diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-05-11 09:08:10 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-05-11 09:08:10 +0000 |
| commit | fb7b6bceee41fc6e5dba72a24519dec8f2713075 (patch) | |
| tree | b6795a858de5d692aab9de4676c20ba8dd5438f5 | |
| parent | 18b54e46b77786995acdb1026c2ec35956e33780 (diff) | |
| download | gitlab-ce-fb7b6bceee41fc6e5dba72a24519dec8f2713075.tar.gz | |
Add latest changes from gitlab-org/gitlab@master
44 files changed, 279 insertions, 313 deletions
diff --git a/.gitlab/merge_request_templates/Removals.md b/.gitlab/merge_request_templates/Removals.md index 159a07774ad..0b7f1efe006 100644 --- a/.gitlab/merge_request_templates/Removals.md +++ b/.gitlab/merge_request_templates/Removals.md @@ -67,7 +67,7 @@ with the same process as regular docs MRs. Add suggestions as needed, @ message the PM to inform them the first review is complete, and remove yourself as a reviewer if it's not yet ready for merge. -**Removal notices should not be merged before the code is removed from the product.** +**Removal notices should not be merged before the code is removed from the product.** <details> <summary>Expand for Details</summary> @@ -75,7 +75,7 @@ yourself as a reviewer if it's not yet ready for merge. - [ ] Title: - Length limit: 7 words (not including articles or prepositions). - Capitalization: ensure the title is [sentence cased](https://design.gitlab.com/content/punctuation#case). - - No Markdown `` `code` `` formatting in the title, as it doesn't render correctly in the release post. + - Rewrite to exclude the words `removal` and `remove` if necessary. - [ ] Consistency: - Ensure that all resources (docs, removal, etc.) refer to the feature with the same term / feature name. - [ ] Content: diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION index c189d8d9d89..f7c29cb018f 100644 --- a/GITALY_SERVER_VERSION +++ b/GITALY_SERVER_VERSION @@ -1 +1 @@ -4729c4575139660a3aa945bd6df3c66996e26e0f +60a7383d965aa6a8e69aa2e33a84792cde486cd3 diff --git a/GITLAB_SHELL_VERSION b/GITLAB_SHELL_VERSION index 4b964e96540..26f2bbc1975 100644 --- a/GITLAB_SHELL_VERSION +++ b/GITLAB_SHELL_VERSION @@ -1 +1 @@ -14.0.0 +14.1.1 diff --git a/app/assets/javascripts/frequent_items/constants.js b/app/assets/javascripts/frequent_items/constants.js index 9e1dcf70aa5..cb5d21161a9 100644 --- a/app/assets/javascripts/frequent_items/constants.js +++ b/app/assets/javascripts/frequent_items/constants.js @@ -7,7 +7,7 @@ export const FREQUENT_ITEMS = { ELIGIBLE_FREQUENCY: 3, }; -export const HOUR_IN_MS = 3600000; +export const FIFTEEN_MINUTES_IN_MS = 900000; export const STORAGE_KEY = { projects: 'frequent-projects', diff --git a/app/assets/javascripts/frequent_items/utils.js b/app/assets/javascripts/frequent_items/utils.js index 27ef47df8c8..1c33c8b1084 100644 --- a/app/assets/javascripts/frequent_items/utils.js +++ b/app/assets/javascripts/frequent_items/utils.js @@ -1,7 +1,7 @@ import { GlBreakpointInstance as bp } from '@gitlab/ui/dist/utils'; import { take } from 'lodash'; import { sanitize } from '~/lib/dompurify'; -import { FREQUENT_ITEMS, HOUR_IN_MS } from './constants'; +import { FREQUENT_ITEMS, FIFTEEN_MINUTES_IN_MS } from './constants'; export const isMobile = () => ['md', 'sm', 'xs'].includes(bp.getBreakpointSize()); @@ -38,7 +38,8 @@ export const updateExistingFrequentItem = (frequentItem, item) => { // `frequentItem` comes from localStorage and it's possible it doesn't have a `lastAccessedOn` const neverAccessed = !frequentItem.lastAccessedOn; const shouldUpdate = - neverAccessed || Math.abs(item.lastAccessedOn - frequentItem.lastAccessedOn) / HOUR_IN_MS > 1; + neverAccessed || + Math.abs(item.lastAccessedOn - frequentItem.lastAccessedOn) / FIFTEEN_MINUTES_IN_MS > 1; return { ...item, diff --git a/app/assets/javascripts/projects/settings/init_access_dropdown.js b/app/assets/javascripts/projects/settings/init_access_dropdown.js index 11272652b63..941efaef3bc 100644 --- a/app/assets/javascripts/projects/settings/init_access_dropdown.js +++ b/app/assets/javascripts/projects/settings/init_access_dropdown.js @@ -4,7 +4,7 @@ import AccessDropdown from './components/access_dropdown.vue'; export const initAccessDropdown = (el, options) => { if (!el) { - return false; + return null; } const { accessLevelsData, accessLevel } = options; diff --git a/app/assets/javascripts/vue_merge_request_widget/components/extensions/utils.js b/app/assets/javascripts/vue_merge_request_widget/components/extensions/utils.js index 5fba070f79c..cba12507eba 100644 --- a/app/assets/javascripts/vue_merge_request_widget/components/extensions/utils.js +++ b/app/assets/javascripts/vue_merge_request_widget/components/extensions/utils.js @@ -35,9 +35,7 @@ const textStyleTags = { [getStartTag('small')]: '<span class="gl-font-sm gl-text-gray-700">', }; -export const generateText = (text) => { - if (typeof text !== 'string') return null; - +const createText = (text) => { return text .replace( new RegExp( @@ -60,3 +58,21 @@ export const generateText = (text) => { ) .replace(/%{([a-z]|_)+}/g, ''); // Filter out any tags we don't know about }; + +export const generateText = (text) => { + if (typeof text === 'string') { + return createText(text); + } else if ( + typeof text === 'object' && + typeof text.text === 'string' && + typeof text.href === 'string' + ) { + return createText( + `${ + text.prependText ? `${text.prependText} ` : '' + }<a class="gl-text-decoration-underline" href="${text.href}">${text.text}</a>`, + ); + } + + return null; +}; diff --git a/app/assets/javascripts/vue_merge_request_widget/extensions/code_quality/index.js b/app/assets/javascripts/vue_merge_request_widget/extensions/code_quality/index.js index d32db50874c..cea8df2484b 100644 --- a/app/assets/javascripts/vue_merge_request_widget/extensions/code_quality/index.js +++ b/app/assets/javascripts/vue_merge_request_widget/extensions/code_quality/index.js @@ -83,14 +83,11 @@ export default { this.collapsedData.newErrors.map((e) => { return fullData.push({ text: `${capitalizeFirstCharacter(e.severity)} - ${e.description}`, - subtext: sprintf( - s__(`ciReport|in %{open_link}${e.file_path}:${e.line}%{close_link}`), - { - open_link: `<a class="gl-text-decoration-underline" href="${e.urlPath}">`, - close_link: '</a>', - }, - false, - ), + subtext: { + prependText: s__(`ciReport|in`), + text: `${e.file_path}:${e.line}`, + href: e.urlPath, + }, icon: { name: SEVERITY_ICONS_EXTENSION[e.severity], }, diff --git a/app/assets/javascripts/vue_shared/alert_details/components/alert_details.vue b/app/assets/javascripts/vue_shared/alert_details/components/alert_details.vue index 948d2505966..b34cc695e5a 100644 --- a/app/assets/javascripts/vue_shared/alert_details/components/alert_details.vue +++ b/app/assets/javascripts/vue_shared/alert_details/components/alert_details.vue @@ -288,7 +288,7 @@ export default { data-testid="createIncidentBtn" :loading="incidentCreationInProgress" category="primary" - variant="success" + variant="confirm" @click="createIncident()" > {{ s__('AlertManagement|Create incident') }} diff --git a/app/assets/stylesheets/page_bundles/dashboard_projects.scss b/app/assets/stylesheets/page_bundles/dashboard_projects.scss index eb0e1701b7f..5eced37bed3 100644 --- a/app/assets/stylesheets/page_bundles/dashboard_projects.scss +++ b/app/assets/stylesheets/page_bundles/dashboard_projects.scss @@ -15,9 +15,9 @@ .blank-state-link { &:hover { - background-color: $gray-light; + background-color: var(--gray-50, $gray-10); + color: var(--gl-text-color, $gl-text-color); text-decoration: none; - color: $gl-text-color; } } diff --git a/app/graphql/types/alert_management/domain_filter_enum.rb b/app/graphql/types/alert_management/domain_filter_enum.rb index 3ee01e4c391..cd70cdd8ecf 100644 --- a/app/graphql/types/alert_management/domain_filter_enum.rb +++ b/app/graphql/types/alert_management/domain_filter_enum.rb @@ -7,7 +7,11 @@ module Types description 'Filters the alerts based on given domain' value 'operations', description: 'Alerts for operations domain.' - value 'threat_monitoring', description: 'Alerts for threat monitoring domain.' + value 'threat_monitoring', description: 'Alerts for threat monitoring domain.', + deprecated: { + reason: 'Network policies are deprecated and will be removed in GitLab 16.0', + milestone: '15.0' + } end end end diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index d397d77bc1a..8ecd6316e5c 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -22,6 +22,7 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy condition(:share_with_group_locked, scope: :subject) { @subject.share_with_group_lock? } condition(:parent_share_with_group_locked, scope: :subject) { @subject.parent&.share_with_group_lock? } condition(:can_change_parent_share_with_group_lock) { can?(:change_share_with_group_lock, @subject.parent) } + condition(:migration_bot, scope: :user) { @user.migration_bot? } desc "User is a project bot" condition(:project_bot) { user.project_bot? && access_level >= GroupMember::GUEST } @@ -286,6 +287,11 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy prevent :register_group_runners end + rule { migration_bot }.policy do + enable :read_resource_access_tokens + enable :destroy_resource_access_tokens + end + def access_level(for_any_session: false) return GroupMember::NO_ACCESS if @user.nil? return GroupMember::NO_ACCESS unless user_is_user? diff --git a/app/views/doorkeeper/authorizations/redirect.html.haml b/app/views/doorkeeper/authorizations/redirect.html.haml index 9580f33c88a..a9ac92fd087 100644 --- a/app/views/doorkeeper/authorizations/redirect.html.haml +++ b/app/views/doorkeeper/authorizations/redirect.html.haml @@ -5,4 +5,16 @@ = javascript_tag do :plain - window.location= "#{redirect_uri}"; + (function() { + // Only permit a basic set of characters in the fragment. + const allowedRegex = /^#[\w-]+$/g; + + const hash = window.location.hash; + let redirectUri = "#{redirect_uri}"; + + if (window.location.hash && window.location.hash.search(allowedRegex) === 0 && redirectUri.indexOf('#') === -1) { + redirectUri = redirectUri + hash; + } + + window.location = redirectUri; + })(); diff --git a/config/feature_flags/development/usage_data_static_site_editor_commits.yml b/config/feature_flags/development/usage_data_static_site_editor_commits.yml deleted file mode 100644 index a1d790b3505..00000000000 --- a/config/feature_flags/development/usage_data_static_site_editor_commits.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -name: usage_data_static_site_editor_commits -introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/47309 -rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/284082 -milestone: '13.6' -type: development -group: group::static_site_editor -default_enabled: false diff --git a/config/feature_flags/development/usage_data_static_site_editor_merge_requests.yml b/config/feature_flags/development/usage_data_static_site_editor_merge_requests.yml deleted file mode 100644 index b68e4d12915..00000000000 --- a/config/feature_flags/development/usage_data_static_site_editor_merge_requests.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -name: usage_data_static_site_editor_merge_requests -introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/47309 -rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/284083 -milestone: '13.6' -type: development -group: group::static_site_editor -default_enabled: false diff --git a/config/metrics/counts_28d/20210901221849_p_ci_templates_managed_cluster_applications_monthly.yml b/config/metrics/counts_28d/20210901221849_p_ci_templates_managed_cluster_applications_monthly.yml index 92c0ea14727..6f98773d30a 100644 --- a/config/metrics/counts_28d/20210901221849_p_ci_templates_managed_cluster_applications_monthly.yml +++ b/config/metrics/counts_28d/20210901221849_p_ci_templates_managed_cluster_applications_monthly.yml @@ -6,9 +6,11 @@ product_stage: '' product_group: '' product_category: '' value_type: number -status: active +status: removed milestone: '14.3' introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/69204 +removed_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/86267 +milestone_removed: '15.0' time_frame: 28d data_source: redis_hll data_category: optional diff --git a/config/metrics/counts_28d/20210901221932_p_ci_templates_serverless_monthly.yml b/config/metrics/counts_28d/20210901221932_p_ci_templates_serverless_monthly.yml index 9dab50a9e6c..c30375c57d4 100644 --- a/config/metrics/counts_28d/20210901221932_p_ci_templates_serverless_monthly.yml +++ b/config/metrics/counts_28d/20210901221932_p_ci_templates_serverless_monthly.yml @@ -6,9 +6,11 @@ product_stage: '' product_group: '' product_category: '' value_type: number -status: active +status: removed milestone: '14.3' introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/69204 +removed_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/86267 +milestone_removed: '15.0' time_frame: 28d data_source: redis_hll data_category: optional diff --git a/config/metrics/counts_7d/20210901221844_p_ci_templates_managed_cluster_applications_weekly.yml b/config/metrics/counts_7d/20210901221844_p_ci_templates_managed_cluster_applications_weekly.yml index 592f52a0681..b93751d3c30 100644 --- a/config/metrics/counts_7d/20210901221844_p_ci_templates_managed_cluster_applications_weekly.yml +++ b/config/metrics/counts_7d/20210901221844_p_ci_templates_managed_cluster_applications_weekly.yml @@ -6,9 +6,11 @@ product_stage: '' product_group: '' product_category: '' value_type: number -status: active +status: removed milestone: '14.3' introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/69204 +removed_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/86267 +milestone_removed: '15.0' time_frame: 7d data_source: redis_hll data_category: optional diff --git a/config/metrics/counts_7d/20210901221928_p_ci_templates_serverless_weekly.yml b/config/metrics/counts_7d/20210901221928_p_ci_templates_serverless_weekly.yml index 86c3ca6e3df..060893ca349 100644 --- a/config/metrics/counts_7d/20210901221928_p_ci_templates_serverless_weekly.yml +++ b/config/metrics/counts_7d/20210901221928_p_ci_templates_serverless_weekly.yml @@ -6,9 +6,11 @@ product_stage: '' product_group: '' product_category: '' value_type: number -status: active +status: removed milestone: '14.3' introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/69204 +removed_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/86267 +milestone_removed: '15.0' time_frame: 7d data_source: redis_hll data_category: optional diff --git a/config/sidekiq_queues.yml b/config/sidekiq_queues.yml index 7be1f7f32c9..f3df7608052 100644 --- a/config/sidekiq_queues.yml +++ b/config/sidekiq_queues.yml @@ -417,6 +417,8 @@ - 1 - - security_findings_delete_by_job_id - 1 +- - security_generate_scan_finding_rules + - 1 - - security_orchestration_policy_rule_schedule_namespace - 1 - - security_scans diff --git a/db/post_migrate/20220314154235_migrate_vulnerability_approval_rules.rb b/db/post_migrate/20220314154235_migrate_vulnerability_approval_rules.rb new file mode 100644 index 00000000000..64db4729b3b --- /dev/null +++ b/db/post_migrate/20220314154235_migrate_vulnerability_approval_rules.rb @@ -0,0 +1,40 @@ +# frozen_string_literal: true + +# See https://docs.gitlab.com/ee/development/migration_style_guide.html +# for more information on how to write migrations for GitLab. + +class MigrateVulnerabilityApprovalRules < Gitlab::Database::Migration[2.0] + disable_ddl_transaction! + + restrict_gitlab_migration gitlab_schema: :gitlab_main + + WORKER_DELAY = 30.seconds + + class ApprovalProjectRule < ActiveRecord::Base + self.table_name = 'approval_project_rules' + end + + def up + return unless Gitlab.ee? + + return unless generate_scan_finding_rule_worker + + ApprovalProjectRule.reset_column_information + + # Based on enum report_type: { vulnerability: 1, license_scanning: 2, code_coverage: 3, scan_finding: 4 } + ApprovalProjectRule.where(report_type: 1).find_each.each_with_index do |rule, index| + generate_scan_finding_rule_worker.perform_in(WORKER_DELAY * index, rule.id) + end + end + + def down + # no-op + # Vulnerability-Check feature has been removed as part of 15.0 + end + + private + + def generate_scan_finding_rule_worker + @generate_scan_finding_rule_worker ||= "Security::GenerateScanFindingRulesWorker".safe_constantize + end +end diff --git a/db/schema_migrations/20220314154235 b/db/schema_migrations/20220314154235 new file mode 100644 index 00000000000..911a5dc9854 --- /dev/null +++ b/db/schema_migrations/20220314154235 @@ -0,0 +1 @@ +b3015220caeb1d21856de8c5026e2db052e98e4fb1c4b4f3a931b8481c2b8240
\ No newline at end of file diff --git a/doc/administration/gitaly/troubleshooting.md b/doc/administration/gitaly/troubleshooting.md index 085bf399d27..c79ed1d1707 100644 --- a/doc/administration/gitaly/troubleshooting.md +++ b/doc/administration/gitaly/troubleshooting.md @@ -355,7 +355,7 @@ The following sections provide possible solutions to Gitaly Cluster errors. ### Check cluster health -> [Introduced](https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/) in GitLab 14.6. +> [Introduced](https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/5688) in GitLab 14.5. The `check` Praefect sub-command runs a series of checks to determine the health of the Gitaly Cluster. @@ -416,6 +416,16 @@ If this check fails: 1. Check if there is a high load on the Praefect database. If the Praefect database is slow to respond, it can lead health checks failing to persist to the database, leading Praefect to think nodes are unhealthy. +#### Check clock synchronization + +> [Introduced](https://gitlab.com/gitlab-org/gitaly/-/merge_requests/4225) in GitLab 14.8. + +Authentication between Praefect and the Gitaly servers requires the server times to be +in sync so the token check succeeds. + +This check helps identify the root cause of `permission denied` +[errors being logged by Praefect](#permission-denied-errors-appearing-in-gitaly-or-praefect-logs-when-accessing-repositories). + ### Praefect errors in logs If you receive an error, check `/var/log/gitlab/gitlab-rails/production.log`. diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md index a52e82ee277..ac7b2433596 100644 --- a/doc/api/graphql/reference/index.md +++ b/doc/api/graphql/reference/index.md @@ -17804,7 +17804,7 @@ Filters the alerts based on given domain. | Value | Description | | ----- | ----------- | | <a id="alertmanagementdomainfilteroperations"></a>`operations` | Alerts for operations domain. | -| <a id="alertmanagementdomainfilterthreat_monitoring"></a>`threat_monitoring` | Alerts for threat monitoring domain. | +| <a id="alertmanagementdomainfilterthreat_monitoring"></a>`threat_monitoring` **{warning-solid}** | **Deprecated** in 15.0. Network policies are deprecated and will be removed in GitLab 16.0. | ### `AlertManagementIntegrationType` diff --git a/doc/development/service_ping/implement.md b/doc/development/service_ping/implement.md index 52f5ea429ed..27bc4d2e8ca 100644 --- a/doc/development/service_ping/implement.md +++ b/doc/development/service_ping/implement.md @@ -286,10 +286,6 @@ Enabled by default in GitLab 13.7 and later. Increment event count using an ordinary Redis counter, for a given event name. API requests are protected by checking for a valid CSRF token. - - To increment the values, the related feature `usage_data_<event_name>` must be enabled. - - Feature flags are required for this API and they can't be removed, they can be set to `default_enabled: true`. ```plaintext POST /usage_data/increment_counter diff --git a/doc/user/group/index.md b/doc/user/group/index.md index 16a2c1d68c2..87146329031 100644 --- a/doc/user/group/index.md +++ b/doc/user/group/index.md @@ -622,7 +622,7 @@ You should consider these security implications before configuring IP address re - **Some GitLab API endpoints will remain accessible from any IP**: Only the [group](../../api/groups.md) (including all [group resources](../../api/api_resources.md#group-resources)) APIs and [project](../../api/api_resources.md#project-resources) (including all [project resources](../../api/api_resources.md#project-resources)) APIs are protected by IP address restrictions. --**Activities performed by GitLab Runners are not bound by IP restrictions**: +- **Activities performed by GitLab Runners are not bound by IP restrictions**: When you register a runner, it is not bound by the IP restrictions. When the runner requests a new job or an update to a job's state, it is also not bound by the IP restrictions. But when the running CI/CD job sends Git requests from a diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index 10384de3d35..f3d7650693d 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -579,9 +579,6 @@ module API end def increment_counter(event_name) - feature_name = "usage_data_#{event_name}" - return unless Feature.enabled?(feature_name) - Gitlab::UsageDataCounters.count(event_name) rescue StandardError => error Gitlab::AppLogger.warn("Redis tracking event failed for event: #{event_name}, message: #{error.message}") diff --git a/lib/gitlab/ci/runner_instructions.rb b/lib/gitlab/ci/runner_instructions.rb index 365864d3317..68c911d3dbb 100644 --- a/lib/gitlab/ci/runner_instructions.rb +++ b/lib/gitlab/ci/runner_instructions.rb @@ -25,7 +25,7 @@ module Gitlab amd64: "https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-darwin-amd64" }, install_script_template_path: "lib/gitlab/ci/runner_instructions/templates/osx/install.sh", - runner_executable: "sudo gitlab-runner" + runner_executable: "gitlab-runner" }, windows: { human_readable_name: "Windows", diff --git a/lib/gitlab/usage_data_counters/known_events/ci_templates.yml b/lib/gitlab/usage_data_counters/known_events/ci_templates.yml index 33623f2134e..85a484b6cd0 100644 --- a/lib/gitlab/usage_data_counters/known_events/ci_templates.yml +++ b/lib/gitlab/usage_data_counters/known_events/ci_templates.yml @@ -187,6 +187,10 @@ category: ci_templates redis_slot: ci_templates aggregation: weekly +- name: p_ci_templates_liquibase + category: ci_templates + redis_slot: ci_templates + aggregation: weekly - name: p_ci_templates_flutter category: ci_templates redis_slot: ci_templates @@ -207,10 +211,6 @@ category: ci_templates redis_slot: ci_templates aggregation: weekly -- name: p_ci_templates_managed_cluster_applications - category: ci_templates - redis_slot: ci_templates - aggregation: weekly - name: p_ci_templates_php category: ci_templates redis_slot: ci_templates @@ -231,10 +231,6 @@ category: ci_templates redis_slot: ci_templates aggregation: weekly -- name: p_ci_templates_serverless - category: ci_templates - redis_slot: ci_templates - aggregation: weekly - name: p_ci_templates_go category: ci_templates redis_slot: ci_templates @@ -255,6 +251,10 @@ category: ci_templates redis_slot: ci_templates aggregation: weekly +- name: p_ci_templates_matlab + category: ci_templates + redis_slot: ci_templates + aggregation: weekly - name: p_ci_templates_deploy_ecs category: ci_templates redis_slot: ci_templates @@ -635,11 +635,3 @@ category: ci_templates redis_slot: ci_templates aggregation: weekly -- name: p_ci_templates_liquibase - category: ci_templates - redis_slot: ci_templates - aggregation: weekly -- name: p_ci_templates_matlab - category: ci_templates - redis_slot: ci_templates - aggregation: weekly diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 3240edff18c..df14654ebf8 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -28324,7 +28324,7 @@ msgstr "" msgid "Policy '%{escalation_policy_name}' does not exist." msgstr "" -msgid "Policy management project does have any policies in %{policy_path}" +msgid "Policy management project does not have any policies in %{policy_path}" msgstr "" msgid "Policy project doesn't exist" @@ -44262,6 +44262,9 @@ msgstr[1] "" msgid "ciReport|View full report" msgstr "" +msgid "ciReport|in" +msgstr "" + msgid "ciReport|is loading" msgstr "" diff --git a/qa/qa/page/project/pipeline_editor/show.rb b/qa/qa/page/project/pipeline_editor/show.rb index 78f16a8a65c..197fd8fd9fb 100644 --- a/qa/qa/page/project/pipeline_editor/show.rb +++ b/qa/qa/page/project/pipeline_editor/show.rb @@ -66,6 +66,7 @@ module QA end def open_branch_selector_dropdown + dismiss_file_tree_popover if has_element?(:file_tree_popover, wait: 1) click_element(:branch_selector_button) end diff --git a/rubocop/cop/gitlab/mark_used_feature_flags.rb b/rubocop/cop/gitlab/mark_used_feature_flags.rb index 290e62436e2..0bebd7901f3 100644 --- a/rubocop/cop/gitlab/mark_used_feature_flags.rb +++ b/rubocop/cop/gitlab/mark_used_feature_flags.rb @@ -43,13 +43,6 @@ module RuboCop File.expand_path("../../../lib/gitlab/usage_data_counters/known_events/*.yml", __dir__) ].freeze - DYNAMIC_FEATURE_FLAGS = [ - :usage_data_static_site_editor_commits, # https://gitlab.com/gitlab-org/gitlab/-/issues/284082 - :usage_data_static_site_editor_merge_requests, # https://gitlab.com/gitlab-org/gitlab/-/issues/284083 - :usage_data_users_clicking_license_testing_visiting_external_website, # https://gitlab.com/gitlab-org/gitlab/-/merge_requests/77866 - :usage_data_users_visiting_testing_license_compliance_full_report # https://gitlab.com/gitlab-org/gitlab/-/merge_requests/77866 - ].freeze - class << self # We track feature flags in `on_new_investigation` only once per # rubocop whole run instead once per file. @@ -65,7 +58,6 @@ module RuboCop self.class.feature_flags_already_tracked = true - track_dynamic_feature_flags! track_usage_data_counters_known_events! end @@ -231,12 +223,6 @@ module RuboCop # Marking all event's feature flags as used as Gitlab::UsageDataCounters::HLLRedisCounter.track_event{,context} # is mostly used with dynamic event name. - def track_dynamic_feature_flags! - DYNAMIC_FEATURE_FLAGS.each(&method(:save_used_feature_flag)) - end - - # Marking all event's feature flags as used as Gitlab::UsageDataCounters::HLLRedisCounter.track_event{,context} - # is mostly used with dynamic event name. def track_usage_data_counters_known_events! usage_data_counters_known_event_feature_flags.each(&method(:save_used_feature_flag)) end diff --git a/spec/controllers/groups_controller_spec.rb b/spec/controllers/groups_controller_spec.rb index d61541ffe90..4a74eff90dc 100644 --- a/spec/controllers/groups_controller_spec.rb +++ b/spec/controllers/groups_controller_spec.rb @@ -18,6 +18,7 @@ RSpec.describe GroupsController, factory_default: :keep do let_it_be(:guest) { group.add_guest(create(:user)).user } before do + stub_feature_flags(vue_issues_list: true) enable_admin_mode!(admin_with_admin_mode) end @@ -488,53 +489,12 @@ RSpec.describe GroupsController, factory_default: :keep do end end - describe 'GET #issues', :sidekiq_might_not_need_inline do - let_it_be(:issue_1) { create(:issue, project: project, title: 'foo') } - let_it_be(:issue_2) { create(:issue, project: project, title: 'bar') } - + describe 'GET #issues' do before do - create_list(:award_emoji, 3, awardable: issue_2) - create_list(:award_emoji, 2, awardable: issue_1) - create_list(:award_emoji, 2, :downvote, awardable: issue_2) - sign_in(user) end - context 'sorting by votes' do - it 'sorts most popular issues' do - get :issues, params: { id: group.to_param, sort: 'upvotes_desc' } - expect(assigns(:issues)).to eq [issue_2, issue_1] - end - - it 'sorts least popular issues' do - get :issues, params: { id: group.to_param, sort: 'downvotes_desc' } - expect(assigns(:issues)).to eq [issue_2, issue_1] - end - end - - context 'searching' do - it 'works with popularity sort' do - get :issues, params: { id: group.to_param, search: 'foo', sort: 'popularity' } - - expect(assigns(:issues)).to eq([issue_1]) - end - - it 'works with priority sort' do - get :issues, params: { id: group.to_param, search: 'foo', sort: 'priority' } - - expect(assigns(:issues)).to eq([issue_1]) - end - - it 'works with label priority sort' do - get :issues, params: { id: group.to_param, search: 'foo', sort: 'label_priority' } - - expect(assigns(:issues)).to eq([issue_1]) - end - end - it 'saves the sort order to user preferences' do - stub_feature_flags(vue_issues_list: true) - get :issues, params: { id: group.to_param, sort: 'priority' } expect(user.reload.user_preference.issues_sort).to eq('priority') diff --git a/spec/controllers/projects/issues_controller_spec.rb b/spec/controllers/projects/issues_controller_spec.rb index ce0af784cdf..8a03c1e709b 100644 --- a/spec/controllers/projects/issues_controller_spec.rb +++ b/spec/controllers/projects/issues_controller_spec.rb @@ -12,6 +12,10 @@ RSpec.describe Projects::IssuesController do let(:issue) { create(:issue, project: project) } let(:spam_action_response_fields) { { 'stub_spam_action_response_fields' => true } } + before do + stub_feature_flags(vue_issues_list: true) + end + describe "GET #index" do context 'external issue tracker' do before do @@ -72,22 +76,6 @@ RSpec.describe Projects::IssuesController do project.add_developer(user) end - context 'when issues_full_text_search is disabled' do - before do - stub_feature_flags(issues_full_text_search: false) - end - - it_behaves_like 'issuables list meta-data', :issue - end - - context 'when issues_full_text_search is enabled' do - before do - stub_feature_flags(issues_full_text_search: true) - end - - it_behaves_like 'issuables list meta-data', :issue - end - it_behaves_like 'set sort order from user preference' do let(:sorting_param) { 'updated_asc' } end @@ -98,16 +86,6 @@ RSpec.describe Projects::IssuesController do expect(response).to have_gitlab_http_status(:ok) end - it 'returns only list type issues' do - issue = create(:issue, project: project) - incident = create(:issue, project: project, issue_type: 'incident') - create(:issue, project: project, issue_type: 'test_case') - - get :index, params: { namespace_id: project.namespace, project_id: project } - - expect(assigns(:issues)).to contain_exactly(issue, incident) - end - it "returns 301 if request path doesn't match project path" do get :index, params: { namespace_id: project.namespace, project_id: project.path.upcase } @@ -123,17 +101,10 @@ RSpec.describe Projects::IssuesController do end end - it_behaves_like 'issuable list with anonymous search disabled' do - let(:params) { { namespace_id: project.namespace, project_id: project } } - - before do - project.update!(visibility_level: Gitlab::VisibilityLevel::PUBLIC) - end - end - - it_behaves_like 'paginated collection' do + describe 'pagination' do let!(:issue_list) { create_list(:issue, 2, project: project) } let(:collection) { project.issues } + let(:last_page) { collection.page.total_pages } let(:params) do { namespace_id: project.namespace.to_param, @@ -154,46 +125,6 @@ RSpec.describe Projects::IssuesController do expect(response).to have_gitlab_http_status(:redirect) expect(response).to redirect_to(action: 'index', format: 'atom', page: last_page, state: 'opened') end - - it 'does not use pagination if disabled' do - allow(controller).to receive(:pagination_disabled?).and_return(true) - - get :index, params: params.merge(page: last_page + 1) - - expect(response).to have_gitlab_http_status(:ok) - expect(assigns(:issues).size).to eq(2) - end - end - - context 'with relative_position sorting' do - let!(:issue_list) { create_list(:issue, 2, project: project) } - - before do - sign_in(user) - project.add_developer(user) - allow(Kaminari.config).to receive(:default_per_page).and_return(1) - end - - it 'overrides the number allowed on the page' do - get :index, - params: { - namespace_id: project.namespace.to_param, - project_id: project, - sort: 'relative_position' - } - - expect(assigns(:issues).count).to eq 2 - end - - it 'allows the default number on the page' do - get :index, - params: { - namespace_id: project.namespace.to_param, - project_id: project - } - - expect(assigns(:issues).count).to eq 1 - end end context 'external authorization' do @@ -746,84 +677,6 @@ RSpec.describe Projects::IssuesController do let_it_be(:unescaped_parameter_value) { create(:issue, :confidential, project: project, author: author) } let_it_be(:request_forgery_timing_attack) { create(:issue, :confidential, project: project, assignees: [assignee]) } - describe 'GET #index' do - it 'does not list confidential issues for guests' do - sign_out(:user) - get_issues - - expect(assigns(:issues)).to eq [issue] - end - - it 'does not list confidential issues for non project members' do - sign_in(non_member) - get_issues - - expect(assigns(:issues)).to eq [issue] - end - - it 'does not list confidential issues for project members with guest role' do - sign_in(member) - project.add_guest(member) - - get_issues - - expect(assigns(:issues)).to eq [issue] - end - - it 'lists confidential issues for author' do - sign_in(author) - get_issues - - expect(assigns(:issues)).to include unescaped_parameter_value - expect(assigns(:issues)).not_to include request_forgery_timing_attack - end - - it 'lists confidential issues for assignee' do - sign_in(assignee) - get_issues - - expect(assigns(:issues)).not_to include unescaped_parameter_value - expect(assigns(:issues)).to include request_forgery_timing_attack - end - - it 'lists confidential issues for project members' do - sign_in(member) - project.add_developer(member) - - get_issues - - expect(assigns(:issues)).to include unescaped_parameter_value - expect(assigns(:issues)).to include request_forgery_timing_attack - end - - context 'when admin mode is enabled', :enable_admin_mode do - it 'lists confidential issues for admin' do - sign_in(admin) - get_issues - - expect(assigns(:issues)).to include unescaped_parameter_value - expect(assigns(:issues)).to include request_forgery_timing_attack - end - end - - context 'when admin mode is disabled' do - it 'does not list confidential issues for admin' do - sign_in(admin) - get_issues - - expect(assigns(:issues)).to eq [issue] - end - end - - def get_issues - get :index, - params: { - namespace_id: project.namespace.to_param, - project_id: project - } - end - end - shared_examples_for 'restricted action' do |http_status| it 'returns 404 for guests' do sign_out(:user) diff --git a/spec/features/frequently_visited_projects_and_groups_spec.rb b/spec/features/frequently_visited_projects_and_groups_spec.rb index 6bc3b745851..7fbbc4dfc85 100644 --- a/spec/features/frequently_visited_projects_and_groups_spec.rb +++ b/spec/features/frequently_visited_projects_and_groups_spec.rb @@ -16,7 +16,6 @@ RSpec.describe 'Frequently visited items', :js do it 'increments localStorage counter when visiting the project' do visit project_path(project) - open_top_nav_projects frequent_projects = nil @@ -35,7 +34,6 @@ RSpec.describe 'Frequently visited items', :js do it 'increments localStorage counter when visiting the group' do visit group_path(group) - open_top_nav_groups frequent_groups = nil diff --git a/spec/features/oauth_login_spec.rb b/spec/features/oauth_login_spec.rb index ea5bb8c33b2..99e4c680548 100644 --- a/spec/features/oauth_login_spec.rb +++ b/spec/features/oauth_login_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe 'OAuth Login', :js, :allow_forgery_protection do +RSpec.describe 'OAuth Login', :allow_forgery_protection do include DeviseHelpers def enter_code(code) @@ -28,7 +28,7 @@ RSpec.describe 'OAuth Login', :js, :allow_forgery_protection do end providers.each do |provider| - context "when the user logs in using the #{provider} provider" do + context "when the user logs in using the #{provider} provider", :js do let(:uid) { 'my-uid' } let(:remember_me) { false } let(:user) { create(:omniauth_user, extern_uid: uid, provider: provider.to_s) } @@ -126,4 +126,65 @@ RSpec.describe 'OAuth Login', :js, :allow_forgery_protection do end end end + + context 'using GitLab as an OAuth provider' do + let_it_be(:user) { create(:user) } + + let(:redirect_uri) { Gitlab::Routing.url_helpers.root_url } + + # We can't use let_it_be to set the redirect_uri when creating the + # record as the host / port depends on whether or not the spec uses + # JS. + let(:application) do + create(:oauth_application, scopes: 'api', redirect_uri: redirect_uri, confidential: false) + end + + let(:params) do + { + response_type: 'code', + client_id: application.uid, + redirect_uri: redirect_uri, + state: 'state' + } + end + + before do + sign_in(user) + + create(:oauth_access_token, application: application, resource_owner_id: user.id, scopes: 'api') + end + + context 'when JS is enabled', :js do + it 'includes the fragment in the redirect if it is simple' do + visit "#{Gitlab::Routing.url_helpers.oauth_authorization_url(params)}#a_test-hash" + + expect(page).to have_current_path("#{Gitlab::Routing.url_helpers.root_url}#a_test-hash", ignore_query: true) + end + + it 'does not include the fragment if it contains forbidden characters' do + visit "#{Gitlab::Routing.url_helpers.oauth_authorization_url(params)}#a_test-hash." + + expect(page).to have_current_path(Gitlab::Routing.url_helpers.root_url, ignore_query: true) + end + + it 'does not include the fragment for an implicit grant' do + implicit_grant_params = params.merge(response_type: 'token') + escaped_url = Regexp.escape(Gitlab::Routing.url_helpers.root_url) + auth_params_fragment = '#[a-zA-Z0-9&=_]+' + + visit "#{Gitlab::Routing.url_helpers.oauth_authorization_url(implicit_grant_params)}#a_test-hash" + + expect(page).to have_current_path(%r{\A#{escaped_url}#{auth_params_fragment}\z}, ignore_query: true, url: true) + end + end + + context 'when JS is disabled' do + it 'provides a basic HTML page including a link without the fragment' do + visit "#{Gitlab::Routing.url_helpers.oauth_authorization_url(params)}#a_test-hash" + + expect(page).to have_current_path(oauth_authorization_path(params)) + expect(page).to have_selector("a[href^='#{redirect_uri}']") + end + end + end end diff --git a/spec/frontend/frequent_items/components/app_spec.js b/spec/frontend/frequent_items/components/app_spec.js index ba989bf53ab..32c66c0d288 100644 --- a/spec/frontend/frequent_items/components/app_spec.js +++ b/spec/frontend/frequent_items/components/app_spec.js @@ -6,7 +6,7 @@ import { mountExtended } from 'helpers/vue_test_utils_helper'; import waitForPromises from 'helpers/wait_for_promises'; import App from '~/frequent_items/components/app.vue'; import FrequentItemsList from '~/frequent_items/components/frequent_items_list.vue'; -import { FREQUENT_ITEMS, HOUR_IN_MS } from '~/frequent_items/constants'; +import { FREQUENT_ITEMS, FIFTEEN_MINUTES_IN_MS } from '~/frequent_items/constants'; import eventHub from '~/frequent_items/event_hub'; import { createStore } from '~/frequent_items/store'; import { getTopFrequentItems } from '~/frequent_items/utils'; @@ -200,15 +200,15 @@ describe('Frequent Items App Component', () => { ]); }); - it('should increase frequency, when created an hour later', () => { - const hourLater = Date.now() + HOUR_IN_MS + 1; + it('should increase frequency, when created 15 minutes later', () => { + const fifteenMinutesLater = Date.now() + FIFTEEN_MINUTES_IN_MS + 1; - jest.spyOn(Date, 'now').mockReturnValue(hourLater); - createComponent({ currentItem: { ...TEST_PROJECT, lastAccessedOn: hourLater } }); + jest.spyOn(Date, 'now').mockReturnValue(fifteenMinutesLater); + createComponent({ currentItem: { ...TEST_PROJECT, lastAccessedOn: fifteenMinutesLater } }); expect(getStoredProjects()).toEqual([ expect.objectContaining({ - lastAccessedOn: hourLater, + lastAccessedOn: fifteenMinutesLater, frequency: 2, }), ]); diff --git a/spec/frontend/frequent_items/utils_spec.js b/spec/frontend/frequent_items/utils_spec.js index 8c3841558f4..33c655a6ffd 100644 --- a/spec/frontend/frequent_items/utils_spec.js +++ b/spec/frontend/frequent_items/utils_spec.js @@ -1,5 +1,5 @@ import { GlBreakpointInstance as bp } from '@gitlab/ui/dist/utils'; -import { HOUR_IN_MS, FREQUENT_ITEMS } from '~/frequent_items/constants'; +import { FIFTEEN_MINUTES_IN_MS, FREQUENT_ITEMS } from '~/frequent_items/constants'; import { isMobile, getTopFrequentItems, @@ -67,8 +67,8 @@ describe('Frequent Items utils spec', () => { describe('updateExistingFrequentItem', () => { const LAST_ACCESSED = 1497979281815; - const WITHIN_AN_HOUR = LAST_ACCESSED + HOUR_IN_MS; - const OVER_AN_HOUR = WITHIN_AN_HOUR + 1; + const WITHIN_FIFTEEN_MINUTES = LAST_ACCESSED + FIFTEEN_MINUTES_IN_MS; + const OVER_FIFTEEN_MINUTES = WITHIN_FIFTEEN_MINUTES + 1; const EXISTING_ITEM = Object.freeze({ ...mockProject, frequency: 1, @@ -76,10 +76,10 @@ describe('Frequent Items utils spec', () => { }); it.each` - desc | existingProps | newProps | expected - ${'updates item if accessed over an hour ago'} | ${{}} | ${{ lastAccessedOn: OVER_AN_HOUR }} | ${{ lastAccessedOn: Date.now(), frequency: 2 }} - ${'does not update is accessed with an hour'} | ${{}} | ${{ lastAccessedOn: WITHIN_AN_HOUR }} | ${{ lastAccessedOn: EXISTING_ITEM.lastAccessedOn, frequency: 1 }} - ${'updates if lastAccessedOn not found'} | ${{ lastAccessedOn: undefined }} | ${{ lastAccessedOn: WITHIN_AN_HOUR }} | ${{ lastAccessedOn: Date.now(), frequency: 2 }} + desc | existingProps | newProps | expected + ${'updates item if accessed over 15 minutes ago'} | ${{}} | ${{ lastAccessedOn: OVER_FIFTEEN_MINUTES }} | ${{ lastAccessedOn: Date.now(), frequency: 2 }} + ${'does not update is accessed with 15 minutes'} | ${{}} | ${{ lastAccessedOn: WITHIN_FIFTEEN_MINUTES }} | ${{ lastAccessedOn: EXISTING_ITEM.lastAccessedOn, frequency: 1 }} + ${'updates if lastAccessedOn not found'} | ${{ lastAccessedOn: undefined }} | ${{ lastAccessedOn: WITHIN_FIFTEEN_MINUTES }} | ${{ lastAccessedOn: Date.now(), frequency: 2 }} `('$desc', ({ existingProps, newProps, expected }) => { const newItem = { ...EXISTING_ITEM, diff --git a/spec/frontend/vue_mr_widget/components/extensions/utils_spec.js b/spec/frontend/vue_mr_widget/components/extensions/utils_spec.js index 98cfc04eb25..5799799ad5e 100644 --- a/spec/frontend/vue_mr_widget/components/extensions/utils_spec.js +++ b/spec/frontend/vue_mr_widget/components/extensions/utils_spec.js @@ -2,16 +2,18 @@ import { generateText } from '~/vue_merge_request_widget/components/extensions/u describe('generateText', () => { it.each` - text | expectedText - ${'%{strong_start}Hello world%{strong_end}'} | ${'<span class="gl-font-weight-bold">Hello world</span>'} - ${'%{success_start}Hello world%{success_end}'} | ${'<span class="gl-font-weight-bold gl-text-green-500">Hello world</span>'} - ${'%{danger_start}Hello world%{danger_end}'} | ${'<span class="gl-font-weight-bold gl-text-red-500">Hello world</span>'} - ${'%{critical_start}Hello world%{critical_end}'} | ${'<span class="gl-font-weight-bold gl-text-red-800">Hello world</span>'} - ${'%{same_start}Hello world%{same_end}'} | ${'<span class="gl-font-weight-bold gl-text-gray-700">Hello world</span>'} - ${'%{small_start}Hello world%{small_end}'} | ${'<span class="gl-font-sm gl-text-gray-700">Hello world</span>'} - ${'%{strong_start}%{danger_start}Hello world%{danger_end}%{strong_end}'} | ${'<span class="gl-font-weight-bold"><span class="gl-font-weight-bold gl-text-red-500">Hello world</span></span>'} - ${'%{no_exist_start}Hello world%{no_exist_end}'} | ${'Hello world'} - ${['array']} | ${null} + text | expectedText + ${'%{strong_start}Hello world%{strong_end}'} | ${'<span class="gl-font-weight-bold">Hello world</span>'} + ${'%{success_start}Hello world%{success_end}'} | ${'<span class="gl-font-weight-bold gl-text-green-500">Hello world</span>'} + ${'%{danger_start}Hello world%{danger_end}'} | ${'<span class="gl-font-weight-bold gl-text-red-500">Hello world</span>'} + ${'%{critical_start}Hello world%{critical_end}'} | ${'<span class="gl-font-weight-bold gl-text-red-800">Hello world</span>'} + ${'%{same_start}Hello world%{same_end}'} | ${'<span class="gl-font-weight-bold gl-text-gray-700">Hello world</span>'} + ${'%{small_start}Hello world%{small_end}'} | ${'<span class="gl-font-sm gl-text-gray-700">Hello world</span>'} + ${'%{strong_start}%{danger_start}Hello world%{danger_end}%{strong_end}'} | ${'<span class="gl-font-weight-bold"><span class="gl-font-weight-bold gl-text-red-500">Hello world</span></span>'} + ${'%{no_exist_start}Hello world%{no_exist_end}'} | ${'Hello world'} + ${{ text: 'Hello world', href: 'http://www.example.com' }} | ${'<a class="gl-text-decoration-underline" href="http://www.example.com">Hello world</a>'} + ${{ prependText: 'Hello', text: 'world', href: 'http://www.example.com' }} | ${'Hello <a class="gl-text-decoration-underline" href="http://www.example.com">world</a>'} + ${['array']} | ${null} `('generates $expectedText from $text', ({ text, expectedText }) => { expect(generateText(text)).toBe(expectedText); }); diff --git a/spec/graphql/types/alert_management/domain_filter_enum_spec.rb b/spec/graphql/types/alert_management/domain_filter_enum_spec.rb index 2111a33b8b4..9e8d7589352 100644 --- a/spec/graphql/types/alert_management/domain_filter_enum_spec.rb +++ b/spec/graphql/types/alert_management/domain_filter_enum_spec.rb @@ -6,6 +6,6 @@ RSpec.describe GitlabSchema.types['AlertManagementDomainFilter'] do specify { expect(described_class.graphql_name).to eq('AlertManagementDomainFilter') } it 'exposes all the severity values' do - expect(described_class.values.keys).to include(*%w[threat_monitoring operations]) + expect(described_class.values.keys).to include(*%w[operations threat_monitoring]) end end diff --git a/spec/migrations/20220314154235_migrate_vulnerability_approval_rules_spec.rb b/spec/migrations/20220314154235_migrate_vulnerability_approval_rules_spec.rb new file mode 100644 index 00000000000..35dc306e4c4 --- /dev/null +++ b/spec/migrations/20220314154235_migrate_vulnerability_approval_rules_spec.rb @@ -0,0 +1,22 @@ +# frozen_string_literal: true + +require 'spec_helper' +require_migration! + +RSpec.describe MigrateVulnerabilityApprovalRules do + describe '#up' do + context 'with an instance that is not EE' do + before do + allow(Gitlab).to receive(:ee?).and_return(false) + end + + it 'does not perform any action after guard conditions' do + expect_next_instance_of(MigrateVulnerabilityApprovalRules) do |migration| + expect(migration).not_to receive(:generate_scan_finding_rule_worker) + end + + migrate! + end + end + end +end diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index d64b59282a2..05bba167bd3 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -242,6 +242,24 @@ RSpec.describe GroupPolicy do end end + context 'migration bot' do + let_it_be(:migration_bot) { User.migration_bot } + let_it_be(:current_user) { migration_bot } + + it :aggregate_failures do + expect_allowed(:read_resource_access_tokens, :destroy_resource_access_tokens) + expect_disallowed(*guest_permissions) + expect_disallowed(*reporter_permissions) + expect_disallowed(*developer_permissions) + expect_disallowed(*maintainer_permissions) + expect_disallowed(*owner_permissions) + end + + it_behaves_like 'deploy token does not get confused with user' do + let(:user_id) { migration_bot.id } + end + end + describe 'private nested group use the highest access level from the group and inherited permissions' do let_it_be(:nested_group) do create(:group, :private, :owner_subgroup_creation_only, :crm_enabled, parent: group) diff --git a/spec/requests/api/usage_data_spec.rb b/spec/requests/api/usage_data_spec.rb index aefccc4fbf7..84f16446bc4 100644 --- a/spec/requests/api/usage_data_spec.rb +++ b/spec/requests/api/usage_data_spec.rb @@ -44,7 +44,6 @@ RSpec.describe API::UsageData do context 'with authentication' do before do stub_feature_flags(usage_data_api: true) - stub_feature_flags("usage_data_#{known_event}" => true) stub_application_setting(usage_ping_enabled: true) allow(Gitlab::RequestForgeryProtection).to receive(:verified?).and_return(true) end @@ -69,7 +68,6 @@ RSpec.describe API::UsageData do stub_application_setting(usage_ping_enabled: true) stub_feature_flags(usage_data_api: true) allow(Gitlab::RequestForgeryProtection).to receive(:verified?).and_return(true) - stub_feature_flags("usage_data_#{prefix}_#{event}" => true) end with_them do @@ -137,7 +135,6 @@ RSpec.describe API::UsageData do context 'with authentication' do before do stub_feature_flags(usage_data_api: true) - stub_feature_flags("usage_data_#{known_event}" => true) stub_application_setting(usage_ping_enabled: true) allow(Gitlab::RequestForgeryProtection).to receive(:verified?).and_return(true) end diff --git a/spec/rubocop/cop/gitlab/mark_used_feature_flags_spec.rb b/spec/rubocop/cop/gitlab/mark_used_feature_flags_spec.rb index 6b5b07fb357..2ec3ae7aada 100644 --- a/spec/rubocop/cop/gitlab/mark_used_feature_flags_spec.rb +++ b/spec/rubocop/cop/gitlab/mark_used_feature_flags_spec.rb @@ -13,7 +13,6 @@ RSpec.describe RuboCop::Cop::Gitlab::MarkUsedFeatureFlags do subject(:cop) { described_class.new } before do - stub_const("#{described_class}::DYNAMIC_FEATURE_FLAGS", []) allow(cop).to receive(:defined_feature_flags).and_return(defined_feature_flags) allow(cop).to receive(:usage_data_counters_known_event_feature_flags).and_return([]) described_class.feature_flags_already_tracked = false |