Add latest changes from gitlab-org/gitlab@master

11 files changed, 116 insertions, 28 deletions

diff --git a/app/assets/javascripts/pipelines/pipeline_tabs.js b/app/assets/javascripts/pipelines/pipeline_tabs.js
index c0e769e2485..8f2fc9b189e 100644
--- a/app/assets/javascripts/pipelines/pipeline_tabs.js
+++ b/app/assets/javascripts/pipelines/pipeline_tabs.js
@@ -29,6 +29,10 @@ export const createAppOptions = (selector, apolloProvider) => {
     pipelineIid,
     pipelineProjectPath,
     totalJobCount,
+    licenseManagementApiUrl,
+    licenseManagementSettingsPath,
+    licensesApiPath,
+    canManageLicenses,
   } = dataset;
 
   const defaultTabValue = getPipelineDefaultTab(window.location.href);
@@ -54,6 +58,10 @@ export const createAppOptions = (selector, apolloProvider) => {
       pipelineIid,
       pipelineProjectPath,
       totalJobCount,
+      licenseManagementApiUrl,
+      licenseManagementSettingsPath,
+      licensesApiPath,
+      canManageLicenses: parseBoolean(canManageLicenses),
     },
     errorCaptured(err, _vm, info) {
       reportToSentry('pipeline_tabs', `error: ${err}, info: ${info}`);
diff --git a/app/controllers/projects/analytics/cycle_analytics/stages_controller.rb b/app/controllers/projects/analytics/cycle_analytics/stages_controller.rb
index 7b38c069a60..ab2cf3abdde 100644
--- a/app/controllers/projects/analytics/cycle_analytics/stages_controller.rb
+++ b/app/controllers/projects/analytics/cycle_analytics/stages_controller.rb
@@ -2,6 +2,7 @@
 
 class Projects::Analytics::CycleAnalytics::StagesController < Projects::ApplicationController
   include ::Analytics::CycleAnalytics::StageActions
+  include Gitlab::Utils::StrongMemoize
   extend ::Gitlab::Utils::Override
 
   respond_to :json
@@ -10,6 +11,7 @@ class Projects::Analytics::CycleAnalytics::StagesController < Projects::Applicat
 
   before_action :authorize_read_cycle_analytics!
   before_action :only_default_value_stream_is_allowed!
+  before_action :authorize_stage!, only: [:median, :count, :average, :records]
 
   urgency :low
 
@@ -25,7 +27,26 @@ class Projects::Analytics::CycleAnalytics::StagesController < Projects::Applicat
     Analytics::CycleAnalytics::ProjectValueStream
   end
 
+  override :cycle_analytics_configuration
+  def cycle_analytics_configuration(stages)
+    super(stages.select { |stage| permitted_stage?(stage) })
+  end
+
   def only_default_value_stream_is_allowed!
     render_404 if params[:value_stream_id] != Analytics::CycleAnalytics::Stages::BaseService::DEFAULT_VALUE_STREAM_NAME
   end
+
+  def permitted_stage?(stage)
+    permissions[stage.name.to_sym] # name matches the permission key (only when default stages are used)
+  end
+
+  def permissions
+    strong_memoize(:permissions) do
+      Gitlab::CycleAnalytics::Permissions.new(user: current_user, project: parent).get
+    end
+  end
+
+  def authorize_stage!
+    render_403 unless permitted_stage?(stage)
+  end
 end
diff --git a/doc/user/application_security/container_scanning/index.md b/doc/user/application_security/container_scanning/index.md
index 92bb5af984a..e11db9d12d9 100644
--- a/doc/user/application_security/container_scanning/index.md
+++ b/doc/user/application_security/container_scanning/index.md
@@ -8,7 +8,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 # Container Scanning **(FREE)**
 
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/3672) in GitLab 10.4.
-> - [Moved](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/86783) to Free tier in GitLab 15.0.
+> - [Moved](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/86783) from GitLab Ultimate to GitLab Free in 15.0.
 
 Your application's Docker image may itself be based on Docker images that contain known
 vulnerabilities. By including an extra Container Scanning job in your pipeline that scans for those
diff --git a/doc/user/infrastructure/clusters/connect/new_eks_cluster.md b/doc/user/infrastructure/clusters/connect/new_eks_cluster.md
index 969ee7de6fb..2f5967bd7ee 100644
--- a/doc/user/infrastructure/clusters/connect/new_eks_cluster.md
+++ b/doc/user/infrastructure/clusters/connect/new_eks_cluster.md
@@ -122,6 +122,7 @@ To remove all resources:
     stages:
       - init
       - validate
+      - test
       - build
       - deploy
       - cleanup
diff --git a/lib/gitlab/usage_data_counters/hll_redis_counter.rb b/lib/gitlab/usage_data_counters/hll_redis_counter.rb
index 40581bda81b..b6133463023 100644
--- a/lib/gitlab/usage_data_counters/hll_redis_counter.rb
+++ b/lib/gitlab/usage_data_counters/hll_redis_counter.rb
@@ -43,6 +43,7 @@ module Gitlab
         importer
         incident_management_alerts
         pipeline_authoring
+        search
         secure
         snippets
         source_code
diff --git a/lib/gitlab/usage_data_counters/known_events/common.yml b/lib/gitlab/usage_data_counters/known_events/common.yml
index 88c9f44c165..ea05e0b0249 100644
--- a/lib/gitlab/usage_data_counters/known_events/common.yml
+++ b/lib/gitlab/usage_data_counters/known_events/common.yml
@@ -44,14 +44,6 @@
   category: search
   redis_slot: search
   aggregation: weekly
-- name: i_search_advanced
-  category: search
-  redis_slot: search
-  aggregation: weekly
-- name: i_search_paid
-  category: search
-  redis_slot: search
-  aggregation: weekly
 - name: wiki_action
   category: source_code
   aggregation: daily
diff --git a/spec/controllers/projects/analytics/cycle_analytics/stages_controller_spec.rb b/spec/controllers/projects/analytics/cycle_analytics/stages_controller_spec.rb
index 3f0318c3973..8903592ba15 100644
--- a/spec/controllers/projects/analytics/cycle_analytics/stages_controller_spec.rb
+++ b/spec/controllers/projects/analytics/cycle_analytics/stages_controller_spec.rb
@@ -54,6 +54,32 @@ RSpec.describe Projects::Analytics::CycleAnalytics::StagesController do
     end
   end
 
+  shared_examples 'project-level value stream analytics with guest user' do
+    let_it_be(:guest) { create(:user) }
+
+    before do
+      project.add_guest(guest)
+      sign_out(user)
+      sign_in(guest)
+    end
+
+    %w[code review].each do |id|
+      it "disallows stage #{id}" do
+        get action, params: params.merge(id: id)
+
+        expect(response).to have_gitlab_http_status(:forbidden)
+      end
+    end
+
+    %w[issue plan test staging].each do |id|
+      it "allows stage #{id}" do
+        get action, params: params.merge(id: id)
+
+        expect(response).to have_gitlab_http_status(:ok)
+      end
+    end
+  end
+
   describe 'GET index' do
     let(:action) { :index }
 
@@ -78,6 +104,20 @@ RSpec.describe Projects::Analytics::CycleAnalytics::StagesController do
     end
 
     it_behaves_like 'project-level value stream analytics request error examples'
+
+    it 'only returns authorized stages' do
+      guest = create(:user)
+      sign_out(user)
+      sign_in(guest)
+      project.add_guest(guest)
+
+      get action, params: params
+
+      expect(response).to have_gitlab_http_status(:ok)
+
+      expect(json_response['stages'].map { |stage| stage['title'] })
+        .to contain_exactly('Issue', 'Plan', 'Test', 'Staging')
+    end
   end
 
   describe 'GET median' do
@@ -102,6 +142,8 @@ RSpec.describe Projects::Analytics::CycleAnalytics::StagesController do
     end
 
     it_behaves_like 'project-level value stream analytics request error examples'
+
+    it_behaves_like 'project-level value stream analytics with guest user'
   end
 
   describe 'GET average' do
@@ -126,6 +168,8 @@ RSpec.describe Projects::Analytics::CycleAnalytics::StagesController do
     end
 
     it_behaves_like 'project-level value stream analytics request error examples'
+
+    it_behaves_like 'project-level value stream analytics with guest user'
   end
 
   describe 'GET count' do
@@ -150,6 +194,8 @@ RSpec.describe Projects::Analytics::CycleAnalytics::StagesController do
     end
 
     it_behaves_like 'project-level value stream analytics request error examples'
+
+    it_behaves_like 'project-level value stream analytics with guest user'
   end
 
   describe 'GET records' do
@@ -174,5 +220,7 @@ RSpec.describe Projects::Analytics::CycleAnalytics::StagesController do
     end
 
     it_behaves_like 'project-level value stream analytics request error examples'
+
+    it_behaves_like 'project-level value stream analytics with guest user'
   end
 end
diff --git a/spec/features/cycle_analytics_spec.rb b/spec/features/cycle_analytics_spec.rb
index 03d61020ff0..e843f37c6f1 100644
--- a/spec/features/cycle_analytics_spec.rb
+++ b/spec/features/cycle_analytics_spec.rb
@@ -213,14 +213,20 @@ RSpec.describe 'Value Stream Analytics', :js do
       expect(page.find(metrics_selector)).not_to have_selector("#commits")
     end
 
-    it 'needs permissions to see restricted stages' do
+    it 'does not show restricted stages', :aggregate_failures do
       expect(find(stage_table_selector)).to have_content(issue.title)
 
-      click_stage('Code')
-      expect(find(stage_table_selector)).to have_content('You need permission.')
+      expect(page).to have_selector('.gl-path-nav-list-item', text: 'Issue')
 
-      click_stage('Review')
-      expect(find(stage_table_selector)).to have_content('You need permission.')
+      expect(page).to have_selector('.gl-path-nav-list-item', text: 'Plan')
+
+      expect(page).to have_selector('.gl-path-nav-list-item', text: 'Test')
+
+      expect(page).to have_selector('.gl-path-nav-list-item', text: 'Staging')
+
+      expect(page).not_to have_selector('.gl-path-nav-list-item', text: 'Code')
+
+      expect(page).not_to have_selector('.gl-path-nav-list-item', text: 'Review')
     end
   end
 
diff --git a/spec/lib/gitlab/background_migration/nullify_orphan_runner_id_on_ci_builds_spec.rb b/spec/lib/gitlab/background_migration/nullify_orphan_runner_id_on_ci_builds_spec.rb
index e38edfc3643..11e7c70250e 100644
--- a/spec/lib/gitlab/background_migration/nullify_orphan_runner_id_on_ci_builds_spec.rb
+++ b/spec/lib/gitlab/background_migration/nullify_orphan_runner_id_on_ci_builds_spec.rb
@@ -2,12 +2,12 @@
 
 require 'spec_helper'
 
-RSpec.describe Gitlab::BackgroundMigration::NullifyOrphanRunnerIdOnCiBuilds, :migration, schema: 20220223112304 do
+RSpec.describe Gitlab::BackgroundMigration::NullifyOrphanRunnerIdOnCiBuilds, migration: :gitlab_ci, schema: 20220223112304 do
   let(:namespaces) { table(:namespaces) }
   let(:projects) { table(:projects) }
-  let(:ci_runners) { table(:ci_runners, database: :ci) }
-  let(:ci_pipelines) { table(:ci_pipelines, database: :ci) }
-  let(:ci_builds) { table(:ci_builds, database: :ci) }
+  let(:ci_runners) { table(:ci_runners) }
+  let(:ci_pipelines) { table(:ci_pipelines) }
+  let(:ci_builds) { table(:ci_builds) }
 
   subject { described_class.new }
 
diff --git a/spec/migrations/change_public_projects_cost_factor_spec.rb b/spec/migrations/change_public_projects_cost_factor_spec.rb
index 78030736093..039edda750b 100644
--- a/spec/migrations/change_public_projects_cost_factor_spec.rb
+++ b/spec/migrations/change_public_projects_cost_factor_spec.rb
@@ -3,16 +3,7 @@
 require 'spec_helper'
 require_migration!
 
-RSpec.describe ChangePublicProjectsCostFactor, :migration do
-  # This is a workaround to force the migration to run against the
-  # `gitlab_ci` schema. Otherwise it only runs against `gitlab_main`.
-  around do |example| # rubocop: disable Style/MultilineIfModifier
-    with_reestablished_active_record_base do
-      reconfigure_db_connection(name: :ci)
-      example.run
-    end
-  end if Gitlab::Database.has_config?(:ci)
-
+RSpec.describe ChangePublicProjectsCostFactor, migration: :gitlab_ci do
   let(:runners) { table(:ci_runners) }
 
   let!(:shared_1) { runners.create!(runner_type: 1, public_projects_minutes_cost_factor: 0) }
diff --git a/spec/support/database/multiple_databases.rb b/spec/support/database/multiple_databases.rb
index 94857b47127..05f26e57e9c 100644
--- a/spec/support/database/multiple_databases.rb
+++ b/spec/support/database/multiple_databases.rb
@@ -98,6 +98,26 @@ RSpec.configure do |config|
       example.run
     end
   end
+
+  config.around(:each, :migration) do |example|
+    migration_schema = example.metadata[:migration]
+    migration_schema = :gitlab_main if migration_schema == true
+    base_model = Gitlab::Database.schemas_to_base_models.fetch(migration_schema).first
+
+    # Migration require an `ActiveRecord::Base` to point to desired database
+    if base_model != ActiveRecord::Base
+      with_reestablished_active_record_base do
+        reconfigure_db_connection(
+          model: ActiveRecord::Base,
+          config_model: base_model
+        )
+
+        example.run
+      end
+    else
+      example.run
+    end
+  end
 end
 
 ActiveRecord::Base.singleton_class.prepend(::Database::ActiveRecordBaseEstablishConnection) # rubocop:disable Database/MultipleDatabases