diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-15 06:11:01 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-15 06:11:01 +0300 |
commit | 26c3184b621c4349997b1fade462c3fb480ad976 (patch) | |
tree | 4b8fe8ff0143ecab6c20179531332048abd1adc3 | |
parent | b754c00a217814cdf3fdaaa51e695a44095c0197 (diff) |
Add latest changes from gitlab-org/gitlab@master
33 files changed, 156 insertions, 182 deletions
diff --git a/.rubocop_manual_todo.yml b/.rubocop_manual_todo.yml index fe1c607821b..15ce98b6770 100644 --- a/.rubocop_manual_todo.yml +++ b/.rubocop_manual_todo.yml @@ -10,20 +10,6 @@ # - guidelines for use found in # https://docs.gitlab.com/ee/development/contributing/style_guides.html#resolving-rubocop-exceptions. -# WIP See https://gitlab.com/gitlab-org/gitlab/-/issues/337596 -Graphql/Descriptions: - Exclude: - - 'ee/app/graphql/types/iteration_state_enum.rb' - - 'ee/app/graphql/types/requirements_management/requirement_state_enum.rb' - - 'ee/app/graphql/types/requirements_management/test_report_state_enum.rb' - - 'ee/app/graphql/types/security_scanner_type_enum.rb' - - 'ee/app/graphql/types/vulnerability/issue_link_type_enum.rb' - - 'ee/app/graphql/types/vulnerability_grade_enum.rb' - - 'ee/app/graphql/types/vulnerability_report_type_enum.rb' - - 'ee/app/graphql/types/vulnerability_severity_enum.rb' - - 'ee/app/graphql/types/vulnerability_state_enum.rb' - - 'ee/app/graphql/types/vulnerability_confidence_enum.rb' - # WIP: See https://gitlab.com/gitlab-org/gitlab/-/issues/220040 Rails/SaveBang: Exclude: diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION index 74e958a0b93..2ec6b8c1965 100644 --- a/GITALY_SERVER_VERSION +++ b/GITALY_SERVER_VERSION @@ -1 +1 @@ -125aa5ddeb59977b974a13cc460663209c6bd2f4 +ccd8ea3e1436d6464ac5f67e6bebd1ae317f4d50 diff --git a/app/assets/javascripts/boards/boards_util.js b/app/assets/javascripts/boards/boards_util.js index cdf25b2d428..d113a1d39d8 100644 --- a/app/assets/javascripts/boards/boards_util.js +++ b/app/assets/javascripts/boards/boards_util.js @@ -1,5 +1,4 @@ import { sortBy, cloneDeep } from 'lodash'; -import { getIdFromGraphQLId } from '~/graphql_shared/utils'; import { ListType, MilestoneIDs } from './constants'; export function getMilestone() { @@ -49,12 +48,10 @@ export function formatListIssues(listIssues) { return { ...map, [list.id]: sortedIssues.map((i) => { - const id = getIdFromGraphQLId(i.id); + const { id } = i; const listIssue = { ...i, - id, - fullId: i.id, labels: i.labels?.nodes || [], assignees: i.assignees?.nodes || [], }; diff --git a/app/assets/javascripts/boards/components/board_content_sidebar.vue b/app/assets/javascripts/boards/components/board_content_sidebar.vue index 7a936e75676..e0105d63d99 100644 --- a/app/assets/javascripts/boards/components/board_content_sidebar.vue +++ b/app/assets/javascripts/boards/components/board_content_sidebar.vue @@ -96,7 +96,7 @@ export default { <template #header> <sidebar-todo-widget class="gl-mt-3" - :issuable-id="activeBoardItem.fullId" + :issuable-id="activeBoardItem.id" :issuable-iid="activeBoardItem.iid" :full-path="fullPath" :issuable-type="issuableType" diff --git a/app/assets/javascripts/boards/components/board_list.vue b/app/assets/javascripts/boards/components/board_list.vue index 849492effab..47dffc985aa 100644 --- a/app/assets/javascripts/boards/components/board_list.vue +++ b/app/assets/javascripts/boards/components/board_list.vue @@ -208,7 +208,7 @@ export default { newIndex = children.length; } - const getItemId = (el) => Number(el.dataset.itemId); + const getItemId = (el) => el.dataset.itemId; // If item is being moved within the same list if (from === to) { @@ -234,7 +234,7 @@ export default { } this.moveItem({ - itemId: Number(itemId), + itemId, itemIid, itemPath, fromListId: from.dataset.listId, diff --git a/app/assets/javascripts/boards/stores/actions.js b/app/assets/javascripts/boards/stores/actions.js index 402205334c8..dc06b62cebb 100644 --- a/app/assets/javascripts/boards/stores/actions.js +++ b/app/assets/javascripts/boards/stores/actions.js @@ -574,8 +574,8 @@ export default { boardId: fullBoardId, fromListId: getIdFromGraphQLId(fromListId), toListId: getIdFromGraphQLId(toListId), - moveBeforeId, - moveAfterId, + moveBeforeId: moveBeforeId ? getIdFromGraphQLId(moveBeforeId) : undefined, + moveAfterId: moveAfterId ? getIdFromGraphQLId(moveAfterId) : undefined, // 'mutationVariables' allows EE code to pass in extra parameters. ...mutationVariables, }, @@ -642,7 +642,7 @@ export default { } const rawIssue = data.createIssue?.issue; - const formattedIssue = formatIssue({ ...rawIssue, id: getIdFromGraphQLId(rawIssue.id) }); + const formattedIssue = formatIssue(rawIssue); dispatch('removeListItem', { listId: list.id, itemId: placeholderId }); dispatch('addListItem', { list, item: formattedIssue, position: 0 }); }) @@ -678,7 +678,7 @@ export default { } commit(types.UPDATE_BOARD_ITEM_BY_ID, { - itemId: getIdFromGraphQLId(data.updateIssue?.issue?.id) || activeBoardItem.id, + itemId: data.updateIssue?.issue?.id || activeBoardItem.id, prop: 'labels', value: data.updateIssue.issue.labels.nodes, }); diff --git a/app/assets/javascripts/boards/stores/getters.js b/app/assets/javascripts/boards/stores/getters.js index 7fa8cac9c98..cb31eb4b008 100644 --- a/app/assets/javascripts/boards/stores/getters.js +++ b/app/assets/javascripts/boards/stores/getters.js @@ -16,7 +16,7 @@ export default { }, activeBoardItem: (state) => { - return state.boardItems[state.activeId] || { iid: '', id: '', fullId: '' }; + return state.boardItems[state.activeId] || { iid: '', id: '' }; }, groupPathForActiveIssue: (_, getters) => { diff --git a/app/assets/javascripts/boards/stores/mutations.js b/app/assets/javascripts/boards/stores/mutations.js index 86df3139e0a..ef5b84b4575 100644 --- a/app/assets/javascripts/boards/stores/mutations.js +++ b/app/assets/javascripts/boards/stores/mutations.js @@ -1,6 +1,5 @@ import { cloneDeep, pull, union } from 'lodash'; import Vue from 'vue'; -import { getIdFromGraphQLId } from '~/graphql_shared/utils'; import { s__, __ } from '~/locale'; import { formatIssue } from '../boards_util'; import { issuableTypes } from '../constants'; @@ -201,8 +200,7 @@ export default { }, [mutationTypes.MUTATE_ISSUE_SUCCESS]: (state, { issue }) => { - const issueId = getIdFromGraphQLId(issue.id); - Vue.set(state.boardItems, issueId, formatIssue({ ...issue, id: issueId })); + Vue.set(state.boardItems, issue.id, formatIssue(issue)); }, [mutationTypes.ADD_BOARD_ITEM_TO_LIST]: ( diff --git a/app/assets/javascripts/sidebar/components/assignees/sidebar_assignees_widget.vue b/app/assets/javascripts/sidebar/components/assignees/sidebar_assignees_widget.vue index 1dd05d3886e..1b28ba2afd1 100644 --- a/app/assets/javascripts/sidebar/components/assignees/sidebar_assignees_widget.vue +++ b/app/assets/javascripts/sidebar/components/assignees/sidebar_assignees_widget.vue @@ -3,7 +3,6 @@ import { GlDropdownItem } from '@gitlab/ui'; import { cloneDeep } from 'lodash'; import Vue from 'vue'; import createFlash from '~/flash'; -import { getIdFromGraphQLId } from '~/graphql_shared/utils'; import { IssuableType } from '~/issue_show/constants'; import { __, n__ } from '~/locale'; import SidebarAssigneesRealtime from '~/sidebar/components/assignees/assignees_realtime.vue'; @@ -173,7 +172,7 @@ export default { }) .then(({ data }) => { this.$emit('assignees-updated', { - id: getIdFromGraphQLId(data.issuableSetAssignees.issuable.id), + id: data.issuableSetAssignees.issuable.id, assignees: data.issuableSetAssignees.issuable.assignees.nodes, }); return data; diff --git a/config/feature_flags/development/method_instrumentation_disable_initialization.yml b/config/feature_flags/development/method_instrumentation_disable_initialization.yml deleted file mode 100644 index d73d6fdaac7..00000000000 --- a/config/feature_flags/development/method_instrumentation_disable_initialization.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -name: method_instrumentation_disable_initialization -introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/69091 -rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/339665 -milestone: '14.3' -type: development -group: group::memory -default_enabled: false diff --git a/config/feature_flags/development/vulnerability_flags.yml b/config/feature_flags/development/vulnerability_flags.yml index 8e78dc0f611..6ea7dd2e3f1 100644 --- a/config/feature_flags/development/vulnerability_flags.yml +++ b/config/feature_flags/development/vulnerability_flags.yml @@ -2,7 +2,7 @@ name: vulnerability_flags introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/66775 rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/340203 -milestone: '14.2' +milestone: '14.3' type: development group: group::static analysis -default_enabled: false +default_enabled: true diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb index 204d4d88f0a..02fc4912f94 100644 --- a/config/initializers/session_store.rb +++ b/config/initializers/session_store.rb @@ -13,6 +13,8 @@ end cookie_key = if Rails.env.development? "_gitlab_session_#{Digest::SHA256.hexdigest(Rails.root.to_s)}" + elsif ::Gitlab.ee? && ::Gitlab::Geo.connected? && ::Gitlab::Geo.secondary? + "_gitlab_session_geo_#{Digest::SHA256.hexdigest(GeoNode.current_node_name)}" else "_gitlab_session" end diff --git a/config/initializers/zz_metrics.rb b/config/initializers/zz_metrics.rb index b23d20aa4cd..25e4ec0d483 100644 --- a/config/initializers/zz_metrics.rb +++ b/config/initializers/zz_metrics.rb @@ -162,49 +162,6 @@ if Gitlab::Metrics.enabled? && !Rails.env.test? && !(Rails.env.development? && d config.middleware.use(Gitlab::Metrics::ElasticsearchRackMiddleware) end - # We are removing the Instrumentation module entirely in steps. - # More in https://gitlab.com/gitlab-org/gitlab/-/issues/217978. - unless ::Feature.enabled?(:method_instrumentation_disable_initialization) - # This instruments all methods residing in app/models that (appear to) use any - # of the ActiveRecord methods. This has to take place _after_ initializing as - # for some unknown reason calling eager_load! earlier breaks Devise. - Gitlab::Application.config.after_initialize do - # We should move all the logic of this file to somewhere else - # and require it after `Rails.application.initialize!` in `environment.rb` file. - models_path = Rails.root.join('app', 'models').to_s - - Dir.glob("**/*.rb", base: models_path).sort.each do |file| - require_dependency file - end - - regex = Regexp.union( - ActiveRecord::Querying.public_instance_methods(false).map(&:to_s) - ) - - Gitlab::Metrics::Instrumentation - .instrument_class_hierarchy(ActiveRecord::Base) do |klass, method| - # Instrumenting the ApplicationSetting class can lead to an infinite - # loop. Since the data is cached any way we don't really need to - # instrument it. - if klass == ApplicationSetting - false - else - loc = method.source_location - - loc && loc[0].start_with?(models_path) && method.source =~ regex - end - end - - # Ability is in app/models, is not an ActiveRecord model, but should still - # be instrumented. - Gitlab::Metrics::Instrumentation.instrument_methods(Ability) - end - - Gitlab::Metrics::Instrumentation.configure do |config| - instrument_classes(config) - end - end - GC::Profiler.enable module TrackNewRedisConnections diff --git a/doc/administration/gitaly/index.md b/doc/administration/gitaly/index.md index dec18495f1c..797e1bfdf79 100644 --- a/doc/administration/gitaly/index.md +++ b/doc/administration/gitaly/index.md @@ -449,6 +449,8 @@ To monitor [strong consistency](#strong-consistency), you can use the following - `gitaly_hook_transaction_voting_delay_seconds`, the client-side delay introduced by waiting for the transaction to be committed. +You can also monitor the [Praefect logs](../logs.md#praefect-logs). + ## Do not bypass Gitaly GitLab doesn't advise directly accessing Gitaly repositories stored on disk with a Git client, diff --git a/doc/administration/logs.md b/doc/administration/logs.md index 058437c168a..990287e3907 100644 --- a/doc/administration/logs.md +++ b/doc/administration/logs.md @@ -50,6 +50,7 @@ except those captured by `runit`. | [Mailroom](#mail_room_jsonlog-default) | **{check-circle}** Yes | **{check-circle}** Yes | | [NGINX](#nginx-logs) | **{check-circle}** Yes | **{check-circle}** Yes | | [PostgreSQL Logs](#postgresql-logs) | **{dotted-circle}** No | **{check-circle}** Yes | +| [Praefect Logs](#praefect-logs) | **{dotted-circle}** Yes| **{check-circle}** Yes | | [Prometheus Logs](#prometheus-logs) | **{dotted-circle}** No | **{check-circle}** Yes | | [Puma](#puma-logs) | **{check-circle}** Yes | **{check-circle}** Yes | | [Redis Logs](#redis-logs) | **{dotted-circle}** No | **{check-circle}** Yes | @@ -1062,6 +1063,12 @@ For Omnibus GitLab installations, GitLab Exporter logs are in `/var/log/gitlab/g For Omnibus GitLab installations, GitLab Kubernetes Agent Server logs are in `/var/log/gitlab/gitlab-kas/`. +## Praefect Logs + +For Omnibus GitLab installations, Praefect logs are in `/var/log/gitlab/praefect/`. + +GitLab also tracks [Prometheus metrics for Praefect](gitaly/#monitor-gitaly-cluster). + ## Performance bar stats > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/48149) in GitLab 13.7. diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md index dedb2ec4c0e..6a24eae6c35 100644 --- a/doc/api/graphql/reference/index.md +++ b/doc/api/graphql/reference/index.md @@ -15700,12 +15700,12 @@ State of a GitLab iteration. | Value | Description | | ----- | ----------- | -| <a id="iterationstateall"></a>`all` | | -| <a id="iterationstateclosed"></a>`closed` | | -| <a id="iterationstatecurrent"></a>`current` | | -| <a id="iterationstateopened"></a>`opened` | | +| <a id="iterationstateall"></a>`all` | Any iteration. | +| <a id="iterationstateclosed"></a>`closed` | Closed iteration. | +| <a id="iterationstatecurrent"></a>`current` | Current iteration. | +| <a id="iterationstateopened"></a>`opened` | Open iteration. | | <a id="iterationstatestarted"></a>`started` **{warning-solid}** | **Deprecated** in 14.1. Use current instead. | -| <a id="iterationstateupcoming"></a>`upcoming` | | +| <a id="iterationstateupcoming"></a>`upcoming` | Upcoming iteration. | ### `IterationWildcardId` @@ -16101,8 +16101,8 @@ State of a requirement. | Value | Description | | ----- | ----------- | -| <a id="requirementstatearchived"></a>`ARCHIVED` | | -| <a id="requirementstateopened"></a>`OPENED` | | +| <a id="requirementstatearchived"></a>`ARCHIVED` | Archived requirement. | +| <a id="requirementstateopened"></a>`OPENED` | Open requirement. | ### `RequirementStatusFilter` @@ -16110,9 +16110,9 @@ Status of a requirement based on last test report. | Value | Description | | ----- | ----------- | -| <a id="requirementstatusfilterfailed"></a>`FAILED` | | +| <a id="requirementstatusfilterfailed"></a>`FAILED` | Failed test report. | | <a id="requirementstatusfiltermissing"></a>`MISSING` | Requirements without any test report. | -| <a id="requirementstatusfilterpassed"></a>`PASSED` | | +| <a id="requirementstatusfilterpassed"></a>`PASSED` | Passed test report. | ### `RunnerMembershipFilter` @@ -16152,14 +16152,14 @@ The type of the security scanner. | Value | Description | | ----- | ----------- | -| <a id="securityscannertypeapi_fuzzing"></a>`API_FUZZING` | | -| <a id="securityscannertypecluster_image_scanning"></a>`CLUSTER_IMAGE_SCANNING` | | -| <a id="securityscannertypecontainer_scanning"></a>`CONTAINER_SCANNING` | | -| <a id="securityscannertypecoverage_fuzzing"></a>`COVERAGE_FUZZING` | | -| <a id="securityscannertypedast"></a>`DAST` | | -| <a id="securityscannertypedependency_scanning"></a>`DEPENDENCY_SCANNING` | | -| <a id="securityscannertypesast"></a>`SAST` | | -| <a id="securityscannertypesecret_detection"></a>`SECRET_DETECTION` | | +| <a id="securityscannertypeapi_fuzzing"></a>`API_FUZZING` | API Fuzzing scanner. | +| <a id="securityscannertypecluster_image_scanning"></a>`CLUSTER_IMAGE_SCANNING` | Cluster Image Scanning scanner. | +| <a id="securityscannertypecontainer_scanning"></a>`CONTAINER_SCANNING` | Container Scanning scanner. | +| <a id="securityscannertypecoverage_fuzzing"></a>`COVERAGE_FUZZING` | Coverage Fuzzing scanner. | +| <a id="securityscannertypedast"></a>`DAST` | DAST scanner. | +| <a id="securityscannertypedependency_scanning"></a>`DEPENDENCY_SCANNING` | Dependency Scanning scanner. | +| <a id="securityscannertypesast"></a>`SAST` | SAST scanner. | +| <a id="securityscannertypesecret_detection"></a>`SECRET_DETECTION` | Secret Detection scanner. | ### `SentryErrorStatus` @@ -16261,8 +16261,8 @@ State of a test report. | Value | Description | | ----- | ----------- | -| <a id="testreportstatefailed"></a>`FAILED` | | -| <a id="testreportstatepassed"></a>`PASSED` | | +| <a id="testreportstatefailed"></a>`FAILED` | Failed test report. | +| <a id="testreportstatepassed"></a>`PASSED` | Passed test report. | ### `TodoActionEnum` @@ -16375,13 +16375,13 @@ Confidence that a given vulnerability is present in the codebase. | Value | Description | | ----- | ----------- | -| <a id="vulnerabilityconfidenceconfirmed"></a>`CONFIRMED` | | -| <a id="vulnerabilityconfidenceexperimental"></a>`EXPERIMENTAL` | | -| <a id="vulnerabilityconfidencehigh"></a>`HIGH` | | -| <a id="vulnerabilityconfidenceignore"></a>`IGNORE` | | -| <a id="vulnerabilityconfidencelow"></a>`LOW` | | -| <a id="vulnerabilityconfidencemedium"></a>`MEDIUM` | | -| <a id="vulnerabilityconfidenceunknown"></a>`UNKNOWN` | | +| <a id="vulnerabilityconfidenceconfirmed"></a>`CONFIRMED` | Confirmed confidence. | +| <a id="vulnerabilityconfidenceexperimental"></a>`EXPERIMENTAL` | Experimental confidence. | +| <a id="vulnerabilityconfidencehigh"></a>`HIGH` | High confidence. | +| <a id="vulnerabilityconfidenceignore"></a>`IGNORE` | Ignore confidence. | +| <a id="vulnerabilityconfidencelow"></a>`LOW` | Low confidence. | +| <a id="vulnerabilityconfidencemedium"></a>`MEDIUM` | Medium confidence. | +| <a id="vulnerabilityconfidenceunknown"></a>`UNKNOWN` | Unknown confidence. | ### `VulnerabilityDismissalReason` @@ -16417,11 +16417,11 @@ The grade of the vulnerable project. | Value | Description | | ----- | ----------- | -| <a id="vulnerabilitygradea"></a>`A` | | -| <a id="vulnerabilitygradeb"></a>`B` | | -| <a id="vulnerabilitygradec"></a>`C` | | -| <a id="vulnerabilitygraded"></a>`D` | | -| <a id="vulnerabilitygradef"></a>`F` | | +| <a id="vulnerabilitygradea"></a>`A` | A grade. | +| <a id="vulnerabilitygradeb"></a>`B` | B grade. | +| <a id="vulnerabilitygradec"></a>`C` | C grade. | +| <a id="vulnerabilitygraded"></a>`D` | D grade. | +| <a id="vulnerabilitygradef"></a>`F` | F grade. | ### `VulnerabilityIssueLinkType` @@ -16429,8 +16429,8 @@ The type of the issue link related to a vulnerability. | Value | Description | | ----- | ----------- | -| <a id="vulnerabilityissuelinktypecreated"></a>`CREATED` | | -| <a id="vulnerabilityissuelinktyperelated"></a>`RELATED` | | +| <a id="vulnerabilityissuelinktypecreated"></a>`CREATED` | Issue is created for the vulnerability. | +| <a id="vulnerabilityissuelinktyperelated"></a>`RELATED` | Has a related issue. | ### `VulnerabilityReportType` @@ -16438,15 +16438,15 @@ The type of the security scan that found the vulnerability. | Value | Description | | ----- | ----------- | -| <a id="vulnerabilityreporttypeapi_fuzzing"></a>`API_FUZZING` | | -| <a id="vulnerabilityreporttypecluster_image_scanning"></a>`CLUSTER_IMAGE_SCANNING` | | -| <a id="vulnerabilityreporttypecontainer_scanning"></a>`CONTAINER_SCANNING` | | -| <a id="vulnerabilityreporttypecoverage_fuzzing"></a>`COVERAGE_FUZZING` | | -| <a id="vulnerabilityreporttypedast"></a>`DAST` | | -| <a id="vulnerabilityreporttypedependency_scanning"></a>`DEPENDENCY_SCANNING` | | -| <a id="vulnerabilityreporttypegeneric"></a>`GENERIC` | | -| <a id="vulnerabilityreporttypesast"></a>`SAST` | | -| <a id="vulnerabilityreporttypesecret_detection"></a>`SECRET_DETECTION` | | +| <a id="vulnerabilityreporttypeapi_fuzzing"></a>`API_FUZZING` | API Fuzzing report. | +| <a id="vulnerabilityreporttypecluster_image_scanning"></a>`CLUSTER_IMAGE_SCANNING` | Cluster Image Scanning report. | +| <a id="vulnerabilityreporttypecontainer_scanning"></a>`CONTAINER_SCANNING` | Container Scanning report. | +| <a id="vulnerabilityreporttypecoverage_fuzzing"></a>`COVERAGE_FUZZING` | Coverage Fuzzing report. | +| <a id="vulnerabilityreporttypedast"></a>`DAST` | DAST report. | +| <a id="vulnerabilityreporttypedependency_scanning"></a>`DEPENDENCY_SCANNING` | Dependency Scanning report. | +| <a id="vulnerabilityreporttypegeneric"></a>`GENERIC` | Generic report. | +| <a id="vulnerabilityreporttypesast"></a>`SAST` | SAST report. | +| <a id="vulnerabilityreporttypesecret_detection"></a>`SECRET_DETECTION` | Secret Detection report. | ### `VulnerabilitySeverity` @@ -16454,12 +16454,12 @@ The severity of the vulnerability. | Value | Description | | ----- | ----------- | -| <a id="vulnerabilityseveritycritical"></a>`CRITICAL` | | -| <a id="vulnerabilityseverityhigh"></a>`HIGH` | | -| <a id="vulnerabilityseverityinfo"></a>`INFO` | | -| <a id="vulnerabilityseveritylow"></a>`LOW` | | -| <a id="vulnerabilityseveritymedium"></a>`MEDIUM` | | -| <a id="vulnerabilityseverityunknown"></a>`UNKNOWN` | | +| <a id="vulnerabilityseveritycritical"></a>`CRITICAL` | Critical severity. | +| <a id="vulnerabilityseverityhigh"></a>`HIGH` | High severity. | +| <a id="vulnerabilityseverityinfo"></a>`INFO` | Info severity. | +| <a id="vulnerabilityseveritylow"></a>`LOW` | Low severity. | +| <a id="vulnerabilityseveritymedium"></a>`MEDIUM` | Medium severity. | +| <a id="vulnerabilityseverityunknown"></a>`UNKNOWN` | Unknown severity. | ### `VulnerabilitySort` @@ -16484,10 +16484,10 @@ The state of the vulnerability. | Value | Description | | ----- | ----------- | -| <a id="vulnerabilitystateconfirmed"></a>`CONFIRMED` | | -| <a id="vulnerabilitystatedetected"></a>`DETECTED` | | -| <a id="vulnerabilitystatedismissed"></a>`DISMISSED` | | -| <a id="vulnerabilitystateresolved"></a>`RESOLVED` | | +| <a id="vulnerabilitystateconfirmed"></a>`CONFIRMED` | Confirmed vulnerability. | +| <a id="vulnerabilitystatedetected"></a>`DETECTED` | Detected vulnerability. | +| <a id="vulnerabilitystatedismissed"></a>`DISMISSED` | Dismissed vulnerability. | +| <a id="vulnerabilitystateresolved"></a>`RESOLVED` | Resolved vulnerability. | ### `WeightWildcardId` diff --git a/doc/user/application_security/dast/index.md b/doc/user/application_security/dast/index.md index 37a19ec77a4..15cd6e4a75f 100644 --- a/doc/user/application_security/dast/index.md +++ b/doc/user/application_security/dast/index.md @@ -1094,7 +1094,7 @@ To edit an existing site profile: 1. Edit the fields then select **Save profile**. If a site profile is linked to a security policy, a user cannot edit the profile from this page. See -[Scan Policies](../policies/index.md) +[Scan Execution Policies](../policies/index.md#scan-execution-policy-editor) for more information. #### Delete a site profile @@ -1108,7 +1108,7 @@ To delete an existing site profile: 1. Select **Delete** to confirm the deletion. If a site profile is linked to a security policy, a user cannot delete the profile from this page. -See [Scan Policies](../policies/index.md) +See [Scan Execution Policies](../policies/index.md#scan-execution-policy-editor) for more information. #### Validate a site profile @@ -1238,7 +1238,7 @@ To edit a scanner profile: 1. Select **Save profile**. If a scanner profile is linked to a security policy, a user cannot edit the profile from this page. -See [Scan Policies](../policies/index.md) +See [Scan Execution Policies](../policies/index.md#scan-execution-policy-editor) for more information. #### Delete a scanner profile @@ -1252,7 +1252,7 @@ To delete a scanner profile: 1. Select **Delete**. If a scanner profile is linked to a security policy, a user cannot delete the profile from this -page. See [Scan Policies](../policies/index.md) +page. See [Scan Execution Policies](../policies/index.md#scan-execution-policy-editor) for more information. ### Auditing diff --git a/doc/user/application_security/policies/img/container_policy_rule_mode_v14_3.png b/doc/user/application_security/policies/img/container_policy_rule_mode_v14_3.png Binary files differindex 3efa344eb59..b21d0330b2f 100644 --- a/doc/user/application_security/policies/img/container_policy_rule_mode_v14_3.png +++ b/doc/user/application_security/policies/img/container_policy_rule_mode_v14_3.png diff --git a/doc/user/group/saml_sso/index.md b/doc/user/group/saml_sso/index.md index 6865378f333..b7b31e89f3b 100644 --- a/doc/user/group/saml_sso/index.md +++ b/doc/user/group/saml_sso/index.md @@ -57,6 +57,7 @@ Once users have signed into GitLab using the SSO SAML setup, changing the `NameI #### NameID Format We recommend setting the NameID format to `Persistent` unless using a field (such as email) that requires a different format. +Most NameID formats can be used, except `Transient` due to the temporary nature of this format. ### Assertions @@ -489,12 +490,13 @@ If you do not wish to use that GitLab user with the SAML login, you can [unlink ### Message: "SAML authentication failed: User has already been taken" -The user that you're signed in with already has SAML linked to a different identity. +The user that you're signed in with already has SAML linked to a different identity, or the NameID value has changed. Here are possible causes and solutions: | Cause | Solution | | ---------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | You've tried to link multiple SAML identities to the same user, for a given identity provider. | Change the identity that you sign in with. To do so, [unlink the previous SAML identity](#unlinking-accounts) from this GitLab account before attempting to sign in again. | +| The NameID changes everytime the user requests SSO identification | Check the NameID is not set with `Transient` format, or the NameID is not changing on subsequent requests.| ### Message: "SAML authentication failed: Email has already been taken" diff --git a/lib/gitlab/database/partitioning/partition_manager.rb b/lib/gitlab/database/partitioning/partition_manager.rb index 7e433ecdd39..2ba5b35d6b9 100644 --- a/lib/gitlab/database/partitioning/partition_manager.rb +++ b/lib/gitlab/database/partitioning/partition_manager.rb @@ -74,8 +74,9 @@ module Gitlab end def create(partitions) - connection.transaction do - with_lock_retries do + # with_lock_retries starts a requires_new transaction most of the time, but not on the last iteration + with_lock_retries do + connection.transaction(requires_new: false) do # so we open a transaction here if not already in progress partitions.each do |partition| connection.execute partition.to_sql @@ -88,8 +89,9 @@ module Gitlab end def detach(partitions) - connection.transaction do - with_lock_retries do + # with_lock_retries starts a requires_new transaction most of the time, but not on the last iteration + with_lock_retries do + connection.transaction(requires_new: false) do # so we open a transaction here if not already in progress partitions.each { |p| detach_one_partition(p) } end end diff --git a/lib/gitlab/database/postgresql_adapter/dump_schema_versions_mixin.rb b/lib/gitlab/database/postgresql_adapter/dump_schema_versions_mixin.rb index a2e7f4befab..59ca06b5aca 100644 --- a/lib/gitlab/database/postgresql_adapter/dump_schema_versions_mixin.rb +++ b/lib/gitlab/database/postgresql_adapter/dump_schema_versions_mixin.rb @@ -7,7 +7,7 @@ module Gitlab extend ActiveSupport::Concern def dump_schema_information # :nodoc: - Gitlab::Database::SchemaMigrations.touch_all(self) + Gitlab::Database::SchemaMigrations.touch_all(self) if Gitlab.dev_or_test_env? nil end diff --git a/qa/qa/flow/login.rb b/qa/qa/flow/login.rb index d23d8eaf097..05a509588f1 100644 --- a/qa/qa/flow/login.rb +++ b/qa/qa/flow/login.rb @@ -5,10 +5,10 @@ module QA module Login module_function - def while_signed_in(as: nil, address: :gitlab) + def while_signed_in(as: nil, address: :gitlab, admin: false) Page::Main::Menu.perform(&:sign_out_if_signed_in) - sign_in(as: as, address: address) + sign_in(as: as, address: address, admin: admin) result = yield @@ -17,19 +17,25 @@ module QA end def while_signed_in_as_admin(address: :gitlab) - while_signed_in(as: Runtime::User.admin, address: address) do + while_signed_in(address: address, admin: true) do yield end end - def sign_in(as: nil, address: :gitlab, skip_page_validation: false) + def sign_in(as: nil, address: :gitlab, skip_page_validation: false, admin: false) Page::Main::Menu.perform(&:sign_out) if Page::Main::Menu.perform(&:signed_in?) Runtime::Browser.visit(address, Page::Main::Login) - Page::Main::Login.perform { |login| login.sign_in_using_credentials(user: as, skip_page_validation: skip_page_validation) } + Page::Main::Login.perform do |login| + if admin + login.sign_in_using_admin_credentials + else + login.sign_in_using_credentials(user: as, skip_page_validation: skip_page_validation) + end + end end def sign_in_as_admin(address: :gitlab) - sign_in(as: Runtime::User.admin, address: address) + sign_in(as: Runtime::User.admin, address: address, admin: true) end def sign_in_unless_signed_in(as: nil, address: :gitlab) diff --git a/qa/qa/page/main/login.rb b/qa/qa/page/main/login.rb index 2c7ce69e4e5..c3170478733 100644 --- a/qa/qa/page/main/login.rb +++ b/qa/qa/page/main/login.rb @@ -53,7 +53,7 @@ module QA set_initial_password_if_present if Runtime::User.ldap_user? && user && user.username != Runtime::User.ldap_username - raise 'If an LDAP user is provided, it must be used for sign-in', QA::Resource::User::InvalidUserError + raise QA::Resource::User::InvalidUserError, 'If an LDAP user is provided, it must be used for sign-in' end if Runtime::User.ldap_user? diff --git a/qa/qa/resource/user.rb b/qa/qa/resource/user.rb index 01de1a73422..811ce5e0505 100644 --- a/qa/qa/resource/user.rb +++ b/qa/qa/resource/user.rb @@ -187,7 +187,8 @@ module QA end def fetching_own_data? - api_user&.username == username || Runtime::User.username == username + runtime_username = Runtime::User.ldap_user? ? Runtime::User.ldap_username : Runtime::User.username + api_user&.username == username || runtime_username == username end end end diff --git a/qa/qa/runtime/api/client.rb b/qa/qa/runtime/api/client.rb index 4126ff9ff5a..8a5e22fbc37 100644 --- a/qa/qa/runtime/api/client.rb +++ b/qa/qa/runtime/api/client.rb @@ -36,16 +36,28 @@ module QA if Runtime::Env.admin_personal_access_token Runtime::API::Client.new(:gitlab, personal_access_token: Runtime::Env.admin_personal_access_token) else - user = Resource::User.fabricate_via_api! do |user| - user.username = Runtime::User.admin_username - user.password = Runtime::User.admin_password + # To return an API client that has admin access, we need a user with admin access to confirm that + # the API client user has admin access. + client = nil + Flow::Login.while_signed_in_as_admin do + admin_token = Resource::PersonalAccessToken.fabricate! do |pat| + pat.user = Runtime::User.admin + end.token + + client = Runtime::API::Client.new(:gitlab, personal_access_token: admin_token) + + user = QA::Resource::User.init do |user| + user.username = QA::Runtime::User.admin_username + user.password = QA::Runtime::User.admin_password + user.api_client = client + end.reload! + + unless user.admin? # rubocop: disable Cop/UserAdmin + raise AuthorizationError, "User '#{user.username}' is not an administrator." + end end - unless user.admin? - raise AuthorizationError, "User '#{user.username}' is not an administrator." - end - - Runtime::API::Client.new(:gitlab, user: user) + client end end end diff --git a/qa/qa/runtime/user.rb b/qa/qa/runtime/user.rb index a836206034d..0af42470a7c 100644 --- a/qa/qa/runtime/user.rb +++ b/qa/qa/runtime/user.rb @@ -34,7 +34,7 @@ module QA end def ldap_user? - Runtime::Env.ldap_username && Runtime::Env.ldap_password + Runtime::Env.ldap_username.present? && Runtime::Env.ldap_password.present? end def ldap_username diff --git a/spec/frontend/boards/mock_data.js b/spec/frontend/boards/mock_data.js index 1bc61c6a112..6a4f344bbfb 100644 --- a/spec/frontend/boards/mock_data.js +++ b/spec/frontend/boards/mock_data.js @@ -192,8 +192,7 @@ export const mockIssue = { export const mockActiveIssue = { ...mockIssue, - fullId: 'gid://gitlab/Issue/436', - id: 436, + id: 'gid://gitlab/Issue/436', iid: '27', subscribed: false, emailsDisabled: false, diff --git a/spec/frontend/boards/stores/actions_spec.js b/spec/frontend/boards/stores/actions_spec.js index 680b5ca670b..62e0fa7a68a 100644 --- a/spec/frontend/boards/stores/actions_spec.js +++ b/spec/frontend/boards/stores/actions_spec.js @@ -26,7 +26,6 @@ import issueCreateMutation from '~/boards/graphql/issue_create.mutation.graphql' import actions, { gqlClient } from '~/boards/stores/actions'; import * as types from '~/boards/stores/mutation_types'; import mutations from '~/boards/stores/mutations'; -import { getIdFromGraphQLId } from '~/graphql_shared/utils'; import { mockLists, @@ -1213,8 +1212,8 @@ describe('updateMovedIssueCard', () => { describe('updateIssueOrder', () => { const issues = { - 436: mockIssue, - 437: mockIssue2, + [mockIssue.id]: mockIssue, + [mockIssue2.id]: mockIssue2, }; const state = { @@ -1223,7 +1222,7 @@ describe('updateIssueOrder', () => { }; const moveData = { - itemId: 436, + itemId: mockIssue.id, fromListId: 'gid://gitlab/List/1', toListId: 'gid://gitlab/List/2', }; @@ -1482,7 +1481,7 @@ describe('addListNewIssue', () => { type: 'addListItem', payload: { list: fakeList, - item: formatIssue({ ...mockIssue, id: getIdFromGraphQLId(mockIssue.id) }), + item: formatIssue(mockIssue), position: 0, }, }, diff --git a/spec/frontend/boards/stores/getters_spec.js b/spec/frontend/boards/stores/getters_spec.js index c0774dd3ae1..b30968c45d7 100644 --- a/spec/frontend/boards/stores/getters_spec.js +++ b/spec/frontend/boards/stores/getters_spec.js @@ -77,12 +77,12 @@ describe('Boards - Getters', () => { }); describe('getBoardItemById', () => { - const state = { boardItems: { 1: 'issue' } }; + const state = { boardItems: { 'gid://gitlab/Issue/1': 'issue' } }; it.each` - id | expected - ${'1'} | ${'issue'} - ${''} | ${{}} + id | expected + ${'gid://gitlab/Issue/1'} | ${'issue'} + ${''} | ${{}} `('returns $expected when $id is passed to state', ({ id, expected }) => { expect(getters.getBoardItemById(state)(id)).toEqual(expected); }); @@ -90,11 +90,11 @@ describe('Boards - Getters', () => { describe('activeBoardItem', () => { it.each` - id | expected - ${'1'} | ${'issue'} - ${''} | ${{ id: '', iid: '', fullId: '' }} + id | expected + ${'gid://gitlab/Issue/1'} | ${'issue'} + ${''} | ${{ id: '', iid: '' }} `('returns $expected when $id is passed to state', ({ id, expected }) => { - const state = { boardItems: { 1: 'issue' }, activeId: id }; + const state = { boardItems: { 'gid://gitlab/Issue/1': 'issue' }, activeId: id }; expect(getters.activeBoardItem(state)).toEqual(expected); }); diff --git a/spec/frontend/boards/stores/mutations_spec.js b/spec/frontend/boards/stores/mutations_spec.js index 96306b966fa..0e830258327 100644 --- a/spec/frontend/boards/stores/mutations_spec.js +++ b/spec/frontend/boards/stores/mutations_spec.js @@ -407,7 +407,7 @@ describe('Board Store Mutations', () => { describe('MUTATE_ISSUE_SUCCESS', () => { it('updates issue in issues state', () => { const issues = { - 436: { id: rawIssue.id }, + [rawIssue.id]: { id: rawIssue.id }, }; state = { @@ -419,7 +419,7 @@ describe('Board Store Mutations', () => { issue: rawIssue, }); - expect(state.boardItems).toEqual({ 436: { ...mockIssue, id: 436 } }); + expect(state.boardItems).toEqual({ [mockIssue.id]: mockIssue }); }); }); diff --git a/spec/frontend/sidebar/components/assignees/sidebar_assignees_widget_spec.js b/spec/frontend/sidebar/components/assignees/sidebar_assignees_widget_spec.js index 8504684d23a..39f63b2a9f4 100644 --- a/spec/frontend/sidebar/components/assignees/sidebar_assignees_widget_spec.js +++ b/spec/frontend/sidebar/components/assignees/sidebar_assignees_widget_spec.js @@ -206,7 +206,7 @@ describe('Sidebar assignees widget', () => { status: null, }, ], - id: 1, + id: 'gid://gitlab/Issue/1', }, ], ]); diff --git a/spec/lib/gitlab/database/partitioning/partition_manager_spec.rb b/spec/lib/gitlab/database/partitioning/partition_manager_spec.rb index 3d60457c3a9..24ca0357b6e 100644 --- a/spec/lib/gitlab/database/partitioning/partition_manager_spec.rb +++ b/spec/lib/gitlab/database/partitioning/partition_manager_spec.rb @@ -18,6 +18,11 @@ RSpec.describe Gitlab::Database::Partitioning::PartitionManager do it 'remembers registered models' do expect { described_class.register(model) }.to change { described_class.models }.to include(model) end + + after do + # Do not leak the double to other specs + described_class.models.delete(model) + end end context 'creating partitions (mocked)' do diff --git a/spec/lib/gitlab/database/postgresql_adapter/dump_schema_versions_mixin_spec.rb b/spec/lib/gitlab/database/postgresql_adapter/dump_schema_versions_mixin_spec.rb index 40e36bc02e9..8b06f068503 100644 --- a/spec/lib/gitlab/database/postgresql_adapter/dump_schema_versions_mixin_spec.rb +++ b/spec/lib/gitlab/database/postgresql_adapter/dump_schema_versions_mixin_spec.rb @@ -26,4 +26,12 @@ RSpec.describe Gitlab::Database::PostgresqlAdapter::DumpSchemaVersionsMixin do instance.dump_schema_information end + + it 'does not call touch_all in production' do + allow(Rails).to receive(:env).and_return(ActiveSupport::StringInquirer.new('production')) + + expect(Gitlab::Database::SchemaMigrations).not_to receive(:touch_all) + + instance.dump_schema_information + end end |