diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-07-20 21:10:19 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-07-20 21:10:19 +0000 |
| commit | f1f255857dd72d1aa234ea4874eadf6f4f1758ba (patch) | |
| tree | ecfbd4ccbf1d2d625d9433ded2416079c6ca1116 | |
| parent | 61b943c213065636abd4ebb34a3fba5412aa047f (diff) | |
| download | gitlab-ce-f1f255857dd72d1aa234ea4874eadf6f4f1758ba.tar.gz | |
Add latest changes from gitlab-org/gitlab@master
24 files changed, 177 insertions, 222 deletions
diff --git a/.gitlab/ci/frontend.gitlab-ci.yml b/.gitlab/ci/frontend.gitlab-ci.yml index 8c49d5c212a..a45db09b602 100644 --- a/.gitlab/ci/frontend.gitlab-ci.yml +++ b/.gitlab/ci/frontend.gitlab-ci.yml @@ -144,7 +144,7 @@ rspec-all frontend_fixture: rspec-all frontend_fixture as-if-foss: extends: - .frontend-fixtures-base - - .frontend:rules:default-frontend-jobs-as-if-foss + - .frontend:rules:frontend_fixture-as-if-foss - .as-if-foss needs: - !reference [.frontend-fixtures-base, needs] @@ -194,7 +194,10 @@ graphql-schema-dump as-if-foss: # Disable warnings in browserslist which can break on backports # https://github.com/browserslist/browserslist/blob/a287ec6/node.js#L367-L384 BROWSERSLIST_IGNORE_OLD_DATA: "true" + USE_BUNDLE_INSTALL: "false" + SETUP_DB: "false" before_script: + - !reference [.default-before_script, before_script] - *yarn-install stage: test @@ -230,6 +233,17 @@ jest minimal: script: - run_timed_command "yarn jest:ci:minimal" +jest minimal as-if-foss: + extends: + - .jest-base + - .frontend:rules:jest:minimal:as-if-foss + - .as-if-foss + needs: + - "rspec-all frontend_fixture as-if-foss" + - "detect-tests" + script: + - run_timed_command "yarn jest:ci:minimal" + jest-integration: extends: - .frontend-test-base diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml index 93790f431dd..6cbd7576947 100644 --- a/.gitlab/ci/rules.gitlab-ci.yml +++ b/.gitlab/ci/rules.gitlab-ci.yml @@ -252,7 +252,7 @@ - "vendor/assets/**/*" - "{,ee/,jh/}app/assets/**/*" -.frontend-patterns: &frontend-patterns +.frontend-patterns-for-as-if-foss: &frontend-patterns-for-as-if-foss - "{package.json,yarn.lock}" - ".browserslistrc" - "babel.config.js" @@ -261,7 +261,7 @@ - "Dockerfile.assets" - "config/**/*.js" - "vendor/assets/**/*" - - "{,ee/,jh/}{app/assets,app/helpers,app/presenters,app/views,locale,public,symbol}/**/*" + - "{app/assets,app/helpers,app/presenters,app/views,locale,public,spec/frontend,symbol}/**/*" .controllers-patterns: &controllers-patterns - "{,ee/,jh/}{app/controllers}/**/*" @@ -369,7 +369,6 @@ - "Dockerfile.assets" - "vendor/assets/**/*" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" - - ".gitlab-ci.yml" - "*_VERSION" - "{,jh/}Gemfile{,.lock}" - "Rakefile" @@ -400,7 +399,6 @@ - "Dockerfile.assets" - "vendor/assets/**/*" - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}" - - ".gitlab-ci.yml" - "*_VERSION" - "{,jh/}Gemfile{,.lock}" - "Rakefile" @@ -734,6 +732,7 @@ - <<: *if-merge-request-targeting-stable-branch - <<: *if-merge-request-labels-run-review-app - <<: *if-auto-deploy-branches + - changes: *ci-build-images-patterns - changes: *code-qa-patterns - changes: *workhorse-patterns @@ -795,6 +794,12 @@ changes: *ci-patterns allow_failure: true +.frontend:rules:frontend_fixture-as-if-foss: + rules: + - !reference [".strict-ee-only-rules", rules] + - !reference [".frontend:rules:default-frontend-jobs-as-if-foss", rules] + - !reference [".frontend:rules:jest:minimal:as-if-foss", rules] + .frontend:rules:jest: rules: - <<: *if-fork-merge-request @@ -828,12 +833,39 @@ - <<: *if-merge-request changes: *code-backstage-patterns +.frontend:rules:jest:minimal:as-if-foss: + rules: + - !reference [".strict-ee-only-rules", rules] + - <<: *if-security-merge-request + changes: *code-backstage-patterns + when: never + - <<: *if-merge-request-labels-as-if-foss + when: never + - <<: *if-merge-request-labels-run-all-jest + when: never + - <<: *if-merge-request-labels-run-all-rspec + when: never + - <<: *if-merge-request + changes: *startup-css-patterns + when: never + - <<: *if-merge-request + changes: *ci-patterns + when: never + - <<: *if-fork-merge-request + when: never + - <<: *if-automated-merge-request + changes: *code-backstage-patterns + - <<: *if-default-refs + changes: *core-frontend-patterns + - <<: *if-default-refs + changes: *code-backstage-patterns + .frontend:rules:eslint-as-if-foss: rules: - !reference [".strict-ee-only-rules", rules] - <<: *if-merge-request-labels-as-if-foss - <<: *if-merge-request - changes: *frontend-patterns + changes: *frontend-patterns-for-as-if-foss .frontend:rules:ee-mr-and-default-branch-only: rules: @@ -1633,7 +1665,7 @@ - <<: *if-dot-com-gitlab-org-merge-request changes: *ci-review-patterns - <<: *if-dot-com-gitlab-org-merge-request - changes: *frontend-patterns + changes: *frontend-build-patterns - <<: *if-dot-com-gitlab-org-merge-request changes: *controllers-patterns - <<: *if-dot-com-gitlab-org-merge-request diff --git a/app/services/work_items/create_and_link_service.rb b/app/services/work_items/create_and_link_service.rb index 6a773a84225..af9084e74a7 100644 --- a/app/services/work_items/create_and_link_service.rb +++ b/app/services/work_items/create_and_link_service.rb @@ -7,19 +7,20 @@ module WorkItems # new work items that were never associated with other work items as expected. class CreateAndLinkService def initialize(project:, current_user: nil, params: {}, spam_params:, link_params: {}) - @create_service = CreateService.new( - project: project, - current_user: current_user, - params: params, - spam_params: spam_params - ) @project = project @current_user = current_user + @params = params @link_params = link_params + @spam_params = spam_params end def execute - create_result = @create_service.execute + create_result = CreateService.new( + project: @project, + current_user: @current_user, + params: @params.reverse_merge(confidential: confidential_parent), + spam_params: @spam_params + ).execute return create_result if create_result.error? work_item = create_result[:work_item] @@ -40,6 +41,10 @@ module WorkItems private + def confidential_parent + !!@link_params[:parent_work_item]&.confidential + end + def payload(work_item) { work_item: work_item } end diff --git a/config/initializers/database_config.rb b/config/initializers/database_config.rb index 31666c884bc..09dedd903f8 100644 --- a/config/initializers/database_config.rb +++ b/config/initializers/database_config.rb @@ -1,5 +1,11 @@ # frozen_string_literal: true +Rails.application.reloader.to_run(:before) do + # Make sure connects_to for Ci::ApplicationRecord gets called outside of config/routes.rb first + # See InitializerConnections.with_disabled_database_connections + Ci::ApplicationRecord +end + Gitlab.ee do if Gitlab::Geo.geo_database_configured? # Make sure connects_to for geo gets called outside of config/routes.rb first diff --git a/db/post_migrate/20220607082910_add_sync_tmp_index_for_potentially_misassociated_vulnerability_occurrences.rb b/db/post_migrate/20220607082910_add_sync_tmp_index_for_potentially_misassociated_vulnerability_occurrences.rb new file mode 100644 index 00000000000..fe4ffbf6cc3 --- /dev/null +++ b/db/post_migrate/20220607082910_add_sync_tmp_index_for_potentially_misassociated_vulnerability_occurrences.rb @@ -0,0 +1,20 @@ +# frozen_string_literal: true + +class AddSyncTmpIndexForPotentiallyMisassociatedVulnerabilityOccurrences < Gitlab::Database::Migration[2.0] + INDEX_NAME = "tmp_index_vulnerability_occurrences_on_id_and_scanner_id" + REPORT_TYPES = { cluster_image_scanning: 7, generic: 99 }.freeze + CLAUSE = "report_type IN (#{REPORT_TYPES.values.join(',')})" + + disable_ddl_transaction! + + def up + add_concurrent_index :vulnerability_occurrences, + [:id, :scanner_id], + where: CLAUSE, + name: INDEX_NAME + end + + def down + remove_concurrent_index_by_name :vulnerability_occurrences, INDEX_NAME + end +end diff --git a/db/schema_migrations/20220607082910 b/db/schema_migrations/20220607082910 new file mode 100644 index 00000000000..db9c63e20c5 --- /dev/null +++ b/db/schema_migrations/20220607082910 @@ -0,0 +1 @@ +2ce59d4c11daec217cd55148476f123f25727c5519f0f180f68e07b4fa33be97
\ No newline at end of file diff --git a/db/structure.sql b/db/structure.sql index cb0d4696931..40e660df87e 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -30329,6 +30329,8 @@ CREATE INDEX tmp_index_on_vulnerabilities_non_dismissed ON vulnerabilities USING CREATE INDEX tmp_index_project_statistics_cont_registry_size ON project_statistics USING btree (project_id) WHERE (container_registry_size = 0); +CREATE INDEX tmp_index_vulnerability_occurrences_on_id_and_scanner_id ON vulnerability_occurrences USING btree (id, scanner_id) WHERE (report_type = ANY (ARRAY[7, 99])); + CREATE UNIQUE INDEX uniq_pkgs_deb_grp_architectures_on_distribution_id_and_name ON packages_debian_group_architectures USING btree (distribution_id, name); CREATE UNIQUE INDEX uniq_pkgs_deb_grp_components_on_distribution_id_and_name ON packages_debian_group_components USING btree (distribution_id, name); diff --git a/doc/api/audit_events.md b/doc/api/audit_events.md index 753e01a15aa..80d7b23d642 100644 --- a/doc/api/audit_events.md +++ b/doc/api/audit_events.md @@ -137,12 +137,13 @@ Example response: The Group Audit Events API allows you to retrieve [group audit events](../administration/audit_events.md#group-events). This API cannot retrieve project audit events. -A user with a Owner role (or above) can retrieve group audit events of all users. -A user with a Developer or Maintainer role is limited to group audit events based on their individual actions. +A user with: -This endpoint optionally supports [keyset pagination](index.md#keyset-based-pagination): +- The Owner role can retrieve group audit events of all users. +- The Developer or Maintainer role is limited to group audit events based on their individual actions. -- When requesting consecutive pages of results, we recommend you use keyset pagination. +This endpoint supports both offset-based and [keyset-based](index.md#keyset-based-pagination) pagination. Keyset-based +pagination is recommended when requesting consecutive pages of results. ### Retrieve all group audit events diff --git a/doc/api/index.md b/doc/api/index.md index 26447a2223d..15d0b0fd65f 100644 --- a/doc/api/index.md +++ b/doc/api/index.md @@ -522,11 +522,11 @@ pagination headers. Keyset-based pagination is supported only for selected resources and ordering options: -| Resource | Options | Availability | -|:---------------------------------------------------------|:---------------------------------|:------------------------------------------------------------------------------------------------------------| -| [Projects](projects.md) | `order_by=id` only | Authenticated and unauthenticated users | -| [Groups](groups.md) | `order_by=name`, `sort=asc` only | Unauthenticated users only | -| [Group audit events](audit_events.md#group-audit-events) | `order_by=id`, `sort=desc` only | Authenticated users only ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/333968) in GitLab 15.2 | +| Resource | Options | Availability | +|:---------------------------------------------------------|:---------------------------------|:-------------------------------------------------------------------------------------------------------------| +| [Projects](projects.md) | `order_by=id` only | Authenticated and unauthenticated users | +| [Groups](groups.md) | `order_by=name`, `sort=asc` only | Unauthenticated users only | +| [Group audit events](audit_events.md#group-audit-events) | `order_by=id`, `sort=desc` only | Authenticated users only ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/333968) in GitLab 15.2) | ### Pagination response headers diff --git a/doc/operations/incident_management/incidents.md b/doc/operations/incident_management/incidents.md index f1628cb64ca..f39b51b054f 100644 --- a/doc/operations/incident_management/incidents.md +++ b/doc/operations/incident_management/incidents.md @@ -13,7 +13,7 @@ tools for the triage, response, and remediation of incidents. Users with at least Guest [permissions](../../user/permissions.md) can access incidents [on public projects](../../user/permissions.md#project-members-permissions). -## Incident Creation +## Incident creation You can create an incident manually or automatically. @@ -297,7 +297,7 @@ as a column in the Incidents List, and as a field on newly created Incidents. If the incident isn't closed before the SLA period ends, GitLab adds a `missed::SLA` label to the incident. -## Incident Actions +## Incident actions There are different actions available to help triage and respond to incidents. diff --git a/doc/user/application_security/dast/checks/798.45.md b/doc/user/application_security/dast/checks/798.45.md deleted file mode 100644 index a800063f15d..00000000000 --- a/doc/user/application_security/dast/checks/798.45.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -stage: Secure -group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments ---- - -# Exposure of confidential secret or token Finicity Public Key - -## Description - -The response body contains content that matches the pattern of a Finicity Public Key. -Exposing this value could allow attackers to gain access to all resources granted by this token. - -## Remediation - -Review the response body content and remove any exposed values. - -## Details - -| ID | Aggregated | CWE | Type | Risk | -|:---|:--------|:--------|:--------|:--------| -| 798.45 | false | 798 | Passive | High | - -## Links - -- [CWE](https://cwe.mitre.org/data/definitions/798.html) diff --git a/doc/user/application_security/dast/checks/798.51.md b/doc/user/application_security/dast/checks/798.51.md deleted file mode 100644 index f131d31ae65..00000000000 --- a/doc/user/application_security/dast/checks/798.51.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -stage: Secure -group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments ---- - -# Exposure of confidential secret or token GCP API key - -## Description - -The response body contains content that matches the pattern of a GCP API key. -Exposing this value could allow attackers to gain access to all resources granted by this token. - -## Remediation - -Review the response body content and remove any exposed values. - -## Details - -| ID | Aggregated | CWE | Type | Risk | -|:---|:--------|:--------|:--------|:--------| -| 798.51 | false | 798 | Passive | High | - -## Links - -- [CWE](https://cwe.mitre.org/data/definitions/798.html) diff --git a/doc/user/application_security/dast/checks/798.71.md b/doc/user/application_security/dast/checks/798.71.md deleted file mode 100644 index f0bcc43940d..00000000000 --- a/doc/user/application_security/dast/checks/798.71.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -stage: Secure -group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments ---- - -# Exposure of confidential secret or token Lob Publishable API Key - -## Description - -The response body contains content that matches the pattern of a Lob Publishable API Key. -Exposing this value could allow attackers to gain access to all resources granted by this token. - -## Remediation - -Review the response body content and remove any exposed values. - -## Details - -| ID | Aggregated | CWE | Type | Risk | -|:---|:--------|:--------|:--------|:--------| -| 798.71 | false | 798 | Passive | High | - -## Links - -- [CWE](https://cwe.mitre.org/data/definitions/798.html) diff --git a/doc/user/application_security/dast/checks/798.73.md b/doc/user/application_security/dast/checks/798.73.md deleted file mode 100644 index eae41a49782..00000000000 --- a/doc/user/application_security/dast/checks/798.73.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -stage: Secure -group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments ---- - -# Exposure of confidential secret or token Mailgun public validation key - -## Description - -The response body contains content that matches the pattern of a Mailgun public validation key. -Exposing this value could allow attackers to gain access to all resources granted by this token. - -## Remediation - -Review the response body content and remove any exposed values. - -## Details - -| ID | Aggregated | CWE | Type | Risk | -|:---|:--------|:--------|:--------|:--------| -| 798.73 | false | 798 | Passive | High | - -## Links - -- [CWE](https://cwe.mitre.org/data/definitions/798.html) diff --git a/doc/user/application_security/dast/checks/798.76.md b/doc/user/application_security/dast/checks/798.76.md deleted file mode 100644 index 87e6364184f..00000000000 --- a/doc/user/application_security/dast/checks/798.76.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -stage: Secure -group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments ---- - -# Exposure of confidential secret or token MapBox API token - -## Description - -The response body contains content that matches the pattern of a MapBox API token. -Exposing this value could allow attackers to gain access to all resources granted by this token. - -## Remediation - -Review the response body content and remove any exposed values. - -## Details - -| ID | Aggregated | CWE | Type | Risk | -|:---|:--------|:--------|:--------|:--------| -| 798.76 | false | 798 | Passive | High | - -## Links - -- [CWE](https://cwe.mitre.org/data/definitions/798.html) diff --git a/doc/user/application_security/dast/checks/798.79.md b/doc/user/application_security/dast/checks/798.79.md deleted file mode 100644 index 9a580658a72..00000000000 --- a/doc/user/application_security/dast/checks/798.79.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -stage: Secure -group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments ---- - -# Exposure of confidential secret or token MessageBird client ID - -## Description - -The response body contains content that matches the pattern of a MessageBird client ID. -Exposing this value could allow attackers to gain access to all resources granted by this token. - -## Remediation - -Review the response body content and remove any exposed values. - -## Details - -| ID | Aggregated | CWE | Type | Risk | -|:---|:--------|:--------|:--------|:--------| -| 798.79 | false | 798 | Passive | High | - -## Links - -- [CWE](https://cwe.mitre.org/data/definitions/798.html) diff --git a/doc/user/application_security/dast/checks/798.85.md b/doc/user/application_security/dast/checks/798.85.md deleted file mode 100644 index 0726bdc7fd8..00000000000 --- a/doc/user/application_security/dast/checks/798.85.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -stage: Secure -group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments ---- - -# Exposure of confidential secret or token Nytimes Access Token - -## Description - -The response body contains content that matches the pattern of a Nytimes Access Token. -Exposing this value could allow attackers to gain access to all resources granted by this token. - -## Remediation - -Review the response body content and remove any exposed values. - -## Details - -| ID | Aggregated | CWE | Type | Risk | -|:---|:--------|:--------|:--------|:--------| -| 798.85 | false | 798 | Passive | High | - -## Links - -- [CWE](https://cwe.mitre.org/data/definitions/798.html) diff --git a/doc/user/application_security/dast/checks/index.md b/doc/user/application_security/dast/checks/index.md index cdfebc07ef2..387682318e6 100644 --- a/doc/user/application_security/dast/checks/index.md +++ b/doc/user/application_security/dast/checks/index.md @@ -81,13 +81,11 @@ The [DAST browser-based crawler](../browser_based.md) provides a number of vulne | [798.42](798.42.md) | Exposure of confidential secret or token Finicity API token | High | Passive | | [798.43](798.43.md) | Exposure of confidential secret or token Flickr Access Token | High | Passive | | [798.44](798.44.md) | Exposure of confidential secret or token Finnhub Access Token | High | Passive | -| [798.45](798.45.md) | Exposure of confidential secret or token Finicity Public Key | High | Passive | | [798.46](798.46.md) | Exposure of confidential secret or token Flutterwave Secret Key | High | Passive | | [798.47](798.47.md) | Exposure of confidential secret or token Flutterwave Encryption Key | High | Passive | | [798.48](798.48.md) | Exposure of confidential secret or token Frame.io API token | High | Passive | | [798.49](798.49.md) | Exposure of confidential secret or token Freshbooks Access Token | High | Passive | | [798.50](798.50.md) | Exposure of confidential secret or token GoCardless API token | High | Passive | -| [798.51](798.51.md) | Exposure of confidential secret or token GCP API key | High | Passive | | [798.52](798.52.md) | Exposure of confidential secret or token GitHub Personal Access Token | High | Passive | | [798.53](798.53.md) | Exposure of confidential secret or token GitHub OAuth Access Token | High | Passive | | [798.54](798.54.md) | Exposure of confidential secret or token GitHub App Token | High | Passive | @@ -107,21 +105,16 @@ The [DAST browser-based crawler](../browser_based.md) provides a number of vulne | [798.68](798.68.md) | Exposure of confidential secret or token LinkedIn Client ID | High | Passive | | [798.69](798.69.md) | Exposure of confidential secret or token LinkedIn Client secret | High | Passive | | [798.70](798.70.md) | Exposure of confidential secret or token Lob API Key | High | Passive | -| [798.71](798.71.md) | Exposure of confidential secret or token Lob Publishable API Key | High | Passive | | [798.72](798.72.md) | Exposure of confidential secret or token Mailchimp API key | High | Passive | -| [798.73](798.73.md) | Exposure of confidential secret or token Mailgun public validation key | High | Passive | | [798.74](798.74.md) | Exposure of confidential secret or token Mailgun private API token | High | Passive | | [798.75](798.75.md) | Exposure of confidential secret or token Mailgun webhook signing key | High | Passive | -| [798.76](798.76.md) | Exposure of confidential secret or token MapBox API token | High | Passive | | [798.77](798.77.md) | Exposure of confidential secret or token Mattermost Access Token | High | Passive | | [798.78](798.78.md) | Exposure of confidential secret or token MessageBird API token | High | Passive | -| [798.79](798.79.md) | Exposure of confidential secret or token MessageBird client ID | High | Passive | | [798.80](798.80.md) | Exposure of confidential secret or token Netlify Access Token | High | Passive | | [798.81](798.81.md) | Exposure of confidential secret or token New Relic user API Key | High | Passive | | [798.82](798.82.md) | Exposure of confidential secret or token New Relic user API ID | High | Passive | | [798.83](798.83.md) | Exposure of confidential secret or token New Relic ingest browser API token | High | Passive | | [798.84](798.84.md) | Exposure of confidential secret or token npm access token | High | Passive | -| [798.85](798.85.md) | Exposure of confidential secret or token Nytimes Access Token | High | Passive | | [798.86](798.86.md) | Exposure of confidential secret or token Okta Access Token | High | Passive | | [798.87](798.87.md) | Exposure of confidential secret or token Plaid Client ID | High | Passive | | [798.88](798.88.md) | Exposure of confidential secret or token Plaid Secret key | High | Passive | diff --git a/lib/gitlab/event_store.rb b/lib/gitlab/event_store.rb index 4955e873688..cb2cfa4b2b5 100644 --- a/lib/gitlab/event_store.rb +++ b/lib/gitlab/event_store.rb @@ -40,6 +40,7 @@ module Gitlab store.subscribe ::Pages::InvalidateDomainCacheWorker, to: ::Pages::PageDeletedEvent store.subscribe ::Pages::InvalidateDomainCacheWorker, to: ::Projects::ProjectDeletedEvent store.subscribe ::Pages::InvalidateDomainCacheWorker, to: ::Projects::ProjectCreatedEvent + store.subscribe ::Pages::InvalidateDomainCacheWorker, to: ::Projects::ProjectPathChangedEvent end private_class_method :configure! end diff --git a/spec/factories/work_items.rb b/spec/factories/work_items.rb index 81c9fb6ed87..267ea9710b3 100644 --- a/spec/factories/work_items.rb +++ b/spec/factories/work_items.rb @@ -10,6 +10,10 @@ FactoryBot.define do issue_type { :issue } association :work_item_type, :default + trait :confidential do + confidential { true } + end + trait :task do issue_type { :task } association :work_item_type, :default, :task diff --git a/spec/migrations/20220607082910_add_sync_tmp_index_for_potentially_misassociated_vulnerability_occurrences_spec.rb b/spec/migrations/20220607082910_add_sync_tmp_index_for_potentially_misassociated_vulnerability_occurrences_spec.rb new file mode 100644 index 00000000000..68fac1c2221 --- /dev/null +++ b/spec/migrations/20220607082910_add_sync_tmp_index_for_potentially_misassociated_vulnerability_occurrences_spec.rb @@ -0,0 +1,22 @@ +# frozen_string_literal: true + +require "spec_helper" + +require_migration! + +RSpec.describe AddSyncTmpIndexForPotentiallyMisassociatedVulnerabilityOccurrences do + let(:table) { "vulnerability_occurrences" } + let(:index) { described_class::INDEX_NAME } + + it "creates and drops the index" do + reversible_migration do |migration| + migration.before -> do + expect(ActiveRecord::Base.connection.indexes(table).map(&:name)).not_to include(index) + end + + migration.after -> do + expect(ActiveRecord::Base.connection.indexes(table).map(&:name)).to include(index) + end + end + end +end diff --git a/spec/requests/api/graphql/mutations/work_items/create_from_task_spec.rb b/spec/requests/api/graphql/mutations/work_items/create_from_task_spec.rb index b1356bbe6fd..e7f4917ddde 100644 --- a/spec/requests/api/graphql/mutations/work_items/create_from_task_spec.rb +++ b/spec/requests/api/graphql/mutations/work_items/create_from_task_spec.rb @@ -7,7 +7,7 @@ RSpec.describe "Create a work item from a task in a work item's description" do let_it_be(:project) { create(:project) } let_it_be(:developer) { create(:user).tap { |user| project.add_developer(user) } } - let_it_be(:work_item, refind: true) { create(:work_item, project: project, description: '- [ ] A task in a list', lock_version: 3) } + let_it_be(:work_item, refind: true) { create(:work_item, :confidential, project: project, description: '- [ ] A task in a list', lock_version: 3) } let(:lock_version) { work_item.lock_version } let(:input) do @@ -48,6 +48,7 @@ RSpec.describe "Create a work item from a task in a work item's description" do expect(created_work_item.issue_type).to eq('task') expect(created_work_item.work_item_type.base_type).to eq('task') expect(created_work_item.work_item_parent).to eq(work_item) + expect(created_work_item).to be_confidential expect(mutation_response['workItem']).to include('id' => work_item.to_global_id.to_s) expect(mutation_response['newWorkItem']).to include('id' => created_work_item.to_global_id.to_s) end diff --git a/spec/services/work_items/create_and_link_service_spec.rb b/spec/services/work_items/create_and_link_service_spec.rb index 81be15f9e2f..831af775101 100644 --- a/spec/services/work_items/create_and_link_service_spec.rb +++ b/spec/services/work_items/create_and_link_service_spec.rb @@ -6,7 +6,7 @@ RSpec.describe WorkItems::CreateAndLinkService do let_it_be(:group) { create(:group) } let_it_be(:project) { create(:project, group: group) } let_it_be(:user) { create(:user) } - let_it_be(:related_work_item) { create(:work_item, project: project) } + let_it_be(:related_work_item, refind: true) { create(:work_item, project: project) } let_it_be(:invalid_parent) { create(:work_item, :task, project: project) } let(:spam_params) { double } @@ -24,6 +24,26 @@ RSpec.describe WorkItems::CreateAndLinkService do project.add_developer(user) end + shared_examples 'successful work item and link creator' do + it 'creates a work item successfully with links' do + expect do + service_result + end.to change(WorkItem, :count).by(1).and( + change(WorkItems::ParentLink, :count).by(1) + ) + end + + it 'copies confidential status from the parent' do + expect do + service_result + end.to change(WorkItem, :count).by(1) + + created_task = WorkItem.last + + expect(created_task.confidential).to eq(related_work_item.confidential) + end + end + describe '#execute' do subject(:service_result) { described_class.new(project: project, current_user: user, params: params, spam_params: spam_params, link_params: link_params).execute } @@ -45,12 +65,16 @@ RSpec.describe WorkItems::CreateAndLinkService do context 'when link params are valid' do let(:link_params) { { parent_work_item: related_work_item } } - it 'creates a work item successfully with links' do - expect do - service_result - end.to change(WorkItem, :count).by(1).and( - change(WorkItems::ParentLink, :count).by(1) - ) + context 'when parent is not confidential' do + it_behaves_like 'successful work item and link creator' + end + + context 'when parent is confidential' do + before do + related_work_item.update!(confidential: true) + end + + it_behaves_like 'successful work item and link creator' end end diff --git a/spec/workers/pages/invalidate_domain_cache_worker_spec.rb b/spec/workers/pages/invalidate_domain_cache_worker_spec.rb index 1c1586ef199..096282de10d 100644 --- a/spec/workers/pages/invalidate_domain_cache_worker_spec.rb +++ b/spec/workers/pages/invalidate_domain_cache_worker_spec.rb @@ -42,4 +42,15 @@ RSpec.describe Pages::InvalidateDomainCacheWorker do event_class: Projects::ProjectCreatedEvent, event_data: { project_id: 1, namespace_id: 2, root_namespace_id: 3 }, caches: { namespace: 3, project: 1 } + + it_behaves_like 'clears caches with', + event_class: Projects::ProjectPathChangedEvent, + event_data: { + project_id: 1, + namespace_id: 2, + root_namespace_id: 3, + old_path: 'old_path', + new_path: 'new_path' + }, + caches: { namespace: 3, project: 1 } end |