diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-11-10 12:15:29 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-11-10 12:15:29 +0300 |
| commit | 19a36e759b6ba949c5e37e6e40e9f1a230106aa0 (patch) | |
| tree | 47c839b03f43557079f37cdb43850bf4cda5a588 | |
| parent | 1ce993f33b12b6884cfc57f9055dbbc1688c2445 (diff) | |
Add latest changes from gitlab-org/gitlab@master
33 files changed, 298 insertions, 232 deletions
diff --git a/.gitlab/ci/review-apps/main.gitlab-ci.yml b/.gitlab/ci/review-apps/main.gitlab-ci.yml index e1408252056..5d8ea803d19 100644 --- a/.gitlab/ci/review-apps/main.gitlab-ci.yml +++ b/.gitlab/ci/review-apps/main.gitlab-ci.yml @@ -67,7 +67,7 @@ review-build-cng: GITLAB_IMAGE_REPOSITORY: "registry.gitlab.com/gitlab-org/build/cng-mirror" GITLAB_IMAGE_SUFFIX: "ee" GITLAB_REVIEW_APP_BASE_CONFIG_FILE: "scripts/review_apps/base-config.yaml" - GITLAB_HELM_CHART_REF: "75b1486a9aec212d0f49ef1251526d8e51004bbc" # 7.0.1: https://gitlab.com/gitlab-org/charts/gitlab/-/commit/75b1486a9aec212d0f49ef1251526d8e51004bbc + GITLAB_HELM_CHART_REF: "db886740f66e8dfacd7b9f0f79f640c8c2e0318a" # 7.5.1: https://gitlab.com/gitlab-org/charts/gitlab/-/commit/db886740f66e8dfacd7b9f0f79f640c8c2e0318a environment: name: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE} # No separator for SCHEDULE_TYPE so it's compatible as before and looks nice without it url: https://gitlab-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN} diff --git a/.rubocop_todo/layout/argument_alignment.yml b/.rubocop_todo/layout/argument_alignment.yml index c1aabf986a4..9dc839e4bcf 100644 --- a/.rubocop_todo/layout/argument_alignment.yml +++ b/.rubocop_todo/layout/argument_alignment.yml @@ -1519,15 +1519,6 @@ Layout/ArgumentAlignment: - 'spec/requests/api/graphql/group/group_members_spec.rb' - 'spec/requests/api/graphql/milestone_spec.rb' - 'spec/requests/api/graphql/mutations/container_expiration_policy/update_spec.rb' - - 'spec/requests/api/graphql/mutations/design_management/upload_spec.rb' - - 'spec/requests/api/graphql/mutations/issues/link_alerts_spec.rb' - - 'spec/requests/api/graphql/mutations/issues/move_spec.rb' - - 'spec/requests/api/graphql/mutations/issues/set_confidential_spec.rb' - - 'spec/requests/api/graphql/mutations/issues/set_crm_contacts_spec.rb' - - 'spec/requests/api/graphql/mutations/issues/set_due_date_spec.rb' - - 'spec/requests/api/graphql/mutations/issues/set_locked_spec.rb' - - 'spec/requests/api/graphql/mutations/issues/set_severity_spec.rb' - - 'spec/requests/api/graphql/mutations/issues/unlink_alerts_spec.rb' - 'spec/requests/api/graphql/mutations/jira_import/import_users_spec.rb' - 'spec/requests/api/graphql/mutations/jira_import/start_spec.rb' - 'spec/requests/api/graphql/mutations/metrics/dashboard/annotations/create_spec.rb' diff --git a/app/assets/javascripts/notes/components/comment_field_layout.vue b/app/assets/javascripts/notes/components/comment_field_layout.vue index cefcc1b0c98..7673bd61631 100644 --- a/app/assets/javascripts/notes/components/comment_field_layout.vue +++ b/app/assets/javascripts/notes/components/comment_field_layout.vue @@ -1,5 +1,4 @@ <script> -import glFeatureFlagsMixin from '~/vue_shared/mixins/gl_feature_flags_mixin'; import NoteableWarning from '~/vue_shared/components/notes/noteable_warning.vue'; import EmailParticipantsWarning from './email_participants_warning.vue'; import AttachmentsWarning from './attachments_warning.vue'; @@ -12,7 +11,6 @@ export default { EmailParticipantsWarning, NoteableWarning, }, - mixins: [glFeatureFlagsMixin()], props: { noteableData: { type: Object, @@ -56,11 +54,7 @@ export default { return this.emailParticipants.length && !this.isInternalNote; }, showAttachmentWarning() { - return ( - this.glFeatures.serviceDeskNewNoteEmailNativeAttachments && - this.showEmailParticipantsWarning && - this.containsLink - ); + return this.showEmailParticipantsWarning && this.containsLink; }, }, }; diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb index 40e1b846268..fe0e3b68288 100644 --- a/app/controllers/projects/issues_controller.rb +++ b/app/controllers/projects/issues_controller.rb @@ -45,7 +45,6 @@ class Projects::IssuesController < Projects::ApplicationController before_action do push_frontend_feature_flag(:preserve_unchanged_markdown, project) - push_frontend_feature_flag(:service_desk_new_note_email_native_attachments, project) push_frontend_feature_flag(:saved_replies, current_user) push_frontend_feature_flag(:issues_grid_view) push_frontend_feature_flag(:service_desk_ticket) diff --git a/app/mailers/emails/service_desk.rb b/app/mailers/emails/service_desk.rb index f6595a91bee..f67c2636fc6 100644 --- a/app/mailers/emails/service_desk.rb +++ b/app/mailers/emails/service_desk.rb @@ -227,8 +227,6 @@ module Emails # Filepaths we should replace in markdown content @uploads_as_attachments = [] - return unless Feature.enabled?(:service_desk_new_note_email_native_attachments, @note.project) - uploaders = find_uploaders_for(@note) return if uploaders.nil? return if uploaders.sum(&:size) > EMAIL_ATTACHMENTS_SIZE_LIMIT diff --git a/app/models/concerns/can_move_repository_storage.rb b/app/models/concerns/can_move_repository_storage.rb index 1132e4e79ac..1646ed3dc7c 100644 --- a/app/models/concerns/can_move_repository_storage.rb +++ b/app/models/concerns/can_move_repository_storage.rb @@ -9,6 +9,9 @@ module CanMoveRepositoryStorage # progress beforehand. Setting a repository read-only will fail if it is # already in that state. # + # It is assumed that `with_lock` is used here to ensure that no race condition + # appears between reading and writing the read-only column. + # # @return nil. Failures will raise an exception def set_repository_read_only!(skip_git_transfer_check: false) with_lock do @@ -16,10 +19,10 @@ module CanMoveRepositoryStorage !skip_git_transfer_check && git_transfer_in_progress? raise RepositoryReadOnlyError, _('Repository already read-only') if - _safe_read_repository_read_only_column + safe_read_repository_read_only_column raise ActiveRecord::RecordNotSaved, _('Database update failed') unless - _update_repository_read_only_column(true) + update_repository_read_only_column(true) nil end @@ -28,12 +31,8 @@ module CanMoveRepositoryStorage # Set repository as writable again. Unlike setting it read-only, this will # succeed if the repository is already writable. def set_repository_writable! - with_lock do - raise ActiveRecord::RecordNotSaved, _('Database update failed') unless - _update_repository_read_only_column(false) - - nil - end + raise ActiveRecord::RecordNotSaved, _('Database update failed') unless + update_repository_read_only_column(false) end def git_transfer_in_progress? @@ -49,13 +48,13 @@ module CanMoveRepositoryStorage # Not all resources that can move repositories have the `repository_read_only` # in their table, for example groups. We need these methods to override the # behavior in those classes in order to access the column. - def _safe_read_repository_read_only_column + def safe_read_repository_read_only_column # This was added originally this way because of # https://gitlab.com/gitlab-org/gitlab/-/commit/43f9b98302d3985312c9f8b66018e2835d8293d2 self.class.where(id: id).pick(:repository_read_only) end - def _update_repository_read_only_column(value) + def update_repository_read_only_column(value) update_column(:repository_read_only, value) end end diff --git a/app/models/user.rb b/app/models/user.rb index f12304d5069..25f22563136 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -428,6 +428,7 @@ class User < MainClusterwide::ApplicationRecord delegate :organization, :organization=, to: :user_detail, allow_nil: true delegate :discord, :discord=, to: :user_detail, allow_nil: true delegate :email_reset_offered_at, :email_reset_offered_at=, to: :user_detail, allow_nil: true + delegate :project_authorizations_recalculated_at, :project_authorizations_recalculated_at=, to: :user_detail, allow_nil: true accepts_nested_attributes_for :user_preference, update_only: true accepts_nested_attributes_for :user_detail, update_only: true diff --git a/app/services/users/refresh_authorized_projects_service.rb b/app/services/users/refresh_authorized_projects_service.rb index 32acc3f170d..6ec87df9f76 100644 --- a/app/services/users/refresh_authorized_projects_service.rb +++ b/app/services/users/refresh_authorized_projects_service.rb @@ -72,6 +72,8 @@ module Users changes.remove_projects_for_user(user, remove) end.apply! + user.update!(project_authorizations_recalculated_at: Time.zone.now) if remove.any? || add.any? + # Since we batch insert authorization rows, Rails' associations may get # out of sync. As such we force a reload of the User object. user.reset diff --git a/config/feature_flags/development/service_desk_new_note_email_native_attachments.yml b/config/feature_flags/development/service_desk_new_note_email_native_attachments.yml deleted file mode 100644 index 89f0804ad39..00000000000 --- a/config/feature_flags/development/service_desk_new_note_email_native_attachments.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -name: service_desk_new_note_email_native_attachments -introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/107887 -rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/386860 -milestone: '15.8' -type: development -group: group::respond -default_enabled: true diff --git a/db/migrate/20231107071201_add_project_authorizations_recalculated_at_to_user_details.rb b/db/migrate/20231107071201_add_project_authorizations_recalculated_at_to_user_details.rb new file mode 100644 index 00000000000..c7f0ca83695 --- /dev/null +++ b/db/migrate/20231107071201_add_project_authorizations_recalculated_at_to_user_details.rb @@ -0,0 +1,11 @@ +# frozen_string_literal: true + +class AddProjectAuthorizationsRecalculatedAtToUserDetails < Gitlab::Database::Migration[2.2] + milestone '16.6' + enable_lock_retries! + + def change + add_column :user_details, :project_authorizations_recalculated_at, :datetime_with_timezone, + default: '2010-01-01', null: false + end +end diff --git a/db/post_migrate/20231109183438_drop_merge_request_assignees_on_merge_request_id_index.rb b/db/post_migrate/20231109183438_drop_merge_request_assignees_on_merge_request_id_index.rb new file mode 100644 index 00000000000..e1f96393031 --- /dev/null +++ b/db/post_migrate/20231109183438_drop_merge_request_assignees_on_merge_request_id_index.rb @@ -0,0 +1,19 @@ +# frozen_string_literal: true + +class DropMergeRequestAssigneesOnMergeRequestIdIndex < Gitlab::Database::Migration[2.2] + disable_ddl_transaction! + + milestone '16.6' + + INDEX_NAME = 'index_merge_request_assignees_on_merge_request_id' + TABLE_NAME = :merge_request_assignees + + def up + # Duplicated index. This index is covered by +index_merge_request_assignees_on_merge_request_id_and_user_id+ + remove_concurrent_index_by_name TABLE_NAME, INDEX_NAME + end + + def down + add_concurrent_index TABLE_NAME, :merge_request_id, name: INDEX_NAME + end +end diff --git a/db/schema_migrations/20231107071201 b/db/schema_migrations/20231107071201 new file mode 100644 index 00000000000..4c867fb2ad7 --- /dev/null +++ b/db/schema_migrations/20231107071201 @@ -0,0 +1 @@ +353eb22ec8e991d6aff2a79ae7e54e5d045aac3da34769e927d137ce9fb41306
\ No newline at end of file diff --git a/db/schema_migrations/20231109183438 b/db/schema_migrations/20231109183438 new file mode 100644 index 00000000000..32c590bad5a --- /dev/null +++ b/db/schema_migrations/20231109183438 @@ -0,0 +1 @@ +87a41f56368f4211291dc6022af91a2168c389b426a1d615321cf0f36bd2c801
\ No newline at end of file diff --git a/db/structure.sql b/db/structure.sql index dce4b395301..1553694704b 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -24346,6 +24346,7 @@ CREATE TABLE user_details ( enterprise_group_associated_at timestamp with time zone, email_reset_offered_at timestamp with time zone, mastodon text DEFAULT ''::text NOT NULL, + project_authorizations_recalculated_at timestamp with time zone DEFAULT '2010-01-01 00:00:00+00'::timestamp with time zone NOT NULL, CONSTRAINT check_245664af82 CHECK ((char_length(webauthn_xid) <= 100)), CONSTRAINT check_444573ee52 CHECK ((char_length(skype) <= 500)), CONSTRAINT check_466a25be35 CHECK ((char_length(twitter) <= 500)), @@ -33209,8 +33210,6 @@ CREATE INDEX index_members_on_user_id_and_access_level_requested_at_is_null ON m CREATE INDEX index_members_on_user_id_created_at ON members USING btree (user_id, created_at) WHERE ((ldap = true) AND ((type)::text = 'GroupMember'::text) AND ((source_type)::text = 'Namespace'::text)); -CREATE INDEX index_merge_request_assignees_on_merge_request_id ON merge_request_assignees USING btree (merge_request_id); - CREATE UNIQUE INDEX index_merge_request_assignees_on_merge_request_id_and_user_id ON merge_request_assignees USING btree (merge_request_id, user_id); CREATE INDEX index_merge_request_assignees_on_user_id ON merge_request_assignees USING btree (user_id); diff --git a/doc/administration/merge_request_diffs.md b/doc/administration/merge_request_diffs.md index 746dccb99d6..9c4ddcdc094 100644 --- a/doc/administration/merge_request_diffs.md +++ b/doc/administration/merge_request_diffs.md @@ -21,7 +21,9 @@ that only [stores outdated diffs](#alternative-in-database-storage) outside of d ## Using external storage -For Linux package installations: +::Tabs + +:::TabTitle Linux package (Omnibus) 1. Edit `/etc/gitlab/gitlab.rb` and add the following line: @@ -41,7 +43,7 @@ For Linux package installations: 1. Save the file and [reconfigure GitLab](restart_gitlab.md#reconfigure-a-linux-package-installation) for the changes to take effect. GitLab then migrates your existing merge request diffs to external storage. -For self-compiled installations: +:::TabTitle Self-compiled (source) 1. Edit `/home/git/gitlab/config/gitlab.yml` and add or amend the following lines: @@ -65,6 +67,8 @@ For self-compiled installations: 1. Save the file and [restart GitLab](restart_gitlab.md#self-compiled-installations) for the changes to take effect. GitLab then migrates your existing merge request diffs to external storage. +::EndTabs + ## Using object storage WARNING: @@ -74,7 +78,9 @@ Instead of storing the external diffs on disk, we recommended the use of an obje store like AWS S3 instead. This configuration relies on valid AWS credentials to be configured already. -For Linux package installations: +::Tabs + +:::TabTitle Linux package (Omnibus) 1. Edit `/etc/gitlab/gitlab.rb` and add the following line: @@ -86,7 +92,7 @@ For Linux package installations: 1. Save the file and [reconfigure GitLab](restart_gitlab.md#reconfigure-a-linux-package-installation) for the changes to take effect. GitLab then migrates your existing merge request diffs to external storage. -For self-compiled installations: +:::TabTitle Self-compiled (source) 1. Edit `/home/git/gitlab/config/gitlab.yml` and add or amend the following lines: @@ -100,6 +106,8 @@ For self-compiled installations: 1. Save the file and [restart GitLab](restart_gitlab.md#self-compiled-installations) for the changes to take effect. GitLab then migrates your existing merge request diffs to external storage. +::EndTabs + [Read more about using object storage with GitLab](object_storage.md). ### Object Storage Settings @@ -123,7 +131,9 @@ then `object_store:`. On Linux package installations, they are prefixed by See [the available connection settings for different providers](object_storage.md#configure-the-connection-settings). -For Linux package installations: +::Tabs + +:::TabTitle Linux package (Omnibus) 1. Edit `/etc/gitlab/gitlab.rb` and add the following lines by replacing with the values you want: @@ -153,7 +163,7 @@ For Linux package installations: 1. Save the file and [reconfigure GitLab](restart_gitlab.md#reconfigure-a-linux-package-installation) for the changes to take effect. -For self-compiled installations: +:::TabTitle Self-compiled (source) 1. Edit `/home/git/gitlab/config/gitlab.yml` and add or amend the following lines: @@ -173,6 +183,8 @@ For self-compiled installations: 1. Save the file and [restart GitLab](restart_gitlab.md#self-compiled-installations) for the changes to take effect. +::EndTabs + ## Alternative in-database storage Enabling external diffs may reduce the performance of merge requests, as they @@ -182,7 +194,9 @@ in the database. To enable this feature, perform the following steps: -For Linux package installations: +::Tabs + +:::TabTitle Linux package (Omnibus) 1. Edit `/etc/gitlab/gitlab.rb` and add the following line: @@ -192,7 +206,7 @@ For Linux package installations: 1. Save the file and [reconfigure GitLab](restart_gitlab.md#reconfigure-a-linux-package-installation) for the changes to take effect. -For self-compiled installations: +:::TabTitle Self-compiled (source) 1. Edit `/home/git/gitlab/config/gitlab.yml` and add or amend the following lines: @@ -205,6 +219,8 @@ For self-compiled installations: 1. Save the file and [restart GitLab](restart_gitlab.md#self-compiled-installations) for the changes to take effect. +::EndTabs + With this feature enabled, diffs are initially stored in the database, rather than externally. They are moved to external storage after any of these conditions become true: @@ -217,64 +233,45 @@ These rules strike a balance between space and performance by only storing frequently-accessed diffs in the database. Diffs that are less likely to be accessed are moved to external storage instead. -## Correcting incorrectly-migrated diffs - -Versions of GitLab earlier than `v13.0.0` would incorrectly record the location -of some merge request diffs when [external diffs in object storage](#object-storage-settings) -were enabled. This mainly affected imported merge requests, and was resolved -with [this merge request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/31005). - -If you are using object storage, or have never used on-disk storage for external -diffs, the **Changes** tab for some merge requests fails to load with a 500 error, -and the exception for that error is of this form: - -```plain -Errno::ENOENT (No such file or directory @ rb_sysopen - /var/opt/gitlab/gitlab-rails/shared/external-diffs/merge_request_diffs/mr-6167082/diff-8199789) -``` - -Then you are affected by this issue. Because it's not possible to safely determine -all these conditions automatically, we've provided a Rake task in GitLab v13.2.0 -that you can run manually to correct the data: - -For Linux package installations: - -```shell -sudo gitlab-rake gitlab:external_diffs:force_object_storage -``` - -For self-compiled installations: +## Switching from external storage to object storage -```shell -sudo -u git -H bundle exec rake gitlab:external_diffs:force_object_storage RAILS_ENV=production -``` +Automatic migration moves diffs stored in the database, but it does not move diffs between storage types. +To switch from external storage to object storage: -Environment variables can be provided to modify the behavior of the task. The -available variables are: +1. Move files stored on local or NFS storage to object storage manually. +1. Run this Rake task to change their location in the database. -| Name | Default value | Purpose | -| ---- | ------------- | ------- | -| `ANSI` | `true` | Use ANSI escape codes to make output more understandable | -| `BATCH_SIZE` | `1000` | Iterate through the table in batches of this size | -| `START_ID` | `nil` | If set, begin scanning at this ID | -| `END_ID` | `nil` | If set, stop scanning at this ID | -| `UPDATE_DELAY` | `1` | Number of seconds to sleep between updates | + For Linux package installations: -The `START_ID` and `END_ID` variables may be used to run the update in parallel, -by assigning different processes to different parts of the table. The `BATCH` -and `UPDATE_DELAY` parameters allow the speed of the migration to be traded off -against concurrent access to the table. The `ANSI` parameter should be set to -false if your terminal does not support ANSI escape codes. + ```shell + sudo gitlab-rake gitlab:external_diffs:force_object_storage + ``` -By default, `sudo` does not preserve existing environment variables. You should append them, rather than prefix them. + For self-compiled installations: -```shell -sudo gitlab-rake gitlab:external_diffs:force_object_storage START_ID=59946109 END_ID=59946109 UPDATE_DELAY=5 -``` + ```shell + sudo -u git -H bundle exec rake gitlab:external_diffs:force_object_storage RAILS_ENV=production + ``` -## Switching from external storage to object storage + By default, `sudo` does not preserve existing environment variables. You should + append them, rather than prefix them, like this: -Automatic migration moves diffs stored in the database, but it does not move diffs between storage types. -To switch from external storage to object storage: + ```shell + sudo gitlab-rake gitlab:external_diffs:force_object_storage START_ID=59946109 END_ID=59946109 UPDATE_DELAY=5 + ``` -1. Move files stored on local or NFS storage to object storage manually. -1. Run the Rake task in the [previous section](#correcting-incorrectly-migrated-diffs) to change their location in the database. +These environment variables modify the behavior of the Rake task: + +| Name | Default value | Purpose | +|----------------|---------------|---------| +| `ANSI` | `true` | Use ANSI escape codes to make output more understandable. | +| `BATCH_SIZE` | `1000` | Iterate through the table in batches of this size. | +| `START_ID` | `nil` | If set, begin scanning at this ID. | +| `END_ID` | `nil` | If set, stop scanning at this ID. | +| `UPDATE_DELAY` | `1` | Number of seconds to sleep between updates. | + +- `START_ID` and `END_ID` can be used to run the update in parallel, + by assigning different processes to different parts of the table. +- `BATCH` and `UPDATE_DELAY` enable the speed of the migration to be traded off + against concurrent access to the table. +- `ANSI` should be set to `false` if your terminal does not support ANSI escape codes. diff --git a/doc/architecture/blueprints/secret_manager/decisions/004_staleless_kms.md b/doc/architecture/blueprints/secret_manager/decisions/004_staleless_kms.md new file mode 100644 index 00000000000..3de8adfd3a7 --- /dev/null +++ b/doc/architecture/blueprints/secret_manager/decisions/004_staleless_kms.md @@ -0,0 +1,49 @@ +--- +owning-stage: "~devops::verify" +description: 'GitLab Secrets Manager ADR 004: Sateless Key Management Service' +--- + +# GitLab Secrets Manager ADR 004: Stateless Key Management Service + +In [ADR-002](002_gcp_kms.md) we decided that we want to use Google's Cloud Key +Management Service to store private encryption keys. This will allow us to meet +various compliance requirements easier. + +In this ADR we are going to describe the desired architecture of GitLab Secrets +Management Service, making it a stateless service, that is not connected to a +persistent datastore, other than an ephemeral local storage. + +## Context + +## Decision + +Make GitLab Secrets Management Service a stateless application, not being +connected to a global data storage, like a relational or NoSQL database. + +We are only going to support local block storage, presumably only for caching +purposes. + +In order to manage decryption cost wisely, we would need to implement +multi-tier protection layers, and in-memory, per-instance, +[symmetric decryption key](001_envelop_encryption.md) caching, with cache TTL +depending on the protection tier. A hardware or software key can be used in +Google's Cloud KMS, depending on the tier too. + +## Consequences + +1. All private keys are going to be stored in Google's Cloud KMS. +1. Multi-tier protection will be implemented, with higher tries offering more protection. +1. Protection tier will be defined on per-organization level on the GitLab Rails Service side. +1. Depending on the protection level used, symmetric decryption keys can be in-memory cached. +1. The symmetric key's cache must not be valid for more than 24 hours.. +1. The highest protection tier will use Hardware Security Module and no caching. +1. The GitLab Secrets Management Service will not store access-control metadata. +1. Identity de-multiplexing will happen on GitLab Rails Service side. +1. Decryption request will be signed by an organization's public key. +1. The service will verify decryption requestor's identity by checking the signature. + +## Alternatives + +We considered using a relational database, or a NoSQL database, both +self-managed and managed by a Cloud Provider, but concluded that this would add +a lot of complexity and would weaken the security posture of the service. diff --git a/doc/user/project/service_desk/using_service_desk.md b/doc/user/project/service_desk/using_service_desk.md index ad97a36bbb0..5f3c725b83b 100644 --- a/doc/user/project/service_desk/using_service_desk.md +++ b/doc/user/project/service_desk/using_service_desk.md @@ -138,10 +138,7 @@ HTML emails show HTML formatting, such as: > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/11733) in GitLab 15.8 [with a flag](../../../administration/feature_flags.md) named `service_desk_new_note_email_native_attachments`. Disabled by default. > - [Enabled on GitLab.com and self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/386860) in GitLab 15.10. - -FLAG: -On self-managed GitLab, by default this feature is available. To hide the feature per project or for your entire instance, an administrator can [disable the feature flag](../../../administration/feature_flags.md) named `service_desk_new_note_email_native_attachments`. -On GitLab.com, this feature is available. +> - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/11733) in GitLab 16.6. Feature flag `service_desk_new_note_email_native_attachments` removed. If a comment contains any attachments and their total size is less than or equal to 10 MB, these attachments are sent as part of the email. In other cases, the email contains links to the attachments. diff --git a/spec/features/projects/issues/email_participants_spec.rb b/spec/features/projects/issues/email_participants_spec.rb index 215c45351c1..e1b8133a10f 100644 --- a/spec/features/projects/issues/email_participants_spec.rb +++ b/spec/features/projects/issues/email_participants_spec.rb @@ -68,18 +68,4 @@ RSpec.describe 'viewing an issue', :js, feature_category: :service_desk do end end end - - context 'for feature flags' do - before do - sign_in(user) - end - - it 'pushes service_desk_new_note_email_native_attachments feature flag to frontend' do - stub_feature_flags(service_desk_new_note_email_native_attachments: true) - - visit project_issue_path(project, issue) - - expect(page).to have_pushed_frontend_feature_flags(serviceDeskNewNoteEmailNativeAttachments: true) - end - end end diff --git a/spec/frontend/notes/components/comment_field_layout_spec.js b/spec/frontend/notes/components/comment_field_layout_spec.js index 93b54f95021..b55019ed525 100644 --- a/spec/frontend/notes/components/comment_field_layout_spec.js +++ b/spec/frontend/notes/components/comment_field_layout_spec.js @@ -31,19 +31,13 @@ describe('Comment Field Layout Component', () => { const findAttachmentsWarning = () => wrapper.findComponent(AttachmentsWarning); const findErrorAlert = () => wrapper.findByTestId('comment-field-alert-container'); - const createWrapper = (props = {}, provide = {}) => { + const createWrapper = (props = {}) => { wrapper = extendedWrapper( shallowMount(CommentFieldLayout, { propsData: { noteableData: noteableDataMock, ...props, }, - provide: { - glFeatures: { - serviceDeskNewNoteEmailNativeAttachments: true, - }, - ...provide, - }, }), ); }; @@ -160,22 +154,4 @@ describe('Comment Field Layout Component', () => { expect(findEmailParticipantsWarning().exists()).toBe(false); }); }); - - describe('serviceDeskNewNoteEmailNativeAttachments flag', () => { - it('shows warning message when flag is enabled', () => { - createWrapper(commentFieldWithAttachmentData, { - glFeatures: { serviceDeskNewNoteEmailNativeAttachments: true }, - }); - - expect(findAttachmentsWarning().exists()).toBe(true); - }); - - it('shows warning message when flag is disables', () => { - createWrapper(commentFieldWithAttachmentData, { - glFeatures: { serviceDeskNewNoteEmailNativeAttachments: false }, - }); - - expect(findAttachmentsWarning().exists()).toBe(false); - }); - }); }); diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index fd4b3dbb548..17eabc0f7cd 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -136,6 +136,9 @@ RSpec.describe User, feature_category: :user_profile do it { is_expected.to delegate_method(:email_reset_offered_at).to(:user_detail).allow_nil } it { is_expected.to delegate_method(:email_reset_offered_at=).to(:user_detail).with_arguments(:args).allow_nil } + + it { is_expected.to delegate_method(:project_authorizations_recalculated_at).to(:user_detail).allow_nil } + it { is_expected.to delegate_method(:project_authorizations_recalculated_at=).to(:user_detail).with_arguments(:args).allow_nil } end describe 'associations' do diff --git a/spec/requests/api/graphql/mutations/design_management/upload_spec.rb b/spec/requests/api/graphql/mutations/design_management/upload_spec.rb index 9b42b32c150..82a88a2c593 100644 --- a/spec/requests/api/graphql/mutations/design_management/upload_spec.rb +++ b/spec/requests/api/graphql/mutations/design_management/upload_spec.rb @@ -36,10 +36,11 @@ RSpec.describe "uploading designs", feature_category: :design_management do end it 'returns an error' do - workhorse_post_with_file(api('/', current_user, version: 'graphql'), - params: params, - file_key: '1' - ) + workhorse_post_with_file( + api('/', current_user, version: 'graphql'), + params: params, + file_key: '1' + ) expect(response).to have_attributes( code: eq('400'), diff --git a/spec/requests/api/graphql/mutations/issues/link_alerts_spec.rb b/spec/requests/api/graphql/mutations/issues/link_alerts_spec.rb index 85e21952f47..df6c20d6176 100644 --- a/spec/requests/api/graphql/mutations/issues/link_alerts_spec.rb +++ b/spec/requests/api/graphql/mutations/issues/link_alerts_spec.rb @@ -19,19 +19,21 @@ RSpec.describe 'Link alerts to an incident', feature_category: :incident_managem alert_references: [alert1.to_reference, alert2.details_url] } - graphql_mutation(:issue_link_alerts, variables, - <<-QL.strip_heredoc - clientMutationId - errors - issue { - iid - alertManagementAlerts { - nodes { - iid - } - } - } - QL + graphql_mutation( + :issue_link_alerts, + variables, + <<-QL.strip_heredoc + clientMutationId + errors + issue { + iid + alertManagementAlerts { + nodes { + iid + } + } + } + QL ) end diff --git a/spec/requests/api/graphql/mutations/issues/move_spec.rb b/spec/requests/api/graphql/mutations/issues/move_spec.rb index 7d9579067b6..24188d5341d 100644 --- a/spec/requests/api/graphql/mutations/issues/move_spec.rb +++ b/spec/requests/api/graphql/mutations/issues/move_spec.rb @@ -16,14 +16,16 @@ RSpec.describe 'Moving an issue', feature_category: :team_planning do iid: issue.iid.to_s } - graphql_mutation(:issue_move, variables, - <<-QL.strip_heredoc - clientMutationId - errors - issue { - title - } - QL + graphql_mutation( + :issue_move, + variables, + <<-QL.strip_heredoc + clientMutationId + errors + issue { + title + } + QL ) end diff --git a/spec/requests/api/graphql/mutations/issues/set_confidential_spec.rb b/spec/requests/api/graphql/mutations/issues/set_confidential_spec.rb index c5e6901d8f8..c62995c0b9b 100644 --- a/spec/requests/api/graphql/mutations/issues/set_confidential_spec.rb +++ b/spec/requests/api/graphql/mutations/issues/set_confidential_spec.rb @@ -15,15 +15,17 @@ RSpec.describe 'Setting an issue as confidential', feature_category: :team_plann project_path: project.full_path, iid: issue.iid.to_s } - graphql_mutation(:issue_set_confidential, variables.merge(input), - <<-QL.strip_heredoc - clientMutationId - errors - issue { - iid - confidential - } - QL + graphql_mutation( + :issue_set_confidential, + variables.merge(input), + <<-QL.strip_heredoc + clientMutationId + errors + issue { + iid + confidential + } + QL ) end diff --git a/spec/requests/api/graphql/mutations/issues/set_crm_contacts_spec.rb b/spec/requests/api/graphql/mutations/issues/set_crm_contacts_spec.rb index 497ae1cc13f..cdab267162e 100644 --- a/spec/requests/api/graphql/mutations/issues/set_crm_contacts_spec.rb +++ b/spec/requests/api/graphql/mutations/issues/set_crm_contacts_spec.rb @@ -26,18 +26,20 @@ RSpec.describe 'Setting issues crm contacts', feature_category: :service_desk do contact_ids: contact_ids } - graphql_mutation(:issue_set_crm_contacts, variables, - <<-QL.strip_heredoc - clientMutationId - errors - issue { - customerRelationsContacts { - nodes { - id - } - } - } - QL + graphql_mutation( + :issue_set_crm_contacts, + variables, + <<-QL.strip_heredoc + clientMutationId + errors + issue { + customerRelationsContacts { + nodes { + id + } + } + } + QL ) end diff --git a/spec/requests/api/graphql/mutations/issues/set_due_date_spec.rb b/spec/requests/api/graphql/mutations/issues/set_due_date_spec.rb index ec71e44464a..f7c5febe56f 100644 --- a/spec/requests/api/graphql/mutations/issues/set_due_date_spec.rb +++ b/spec/requests/api/graphql/mutations/issues/set_due_date_spec.rb @@ -15,15 +15,17 @@ RSpec.describe 'Setting Due Date of an issue', feature_category: :team_planning project_path: project.full_path, iid: issue.iid.to_s } - graphql_mutation(:issue_set_due_date, variables.merge(input), - <<-QL.strip_heredoc - clientMutationId - errors - issue { - iid - dueDate - } - QL + graphql_mutation( + :issue_set_due_date, + variables.merge(input), + <<-QL.strip_heredoc + clientMutationId + errors + issue { + iid + dueDate + } + QL ) end diff --git a/spec/requests/api/graphql/mutations/issues/set_locked_spec.rb b/spec/requests/api/graphql/mutations/issues/set_locked_spec.rb index a8025894b1e..547ec280150 100644 --- a/spec/requests/api/graphql/mutations/issues/set_locked_spec.rb +++ b/spec/requests/api/graphql/mutations/issues/set_locked_spec.rb @@ -16,15 +16,17 @@ RSpec.describe 'Setting an issue as locked', feature_category: :team_planning do project_path: project.full_path, iid: issue.iid.to_s } - graphql_mutation(:issue_set_locked, variables.merge(input), - <<-QL.strip_heredoc - clientMutationId - errors - issue { - iid - discussionLocked - } - QL + graphql_mutation( + :issue_set_locked, + variables.merge(input), + <<-QL.strip_heredoc + clientMutationId + errors + issue { + iid + discussionLocked + } + QL ) end diff --git a/spec/requests/api/graphql/mutations/issues/set_severity_spec.rb b/spec/requests/api/graphql/mutations/issues/set_severity_spec.rb index 77262c7f64f..d53b938a983 100644 --- a/spec/requests/api/graphql/mutations/issues/set_severity_spec.rb +++ b/spec/requests/api/graphql/mutations/issues/set_severity_spec.rb @@ -17,15 +17,17 @@ RSpec.describe 'Setting severity level of an incident', feature_category: :incid iid: incident.iid.to_s } - graphql_mutation(:issue_set_severity, variables.merge(input), - <<-QL.strip_heredoc - clientMutationId - errors - issue { - iid - severity - } - QL + graphql_mutation( + :issue_set_severity, + variables.merge(input), + <<-QL.strip_heredoc + clientMutationId + errors + issue { + iid + severity + } + QL ) end diff --git a/spec/requests/api/graphql/mutations/issues/unlink_alerts_spec.rb b/spec/requests/api/graphql/mutations/issues/unlink_alerts_spec.rb index 7f6f968b1dd..807afdfb812 100644 --- a/spec/requests/api/graphql/mutations/issues/unlink_alerts_spec.rb +++ b/spec/requests/api/graphql/mutations/issues/unlink_alerts_spec.rb @@ -21,19 +21,21 @@ RSpec.describe 'Unlink alert from an incident', feature_category: :incident_mana alert_id: alert_to_unlink.to_global_id.to_s } - graphql_mutation(:issue_unlink_alert, variables, - <<-QL.strip_heredoc - clientMutationId - errors - issue { - iid - alertManagementAlerts { - nodes { - id - } - } - } - QL + graphql_mutation( + :issue_unlink_alert, + variables, + <<-QL.strip_heredoc + clientMutationId + errors + issue { + iid + alertManagementAlerts { + nodes { + id + } + } + } + QL ) end diff --git a/spec/services/projects/update_repository_storage_service_spec.rb b/spec/services/projects/update_repository_storage_service_spec.rb index d173d23a1d6..b81fc8bf633 100644 --- a/spec/services/projects/update_repository_storage_service_spec.rb +++ b/spec/services/projects/update_repository_storage_service_spec.rb @@ -79,6 +79,30 @@ RSpec.describe Projects::UpdateRepositoryStorageService, feature_category: :sour end end + context 'when touch raises an exception' do + let(:exception) { RuntimeError.new('Boom') } + + it 'marks the storage move as failed and restores read-write access' do + allow(repository_storage_move).to receive(:container).and_return(project) + + allow(project).to receive(:touch).and_wrap_original do + project.assign_attributes(updated_at: 1.second.ago) + raise exception + end + + expect(project_repository_double).to receive(:replicate) + .with(project.repository.raw) + expect(project_repository_double).to receive(:checksum) + .and_return(checksum) + + expect { subject.execute }.to raise_error(exception) + project.reload + + expect(project).not_to be_repository_read_only + expect(repository_storage_move.reload).to be_failed + end + end + context 'when the filesystems are the same' do before do expect(Gitlab::GitalyClient).to receive(:filesystem_id).twice.and_return(SecureRandom.uuid) diff --git a/spec/services/users/refresh_authorized_projects_service_spec.rb b/spec/services/users/refresh_authorized_projects_service_spec.rb index b36152f81c3..3d88618711b 100644 --- a/spec/services/users/refresh_authorized_projects_service_spec.rb +++ b/spec/services/users/refresh_authorized_projects_service_spec.rb @@ -98,6 +98,13 @@ RSpec.describe Users::RefreshAuthorizedProjectsService, feature_category: :user_ service.execute_without_lease end + it 'updates project_authorizations_recalculated_at', :freeze_time do + default_date = Time.zone.local('2010') + expect do + service.execute_without_lease + end.to change { user.project_authorizations_recalculated_at }.from(default_date).to(Time.zone.now) + end + it 'returns a User' do expect(service.execute_without_lease).to be_an_instance_of(User) end diff --git a/spec/support/helpers/database/duplicate_indexes.yml b/spec/support/helpers/database/duplicate_indexes.yml index b4532ca7d7a..57ce762bbda 100644 --- a/spec/support/helpers/database/duplicate_indexes.yml +++ b/spec/support/helpers/database/duplicate_indexes.yml @@ -103,9 +103,6 @@ member_tasks: members: index_members_on_member_namespace_id_compound: - index_members_on_member_namespace_id -merge_request_assignees: - index_merge_request_assignees_on_merge_request_id_and_user_id: - - index_merge_request_assignees_on_merge_request_id merge_requests: index_merge_requests_on_author_id_and_created_at: - index_merge_requests_on_author_id diff --git a/spec/support/shared_examples/models/concerns/can_move_repository_storage_shared_examples.rb b/spec/support/shared_examples/models/concerns/can_move_repository_storage_shared_examples.rb index 8deeecea30d..77327e9b539 100644 --- a/spec/support/shared_examples/models/concerns/can_move_repository_storage_shared_examples.rb +++ b/spec/support/shared_examples/models/concerns/can_move_repository_storage_shared_examples.rb @@ -42,6 +42,12 @@ RSpec.shared_examples 'can move repository storage' do .to change { container.repository_read_only? } .from(true).to(false) end + + it 'raises an error when the update fails' do + expect(container).to receive(:update_repository_read_only_column).and_return(false) + + expect { container.set_repository_writable! }.to raise_error(ActiveRecord::RecordNotSaved, /Database update failed/) + end end describe '#reference_counter' do |