Add latest changes from gitlab-org/gitlab@master

14 files changed, 80 insertions, 0 deletions

diff --git a/app/models/organizations/organization.rb b/app/models/organizations/organization.rb
index ee082e12c18..5eaef1419c1 100644
--- a/app/models/organizations/organization.rb
+++ b/app/models/organizations/organization.rb
@@ -15,6 +15,10 @@ module Organizations
       presence: true,
       length: { maximum: 255 }
 
+    validates :path,
+      presence: true,
+      length: { minimum: 2, maximum: 255 }
+
     def default?
       id == DEFAULT_ORGANIZATION_ID
     end
diff --git a/app/services/issuable/destroy_service.rb b/app/services/issuable/destroy_service.rb
index 261afb767bb..47770d101f9 100644
--- a/app/services/issuable/destroy_service.rb
+++ b/app/services/issuable/destroy_service.rb
@@ -8,11 +8,15 @@ module Issuable
     end
 
     def execute(issuable)
+      before_destroy(issuable)
       after_destroy(issuable) if issuable.destroy
     end
 
     private
 
+    # overriden in EE
+    def before_destroy(issuable); end
+
     def after_destroy(issuable)
       delete_associated_records(issuable)
       issuable.update_project_counter_caches
diff --git a/db/migrate/20230530112122_add_path_to_organizations.rb b/db/migrate/20230530112122_add_path_to_organizations.rb
new file mode 100644
index 00000000000..fbd037f1251
--- /dev/null
+++ b/db/migrate/20230530112122_add_path_to_organizations.rb
@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+class AddPathToOrganizations < Gitlab::Database::Migration[2.1]
+  disable_ddl_transaction!
+
+  INDEX_NAME = 'unique_organizations_on_path'
+
+  def up
+    # text limit is added in 20230530112602_add_text_limit_on_organization_path
+    add_column :organizations, :path, :text, null: false, default: '', if_not_exists: true # rubocop:disable Migration/AddLimitToTextColumns
+
+    add_concurrent_index :organizations, :path, name: INDEX_NAME, unique: true
+  end
+
+  def down
+    remove_column :organizations, :path, if_exists: true
+  end
+end
diff --git a/db/migrate/20230530112602_add_text_limit_on_organization_path.rb b/db/migrate/20230530112602_add_text_limit_on_organization_path.rb
new file mode 100644
index 00000000000..6eb9105cf97
--- /dev/null
+++ b/db/migrate/20230530112602_add_text_limit_on_organization_path.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+class AddTextLimitOnOrganizationPath < Gitlab::Database::Migration[2.1]
+  disable_ddl_transaction!
+
+  def up
+    add_text_limit :organizations, :path, 255
+  end
+
+  def down
+    remove_text_limit :organizations, :path
+  end
+end
diff --git a/db/post_migrate/20230530114845_cleanup_organizations_with_null_path.rb b/db/post_migrate/20230530114845_cleanup_organizations_with_null_path.rb
new file mode 100644
index 00000000000..6d04bf6e4ec
--- /dev/null
+++ b/db/post_migrate/20230530114845_cleanup_organizations_with_null_path.rb
@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+class CleanupOrganizationsWithNullPath < Gitlab::Database::Migration[2.1]
+  restrict_gitlab_migration gitlab_schema: :gitlab_main
+
+  module Organizations
+    class Organization < Gitlab::Database::Migration[2.1]::MigrationRecord
+    end
+  end
+
+  def up
+    Organizations::Organization.update_all("path = lower(name)")
+  end
+
+  def down
+    Organizations::Organization.update_all(path: '')
+  end
+end
diff --git a/db/post_migrate/20230530115830_remove_default_on_organization_path.rb b/db/post_migrate/20230530115830_remove_default_on_organization_path.rb
new file mode 100644
index 00000000000..82c71d5fef3
--- /dev/null
+++ b/db/post_migrate/20230530115830_remove_default_on_organization_path.rb
@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+class RemoveDefaultOnOrganizationPath < Gitlab::Database::Migration[2.1]
+  def up
+    change_column_default :organizations, :path, nil
+  end
+
+  def down
+    change_column_default :organizations, :path, ''
+  end
+end
diff --git a/db/schema_migrations/20230530112122 b/db/schema_migrations/20230530112122
new file mode 100644
index 00000000000..6c8fc76ba31
--- /dev/null
+++ b/db/schema_migrations/20230530112122
@@ -0,0 +1 @@
+f42b0e96388af93c226418f09c2b81a31677f9ba9fe10aa357f2b88ea1d415d8
\ No newline at end of file
diff --git a/db/schema_migrations/20230530112602 b/db/schema_migrations/20230530112602
new file mode 100644
index 00000000000..4d1e17322d8
--- /dev/null
+++ b/db/schema_migrations/20230530112602
@@ -0,0 +1 @@
+81dca424fac6ac462d15b8bb03bb272de970f6a701b3cbd78e86587bfa2a5733
\ No newline at end of file
diff --git a/db/schema_migrations/20230530114845 b/db/schema_migrations/20230530114845
new file mode 100644
index 00000000000..57327b54419
--- /dev/null
+++ b/db/schema_migrations/20230530114845
@@ -0,0 +1 @@
+442196dbc3b0e8669e697971cf74b1235d35211ea6db1d861eca80dd277e7f9a
\ No newline at end of file
diff --git a/db/schema_migrations/20230530115830 b/db/schema_migrations/20230530115830
new file mode 100644
index 00000000000..99371531685
--- /dev/null
+++ b/db/schema_migrations/20230530115830
@@ -0,0 +1 @@
+6e78a4ca76337129033cc9660ac203eb12187665ab5bb404fe6d8e3e5764365b
\ No newline at end of file
diff --git a/db/structure.sql b/db/structure.sql
index 7822973b778..904b6a3e79c 100644
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -19240,6 +19240,8 @@ CREATE TABLE organizations (
     created_at timestamp with time zone NOT NULL,
     updated_at timestamp with time zone NOT NULL,
     name text DEFAULT ''::text NOT NULL,
+    path text NOT NULL,
+    CONSTRAINT check_0b4296b5ea CHECK ((char_length(path) <= 255)),
     CONSTRAINT check_d130d769e0 CHECK ((char_length(name) <= 255))
 );
 
@@ -33276,6 +33278,8 @@ CREATE UNIQUE INDEX unique_index_on_system_note_metadata_id ON resource_link_eve
 
 CREATE UNIQUE INDEX unique_merge_request_metrics_by_merge_request_id ON merge_request_metrics USING btree (merge_request_id);
 
+CREATE UNIQUE INDEX unique_organizations_on_path ON organizations USING btree (path);
+
 CREATE UNIQUE INDEX unique_packages_project_id_and_name_and_version_when_debian ON packages_packages USING btree (project_id, name, version) WHERE ((package_type = 9) AND (status <> 4));
 
 CREATE UNIQUE INDEX unique_postgres_async_fk_validations_name_and_table_name ON postgres_async_foreign_key_validations USING btree (name, table_name);
diff --git a/doc/user/application_security/policies/index.md b/doc/user/application_security/policies/index.md
index 0d821f8e47c..0b5ea6993a2 100644
--- a/doc/user/application_security/policies/index.md
+++ b/doc/user/application_security/policies/index.md
@@ -150,5 +150,6 @@ The workaround is to amend your group or instance push rules to allow branches f
 - When scheduling pipelines, keep in mind that CRON scheduling is based on UTC on GitLab SaaS and is based on your server time for self managed instances. When testing new policies, it may appear pipelines are not running properly when in fact they are scheduled in your server's timezone.
 - When enforcing scan execution policies, the target project's pipeline is triggered by the user who last updated the security policy project's `policy.yml` file. The user must have permission to trigger the pipeline in the project for the policy to be enforced, and the pipeline to run. Work to address this is being tracked in [issue 394958](https://gitlab.com/gitlab-org/gitlab/-/issues/394958).
 - You should not link a security policy project to a development project and to the group or sub-group the development project belongs to at the same time. Linking this way will result in approval rules from the Scan Result Policy not being applied to merge requests in the development project.
+- When creating a Scan Result Policy, neither the array `severity_levels` nor the array `vulnerability_states` in the [scan_finding rule](../policies/scan-result-policies.md#scan_finding-rule-type) can be left empty; for a working rule, at least one entry must exist.
 
 If you are still experiencing issues, you can [view recent reported bugs](https://gitlab.com/gitlab-org/gitlab/-/issues/?sort=popularity&state=opened&label_name%5B%5D=group%3A%3Asecurity%20policies&label_name%5B%5D=type%3A%3Abug&first_page_size=20) and raise new unreported issues.
diff --git a/spec/factories/organizations/organizations.rb b/spec/factories/organizations/organizations.rb
index 5e609cf3d49..c916b966abc 100644
--- a/spec/factories/organizations/organizations.rb
+++ b/spec/factories/organizations/organizations.rb
@@ -3,6 +3,7 @@
 FactoryBot.define do
   factory :organization, class: 'Organizations::Organization' do
     sequence(:name) { |n| "Organization ##{n}" }
+    path { name.parameterize }
 
     trait :default do
       id { Organizations::Organization::DEFAULT_ORGANIZATION_ID }
diff --git a/spec/models/organizations/organization_spec.rb b/spec/models/organizations/organization_spec.rb
index fd4676fbfe3..bb3d0c2307d 100644
--- a/spec/models/organizations/organization_spec.rb
+++ b/spec/models/organizations/organization_spec.rb
@@ -16,6 +16,8 @@ RSpec.describe Organizations::Organization, type: :model, feature_category: :cel
 
     it { is_expected.to validate_presence_of(:name) }
     it { is_expected.to validate_length_of(:name).is_at_most(255) }
+    it { is_expected.to validate_presence_of(:path) }
+    it { is_expected.to validate_length_of(:path).is_at_least(2).is_at_most(255) }
   end
 
   context 'when using scopes' do