Add latest changes from gitlab-org/gitlab@master

13 files changed, 187 insertions, 14 deletions

diff --git a/db/docs/agent_user_access_group_authorizations.yml b/db/docs/agent_user_access_group_authorizations.yml
new file mode 100644
index 00000000000..659b36bd61f
--- /dev/null
+++ b/db/docs/agent_user_access_group_authorizations.yml
@@ -0,0 +1,10 @@
+---
+table_name: agent_user_access_group_authorizations
+classes:
+- Clusters::Agents::Authorizations::UserAccess::GroupAuthorization
+feature_categories:
+- kubernetes_management
+description: Configuration for a group that is authorized to use a particular cluster agent through user_access keyword
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/116901
+milestone: '15.11'
+gitlab_schema: gitlab_main
diff --git a/db/docs/agent_user_access_project_authorizations.yml b/db/docs/agent_user_access_project_authorizations.yml
new file mode 100644
index 00000000000..0f0953da630
--- /dev/null
+++ b/db/docs/agent_user_access_project_authorizations.yml
@@ -0,0 +1,10 @@
+---
+table_name: agent_user_access_project_authorizations
+classes:
+- Clusters::Agents::Authorizations::UserAccess::ProjectAuthorization
+feature_categories:
+- kubernetes_management
+description: Configuration for a project that is authorized to use a particular cluster agent through user_access keyword
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/116901
+milestone: '15.11'
+gitlab_schema: gitlab_main
diff --git a/db/docs/batched_background_migrations/backfill_admin_mode_scope_for_personal_access_tokens.yml b/db/docs/batched_background_migrations/backfill_admin_mode_scope_for_personal_access_tokens.yml
new file mode 100644
index 00000000000..33f3371e294
--- /dev/null
+++ b/db/docs/batched_background_migrations/backfill_admin_mode_scope_for_personal_access_tokens.yml
@@ -0,0 +1,6 @@
+---
+migration_job_name: BackfillAdminModeScopeForPersonalAccessTokens
+description: backfills `admin_mode` scope to personal access tokens associated to administrators
+feature_category: system_access
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/107875
+milestone: 15.8
diff --git a/db/migrate/20230406150254_create_agent_user_access_project_authorizations_table.rb b/db/migrate/20230406150254_create_agent_user_access_project_authorizations_table.rb
new file mode 100644
index 00000000000..1adc3bb001a
--- /dev/null
+++ b/db/migrate/20230406150254_create_agent_user_access_project_authorizations_table.rb
@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+class CreateAgentUserAccessProjectAuthorizationsTable < Gitlab::Database::Migration[2.1]
+  INDEX_NAME_1 = 'index_agent_user_access_on_project_id'
+  INDEX_NAME_2 = 'index_agent_user_access_on_agent_id_and_project_id'
+
+  def change
+    create_table :agent_user_access_project_authorizations do |t|
+      t.bigint :project_id, null: false
+      t.bigint :agent_id, null: false
+      t.jsonb :config, null: false
+
+      t.index [:project_id], name: INDEX_NAME_1
+      t.index [:agent_id, :project_id], unique: true, name: INDEX_NAME_2
+    end
+  end
+end
diff --git a/db/migrate/20230406150354_create_agent_user_access_group_authorizations_table.rb b/db/migrate/20230406150354_create_agent_user_access_group_authorizations_table.rb
new file mode 100644
index 00000000000..1d4df7d7330
--- /dev/null
+++ b/db/migrate/20230406150354_create_agent_user_access_group_authorizations_table.rb
@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+class CreateAgentUserAccessGroupAuthorizationsTable < Gitlab::Database::Migration[2.1]
+  INDEX_NAME_1 = 'index_agent_user_access_on_group_id'
+  INDEX_NAME_2 = 'index_agent_user_access_on_agent_id_and_group_id'
+
+  def change
+    create_table :agent_user_access_group_authorizations do |t|
+      t.bigint :group_id, null: false
+      t.bigint :agent_id, null: false
+      t.jsonb :config, null: false
+
+      t.index [:group_id], name: INDEX_NAME_1
+      t.index [:agent_id, :group_id], unique: true, name: INDEX_NAME_2
+    end
+  end
+end
diff --git a/db/migrate/20230406150454_add_fks_to_agent_user_access_authorizations.rb b/db/migrate/20230406150454_add_fks_to_agent_user_access_authorizations.rb
new file mode 100644
index 00000000000..62f00620108
--- /dev/null
+++ b/db/migrate/20230406150454_add_fks_to_agent_user_access_authorizations.rb
@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+class AddFksToAgentUserAccessAuthorizations < Gitlab::Database::Migration[2.1]
+  disable_ddl_transaction!
+
+  def up
+    add_concurrent_foreign_key :agent_user_access_project_authorizations, :projects,
+      column: :project_id, on_delete: :cascade
+    add_concurrent_foreign_key :agent_user_access_project_authorizations, :cluster_agents,
+      column: :agent_id, on_delete: :cascade
+    add_concurrent_foreign_key :agent_user_access_group_authorizations, :namespaces,
+      column: :group_id, on_delete: :cascade
+    add_concurrent_foreign_key :agent_user_access_group_authorizations, :cluster_agents,
+      column: :agent_id, on_delete: :cascade
+  end
+
+  def down
+    with_lock_retries do
+      remove_foreign_key_if_exists :agent_user_access_project_authorizations, column: :project_id
+    end
+
+    with_lock_retries do
+      remove_foreign_key_if_exists :agent_user_access_project_authorizations, column: :agent_id
+    end
+
+    with_lock_retries do
+      remove_foreign_key_if_exists :agent_user_access_group_authorizations, column: :group_id
+    end
+
+    with_lock_retries do
+      remove_foreign_key_if_exists :agent_user_access_group_authorizations, column: :agent_id
+    end
+  end
+end
diff --git a/db/post_migrate/20221228103133_queue_backfill_admin_mode_scope_for_personal_access_tokens.rb b/db/post_migrate/20221228103133_queue_backfill_admin_mode_scope_for_personal_access_tokens.rb
index c111d5090e1..577d55f4df6 100644
--- a/db/post_migrate/20221228103133_queue_backfill_admin_mode_scope_for_personal_access_tokens.rb
+++ b/db/post_migrate/20221228103133_queue_backfill_admin_mode_scope_for_personal_access_tokens.rb
@@ -1,21 +1,11 @@
 # frozen_string_literal: true
 
 class QueueBackfillAdminModeScopeForPersonalAccessTokens < Gitlab::Database::Migration[2.1]
-  MIGRATION = 'BackfillAdminModeScopeForPersonalAccessTokens'
-  DELAY_INTERVAL = 2.minutes
-
   restrict_gitlab_migration gitlab_schema: :gitlab_main
 
-  def up
-    queue_batched_background_migration(
-      MIGRATION,
-      :personal_access_tokens,
-      :id,
-      job_interval: DELAY_INTERVAL
-    )
-  end
+  # no-op as the original migration is rescheduled
+  # in migrations version 20230406093640
+  def up; end
 
-  def down
-    delete_batched_background_migration(MIGRATION, :personal_access_tokens, :id, [])
-  end
+  def down; end
 end
diff --git a/db/post_migrate/20230406093640_requeue_backfill_admin_mode_scope_for_personal_access_tokens.rb b/db/post_migrate/20230406093640_requeue_backfill_admin_mode_scope_for_personal_access_tokens.rb
new file mode 100644
index 00000000000..17ba9edef22
--- /dev/null
+++ b/db/post_migrate/20230406093640_requeue_backfill_admin_mode_scope_for_personal_access_tokens.rb
@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+class RequeueBackfillAdminModeScopeForPersonalAccessTokens < Gitlab::Database::Migration[2.1]
+  MIGRATION = 'BackfillAdminModeScopeForPersonalAccessTokens'
+  DELAY_INTERVAL = 2.minutes
+
+  restrict_gitlab_migration gitlab_schema: :gitlab_main
+
+  def up
+    delete_batched_background_migration(MIGRATION, :personal_access_tokens, :id, [])
+
+    queue_batched_background_migration(
+      MIGRATION,
+      :personal_access_tokens,
+      :id,
+      job_interval: DELAY_INTERVAL
+    )
+  end
+
+  def down
+    delete_batched_background_migration(MIGRATION, :personal_access_tokens, :id, [])
+  end
+end
diff --git a/db/schema_migrations/20230406093640 b/db/schema_migrations/20230406093640
new file mode 100644
index 00000000000..3bc9003b2fa
--- /dev/null
+++ b/db/schema_migrations/20230406093640
@@ -0,0 +1 @@
+a49416e1b59ffb29bf2015c96e6bdf92428036862102fbbfa63284cc1da53c82
\ No newline at end of file
diff --git a/db/schema_migrations/20230406150254 b/db/schema_migrations/20230406150254
new file mode 100644
index 00000000000..3e3463a76f9
--- /dev/null
+++ b/db/schema_migrations/20230406150254
@@ -0,0 +1 @@
+2b8aea677f295a0ab8f5ca9fbe7162156a06de89bd30ab5b252eb4460bcc7a2e
\ No newline at end of file
diff --git a/db/schema_migrations/20230406150354 b/db/schema_migrations/20230406150354
new file mode 100644
index 00000000000..484af1e53ad
--- /dev/null
+++ b/db/schema_migrations/20230406150354
@@ -0,0 +1 @@
+2f1ef88ab1731b20821a86a74006ed0856d3c7baa5e197f72410aedb15cb2894
\ No newline at end of file
diff --git a/db/schema_migrations/20230406150454 b/db/schema_migrations/20230406150454
new file mode 100644
index 00000000000..f7237bd5ef2
--- /dev/null
+++ b/db/schema_migrations/20230406150454
@@ -0,0 +1 @@
+9966f807ce21016777a87d437355241cd8e5cacf2ccd143258ef0446e6f26e93
\ No newline at end of file
diff --git a/db/structure.sql b/db/structure.sql
index 26d2a9c5787..600cac16e96 100644
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -10858,6 +10858,38 @@ CREATE SEQUENCE agent_project_authorizations_id_seq
 
 ALTER SEQUENCE agent_project_authorizations_id_seq OWNED BY agent_project_authorizations.id;
 
+CREATE TABLE agent_user_access_group_authorizations (
+    id bigint NOT NULL,
+    group_id bigint NOT NULL,
+    agent_id bigint NOT NULL,
+    config jsonb NOT NULL
+);
+
+CREATE SEQUENCE agent_user_access_group_authorizations_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+ALTER SEQUENCE agent_user_access_group_authorizations_id_seq OWNED BY agent_user_access_group_authorizations.id;
+
+CREATE TABLE agent_user_access_project_authorizations (
+    id bigint NOT NULL,
+    project_id bigint NOT NULL,
+    agent_id bigint NOT NULL,
+    config jsonb NOT NULL
+);
+
+CREATE SEQUENCE agent_user_access_project_authorizations_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+ALTER SEQUENCE agent_user_access_project_authorizations_id_seq OWNED BY agent_user_access_project_authorizations.id;
+
 CREATE TABLE alert_management_alert_assignees (
     id bigint NOT NULL,
     user_id bigint NOT NULL,
@@ -24534,6 +24566,10 @@ ALTER TABLE ONLY agent_group_authorizations ALTER COLUMN id SET DEFAULT nextval(
 
 ALTER TABLE ONLY agent_project_authorizations ALTER COLUMN id SET DEFAULT nextval('agent_project_authorizations_id_seq'::regclass);
 
+ALTER TABLE ONLY agent_user_access_group_authorizations ALTER COLUMN id SET DEFAULT nextval('agent_user_access_group_authorizations_id_seq'::regclass);
+
+ALTER TABLE ONLY agent_user_access_project_authorizations ALTER COLUMN id SET DEFAULT nextval('agent_user_access_project_authorizations_id_seq'::regclass);
+
 ALTER TABLE ONLY alert_management_alert_assignees ALTER COLUMN id SET DEFAULT nextval('alert_management_alert_assignees_id_seq'::regclass);
 
 ALTER TABLE ONLY alert_management_alert_metric_images ALTER COLUMN id SET DEFAULT nextval('alert_management_alert_metric_images_id_seq'::regclass);
@@ -26234,6 +26270,12 @@ ALTER TABLE ONLY agent_group_authorizations
 ALTER TABLE ONLY agent_project_authorizations
     ADD CONSTRAINT agent_project_authorizations_pkey PRIMARY KEY (id);
 
+ALTER TABLE ONLY agent_user_access_group_authorizations
+    ADD CONSTRAINT agent_user_access_group_authorizations_pkey PRIMARY KEY (id);
+
+ALTER TABLE ONLY agent_user_access_project_authorizations
+    ADD CONSTRAINT agent_user_access_project_authorizations_pkey PRIMARY KEY (id);
+
 ALTER TABLE ONLY alert_management_alert_assignees
     ADD CONSTRAINT alert_management_alert_assignees_pkey PRIMARY KEY (id);
 
@@ -29409,6 +29451,14 @@ CREATE UNIQUE INDEX index_agent_project_authorizations_on_agent_id_and_project_i
 
 CREATE INDEX index_agent_project_authorizations_on_project_id ON agent_project_authorizations USING btree (project_id);
 
+CREATE UNIQUE INDEX index_agent_user_access_on_agent_id_and_group_id ON agent_user_access_group_authorizations USING btree (agent_id, group_id);
+
+CREATE UNIQUE INDEX index_agent_user_access_on_agent_id_and_project_id ON agent_user_access_project_authorizations USING btree (agent_id, project_id);
+
+CREATE INDEX index_agent_user_access_on_group_id ON agent_user_access_group_authorizations USING btree (group_id);
+
+CREATE INDEX index_agent_user_access_on_project_id ON agent_user_access_project_authorizations USING btree (project_id);
+
 CREATE INDEX index_alert_assignees_on_alert_id ON alert_management_alert_assignees USING btree (alert_id);
 
 CREATE UNIQUE INDEX index_alert_assignees_on_user_id_and_alert_id ON alert_management_alert_assignees USING btree (user_id, alert_id);
@@ -34320,6 +34370,9 @@ ALTER TABLE ONLY epics
 ALTER TABLE ONLY environments
     ADD CONSTRAINT fk_01a033a308 FOREIGN KEY (merge_request_id) REFERENCES merge_requests(id) ON DELETE SET NULL;
 
+ALTER TABLE ONLY agent_user_access_project_authorizations
+    ADD CONSTRAINT fk_0250c0ad51 FOREIGN KEY (agent_id) REFERENCES cluster_agents(id) ON DELETE CASCADE;
+
 ALTER TABLE ONLY incident_management_escalation_rules
     ADD CONSTRAINT fk_0314ee86eb FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE;
 
@@ -34617,6 +34670,9 @@ ALTER TABLE ONLY alert_management_alerts
 ALTER TABLE ONLY path_locks
     ADD CONSTRAINT fk_5265c98f24 FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE;
 
+ALTER TABLE ONLY agent_user_access_group_authorizations
+    ADD CONSTRAINT fk_53fd98ccbf FOREIGN KEY (group_id) REFERENCES namespaces(id) ON DELETE CASCADE;
+
 ALTER TABLE ONLY clusters_applications_prometheus
     ADD CONSTRAINT fk_557e773639 FOREIGN KEY (cluster_id) REFERENCES clusters(id) ON DELETE CASCADE;
 
@@ -34737,6 +34793,9 @@ ALTER TABLE ONLY vulnerabilities
 ALTER TABLE ONLY oauth_openid_requests
     ADD CONSTRAINT fk_77114b3b09 FOREIGN KEY (access_grant_id) REFERENCES oauth_access_grants(id) ON DELETE CASCADE;
 
+ALTER TABLE ONLY agent_user_access_project_authorizations
+    ADD CONSTRAINT fk_78034b05d8 FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE;
+
 ALTER TABLE ONLY users
     ADD CONSTRAINT fk_789cd90b35 FOREIGN KEY (accepted_term_id) REFERENCES application_setting_terms(id) ON DELETE CASCADE;
 
@@ -34854,6 +34913,9 @@ ALTER TABLE ONLY boards_epic_list_user_preferences
 ALTER TABLE ONLY issues
     ADD CONSTRAINT fk_96b1dd429c FOREIGN KEY (milestone_id) REFERENCES milestones(id) ON DELETE SET NULL;
 
+ALTER TABLE ONLY agent_user_access_group_authorizations
+    ADD CONSTRAINT fk_97ce8e8284 FOREIGN KEY (agent_id) REFERENCES cluster_agents(id) ON DELETE CASCADE;
+
 ALTER TABLE ONLY vulnerability_occurrences
     ADD CONSTRAINT fk_97ffe77653 FOREIGN KEY (vulnerability_id) REFERENCES vulnerabilities(id) ON DELETE SET NULL;