diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-07-08 00:09:36 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-07-08 00:09:36 +0000 |
| commit | 5487465d35110ef72c2e7cea7ef031c3ddf4dcbc (patch) | |
| tree | 8f0b93358623fd03a912c4e6d373d1bc8aed6949 | |
| parent | 2f8483621ea55d217f8ee92d22ba2ce0c250d0b0 (diff) | |
| download | gitlab-ce-5487465d35110ef72c2e7cea7ef031c3ddf4dcbc.tar.gz | |
Add latest changes from gitlab-org/gitlab@master
21 files changed, 114 insertions, 43 deletions
diff --git a/.rubocop_todo/gitlab/namespaced_class.yml b/.rubocop_todo/gitlab/namespaced_class.yml index c4388379258..16727389a31 100644 --- a/.rubocop_todo/gitlab/namespaced_class.yml +++ b/.rubocop_todo/gitlab/namespaced_class.yml @@ -428,7 +428,6 @@ Gitlab/NamespacedClass: - 'app/presenters/group_clusterable_presenter.rb' - 'app/presenters/group_member_presenter.rb' - 'app/presenters/instance_clusterable_presenter.rb' - - 'app/presenters/invitation_presenter.rb' - 'app/presenters/issue_presenter.rb' - 'app/presenters/label_presenter.rb' - 'app/presenters/member_presenter.rb' @@ -537,7 +537,7 @@ gem 'valid_email', '~> 0.1' # JSON gem 'json', '~> 2.5.1' gem 'json_schemer', '~> 0.2.18' -gem 'oj', '~> 3.10.6' +gem 'oj', '~> 3.13.16' gem 'multi_json', '~> 1.14.1' gem 'yajl-ruby', '~> 1.4.1', require: 'yajl' diff --git a/Gemfile.lock b/Gemfile.lock index 2a8baaee80c..efd43a58e51 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -861,7 +861,7 @@ GEM plist (~> 3.1) train-core wmi-lite (~> 1.0) - oj (3.10.6) + oj (3.13.16) omniauth (1.9.1) hashie (>= 3.4.6) rack (>= 1.6.2, < 3) @@ -1633,7 +1633,7 @@ DEPENDENCIES oauth2 (~> 2.0) octokit (~> 4.15) ohai (~> 16.10) - oj (~> 3.10.6) + oj (~> 3.13.16) omniauth (~> 1.8) omniauth-alicloud (~> 1.0.1) omniauth-atlassian-oauth2 (~> 0.2.0) diff --git a/app/assets/javascripts/admin/users/components/user_actions.vue b/app/assets/javascripts/admin/users/components/user_actions.vue index 40e5f8d9d70..691a292673c 100644 --- a/app/assets/javascripts/admin/users/components/user_actions.vue +++ b/app/assets/javascripts/admin/users/components/user_actions.vue @@ -94,13 +94,13 @@ export default { :data-testid="`user-actions-${user.id}`" > <div v-if="hasEditAction" class="gl-p-2"> - <gl-button v-if="showButtonLabels" v-bind="editButtonAttrs">{{ + <gl-button v-if="showButtonLabels" v-bind="editButtonAttrs" icon="pencil-square">{{ $options.i18n.edit }}</gl-button> <gl-button v-else v-gl-tooltip="$options.i18n.edit" - icon="pencil" + icon="pencil-square" v-bind="editButtonAttrs" :aria-label="$options.i18n.edit" /> @@ -108,18 +108,12 @@ export default { <div v-if="hasDropdownActions" class="gl-p-2"> <gl-dropdown - v-gl-tooltip="$options.i18n.userAdministration" + :text="$options.i18n.userAdministration" data-testid="dropdown-toggle" - icon="ellipsis_v" data-qa-selector="user_actions_dropdown_toggle" :data-qa-username="user.username" - no-caret - right + left > - <gl-dropdown-section-header>{{ - $options.i18n.userAdministration - }}</gl-dropdown-section-header> - <template v-for="action in dropdownSafeActions"> <component :is="getActionComponent(action)" diff --git a/app/presenters/invitation_presenter.rb b/app/presenters/invitation_presenter.rb deleted file mode 100644 index ada8227a477..00000000000 --- a/app/presenters/invitation_presenter.rb +++ /dev/null @@ -1,5 +0,0 @@ -# frozen_string_literal: true - -class InvitationPresenter < Gitlab::View::Presenter::Delegated - presents nil, as: :invitation -end diff --git a/app/views/admin/identities/index.html.haml b/app/views/admin/identities/index.html.haml index b4dd92bf15c..2bab802b2c1 100644 --- a/app/views/admin/identities/index.html.haml +++ b/app/views/admin/identities/index.html.haml @@ -3,7 +3,6 @@ - page_title _("Identities"), @user.name, _("Users") = render 'admin/users/head' -= link_to _('New identity'), new_admin_user_identity_path, class: 'float-right gl-button btn-confirm' - if @identities.present? .table-holder %table.table diff --git a/app/views/admin/users/_head.html.haml b/app/views/admin/users/_head.html.haml index 529692df0b6..ed453b42725 100644 --- a/app/views/admin/users/_head.html.haml +++ b/app/views/admin/users/_head.html.haml @@ -27,15 +27,18 @@ = render_if_exists 'admin/users/gma_user_badge' .gl-my-3.gl-display-flex.gl-flex-wrap.gl-my-n2.gl-mx-n2 + .gl-p-2 + #js-admin-user-actions{ data: admin_user_actions_data_attributes(@user) } - if @user != current_user - .gl-p-2 - - if impersonation_enabled? && @user.can?(:log_in) + - if impersonation_enabled? && @user.can?(:log_in) + .gl-p-2 = link_to _('Impersonate'), impersonate_admin_user_path(@user), method: :post, class: "btn btn-default gl-button", data: { qa_selector: 'impersonate_user_link' } - - if can_force_email_confirmation?(@user) - = render Pajamas::ButtonComponent.new(variant: :confirm, button_options: { class: 'js-confirm-modal-button', data: confirm_user_data(@user) }) do + - if can_force_email_confirmation?(@user) + .gl-p-2 + = render Pajamas::ButtonComponent.new(variant: :default, button_options: { class: 'js-confirm-modal-button', data: confirm_user_data(@user) }) do = _('Confirm user') .gl-p-2 - #js-admin-user-actions{ data: admin_user_actions_data_attributes(@user) } + = link_to _('New identity'), new_admin_user_identity_path(@user), class: "btn btn-primary gl-button" = gl_tabs_nav do = gl_tab_link_to _("Account"), admin_user_path(@user) = gl_tab_link_to _("Groups and projects"), projects_admin_user_path(@user) diff --git a/db/post_migrate/20220706115138_create_async_index_on_security_findings.rb b/db/post_migrate/20220706115138_create_async_index_on_security_findings.rb new file mode 100644 index 00000000000..30baa1af91c --- /dev/null +++ b/db/post_migrate/20220706115138_create_async_index_on_security_findings.rb @@ -0,0 +1,22 @@ +# frozen_string_literal: true + +class CreateAsyncIndexOnSecurityFindings < Gitlab::Database::Migration[2.0] + INDEX_NAME = 'index_on_security_findings_uuid_and_id_order_desc' + + def up + prepare_async_index( + :security_findings, + %i[uuid id], + order: { id: :desc }, + name: INDEX_NAME + ) + end + + def down + unprepare_async_index( + :security_findings, + %i[uuid id], + name: INDEX_NAME + ) + end +end diff --git a/db/schema_migrations/20220706115138 b/db/schema_migrations/20220706115138 new file mode 100644 index 00000000000..0c139470b47 --- /dev/null +++ b/db/schema_migrations/20220706115138 @@ -0,0 +1 @@ +c0c4a18cb711e0288bf1d385e06151e0e329dc40d4e9cd51e6437fe73d6bfc21
\ No newline at end of file diff --git a/doc/administration/gitaly/index.md b/doc/administration/gitaly/index.md index 2d092ba9086..97de14e0825 100644 --- a/doc/administration/gitaly/index.md +++ b/doc/administration/gitaly/index.md @@ -523,6 +523,48 @@ For more information on configuring Gitaly Cluster, see [Configure Gitaly Cluste To upgrade a Gitaly Cluster, follow the documentation for [zero downtime upgrades](../../update/zero_downtime.md#gitaly-or-gitaly-cluster). +### Downgrade Gitaly Cluster to a previous version + +If you need to roll back a Gitaly Cluster to an earlier version, some Praefect database migrations may need to be reverted. In a cluster with: + +- A single Praefect node, this happens when GitLab itself is downgraded. +- Multiple Praefect nodes, additional steps are required. + +To downgrade a Gitaly Cluster with multiple Praefect nodes: + +1. Stop the Praefect service on all Praefect nodes: + + ```shell + gitlab-ctl stop praefect + ``` + +1. Downgrade the GitLab package to the older version on one of the Praefect nodes. +1. On the downgraded node, check the state of Praefect migrations: + + ```shell + /opt/gitlab/embedded/bin/praefect -config /var/opt/gitlab/praefect/config.toml sql-migrate-status + ``` + +1. Count the number of migrations with `unknown migration` in the `APPLIED` column. +1. On a Praefect node that has **not** been downgraded, perform a dry run of the rollback to validate which migrations to revert. `<CT_UNKNOWN>` + is the number of unknown migrations reported by the downgraded node. + + ```shell + /opt/gitlab/embedded/bin/praefect -config /var/opt/gitlab/praefect/config.toml sql-migrate <CT_UNKNOWN> + ``` + +1. If the results look correct, run the same command with the `-f` option to revert the migrations: + + ```shell + /opt/gitlab/embedded/bin/praefect -config /var/opt/gitlab/praefect/config.toml sql-migrate -f <CT_UNKNOWN> + ``` + +1. Downgrade the GitLab package on the remaining Praefect nodes and start the Praefect service again: + + ```shell + gitlab-ctl start praefect + ``` + ## Migrate to Gitaly Cluster WARNING: diff --git a/doc/development/documentation/site_architecture/folder_structure.md b/doc/development/documentation/site_architecture/folder_structure.md index e960a6491c7..51a250d2072 100644 --- a/doc/development/documentation/site_architecture/folder_structure.md +++ b/doc/development/documentation/site_architecture/folder_structure.md @@ -85,6 +85,15 @@ place for it. Do not include the same information in multiple places. [Link to a single source of truth instead.](../styleguide/index.md#link-instead-of-repeating-text) +For example, if you have code in a repository other than the [primary repositories](index.md#architecture), +and documentation in the same repository, you can keep the documentation in that repository. + +Then you can either: + +- Publish it to <https://docs.gitlab.com>. +- Link to it from <https://docs.gitlab.com> by adding an entry in the global navigation. + View [an example](https://gitlab.com/gitlab-org/gitlab-docs/-/blob/fedb6378a3c92274ba3b6031df0d34455594e4cc/content/_data/navigation.yaml#L2944). + ## References across documents - Give each folder an `index.md` page that introduces the topic, and both introduces diff --git a/doc/development/fips_compliance.md b/doc/development/fips_compliance.md index aea23620d22..a3fd960b0c1 100644 --- a/doc/development/fips_compliance.md +++ b/doc/development/fips_compliance.md @@ -112,6 +112,14 @@ def default_min_key_size(name) end ``` +#### Unsupported features in FIPS mode + +Some GitLab features may not work when FIPS mode is enabled. The following features are known to not work in FIPS mode; however, there may be additional features not listed here that also do not work properly in FIPS mode: + +- [License compliance](../user/compliance/license_compliance/index.md) +- [Dependency scanning](../user/application_security/dependency_scanning/index.md) support for Gradle +- [Solutions for vulnerabilities](../user/application_security/vulnerabilities/index.md#resolve-a-vulnerability) for yarn projects + ## Nightly Omnibus FIPS builds The Distribution team has created [nightly FIPS Omnibus builds](https://packages.gitlab.com/gitlab/nightly-fips-builds). These diff --git a/doc/gitlab-basics/add-file.md b/doc/gitlab-basics/add-file.md index 6dd0c608983..af736c11d59 100644 --- a/doc/gitlab-basics/add-file.md +++ b/doc/gitlab-basics/add-file.md @@ -29,7 +29,7 @@ to the desired destination: cd <destination folder> ``` -[Create a new branch](create-branch.md) to add your file into. Submitting changes directly +[Create a new branch](../tutorials/make_your_first_git_commit.md#create-a-branch-and-make-changes) to add your file into. Submitting changes directly to the default branch should be avoided unless your project is very small and you're the only person working on it. diff --git a/doc/user/application_security/dependency_scanning/index.md b/doc/user/application_security/dependency_scanning/index.md index 0da9982e1a4..ceabdc9722a 100644 --- a/doc/user/application_security/dependency_scanning/index.md +++ b/doc/user/application_security/dependency_scanning/index.md @@ -311,7 +311,7 @@ table.supported-languages ul { <p> Although Gradle with Java 8 is supported, there are other issues such that Android project builds are not supported at this time. Please see the backlog issue <a href="https://gitlab.com/gitlab-org/gitlab/-/issues/336866">Android support for Dependency - Scanning (gemnasium-maven)</a> for more details. + Scanning (gemnasium-maven)</a> for more details. Also, Gradle is not supported when [FIPS mode](../../../development/fips_compliance.md#enable-fips-mode) is enabled. </p> </li> <li> @@ -693,7 +693,7 @@ To manually switch to FIPS-enabled images, set the variable `DS_IMAGE_SUFFIX` to To ensure compliance with FIPS, the FIPS-enabled image of `gemnasium-maven` uses the OpenJDK packages for RedHat UBI. As a result, it only supports Java 8, 11, and 17. -Auto-remediation for Yarn projects isn't supported in FIPS mode. +Dependency scanning for Gradle projects and auto-remediation for Yarn projects are not supported in FIPS mode. ## Interacting with the vulnerabilities diff --git a/doc/user/application_security/vulnerabilities/index.md b/doc/user/application_security/vulnerabilities/index.md index 8aeb0cfd146..f0ac01000ef 100644 --- a/doc/user/application_security/vulnerabilities/index.md +++ b/doc/user/application_security/vulnerabilities/index.md @@ -153,7 +153,7 @@ The following scanners are supported by this feature: - [Dependency Scanning](../dependency_scanning/index.md). Automatic Patch creation is only available for Node.js projects managed with - `yarn`. + `yarn` when [FIPS mode](../../../development/fips_compliance.md#enable-fips-mode) is disabled. - [Container Scanning](../container_scanning/index.md). To resolve a vulnerability, you can either: diff --git a/doc/user/compliance/license_compliance/index.md b/doc/user/compliance/license_compliance/index.md index 38168a8f62e..8c57220068b 100644 --- a/doc/user/compliance/license_compliance/index.md +++ b/doc/user/compliance/license_compliance/index.md @@ -71,11 +71,13 @@ Gradle 1.x projects are not supported. The minimum supported version of Maven is |------------|----------------------------------------------------------------------------------------------|-------| | JavaScript | [Bower](https://bower.io/), [npm](https://www.npmjs.com/) (7 and earlier) | | | Go | [Godep](https://github.com/tools/godep) ([deprecated](../../../update/deprecations.md#godep-support-in-license-compliance)), [go mod](https://github.com/golang/go/wiki/Modules) | | -| Java | [Gradle](https://gradle.org/), [Maven](https://maven.apache.org/) | | +| Java | [Gradle](https://gradle.org/) <sup>1</sup>, [Maven](https://maven.apache.org/) | | | .NET | [NuGet](https://www.nuget.org/) | The .NET Framework is supported via the [mono project](https://www.mono-project.com/). There are, however, some limitations. The scanner doesn't support Windows-specific dependencies and doesn't report dependencies of your project's listed dependencies. Also, the scanner always marks detected licenses for all dependencies as `unknown`. | | Python | [pip](https://pip.pypa.io/en/stable/) | Python is supported through [requirements.txt](https://pip.pypa.io/en/stable/user_guide/#requirements-files) and [Pipfile.lock](https://github.com/pypa/pipfile#pipfilelock). | | Ruby | [gem](https://rubygems.org/) | | +1. Gradle 7 and later is not supported as dependencies are not discovered when included with the `implementation` directive. Please see [GitLab#341222](https://gitlab.com/gitlab-org/gitlab/-/issues/341222) for more details. + ### Experimental support The following languages and package managers are [supported experimentally](https://github.com/pivotal/LicenseFinder#experimental-project-types). @@ -100,6 +102,8 @@ To enable License Compliance in your project's pipeline, either: (provided by [Auto DevOps](../../../topics/autodevops/index.md)). - Include the [`License-Scanning.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/License-Scanning.gitlab-ci.yml) in your `.gitlab-ci.yml` file. +Please note that License Compliance is not supported when GitLab is run with FIPS mode enabled. + ### Include the License Scanning template Prerequisites: @@ -109,6 +113,7 @@ Prerequisites: shared runners on GitLab.com, this is enabled by default. - License Scanning runs in the `test` stage, which is available by default. If you redefine the stages in the `.gitlab-ci.yml` file, the `test` stage is required. +- [FIPS mode](../../../development/fips_compliance.md#enable-fips-mode) must be disabled. To [include](../../../ci/yaml/index.md#includetemplate) the [`License-Scanning.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/License-Scanning.gitlab-ci.yml), add it to your `.gitlab-ci.yml` file: diff --git a/lib/gitlab/background_migration/fix_vulnerability_occurrences_with_hashes_as_raw_metadata.rb b/lib/gitlab/background_migration/fix_vulnerability_occurrences_with_hashes_as_raw_metadata.rb index a34e923545c..8aad795b2e3 100644 --- a/lib/gitlab/background_migration/fix_vulnerability_occurrences_with_hashes_as_raw_metadata.rb +++ b/lib/gitlab/background_migration/fix_vulnerability_occurrences_with_hashes_as_raw_metadata.rb @@ -68,7 +68,7 @@ module Gitlab def valid_json?(metadata) Oj.load(metadata) true - rescue Oj::ParseError, Encoding::UndefinedConversionError + rescue Oj::ParseError, EncodingError, Json::ParseError, Encoding::UndefinedConversionError false end diff --git a/lib/gitlab/json.rb b/lib/gitlab/json.rb index 512936bb4f4..968b48b240f 100644 --- a/lib/gitlab/json.rb +++ b/lib/gitlab/json.rb @@ -95,7 +95,7 @@ module Gitlab opts = standardize_opts(opts) Oj.load(string, opts) - rescue Oj::ParseError, Encoding::UndefinedConversionError => ex + rescue Oj::ParseError, EncodingError, JSON::ParseError, Encoding::UndefinedConversionError => ex raise parser_error, ex end diff --git a/package.json b/package.json index 071ab9b8b73..52ca15dd56b 100644 --- a/package.json +++ b/package.json @@ -200,7 +200,7 @@ "yaml": "^2.0.0-10" }, "devDependencies": { - "@gitlab/eslint-plugin": "12.3.0", + "@gitlab/eslint-plugin": "13.0.0", "@gitlab/stylelint-config": "4.1.0", "@graphql-eslint/eslint-plugin": "3.10.4", "@testing-library/dom": "^7.16.2", diff --git a/spec/frontend/admin/users/components/user_actions_spec.js b/spec/frontend/admin/users/components/user_actions_spec.js index b90a30b5b89..e04c43ae3f2 100644 --- a/spec/frontend/admin/users/components/user_actions_spec.js +++ b/spec/frontend/admin/users/components/user_actions_spec.js @@ -77,12 +77,6 @@ describe('AdminUserActions component', () => { expect(findActionsDropdown().exists()).toBe(true); }); - it('renders the tooltip', () => { - const tooltip = getBinding(findActionsDropdown().element, 'gl-tooltip'); - - expect(tooltip.value).toBe(I18N_USER_ACTIONS.userAdministration); - }); - describe('when there are actions that require confirmation', () => { beforeEach(() => { initComponent({ actions: CONFIRMATION_ACTIONS }); diff --git a/yarn.lock b/yarn.lock index 0f8a7d6c984..5db43211e3c 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1016,10 +1016,10 @@ resolved "https://registry.yarnpkg.com/@gitlab/at.js/-/at.js-1.5.7.tgz#1ee6f838cc4410a1d797770934df91d90df8179e" integrity sha512-c6ySRK/Ma7lxwpIVbSAF3P+xiTLrNTGTLRx4/pHK111AdFxwgUwrYF6aVZFXvmG65jHOJHoa0eQQ21RW6rm0Rg== -"@gitlab/eslint-plugin@12.3.0": - version "12.3.0" - resolved "https://registry.yarnpkg.com/@gitlab/eslint-plugin/-/eslint-plugin-12.3.0.tgz#951453556fb3b4f43e3028fead65e083a8b90b0e" - integrity sha512-DV84zLLv/wDUjzoVJfpvvAAiaemKUqT1IZf16fEtlw/A4/x48vWJTMHQF7ciQtjz+gVKAnlht67IstSY8W19ZQ== +"@gitlab/eslint-plugin@13.0.0": + version "13.0.0" + resolved "https://registry.yarnpkg.com/@gitlab/eslint-plugin/-/eslint-plugin-13.0.0.tgz#fa8d0ad96cfaeaa42f2d978ff059fc17358a00f8" + integrity sha512-w7vhBiSMslam1IPeprc2cArrLW6GqIFW9cW/CEwbim8dmzT8wZFzLvTSnIHQdokPN4fM5aToCLr9HkCROy4cRg== dependencies: "@babel/core" "^7.17.0" "@babel/eslint-parser" "^7.17.0" |