Add latest changes from gitlab-org/gitlab@master

app/helpers/application_settings_helper.rb

@@ -356,6 +356,7 @@ module ApplicationSettingsHelper
       :recaptcha_site_key,
       :login_recaptcha_protection_enabled,
       :receive_max_input_size,
+      :receptive_cluster_agents_enabled,
       :repository_checks_enabled,
       :repository_storages_weighted,
       :require_admin_approval_after_user_signup,

app/models/application_setting.rb

@@ -643,6 +643,11 @@ class ApplicationSetting < ApplicationRecord
   jsonb_accessor :importers,
     silent_admin_exports_enabled: [:boolean, { default: false }]
 
+  jsonb_accessor :cluster_agents,
+    receptive_cluster_agents_enabled: [:boolean, { default: false }]
+
+  validates :cluster_agents, json_schema: { filename: 'application_setting_cluster_agents' }
+
   validates :rate_limits, json_schema: { filename: "application_setting_rate_limits" }
 
   validates :importers, json_schema: { filename: "application_setting_importers" }

app/models/application_setting_implementation.rb

@@ -162,6 +162,7 @@ module ApplicationSettingImplementation
         push_event_hooks_limit: 3,
         raw_blob_request_limit: 300,
         recaptcha_enabled: false,
+        receptive_cluster_agents_enabled: false,
         repository_checks_enabled: true,
         repository_storages_weighted: { 'default' => 100 },
         require_admin_approval_after_user_signup: true,

app/validators/json_schemas/application_setting_cluster_agents.json

@@ -0,0 +1,11 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "description": "Application settings for GitLab Agents for Kubernetes",
+  "type": "object",
+  "additionalProperties": false,
+  "properties": {
+    "receptive_cluster_agents_enabled": {
+      "type": "boolean"
+    }
+  }
+}

app/views/admin/application_settings/_cluster_agents.haml

@@ -0,0 +1,17 @@
+- expanded = integration_expanded?('cluster_agents_')
+
+= render ::Layouts::SettingsBlockComponent.new(s_('ClusterAgents|GitLab Agent for Kubernetes'), id: 'js-cluster-agent-settings', expanded: expanded) do |c|
+  - c.with_description do
+    = s_('ClusterAgents|Instance wide settings for the GitLab Agent for Kubernetes.')
+    = link_to _('Learn more.'), help_page_path('user/clusters/agent/index'), target: '_blank', rel: 'noopener noreferrer'
+  - c.with_body do
+    = gitlab_ui_form_for @application_setting, url: general_admin_application_settings_path(anchor: 'js-cluster-agent-settings'), html: { class: 'fieldset-form', id: 'cluster-agent-settings' } do |f|
+      = form_errors(@application_setting)
+
+      .form-group
+        - help_text = s_('ClusterAgents|Allow configuring agents in receptive mode.')
+        - help_link = link_to _('Learn more.'), help_page_path('user/clusters/agent/index'), target: '_blank', rel: 'noopener noreferrer'
+        = f.gitlab_ui_checkbox_component :receptive_cluster_agents_enabled, s_('ClusterAgents|Enable receptive mode'),
+            help_text: '%{help_text} %{help_link}'.html_safe % { help_text: help_text, help_link: help_link }
+
+      = f.submit _('Save changes'), pajamas_button: true

app/views/admin/application_settings/general.html.haml

@@ -104,6 +104,7 @@
 = render 'admin/application_settings/eks'
 = render 'admin/application_settings/floc'
 = render_if_exists 'admin/application_settings/add_license'
+= render 'admin/application_settings/cluster_agents'
 = render 'admin/application_settings/jira_connect'
 = render 'admin/application_settings/slack'
 = render 'admin/application_settings/security_txt', expanded: expanded_by_default?

db/migrate/20240812225749_add_cluster_agents_to_application_settings.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+class AddClusterAgentsToApplicationSettings < Gitlab::Database::Migration[2.2]
+  milestone '17.4'
+  disable_ddl_transaction!
+
+  def up
+    add_column :application_settings, :cluster_agents, :jsonb, default: {}, null: false, if_not_exists: true
+
+    add_check_constraint(
+      :application_settings,
+      "(jsonb_typeof(cluster_agents) = 'object')",
+      'check_application_settings_cluster_agents_is_hash'
+    )
+  end
+
+  def down
+    remove_column :application_settings, :cluster_agents, if_exists: true
+  end
+end

db/schema_migrations/20240812225749

@@ -0,0 +1 @@
+023a22af539af60b5c03a2f764b4d92852ad5712d88ca86352a698ef7ed4bd98

db/structure.sql

@@ -5980,6 +5980,7 @@ CREATE TABLE application_settings (
     duo_workflow jsonb DEFAULT '{}'::jsonb,
     max_artifacts_content_include_size integer DEFAULT 5242880 NOT NULL,
     max_number_of_vulnerabilities_per_project integer,
+    cluster_agents jsonb DEFAULT '{}'::jsonb NOT NULL,
     CONSTRAINT app_settings_container_reg_cleanup_tags_max_list_size_positive CHECK ((container_registry_cleanup_tags_service_max_list_size >= 0)),
     CONSTRAINT app_settings_dep_proxy_ttl_policies_worker_capacity_positive CHECK ((dependency_proxy_ttl_group_policy_worker_capacity >= 0)),
     CONSTRAINT app_settings_ext_pipeline_validation_service_url_text_limit CHECK ((char_length(external_pipeline_validation_service_url) <= 255)),
@@ -6029,6 +6030,7 @@ CREATE TABLE application_settings (
     CONSTRAINT check_app_settings_namespace_storage_forks_cost_factor_range CHECK (((namespace_storage_forks_cost_factor >= (0)::double precision) AND (namespace_storage_forks_cost_factor <= (1)::double precision))),
     CONSTRAINT check_app_settings_sentry_clientside_traces_sample_rate_range CHECK (((sentry_clientside_traces_sample_rate >= (0)::double precision) AND (sentry_clientside_traces_sample_rate <= (1)::double precision))),
     CONSTRAINT check_application_settings_clickhouse_is_hash CHECK ((jsonb_typeof(clickhouse) = 'object'::text)),
+    CONSTRAINT check_application_settings_cluster_agents_is_hash CHECK ((jsonb_typeof(cluster_agents) = 'object'::text)),
     CONSTRAINT check_application_settings_code_creation_is_hash CHECK ((jsonb_typeof(code_creation) = 'object'::text)),
     CONSTRAINT check_application_settings_duo_workflow_is_hash CHECK ((jsonb_typeof(duo_workflow) = 'object'::text)),
     CONSTRAINT check_application_settings_importers_is_hash CHECK ((jsonb_typeof(importers) = 'object'::text)),

doc/api/settings.md

@@ -363,6 +363,7 @@ Example responses:
 > - `allow_project_creation_for_guest_and_below` [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/134625) in GitLab 16.8.
 > - `silent_admin_exports_enabled` [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/148918) in GitLab 17.0.
 > - `require_personal_access_token_expiry` [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/470192) in GitLab 17.3.
+> - `receptive_cluster_agents_enabled` [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/463427) in GitLab 17.4.
 
 In general, all settings are optional. Certain settings though, if enabled,
 require other settings to be set to function properly. These requirements are
@@ -605,6 +606,7 @@ listed in the descriptions of the relevant settings.
 | `login_recaptcha_protection_enabled`     | boolean          | no                                   | Enable reCAPTCHA for login. |
 | `recaptcha_private_key`                  | string           | required by: `recaptcha_enabled`     | Private key for reCAPTCHA. |
 | `recaptcha_site_key`                     | string           | required by: `recaptcha_enabled`     | Site key for reCAPTCHA. |
+| `receptive_cluster_agents_enabled`       | boolean          | no                                   | Enable receptive mode for GitLab Agents for Kubernetes. |
 | `receive_max_input_size`                 | integer          | no                                   | Maximum push size (MB). |
 | `remember_me_enabled`                    | boolean          | no                                   | Enable [**Remember me** setting](../administration/settings/account_and_limit_settings.md#turn-remember-me-on-or-off). [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/369133) in GitLab 16.0. |
 | `repository_checks_enabled`              | boolean          | no                                   | GitLab periodically runs `git fsck` in all project and wiki repositories to look for silent disk corruption issues. |

doc/development/documentation/backporting.md

@@ -68,8 +68,9 @@ Prerequisites:
 To backport a change, merge your changes into the stable branch of the version
 where you want the changes to occur.
 
-1. Open an MR with the backport. The MR should target the stable release
-   branch, for example: `16-11-stable-ee` or `17-0-stable-ee`. Mention the issue you opened before to the MR.
+1. Open an MR with the backport by following the
+   [release docs guidelines](https://gitlab.com/gitlab-org/release/docs/-/blob/master/general/patch/engineers.md#backporting-a-bug-fix-in-the-gitlab-project),
+   and mention the issue you opened before so that they are linked.
 
 1. Assign the MR to a technical writer for review.
 

doc/development/documentation/redirects.md

@@ -70,7 +70,7 @@ To redirect a page to another page in the same repository:
      remove_date: 'YYYY-MM-DD'
      ---
 
-     This document was moved to [another location](../path/to/file/index.md).
+     This document was moved to [another location](../newpath/to/file/index.md).
 
      <!-- This redirect file can be deleted after <YYYY-MM-DD>. -->
      <!-- Redirects that point to other docs in the same project expire in three months. -->

doc/solutions/index.md

@@ -18,3 +18,4 @@ While information in this section gives valuable and qualified guidance on ways
 
 - [Cloud Solutions](cloud/index.md)
 - [Coding Languages and Frameworks](languages/index.md)
+- [Integrations](integrations/index.md)

doc/solutions/integrations/index.md

@@ -0,0 +1,13 @@
+---
+stage: Solutions Architecture
+group: Solutions Architecture
+info: This page is owned by the Solutions Architecture team.
+---
+
+# Integrations
+
+This documentation section covers a variety of Integrations.
+
+## Cloud solutions by provider
+
+[Servicenow](servicenow.md)

doc/solutions/integrations/servicenow.md

@@ -0,0 +1,45 @@
+---
+stage: Foundations
+group: Import and Integrate
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# ServiceNow
+
+DETAILS:
+**Tier:** Free, Premium, Ultimate
+**Offering:** GitLab.com, Self-managed, GitLab Dedicated
+
+ServiceNow offers several integrations to help centralize and automate your
+management of GitLab workflows.
+
+To simplify your stack and streamline your processes, you should use GitLab [deployment approvals](../../api/oauth2.md) whenever possible.
+
+## GitLab spoke
+
+With the GitLab spoke in ServiceNow, you can automate actions for GitLab
+projects, groups, users, issues, merge requests, branches, and repositories.
+
+For a full list of features, see the
+[GitLab spoke documentation](https://docs.servicenow.com/bundle/tokyo-application-development/page/administer/integrationhub-store-spokes/concept/gitlab-spoke.html).
+
+You must [configure GitLab as an OAuth2 authentication service provider](../../integration/oauth_provider.md),
+which involves creating an application and then providing the Application ID
+and Secret in ServiceNow.
+
+## GitLab SCM and Continuous Integration for DevOps
+
+In ServiceNow DevOps, you can integrate with GitLab repositories and GitLab CI/CD
+to centralize your view of GitLab activity and your change management processes.
+You can:
+
+- Track information about activity in GitLab repositories and CI/CD pipelines in
+  ServiceNow.
+- Integrate with GitLab CI/CD pipelines, by automating the creation of change
+  tickets and determining criteria for changes to auto-approve.
+
+For more information, refer to the following ServiceNow resources:
+
+- [ServiceNow DevOps home page](https://www.servicenow.com/products/devops.html)
+- [ServiceNow DevOps documentation](https://docs.servicenow.com/bundle/tokyo-devops/page/product/enterprise-dev-ops/concept/dev-ops-bundle-landing-page.html)
+- [GitLab SCM and Continuous Integration for DevOps](https://store.servicenow.com/sn_appstore_store.do#!/store/application/54dc4eacdbc2dcd02805320b7c96191e/)

doc/user/project/integrations/servicenow.md

@@ -1,45 +1,11 @@
 ---
-stage: Foundations
-group: Import and Integrate
-info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+redirect_to: '../../../solutions/integrations/servicenow.md'
+remove_date: '2024-11-16'
 ---
 
-# ServiceNow
+This document was moved to [Servicenow in Solutions Integrations](../../../solutions/integrations/servicenow.md).
 
-DETAILS:
-**Tier:** Free, Premium, Ultimate
-**Offering:** GitLab.com, Self-managed, GitLab Dedicated
-
-ServiceNow offers several integrations to help centralize and automate your
-management of GitLab workflows.
-
-To simplify your stack and streamline your processes, you should use GitLab [deployment approvals](../../../ci/environments/deployment_approvals.md) whenever possible.
-
-## GitLab spoke
-
-With the GitLab spoke in ServiceNow, you can automate actions for GitLab
-projects, groups, users, issues, merge requests, branches, and repositories.
-
-For a full list of features, see the
-[GitLab spoke documentation](https://docs.servicenow.com/bundle/tokyo-application-development/page/administer/integrationhub-store-spokes/concept/gitlab-spoke.html).
-
-You must [configure GitLab as an OAuth2 authentication service provider](../../../integration/oauth_provider.md),
-which involves creating an application and then providing the Application ID
-and Secret in ServiceNow.
-
-## GitLab SCM and Continuous Integration for DevOps
-
-In ServiceNow DevOps, you can integrate with GitLab repositories and GitLab CI/CD
-to centralize your view of GitLab activity and your change management processes.
-You can:
-
-- Track information about activity in GitLab repositories and CI/CD pipelines in
-  ServiceNow.
-- Integrate with GitLab CI/CD pipelines, by automating the creation of change
-  tickets and determining criteria for changes to auto-approve.
-
-For more information, refer to the following ServiceNow resources:
-
-- [ServiceNow DevOps home page](https://www.servicenow.com/products/devops.html)
-- [ServiceNow DevOps documentation](https://docs.servicenow.com/bundle/tokyo-devops/page/product/enterprise-dev-ops/concept/dev-ops-bundle-landing-page.html)
-- [GitLab SCM and Continuous Integration for DevOps](https://store.servicenow.com/sn_appstore_store.do#!/store/application/54dc4eacdbc2dcd02805320b7c96191e/)
+<!-- This redirect file can be deleted after <2024-11-16>. -->
+<!-- Redirects that point to other docs in the same project expire in three months. -->
+<!-- Redirects that point to docs in a different project or site (for example, link is not relative and starts with `https:`) expire in one year. -->
+<!-- Before deletion, see: https://docs.gitlab.com/ee/development/documentation/redirects.html -->

lib/api/settings.rb

@@ -236,6 +236,7 @@ module API
       optional :downstream_pipeline_trigger_limit_per_project_user_sha, type: Integer, desc: 'Maximum number of downstream pipelines that can be triggered per minute (for a given project, user, and commit).'
       optional :ai_action_api_rate_limit, type: Integer, desc: 'Maximum requests a user can make per 8 hours to aiAction endpoint'
       optional :code_suggestions_api_rate_limit, type: Integer, desc: 'Maximum requests a user can make per minute to code suggestions endpoint'
+      optional :receptive_cluster_agents_enabled, type: Boolean, desc: 'Enable receptive mode for GitLab Agents for Kubernetes'
 
       Gitlab::SSHPublicKey.supported_types.each do |type|
         optional :"#{type}_key_restriction",

locale/gitlab.pot

@@ -12253,6 +12253,9 @@ msgstr ""
 msgid "ClusterAgents|All"
 msgstr ""
 
+msgid "ClusterAgents|Allow configuring agents in receptive mode."
+msgstr ""
+
 msgid "ClusterAgents|An error occurred while loading your agent"
 msgstr ""
 
@@ -12352,6 +12355,9 @@ msgstr ""
 msgid "ClusterAgents|Description"
 msgstr ""
 
+msgid "ClusterAgents|Enable receptive mode"
+msgstr ""
+
 msgid "ClusterAgents|Event occurred"
 msgstr ""
 
@@ -12367,6 +12373,9 @@ msgstr ""
 msgid "ClusterAgents|From a terminal, connect to your cluster and run this command. The token is included in the command."
 msgstr ""
 
+msgid "ClusterAgents|GitLab Agent for Kubernetes"
+msgstr ""
+
 msgid "ClusterAgents|GitLab agent"
 msgstr ""
 
@@ -12385,6 +12394,9 @@ msgstr ""
 msgid "ClusterAgents|Install using Helm (recommended)"
 msgstr ""
 
+msgid "ClusterAgents|Instance wide settings for the GitLab Agent for Kubernetes."
+msgstr ""
+
 msgid "ClusterAgents|Integration Status"
 msgstr ""
 

spec/controllers/admin/application_settings_controller_spec.rb

@@ -277,6 +277,7 @@ RSpec.describe Admin::ApplicationSettingsController, :do_not_mock_admin_mode_set
       it_behaves_like 'updates boolean attribute', :require_admin_approval_after_user_signup
       it_behaves_like 'updates boolean attribute', :remember_me_enabled
       it_behaves_like 'updates boolean attribute', :require_personal_access_token_expiry
+      it_behaves_like 'updates boolean attribute', :receptive_cluster_agents_enabled
     end
 
     context "personal access token prefix settings" do

spec/models/application_setting_spec.rb

@@ -43,6 +43,7 @@ RSpec.describe ApplicationSetting, feature_category: :shared, type: :model do
     it { expect(setting.groups_api_limit).to eq(200) }
     it { expect(setting.project_api_limit).to eq(400) }
     it { expect(setting.projects_api_limit).to eq(2000) }
+    it { expect(setting.receptive_cluster_agents_enabled).to eq(false) }
     it { expect(setting.user_contributed_projects_api_limit).to eq(100) }
     it { expect(setting.user_projects_api_limit).to eq(300) }
     it { expect(setting.user_starred_projects_api_limit).to eq(100) }
@@ -84,7 +85,7 @@ RSpec.describe ApplicationSetting, feature_category: :shared, type: :model do
 
     it { expect(described_class).to validate_jsonb_schema(['application_setting_rate_limits']) }
     it { expect(described_class).to validate_jsonb_schema(['application_setting_package_registry']) }
-
+    it { expect(described_class).to validate_jsonb_schema(['application_setting_cluster_agents']) }
     it { expect(described_class).to validate_jsonb_schema(['application_setting_service_ping_settings']) }
 
     it { is_expected.to allow_value(nil).for(:home_page_url) }

spec/requests/api/settings_spec.rb

@@ -100,6 +100,7 @@ RSpec.describe API::Settings, 'Settings', :do_not_mock_admin_mode_setting, featu
       expect(json_response['concurrent_bitbucket_import_jobs_limit']).to eq(100)
       expect(json_response['concurrent_bitbucket_server_import_jobs_limit']).to eq(100)
       expect(json_response['require_personal_access_token_expiry']).to eq(true)
+      expect(json_response['receptive_cluster_agents_enabled']).to eq(false)
     end
   end
 
@@ -226,7 +227,8 @@ RSpec.describe API::Settings, 'Settings', :do_not_mock_admin_mode_setting, featu
             concurrent_github_import_jobs_limit: 2,
             concurrent_bitbucket_import_jobs_limit: 2,
             concurrent_bitbucket_server_import_jobs_limit: 2,
-            require_personal_access_token_expiry: false
+            require_personal_access_token_expiry: false,
+            receptive_cluster_agents_enabled: true
           }
 
         expect(response).to have_gitlab_http_status(:ok)
@@ -317,6 +319,7 @@ RSpec.describe API::Settings, 'Settings', :do_not_mock_admin_mode_setting, featu
         expect(json_response['concurrent_bitbucket_import_jobs_limit']).to be(2)
         expect(json_response['concurrent_bitbucket_server_import_jobs_limit']).to be(2)
         expect(json_response['require_personal_access_token_expiry']).to be(false)
+        expect(json_response['receptive_cluster_agents_enabled']).to be(true)
       end
     end