included configuration is not visible in your `.gitlab-ci-yml`, you only see the `include` entry. + In this release, we added links to all included configuration files and templates to the pipeline editor. Now you can easily access and view all the CI/CD configuration your pipeline uses, making it much easier to manage large and complex pipelines. + stage: verify + self-managed: true + gitlab-com: true + packages: [Free, Premium, Ultimate] + url: https://docs.gitlab.com/ee/ci/pipeline_editor/ + image_url: https://www.youtube.com/embed/7BNDUYfY_ok + published_at: 2022-06-22 + release: 15.1 diff --git a/db/post_migrate/20220601151900_schedule_backfill_ci_runner_semver.rb b/db/post_migrate/20220601151900_schedule_backfill_ci_runner_semver.rb new file mode 100644 index 00000000000..30615d49268 --- /dev/null +++ b/db/post_migrate/20220601151900_schedule_backfill_ci_runner_semver.rb @@ -0,0 +1,29 @@ +# frozen_string_literal: true + +class ScheduleBackfillCiRunnerSemver < Gitlab::Database::Migration[2.0] + restrict_gitlab_migration gitlab_schema: :gitlab_ci + + MIGRATION = 'BackfillCiRunnerSemver' + INTERVAL = 2.minutes.freeze + BATCH_SIZE = 500 + MAX_BATCH_SIZE = 10_000 + SUB_BATCH_SIZE = 100 + + disable_ddl_transaction! + + def up + queue_batched_background_migration( + MIGRATION, + :ci_runners, + :id, + job_interval: INTERVAL, + batch_size: BATCH_SIZE, + max_batch_size: MAX_BATCH_SIZE, + sub_batch_size: SUB_BATCH_SIZE + ) + end + + def down + delete_batched_background_migration(MIGRATION, :ci_runners, :id, []) + end +end diff --git a/db/schema_migrations/20220601151900 b/db/schema_migrations/20220601151900 new file mode 100644 index 00000000000..d758b7aa67c --- /dev/null +++ b/db/schema_migrations/20220601151900 @@ -0,0 +1 @@ +c215c9ef738ab0d466d9244c0596164d6860728ac92fac90bef5a987c2cef6b7 \ No newline at end of file diff --git a/doc/api/groups.md b/doc/api/groups.md index 8372d6deddd..c51f23decb9 100644 --- a/doc/api/groups.md +++ b/doc/api/groups.md @@ -823,7 +823,7 @@ Parameters: | `subgroup_creation_level` | string | no | Allowed to [create subgroups](../user/group/subgroups/index.md#create-a-subgroup). Can be `owner` (Owners), or `maintainer` (users with the Maintainer role). | | `two_factor_grace_period` | integer | no | Time before Two-factor authentication is enforced (in hours). | | `visibility` | string | no | The group's visibility. Can be `private`, `internal`, or `public`. | -| `membership_lock` **(PREMIUM)** | boolean | no | Prevent adding new members to projects within this group. | +| `membership_lock` **(PREMIUM)** | boolean | no | Users cannot be added to projects in this group. | | `extra_shared_runners_minutes_limit` **(PREMIUM)** | integer | no | Can be set by administrators only. Additional CI/CD minutes for this group. | | `shared_runners_minutes_limit` **(PREMIUM)** | integer | no | Can be set by administrators only. Maximum number of monthly CI/CD minutes for this group. Can be `nil` (default; inherit system default), `0` (unlimited), or `> 0`. | @@ -930,7 +930,7 @@ PUT /groups/:id | `visibility` | string | no | The visibility level of the group. Can be `private`, `internal`, or `public`. | | `extra_shared_runners_minutes_limit` **(PREMIUM)** | integer | no | Can be set by administrators only. Additional CI/CD minutes for this group. | | `file_template_project_id` **(PREMIUM)** | integer | no | The ID of a project to load custom file templates from. | -| `membership_lock` **(PREMIUM)** | boolean | no | Prevent adding new members to projects within this group. | +| `membership_lock` **(PREMIUM)** | boolean | no | Users cannot be added to projects in this group. | | `prevent_forking_outside_group` **(PREMIUM)** | boolean | no | When enabled, users can **not** fork projects from this group to external namespaces. | | `shared_runners_minutes_limit` **(PREMIUM)** | integer | no | Can be set by administrators only. Maximum number of monthly CI/CD minutes for this group. Can be `nil` (default; inherit system default), `0` (unlimited), or `> 0`. | diff --git a/doc/development/geo.md b/doc/development/geo.md index 18dffe42177..0120548e50b 100644 --- a/doc/development/geo.md +++ b/doc/development/geo.md @@ -19,11 +19,11 @@ Geo handles replication for different components: - [Database](#database-replication): includes the entire application, except cache and jobs. - [Git repositories](#repository-replication): includes both projects and wikis. -- [Uploaded blobs](#uploads-replication): includes anything from images attached on issues +- [Blobs](#blob-replication): includes anything from images attached on issues to raw logs and assets from CI. With the exception of the Database replication, on a *secondary* site, everything is coordinated -by the [Geo Log Cursor](#geo-log-cursor). +by the [Geo Log Cursor](#geo-log-cursor-daemon). ### Geo Log Cursor daemon @@ -66,7 +66,7 @@ the state of every repository in the [tracking database](#tracking-database). There are a few ways a repository gets replicated by the: - [Repository Sync worker](#repository-sync-worker). -- [Geo Log Cursor](#geo-log-cursor). +- [Geo Log Cursor](#geo-log-cursor-daemon). #### Project Registry @@ -104,19 +104,204 @@ times, Geo does a so-called _re-download_. It will do a clean clone into the `@geo-temporary` directory in the root of the storage. When it's successful, we replace the main repository with the newly cloned one. -### Uploads replication +### Blob replication -File uploads are also being replicated to the **secondary** site. To -track the state of syncing, the `Geo::UploadRegistry` model is used. +Blobs such as [uploads](uploads/index.md), LFS objects, and CI job artifacts, are replicated to the **secondary** site with the [Self-Service Framework](geo/framework.md). To track the state of syncing, each model has a corresponding registry table, for example `Upload` has `Geo::UploadRegistry` in the [PostgreSQL Geo Tracking Database](#tracking-database). -#### Upload Registry +#### Blob replication happy path workflows between services -Similar to the [Project Registry](#project-registry), there is a -`Geo::UploadRegistry` model that tracks the synced uploads. +Job artifacts are used in the diagrams below, as one example of a blob. -CI Job Artifacts and LFS objects are synced in a similar way as uploads, -but they are tracked by `Geo::JobArtifactRegistry`, and `Geo::LfsObjectRegistry` -models respectively. +##### Replicating a new job artifact + +Primary site: + +```mermaid +sequenceDiagram + participant R as Runner + participant P as Puma + participant DB as PostgreSQL + participant SsP as Secondary site PostgreSQL + R->>P: Upload artifact + P->>DB: Insert `ci_job_artifacts` row + P->>DB: Insert `geo_events` row + P->>DB: Insert `geo_event_log` row + DB->>SsP: Replicate rows +``` + +- A [Runner](https://docs.gitlab.com/runner/) uploads an artifact +- [Puma](architecture.md#puma) inserts `ci_job_artifacts` row +- Puma inserts `geo_events` row with data like "Job Artifact with ID 123 was updated" +- Puma inserts `geo_event_log` row pointing to the `geo_events` row (because we built SSF on top of some legacy logic) +- [PostgreSQL](architecture.md#postgresql) streaming replication inserts the rows in the read replica + +Secondary site, after the PostgreSQL DB rows have been replicated: + +```mermaid +sequenceDiagram + participant DB as PostgreSQL + participant GLC as Geo Log Cursor + participant R as Redis + participant S as Sidekiq + participant TDB as PostgreSQL Tracking DB + participant PP as Primary site Puma + GLC->>DB: Query `geo_event_log` + GLC->>DB: Query `geo_events` + GLC->>R: Enqueue `Geo::EventWorker` + S->>R: Pick up `Geo::EventWorker` + S->>TDB: Insert to `job_artifact_registry`, "starting sync" + S->>PP: GET /geo/retrieve/job_artifact/123 + S->>TDB: Update `job_artifact_registry`, "synced" +``` + +- [Geo Log Cursor](#geo-log-cursor-daemon) loop finds the new `geo_event_log` row +- Geo Log Cursor processes the `geo_events` row + - Geo Log Cursor enqueues `Geo::EventWorker` job passing through the `geo_events` row data +- [Sidekiq](architecture.md#sidekiq) picks up `Geo::EventWorker` job + - Sidekiq inserts `job_artifact_registry` row in the [PostgreSQL Geo Tracking Database](#tracking-database) because it doesn't exist, and marks it "started sync" + - Sidekiq does a GET request on an API endpoint at the primary Geo site and downloads the file + - Sidekiq marks the `job_artifact_registry` row as "synced" and "pending verification" + +##### Backfilling existing job artifacts + +- Sysadmin has an existing GitLab site without Geo +- There are existing CI jobs and job artifacts +- Sysadmin sets up a new GitLab site and configures it to be a secondary Geo site + +Secondary site: + +There are two cronjobs running every minute: `Geo::Secondary::RegistryConsistencyWorker` and `Geo::RegistrySyncWorker`. The workflow below is split into two, along those lines. + +```mermaid +sequenceDiagram + participant SC as Sidekiq-cron + participant R as Redis + participant S as Sidekiq + participant DB as PostgreSQL + participant TDB as PostgreSQL Tracking DB + SC->>R: Enqueue `Geo::Secondary::RegistryConsistencyWorker` + S->>R: Pick up `Geo::Secondary::RegistryConsistencyWorker` + S->>DB: Query `ci_job_artifacts` + S->>TDB: Query `job_artifact_registry` + S->>TDB: Insert to `job_artifact_registry` +``` + +- [Sidekiq-cron](https://github.com/ondrejbartas/sidekiq-cron) enqueues a `Geo::Secondary::RegistryConsistencyWorker` job every minute. As long as it is actively doing work (creating and deleting rows), this job immediately reenqueues itself. This job uses an exclusive lease to prevent multiple instances of itself from running simultaneously. +- [Sidekiq](architecture.md#sidekiq) picks up `Geo::Secondary::RegistryConsistencyWorker` job + - Sidekiq queries `ci_job_artifacts` table for up to 10000 rows + - Sidekiq queries `job_artifact_registry` table for up to 10000 rows + - Sidekiq inserts a `job_artifact_registry` row in the [PostgreSQL Geo Tracking Database](#tracking-database) corresponding to the existing Job Artifact + +```mermaid +sequenceDiagram + participant SC as Sidekiq-cron + participant R as Redis + participant S as Sidekiq + participant DB as PostgreSQL + participant TDB as PostgreSQL Tracking DB + participant PP as Primary site Puma + SC->>R: Enqueue `Geo::RegistrySyncWorker` + S->>R: Pick up `Geo::RegistrySyncWorker` + S->>TDB: Query `*_registry` tables + S->>R: Enqueue `Geo::EventWorker`s + S->>R: Pick up `Geo::EventWorker` + S->>TDB: Insert to `job_artifact_registry`, "starting sync" + S->>PP: GET /geo/retrieve/job_artifact/123 + S->>TDB: Update `job_artifact_registry`, "synced" +``` + +- [Sidekiq-cron](https://github.com/ondrejbartas/sidekiq-cron) enqueues a `Geo::RegistrySyncWorker` job every minute. As long as it is actively doing work, this job loops for up to an hour scheduling sync jobs. This job uses an exclusive lease to prevent multiple instances of itself from running simultaneously. +- [Sidekiq](architecture.md#sidekiq) picks up `Geo::RegistrySyncWorker` job + - Sidekiq queries all `registry` tables in the [PostgreSQL Geo Tracking Database](#tracking-database) for "never attempted sync" rows. It interleaves rows from each table and adds them to an in-memory queue. + - If the previous step yielded less than 1000 rows, then Sidekiq queries all `registry` tables for "failed sync and ready to retry" rows and interleaves those and adds them to the in-memory queue. + - Sidekiq enqueues `Geo::EventWorker` jobs with arguments like "Job Artifact with ID 123 was updated" for each item in the queue, and tracks the enqueued Sidekiq job IDs. + - Sidekiq stops enqueuing `Geo::EventWorker` jobs when "maximum concurrency limit" settings are reached + - Sidekiq loops doing this kind of work until it has no more to do +- Sidekiq picks up `Geo::EventWorker` job + - Sidekiq marks the `job_artifact_registry` row as "started sync" + - Sidekiq does a GET request on an API endpoint at the primary Geo site and downloads the file + - Sidekiq marks the `job_artifact_registry` row as "synced" and "pending verification" + +##### Verifying a new job artifact + +Primary site: + +```mermaid +sequenceDiagram + participant Ru as Runner + participant P as Puma + participant DB as PostgreSQL + participant SC as Sidekiq-cron + participant Rd as Redis + participant S as Sidekiq + participant F as Filesystem + Ru->>P: Upload artifact + P->>DB: Insert `ci_job_artifacts` + P->>DB: Insert `ci_job_artifact_states` + SC->>Rd: Enqueue `Geo::VerificationCronWorker` + S->>Rd: Pick up `Geo::VerificationCronWorker` + S->>DB: Query `ci_job_artifact_states` + S->>Rd: Enqueue `Geo::VerificationBatchWorker` + S->>Rd: Pick up `Geo::VerificationBatchWorker` + S->>DB: Query `ci_job_artifact_states` + S->>DB: Update `ci_job_artifact_states` row, "started" + S->>F: Checksum file + S->>DB: Update `ci_job_artifact_states` row, "succeeded" +``` + +- A [Runner](https://docs.gitlab.com/runner/) uploads an artifact +- [Puma](architecture.md#puma) creates a `ci_job_artifacts` row +- Puma creates a `ci_job_artifact_states` row to store verification state. + - The row is marked "pending verification" +- [Sidekiq-cron](https://github.com/ondrejbartas/sidekiq-cron) enqueues a `Geo::VerificationCronWorker` job every minute +- [Sidekiq](architecture.md#sidekiq) picks up the `Geo::VerificationCronWorker` job + - Sidekiq queries `ci_job_artifact_states` for the number of rows marked "pending verification" or "failed verification and ready to retry" + - Sidekiq enqueues one or more `Geo::VerificationBatchWorker` jobs, limited by the "maximum verification concurrency" setting +- Sidekiq picks up `Geo::VerificationBatchWorker` job + - Sidekiq queries `ci_job_artifact_states` for rows marked "pending verification" + - If the previous step yielded less than 10 rows, then Sidekiq queries `ci_job_artifact_states` for rows marked "failed verification and ready to retry" + - For each row + - Sidekiq marks it "started verification" + - Sidekiq gets the SHA256 checksum of the file + - Sidekiq saves the checksum in the row and marks it "succeeded verification" + - Now secondary Geo sites can compare against this checksum + +Secondary site: + +```mermaid +sequenceDiagram + participant SC as Sidekiq-cron + participant R as Redis + participant S as Sidekiq + participant TDB as PostgreSQL Tracking DB + participant F as Filesystem + participant DB as PostgreSQL + SC->>R: Enqueue `Geo::VerificationCronWorker` + S->>R: Pick up `Geo::VerificationCronWorker` + S->>TDB: Query `job_artifact_registry` + S->>R: Enqueue `Geo::VerificationBatchWorker` + S->>R: Pick up `Geo::VerificationBatchWorker` + S->>TDB: Query `job_artifact_registry` + S->>TDB: Update `job_artifact_registry` row, "started" + S->>F: Checksum file + S->>DB: Query `ci_job_artifact_states` + S->>TDB: Update `job_artifact_registry` row, "succeeded" +``` + +- After the artifact is successfully synced, it becomes "pending verification" +- [Sidekiq-cron](https://github.com/ondrejbartas/sidekiq-cron) enqueues a `Geo::VerificationCronWorker` job every minute +- [Sidekiq](architecture.md#sidekiq) picks up the `Geo::VerificationCronWorker` job + - Sidekiq queries `job_artifact_registry` in the [PostgreSQL Geo Tracking Database](#tracking-database) for the number of rows marked "pending verification" or "failed verification and ready to retry" + - Sidekiq enqueues one or more `Geo::VerificationBatchWorker` jobs, limited by the "maximum verification concurrency" setting +- Sidekiq picks up `Geo::VerificationBatchWorker` job + - Sidekiq queries `job_artifact_registry` in the PostgreSQL Geo Tracking Databasef for rows marked "pending verification" + - If the previous step yielded less than 10 rows, then Sidekiq queries `job_artifact_registry` for rows marked "failed verification and ready to retry" + - For each row + - Sidekiq marks it "started verification" + - Sidekiq gets the SHA256 checksum of the file + - Sidekiq saves the checksum in the row + - Sidekiq compares the checksum against the checksum in the `ci_job_artifact_states` row which was replicated by PostgreSQL + - If the checksum matches, then Sidekiq marks the `job_artifact_registry` row "succeeded verification" ## Authentication @@ -303,10 +488,7 @@ events include: - Job Artifact Deleted event - Upload Deleted event -### Geo Log Cursor - -The process running on the **secondary** site that looks for new -`Geo::EventLog` rows. +See [Geo Log Cursor daemon](#geo-log-cursor-daemon). ## Code features @@ -415,7 +597,7 @@ We switch and filter from each event by the `event_name` field. ### Geo Log Cursor (GitLab 10.0 and up) In GitLab 10.0 and later, [System Webhooks](#system-hooks-gitlab-87-to-95) are no longer -used and Geo Log Cursor is used instead. The Log Cursor traverses the +used and [Geo Log Cursor](#geo-log-cursor-daemon) is used instead. The Log Cursor traverses the `Geo::EventLog` rows to see if there are changes since the last time the log was checked and will handle repository updates, deletes, changes, and renames. diff --git a/doc/security/two_factor_authentication.md b/doc/security/two_factor_authentication.md index 65bdcfd755e..32dae99be5a 100644 --- a/doc/security/two_factor_authentication.md +++ b/doc/security/two_factor_authentication.md @@ -46,19 +46,22 @@ Gitlab::CurrentSettings.update!('require_two_factor_authentication': false) > [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/24965) in GitLab 12.0, 2FA settings for a group are also applied to subgroups. +Prerequisites: + +- You must have the Maintainer or Owner role for the group. + To enforce 2FA only for certain groups: -1. Go to the group's **Settings > General** page. -1. Expand the **Permissions and group features** section. -1. Select the **Require all users in this group to set up two-factor authentication** option. +1. On the top bar, select **Menu > Groups** and find your group. +1. On the left sidebar, select **Settings > General**. +1. Expand **Permissions and group features**. +1. Select **All users in this group must set up two-factor authentication**. +1. Select **Save changes**. -You can also specify a grace period in the **Time before enforced** option. - -To change this setting, you must be an administrator or owner of the group. +You can also specify a grace period in the **Delay 2FA enforcement** option. If you want to enforce 2FA only for certain groups, you can enable it in the -group settings and specify a grace period as above. To change this setting you -must be administrator or owner of the group. +group settings and specify a grace period as above. The following are important notes about 2FA: diff --git a/doc/update/index.md b/doc/update/index.md index c1bff13005c..05a903a8385 100644 --- a/doc/update/index.md +++ b/doc/update/index.md @@ -460,10 +460,11 @@ and [Helm Chart deployments](https://docs.gitlab.com/charts/). They come with ap ### 15.2.0 (unreleased) -GitLab installations that have multiple web nodes should be -[upgraded to 15.1](#1510) before upgrading to 15.2 (and later) due to a -configuration change in Rails that can result in inconsistent ETag key -generation. +- GitLab installations that have multiple web nodes should be + [upgraded to 15.1](#1510) before upgrading to 15.2 (and later) due to a + configuration change in Rails that can result in inconsistent ETag key + generation. +- Some Sidekiq workers were renamed in this release. To avoid any disruption, [run the Rake tasks to migrate any pending jobs](../raketasks/sidekiq_job_migration.md#future-jobs) before starting the upgrade to GitLab 15.2.0. ### 15.1.0 diff --git a/doc/user/crm/index.md b/doc/user/crm/index.md index 04bb3e582b1..a2cfdf61a8d 100644 --- a/doc/user/crm/index.md +++ b/doc/user/crm/index.md @@ -39,7 +39,7 @@ To enable customer relations management in a group or subgroup: 1. On the top bar, select **Menu > Groups** and find your group or subgroup. 1. On the left sidebar, select **Settings > General**. 1. Expand the **Permissions and group features** section. -1. Select **Enable customer relations**. +1. Select **Customer relations is enabled**. 1. Select **Save changes**. ## Contacts diff --git a/doc/user/group/index.md b/doc/user/group/index.md index 67127acd5e2..0d1599503ef 100644 --- a/doc/user/group/index.md +++ b/doc/user/group/index.md @@ -240,7 +240,7 @@ To change this setting for a specific group: 1. Find the group and select it. 1. From the left menu, select **Settings > General**. 1. Expand the **Permissions and group features** section. -1. Select the desired option in the **Allowed to create projects** dropdown list. +1. Select the desired option in the **Roles allowed to create projects** dropdown list. 1. Select **Save changes**. To change this setting globally, see [Default project creation protection](../admin_area/settings/visibility_and_access_controls.md#define-which-roles-can-create-projects). @@ -478,7 +478,7 @@ To prevent sharing outside of the group's hierarchy: 1. On the top bar, select **Menu > Groups** and find your group. 1. On the left sidebar, select **Settings > General**. 1. Expand **Permissions and group features**. -1. Select **Prevent members from sending invitations to groups outside of `` and its subgroups**. +1. Select **Members cannot invite groups outside of `` and its subgroups**. 1. Select **Save changes**. ## Prevent a project from being shared with groups @@ -490,7 +490,7 @@ To prevent a project from being shared with other groups: 1. Go to the group's **Settings > General** page. 1. Expand the **Permissions and group features** section. -1. Select **Prevent sharing a project in `` with other groups**. +1. Select **Projects in `` cannot be shared with other groups**. 1. Select **Save changes**. This setting applies to all subgroups unless overridden by a group owner. Groups already @@ -582,7 +582,7 @@ To prevent members from being added to projects in a group: 1. Go to the group's **Settings > General** page. 1. Expand the **Permissions and group features** section. -1. Under **Membership**, select **Prevent adding new members to projects within this group**. +1. Under **Membership**, select **Users cannot be added to projects in this group**. 1. Select **Save changes**. All users who previously had permissions can no longer add members to a group. @@ -636,7 +636,7 @@ To restrict group access by IP address: 1. Go to the group's **Settings > General** page. 1. Expand the **Permissions and group features** section. -1. In the **Allow access to the following IP addresses** field, enter IPv4 or IPv6 address ranges in CIDR notation. +1. In the **Restrict access by IP address** field, enter IPv4 or IPv6 address ranges in CIDR notation. 1. Select **Save changes**. In self-managed installations of GitLab 15.1 and later, you can also configure @@ -729,7 +729,7 @@ To disable email notifications: 1. Go to the group's **Settings > General** page. 1. Expand the **Permissions and group features** section. -1. Select **Disable email notifications**. +1. Select **Email notifications are disabled**. 1. Select **Save changes**. ## Disable group mentions @@ -748,7 +748,7 @@ To disable group mentions: 1. Go to the group's **Settings > General** page. 1. Expand the **Permissions and group features** section. -1. Select **Disable group mentions**. +1. Select **Group mentions are disabled**. 1. Select **Save changes**. ## Enable delayed project deletion **(PREMIUM)** @@ -760,7 +760,7 @@ To disable group mentions: > - [User interface changed](https://gitlab.com/gitlab-org/gitlab/-/issues/352961) in GitLab 15.1. [Delayed project deletion](../project/settings/index.md#delayed-project-deletion) is locked and disabled unless the instance-level settings for -[deletion protection](../admin_area/settings/visibility_and_access_controls.md#deletion-protection) is enabled for either groups only or groups and projects. +[deletion protection](../admin_area/settings/visibility_and_access_controls.md#deletion-protection) are enabled for either groups only or groups and projects. When enabled on groups, projects in the group are deleted after a period of delay. During this period, projects are in a read-only state and can be restored. The default period is seven days but [is configurable at the instance level](../admin_area/settings/visibility_and_access_controls.md#retention-period). diff --git a/doc/user/group/settings/group_access_tokens.md b/doc/user/group/settings/group_access_tokens.md index 649e7f2c264..5e426888ad9 100644 --- a/doc/user/group/settings/group_access_tokens.md +++ b/doc/user/group/settings/group_access_tokens.md @@ -141,7 +141,7 @@ To enable or disable group access token creation for all sub-groups in a top-lev 1. On the top bar, select **Menu > Groups** and find your group. 1. On the left sidebar, select **Settings > General**. 1. Expand **Permissions and group features**. -1. Under **Permissions**, turn on or off **Allow project and group access token creation**. +1. Under **Permissions**, turn on or off **Users can create project access tokens and group access tokens in this group**. Even when creation is disabled, you can still use and revoke existing group access tokens. diff --git a/doc/user/group/subgroups/index.md b/doc/user/group/subgroups/index.md index 5f3c859d15a..bf4e13779fd 100644 --- a/doc/user/group/subgroups/index.md +++ b/doc/user/group/subgroups/index.md @@ -73,21 +73,20 @@ To create a subgroup: To create a subgroup, you must have at least the Maintainer role on the group, depending on the group's setting. By default: -- In GitLab 12.2 or later, users with at least the Maintainer role can create subgroups. -- In GitLab 12.1 or earlier, only users with the Owner role can create subgroups. - To change who can create subgroups on a group: - As a user with the Owner role on the group: - 1. On the top bar, select **Menu > Groups** and find the group. + 1. On the top bar, select **Menu > Groups** and find your group. 1. On the left sidebar, select **Settings > General**. 1. Expand **Permissions and group features**. - 1. Select a role from the **Allowed to create subgroups** dropdown. + 1. Select a role from **Roles allowed to create subgroups**. + 1. Select **Save changes**. - As an administrator: 1. On the top bar, select **Menu > Admin**. 1. On the left sidebar, select **Overview > Groups**. - 1. Select the group, and select **Edit**. - 1. Select a role from the **Allowed to create subgroups** dropdown. + 1. In the group's row select **Edit**. + 1. Select a role from **Allowed to create subgroups**. + 1. Select **Save changes**. For more information, view the [permissions table](../../permissions.md#group-members-permissions). diff --git a/lib/gitlab/background_migration/backfill_ci_runner_semver.rb b/lib/gitlab/background_migration/backfill_ci_runner_semver.rb new file mode 100644 index 00000000000..0901649f789 --- /dev/null +++ b/lib/gitlab/background_migration/backfill_ci_runner_semver.rb @@ -0,0 +1,31 @@ +# frozen_string_literal: true + +module Gitlab + module BackgroundMigration + # A job to update semver column in ci_runners in batches based on existing version values + class BackfillCiRunnerSemver < Gitlab::BackgroundMigration::BatchedMigrationJob + def perform + each_sub_batch( + operation_name: :backfill_ci_runner_semver, + batching_scope: ->(relation) { relation.where('semver::cidr IS NULL') } + ) do |sub_batch| + ranged_query = sub_batch.select( + %q(id AS r_id, + substring(ci_runners.version FROM 'v?(\d+\.\d+\.\d+)') AS extracted_semver) + ) + + update_sql = <<~SQL + UPDATE + ci_runners + SET semver = extracted_semver + FROM (#{ranged_query.to_sql}) v + WHERE id = v.r_id + AND v.extracted_semver IS NOT NULL + SQL + + connection.execute(update_sql) + end + end + end + end +end diff --git a/lib/tasks/gitlab/web_hook.rake b/lib/tasks/gitlab/web_hook.rake index 091743485c9..fc17c7d0177 100644 --- a/lib/tasks/gitlab/web_hook.rake +++ b/lib/tasks/gitlab/web_hook.rake @@ -39,7 +39,8 @@ namespace :gitlab do web_hooks.find_each do |hook| next unless hook.url == web_hook_url - result = WebHooks::DestroyService.new(nil).sync_destroy(hook) + user = hook.parent.owners.first + result = WebHooks::DestroyService.new(user).execute(hook) raise "Unable to destroy Web hook" unless result[:status] == :success diff --git a/locale/gitlab.pot b/locale/gitlab.pot index bcc03be2aaa..abd41fb2e32 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -3768,6 +3768,9 @@ msgstr "" msgid "All threads resolved!" msgstr "" +msgid "All users in this group must set up two-factor authentication" +msgstr "" + msgid "All users must accept the Terms of Service and Privacy Policy to access GitLab" msgstr "" @@ -3780,12 +3783,6 @@ msgstr "" msgid "Allow \"%{group_name}\" to sign you in" msgstr "" -msgid "Allow access only to members of this group" -msgstr "" - -msgid "Allow access to everyone" -msgstr "" - msgid "Allow access to members of the following group" msgstr "" @@ -3828,9 +3825,6 @@ msgstr "" msgid "Allow public access to pipelines and job details, including output logs and artifacts." msgstr "" -msgid "Allow subgroups to set up their own two-factor authentication rules" -msgstr "" - msgid "Allow this key to push to this repository" msgstr "" @@ -3843,9 +3837,6 @@ msgstr "" msgid "Allow users to register any application to use GitLab as an OAuth provider" msgstr "" -msgid "Allow users to request access (if visibility is public or internal)" -msgstr "" - msgid "Allowed" msgstr "" @@ -12023,6 +12014,9 @@ msgstr "" msgid "Definition" msgstr "" +msgid "Delay 2FA enforcement (hours)" +msgstr "" + msgid "DelayedJobs|Are you sure you want to run %{jobName} immediately? Otherwise this job will run automatically after its timer finishes." msgstr "" @@ -13314,9 +13308,6 @@ msgstr "" msgid "Disable group runners" msgstr "" -msgid "Disable the group-level wiki" -msgstr "" - msgid "Disable two-factor authentication" msgstr "" @@ -15196,6 +15187,9 @@ msgstr "" msgid "Everyone With Access" msgstr "" +msgid "Everyone can access the wiki." +msgstr "" + msgid "Everyone can contribute" msgstr "" @@ -18000,6 +17994,9 @@ msgstr "" msgid "Group wikis" msgstr "" +msgid "Group-level wiki is disabled." +msgstr "" + msgid "Group: %{group_name}" msgstr "" @@ -18276,12 +18273,6 @@ msgstr "" msgid "GroupSelect|Select a group" msgstr "" -msgid "GroupSettings|Allow project and group access token creation" -msgstr "" - -msgid "GroupSettings|Allows creating organizations and contacts and associating them with issues." -msgstr "" - msgid "GroupSettings|Applied to all subgroups unless overridden by a group owner. Groups already added to the project lose access." msgstr "" @@ -18318,30 +18309,39 @@ msgstr "" msgid "GroupSettings|Custom project templates" msgstr "" +msgid "GroupSettings|Customer relations is enabled" +msgstr "" + msgid "GroupSettings|Customize this group's badges." msgstr "" msgid "GroupSettings|Default to Auto DevOps pipeline for all projects within this group" msgstr "" -msgid "GroupSettings|Disable email notifications" -msgstr "" - -msgid "GroupSettings|Disable group mentions" -msgstr "" - -msgid "GroupSettings|Enable customer relations" +msgid "GroupSettings|Email notifications are disabled" msgstr "" msgid "GroupSettings|Export group" msgstr "" +msgid "GroupSettings|Group members are not notified if the group is mentioned." +msgstr "" + +msgid "GroupSettings|Group mentions are disabled" +msgstr "" + msgid "GroupSettings|If not specified at the group or instance level, the default is %{default_initial_branch_name}. Does not affect existing repositories." msgstr "" msgid "GroupSettings|If the parent group's visibility is lower than the group's current visibility, visibility levels for subgroups and projects will be changed to match the new parent group's visibility." msgstr "" +msgid "GroupSettings|Members cannot invite groups outside of %{group} and its subgroups" +msgstr "" + +msgid "GroupSettings|Organizations and contacts can be created and associated with issues." +msgstr "" + msgid "GroupSettings|Overrides user notification preferences for all members of the group, subgroups, and projects." msgstr "" @@ -18357,13 +18357,7 @@ msgstr "" msgid "GroupSettings|Prevent forking setting was not saved" msgstr "" -msgid "GroupSettings|Prevent members from sending invitations to groups outside of %{group} and its subgroups" -msgstr "" - -msgid "GroupSettings|Prevent sharing a project within %{group} with other groups" -msgstr "" - -msgid "GroupSettings|Prevents group members from being notified if the group is mentioned." +msgid "GroupSettings|Projects in %{group} cannot be shared with other groups" msgstr "" msgid "GroupSettings|Select a subgroup to use as the source for custom project templates for this group." @@ -18408,7 +18402,7 @@ msgstr "" msgid "GroupSettings|Transfer group" msgstr "" -msgid "GroupSettings|Users can create %{link_start_project}project access tokens%{link_end} and %{link_start_group}group access tokens%{link_end} in this group." +msgid "GroupSettings|Users can create %{link_start_project}project access tokens%{link_end} and %{link_start_group}group access tokens%{link_end} in this group" msgstr "" msgid "GroupSettings|What are badges?" @@ -25156,9 +25150,6 @@ msgstr "" msgid "Multiple Prometheus integrations are not supported" msgstr "" -msgid "Multiple domains are supported." -msgstr "" - msgid "Multiple model types found: %{model_types}" msgstr "" @@ -26777,6 +26768,9 @@ msgstr "" msgid "Only include features new to your current subscription tier." msgstr "" +msgid "Only members of this group can access the wiki." +msgstr "" + msgid "Only policy:" msgstr "" @@ -26798,10 +26792,10 @@ msgstr "" msgid "Only use lowercase letters, numbers, and underscores." msgstr "" -msgid "Only users from the specified IP address ranges are able to reach this group, including all subgroups, projects, and Git repositories." +msgid "Only users from the specified IP address ranges can reach this group, including all subgroups, projects, and Git repositories." msgstr "" -msgid "Only verified users with an email address in any of these domains can be added to the group." +msgid "Only verified users with an email address in any of these domains can be added to the group. Multiple domains are supported." msgstr "" msgid "Only ‘Reporter’ roles and above on tiers Premium and above can see Productivity Analytics." @@ -28999,9 +28993,6 @@ msgstr "" msgid "Prev" msgstr "" -msgid "Prevent adding new members to projects within this group" -msgstr "" - msgid "Prevent auto-stopping" msgstr "" @@ -29746,6 +29737,9 @@ msgstr "" msgid "ProjectCreationLevel|No one" msgstr "" +msgid "ProjectCreationLevel|Roles allowed to create projects" +msgstr "" + msgid "ProjectFileTree|Name" msgstr "" @@ -30478,6 +30472,9 @@ msgstr "" msgid "Projects help you organize your work. They contain your file repository, issues, merge requests, and so much more." msgstr "" +msgid "Projects in this group can use Git LFS" +msgstr "" + msgid "Projects shared with %{group_name}" msgstr "" @@ -32524,9 +32521,6 @@ msgstr "" msgid "Require additional authentication for administrative tasks." msgstr "" -msgid "Require all users in this group to set up two-factor authentication" -msgstr "" - msgid "Required approvals (%{approvals_given} given)" msgstr "" @@ -32708,6 +32702,9 @@ msgstr "" msgid "Restoring the project will prevent the project from being removed on this date and restore people's ability to make changes to it." msgstr "" +msgid "Restrict access by IP address" +msgstr "" + msgid "Restrict membership by email domain" msgstr "" @@ -36834,7 +36831,7 @@ msgstr "" msgid "Subgroup navigation" msgstr "" -msgid "SubgroupCreationLevel|Allowed to create subgroups" +msgid "SubgroupCreationLevel|Roles allowed to create subgroups" msgstr "" msgid "SubgroupCreationlevel|Allowed to create subgroups" @@ -36852,6 +36849,9 @@ msgstr "" msgid "Subgroups and projects" msgstr "" +msgid "Subgroups can set up their own two-factor authentication rules" +msgstr "" + msgid "Subject Key Identifier:" msgstr "" @@ -38411,6 +38411,9 @@ msgstr "" msgid "The list creation wizard is already open" msgstr "" +msgid "The maximum amount of time users have to set up two-factor authentication before it's enforced." +msgstr "" + msgid "The maximum file size allowed is %{size}." msgstr "" @@ -39620,9 +39623,6 @@ msgstr "" msgid "Time before an issue starts implementation" msgstr "" -msgid "Time before enforced" -msgstr "" - msgid "Time between merge request creation and merge/close" msgstr "" @@ -41868,6 +41868,12 @@ msgstr "" msgid "Users can render diagrams in AsciiDoc, Markdown, reStructuredText, and Textile documents using Kroki." msgstr "" +msgid "Users can request access (if visibility is public or internal)" +msgstr "" + +msgid "Users cannot be added to projects in this group" +msgstr "" + msgid "Users in License" msgstr "" diff --git a/spec/features/groups/group_settings_spec.rb b/spec/features/groups/group_settings_spec.rb index 019b094ccb5..2f599d24b01 100644 --- a/spec/features/groups/group_settings_spec.rb +++ b/spec/features/groups/group_settings_spec.rb @@ -89,7 +89,7 @@ RSpec.describe 'Edit group settings' do it 'shows the selection menu' do visit edit_group_path(group) - expect(page).to have_content('Allowed to create projects') + expect(page).to have_content('Roles allowed to create projects') end end @@ -97,7 +97,7 @@ RSpec.describe 'Edit group settings' do it 'shows the selection menu' do visit edit_group_path(group) - expect(page).to have_content('Allowed to create subgroups') + expect(page).to have_content('Roles allowed to create subgroups') end end diff --git a/spec/lib/gitlab/background_migration/backfill_ci_runner_semver_spec.rb b/spec/lib/gitlab/background_migration/backfill_ci_runner_semver_spec.rb new file mode 100644 index 00000000000..7c78d8b0305 --- /dev/null +++ b/spec/lib/gitlab/background_migration/backfill_ci_runner_semver_spec.rb @@ -0,0 +1,54 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Gitlab::BackgroundMigration::BackfillCiRunnerSemver, :migration, schema: 20220601151900 do + let(:ci_runners) { table(:ci_runners, database: :ci) } + + subject do + described_class.new( + start_id: 10, + end_id: 15, + batch_table: :ci_runners, + batch_column: :id, + sub_batch_size: 10, + pause_ms: 0, + connection: Ci::ApplicationRecord.connection) + end + + describe '#perform' do + it 'populates semver column on all runners in range' do + ci_runners.create!(id: 10, runner_type: 1, version: %q(HEAD-fd84d97)) + ci_runners.create!(id: 11, runner_type: 1, version: %q(v1.2.3)) + ci_runners.create!(id: 12, runner_type: 1, version: %q(2.1.0)) + ci_runners.create!(id: 13, runner_type: 1, version: %q(11.8.0~beta.935.g7f6d2abc)) + ci_runners.create!(id: 14, runner_type: 1, version: %q(13.2.2/1.1.0)) + ci_runners.create!(id: 15, runner_type: 1, version: %q('14.3.4')) + + subject.perform + + expect(ci_runners.all).to contain_exactly( + an_object_having_attributes(id: 10, semver: nil), + an_object_having_attributes(id: 11, semver: '1.2.3'), + an_object_having_attributes(id: 12, semver: '2.1.0'), + an_object_having_attributes(id: 13, semver: '11.8.0'), + an_object_having_attributes(id: 14, semver: '13.2.2'), + an_object_having_attributes(id: 15, semver: '14.3.4') + ) + end + + it 'skips runners that already have semver value' do + ci_runners.create!(id: 10, runner_type: 1, version: %q(1.2.4), semver: '1.2.3') + ci_runners.create!(id: 11, runner_type: 1, version: %q(1.2.5)) + ci_runners.create!(id: 12, runner_type: 1, version: %q(HEAD), semver: '1.2.4') + + subject.perform + + expect(ci_runners.all).to contain_exactly( + an_object_having_attributes(id: 10, semver: '1.2.3'), + an_object_having_attributes(id: 11, semver: '1.2.5'), + an_object_having_attributes(id: 12, semver: '1.2.4') + ) + end + end +end diff --git a/spec/models/clusters/integrations/prometheus_spec.rb b/spec/models/clusters/integrations/prometheus_spec.rb index d1e40fffee0..90e99aefdce 100644 --- a/spec/models/clusters/integrations/prometheus_spec.rb +++ b/spec/models/clusters/integrations/prometheus_spec.rb @@ -26,19 +26,6 @@ RSpec.describe Clusters::Integrations::Prometheus do integration.destroy! end - - context 'when the FF :rename_integrations_workers is disabled' do - before do - stub_feature_flags(rename_integrations_workers: false) - end - - it 'uses the old worker' do - expect(Clusters::Applications::DeactivateServiceWorker) - .to receive(:perform_async).with(cluster.id, 'prometheus') - - integration.destroy! - end - end end describe 'after_save' do @@ -70,19 +57,6 @@ RSpec.describe Clusters::Integrations::Prometheus do integration.update!(enabled: true) end - - context 'when the FF :rename_integrations_workers is disabled' do - before do - stub_feature_flags(rename_integrations_workers: false) - end - - it 'uses the old worker' do - expect(Clusters::Applications::ActivateServiceWorker) - .to receive(:perform_async).with(cluster.id, 'prometheus') - - integration.update!(enabled: true) - end - end end context 'when disabling' do diff --git a/spec/models/integration_spec.rb b/spec/models/integration_spec.rb index 038018fbd0c..27831f0b23b 100644 --- a/spec/models/integration_spec.rb +++ b/spec/models/integration_spec.rb @@ -1218,7 +1218,6 @@ RSpec.describe Integration do it 'queues a Integrations::ExecuteWorker' do expect(Integrations::ExecuteWorker).to receive(:perform_async).with(integration.id, data) - expect(ProjectServiceWorker).not_to receive(:perform_async) async_execute end @@ -1232,18 +1231,5 @@ RSpec.describe Integration do async_execute end end - - context 'when the FF :rename_integration_workers is disabled' do - before do - stub_feature_flags(rename_integrations_workers: false) - end - - it 'queues a ProjectServiceWorker' do - expect(ProjectServiceWorker).to receive(:perform_async).with(integration.id, data) - expect(Integrations::ExecuteWorker).not_to receive(:perform_async) - - async_execute - end - end end end diff --git a/spec/models/integrations/irker_spec.rb b/spec/models/integrations/irker_spec.rb index 16487aa36e7..e98b8b54e03 100644 --- a/spec/models/integrations/irker_spec.rb +++ b/spec/models/integrations/irker_spec.rb @@ -76,19 +76,5 @@ RSpec.describe Integrations::Irker do ensure conn.close if conn end - - context 'when the FF :rename_integrations_workers is disabled' do - before do - stub_feature_flags(rename_integrations_workers: false) - end - - it 'queues a IrkerWorker' do - expect(::IrkerWorker).to receive(:perform_async) - .with(project.id, irker.channels, colorize_messages, sample_data, irker.settings) - expect(Integrations::IrkerWorker).not_to receive(:perform_async) - - irker.execute(sample_data) - end - end end end diff --git a/spec/services/projects/destroy_service_spec.rb b/spec/services/projects/destroy_service_spec.rb index c00438199fd..6a65376d64c 100644 --- a/spec/services/projects/destroy_service_spec.rb +++ b/spec/services/projects/destroy_service_spec.rb @@ -454,10 +454,10 @@ RSpec.describe Projects::DestroyService, :aggregate_failures, :event_store_publi it 'deletes webhooks and logs related to project' do expect_next_instance_of(WebHooks::DestroyService, user) do |instance| - expect(instance).to receive(:sync_destroy).with(web_hook1).and_call_original + expect(instance).to receive(:execute).with(web_hook1).and_call_original end expect_next_instance_of(WebHooks::DestroyService, user) do |instance| - expect(instance).to receive(:sync_destroy).with(web_hook2).and_call_original + expect(instance).to receive(:execute).with(web_hook2).and_call_original end expect do @@ -468,7 +468,7 @@ RSpec.describe Projects::DestroyService, :aggregate_failures, :event_store_publi context 'when an error is raised deleting webhooks' do before do allow_next_instance_of(WebHooks::DestroyService) do |instance| - allow(instance).to receive(:sync_destroy).and_return(message: 'foo', status: :error) + allow(instance).to receive(:execute).and_return(message: 'foo', status: :error) end end diff --git a/spec/views/groups/edit.html.haml_spec.rb b/spec/views/groups/edit.html.haml_spec.rb index eaa909a5da0..ddcfea0ab10 100644 --- a/spec/views/groups/edit.html.haml_spec.rb +++ b/spec/views/groups/edit.html.haml_spec.rb @@ -24,7 +24,7 @@ RSpec.describe 'groups/edit.html.haml' do render - expect(rendered).to have_content("Prevent sharing a project within #{test_group.name} with other groups") + expect(rendered).to have_content("Projects in #{test_group.name} cannot be shared with other groups") expect(rendered).to have_content('help text here') expect(rendered).to have_field('group_share_with_group_lock', **checkbox_options) end diff --git a/spec/workers/clusters/applications/activate_integration_worker_spec.rb b/spec/workers/clusters/applications/activate_integration_worker_spec.rb index ecb49be5a4b..5163e4681fa 100644 --- a/spec/workers/clusters/applications/activate_integration_worker_spec.rb +++ b/spec/workers/clusters/applications/activate_integration_worker_spec.rb @@ -40,15 +40,6 @@ RSpec.describe Clusters::Applications::ActivateIntegrationWorker, '#perform' do expect { described_class.new.perform(cluster.id, integration_name) } .to change { project.reload.prometheus_integration&.active }.from(nil).to(true) end - - context 'when using the old worker class' do - let(:described_class) { Clusters::Applications::ActivateServiceWorker } - - it 'ensures Prometheus integration is activated' do - expect { described_class.new.perform(cluster.id, integration_name) } - .to change { project.reload.prometheus_integration&.active }.from(nil).to(true) - end - end end end end diff --git a/spec/workers/clusters/applications/deactivate_integration_worker_spec.rb b/spec/workers/clusters/applications/deactivate_integration_worker_spec.rb index 3f0188eee23..62792a3b7d9 100644 --- a/spec/workers/clusters/applications/deactivate_integration_worker_spec.rb +++ b/spec/workers/clusters/applications/deactivate_integration_worker_spec.rb @@ -46,15 +46,6 @@ RSpec.describe Clusters::Applications::DeactivateIntegrationWorker, '#perform' d expect { described_class.new.perform(cluster.id, integration_name) } .to change { prometheus_integration.reload.active }.from(true).to(false) end - - context 'when using the old worker class' do - let(:described_class) { Clusters::Applications::ActivateServiceWorker } - - it 'ensures Prometheus integration is deactivated' do - expect { described_class.new.perform(cluster.id, integration_name) } - .to change { prometheus_integration.reload.active }.from(true).to(false) - end - end end end diff --git a/spec/workers/every_sidekiq_worker_spec.rb b/spec/workers/every_sidekiq_worker_spec.rb index a9e886de52a..5ccd0d2efdb 100644 --- a/spec/workers/every_sidekiq_worker_spec.rb +++ b/spec/workers/every_sidekiq_worker_spec.rb @@ -181,9 +181,7 @@ RSpec.describe 'Every Sidekiq worker' do 'ClusterWaitForAppUpdateWorker' => 3, 'ClusterWaitForIngressIpAddressWorker' => 3, 'Clusters::Applications::ActivateIntegrationWorker' => 3, - 'Clusters::Applications::ActivateServiceWorker' => 3, 'Clusters::Applications::DeactivateIntegrationWorker' => 3, - 'Clusters::Applications::DeactivateServiceWorker' => 3, 'Clusters::Applications::UninstallWorker' => 3, 'Clusters::Applications::WaitForUninstallAppWorker' => 3, 'Clusters::Cleanup::AppWorker' => 3, @@ -310,7 +308,6 @@ RSpec.describe 'Every Sidekiq worker' do 'Integrations::ExecuteWorker' => 3, 'Integrations::IrkerWorker' => 3, 'InvalidGpgSignatureUpdateWorker' => 3, - 'IrkerWorker' => 3, 'IssuableExportCsvWorker' => 3, 'Issues::PlacementWorker' => 3, 'Issues::RebalancingWorker' => 3, @@ -381,7 +378,6 @@ RSpec.describe 'Every Sidekiq worker' do 'ProjectExportWorker' => false, 'ProjectImportScheduleWorker' => 1, 'ProjectScheduleBulkRepositoryShardMovesWorker' => 3, - 'ProjectServiceWorker' => 3, 'ProjectTemplateExportWorker' => false, 'ProjectUpdateRepositoryStorageWorker' => 3, 'Projects::GitGarbageCollectWorker' => false, diff --git a/spec/workers/integrations/execute_worker_spec.rb b/spec/workers/integrations/execute_worker_spec.rb index 19600f35c8f..0e585e3006c 100644 --- a/spec/workers/integrations/execute_worker_spec.rb +++ b/spec/workers/integrations/execute_worker_spec.rb @@ -36,26 +36,4 @@ RSpec.describe Integrations::ExecuteWorker, '#perform' do end.not_to raise_error end end - - context 'when using the old worker class' do - let(:described_class) { ProjectServiceWorker } - - it 'uses the correct worker attributes', :aggregate_failures do - expect(described_class.sidekiq_options).to include('retry' => 3, 'dead' => false) - expect(described_class.get_data_consistency).to eq(:always) - expect(described_class.get_feature_category).to eq(:integrations) - expect(described_class.get_urgency).to eq(:low) - expect(described_class.worker_has_external_dependencies?).to be(true) - end - - it 'executes integration with given data' do - data = { test: 'test' } - - expect_next_found_instance_of(integration.class) do |integration| - expect(integration).to receive(:execute).with(data) - end - - worker.perform(integration.id, data) - end - end end diff --git a/spec/workers/integrations/irker_worker_spec.rb b/spec/workers/integrations/irker_worker_spec.rb index 27dc08212ea..3b7b9af72fd 100644 --- a/spec/workers/integrations/irker_worker_spec.rb +++ b/spec/workers/integrations/irker_worker_spec.rb @@ -101,12 +101,6 @@ RSpec.describe Integrations::IrkerWorker, '#perform' do subject.perform(*arguments) end end - - context 'when using the old worker class' do - let(:described_class) { ::IrkerWorker } - - it { expect(subject.perform(*arguments)).to be_truthy } - end end def wrap_message(text) diff --git a/spec/workers/web_hooks/destroy_worker_spec.rb b/spec/workers/web_hooks/destroy_worker_spec.rb deleted file mode 100644 index 8e75610a031..00000000000 --- a/spec/workers/web_hooks/destroy_worker_spec.rb +++ /dev/null @@ -1,64 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' - -RSpec.describe WebHooks::DestroyWorker do - include AfterNextHelpers - - let_it_be(:project) { create(:project) } - let_it_be(:user) { create(:user) } - - before_all do - project.add_maintainer(user) - end - - subject { described_class.new } - - describe "#perform" do - context 'with a Web hook' do - let!(:hook) { create(:project_hook, project: project) } - let!(:other_hook) { create(:project_hook, project: project) } - let!(:log) { create(:web_hook_log, web_hook: hook) } - let!(:other_log) { create(:web_hook_log, web_hook: other_hook) } - - it "deletes the Web hook and logs", :aggregate_failures do - expect(WebHooks::LogDestroyWorker).to receive(:perform_async) - - expect { subject.perform(user.id, hook.id) } - .to change { WebHook.count }.from(2).to(1) - - expect(WebHook.find(other_hook.id)).to be_present - expect(WebHookLog.find(other_log.id)).to be_present - end - - it "raises and tracks an error if destroy failed" do - expect_next(::WebHooks::DestroyService) - .to receive(:sync_destroy).with(anything) - .and_return(ServiceResponse.error(message: "failed")) - - expect(Gitlab::ErrorTracking) - .to receive(:track_and_raise_exception) - .with(an_instance_of(described_class::DestroyError), { web_hook_id: hook.id }) - .and_call_original - - expect { subject.perform(user.id, hook.id) }.to raise_error(described_class::DestroyError) - end - - context 'with unknown hook' do - it 'does not raise an error' do - expect { subject.perform(user.id, non_existing_record_id) }.not_to raise_error - - expect(WebHook.count).to eq(2) - end - end - - context 'with unknown user' do - it 'does not raise an error' do - expect { subject.perform(non_existing_record_id, hook.id) }.not_to raise_error - - expect(WebHook.count).to eq(2) - end - end - end - end -end