diff options
55 files changed, 711 insertions, 535 deletions
diff --git a/.rubocop_todo/rails/save_bang.yml b/.rubocop_todo/rails/save_bang.yml index f83bb1fddef..e3d97a45afd 100644 --- a/.rubocop_todo/rails/save_bang.yml +++ b/.rubocop_todo/rails/save_bang.yml @@ -2,15 +2,6 @@ Rails/SaveBang: Exclude: - ee/spec/lib/analytics/merge_request_metrics_calculator_spec.rb - - ee/spec/lib/gitlab/auth/ldap/access_spec.rb - - ee/spec/lib/gitlab/auth/o_auth/user_spec.rb - - ee/spec/lib/gitlab/auth/saml/user_spec.rb - - ee/spec/lib/gitlab/elastic/search_results_spec.rb - - ee/spec/lib/gitlab/email/handler/ee/service_desk_handler_spec.rb - - ee/spec/lib/gitlab/geo_spec.rb - - ee/spec/lib/gitlab/git_access_spec.rb - - ee/spec/lib/gitlab/import_export/group/relation_factory_spec.rb - - ee/spec/lib/gitlab/mirror_spec.rb - ee/spec/models/application_setting_spec.rb - ee/spec/models/approval_merge_request_rule_spec.rb - ee/spec/models/approval_project_rule_spec.rb diff --git a/.rubocop_todo/style/open_struct_use.yml b/.rubocop_todo/style/open_struct_use.yml index aa486f69562..d50278da557 100644 --- a/.rubocop_todo/style/open_struct_use.yml +++ b/.rubocop_todo/style/open_struct_use.yml @@ -13,7 +13,6 @@ Style/OpenStructUse: - lib/gitlab/testing/request_inspector_middleware.rb - lib/mattermost/session.rb - spec/controllers/groups/clusters_controller_spec.rb - - spec/controllers/import/gitlab_controller_spec.rb - spec/controllers/projects/clusters_controller_spec.rb - spec/factories/go_module_versions.rb - spec/factories/wiki_pages.rb diff --git a/Gemfile.lock b/Gemfile.lock index 69e37a8f430..238228f13fc 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -336,7 +336,7 @@ GEM ethon (0.15.0) ffi (>= 1.15.0) eventmachine (1.2.7) - excon (0.71.1) + excon (0.89.0) execjs (2.8.1) expression_parser (0.9.0) extended-markdown-filter (0.6.0) diff --git a/app/assets/javascripts/behaviors/markdown/render_sandboxed_mermaid.js b/app/assets/javascripts/behaviors/markdown/render_sandboxed_mermaid.js index 92cdd1c600f..b9e4c7b68b0 100644 --- a/app/assets/javascripts/behaviors/markdown/render_sandboxed_mermaid.js +++ b/app/assets/javascripts/behaviors/markdown/render_sandboxed_mermaid.js @@ -31,6 +31,7 @@ const MAX_CHAR_LIMIT = 2000; const MAX_MERMAID_BLOCK_LIMIT = 50; // Max # of `&` allowed in Chaining of links syntax const MAX_CHAINING_OF_LINKS_LIMIT = 30; +const BUFFER_IFRAME_HEIGHT = 10; // Keep a map of mermaid blocks we've already rendered. const elsProcessingMap = new WeakMap(); let renderedMermaidBlocks = 0; @@ -117,9 +118,9 @@ function renderMermaidEl(el, source) { if (event.origin !== 'null' || event.source !== iframeEl.contentWindow) { return; } - const { h, w } = event.data; - iframeEl.width = w; - iframeEl.height = h; + const { h } = event.data; + iframeEl.width = '100%'; + iframeEl.height = `${h + BUFFER_IFRAME_HEIGHT}px`; }, false, ); diff --git a/app/assets/javascripts/integrations/edit/components/dynamic_field.vue b/app/assets/javascripts/integrations/edit/components/dynamic_field.vue index 258cd1bf365..4b0579a5beb 100644 --- a/app/assets/javascripts/integrations/edit/components/dynamic_field.vue +++ b/app/assets/javascripts/integrations/edit/components/dynamic_field.vue @@ -153,7 +153,7 @@ export default { :invalid-feedback="__('This field is required.')" :state="valid" > - <template #description> + <template v-if="!isCheckbox" #description> <span v-safe-html:[$options.helpHtmlConfig]="help"></span> </template> @@ -161,6 +161,9 @@ export default { <input :name="fieldName" type="hidden" :value="model || false" /> <gl-form-checkbox :id="fieldId" v-model="model" :disabled="isInheriting"> {{ checkboxLabel || humanizedTitle }} + <template #help> + <span v-safe-html:[$options.helpHtmlConfig]="help"></span> + </template> </gl-form-checkbox> </template> <template v-else-if="isSelect"> diff --git a/app/assets/javascripts/main.js b/app/assets/javascripts/main.js index e221a54d9c6..376134afef0 100644 --- a/app/assets/javascripts/main.js +++ b/app/assets/javascripts/main.js @@ -101,6 +101,21 @@ function deferredInitialisation() { initFeatureHighlight(); initCopyCodeButton(); + const helpToggle = document.querySelector('.header-help-dropdown-toggle'); + if (helpToggle) { + helpToggle.addEventListener( + 'click', + () => { + import(/* webpackChunkName: 'versionCheck' */ './gitlab_version_check') + .then(({ default: initGitlabVersionCheck }) => { + initGitlabVersionCheck(); + }) + .catch(() => {}); + }, + { once: true }, + ); + } + const search = document.querySelector('#search'); if (search) { search.addEventListener( diff --git a/app/assets/javascripts/packages_and_registries/container_registry/explorer/components/details_page/details_header.vue b/app/assets/javascripts/packages_and_registries/container_registry/explorer/components/details_page/details_header.vue index d988ad8d8ca..29c181f04fb 100644 --- a/app/assets/javascripts/packages_and_registries/container_registry/explorer/components/details_page/details_header.vue +++ b/app/assets/javascripts/packages_and_registries/container_registry/explorer/components/details_page/details_header.vue @@ -143,6 +143,7 @@ export default { </template> <template #right-actions> <gl-dropdown + v-if="!deleteButtonDisabled" icon="ellipsis_v" text="More actions" :text-sr-only="true" @@ -150,11 +151,7 @@ export default { no-caret right > - <gl-dropdown-item - variant="danger" - :disabled="deleteButtonDisabled" - @click="$emit('delete')" - > + <gl-dropdown-item variant="danger" @click="$emit('delete')"> {{ __('Delete image repository') }} </gl-dropdown-item> </gl-dropdown> diff --git a/app/assets/javascripts/repository/components/blob_controls.vue b/app/assets/javascripts/repository/components/blob_controls.vue index 4041315f5ec..bde1b217ec9 100644 --- a/app/assets/javascripts/repository/components/blob_controls.vue +++ b/app/assets/javascripts/repository/components/blob_controls.vue @@ -63,19 +63,25 @@ export default { }, computed: { filePath() { - const { path } = this.$route.params; - updateElementsVisibility('.tree-controls', !path); - return path; + return this.$route.params.path; + }, + showBlobControls() { + return this.filePath && this.$route.name === 'blobPathDecoded'; }, blobInfo() { return this.project?.repository?.blobs?.nodes[0] || {}; }, }, + watch: { + showBlobControls(shouldShow) { + updateElementsVisibility('.tree-controls', !shouldShow); + }, + }, }; </script> <template> - <div v-if="filePath"> + <div v-if="showBlobControls"> <gl-button data-testid="find" :href="blobInfo.findFilePath" :class="$options.buttonClassList"> {{ $options.i18n.findFile }} </gl-button> diff --git a/app/assets/stylesheets/framework/header.scss b/app/assets/stylesheets/framework/header.scss index 44b099fc873..68535badd78 100644 --- a/app/assets/stylesheets/framework/header.scss +++ b/app/assets/stylesheets/framework/header.scss @@ -150,7 +150,7 @@ $top-nav-hover-bg: var(--indigo-900-alpha-008, $indigo-900-alpha-008) !important } li { - .badge.badge-pill:not(.merge-request-badge) { + .badge.badge-pill:not(.merge-request-badge):not(.version-check-badge) { box-shadow: none; font-weight: $gl-font-weight-bold; } @@ -417,7 +417,7 @@ $top-nav-hover-bg: var(--indigo-900-alpha-008, $indigo-900-alpha-008) !important .title-container, .navbar-nav { - .badge.badge-pill:not(.merge-request-badge) { + .badge.badge-pill:not(.merge-request-badge):not(.version-check-badge) { position: inherit; font-weight: $gl-font-weight-normal; margin-left: -6px; diff --git a/app/assets/stylesheets/startup/startup-dark.scss b/app/assets/stylesheets/startup/startup-dark.scss index fb96c23517c..96dee4a3da1 100644 --- a/app/assets/stylesheets/startup/startup-dark.scss +++ b/app/assets/stylesheets/startup/startup-dark.scss @@ -837,7 +837,7 @@ input { .container-fluid .navbar-nav li - .badge.badge-pill:not(.merge-request-badge) { + .badge.badge-pill:not(.merge-request-badge):not(.version-check-badge) { box-shadow: none; font-weight: 600; } @@ -920,8 +920,10 @@ input { line-height: 18px; margin: 4px 0 4px 2px; } -.title-container .badge.badge-pill:not(.merge-request-badge), -.navbar-nav .badge.badge-pill:not(.merge-request-badge) { +.title-container + .badge.badge-pill:not(.merge-request-badge):not(.version-check-badge), +.navbar-nav + .badge.badge-pill:not(.merge-request-badge):not(.version-check-badge) { position: inherit; font-weight: 400; margin-left: -6px; @@ -932,17 +934,22 @@ input { border-radius: 7px; box-shadow: 0 1px 0 rgba(76, 78, 84, 0.2); } -.title-container .badge.badge-pill:not(.merge-request-badge).green-badge, -.navbar-nav .badge.badge-pill:not(.merge-request-badge).green-badge { +.title-container + .badge.badge-pill:not(.merge-request-badge):not(.version-check-badge).green-badge, +.navbar-nav + .badge.badge-pill:not(.merge-request-badge):not(.version-check-badge).green-badge { background-color: var(--green-400, #108548); } .title-container - .badge.badge-pill:not(.merge-request-badge).merge-requests-count, -.navbar-nav .badge.badge-pill:not(.merge-request-badge).merge-requests-count { + .badge.badge-pill:not(.merge-request-badge):not(.version-check-badge).merge-requests-count, +.navbar-nav + .badge.badge-pill:not(.merge-request-badge):not(.version-check-badge).merge-requests-count { background-color: var(--orange-400, #ab6100); } -.title-container .badge.badge-pill:not(.merge-request-badge).todos-count, -.navbar-nav .badge.badge-pill:not(.merge-request-badge).todos-count { +.title-container + .badge.badge-pill:not(.merge-request-badge):not(.version-check-badge).todos-count, +.navbar-nav + .badge.badge-pill:not(.merge-request-badge):not(.version-check-badge).todos-count { background-color: var(--blue-400, #1f75cb); } .title-container .canary-badge .badge, diff --git a/app/assets/stylesheets/startup/startup-general.scss b/app/assets/stylesheets/startup/startup-general.scss index 8d3c0fbb485..2f79c86cdc6 100644 --- a/app/assets/stylesheets/startup/startup-general.scss +++ b/app/assets/stylesheets/startup/startup-general.scss @@ -818,7 +818,7 @@ input { .container-fluid .navbar-nav li - .badge.badge-pill:not(.merge-request-badge) { + .badge.badge-pill:not(.merge-request-badge):not(.version-check-badge) { box-shadow: none; font-weight: 600; } @@ -901,8 +901,10 @@ input { line-height: 18px; margin: 4px 0 4px 2px; } -.title-container .badge.badge-pill:not(.merge-request-badge), -.navbar-nav .badge.badge-pill:not(.merge-request-badge) { +.title-container + .badge.badge-pill:not(.merge-request-badge):not(.version-check-badge), +.navbar-nav + .badge.badge-pill:not(.merge-request-badge):not(.version-check-badge) { position: inherit; font-weight: 400; margin-left: -6px; @@ -913,17 +915,22 @@ input { border-radius: 7px; box-shadow: 0 1px 0 rgba(76, 78, 84, 0.2); } -.title-container .badge.badge-pill:not(.merge-request-badge).green-badge, -.navbar-nav .badge.badge-pill:not(.merge-request-badge).green-badge { +.title-container + .badge.badge-pill:not(.merge-request-badge):not(.version-check-badge).green-badge, +.navbar-nav + .badge.badge-pill:not(.merge-request-badge):not(.version-check-badge).green-badge { background-color: var(--green-400, #2da160); } .title-container - .badge.badge-pill:not(.merge-request-badge).merge-requests-count, -.navbar-nav .badge.badge-pill:not(.merge-request-badge).merge-requests-count { + .badge.badge-pill:not(.merge-request-badge):not(.version-check-badge).merge-requests-count, +.navbar-nav + .badge.badge-pill:not(.merge-request-badge):not(.version-check-badge).merge-requests-count { background-color: var(--orange-400, #c17d10); } -.title-container .badge.badge-pill:not(.merge-request-badge).todos-count, -.navbar-nav .badge.badge-pill:not(.merge-request-badge).todos-count { +.title-container + .badge.badge-pill:not(.merge-request-badge):not(.version-check-badge).todos-count, +.navbar-nav + .badge.badge-pill:not(.merge-request-badge):not(.version-check-badge).todos-count { background-color: var(--blue-400, #428fdc); } .title-container .canary-badge .badge, diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb index bd7631c7e78..79c4f9a0260 100644 --- a/app/controllers/registrations_controller.rb +++ b/app/controllers/registrations_controller.rb @@ -13,6 +13,9 @@ class RegistrationsController < Devise::RegistrationsController before_action :ensure_destroy_prerequisites_met, only: [:destroy] before_action :load_recaptcha, only: :new before_action :set_invite_params, only: :new + before_action only: [:create] do + check_rate_limit!(:user_sign_up, scope: request.ip) if Feature.enabled?(:rate_limit_user_sign_up_endpoint, default_enabled: :yaml) + end feature_category :authentication_and_authorization diff --git a/app/helpers/commits_helper.rb b/app/helpers/commits_helper.rb index 4256a24bc16..43e727ac483 100644 --- a/app/helpers/commits_helper.rb +++ b/app/helpers/commits_helper.rb @@ -27,10 +27,12 @@ module CommitsHelper end def commit_to_html(commit, ref, project) - render 'projects/commits/commit.html', - commit: commit, - ref: ref, - project: project + render partial: 'projects/commits/commit', formats: :html, + locals: { + commit: commit, + ref: ref, + project: project + } end # Breadcrumb links for a Project and, if applicable, a tree path diff --git a/app/models/ci/build.rb b/app/models/ci/build.rb index 5bd2b4371da..fdcb877dcab 100644 --- a/app/models/ci/build.rb +++ b/app/models/ci/build.rb @@ -268,6 +268,10 @@ module Ci !build.any_unmet_prerequisites? # If false is returned, it stops the transition end + before_transition on: :enqueue do |build| + !build.waiting_for_deployment_approval? # If false is returned, it stops the transition + end + after_transition created: :scheduled do |build| build.run_after_commit do Ci::BuildScheduleWorker.perform_at(build.scheduled_at, build.id) @@ -424,7 +428,7 @@ module Ci end def playable? - action? && !archived? && (manual? || scheduled? || retryable?) + action? && !archived? && (manual? || scheduled? || retryable?) && !waiting_for_deployment_approval? end def waiting_for_deployment_approval? diff --git a/app/models/ci/pipeline.rb b/app/models/ci/pipeline.rb index b1568bbbb06..d11304e5285 100644 --- a/app/models/ci/pipeline.rb +++ b/app/models/ci/pipeline.rb @@ -467,15 +467,11 @@ module Ci end def tags_count - if tag_counts_enabled? - ActsAsTaggableOn::Tagging.where(taggable: builds).count - end + ActsAsTaggableOn::Tagging.where(taggable: builds).count end def distinct_tags_count - if tag_counts_enabled? - ActsAsTaggableOn::Tagging.where(taggable: builds).count('distinct(tag_id)') - end + ActsAsTaggableOn::Tagging.where(taggable: builds).count('distinct(tag_id)') end def stages_names @@ -1352,12 +1348,6 @@ module Ci ::Gitlab::Ci::PipelineObjectHierarchy .new(self.class.unscoped.where(id: id), options: options) end - - def tag_counts_enabled? - strong_memoize(:tag_counts_enabled) do - ::Feature.enabled?(:ci_pipeline_logger_tags_count, project, default_enabled: :yaml) - end - end end end diff --git a/app/models/deployment.rb b/app/models/deployment.rb index 453c6bce362..2f04d99f9f6 100644 --- a/app/models/deployment.rb +++ b/app/models/deployment.rb @@ -70,6 +70,10 @@ class Deployment < ApplicationRecord transition created: :blocked end + event :unblock do + transition blocked: :created + end + event :succeed do transition any - [:success] => :success end diff --git a/app/services/ci/pipelines/add_job_service.rb b/app/services/ci/pipelines/add_job_service.rb index 703bb22fb5d..fc852bc3edd 100644 --- a/app/services/ci/pipelines/add_job_service.rb +++ b/app/services/ci/pipelines/add_job_service.rb @@ -39,6 +39,12 @@ module Ci job.pipeline = pipeline job.project = pipeline.project job.ref = pipeline.ref + + # update metadata since it might have been lazily initialised before this call + # metadata is present on `Ci::Processable` + if job.respond_to?(:metadata) && job.metadata + job.metadata.project = pipeline.project + end end end end diff --git a/app/views/layouts/header/_gitlab_version.html.haml b/app/views/layouts/header/_gitlab_version.html.haml new file mode 100644 index 00000000000..125fbaa084c --- /dev/null +++ b/app/views/layouts/header/_gitlab_version.html.haml @@ -0,0 +1,11 @@ +- return unless show_version_check? + +.gl-display-flex.gl-flex-direction-column.gl-px-4.gl-py-3 + %span + = s_("VersionCheck|Your GitLab Version") + = emoji_icon('rocket') + %span + %span.gl-font-sm.gl-text-gray-500 + #{Gitlab.version_info.major}.#{Gitlab.version_info.minor} + %span.gl-ml-2 + .js-gitlab-version-check{ data: { "size": "sm" } } diff --git a/app/views/layouts/header/_help_dropdown.html.haml b/app/views/layouts/header/_help_dropdown.html.haml index e2c7781da54..738bca2f2cc 100644 --- a/app/views/layouts/header/_help_dropdown.html.haml +++ b/app/views/layouts/header/_help_dropdown.html.haml @@ -1,5 +1,6 @@ %ul - if current_user_menu?(:help) + = render 'layouts/header/gitlab_version' = render 'layouts/header/whats_new_dropdown_item' %li = link_to _("Help"), help_path diff --git a/app/workers/all_queues.yml b/app/workers/all_queues.yml index 0d4b92a5065..3180a0dfc81 100644 --- a/app/workers/all_queues.yml +++ b/app/workers/all_queues.yml @@ -1539,7 +1539,7 @@ :tags: [] - :name: pipeline_creation:ci_external_pull_requests_create_pipeline :worker_name: Ci::ExternalPullRequests::CreatePipelineWorker - :feature_category: :pipeline_authoring + :feature_category: :continuous_integration :has_external_dependencies: :urgency: :high :resource_boundary: :cpu diff --git a/app/workers/ci/external_pull_requests/create_pipeline_worker.rb b/app/workers/ci/external_pull_requests/create_pipeline_worker.rb index 211ea1f2990..334ff099ea2 100644 --- a/app/workers/ci/external_pull_requests/create_pipeline_worker.rb +++ b/app/workers/ci/external_pull_requests/create_pipeline_worker.rb @@ -7,7 +7,7 @@ module Ci data_consistency :always queue_namespace :pipeline_creation - feature_category :pipeline_authoring + feature_category :continuous_integration urgency :high worker_resource_boundary :cpu diff --git a/config/feature_flags/development/ci_pipeline_logger_tags_count.yml b/config/feature_flags/development/ci_pipeline_logger_tags_count.yml deleted file mode 100644 index a65837a00f6..00000000000 --- a/config/feature_flags/development/ci_pipeline_logger_tags_count.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -name: ci_pipeline_logger_tags_count -introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/77112 -rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/348967 -milestone: '14.7' -type: development -group: group::pipeline execution -default_enabled: false diff --git a/config/feature_flags/development/ci_pipeline_logger_sql_count.yml b/config/feature_flags/development/rate_limit_user_sign_up_endpoint.yml index 29742130cc6..af1957e54c8 100644 --- a/config/feature_flags/development/ci_pipeline_logger_sql_count.yml +++ b/config/feature_flags/development/rate_limit_user_sign_up_endpoint.yml @@ -1,8 +1,8 @@ --- -name: ci_pipeline_logger_sql_count -introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/77117 -rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/346246 +name: rate_limit_user_sign_up_endpoint +introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/77835 +rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/349843 milestone: '14.7' type: development -group: group::pipeline execution +group: group::optimize default_enabled: false diff --git a/doc/administration/geo/replication/troubleshooting.md b/doc/administration/geo/replication/troubleshooting.md index fd13fd8a3f0..1bc23d6434f 100644 --- a/doc/administration/geo/replication/troubleshooting.md +++ b/doc/administration/geo/replication/troubleshooting.md @@ -6,14 +6,14 @@ info: To determine the technical writer assigned to the Stage/Group associated w # Troubleshooting Geo **(PREMIUM SELF)** -Setting up Geo requires careful attention to details and sometimes it's easy to +Setting up Geo requires careful attention to details, and sometimes it's easy to miss a step. Here is a list of steps you should take to attempt to fix problem: -- Perform [basic troubleshooting](#basic-troubleshooting). -- Fix any [replication errors](#fixing-replication-errors). -- Fix any [common](#fixing-common-errors) errors. +1. Perform [basic troubleshooting](#basic-troubleshooting). +1. Fix any [replication errors](#fixing-replication-errors). +1. Fix any [common](#fixing-common-errors) errors. ## Basic troubleshooting @@ -40,11 +40,11 @@ to help identify if something is wrong:  -For information on how to resolve common errors reported from the UI, see -[Fixing Common Errors](#fixing-common-errors). +For information about how to resolve common error messages reported from the user interface, +see [Fixing Common Errors](#fixing-common-errors). -If the UI is not working, or you are unable to log in, you can run the Geo -health check manually to get this information as well as a few more details. +If the user interface is not working, or you are unable to sign in, you can run the Geo +health check manually to get this information and a few more details. #### Health check Rake task @@ -172,116 +172,122 @@ HINT: Close open transactions soon to avoid wraparound problems. You might also need to commit or roll back old prepared transactions, or drop stale replication slots. ``` -To fix this, do the following: +To fix this: 1. [Connect to the primary database](https://docs.gitlab.com/omnibus/settings/database.html#connecting-to-the-bundled-postgresql-database). + 1. Run `SELECT * FROM pg_replication_slots;`. -1. Note the `slot_name` that reports `active` as `f` (false). -1. Follow [all these steps to remove that Geo site](remove_geo_site.md). + Note the `slot_name` that reports `active` as `f` (false). + +1. Follow [the steps to remove that Geo site](remove_geo_site.md). ## Fixing errors found when running the Geo check Rake task -When running this Rake task, you may see errors if the nodes are not properly configured: +When running this Rake task, you may see error messages if the nodes are not properly configured: ```shell sudo gitlab-rake gitlab:geo:check ``` -1. Rails did not provide a password when connecting to the database +- Rails did not provide a password when connecting to the database. - ```plaintext - Checking Geo ... + ```plaintext + Checking Geo ... - GitLab Geo is available ... Exception: fe_sendauth: no password supplied - GitLab Geo is enabled ... Exception: fe_sendauth: no password supplied - ... - Checking Geo ... Finished - ``` + GitLab Geo is available ... Exception: fe_sendauth: no password supplied + GitLab Geo is enabled ... Exception: fe_sendauth: no password supplied + ... + Checking Geo ... Finished + ``` - - Ensure that you have the `gitlab_rails['db_password']` set to the plain text-password used when creating the hash for `postgresql['sql_user_password']`. + Ensure you have the `gitlab_rails['db_password']` set to the plain-text + password used when creating the hash for `postgresql['sql_user_password']`. -1. Rails is unable to connect to the database +- Rails is unable to connect to the database. - ```plaintext - Checking Geo ... + ```plaintext + Checking Geo ... - GitLab Geo is available ... Exception: FATAL: no pg_hba.conf entry for host "1.1.1.1", user "gitlab", database "gitlabhq_production", SSL on - FATAL: no pg_hba.conf entry for host "1.1.1.1", user "gitlab", database "gitlabhq_production", SSL off - GitLab Geo is enabled ... Exception: FATAL: no pg_hba.conf entry for host "1.1.1.1", user "gitlab", database "gitlabhq_production", SSL on - FATAL: no pg_hba.conf entry for host "1.1.1.1", user "gitlab", database "gitlabhq_production", SSL off - ... - Checking Geo ... Finished - ``` + GitLab Geo is available ... Exception: FATAL: no pg_hba.conf entry for host "1.1.1.1", user "gitlab", database "gitlabhq_production", SSL on + FATAL: no pg_hba.conf entry for host "1.1.1.1", user "gitlab", database "gitlabhq_production", SSL off + GitLab Geo is enabled ... Exception: FATAL: no pg_hba.conf entry for host "1.1.1.1", user "gitlab", database "gitlabhq_production", SSL on + FATAL: no pg_hba.conf entry for host "1.1.1.1", user "gitlab", database "gitlabhq_production", SSL off + ... + Checking Geo ... Finished + ``` - - Ensure that you have the IP address of the rails node included in `postgresql['md5_auth_cidr_addresses']`. - - Ensure that you have included the subnet mask on the IP address: `postgresql['md5_auth_cidr_addresses'] = ['1.1.1.1/32']`. + Ensure you have the IP address of the rails node included in `postgresql['md5_auth_cidr_addresses']`. + Also, ensure you have included the subnet mask on the IP address: `postgresql['md5_auth_cidr_addresses'] = ['1.1.1.1/32']`. -1. Rails has supplied the incorrect password +- Rails has supplied the incorrect password. - ```plaintext - Checking Geo ... - GitLab Geo is available ... Exception: FATAL: password authentication failed for user "gitlab" - FATAL: password authentication failed for user "gitlab" - GitLab Geo is enabled ... Exception: FATAL: password authentication failed for user "gitlab" - FATAL: password authentication failed for user "gitlab" - ... - Checking Geo ... Finished - ``` + ```plaintext + Checking Geo ... + GitLab Geo is available ... Exception: FATAL: password authentication failed for user "gitlab" + FATAL: password authentication failed for user "gitlab" + GitLab Geo is enabled ... Exception: FATAL: password authentication failed for user "gitlab" + FATAL: password authentication failed for user "gitlab" + ... + Checking Geo ... Finished + ``` - - Verify the correct password is set for `gitlab_rails['db_password']` that was used when creating the hash in `postgresql['sql_user_password']` by running `gitlab-ctl pg-password-md5 gitlab` and entering the password. + Verify the correct password is set for `gitlab_rails['db_password']` that was + used when creating the hash in `postgresql['sql_user_password']` by running + `gitlab-ctl pg-password-md5 gitlab` and entering the password. -1. Check returns `not a secondary node` +- Check returns `not a secondary node`. - ```plaintext - Checking Geo ... + ```plaintext + Checking Geo ... - GitLab Geo is available ... yes - GitLab Geo is enabled ... yes - GitLab Geo secondary database is correctly configured ... not a secondary node - Database replication enabled? ... not a secondary node - ... - Checking Geo ... Finished - ``` + GitLab Geo is available ... yes + GitLab Geo is enabled ... yes + GitLab Geo secondary database is correctly configured ... not a secondary node + Database replication enabled? ... not a secondary node + ... + Checking Geo ... Finished + ``` - - Ensure that you have added the secondary node in the Admin Area of the **primary** node. - - Ensure that you entered the `external_url` or `gitlab_rails['geo_node_name']` when adding the secondary node in the Admin Area of the **primary** node. - - Prior to GitLab 12.4, edit the secondary node in the Admin Area of the **primary** node and ensure that there is a trailing `/` in the `Name` field. + Ensure you have added the secondary node in the Admin Area of the **primary** node. + Also ensure you entered the `external_url` or `gitlab_rails['geo_node_name']` + when adding the secondary node in the Admin Area of the **primary** node. + In GitLab 12.3 and earlier, edit the secondary node in the Admin Area of the **primary** + node and ensure that there is a trailing `/` in the `Name` field. -1. Check returns `Exception: PG::UndefinedTable: ERROR: relation "geo_nodes" does not exist` +- Check returns `Exception: PG::UndefinedTable: ERROR: relation "geo_nodes" does not exist`. - ```plaintext - Checking Geo ... + ```plaintext + Checking Geo ... - GitLab Geo is available ... no - Try fixing it: - Upload a new license that includes the GitLab Geo feature - For more information see: - https://about.gitlab.com/features/gitlab-geo/ - GitLab Geo is enabled ... Exception: PG::UndefinedTable: ERROR: relation "geo_nodes" does not exist - LINE 8: WHERE a.attrelid = '"geo_nodes"'::regclass + GitLab Geo is available ... no + Try fixing it: + Upload a new license that includes the GitLab Geo feature + For more information see: + https://about.gitlab.com/features/gitlab-geo/ + GitLab Geo is enabled ... Exception: PG::UndefinedTable: ERROR: relation "geo_nodes" does not exist + LINE 8: WHERE a.attrelid = '"geo_nodes"'::regclass ^ - : SELECT a.attname, format_type(a.atttypid, a.atttypmod), - pg_get_expr(d.adbin, d.adrelid), a.attnotnull, a.atttypid, a.atttypmod, - c.collname, col_description(a.attrelid, a.attnum) AS comment - FROM pg_attribute a - LEFT JOIN pg_attrdef d ON a.attrelid = d.adrelid AND a.attnum = d.adnum - LEFT JOIN pg_type t ON a.atttypid = t.oid - LEFT JOIN pg_collation c ON a.attcollation = c.oid AND a.attcollation <> t.typcollation - WHERE a.attrelid = '"geo_nodes"'::regclass - AND a.attnum > 0 AND NOT a.attisdropped - ORDER BY a.attnum - ... - Checking Geo ... Finished - ``` - - When performing a PostgreSQL major version (9 > 10) update this is expected. Follow: + : SELECT a.attname, format_type(a.atttypid, a.atttypmod), + pg_get_expr(d.adbin, d.adrelid), a.attnotnull, a.atttypid, a.atttypmod, + c.collname, col_description(a.attrelid, a.attnum) AS comment + FROM pg_attribute a + LEFT JOIN pg_attrdef d ON a.attrelid = d.adrelid AND a.attnum = d.adnum + LEFT JOIN pg_type t ON a.atttypid = t.oid + LEFT JOIN pg_collation c ON a.attcollation = c.oid AND a.attcollation <> t.typcollation + WHERE a.attrelid = '"geo_nodes"'::regclass + AND a.attnum > 0 AND NOT a.attisdropped + ORDER BY a.attnum + ... + Checking Geo ... Finished + ``` - - [initiate-the-replication-process](../setup/database.md#step-3-initiate-the-replication-process) + When performing a PostgreSQL major version (9 > 10) update this is expected. Follow + the [initiate-the-replication-process](../setup/database.md#step-3-initiate-the-replication-process). ## Fixing replication errors The following sections outline troubleshooting steps for fixing replication -errors (indicated by `Database replication working? ... no` in the +error messages (indicated by `Database replication working? ... no` in the [`geo:check` output](#health-check-rake-task). ### Message: `ERROR: replication slots can only be used if max_replication_slots > 0`? @@ -304,7 +310,7 @@ process](../setup/database.md) on the **secondary** node . ### Message: "Command exceeded allowed execution time" when setting up replication? This may happen while [initiating the replication process](../setup/database.md#step-3-initiate-the-replication-process) on the **secondary** node, -and indicates that your initial dataset is too large to be replicated in the default timeout (30 minutes). +and indicates your initial dataset is too large to be replicated in the default timeout (30 minutes). Re-run `gitlab-ctl replicate-geo-database`, but include a larger value for `--backup-timeout`: @@ -318,7 +324,7 @@ sudo gitlab-ctl \ ``` This gives the initial replication up to six hours to complete, rather than -the default thirty minutes. Adjust as required for your installation. +the default 30 minutes. Adjust as required for your installation. ### Message: "PANIC: could not write to file `pg_xlog/xlogtemp.123`: No space left on device" @@ -334,7 +340,7 @@ log data to build up in `pg_xlog`. Removing the unused slots can reduce the amou NOTE: Using `gitlab-rails dbconsole` does not work, because managing replication slots requires superuser permissions. -1. View your replication slots with: +1. View your replication slots: ```sql SELECT * FROM pg_replication_slots; @@ -343,7 +349,7 @@ log data to build up in `pg_xlog`. Removing the unused slots can reduce the amou Slots where `active` is `f` are not active. - When this slot should be active, because you have a **secondary** node configured using that slot, - log in to that **secondary** node and check the [PostgreSQL logs](../../logs.md#postgresql-logs) + sign in to that **secondary** node and check the [PostgreSQL logs](../../logs.md#postgresql-logs) to view why the replication is not running. - If you are no longer using the slot (for example, you no longer have Geo enabled), you can remove it with in the @@ -355,11 +361,11 @@ Slots where `active` is `f` are not active. ### Message: "ERROR: canceling statement due to conflict with recovery" -This error occurs infrequently under normal usage, and the system is resilient +This error message occurs infrequently under normal usage, and the system is resilient enough to recover. However, under certain conditions, some database queries on secondaries may run -excessively long, which increases the frequency of this error. This can lead to a situation +excessively long, which increases the frequency of this error message. This can lead to a situation where some queries never complete due to being canceled on every replication. These long-running queries are @@ -426,7 +432,7 @@ If large repositories are affected by this problem, their resync may take a long time and cause significant load on your Geo nodes, storage and network systems. -If you get the error `Synchronization failed - Error syncing repository` along with the following log messages, this indicates that the expected `geo` remote is not present in the `.git/config` file +If you get the error message `Synchronization failed - Error syncing repository` along with the following log messages, this indicates that the expected `geo` remote is not present in the `.git/config` file of a repository on the secondary Geo node's file system: ```json @@ -449,11 +455,11 @@ of a repository on the secondary Geo node's file system: To solve this: -1. Log into the secondary Geo node. +1. Sign in to the secondary Geo node. 1. Back up [the `.git` folder](../../repository_storage_types.md#translate-hashed-storage-paths). -1. Optional: [Spot-check](../../troubleshooting/log_parsing.md#find-all-projects-affected-by-a-fatal-git-problem) +1. Optional. [Spot-check](../../troubleshooting/log_parsing.md#find-all-projects-affected-by-a-fatal-git-problem) a few of those IDs whether they indeed correspond to a project with known Geo replication failures. Use `fatal: 'geo'` as the `grep` term and the following API call: @@ -488,18 +494,19 @@ GitLab places a timeout on all repository clones, including project imports and Geo synchronization operations. If a fresh `git clone` of a repository on the **primary** takes more than the default three hours, you may be affected by this. -To increase the timeout, add the following line to `/etc/gitlab/gitlab.rb` -on the **secondary** node: +To increase the timeout: -```ruby -gitlab_rails['gitlab_shell_git_timeout'] = 14400 -``` +1. On the **secondary** node, add the following line to `/etc/gitlab/gitlab.rb`: -Then reconfigure GitLab: + ```ruby + gitlab_rails['gitlab_shell_git_timeout'] = 14400 + ``` -```shell -sudo gitlab-ctl reconfigure -``` +1. Reconfigure GitLab: + + ```shell + sudo gitlab-ctl reconfigure + ``` This increases the timeout to four hours (14400 seconds). Choose a time long enough to accommodate a full clone of your largest repositories. @@ -510,7 +517,7 @@ If new LFS objects are never replicated to secondary Geo nodes, check the versio GitLab you are running. GitLab versions 11.11.x or 12.0.x are affected by [a bug that results in new LFS objects not being replicated to Geo secondary nodes](https://gitlab.com/gitlab-org/gitlab/-/issues/32696). -To resolve the issue, upgrade to GitLab 12.1 or newer. +To resolve the issue, upgrade to GitLab 12.1 or later. ### Failures during backfill @@ -522,7 +529,7 @@ of the backfill queue, therefore these failures only clear up **after** the back If you get a **secondary** node in a broken state and want to reset the replication state, to start again from scratch, there are a few steps that can help you: -1. Stop Sidekiq and the Geo LogCursor +1. Stop Sidekiq and the Geo LogCursor. It's possible to make Sidekiq stop gracefully, but making it stop getting new jobs and wait until the current jobs to finish processing. @@ -545,7 +552,7 @@ to start again from scratch, there are a few steps that can help you: gitlab-ctl tail sidekiq ``` -1. Rename repository storage folders and create new ones. If you are not concerned about possible orphaned directories and files, then you can simply skip this step. +1. Rename repository storage folders and create new ones. If you are not concerned about possible orphaned directories and files, you can skip this step. ```shell mv /var/opt/gitlab/git-data/repositories /var/opt/gitlab/git-data/repositories.old @@ -557,14 +564,14 @@ to start again from scratch, there are a few steps that can help you: You may want to remove the `/var/opt/gitlab/git-data/repositories.old` in the future as soon as you confirmed that you don't need it anymore, to save disk space. -1. Optional. Rename other data folders and create new ones +1. Optional. Rename other data folders and create new ones. WARNING: You may still have files on the **secondary** node that have been removed from the **primary** node, but this - removal has not been reflected. If you skip this step, these files are not removed at all from the Geo node. + removal has not been reflected. If you skip this step, these files are not removed from the Geo node. - Any uploaded content like file attachments, avatars or LFS objects are stored in a - subfolder in one of the two paths below: + Any uploaded content (like file attachments, avatars, or LFS objects) is stored in a + subfolder in one of these paths: - `/var/opt/gitlab/gitlab-rails/shared` - `/var/opt/gitlab/gitlab-rails/uploads` @@ -591,7 +598,7 @@ to start again from scratch, there are a few steps that can help you: gitlab-ctl reconfigure ``` -1. Reset the Tracking Database +1. Reset the Tracking Database. ```shell gitlab-rake geo:db:drop # on a secondary app node @@ -599,7 +606,7 @@ to start again from scratch, there are a few steps that can help you: gitlab-rake geo:db:setup # on a secondary app node ``` -1. Restart previously stopped services +1. Restart previously stopped services. ```shell gitlab-ctl start @@ -609,10 +616,10 @@ to start again from scratch, there are a few steps that can help you: On the top bar, under **Menu > Admin > Geo > Nodes**, if the Design repositories progress bar shows -`Synced` and `Failed` greater than 100%, and negative `Queued`, then the instance +`Synced` and `Failed` greater than 100%, and negative `Queued`, the instance is likely affected by [a bug in GitLab 13.2 and 13.3](https://gitlab.com/gitlab-org/gitlab/-/issues/241668). -It was [fixed in 13.4+](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/40643). +It was [fixed in GitLab 13.4 and later](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/40643). To determine the actual replication status of design repositories in a [Rails console](../../operations/rails_console.md): @@ -663,7 +670,7 @@ determine the actual replication status of Design repositories. `gitlab-ctl promote-to-primary-node` fails since it runs preflight checks. If the [previous snippet](#design-repository-failures-on-mirrored-projects-and-project-imports) -shows that all designs are synced, then you can use the +shows that all designs are synced, you can use the `--skip-preflight-checks` option or the `--force` option to move forward with promotion. @@ -676,9 +683,9 @@ determine the actual replication status of Design repositories. ### Sync failure message: "Verification failed with: Error during verification: File is not checksummable" -Until GitLab 14.6, certain data types which were missing on the Geo primary site were marked as "synced" on Geo secondary sites. This was because from the perspective of Geo secondary sites, the state matched the primary site and nothing more could be done on secondary sites. +In GitLab 14.5 and earlier, certain data types which were missing on the Geo primary site were marked as "synced" on Geo secondary sites. This was because from the perspective of Geo secondary sites, the state matched the primary site and nothing more could be done on secondary sites. -Secondaries would regularly try to sync these files again via the "verification" feature: +Secondaries would regularly try to sync these files again by using the "verification" feature: - Verification fails since the file doesn't exist. - The file is marked "sync failed". @@ -703,11 +710,11 @@ After confirming this is the problem, the files on the primary site need to be f - A non-atomic backup was restored. - Services or servers or network infrastructure was interrupted/restarted during use. -The appropriate action sometimes depends on the cause. For example, you can remount an NFS share. Often, a root cause may not be apparent or not useful to discover. If you have regular backups, then it may be expedient to look through them and pull files from there. +The appropriate action sometimes depends on the cause. For example, you can remount an NFS share. Often, a root cause may not be apparent or not useful to discover. If you have regular backups, it may be expedient to look through them and pull files from there. In some cases, a file may be determined to be of low value, and so it may be worth deleting the record. -Geo itself is an excellent mitigation for files missing on the primary. If a file disappears on the primary but it was already synced to the secondary, then you can grab the secondary's file. In cases like this, the `File is not checksummable` error will not occur on Geo secondary sites, and only the primary will log this error. +Geo itself is an excellent mitigation for files missing on the primary. If a file disappears on the primary but it was already synced to the secondary, you can grab the secondary's file. In cases like this, the `File is not checksummable` error message will not occur on Geo secondary sites, and only the primary will log this error message. This problem is more likely to show up in Geo secondary sites which were set up long after the original GitLab site. In this case, Geo is only surfacing an existing problem. @@ -725,17 +732,19 @@ This behavior affects only the following data types through GitLab 14.6: | Uploads | 14.6 | | CI Job Artifacts | 14.6 | -[Since GitLab 14.7, files which are missing on the primary site are now treated as sync failures](https://gitlab.com/gitlab-org/gitlab/-/issues/348745) in order to make Geo visibly surface data loss risks. The sync/verification loop is therefore short-circuited. `last_sync_failure` is now set to `The file is missing on the Geo primary site`. +[Since GitLab 14.7, files that are missing on the primary site are now treated as sync failures](https://gitlab.com/gitlab-org/gitlab/-/issues/348745) +to make Geo visibly surface data loss risks. The sync/verification loop is +therefore short-circuited. `last_sync_failure` is now set to `The file is missing on the Geo primary site`. ## Fixing errors during a failover or when promoting a secondary to a primary node -The following are possible errors that might be encountered during failover or +The following are possible error messages that might be encountered during failover or when promoting a secondary to a primary node with strategies to resolve them. ### Message: ActiveRecord::RecordInvalid: Validation failed: Name has already been taken When [promoting a **secondary** site](../disaster_recovery/index.md#step-3-promoting-a-secondary-site), -you might encounter the following error: +you might encounter the following error message: ```plaintext Running gitlab-rake geo:set_secondary_as_primary... @@ -763,7 +772,7 @@ or `gitlab-ctl promote-to-primary-node`, either: Rake::Task['geo:set_secondary_as_primary'].invoke ``` -- Upgrade to GitLab 12.6.3 or newer if it is safe to do so. For example, +- Upgrade to GitLab 12.6.3 or later if it is safe to do so. For example, if the failover was just a test. A [caching-related bug](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/22021) was fixed. @@ -771,8 +780,8 @@ or `gitlab-ctl promote-to-primary-node`, either: ### Message: ActiveRecord::RecordInvalid: Validation failed: Enabled Geo primary node cannot be disabled If you disabled a secondary node, either with the [replication pause task](../index.md#pausing-and-resuming-replication) -(13.2) or by using the user interface (13.1 and earlier), you must first -re-enable the node before you can continue. This is fixed in 13.4. +(GitLab 13.2) or by using the user interface (GitLab 13.1 and earlier), you must first +re-enable the node before you can continue. This is fixed in GitLab 13.4. This can be fixed in the database. @@ -798,12 +807,12 @@ This can be fixed in the database. UPDATE geo_nodes SET enabled = true WHERE url = 'https://<secondary url>/' AND enabled = false;" ``` - This should update 1 row. + This should update one row. ### Message: ``NoMethodError: undefined method `secondary?' for nil:NilClass`` When [promoting a **secondary** site](../disaster_recovery/index.md#step-3-promoting-a-secondary-site), -you might encounter the following error: +you might encounter the following error message: ```plaintext sudo gitlab-rake geo:set_secondary_as_primary @@ -818,7 +827,7 @@ Tasks: TOP => geo:set_secondary_as_primary (See full trace by running task with --trace) ``` -This command is intended to be executed on a secondary site only, and this error +This command is intended to be executed on a secondary site only, and this error message is displayed if you attempt to run this command on a primary site. ### Message: `sudo: gitlab-pg-ctl: command not found` @@ -840,7 +849,7 @@ In this case, the workaround is to use the full path to the binary, for example: sudo /opt/gitlab/embedded/bin/gitlab-pg-ctl promote ``` -GitLab 12.9 and later are [unaffected by this error](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/5147). +GitLab 12.9 and later are [unaffected by this error message](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/5147). ### Message: `ERROR - Replication is not up-to-date` during `gitlab-ctl promotion-preflight-checks` @@ -858,7 +867,7 @@ shows that it is complete, you can add `--skip-preflight-checks` to make the com ### Errors when using `--skip-preflight-checks` or `--force` -Before GitLab 13.5, you could bump into one of the following errors when using +In GitLab 13.4 and earlier, you could receive one of the following error messages when using `--skip-preflight-checks` or `--force`: ```plaintext @@ -868,7 +877,7 @@ get_ctl_options': invalid option: --force (OptionParser::InvalidOption) ``` This can happen with XFS or file systems that list files in lexical order, because the -load order of the Omnibus command files can be different than expected, and a global function would get redefined. +load order of the Omnibus GitLab command files can be different than expected, and a global function would get redefined. More details can be found in [the related issue](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/6076). The workaround is to manually run the preflight checks and promote the database, by running @@ -894,8 +903,8 @@ registry record related to the orphan files on disk. ### Message: The redirect URI included is not valid -If you are able to log in to the **primary** node, but you receive this error -when attempting to log into a **secondary**, you should check that the Geo +If you are able to sign in to the **primary** node, but you receive this error message +when attempting to sign in to a **secondary**, you should verify the Geo node's URL matches its external URL. On the **primary** node: @@ -909,7 +918,7 @@ On the **primary** node: ## Fixing common errors -This section documents common errors reported in the Admin Area and how to fix them. +This section documents common error messages reported in the Admin Area, and how to fix them. ### Geo database configuration file is missing @@ -930,7 +939,7 @@ It is safest to use a fresh secondary, or reset the whole secondary by following ### Geo node has a database that is writable which is an indication it is not configured for replication with the primary node -This error refers to a problem with the database replica on a **secondary** node, +This error message refers to a problem with the database replica on a **secondary** node, which Geo expects to have access to. It usually means, either: - An unsupported replication method was used (for example, logical replication). @@ -943,7 +952,7 @@ Geo **secondary** sites require two separate PostgreSQL instances: - A read-only replica of the **primary** node. - A regular, writable instance that holds replication metadata. That is, the Geo tracking database. -This error indicates that the replica database in the **secondary** site is misconfigured and replication has stopped. +This error message indicates that the replica database in the **secondary** site is misconfigured and replication has stopped. To restore the database and resume replication, you can do one of the following: @@ -979,7 +988,7 @@ This can be caused by orphaned records in the project registry. You can clear th ### Geo Admin Area returns 404 error for a secondary node Sometimes `sudo gitlab-rake gitlab:geo:check` indicates that the **secondary** node is -healthy, but a 404 error for the **secondary** node is returned in the Geo Admin Area on +healthy, but a 404 Not Found error message for the **secondary** node is returned in the Geo Admin Area on the **primary** node. To resolve this issue: @@ -997,7 +1006,7 @@ If using a load balancer, ensure that the load balancer's URL is set as the `ext ### Geo Admin Area shows 'Unhealthy' after enabling Maintenance Mode -In GitLab 13.9 through GitLab 14.3, when [GitLab Maintenance Mode](../../maintenance_mode/index.md) is enabled, the status of Geo secondary sites will stop getting updated. After 10 minutes, the status will become `Unhealthy`. +In GitLab 13.9 through GitLab 14.3, when [GitLab Maintenance Mode](../../maintenance_mode/index.md) is enabled, the status of Geo secondary sites will stop getting updated. After 10 minutes, the status changes to `Unhealthy`. Geo secondary sites will continue to replicate and verify data, and the secondary sites should still be usable. You can use the [Sync status Rake task](#sync-status-rake-task) to determine the actual status of a secondary site during Maintenance Mode. @@ -1006,7 +1015,7 @@ This bug was [fixed in GitLab 14.4](https://gitlab.com/gitlab-org/gitlab/-/issue ### GitLab Pages return 404 errors after promoting This is due to [Pages data not being managed by Geo](datatypes.md#limitations-on-replicationverification). -Find advice to resolve those errors in the +Find advice to resolve those error messages in the [Pages administration documentation](../../../administration/pages/index.md#404-error-after-promoting-a-geo-secondary-to-a-primary-node). ## Fixing client errors @@ -1017,4 +1026,4 @@ You may have problems if you're running a version of [Git LFS](https://git-lfs.g As noted in [this authentication issue](https://github.com/git-lfs/git-lfs/issues/3025), requests redirected from the secondary to the primary node do not properly send the Authorization header. This may result in either an infinite `Authorization <-> Redirect` -loop, or Authorization errors. +loop, or Authorization error messages. diff --git a/doc/administration/reference_architectures/index.md b/doc/administration/reference_architectures/index.md index 81f07f304bc..bd796600564 100644 --- a/doc/administration/reference_architectures/index.md +++ b/doc/administration/reference_architectures/index.md @@ -212,12 +212,12 @@ Note the following about the testing process: | Reference<br/>Architecture<br/>Size | Bare-Metal | GCP | AWS | Azure | |-----------------------------|------------|-----|-----|-------| -| 1k | <i>Refer to GCP<sup>1</sup><i/> | [Standard - Weekly](https://gitlab.com/gitlab-org/quality/performance/-/wikis/Benchmarks/Latest/1k)<sup>1</sup> | - | - | -| 2k | <i>Refer to GCP<sup>1</sup><i/> | [Standard - Weekly](https://gitlab.com/gitlab-org/quality/performance/-/wikis/Benchmarks/Latest/2k)<sup>1</sup> | - | - | -| 3k | <i>Refer to GCP<sup>1</sup><i/> | [Standard - Weekly](https://gitlab.com/gitlab-org/quality/performance/-/wikis/Benchmarks/Latest/3k)<sup>1</sup> | - | - | -| 5k | <i>Refer to GCP<sup>1</sup><i/> | [Standard - Weekly](https://gitlab.com/gitlab-org/quality/performance/-/wikis/Benchmarks/Latest/5k)<sup>1</sup> | - | - | -| 10k | <i>Refer to GCP<sup>1</sup><i/> | [Standard - Daily](https://gitlab.com/gitlab-org/quality/performance/-/wikis/Benchmarks/Latest/10k)<sup>1</sup> <br/> [Standard (inc Cloud Services) - Ad-Hoc](https://gitlab.com/gitlab-org/quality/performance/-/wikis/Past-Results/10k) <br/> [Cloud Native Hybrid - Ad-Hoc](https://gitlab.com/gitlab-org/quality/performance/-/wikis/Past-Results/10k-Cloud-Native-Hybrid) | [Standard (inc Cloud Services) - Ad-Hoc](https://gitlab.com/gitlab-org/quality/performance/-/wikis/Past-Results/10k) <br/> [Cloud Native Hybrid - Ad-Hoc](https://gitlab.com/gitlab-org/quality/performance/-/wikis/Past-Results/10k-Cloud-Native-Hybrid) | [Standard - Ad-Hoc](https://gitlab.com/gitlab-org/quality/performance/-/wikis/Past-Results/10k) | -| 25k | <i>Refer to GCP<sup>1</sup><i/> | [Standard - Weekly](https://gitlab.com/gitlab-org/quality/performance/-/wikis/Benchmarks/Latest/25k)<sup>1</sup> | - | [Standard - Ad-Hoc](https://gitlab.com/gitlab-org/quality/performance/-/wikis/Past-Results/25k) | -| 50k | <i>Refer to GCP<sup>1</sup><i/> | [Standard - Weekly](https://gitlab.com/gitlab-org/quality/performance/-/wikis/Benchmarks/Latest/50k)<sup>1</sup> | [Standard (inc Cloud Services) - Ad-Hoc](https://gitlab.com/gitlab-org/quality/performance/-/wikis/Past-Results/50k) | - | +| 1k | <i>Refer to GCP<sup>1</sup></i> | [Standard - Weekly](https://gitlab.com/gitlab-org/quality/performance/-/wikis/Benchmarks/Latest/1k)<sup>1</sup> | - | - | +| 2k | <i>Refer to GCP<sup>1</sup></i> | [Standard - Weekly](https://gitlab.com/gitlab-org/quality/performance/-/wikis/Benchmarks/Latest/2k)<sup>1</sup> | - | - | +| 3k | <i>Refer to GCP<sup>1</sup></i> | [Standard - Weekly](https://gitlab.com/gitlab-org/quality/performance/-/wikis/Benchmarks/Latest/3k)<sup>1</sup> | - | - | +| 5k | <i>Refer to GCP<sup>1</sup></i> | [Standard - Weekly](https://gitlab.com/gitlab-org/quality/performance/-/wikis/Benchmarks/Latest/5k)<sup>1</sup> | - | - | +| 10k | <i>Refer to GCP<sup>1</sup></i> | [Standard - Daily](https://gitlab.com/gitlab-org/quality/performance/-/wikis/Benchmarks/Latest/10k)<sup>1</sup> <br/> [Standard (inc Cloud Services) - Ad-Hoc](https://gitlab.com/gitlab-org/quality/performance/-/wikis/Past-Results/10k) <br/> [Cloud Native Hybrid - Ad-Hoc](https://gitlab.com/gitlab-org/quality/performance/-/wikis/Past-Results/10k-Cloud-Native-Hybrid) | [Standard (inc Cloud Services) - Ad-Hoc](https://gitlab.com/gitlab-org/quality/performance/-/wikis/Past-Results/10k) <br/> [Cloud Native Hybrid - Ad-Hoc](https://gitlab.com/gitlab-org/quality/performance/-/wikis/Past-Results/10k-Cloud-Native-Hybrid) | [Standard - Ad-Hoc](https://gitlab.com/gitlab-org/quality/performance/-/wikis/Past-Results/10k) | +| 25k | <i>Refer to GCP<sup>1</sup></i> | [Standard - Weekly](https://gitlab.com/gitlab-org/quality/performance/-/wikis/Benchmarks/Latest/25k)<sup>1</sup> | - | [Standard - Ad-Hoc](https://gitlab.com/gitlab-org/quality/performance/-/wikis/Past-Results/25k) | +| 50k | <i>Refer to GCP<sup>1</sup></i> | [Standard - Weekly](https://gitlab.com/gitlab-org/quality/performance/-/wikis/Benchmarks/Latest/50k)<sup>1</sup> | [Standard (inc Cloud Services) - Ad-Hoc](https://gitlab.com/gitlab-org/quality/performance/-/wikis/Past-Results/50k) | - | 1. The Standard Reference Architectures are designed to be platform agnostic, with everything being run on VMs via [Omnibus GitLab](https://docs.gitlab.com/omnibus/). While testing occurs primarily on GCP, ad-hoc testing has shown that they perform similarly on equivalently specced hardware on other Cloud Providers or if run on premises (bare-metal). diff --git a/doc/user/application_security/api_fuzzing/index.md b/doc/user/application_security/api_fuzzing/index.md index 15d913df2a2..453e3c4dde5 100644 --- a/doc/user/application_security/api_fuzzing/index.md +++ b/doc/user/application_security/api_fuzzing/index.md @@ -1304,8 +1304,8 @@ To detect and correct elements that don't comply with the OpenAPI specifications | Editor | OpenAPI 2.0 | OpenAPI 3.0.x | OpenAPI 3.1.x | | -- | -- | -- | -- | -| [Swagger Editor](https://editor.swagger.io/) | [X] YAML, JSON | [X] YAML, JSON | [ ] YAML, JSON | -| [Stoplight Studio](https://stoplight.io/studio/) | [X] YAML, JSON | [X] YAML, JSON | [X] YAML, JSON | +| [Swagger Editor](https://editor.swagger.io/) | **{check-circle}** YAML, JSON | **{check-circle}** YAML, JSON | **{dotted-circle}** YAML, JSON | +| [Stoplight Studio](https://stoplight.io/studio/) | **{check-circle}** YAML, JSON | **{check-circle}** YAML, JSON | **{check-circle}** YAML, JSON | If your OpenAPI document is generated manually, load your document in the editor and fix anything that is non-compliant. If your document is generated automatically, load it in your editor to identify the issues in the schema, then go to the application and perform the corrections based on the framework you are using. diff --git a/doc/user/application_security/dast_api/index.md b/doc/user/application_security/dast_api/index.md index f0ac4eddcff..f1eba505589 100644 --- a/doc/user/application_security/dast_api/index.md +++ b/doc/user/application_security/dast_api/index.md @@ -1220,8 +1220,8 @@ To detect and correct elements that don't comply with the OpenAPI specifications | Editor | OpenAPI 2.0 | OpenAPI 3.0.x | OpenAPI 3.1.x | | -- | -- | -- | -- | -| [Swagger Editor](https://editor.swagger.io/) | [X] YAML, JSON | [X] YAML, JSON | [ ] YAML, JSON | -| [Stoplight Studio](https://stoplight.io/studio/) | [X] YAML, JSON | [X] YAML, JSON | [X] YAML, JSON | +| [Swagger Editor](https://editor.swagger.io/) | **{check-circle}** YAML, JSON | **{check-circle}** YAML, JSON | **{dotted-circle}** YAML, JSON | +| [Stoplight Studio](https://stoplight.io/studio/) | **{check-circle}** YAML, JSON | **{check-circle}** YAML, JSON | **{check-circle}** YAML, JSON | If your OpenAPI document is generated manually, load your document in the editor and fix anything that is non-compliant. If your document is generated automatically, load it in your editor to identify the issues in the schema, then go to the application and perform the corrections based on the framework you are using. diff --git a/lib/gitlab/application_rate_limiter.rb b/lib/gitlab/application_rate_limiter.rb index dac1f686da7..b90f1f4da0d 100644 --- a/lib/gitlab/application_rate_limiter.rb +++ b/lib/gitlab/application_rate_limiter.rb @@ -51,6 +51,7 @@ module Gitlab web_hook_calls: { interval: 1.minute }, users_get_by_id: { threshold: 10, interval: 1.minute }, username_exists: { threshold: 20, interval: 1.minute }, + user_sign_up: { threshold: 20, interval: 1.minute }, profile_resend_email_confirmation: { threshold: 5, interval: 1.minute }, profile_update_username: { threshold: 10, interval: 1.minute }, update_environment_canary_ingress: { threshold: 1, interval: 1.minute }, diff --git a/lib/gitlab/ci/pipeline/logger.rb b/lib/gitlab/ci/pipeline/logger.rb index 50c8ec6b96a..fbba12c11a9 100644 --- a/lib/gitlab/ci/pipeline/logger.rb +++ b/lib/gitlab/ci/pipeline/logger.rb @@ -38,8 +38,6 @@ module Gitlab end def instrument_with_sql(operation, &block) - return instrument(operation, &block) unless sql_logging_enabled? - op_start_db_counters = current_db_counter_payload result = instrument(operation, &block) @@ -131,12 +129,6 @@ module Gitlab def current_db_counter_payload ::Gitlab::Metrics::Subscribers::ActiveRecord.db_counter_payload end - - def sql_logging_enabled? - strong_memoize(:sql_logging_enabled) do - ::Feature.enabled?(:ci_pipeline_logger_sql_count, project, default_enabled: :yaml) - end - end end end end diff --git a/lib/gitlab/database/partitioning/partition_manager.rb b/lib/gitlab/database/partitioning/partition_manager.rb index aa824dfbd2f..ba6fa0cf278 100644 --- a/lib/gitlab/database/partitioning/partition_manager.rb +++ b/lib/gitlab/database/partitioning/partition_manager.rb @@ -64,6 +64,10 @@ module Gitlab # with_lock_retries starts a requires_new transaction most of the time, but not on the last iteration with_lock_retries do connection.transaction(requires_new: false) do # so we open a transaction here if not already in progress + # Partitions might not get created (IF NOT EXISTS) so explicit locking will not happen. + # This LOCK TABLE ensures to have exclusive lock as the first step. + connection.execute "LOCK TABLE #{connection.quote_table_name(model.table_name)} IN ACCESS EXCLUSIVE MODE" + partitions.each do |partition| connection.execute partition.to_sql diff --git a/lib/gitlab/database/partitioning/sliding_list_strategy.rb b/lib/gitlab/database/partitioning/sliding_list_strategy.rb index 21b86b43ae7..e9865fb91d6 100644 --- a/lib/gitlab/database/partitioning/sliding_list_strategy.rb +++ b/lib/gitlab/database/partitioning/sliding_list_strategy.rb @@ -44,7 +44,18 @@ module Gitlab def extra_partitions possibly_extra = current_partitions[0...-1] # Never consider the most recent partition - possibly_extra.take_while { |p| detach_partition_if.call(p.value) } + extra = possibly_extra.take_while { |p| detach_partition_if.call(p.value) } + + default_value = current_default_value + if extra.any? { |p| p.value == default_value } + Gitlab::AppLogger.error(message: "Inconsistent partition detected: partition with value #{current_default_value} should not be deleted because it's used as the default value.", + partition_number: current_default_value, + table_name: model.table_name) + + extra = extra.reject { |p| p.value == default_value } + end + + extra end def after_adding_partitions @@ -64,6 +75,21 @@ module Gitlab private + def current_default_value + column_name = model.connection.quote(partitioning_key) + table_name = model.connection.quote(model.table_name) + + value = model.connection.select_value <<~SQL + SELECT columns.column_default AS default_value + FROM information_schema.columns columns + WHERE columns.column_name = #{column_name} AND columns.table_name = #{table_name} + SQL + + raise "No default value found for the #{partitioning_key} column within #{model.name}" if value.nil? + + Integer(value) + end + def ensure_partitioning_column_ignored! unless model.ignored_columns.include?(partitioning_key.to_s) raise "Add #{partitioning_key} to #{model.name}.ignored_columns to use it with SlidingListStrategy" diff --git a/lib/gitlab/metrics/exporter/base_exporter.rb b/lib/gitlab/metrics/exporter/base_exporter.rb index f26b1ab7b45..66041badf01 100644 --- a/lib/gitlab/metrics/exporter/base_exporter.rb +++ b/lib/gitlab/metrics/exporter/base_exporter.rb @@ -11,28 +11,26 @@ module Gitlab attr_accessor :readiness_checks - def initialize(settings, **options) + def initialize(settings, log_enabled:, log_file:, **options) super(**options) @settings = settings + + # log_enabled does not exist for all exporters + log_sink = log_enabled ? File.join(Rails.root, 'log', log_file) : File::NULL + @logger = WEBrick::Log.new(log_sink) + @logger.time_format = "[%Y-%m-%dT%H:%M:%S.%L%z]" end def enabled? settings.enabled end - def log_filename - raise NotImplementedError - end - private - attr_reader :settings + attr_reader :settings, :logger def start_working - logger = WEBrick::Log.new(log_filename) - logger.time_format = "[%Y-%m-%dT%H:%M:%S.%L%z]" - access_log = [ [logger, WEBrick::AccessLog::COMBINED_LOG_FORMAT] ] @@ -44,6 +42,9 @@ module Gitlab server.mount '/', Rack::Handler::WEBrick, rack_app true + rescue StandardError => e + logger.error(e) + false end def run_thread diff --git a/lib/gitlab/metrics/exporter/sidekiq_exporter.rb b/lib/gitlab/metrics/exporter/sidekiq_exporter.rb index eea71fda6a0..afecf6546f8 100644 --- a/lib/gitlab/metrics/exporter/sidekiq_exporter.rb +++ b/lib/gitlab/metrics/exporter/sidekiq_exporter.rb @@ -4,12 +4,11 @@ module Gitlab module Metrics module Exporter class SidekiqExporter < BaseExporter - def log_filename - if settings['log_enabled'] - File.join(Rails.root, 'log', 'sidekiq_exporter.log') - else - File::NULL - end + def initialize(settings, **options) + super(settings, + log_enabled: settings['log_enabled'], + log_file: 'sidekiq_exporter.log', + **options) end end end diff --git a/lib/gitlab/metrics/exporter/web_exporter.rb b/lib/gitlab/metrics/exporter/web_exporter.rb index d41484aaaa7..c05ad8ccf42 100644 --- a/lib/gitlab/metrics/exporter/web_exporter.rb +++ b/lib/gitlab/metrics/exporter/web_exporter.rb @@ -26,8 +26,8 @@ module Gitlab attr_reader :running # This exporter is always run on master process - def initialize - super(Settings.monitoring.web_exporter) + def initialize(**options) + super(Settings.monitoring.web_exporter, log_enabled: true, log_file: 'web_exporter.log', **options) # DEPRECATED: # these `readiness_checks` are deprecated @@ -39,10 +39,6 @@ module Gitlab ] end - def log_filename - File.join(Rails.root, 'log', 'web_exporter.log') - end - def mark_as_not_running! @running = false end diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 6714eb75fd0..38e9c348d1c 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -13405,6 +13405,9 @@ msgstr "" msgid "Enter in your Phabricator Server URL and personal access token below" msgstr "" +msgid "Enter license key" +msgstr "" + msgid "Enter merge request URLs" msgstr "" @@ -21100,6 +21103,9 @@ msgstr "" msgid "License file" msgstr "" +msgid "License key" +msgstr "" + msgid "License overview" msgstr "" @@ -34912,6 +34918,9 @@ msgstr "" msgid "Terms of Service and Privacy Policy" msgstr "" +msgid "Terms of service" +msgstr "" + msgid "Terraform" msgstr "" @@ -38180,6 +38189,9 @@ msgstr "" msgid "Upload" msgstr "" +msgid "Upload %{file_name} file" +msgstr "" + msgid "Upload CSV file" msgstr "" @@ -39155,6 +39167,9 @@ msgstr "" msgid "VersionCheck|Update available" msgstr "" +msgid "VersionCheck|Your GitLab Version" +msgstr "" + msgid "View Documentation" msgstr "" diff --git a/qa/qa/specs/features/browser_ui/1_manage/login/register_spec.rb b/qa/qa/specs/features/browser_ui/1_manage/login/register_spec.rb index 4a95e7484da..098c0b3ba63 100644 --- a/qa/qa/specs/features/browser_ui/1_manage/login/register_spec.rb +++ b/qa/qa/specs/features/browser_ui/1_manage/login/register_spec.rb @@ -13,7 +13,7 @@ module QA end end - RSpec.describe 'Manage', :skip_signup_disabled, :requires_admin, quarantine: { issue: 'https://gitlab.com/gitlab-org/gitlab/-/issues/349626', type: :stale } do + RSpec.describe 'Manage', :skip_signup_disabled, :requires_admin do describe 'while LDAP is enabled', :orchestrated, :ldap_no_tls, testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347934' do before do # When LDAP is enabled, a previous test might have created a token for the LDAP 'tanuki' user who is not an admin diff --git a/qa/qa/specs/features/browser_ui/3_create/merge_request/view_merge_request_merge_ref_diff_spec.rb b/qa/qa/specs/features/browser_ui/3_create/merge_request/view_merge_request_merge_ref_diff_spec.rb deleted file mode 100644 index 0785b32b225..00000000000 --- a/qa/qa/specs/features/browser_ui/3_create/merge_request/view_merge_request_merge_ref_diff_spec.rb +++ /dev/null @@ -1,90 +0,0 @@ -# frozen_string_literal: true - -module QA - RSpec.describe 'Create', :requires_admin, quarantine: { issue: 'https://gitlab.com/gitlab-org/gitlab/-/issues/261793', type: :investigating } do - describe 'View merge request merge-ref diff' do - let(:project) do - Resource::Project.fabricate_via_api! do |project| - project.name = 'merge-ref-diff' - end - end - - let(:merge_request) do - Resource::MergeRequest.fabricate_via_api! do |merge_request| - merge_request.project = project - merge_request.title = 'This is a merge request' - merge_request.description = '... for viewing merge-ref and merge-base diffs' - merge_request.file_content = 'This exists on the source branch only' - end - end - - let(:new_file_name) { "added_file-#{SecureRandom.hex(8)}.txt" } - - context 'when the feature flag default_merge_ref_for_diffs is enabled' do - before do - Runtime::Feature.enable('default_merge_ref_for_diffs', project: project) - - commit_to_branch(merge_request.target_branch, new_file_name) - commit_to_branch(merge_request.source_branch, new_file_name) - - Flow::Login.sign_in - - merge_request.visit! - end - - it 'views the merge-ref diff by default', testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347651' do - Page::MergeRequest::Show.perform do |mr_page| - mr_page.click_diffs_tab - mr_page.click_target_version_dropdown - - expect(mr_page.version_dropdown_content).to include("#{project.default_branch} (HEAD)") - expect(mr_page.version_dropdown_content).not_to include("#{project.default_branch} (base)") - expect(mr_page).to have_file(merge_request.file_name) - expect(mr_page).not_to have_file(new_file_name) - end - end - end - - context 'when the feature flag default_merge_ref_for_diffs is disabled' do - before do - Runtime::Feature.disable('default_merge_ref_for_diffs', project: project) - - commit_to_branch(merge_request.target_branch, new_file_name) - commit_to_branch(merge_request.source_branch, new_file_name) - - Flow::Login.sign_in - - merge_request.visit! - end - - it 'views the merge-base diff by default', testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347650' do - Page::MergeRequest::Show.perform do |mr_page| - mr_page.click_diffs_tab - mr_page.click_target_version_dropdown - - expect(mr_page.version_dropdown_content).to include("#{project.default_branch} (HEAD)") - expect(mr_page.version_dropdown_content).to include("#{project.default_branch} (base)") - expect(mr_page).to have_file(merge_request.file_name) - expect(mr_page).to have_file(new_file_name) - end - end - end - - def commit_to_branch(branch, file) - Resource::Repository::Commit.fabricate_via_api! do |commit| - commit.project = merge_request.project - commit.branch = branch - commit.commit_message = "Add new file on #{branch}" - commit.add_files( - [ - { - file_path: file, - content: "This exists on source and target branches" - } - ] - ) - end - end - end - end -end diff --git a/spec/controllers/import/gitlab_controller_spec.rb b/spec/controllers/import/gitlab_controller_spec.rb index 826625ba9c3..f757b7c69cf 100644 --- a/spec/controllers/import/gitlab_controller_spec.rb +++ b/spec/controllers/import/gitlab_controller_spec.rb @@ -33,15 +33,16 @@ RSpec.describe Import::GitlabController do end describe "GET status" do + let(:repo_fake) { Struct.new(:id, :path, :path_with_namespace, :web_url, keyword_init: true) } + let(:repo) { repo_fake.new(id: 1, path: 'vim', path_with_namespace: 'asd/vim', web_url: 'https://gitlab.com/asd/vim') } + before do - @repo = OpenStruct.new(id: 1, path: 'vim', path_with_namespace: 'asd/vim', web_url: 'https://gitlab.com/asd/vim') assign_session_token end it_behaves_like 'import controller status' do - let(:repo) { @repo } - let(:repo_id) { @repo.id } - let(:import_source) { @repo.path_with_namespace } + let(:repo_id) { repo.id } + let(:import_source) { repo.path_with_namespace } let(:provider_name) { 'gitlab' } let(:client_repos_field) { :projects } end diff --git a/spec/controllers/registrations_controller_spec.rb b/spec/controllers/registrations_controller_spec.rb index 889401e78f8..d5fe32ac094 100644 --- a/spec/controllers/registrations_controller_spec.rb +++ b/spec/controllers/registrations_controller_spec.rb @@ -20,6 +20,10 @@ RSpec.describe RegistrationsController do end describe '#create' do + before do + allow(::Gitlab::ApplicationRateLimiter).to receive(:throttled?).and_return(false) + end + let_it_be(:base_user_params) do { first_name: 'first', last_name: 'last', username: 'new_username', email: 'new@user.com', password: 'Any_password' } end @@ -410,6 +414,18 @@ RSpec.describe RegistrationsController do end end + context 'when the rate limit has been reached' do + it 'returns status 429 Too Many Requests', :aggregate_failures do + ip = '1.2.3.4' + expect(::Gitlab::ApplicationRateLimiter).to receive(:throttled?).with(:user_sign_up, scope: ip).and_return(true) + + controller.request.env['REMOTE_ADDR'] = ip + post(:create, params: user_params, session: session_params) + + expect(response).to have_gitlab_http_status(:too_many_requests) + end + end + it "logs a 'User Created' message" do expect(Gitlab::AppLogger).to receive(:info).with(/\AUser Created: username=new_username email=new@user.com.+\z/).and_call_original diff --git a/spec/features/help_dropdown_spec.rb b/spec/features/help_dropdown_spec.rb new file mode 100644 index 00000000000..db98f58240d --- /dev/null +++ b/spec/features/help_dropdown_spec.rb @@ -0,0 +1,67 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe "Help Dropdown", :js do + let_it_be(:user) { create(:user) } + let_it_be(:admin) { create(:admin) } + + before do + stub_application_setting(version_check_enabled: true) + end + + context 'when logged in as non-admin' do + before do + sign_in(user) + visit root_path + end + + it 'does not render version data' do + page.within '.header-help' do + find('.header-help-dropdown-toggle').click + + expect(page).not_to have_text('Your GitLab Version') + expect(page).not_to have_text("#{Gitlab.version_info.major}.#{Gitlab.version_info.minor}") + expect(page).not_to have_selector('.version-check-badge') + expect(page).not_to have_text('Up to date') + end + end + end + + context 'when logged in as admin' do + before do + sign_in(admin) + gitlab_enable_admin_mode_sign_in(admin) + end + + describe 'does render version data' do + where(:response, :ui_text) do + [ + [{ "severity" => "success" }, 'Up to date'], + [{ "severity" => "warning" }, 'Update available'], + [{ "severity" => "danger" }, 'Update ASAP'] + ] + end + + with_them do + before do + allow_next_instance_of(VersionCheck) do |instance| + allow(instance).to receive(:response).and_return(response) + end + visit root_path + end + + it 'renders correct version badge variant' do + page.within '.header-help' do + find('.header-help-dropdown-toggle').click + + expect(page).to have_text('Your GitLab Version') + expect(page).to have_text("#{Gitlab.version_info.major}.#{Gitlab.version_info.minor}") + expect(page).to have_selector('.version-check-badge') + expect(page).to have_text(ui_text) + end + end + end + end + end +end diff --git a/spec/frontend/integrations/edit/components/dynamic_field_spec.js b/spec/frontend/integrations/edit/components/dynamic_field_spec.js index bf044e388ea..b0fb94d2b29 100644 --- a/spec/frontend/integrations/edit/components/dynamic_field_spec.js +++ b/spec/frontend/integrations/edit/components/dynamic_field_spec.js @@ -61,7 +61,7 @@ describe('DynamicField', () => { }); it(`renders GlFormCheckbox with correct text content when checkboxLabel is ${checkboxLabel}`, () => { - expect(findGlFormCheckbox().text()).toBe(checkboxLabel ?? defaultProps.title); + expect(findGlFormCheckbox().text()).toContain(checkboxLabel ?? defaultProps.title); }); it('does not render other types of input', () => { @@ -182,6 +182,17 @@ describe('DynamicField', () => { expect(findGlFormGroup().find('small').text()).toBe(defaultProps.help); }); + describe('when type is checkbox', () => { + it('renders description with help text', () => { + createComponent({ + type: 'checkbox', + }); + + expect(findGlFormGroup().find('small').exists()).toBe(false); + expect(findGlFormCheckbox().text()).toContain(defaultProps.help); + }); + }); + it('renders description with help text as HTML', () => { const helpHTML = 'The <strong>URL</strong> of the project'; diff --git a/spec/frontend/packages_and_registries/container_registry/explorer/components/details_page/details_header_spec.js b/spec/frontend/packages_and_registries/container_registry/explorer/components/details_page/details_header_spec.js index f06300efa29..5278e730ec9 100644 --- a/spec/frontend/packages_and_registries/container_registry/explorer/components/details_page/details_header_spec.js +++ b/spec/frontend/packages_and_registries/container_registry/explorer/components/details_page/details_header_spec.js @@ -1,7 +1,6 @@ -import { GlDropdownItem, GlIcon } from '@gitlab/ui'; +import { GlDropdownItem, GlIcon, GlDropdown } from '@gitlab/ui'; import { shallowMount, createLocalVue } from '@vue/test-utils'; import VueApollo from 'vue-apollo'; -import { GlDropdown } from 'jest/packages_and_registries/container_registry/explorer/stubs'; import { useFakeDate } from 'helpers/fake_date'; import createMockApollo from 'helpers/mock_apollo_helper'; import { createMockDirective, getBinding } from 'helpers/vue_mock_directive'; @@ -51,6 +50,7 @@ describe('Details Header', () => { const findCleanup = () => findByTestId('cleanup'); const findDeleteButton = () => wrapper.findComponent(GlDropdownItem); const findInfoIcon = () => wrapper.findComponent(GlIcon); + const findMenu = () => wrapper.findComponent(GlDropdown); const waitForMetadataItems = async () => { // Metadata items are printed by a loop in the title-area and it takes two ticks for them to be available @@ -139,51 +139,53 @@ describe('Details Header', () => { }); }); - describe('delete button', () => { - it('exists', () => { - mountComponent(); + describe('menu', () => { + it.each` + canDelete | disabled | isVisible + ${true} | ${false} | ${true} + ${true} | ${true} | ${false} + ${false} | ${false} | ${false} + ${false} | ${true} | ${false} + `( + 'when canDelete is $canDelete and disabled is $disabled is $isVisible that the menu is visible', + ({ canDelete, disabled, isVisible }) => { + mountComponent({ propsData: { image: { ...defaultImage, canDelete }, disabled } }); - expect(findDeleteButton().exists()).toBe(true); - }); + expect(findMenu().exists()).toBe(isVisible); + }, + ); - it('has the correct text', () => { - mountComponent(); + describe('delete button', () => { + it('exists', () => { + mountComponent(); - expect(findDeleteButton().text()).toBe('Delete image repository'); - }); + expect(findDeleteButton().exists()).toBe(true); + }); - it('has the correct props', () => { - mountComponent(); + it('has the correct text', () => { + mountComponent(); - expect(findDeleteButton().attributes()).toMatchObject( - expect.objectContaining({ - variant: 'danger', - }), - ); - }); + expect(findDeleteButton().text()).toBe('Delete image repository'); + }); - it('emits the correct event', () => { - mountComponent(); + it('has the correct props', () => { + mountComponent(); - findDeleteButton().vm.$emit('click'); + expect(findDeleteButton().attributes()).toMatchObject( + expect.objectContaining({ + variant: 'danger', + }), + ); + }); - expect(wrapper.emitted('delete')).toEqual([[]]); - }); + it('emits the correct event', () => { + mountComponent(); - it.each` - canDelete | disabled | isDisabled - ${true} | ${false} | ${undefined} - ${true} | ${true} | ${'true'} - ${false} | ${false} | ${'true'} - ${false} | ${true} | ${'true'} - `( - 'when canDelete is $canDelete and disabled is $disabled is $isDisabled that the button is disabled', - ({ canDelete, disabled, isDisabled }) => { - mountComponent({ propsData: { image: { ...defaultImage, canDelete }, disabled } }); + findDeleteButton().vm.$emit('click'); - expect(findDeleteButton().attributes('disabled')).toBe(isDisabled); - }, - ); + expect(wrapper.emitted('delete')).toEqual([[]]); + }); + }); }); describe('metadata items', () => { diff --git a/spec/frontend/repository/components/blob_controls_spec.js b/spec/frontend/repository/components/blob_controls_spec.js index cd337f8ced5..03e389ea5cb 100644 --- a/spec/frontend/repository/components/blob_controls_spec.js +++ b/spec/frontend/repository/components/blob_controls_spec.js @@ -7,8 +7,11 @@ import BlobControls from '~/repository/components/blob_controls.vue'; import blobControlsQuery from '~/repository/queries/blob_controls.query.graphql'; import { shallowMountExtended } from 'helpers/vue_test_utils_helper'; import createRouter from '~/repository/router'; +import { updateElementsVisibility } from '~/repository/utils/dom'; import { blobControlsDataMock, refMock } from '../mock_data'; +jest.mock('~/repository/utils/dom'); + let router; let wrapper; let mockResolver; @@ -64,14 +67,22 @@ describe('Blob controls component', () => { expect(findPermalinkButton().attributes('href')).toBe('permalink/file.js'); }); - it('does not render any buttons if no filePath is provided', async () => { - router.replace({ name: 'blobPath', params: { path: null } }); - - await nextTick(); - - expect(findFindButton().exists()).toBe(false); - expect(findBlameButton().exists()).toBe(false); - expect(findHistoryButton().exists()).toBe(false); - expect(findPermalinkButton().exists()).toBe(false); - }); + it.each` + name | path + ${'blobPathDecoded'} | ${null} + ${'treePathDecoded'} | ${'myFile.js'} + `( + 'does not render any buttons if router name is $name and router path is $path', + async ({ name, path }) => { + router.replace({ name, params: { path } }); + + await nextTick(); + + expect(findFindButton().exists()).toBe(false); + expect(findBlameButton().exists()).toBe(false); + expect(findHistoryButton().exists()).toBe(false); + expect(findPermalinkButton().exists()).toBe(false); + expect(updateElementsVisibility).toHaveBeenCalledWith('.tree-controls', true); + }, + ); }); diff --git a/spec/lib/gitlab/database/no_cross_db_foreign_keys_spec.rb b/spec/lib/gitlab/database/no_cross_db_foreign_keys_spec.rb new file mode 100644 index 00000000000..35674dea0d5 --- /dev/null +++ b/spec/lib/gitlab/database/no_cross_db_foreign_keys_spec.rb @@ -0,0 +1,82 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe 'cross-database foreign keys' do + # TODO: We are trying to empty out this list in + # https://gitlab.com/groups/gitlab-org/-/epics/7249 . Once we are done we can + # keep this test and assert that there are no cross-db foreign keys. We + # should not be adding anything to this list but should instead only add new + # loose foreign keys + # https://docs.gitlab.com/ee/development/database/loose_foreign_keys.html . + let(:allowed_cross_database_foreign_keys) do + %w( + ci_build_report_results.project_id + ci_builds.project_id + ci_builds_metadata.project_id + ci_daily_build_group_report_results.group_id + ci_daily_build_group_report_results.project_id + ci_freeze_periods.project_id + ci_job_artifacts.project_id + ci_job_token_project_scope_links.added_by_id + ci_job_token_project_scope_links.source_project_id + ci_job_token_project_scope_links.target_project_id + ci_pending_builds.namespace_id + ci_pending_builds.project_id + ci_pipeline_artifacts.project_id + ci_pipeline_schedules.owner_id + ci_pipeline_schedules.project_id + ci_pipelines.merge_request_id + ci_pipelines.project_id + ci_project_monthly_usages.project_id + ci_refs.project_id + ci_resource_groups.project_id + ci_runner_namespaces.namespace_id + ci_runner_projects.project_id + ci_running_builds.project_id + ci_sources_pipelines.project_id + ci_sources_pipelines.source_project_id + ci_sources_projects.source_project_id + ci_stages.project_id + ci_subscriptions_projects.downstream_project_id + ci_subscriptions_projects.upstream_project_id + ci_triggers.owner_id + ci_triggers.project_id + ci_unit_tests.project_id + ci_variables.project_id + dast_profiles_pipelines.ci_pipeline_id + dast_scanner_profiles_builds.ci_build_id + dast_site_profiles_builds.ci_build_id + dast_site_profiles_pipelines.ci_pipeline_id + external_pull_requests.project_id + merge_requests.head_pipeline_id + merge_trains.pipeline_id + requirements_management_test_reports.build_id + security_scans.build_id + vulnerability_feedback.pipeline_id + vulnerability_occurrence_pipelines.pipeline_id + vulnerability_statistics.latest_pipeline_id + ).freeze + end + + def foreign_keys_for(table_name) + ApplicationRecord.connection.foreign_keys(table_name) + end + + def is_cross_db?(fk_record) + Gitlab::Database::GitlabSchema.table_schemas([fk_record.from_table, fk_record.to_table]).many? + end + + it 'onlies have allowed list of cross-database foreign keys', :aggregate_failures do + all_tables = ApplicationRecord.connection.data_sources + + all_tables.each do |table| + foreign_keys_for(table).each do |fk| + if is_cross_db?(fk) + column = "#{fk.from_table}.#{fk.column}" + expect(allowed_cross_database_foreign_keys).to include(column), "Found extra cross-database foreign key #{column} referencing #{fk.to_table} with constraint name #{fk.name}. When a foreign key references another database you must use a Loose Foreign Key instead https://docs.gitlab.com/ee/development/database/loose_foreign_keys.html ." + end + end + end + end +end diff --git a/spec/lib/gitlab/database/partitioning/partition_manager_spec.rb b/spec/lib/gitlab/database/partitioning/partition_manager_spec.rb index 5e107109fc9..64dcdb9628a 100644 --- a/spec/lib/gitlab/database/partitioning/partition_manager_spec.rb +++ b/spec/lib/gitlab/database/partitioning/partition_manager_spec.rb @@ -18,7 +18,7 @@ RSpec.describe Gitlab::Database::Partitioning::PartitionManager do let(:model) { double(partitioning_strategy: partitioning_strategy, table_name: table, connection: connection) } let(:partitioning_strategy) { double(missing_partitions: partitions, extra_partitions: [], after_adding_partitions: nil) } let(:connection) { ActiveRecord::Base.connection } - let(:table) { "some_table" } + let(:table) { "issues" } before do allow(connection).to receive(:table_exists?).and_call_original @@ -36,6 +36,7 @@ RSpec.describe Gitlab::Database::Partitioning::PartitionManager do end it 'creates the partition' do + expect(connection).to receive(:execute).with("LOCK TABLE \"#{table}\" IN ACCESS EXCLUSIVE MODE") expect(connection).to receive(:execute).with(partitions.first.to_sql) expect(connection).to receive(:execute).with(partitions.second.to_sql) diff --git a/spec/lib/gitlab/database/partitioning/sliding_list_strategy_spec.rb b/spec/lib/gitlab/database/partitioning/sliding_list_strategy_spec.rb index 636a09e5710..1cec0463055 100644 --- a/spec/lib/gitlab/database/partitioning/sliding_list_strategy_spec.rb +++ b/spec/lib/gitlab/database/partitioning/sliding_list_strategy_spec.rb @@ -5,7 +5,7 @@ require 'spec_helper' RSpec.describe Gitlab::Database::Partitioning::SlidingListStrategy do let(:connection) { ActiveRecord::Base.connection } let(:table_name) { :_test_partitioned_test } - let(:model) { double('model', table_name: table_name, ignored_columns: %w[partition]) } + let(:model) { double('model', table_name: table_name, ignored_columns: %w[partition], connection: connection) } let(:next_partition_if) { double('next_partition_if') } let(:detach_partition_if) { double('detach_partition_if') } @@ -94,7 +94,8 @@ RSpec.describe Gitlab::Database::Partitioning::SlidingListStrategy do let(:detach_partition_if) { ->(p) { p != 5 } } it 'is the leading set of partitions before that value' do - expect(strategy.extra_partitions.map(&:value)).to contain_exactly(1, 2, 3, 4) + # should not contain partition 2 since it's the default value for the partition column + expect(strategy.extra_partitions.map(&:value)).to contain_exactly(1, 3, 4) end end @@ -102,7 +103,7 @@ RSpec.describe Gitlab::Database::Partitioning::SlidingListStrategy do let(:detach_partition_if) { proc { true } } it 'is all but the most recent partition', :aggregate_failures do - expect(strategy.extra_partitions.map(&:value)).to contain_exactly(1, 2, 3, 4, 5, 6, 7, 8, 9) + expect(strategy.extra_partitions.map(&:value)).to contain_exactly(1, 3, 4, 5, 6, 7, 8, 9) expect(strategy.current_partitions.map(&:value).max).to eq(10) end diff --git a/spec/lib/gitlab/metrics/exporter/base_exporter_spec.rb b/spec/lib/gitlab/metrics/exporter/base_exporter_spec.rb index 204a5dab9c0..c7afc02f0af 100644 --- a/spec/lib/gitlab/metrics/exporter/base_exporter_spec.rb +++ b/spec/lib/gitlab/metrics/exporter/base_exporter_spec.rb @@ -4,13 +4,8 @@ require 'spec_helper' RSpec.describe Gitlab::Metrics::Exporter::BaseExporter do let(:settings) { double('settings') } - let(:exporter) { described_class.new(settings) } - let(:log_filename) { File.join(Rails.root, 'log', 'sidekiq_exporter.log') } - - before do - allow_any_instance_of(described_class).to receive(:log_filename).and_return(log_filename) - allow_any_instance_of(described_class).to receive(:settings).and_return(settings) - end + let(:log_enabled) { false } + let(:exporter) { described_class.new(settings, log_enabled: log_enabled, log_file: 'test_exporter.log') } describe 'when exporter is enabled' do before do @@ -61,6 +56,38 @@ RSpec.describe Gitlab::Metrics::Exporter::BaseExporter do exporter.start.join end + + context 'logging enabled' do + let(:log_enabled) { true } + let(:logger) { instance_double(WEBrick::Log) } + + before do + allow(logger).to receive(:time_format=) + allow(logger).to receive(:info) + end + + it 'configures a WEBrick logger with the given file' do + expect(WEBrick::Log).to receive(:new).with(end_with('test_exporter.log')).and_return(logger) + + exporter + end + + it 'logs any errors during startup' do + expect(::WEBrick::Log).to receive(:new).and_return(logger) + expect(::WEBrick::HTTPServer).to receive(:new).and_raise 'fail' + expect(logger).to receive(:error) + + exporter.start + end + end + + context 'logging disabled' do + it 'configures a WEBrick logger with the null device' do + expect(WEBrick::Log).to receive(:new).with(File::NULL).and_call_original + + exporter + end + end end describe 'when thread is not alive' do diff --git a/spec/lib/gitlab/metrics/exporter/sidekiq_exporter_spec.rb b/spec/lib/gitlab/metrics/exporter/sidekiq_exporter_spec.rb deleted file mode 100644 index 75bc3ba9626..00000000000 --- a/spec/lib/gitlab/metrics/exporter/sidekiq_exporter_spec.rb +++ /dev/null @@ -1,53 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' - -RSpec.describe Gitlab::Metrics::Exporter::SidekiqExporter do - let(:exporter) { described_class.new(Settings.monitoring.sidekiq_exporter) } - - after do - exporter.stop - end - - context 'with valid config' do - before do - stub_config( - monitoring: { - sidekiq_exporter: { - enabled: true, - log_enabled: false, - port: 0, - address: '127.0.0.1' - } - } - ) - end - - it 'does start thread' do - expect(exporter.start).not_to be_nil - end - - it 'does not enable logging by default' do - expect(exporter.log_filename).to eq(File::NULL) - end - end - - context 'with logging enabled' do - before do - stub_config( - monitoring: { - sidekiq_exporter: { - enabled: true, - log_enabled: true, - port: 0, - address: '127.0.0.1' - } - } - ) - end - - it 'returns a valid log filename' do - expect(exporter.log_filename).to end_with('sidekiq_exporter.log') - end - end -end diff --git a/spec/models/ci/build_spec.rb b/spec/models/ci/build_spec.rb index c4f4e2cb2dc..a5af0cd32fd 100644 --- a/spec/models/ci/build_spec.rb +++ b/spec/models/ci/build_spec.rb @@ -2468,6 +2468,16 @@ RSpec.describe Ci::Build do it { is_expected.not_to be_playable } end + + context 'when build is waiting for deployment approval' do + subject { build_stubbed(:ci_build, :manual, environment: 'production') } + + before do + create(:deployment, :blocked, deployable: subject) + end + + it { is_expected.not_to be_playable } + end end describe 'project settings' do @@ -3792,6 +3802,18 @@ RSpec.describe Ci::Build do end end + describe 'when the build is waiting for deployment approval' do + let(:build) { create(:ci_build, :manual, environment: 'production') } + + before do + create(:deployment, :blocked, deployable: build) + end + + it 'does not allow the build to be enqueued' do + expect { build.enqueue! }.to raise_error(StateMachines::InvalidTransition) + end + end + describe 'state transition: any => [:pending]' do let(:build) { create(:ci_build, :created) } diff --git a/spec/models/ci/pipeline_spec.rb b/spec/models/ci/pipeline_spec.rb index 100b7aabd02..04d12913828 100644 --- a/spec/models/ci/pipeline_spec.rb +++ b/spec/models/ci/pipeline_spec.rb @@ -4695,14 +4695,5 @@ RSpec.describe Ci::Pipeline, :mailer, factory_default: :keep do it { expect(pipeline.tags_count).to eq(4) } it { expect(pipeline.distinct_tags_count).to eq(3) } end - - context 'with the FF disabled' do - before do - stub_feature_flags(ci_pipeline_logger_tags_count: false) - end - - it { expect(pipeline.tags_count).to be_nil } - it { expect(pipeline.distinct_tags_count).to be_nil } - end end end diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index 1d250d4f798..cbb27575ea9 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -10,21 +10,32 @@ RSpec.describe GroupPolicy do let(:current_user) { nil } it do - expect_allowed(:read_group) - expect_allowed(:read_counts) - expect_allowed(*read_group_permissions) + expect_allowed(*public_permissions) expect_disallowed(:upload_file) expect_disallowed(*reporter_permissions) expect_disallowed(*developer_permissions) expect_disallowed(*maintainer_permissions) expect_disallowed(*owner_permissions) expect_disallowed(:read_namespace) - expect_disallowed(:read_crm_organization) - expect_disallowed(:read_crm_contact) end end - context 'with no user and public project' do + context 'public group with user who is not a member' do + let(:group) { create(:group, :public, :crm_enabled) } + let(:current_user) { create(:user) } + + it do + expect_allowed(*public_permissions) + expect_disallowed(:upload_file) + expect_disallowed(*reporter_permissions) + expect_disallowed(*developer_permissions) + expect_disallowed(*maintainer_permissions) + expect_disallowed(*owner_permissions) + expect_disallowed(:read_namespace) + end + end + + context 'private group that has been invited to a public project and with no user' do let(:project) { create(:project, :public, group: create(:group, :crm_enabled)) } let(:current_user) { nil } @@ -32,15 +43,14 @@ RSpec.describe GroupPolicy do create(:project_group_link, project: project, group: group) end - it { expect_disallowed(:read_group) } - it { expect_disallowed(:read_crm_organization) } - it { expect_disallowed(:read_crm_contact) } - it { expect_disallowed(:read_counts) } - it { expect_disallowed(:read_group_runners) } - it { expect_disallowed(*read_group_permissions) } + it do + expect_disallowed(*public_permissions) + expect_disallowed(*reporter_permissions) + expect_disallowed(*owner_permissions) + end end - context 'with foreign user and public project' do + context 'private group that has been invited to a public project and with a foreign user' do let(:project) { create(:project, :public, group: create(:group, :crm_enabled)) } let(:current_user) { create(:user) } @@ -48,12 +58,11 @@ RSpec.describe GroupPolicy do create(:project_group_link, project: project, group: group) end - it { expect_disallowed(:read_group) } - it { expect_disallowed(:read_crm_organization) } - it { expect_disallowed(:read_crm_contact) } - it { expect_disallowed(:read_counts) } - it { expect_disallowed(:read_group_runners) } - it { expect_disallowed(*read_group_permissions) } + it do + expect_disallowed(*public_permissions) + expect_disallowed(*reporter_permissions) + expect_disallowed(*owner_permissions) + end end context 'has projects' do @@ -64,13 +73,13 @@ RSpec.describe GroupPolicy do project.add_developer(current_user) end - it { expect_allowed(*read_group_permissions) } + it { expect_allowed(*(public_permissions - [:read_counts])) } context 'in subgroups' do let(:subgroup) { create(:group, :private, :crm_enabled, parent: group) } let(:project) { create(:project, namespace: subgroup) } - it { expect_allowed(*read_group_permissions) } + it { expect_allowed(*(public_permissions - [:read_counts])) } end end @@ -83,7 +92,7 @@ RSpec.describe GroupPolicy do let(:current_user) { deploy_token } it do - expect_disallowed(*read_group_permissions) + expect_disallowed(*public_permissions) expect_disallowed(*guest_permissions) expect_disallowed(*reporter_permissions) expect_disallowed(*developer_permissions) @@ -96,7 +105,7 @@ RSpec.describe GroupPolicy do let(:current_user) { guest } it do - expect_allowed(*read_group_permissions) + expect_allowed(*public_permissions) expect_allowed(*guest_permissions) expect_disallowed(*reporter_permissions) expect_disallowed(*developer_permissions) @@ -113,7 +122,7 @@ RSpec.describe GroupPolicy do let(:current_user) { reporter } it do - expect_allowed(*read_group_permissions) + expect_allowed(*public_permissions) expect_allowed(*guest_permissions) expect_allowed(*reporter_permissions) expect_disallowed(*developer_permissions) @@ -130,7 +139,7 @@ RSpec.describe GroupPolicy do let(:current_user) { developer } it do - expect_allowed(*read_group_permissions) + expect_allowed(*public_permissions) expect_allowed(*guest_permissions) expect_allowed(*reporter_permissions) expect_allowed(*developer_permissions) @@ -158,7 +167,7 @@ RSpec.describe GroupPolicy do updated_owner_permissions = owner_permissions - create_subgroup_permission - expect_allowed(*read_group_permissions) + expect_allowed(*public_permissions) expect_allowed(*guest_permissions) expect_allowed(*reporter_permissions) expect_allowed(*developer_permissions) @@ -169,7 +178,7 @@ RSpec.describe GroupPolicy do context 'with subgroup_creation_level set to owner' do it 'allows every maintainer permission' do - expect_allowed(*read_group_permissions) + expect_allowed(*public_permissions) expect_allowed(*guest_permissions) expect_allowed(*reporter_permissions) expect_allowed(*developer_permissions) @@ -187,7 +196,7 @@ RSpec.describe GroupPolicy do let(:current_user) { owner } it do - expect_allowed(*read_group_permissions) + expect_allowed(*public_permissions) expect_allowed(*guest_permissions) expect_allowed(*reporter_permissions) expect_allowed(*developer_permissions) @@ -204,7 +213,7 @@ RSpec.describe GroupPolicy do let(:current_user) { admin } specify do - expect_disallowed(*read_group_permissions) + expect_disallowed(*public_permissions) expect_disallowed(*guest_permissions) expect_disallowed(*reporter_permissions) expect_disallowed(*developer_permissions) @@ -214,7 +223,7 @@ RSpec.describe GroupPolicy do context 'with admin mode', :enable_admin_mode do specify do - expect_allowed(*read_group_permissions) + expect_allowed(*public_permissions) expect_allowed(*guest_permissions) expect_allowed(*reporter_permissions) expect_allowed(*developer_permissions) @@ -256,8 +265,7 @@ RSpec.describe GroupPolicy do let(:current_user) { nil } it do - expect_disallowed(:read_counts) - expect_disallowed(*read_group_permissions) + expect_disallowed(*public_permissions) expect_disallowed(*guest_permissions) expect_disallowed(*reporter_permissions) expect_disallowed(*developer_permissions) @@ -270,8 +278,7 @@ RSpec.describe GroupPolicy do let(:current_user) { guest } it do - expect_allowed(:read_counts) - expect_allowed(*read_group_permissions) + expect_allowed(*public_permissions) expect_allowed(*guest_permissions) expect_disallowed(*reporter_permissions) expect_disallowed(*developer_permissions) @@ -284,8 +291,7 @@ RSpec.describe GroupPolicy do let(:current_user) { reporter } it do - expect_allowed(:read_counts) - expect_allowed(*read_group_permissions) + expect_allowed(*public_permissions) expect_allowed(*guest_permissions) expect_allowed(*reporter_permissions) expect_disallowed(*developer_permissions) @@ -298,8 +304,7 @@ RSpec.describe GroupPolicy do let(:current_user) { developer } it do - expect_allowed(:read_counts) - expect_allowed(*read_group_permissions) + expect_allowed(*public_permissions) expect_allowed(*guest_permissions) expect_allowed(*reporter_permissions) expect_allowed(*developer_permissions) @@ -312,8 +317,7 @@ RSpec.describe GroupPolicy do let(:current_user) { maintainer } it do - expect_allowed(:read_counts) - expect_allowed(*read_group_permissions) + expect_allowed(*public_permissions) expect_allowed(*guest_permissions) expect_allowed(*reporter_permissions) expect_allowed(*developer_permissions) @@ -326,8 +330,7 @@ RSpec.describe GroupPolicy do let(:current_user) { owner } it do - expect_allowed(:read_counts) - expect_allowed(*read_group_permissions) + expect_allowed(*public_permissions) expect_allowed(*guest_permissions) expect_allowed(*reporter_permissions) expect_allowed(*developer_permissions) diff --git a/spec/services/ci/pipelines/add_job_service_spec.rb b/spec/services/ci/pipelines/add_job_service_spec.rb index 709a840c644..560724a1c6a 100644 --- a/spec/services/ci/pipelines/add_job_service_spec.rb +++ b/spec/services/ci/pipelines/add_job_service_spec.rb @@ -31,7 +31,7 @@ RSpec.describe Ci::Pipelines::AddJobService do execute end.to change { job.slice(:pipeline, :project, :ref) }.to( pipeline: pipeline, project: pipeline.project, ref: pipeline.ref - ) + ).and change { job.metadata.project }.to(pipeline.project) end it 'returns a service response with the job as payload' do diff --git a/spec/support/database/cross-database-modification-allowlist.yml b/spec/support/database/cross-database-modification-allowlist.yml index 4e901308f2f..51804862a43 100644 --- a/spec/support/database/cross-database-modification-allowlist.yml +++ b/spec/support/database/cross-database-modification-allowlist.yml @@ -1,30 +1,11 @@ -- "./ee/spec/mailers/notify_spec.rb" -- "./ee/spec/models/group_member_spec.rb" - "./ee/spec/replicators/geo/terraform_state_version_replicator_spec.rb" -- "./ee/spec/services/ci/retry_build_service_spec.rb" -- "./spec/controllers/abuse_reports_controller_spec.rb" -- "./spec/controllers/omniauth_callbacks_controller_spec.rb" -- "./spec/controllers/projects/issues_controller_spec.rb" - "./spec/features/issues/issue_detail_spec.rb" - "./spec/features/projects/pipelines/pipeline_spec.rb" - "./spec/features/signed_commits_spec.rb" -- "./spec/helpers/issuables_helper_spec.rb" -- "./spec/lib/gitlab/auth_spec.rb" - "./spec/lib/gitlab/ci/pipeline/chain/create_spec.rb" -- "./spec/lib/gitlab/email/handler/create_issue_handler_spec.rb" -- "./spec/lib/gitlab/email/handler/create_merge_request_handler_spec.rb" -- "./spec/lib/gitlab/email/handler/create_note_handler_spec.rb" -- "./spec/lib/gitlab/email/handler/create_note_on_issuable_handler_spec.rb" - "./spec/models/ci/build_trace_chunk_spec.rb" - "./spec/models/ci/job_artifact_spec.rb" - "./spec/models/clusters/applications/runner_spec.rb" -- "./spec/models/design_management/version_spec.rb" -- "./spec/models/hooks/system_hook_spec.rb" -- "./spec/models/members/project_member_spec.rb" -- "./spec/models/user_spec.rb" -- "./spec/models/user_status_spec.rb" - "./spec/requests/api/commits_spec.rb" - "./spec/services/ci/retry_build_service_spec.rb" - "./spec/services/projects/overwrite_project_service_spec.rb" -- "./spec/workers/merge_requests/create_pipeline_worker_spec.rb" -- "./spec/workers/repository_cleanup_worker_spec.rb" diff --git a/spec/support/shared_contexts/policies/group_policy_shared_context.rb b/spec/support/shared_contexts/policies/group_policy_shared_context.rb index 0827a46313a..0dfd76de79c 100644 --- a/spec/support/shared_contexts/policies/group_policy_shared_context.rb +++ b/spec/support/shared_contexts/policies/group_policy_shared_context.rb @@ -10,6 +10,13 @@ RSpec.shared_context 'GroupPolicy context' do let_it_be(:non_group_member) { create(:user) } let_it_be(:group, refind: true) { create(:group, :private, :owner_subgroup_creation_only, :crm_enabled) } + let(:public_permissions) do + %i[ + read_group read_counts + read_label read_issue_board_list read_milestone read_issue_board + ] + end + let(:guest_permissions) do %i[ read_label read_group upload_file read_namespace read_group_activity @@ -18,8 +25,6 @@ RSpec.shared_context 'GroupPolicy context' do ] end - let(:read_group_permissions) { %i[read_label read_issue_board_list read_milestone read_issue_board] } - let(:reporter_permissions) do %i[ admin_label diff --git a/spec/views/layouts/header/_gitlab_version.html.haml_spec.rb b/spec/views/layouts/header/_gitlab_version.html.haml_spec.rb new file mode 100644 index 00000000000..0e24810f835 --- /dev/null +++ b/spec/views/layouts/header/_gitlab_version.html.haml_spec.rb @@ -0,0 +1,16 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe 'layouts/header/_gitlab_version' do + describe 'when show_version_check? is true' do + before do + allow(view).to receive(:show_version_check?).and_return(true) + render + end + + it 'renders the version check badge' do + expect(rendered).to have_selector('.js-gitlab-version-check') + end + end +end |