root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2022-09-02 03:12:05 +00:00
parent 5b72415235
commit 60f4785187
21 changed files with 160 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/models/project.rb
View File

@ -2610,11 +2610,7 @@ class Project < ApplicationRecord
def gitlab_deploy_token
strong_memoize(:gitlab_deploy_token) do
if Feature.enabled?(:ci_variable_for_group_gitlab_deploy_token, self)
deploy_tokens.gitlab_deploy_token || group&.gitlab_deploy_token
else
deploy_tokens.gitlab_deploy_token
end
deploy_tokens.gitlab_deploy_token || group&.gitlab_deploy_token
end
end

12
app/models/users/ghost_user_migration.rb Normal file
View File

@ -0,0 +1,12 @@
# frozen_string_literal: true
module Users
class GhostUserMigration < ApplicationRecord
self.table_name = 'ghost_user_migrations'
belongs_to :user
belongs_to :initiator_user, class_name: 'User'
validates :user_id, presence: true
end
end

8
config/feature_flags/development/ci_variable_for_group_gitlab_deploy_token.yml
View File

@ -1,8 +0,0 @@
---
name: ci_variable_for_group_gitlab_deploy_token
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/88696
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/363621
milestone: '15.1'
type: development
group: group::pipeline authoring
default_enabled: true

17
data/deprecations/15-4-non-expiring-access-tokens.yml Normal file
View File

@ -0,0 +1,17 @@
- name: "Non-expiring access tokens"
announcement_milestone: "15.4"
announcement_date: "2022-09-22"
removal_milestone: "16.0"
removal_date: "2022-05-22"
breaking_change: true
reporter: hsutor
body: | # Do not modify this line, instead modify the lines below.
Currently, you can create access tokens that have no expiration date. These access tokens are valid indefinitely, which presents a security risk if the access token is
divulged. Because expiring access tokens are better, from GitLab 15.3 we [populate a default expiration date](https://gitlab.com/gitlab-org/gitlab/-/issues/348660).
In GitLab 16.0, any personal, project, or group access token that does not have an expiration date will automatically have an expiration date set at one year.
We recommend giving your tokens an expiration date in line with your company's security policies before the default is applied in GitLab 16.0.
stage: Manage
tiers: [Free, Premium, Ultimate]
issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/369122

9
db/docs/ghost_user_migrations.yml Normal file
View File

@ -0,0 +1,9 @@
---
table_name: ghost_user_migrations
classes:
- GhostUserMigration
feature_categories:
- users
description: Users records awaiting for their associated records to be migrated to ghost user
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/95473
milestone: '15.4'

12
db/migrate/20220726171440_create_ghost_user_migrations.rb Normal file
View File

@ -0,0 +1,12 @@
# frozen_string_literal: true
class CreateGhostUserMigrations < Gitlab::Database::Migration[2.0]
def change
create_table :ghost_user_migrations do |t|
t.bigint :user_id, index: { unique: true }, null: false
t.bigint :initiator_user_id
t.timestamps_with_timezone null: false
t.boolean :hard_delete, default: false, null: false
end
end
end

15
db/migrate/20220726171450_add_user_fk_to_ghost_user_migrations.rb Normal file
View File

@ -0,0 +1,15 @@
# frozen_string_literal: true
class AddUserFkToGhostUserMigrations < Gitlab::Database::Migration[2.0]
disable_ddl_transaction!
def up
add_concurrent_foreign_key :ghost_user_migrations, :users, column: :user_id, on_delete: :cascade
end
def down
with_lock_retries do
remove_foreign_key :ghost_user_migrations, column: :user_id
end
end
end

1
db/schema_migrations/20220726171440 Normal file
View File

@ -0,0 +1 @@
5fce175152ab9c954b35d612800b381634248fe0c02b5dfc06c4650b8df9e787

1
db/schema_migrations/20220726171450 Normal file
View File

@ -0,0 +1 @@
86d469a9dc2d22451728d310bd2b830c5cdb69033bdf6b5fe30d45c6c6b8ae4b

28
db/structure.sql
View File

@ -15741,6 +15741,24 @@ CREATE SEQUENCE geo_reset_checksum_events_id_seq
ALTER SEQUENCE geo_reset_checksum_events_id_seq OWNED BY geo_reset_checksum_events.id;
CREATE TABLE ghost_user_migrations (
id bigint NOT NULL,
user_id bigint NOT NULL,
initiator_user_id bigint,
created_at timestamp with time zone NOT NULL,
updated_at timestamp with time zone NOT NULL,
hard_delete boolean DEFAULT false NOT NULL
);
CREATE SEQUENCE ghost_user_migrations_id_seq
START WITH 1
INCREMENT BY 1
NO MINVALUE
NO MAXVALUE
CACHE 1;
ALTER SEQUENCE ghost_user_migrations_id_seq OWNED BY ghost_user_migrations.id;
CREATE TABLE gitlab_subscription_histories (
id bigint NOT NULL,
gitlab_subscription_created_at timestamp with time zone,
@ -23470,6 +23488,8 @@ ALTER TABLE ONLY geo_repository_updated_events ALTER COLUMN id SET DEFAULT nextv
ALTER TABLE ONLY geo_reset_checksum_events ALTER COLUMN id SET DEFAULT nextval('geo_reset_checksum_events_id_seq'::regclass);
ALTER TABLE ONLY ghost_user_migrations ALTER COLUMN id SET DEFAULT nextval('ghost_user_migrations_id_seq'::regclass);
ALTER TABLE ONLY gitlab_subscription_histories ALTER COLUMN id SET DEFAULT nextval('gitlab_subscription_histories_id_seq'::regclass);
ALTER TABLE ONLY gitlab_subscriptions ALTER COLUMN id SET DEFAULT nextval('gitlab_subscriptions_id_seq'::regclass);
@ -25367,6 +25387,9 @@ ALTER TABLE ONLY geo_repository_updated_events
ALTER TABLE ONLY geo_reset_checksum_events
ADD CONSTRAINT geo_reset_checksum_events_pkey PRIMARY KEY (id);
ALTER TABLE ONLY ghost_user_migrations
ADD CONSTRAINT ghost_user_migrations_pkey PRIMARY KEY (id);
ALTER TABLE ONLY gitlab_subscription_histories
ADD CONSTRAINT gitlab_subscription_histories_pkey PRIMARY KEY (id);
@ -28687,6 +28710,8 @@ CREATE INDEX index_geo_repository_updated_events_on_source ON geo_repository_upd
CREATE INDEX index_geo_reset_checksum_events_on_project_id ON geo_reset_checksum_events USING btree (project_id);
CREATE UNIQUE INDEX index_ghost_user_migrations_on_user_id ON ghost_user_migrations USING btree (user_id);
CREATE INDEX index_gin_ci_namespace_mirrors_on_traversal_ids ON ci_namespace_mirrors USING gin (traversal_ids);
CREATE INDEX index_gin_ci_pending_builds_on_namespace_traversal_ids ON ci_pending_builds USING gin (namespace_traversal_ids);
@ -32223,6 +32248,9 @@ ALTER TABLE ONLY boards
ALTER TABLE ONLY epics
ADD CONSTRAINT fk_1fbed67632 FOREIGN KEY (start_date_sourcing_milestone_id) REFERENCES milestones(id) ON DELETE SET NULL;
ALTER TABLE ONLY ghost_user_migrations
ADD CONSTRAINT fk_202e642a2f FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE;
ALTER TABLE ONLY coverage_fuzzing_corpuses
ADD CONSTRAINT fk_204d40056a FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE;

12
doc/api/groups.md
View File

@ -1111,12 +1111,16 @@ curl --request PUT --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab
## Remove group
> - Immediately deleting subgroups was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/360008) in GitLab 15.3 [with a flag](../administration/feature_flags.md) named `immediate_delete_subgroup_api`. Disabled by default.
> - Immediately deleting subgroups was [enabled on GitLab.com and self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/368276) in GitLab 15.4.
Only available to group owners and administrators.
This endpoint either:
- Removes group, and queues a background job to delete all projects in the group as well.
- Since [GitLab 12.8](https://gitlab.com/gitlab-org/gitlab/-/issues/33257), on [Premium](https://about.gitlab.com/pricing/) or higher tiers, marks a group for deletion. The deletion happens 7 days later by default, but this can be changed in the [instance settings](../user/admin_area/settings/visibility_and_access_controls.md#deletion-protection).
- Deletes a subgroup immediately if the subgroup is marked for deletion (GitLab 15.4 and later). The endpoint does not immediately delete top-level groups.
```plaintext
DELETE /groups/:id
@ -1124,9 +1128,11 @@ DELETE /groups/:id
Parameters:
| Attribute | Type | Required | Description |
| --------------- | -------------- | -------- | ----------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the group](index.md#namespaced-path-encoding) |
| Attribute | Type | Required | Description |
|----------------------|------------------|----------|-------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `id` | integer/string | yes | The ID or [URL-encoded path of the group](index.md#namespaced-path-encoding) |
| `permanently_remove` **(PREMIUM)** | boolean/string | no | Immediately deletes a subgroup if it is marked for deletion. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/368276) in GitLab 15.4 |
| `full_path` **(PREMIUM)** | string | no | Full path of subgroup to use with `permanently_remove`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/368276) in GitLab 15.4. To find the subgroup path, see the [group details](groups.md#details-of-a-group) |
The response is `202 Accepted` if the user has authorization.

24
doc/update/deprecations.md
View File

@ -45,6 +45,30 @@ sole discretion of GitLab Inc.
<div class="announcement-milestone">
## Announced in 15.4
<div class="deprecation removal-160 breaking-change">
### Non-expiring access tokens
Planned removal: GitLab <span class="removal-milestone">16.0</span> (2022-05-22)
WARNING:
This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/).
Review the details carefully before upgrading.
Currently, you can create access tokens that have no expiration date. These access tokens are valid indefinitely, which presents a security risk if the access token is
divulged. Because expiring access tokens are better, from GitLab 15.3 we [populate a default expiration date](https://gitlab.com/gitlab-org/gitlab/-/issues/348660).
In GitLab 16.0, any personal, project, or group access token that does not have an expiration date will automatically have an expiration date set at one year.
We recommend giving your tokens an expiration date in line with your company's security policies before the default is applied in GitLab 16.0.
</div>
</div>
<div class="announcement-milestone">
## Announced in 15.3
<div class="deprecation removal-160 breaking-change">

4
doc/user/clusters/agent/install/index.md
View File

@ -40,7 +40,7 @@ To install the agent in your cluster:
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/259669) in GitLab 13.7, the agent configuration file can be added to multiple directories (or subdirectories) of the repository.
> - Group authorization was [introduced](https://gitlab.com/groups/gitlab-org/-/epics/5784) in GitLab 14.3.
The agent uses a YAML file for configuration settings. You must create this file if:
For configuration settings, the agent uses a YAML file in the GitLab project. You must create this file if:
- You use [a GitOps workflow](../gitops.md#gitops-workflow-steps).
- You use [a GitLab CI/CD workflow](../ci_cd_workflow.md#gitlab-cicd-workflow-steps) and want to authorize a different project to use the agent.
@ -56,7 +56,7 @@ To create an agent configuration file:
- Start with an alphanumeric character.
- End with an alphanumeric character.
1. In the repository, create a directory in this location:
1. In the repository, in the default branch, create this directory at the root:
```plaintext
.gitlab/agents/<agent-name>

3
doc/user/project/deploy_tokens/index.md
View File

@ -190,7 +190,8 @@ To pull images from the Dependency Proxy, you must:
### GitLab deploy token
> Support for `gitlab-deploy-token` at the group level [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/214014) in GitLab 15.1 [with a flag](../../../administration/feature_flags.md) named `ci_variable_for_group_gitlab_deploy_token`. Enabled by default.
> - Support for `gitlab-deploy-token` at the group level [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/214014) in GitLab 15.1 [with a flag](../../../administration/feature_flags.md) named `ci_variable_for_group_gitlab_deploy_token`. Enabled by default.
> - [Feature flag `ci_variable_for_group_gitlab_deploy_token`](https://gitlab.com/gitlab-org/gitlab/-/issues/363621) removed in GitLab 15.4.
There's a special case when it comes to deploy tokens. If a user creates one
named `gitlab-deploy-token`, the username and token of the deploy token is

1
lib/gitlab/database/gitlab_schemas.yml
View File

@ -228,6 +228,7 @@ geo_repository_deleted_events: :gitlab_main
geo_repository_renamed_events: :gitlab_main
geo_repository_updated_events: :gitlab_main
geo_reset_checksum_events: :gitlab_main
ghost_user_migrations: :gitlab_main
gitlab_subscription_histories: :gitlab_main
gitlab_subscriptions: :gitlab_main
gpg_keys: :gitlab_main

2
qa/qa/page/base.rb
View File

@ -500,3 +500,5 @@ module QA
end
end
end
QA::Page::Base.prepend_mod_with('Page::Base', namespace: QA)

1
spec/db/schema_spec.rb
View File

@ -50,6 +50,7 @@ RSpec.describe 'Database schema' do
geo_node_statuses: %w[last_event_id cursor_last_event_id],
geo_nodes: %w[oauth_application_id],
geo_repository_deleted_events: %w[project_id],
ghost_user_migrations: %w[initiator_user_id],
gitlab_subscription_histories: %w[gitlab_subscription_id hosted_plan_id namespace_id],
identities: %w[user_id],
import_failures: %w[project_id],

9
spec/factories/users/ghost_user_migrations.rb Normal file
View File

@ -0,0 +1,9 @@
# frozen_string_literal: true
FactoryBot.define do
factory :ghost_user_migration, class: 'Users::GhostUserMigration' do
association :user
initiator_user { association(:user) }
hard_delete { false }
end
end

11
spec/models/ci/build_spec.rb
View File

@ -3607,17 +3607,6 @@ RSpec.describe Ci::Build do
it 'includes deploy token variables' do
is_expected.to include(*deploy_token_variables)
end
context 'when the FF ci_variable_for_group_gitlab_deploy_token is disabled' do
before do
stub_feature_flags(ci_variable_for_group_gitlab_deploy_token: false)
end
it 'does not include deploy token variables' do
expect(subject.find { |v| v[:key] == 'CI_DEPLOY_USER' }).to be_nil
expect(subject.find { |v| v[:key] == 'CI_DEPLOY_PASSWORD' }).to be_nil
end
end
end
end
end

16
spec/models/project_spec.rb
View File

@ -6157,14 +6157,6 @@ RSpec.describe Project, factory_default: :keep do
let!(:deploy_token) { create(:deploy_token, :gitlab_deploy_token, :group, groups: [group]) }
it { is_expected.to eq(deploy_token) }
context 'when the FF ci_variable_for_group_gitlab_deploy_token is disabled' do
before do
stub_feature_flags(ci_variable_for_group_gitlab_deploy_token: false)
end
it { is_expected.to be_nil }
end
end
context 'when the project and its group has a gitlab deploy token associated' do
@ -6174,14 +6166,6 @@ RSpec.describe Project, factory_default: :keep do
let!(:group_deploy_token) { create(:deploy_token, :gitlab_deploy_token, :group, groups: [group]) }
it { is_expected.to eq(project_deploy_token) }
context 'when the FF ci_variable_for_group_gitlab_deploy_token is disabled' do
before do
stub_feature_flags(ci_variable_for_group_gitlab_deploy_token: false)
end
it { is_expected.to eq(project_deploy_token) }
end
end
end

14
spec/models/users/ghost_user_migration_spec.rb Normal file
View File

@ -0,0 +1,14 @@
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Users::GhostUserMigration do
describe 'associations' do
it { is_expected.to belong_to(:user) }
it { is_expected.to belong_to(:initiator_user) }
end
describe 'validation' do
it { is_expected.to validate_presence_of(:user_id) }
end
end