From c17064b66b122d3f0b05560ea65a66df76537083 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Fri, 22 Jul 2022 06:10:47 +0000 Subject: [PATCH] Add latest changes from gitlab-org/gitlab@master --- .../javascripts/pipelines/pipeline_tabs.js | 8 ++++ .../cycle_analytics/stages_controller.rb | 21 ++++++++ .../container_scanning/index.md | 2 +- .../clusters/connect/new_eks_cluster.md | 1 + .../usage_data_counters/hll_redis_counter.rb | 1 + .../known_events/common.yml | 8 ---- .../cycle_analytics/stages_controller_spec.rb | 48 +++++++++++++++++++ spec/features/cycle_analytics_spec.rb | 16 +++++-- ...lify_orphan_runner_id_on_ci_builds_spec.rb | 8 ++-- ...change_public_projects_cost_factor_spec.rb | 11 +---- spec/support/database/multiple_databases.rb | 20 ++++++++ 11 files changed, 116 insertions(+), 28 deletions(-) diff --git a/app/assets/javascripts/pipelines/pipeline_tabs.js b/app/assets/javascripts/pipelines/pipeline_tabs.js index c0e769e2485..8f2fc9b189e 100644 --- a/app/assets/javascripts/pipelines/pipeline_tabs.js +++ b/app/assets/javascripts/pipelines/pipeline_tabs.js @@ -29,6 +29,10 @@ export const createAppOptions = (selector, apolloProvider) => { pipelineIid, pipelineProjectPath, totalJobCount, + licenseManagementApiUrl, + licenseManagementSettingsPath, + licensesApiPath, + canManageLicenses, } = dataset; const defaultTabValue = getPipelineDefaultTab(window.location.href); @@ -54,6 +58,10 @@ export const createAppOptions = (selector, apolloProvider) => { pipelineIid, pipelineProjectPath, totalJobCount, + licenseManagementApiUrl, + licenseManagementSettingsPath, + licensesApiPath, + canManageLicenses: parseBoolean(canManageLicenses), }, errorCaptured(err, _vm, info) { reportToSentry('pipeline_tabs', `error: ${err}, info: ${info}`); diff --git a/app/controllers/projects/analytics/cycle_analytics/stages_controller.rb b/app/controllers/projects/analytics/cycle_analytics/stages_controller.rb index 7b38c069a60..ab2cf3abdde 100644 --- a/app/controllers/projects/analytics/cycle_analytics/stages_controller.rb +++ b/app/controllers/projects/analytics/cycle_analytics/stages_controller.rb @@ -2,6 +2,7 @@ class Projects::Analytics::CycleAnalytics::StagesController < Projects::ApplicationController include ::Analytics::CycleAnalytics::StageActions + include Gitlab::Utils::StrongMemoize extend ::Gitlab::Utils::Override respond_to :json @@ -10,6 +11,7 @@ class Projects::Analytics::CycleAnalytics::StagesController < Projects::Applicat before_action :authorize_read_cycle_analytics! before_action :only_default_value_stream_is_allowed! + before_action :authorize_stage!, only: [:median, :count, :average, :records] urgency :low @@ -25,7 +27,26 @@ class Projects::Analytics::CycleAnalytics::StagesController < Projects::Applicat Analytics::CycleAnalytics::ProjectValueStream end + override :cycle_analytics_configuration + def cycle_analytics_configuration(stages) + super(stages.select { |stage| permitted_stage?(stage) }) + end + def only_default_value_stream_is_allowed! render_404 if params[:value_stream_id] != Analytics::CycleAnalytics::Stages::BaseService::DEFAULT_VALUE_STREAM_NAME end + + def permitted_stage?(stage) + permissions[stage.name.to_sym] # name matches the permission key (only when default stages are used) + end + + def permissions + strong_memoize(:permissions) do + Gitlab::CycleAnalytics::Permissions.new(user: current_user, project: parent).get + end + end + + def authorize_stage! + render_403 unless permitted_stage?(stage) + end end diff --git a/doc/user/application_security/container_scanning/index.md b/doc/user/application_security/container_scanning/index.md index 92bb5af984a..e11db9d12d9 100644 --- a/doc/user/application_security/container_scanning/index.md +++ b/doc/user/application_security/container_scanning/index.md @@ -8,7 +8,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w # Container Scanning **(FREE)** > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/3672) in GitLab 10.4. -> - [Moved](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/86783) to Free tier in GitLab 15.0. +> - [Moved](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/86783) from GitLab Ultimate to GitLab Free in 15.0. Your application's Docker image may itself be based on Docker images that contain known vulnerabilities. By including an extra Container Scanning job in your pipeline that scans for those diff --git a/doc/user/infrastructure/clusters/connect/new_eks_cluster.md b/doc/user/infrastructure/clusters/connect/new_eks_cluster.md index 969ee7de6fb..2f5967bd7ee 100644 --- a/doc/user/infrastructure/clusters/connect/new_eks_cluster.md +++ b/doc/user/infrastructure/clusters/connect/new_eks_cluster.md @@ -122,6 +122,7 @@ To remove all resources: stages: - init - validate + - test - build - deploy - cleanup diff --git a/lib/gitlab/usage_data_counters/hll_redis_counter.rb b/lib/gitlab/usage_data_counters/hll_redis_counter.rb index 40581bda81b..b6133463023 100644 --- a/lib/gitlab/usage_data_counters/hll_redis_counter.rb +++ b/lib/gitlab/usage_data_counters/hll_redis_counter.rb @@ -43,6 +43,7 @@ module Gitlab importer incident_management_alerts pipeline_authoring + search secure snippets source_code diff --git a/lib/gitlab/usage_data_counters/known_events/common.yml b/lib/gitlab/usage_data_counters/known_events/common.yml index 88c9f44c165..ea05e0b0249 100644 --- a/lib/gitlab/usage_data_counters/known_events/common.yml +++ b/lib/gitlab/usage_data_counters/known_events/common.yml @@ -44,14 +44,6 @@ category: search redis_slot: search aggregation: weekly -- name: i_search_advanced - category: search - redis_slot: search - aggregation: weekly -- name: i_search_paid - category: search - redis_slot: search - aggregation: weekly - name: wiki_action category: source_code aggregation: daily diff --git a/spec/controllers/projects/analytics/cycle_analytics/stages_controller_spec.rb b/spec/controllers/projects/analytics/cycle_analytics/stages_controller_spec.rb index 3f0318c3973..8903592ba15 100644 --- a/spec/controllers/projects/analytics/cycle_analytics/stages_controller_spec.rb +++ b/spec/controllers/projects/analytics/cycle_analytics/stages_controller_spec.rb @@ -54,6 +54,32 @@ RSpec.describe Projects::Analytics::CycleAnalytics::StagesController do end end + shared_examples 'project-level value stream analytics with guest user' do + let_it_be(:guest) { create(:user) } + + before do + project.add_guest(guest) + sign_out(user) + sign_in(guest) + end + + %w[code review].each do |id| + it "disallows stage #{id}" do + get action, params: params.merge(id: id) + + expect(response).to have_gitlab_http_status(:forbidden) + end + end + + %w[issue plan test staging].each do |id| + it "allows stage #{id}" do + get action, params: params.merge(id: id) + + expect(response).to have_gitlab_http_status(:ok) + end + end + end + describe 'GET index' do let(:action) { :index } @@ -78,6 +104,20 @@ RSpec.describe Projects::Analytics::CycleAnalytics::StagesController do end it_behaves_like 'project-level value stream analytics request error examples' + + it 'only returns authorized stages' do + guest = create(:user) + sign_out(user) + sign_in(guest) + project.add_guest(guest) + + get action, params: params + + expect(response).to have_gitlab_http_status(:ok) + + expect(json_response['stages'].map { |stage| stage['title'] }) + .to contain_exactly('Issue', 'Plan', 'Test', 'Staging') + end end describe 'GET median' do @@ -102,6 +142,8 @@ RSpec.describe Projects::Analytics::CycleAnalytics::StagesController do end it_behaves_like 'project-level value stream analytics request error examples' + + it_behaves_like 'project-level value stream analytics with guest user' end describe 'GET average' do @@ -126,6 +168,8 @@ RSpec.describe Projects::Analytics::CycleAnalytics::StagesController do end it_behaves_like 'project-level value stream analytics request error examples' + + it_behaves_like 'project-level value stream analytics with guest user' end describe 'GET count' do @@ -150,6 +194,8 @@ RSpec.describe Projects::Analytics::CycleAnalytics::StagesController do end it_behaves_like 'project-level value stream analytics request error examples' + + it_behaves_like 'project-level value stream analytics with guest user' end describe 'GET records' do @@ -174,5 +220,7 @@ RSpec.describe Projects::Analytics::CycleAnalytics::StagesController do end it_behaves_like 'project-level value stream analytics request error examples' + + it_behaves_like 'project-level value stream analytics with guest user' end end diff --git a/spec/features/cycle_analytics_spec.rb b/spec/features/cycle_analytics_spec.rb index 03d61020ff0..e843f37c6f1 100644 --- a/spec/features/cycle_analytics_spec.rb +++ b/spec/features/cycle_analytics_spec.rb @@ -213,14 +213,20 @@ RSpec.describe 'Value Stream Analytics', :js do expect(page.find(metrics_selector)).not_to have_selector("#commits") end - it 'needs permissions to see restricted stages' do + it 'does not show restricted stages', :aggregate_failures do expect(find(stage_table_selector)).to have_content(issue.title) - click_stage('Code') - expect(find(stage_table_selector)).to have_content('You need permission.') + expect(page).to have_selector('.gl-path-nav-list-item', text: 'Issue') - click_stage('Review') - expect(find(stage_table_selector)).to have_content('You need permission.') + expect(page).to have_selector('.gl-path-nav-list-item', text: 'Plan') + + expect(page).to have_selector('.gl-path-nav-list-item', text: 'Test') + + expect(page).to have_selector('.gl-path-nav-list-item', text: 'Staging') + + expect(page).not_to have_selector('.gl-path-nav-list-item', text: 'Code') + + expect(page).not_to have_selector('.gl-path-nav-list-item', text: 'Review') end end diff --git a/spec/lib/gitlab/background_migration/nullify_orphan_runner_id_on_ci_builds_spec.rb b/spec/lib/gitlab/background_migration/nullify_orphan_runner_id_on_ci_builds_spec.rb index e38edfc3643..11e7c70250e 100644 --- a/spec/lib/gitlab/background_migration/nullify_orphan_runner_id_on_ci_builds_spec.rb +++ b/spec/lib/gitlab/background_migration/nullify_orphan_runner_id_on_ci_builds_spec.rb @@ -2,12 +2,12 @@ require 'spec_helper' -RSpec.describe Gitlab::BackgroundMigration::NullifyOrphanRunnerIdOnCiBuilds, :migration, schema: 20220223112304 do +RSpec.describe Gitlab::BackgroundMigration::NullifyOrphanRunnerIdOnCiBuilds, migration: :gitlab_ci, schema: 20220223112304 do let(:namespaces) { table(:namespaces) } let(:projects) { table(:projects) } - let(:ci_runners) { table(:ci_runners, database: :ci) } - let(:ci_pipelines) { table(:ci_pipelines, database: :ci) } - let(:ci_builds) { table(:ci_builds, database: :ci) } + let(:ci_runners) { table(:ci_runners) } + let(:ci_pipelines) { table(:ci_pipelines) } + let(:ci_builds) { table(:ci_builds) } subject { described_class.new } diff --git a/spec/migrations/change_public_projects_cost_factor_spec.rb b/spec/migrations/change_public_projects_cost_factor_spec.rb index 78030736093..039edda750b 100644 --- a/spec/migrations/change_public_projects_cost_factor_spec.rb +++ b/spec/migrations/change_public_projects_cost_factor_spec.rb @@ -3,16 +3,7 @@ require 'spec_helper' require_migration! -RSpec.describe ChangePublicProjectsCostFactor, :migration do - # This is a workaround to force the migration to run against the - # `gitlab_ci` schema. Otherwise it only runs against `gitlab_main`. - around do |example| # rubocop: disable Style/MultilineIfModifier - with_reestablished_active_record_base do - reconfigure_db_connection(name: :ci) - example.run - end - end if Gitlab::Database.has_config?(:ci) - +RSpec.describe ChangePublicProjectsCostFactor, migration: :gitlab_ci do let(:runners) { table(:ci_runners) } let!(:shared_1) { runners.create!(runner_type: 1, public_projects_minutes_cost_factor: 0) } diff --git a/spec/support/database/multiple_databases.rb b/spec/support/database/multiple_databases.rb index 94857b47127..05f26e57e9c 100644 --- a/spec/support/database/multiple_databases.rb +++ b/spec/support/database/multiple_databases.rb @@ -98,6 +98,26 @@ RSpec.configure do |config| example.run end end + + config.around(:each, :migration) do |example| + migration_schema = example.metadata[:migration] + migration_schema = :gitlab_main if migration_schema == true + base_model = Gitlab::Database.schemas_to_base_models.fetch(migration_schema).first + + # Migration require an `ActiveRecord::Base` to point to desired database + if base_model != ActiveRecord::Base + with_reestablished_active_record_base do + reconfigure_db_connection( + model: ActiveRecord::Base, + config_model: base_model + ) + + example.run + end + else + example.run + end + end end ActiveRecord::Base.singleton_class.prepend(::Database::ActiveRecordBaseEstablishConnection) # rubocop:disable Database/MultipleDatabases