diff options
74 files changed, 424 insertions, 512 deletions
diff --git a/app/assets/javascripts/environments/components/environments_app.vue b/app/assets/javascripts/environments/components/environments_app.vue index 9d2f2646e74..acc16ecd874 100644 --- a/app/assets/javascripts/environments/components/environments_app.vue +++ b/app/assets/javascripts/environments/components/environments_app.vue @@ -1,9 +1,7 @@ <script> -import { GlBadge, GlButton, GlModalDirective, GlTab, GlTabs, GlAlert } from '@gitlab/ui'; +import { GlBadge, GlButton, GlModalDirective, GlTab, GlTabs } from '@gitlab/ui'; import createFlash from '~/flash'; -import { setCookie, getCookie, parseBoolean } from '~/lib/utils/common_utils'; import { s__ } from '~/locale'; -import { ENVIRONMENTS_SURVEY_DISMISSED_COOKIE_NAME } from '../constants'; import eventHub from '../event_hub'; import environmentsMixin from '../mixins/environments_mixin'; import EnvironmentsPaginationApiMixin from '../mixins/environments_pagination_api_mixin'; @@ -17,12 +15,6 @@ export default { i18n: { newEnvironmentButtonLabel: s__('Environments|New environment'), reviewAppButtonLabel: s__('Environments|Enable review app'), - surveyAlertTitle: s__('Environments|Help us improve environments'), - surveyAlertText: s__( - 'Environments|Your feedback helps GitLab make environments better for you and other users. Participate and enter a sweepstake to win a USD 30 gift card.', - ), - surveyAlertButtonLabel: s__('Environments|Take the survey'), - surveyDismissButtonLabel: s__('Environments|Dismiss'), }, modal: { id: 'enable-review-app-info', @@ -33,7 +25,6 @@ export default { EnableReviewAppModal, GlBadge, GlButton, - GlAlert, GlTab, GlTabs, StopEnvironmentModal, @@ -61,13 +52,6 @@ export default { required: true, }, }, - data() { - return { - environmentsSurveyAlertDismissed: parseBoolean( - getCookie(ENVIRONMENTS_SURVEY_DISMISSED_COOKIE_NAME), - ), - }; - }, created() { eventHub.$on('toggleFolder', this.toggleFolder); @@ -117,11 +101,6 @@ export default { openFolders.forEach((folder) => this.fetchChildEnvironments(folder)); } }, - - onSurveyAlertDismiss() { - setCookie(ENVIRONMENTS_SURVEY_DISMISSED_COOKIE_NAME, 'true'); - this.environmentsSurveyAlertDismissed = true; - }, }, }; </script> @@ -152,19 +131,6 @@ export default { >{{ $options.i18n.newEnvironmentButtonLabel }}</gl-button > </div> - <gl-alert - v-if="!environmentsSurveyAlertDismissed" - class="gl-my-4" - :title="$options.i18n.surveyAlertTitle" - :primary-button-text="$options.i18n.surveyAlertButtonLabel" - variant="info" - dismissible - :dismiss-label="$options.i18n.surveyDismissButtonLabel" - primary-button-link="https://gitlab.fra1.qualtrics.com/jfe/form/SV_a2xyFsAA4D0w0Jg" - @dismiss="onSurveyAlertDismiss" - > - {{ $options.i18n.surveyAlertText }} - </gl-alert> <gl-tabs :value="activeTab" content-class="gl-display-none"> <gl-tab v-for="(tab, idx) in tabs" diff --git a/app/assets/javascripts/environments/constants.js b/app/assets/javascripts/environments/constants.js index a02e72dfa72..6d427bef4e6 100644 --- a/app/assets/javascripts/environments/constants.js +++ b/app/assets/javascripts/environments/constants.js @@ -38,5 +38,3 @@ export const CANARY_STATUS = { }; export const CANARY_UPDATE_MODAL = 'confirm-canary-change'; - -export const ENVIRONMENTS_SURVEY_DISMISSED_COOKIE_NAME = 'environments_survey_alert_dismissed'; diff --git a/app/finders/packages/npm/package_finder.rb b/app/finders/packages/npm/package_finder.rb index ffc6bce893f..a367fda37de 100644 --- a/app/finders/packages/npm/package_finder.rb +++ b/app/finders/packages/npm/package_finder.rb @@ -5,17 +5,23 @@ module Packages delegate :find_by_version, to: :execute delegate :last, to: :execute - def initialize(package_name, project: nil, namespace: nil) + # /!\ CAUTION: don't use last_of_each_version: false with find_by_version. Ordering is not + # guaranteed! + def initialize(package_name, project: nil, namespace: nil, last_of_each_version: true) @package_name = package_name @project = project @namespace = namespace + @last_of_each_version = last_of_each_version end def execute - base.npm - .with_name(@package_name) - .installable - .last_of_each_version + result = base.npm + .with_name(@package_name) + .installable + + return result unless @last_of_each_version + + result.last_of_each_version end private diff --git a/app/validators/json_schemas/error_tracking_event_payload.json b/app/validators/json_schemas/error_tracking_event_payload.json index 19abde7de08..74d9aa1fa1f 100644 --- a/app/validators/json_schemas/error_tracking_event_payload.json +++ b/app/validators/json_schemas/error_tracking_event_payload.json @@ -27,94 +27,8 @@ "message": { "type": "string" }, - "user": { - "type": "object", - "required": [], - "properties": {} - }, - "tags": { - "type": "object", - "required": [], - "properties": { - "request_id": { - "type": "string" - } - } - }, "contexts": { - "type": "object", - "required": [], - "properties": { - "os": { - "type": "object", - "required": [], - "properties": { - "name": { - "type": "string" - }, - "version": { - "type": "string" - }, - "build": { - "type": "string" - }, - "kernel_version": { - "type": "string" - } - } - }, - "runtime": { - "type": "object", - "required": [], - "properties": { - "name": { - "type": "string" - }, - "version": { - "type": "string" - } - } - }, - "trace": { - "type": "object" - } - } - }, - "fingerprint": { - "type": "array", - "items": { - "type": "string" - } - }, - "breadcrumbs": { - "type": "object", - "required": [], - "properties": { - "values": { - "type": "array", - "items": { - "type": "object", - "required": [], - "properties": { - "category": { - "type": "string" - }, - "data": { - "type": "object" - }, - "message": { - "type": "string" - }, - "timestamp": { - "type": "number" - } - } - } - } - } - }, - "transaction": { - "type": "string" + "type": "object" }, "platform": { "type": "string" @@ -131,33 +45,6 @@ } } }, - "request": { - "type": "object", - "required": [], - "properties": { - "url": { - "type": "string" - }, - "method": { - "type": "string" - }, - "headers": { - "type": "object" - }, - "env": { - "type": "object", - "required": [], - "properties": { - "SERVER_NAME": { - "type": "string" - }, - "SERVER_PORT": { - "type": "string" - } - } - } - } - }, "exception": { "type": "object", "required": [], diff --git a/config/feature_flags/development/npm_finder_query_avoid_duplicated_conditions.yml b/config/feature_flags/development/npm_finder_query_avoid_duplicated_conditions.yml new file mode 100644 index 00000000000..4313e64e93e --- /dev/null +++ b/config/feature_flags/development/npm_finder_query_avoid_duplicated_conditions.yml @@ -0,0 +1,8 @@ +--- +name: npm_finder_query_avoid_duplicated_conditions +introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/69572 +rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/340099 +milestone: '14.3' +type: development +group: group::package +default_enabled: false diff --git a/db/migrate/20210902171406_add_latest_column_into_the_security_scans_table.rb b/db/migrate/20210902171406_add_latest_column_into_the_security_scans_table.rb new file mode 100644 index 00000000000..90b00fb899a --- /dev/null +++ b/db/migrate/20210902171406_add_latest_column_into_the_security_scans_table.rb @@ -0,0 +1,15 @@ +# frozen_string_literal: true + +class AddLatestColumnIntoTheSecurityScansTable < Gitlab::Database::Migration[1.0] + def up + with_lock_retries do + add_column :security_scans, :latest, :boolean, default: true, null: false + end + end + + def down + with_lock_retries do + remove_column :security_scans, :latest + end + end +end diff --git a/db/schema_migrations/20210902171406 b/db/schema_migrations/20210902171406 new file mode 100644 index 00000000000..89635e256ea --- /dev/null +++ b/db/schema_migrations/20210902171406 @@ -0,0 +1 @@ +d7be9a34d626e507add67f407a6fa0b45f16b244e8ebeeb071debc538fa25b49
\ No newline at end of file diff --git a/db/structure.sql b/db/structure.sql index d6b561419ed..f48b523eea5 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -19004,7 +19004,8 @@ CREATE TABLE security_scans ( scan_type smallint NOT NULL, info jsonb DEFAULT '{}'::jsonb NOT NULL, project_id bigint, - pipeline_id bigint + pipeline_id bigint, + latest boolean DEFAULT true NOT NULL ); CREATE SEQUENCE security_scans_id_seq diff --git a/doc/administration/gitaly/troubleshooting.md b/doc/administration/gitaly/troubleshooting.md index cc852b56d82..1b53a0994f5 100644 --- a/doc/administration/gitaly/troubleshooting.md +++ b/doc/administration/gitaly/troubleshooting.md @@ -226,8 +226,8 @@ update the secrets file on the Gitaly server to match the Gitaly client, then ### Repository pushes fail with a `deny updating a hidden ref` error Due to [a change](https://gitlab.com/gitlab-org/gitaly/-/merge_requests/3426) -introduced in GitLab 13.12, Gitaly has read-only, internal GitLab references that users are not -permitted to update. If you attempt to update internal references with `git push --mirror`, Git +introduced in GitLab 13.12, Gitaly has read-only, internal GitLab references that users are not +permitted to update. If you attempt to update internal references with `git push --mirror`, Git returns the rejection error, `deny updating a hidden ref`. The following references are read-only: @@ -243,7 +243,7 @@ To mirror-push branches and tags only, and avoid attempting to mirror-push prote git push origin +refs/heads/*:refs/heads/* +refs/tags/*:refs/tags/* ``` -Any other namespaces that the admin wants to push can be included there as well via additional patterns. +Any other namespaces that the admin wants to push can be included there as well via additional patterns. ### Command line tools cannot connect to Gitaly diff --git a/doc/administration/pages/index.md b/doc/administration/pages/index.md index b0672f29b65..06199495dc4 100644 --- a/doc/administration/pages/index.md +++ b/doc/administration/pages/index.md @@ -1266,7 +1266,7 @@ Alternatively, run the CI pipelines of those projects that contain a `pages` job ## 404 or 500 error when accessing GitLab Pages in a Geo setup -Pages sites are only available on the primary Geo site, while the codebase of the project is available on all sites. +Pages sites are only available on the primary Geo site, while the codebase of the project is available on all sites. If you try to access a Pages page on a secondary site, you will get a 404 or 500 HTTP code depending on the access control. diff --git a/doc/administration/postgresql/replication_and_failover.md b/doc/administration/postgresql/replication_and_failover.md index 1308697c16e..77e66bcb77b 100644 --- a/doc/administration/postgresql/replication_and_failover.md +++ b/doc/administration/postgresql/replication_and_failover.md @@ -183,7 +183,7 @@ Few things to remember about the service itself: - The service runs as the same system account as the database - In the package, this is by default `gitlab-psql` -- If you use a non-default user account for PgBouncer service (by default `pgbouncer`), you need to specify this username. +- If you use a non-default user account for PgBouncer service (by default `pgbouncer`), you need to specify this username. - Passwords are stored in the following locations: - `/etc/gitlab/gitlab.rb`: hashed, and in plain text - `/var/opt/gitlab/pgbouncer/pg_auth`: hashed diff --git a/doc/administration/troubleshooting/log_parsing.md b/doc/administration/troubleshooting/log_parsing.md index 608f2fe2dc4..c5443c564f4 100644 --- a/doc/administration/troubleshooting/log_parsing.md +++ b/doc/administration/troubleshooting/log_parsing.md @@ -55,7 +55,7 @@ zcat @400000006026b71d1a7af804.s | (head -1; tail -1) | jq '.time' zcat some_json.log.25.gz | (head -1; tail -1) | jq '.time' ``` -#### Get activity for correlation ID across multiple JSON logs in chronological order +#### Get activity for correlation ID across multiple JSON logs in chronological order ```shell grep -hR <correlationID> | jq -c -R 'fromjson?' | jq -C -s 'sort_by(.time)' | less -R diff --git a/doc/api/oauth2.md b/doc/api/oauth2.md index 02904f2be5b..4b3f0e5668b 100644 --- a/doc/api/oauth2.md +++ b/doc/api/oauth2.md @@ -84,8 +84,8 @@ Before starting the flow, generate the `STATE`, the `CODE_VERIFIER` and the `COD `CODE_VERIFIER` - The SHA256 hash must be in binary format before encoding. - In Ruby, you can set that up with `Base64.urlsafe_encode64(Digest::SHA256.digest(CODE_VERIFIER), padding: false)`. - - For reference, a `CODE_VERIFIER` string of `ks02i3jdikdo2k0dkfodf3m39rjfjsdk0wk349rj3jrhf` when hashed - and encoded using the Ruby snippet above produces a `CODE_CHALLENGE` string + - For reference, a `CODE_VERIFIER` string of `ks02i3jdikdo2k0dkfodf3m39rjfjsdk0wk349rj3jrhf` when hashed + and encoded using the Ruby snippet above produces a `CODE_CHALLENGE` string of `2i0WFA-0AerkjQm4X4oDEhqA17QIAKNjXpagHBXmO_U`. 1. Request authorization code. To do that, you should redirect the user to the @@ -138,7 +138,7 @@ Before starting the flow, generate the `STATE`, the `CODE_VERIFIER` and the `COD ``` Example response: - + ```json { "access_token": "c97d1fe52119f38c7f67f0a14db68d60caa35ddc86fd12401718b649dcfa9c68", diff --git a/doc/api/repositories.md b/doc/api/repositories.md index 22ecbcd5ca9..a669bb5177f 100644 --- a/doc/api/repositories.md +++ b/doc/api/repositories.md @@ -215,7 +215,7 @@ GET /projects/:id/repository/contributors ``` WARNING: -The `additions` and `deletions` attributes are deprecated [as of GitLab 13.4](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/39653), because they [always return `0`](https://gitlab.com/gitlab-org/gitlab/-/issues/233119). +The `additions` and `deletions` attributes are [deprecated](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/39653) as of GitLab 13.4, because they [always return `0`](https://gitlab.com/gitlab-org/gitlab/-/issues/233119). Supported attributes: diff --git a/doc/api/resource_access_tokens.md b/doc/api/resource_access_tokens.md index 3532cfda47b..fa1e7aace9a 100644 --- a/doc/api/resource_access_tokens.md +++ b/doc/api/resource_access_tokens.md @@ -4,7 +4,7 @@ group: Access info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Project access tokens API +# Project access tokens API **(FREE)** You can read more about [project access tokens](../user/project/settings/project_access_tokens.md). diff --git a/doc/api/runners.md b/doc/api/runners.md index 26de946b382..89d00488b90 100644 --- a/doc/api/runners.md +++ b/doc/api/runners.md @@ -4,7 +4,7 @@ group: Runner info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Runners API +# Runners API **(FREE)** > [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/2640) in GitLab 8.5. @@ -83,7 +83,7 @@ Example response: ] ``` -## List all runners +## List all runners **(FREE SELF)** Get a list of all runners in the GitLab instance (specific and shared). Access is restricted to users with `admin` privileges. @@ -244,8 +244,8 @@ curl --request PUT --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab ``` NOTE: -The `token` attribute in the response was deprecated [in GitLab 12.10](https://gitlab.com/gitlab-org/gitlab/-/issues/214320). -and removed in [GitLab 13.0](https://gitlab.com/gitlab-org/gitlab/-/issues/214322). +The `token` attribute in the response was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/214320) in GitLab 12.10. +and [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/214322) in GitLab 13.0. Example response: diff --git a/doc/architecture/blueprints/database/scalability/patterns/img/read_mostly_licenses_calls_v14_2.png b/doc/architecture/blueprints/database/scalability/patterns/img/read_mostly_licenses_calls_v14_2.png Binary files differindex f6ae995391c..ec0f6470bdd 100644 --- a/doc/architecture/blueprints/database/scalability/patterns/img/read_mostly_licenses_calls_v14_2.png +++ b/doc/architecture/blueprints/database/scalability/patterns/img/read_mostly_licenses_calls_v14_2.png diff --git a/doc/architecture/blueprints/database/scalability/patterns/img/read_mostly_licenses_fixed_v14_2.png b/doc/architecture/blueprints/database/scalability/patterns/img/read_mostly_licenses_fixed_v14_2.png Binary files differindex dcfaae230d3..40abdd1e238 100644 --- a/doc/architecture/blueprints/database/scalability/patterns/img/read_mostly_licenses_fixed_v14_2.png +++ b/doc/architecture/blueprints/database/scalability/patterns/img/read_mostly_licenses_fixed_v14_2.png diff --git a/doc/architecture/blueprints/database/scalability/patterns/img/read_mostly_readwriteratio_v14_2.png b/doc/architecture/blueprints/database/scalability/patterns/img/read_mostly_readwriteratio_v14_2.png Binary files differindex 9b85f814bc1..0aa14675b5d 100644 --- a/doc/architecture/blueprints/database/scalability/patterns/img/read_mostly_readwriteratio_v14_2.png +++ b/doc/architecture/blueprints/database/scalability/patterns/img/read_mostly_readwriteratio_v14_2.png diff --git a/doc/architecture/blueprints/database/scalability/patterns/img/read_mostly_subscriptions_reads_v14_2.png b/doc/architecture/blueprints/database/scalability/patterns/img/read_mostly_subscriptions_reads_v14_2.png Binary files differindex 4f448841e48..66f5ec4bbc1 100644 --- a/doc/architecture/blueprints/database/scalability/patterns/img/read_mostly_subscriptions_reads_v14_2.png +++ b/doc/architecture/blueprints/database/scalability/patterns/img/read_mostly_subscriptions_reads_v14_2.png diff --git a/doc/architecture/blueprints/database/scalability/patterns/img/read_mostly_subscriptions_writes_v14_2.png b/doc/architecture/blueprints/database/scalability/patterns/img/read_mostly_subscriptions_writes_v14_2.png Binary files differindex e4f5756051f..c1d0193ccf0 100644 --- a/doc/architecture/blueprints/database/scalability/patterns/img/read_mostly_subscriptions_writes_v14_2.png +++ b/doc/architecture/blueprints/database/scalability/patterns/img/read_mostly_subscriptions_writes_v14_2.png diff --git a/doc/ci/chatops/index.md b/doc/ci/chatops/index.md index a461147661c..a2d9cf9054d 100644 --- a/doc/ci/chatops/index.md +++ b/doc/ci/chatops/index.md @@ -7,8 +7,8 @@ type: index, concepts, howto # GitLab ChatOps **(FREE)** -> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/4466) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 10.6. -> - [Moved](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/24780) to [GitLab Free](https://about.gitlab.com/pricing/) in 11.9. +> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/4466) in GitLab Ultimate 10.6. +> - [Moved](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/24780) to GitLab Free in 11.9. GitLab ChatOps provides a method to interact with CI/CD jobs through chat services like Slack. Many organizations' discussion, collaboration, and troubleshooting takes diff --git a/doc/ci/ci_cd_for_external_repos/github_integration.md b/doc/ci/ci_cd_for_external_repos/github_integration.md index 60a939496d6..70a9c8fc775 100644 --- a/doc/ci/ci_cd_for_external_repos/github_integration.md +++ b/doc/ci/ci_cd_for_external_repos/github_integration.md @@ -29,7 +29,7 @@ repositories: 1. In GitHub, create a token: 1. Open <https://github.com/settings/tokens/new>. - 1. Create a **Personal Access Token**. + 1. Create a **Personal Access Token**. 1. Enter a **Token description** and update the scope to allow `repo` and `admin:repo_hook` so that GitLab can access your project, update commit statuses, and create a web hook to notify GitLab of new commits. @@ -57,7 +57,7 @@ To manually enable GitLab CI/CD for your repository: 1. In GitHub, create a token: 1. Open <https://github.com/settings/tokens/new>. - 1. Create a **Personal Access Token**. + 1. Create a **Personal Access Token**. 1. Enter a **Token description** and update the scope to allow `repo` so that GitLab can access your project and update commit statuses. 1. In GitLab, create a project: diff --git a/doc/ci/runners/build_cloud/macos/environment.md b/doc/ci/runners/build_cloud/macos/environment.md index e84b7d0a207..5336890b931 100644 --- a/doc/ci/runners/build_cloud/macos/environment.md +++ b/doc/ci/runners/build_cloud/macos/environment.md @@ -4,12 +4,12 @@ group: Runner info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# VM instances and images for Build Cloud for macOS +# VM instances and images for Build Cloud for macOS When you use the Build Cloud for macOS: -- Each of your jobs runs in a newly provisioned VM, which is dedicated to the specific job. -- The VM is active only for the duration of the job and immediately deleted. +- Each of your jobs runs in a newly provisioned VM, which is dedicated to the specific job. +- The VM is active only for the duration of the job and immediately deleted. ## VM types diff --git a/doc/ci/runners/build_cloud/macos_build_cloud.md b/doc/ci/runners/build_cloud/macos_build_cloud.md index 55f334a4c98..794bc2e597d 100644 --- a/doc/ci/runners/build_cloud/macos_build_cloud.md +++ b/doc/ci/runners/build_cloud/macos_build_cloud.md @@ -12,7 +12,7 @@ of all the capabilities of the GitLab single DevOps platform and not have to man build environment. Build Cloud runners for macOS are in [Beta](https://about.gitlab.com/handbook/product/gitlab-the-product/#beta) -and shouldn't be relied upon for mission-critical production jobs. +and shouldn't be relied upon for mission-critical production jobs. ## Quickstart diff --git a/doc/ci/yaml/index.md b/doc/ci/yaml/index.md index 547a8c37e4c..f86161bbf2b 100644 --- a/doc/ci/yaml/index.md +++ b/doc/ci/yaml/index.md @@ -430,7 +430,7 @@ In `include` sections in your `.gitlab-ci.yml` file, you can use: - [Project variables](../variables/index.md#add-a-cicd-variable-to-a-project) - [Group variables](../variables/index.md#add-a-cicd-variable-to-a-group) - [Instance variables](../variables/index.md#add-a-cicd-variable-to-an-instance) -- Project [predefined variables](../variables/predefined_variables.md). +- Project [predefined variables](../variables/predefined_variables.md). ```yaml include: diff --git a/doc/development/api_graphql_styleguide.md b/doc/development/api_graphql_styleguide.md index 3c8d07610f0..8f781e9ff18 100644 --- a/doc/development/api_graphql_styleguide.md +++ b/doc/development/api_graphql_styleguide.md @@ -941,7 +941,7 @@ end ``` While you can use the same resolver class in two different places, -such as in two different fields where the same object is exposed, +such as in two different fields where the same object is exposed, you should never re-use resolver objects directly. Resolvers have a complex life-cycle, with authorization, readiness and resolution orchestrated by the framework, and at each stage [lazy values](#laziness) can be returned to take advantage of batching diff --git a/doc/development/experiment_guide/index.md b/doc/development/experiment_guide/index.md index cf8342db198..ee871bc3ea7 100644 --- a/doc/development/experiment_guide/index.md +++ b/doc/development/experiment_guide/index.md @@ -12,8 +12,8 @@ Experiments are run as an A/B/n test, and are behind an [experiment feature flag ## Experiment rollout issue -Each experiment should have an [experiment rollout](https://gitlab.com/groups/gitlab-org/-/boards/1352542) issue to track the experiment from rollout through to cleanup and removal. -The rollout issue is similar to a feature flag rollout issue, and is also used to track the status of an experiment. +Each experiment should have an [experiment rollout](https://gitlab.com/groups/gitlab-org/-/boards/1352542) issue to track the experiment from rollout through to cleanup and removal. +The rollout issue is similar to a feature flag rollout issue, and is also used to track the status of an experiment. When an experiment is deployed, the due date of the issue should be set (this depends on the experiment but can be up to a few weeks in the future). After the deadline, the issue needs to be resolved and either: @@ -46,7 +46,7 @@ For more information, see [Implementing an A/B/n experiment using GLEX](gitlab_e There are still some longer running experiments using the [`Exerimentation Module`](experimentation.md). -Both approaches use [experiment](../feature_flags/index.md#experiment-type) feature flags. +Both approaches use [experiment](../feature_flags/index.md#experiment-type) feature flags. `GLEX` is the preferred option for new experiments. ### Add new icons and illustrations for experiments diff --git a/doc/development/fe_guide/source_editor.md b/doc/development/fe_guide/source_editor.md index fc128c0ecb1..2ff0bacfc3a 100644 --- a/doc/development/fe_guide/source_editor.md +++ b/doc/development/fe_guide/source_editor.md @@ -15,7 +15,7 @@ GitLab features use it, including: - [CI Linter](../../ci/lint.md) - [Snippets](../../user/snippets.md) - [Web Editor](../../user/project/repository/web_editor.md) -- [Security Policies](../../user/application_security/threat_monitoring/index.md) +- [Security Policies](../../user/application_security/policies/index.md) ## How to use Source Editor diff --git a/doc/development/i18n/externalization.md b/doc/development/i18n/externalization.md index 517a59a0ff3..c383a1cac73 100644 --- a/doc/development/i18n/externalization.md +++ b/doc/development/i18n/externalization.md @@ -137,7 +137,7 @@ The `~/locale` module exports the following key functions for externalization: - `s__()` (namespaced double underscore parenthesis) - `__()` Mark content for translation (note the double underscore). - `s__()` Mark namespaced content for translation -- `n__()` Mark pluralized content for translation +- `n__()` Mark pluralized content for translation ```javascript import { __, s__, n__ } from '~/locale'; diff --git a/doc/install/aws/eks_clusters_aws.md b/doc/install/aws/eks_clusters_aws.md index 39ce73bc001..297303e5423 100644 --- a/doc/install/aws/eks_clusters_aws.md +++ b/doc/install/aws/eks_clusters_aws.md @@ -29,7 +29,7 @@ Using the EKS Quick Start or `eksctl` enables the following when building an EKS - It can deploy high value-add items to the cluster, including: - A bastion host to keep the cluster endpoint private and possible perform performance testing. - Prometheus and Grafana for monitoring. -- EKS Autoscaler for automatic K8s Node scaling. +- EKS Autoscaler for automatic K8s Node scaling. - 2 or 3 Availability Zones (AZ) spread for balance between High Availability (HA) and cost control. - Ability to specify spot compute. diff --git a/doc/install/aws/gitlab_hybrid_on_aws.md b/doc/install/aws/gitlab_hybrid_on_aws.md index 94365575d31..81d021f19d3 100644 --- a/doc/install/aws/gitlab_hybrid_on_aws.md +++ b/doc/install/aws/gitlab_hybrid_on_aws.md @@ -115,7 +115,7 @@ Some services, such as log aggregation, outbound email are not specified by GitL - [3K AutoScale GPT Test Results](https://gitlab.com/gitlab-com/alliances/aws/implementation-patterns/gitlab-cloud-native-hybrid-on-eks/-/blob/master/gitlab-alliances-testing/3K/3k-QuickStart-AutoScale-ARM-RDS-Cache_v13-12-3-ee_2021-07-23_194200/3k-QuickStart-AutoScale-ARM-RDS-Cache_v13-12-3-ee_2021-07-23_194200_results.txt) - **Deploy Now** + **Deploy Now** Deploy Now links leverage the AWS Quick Start automation and only prepopulate the number of instances and instance types for the Quick Start based on the Bill of Meterials below. You must provide appropriate input for all other parameters by following the guidance in the [Quick Start documentation's Deployment steps](https://aws-quickstart.github.io/quickstart-eks-gitlab/#_deployment_steps) section. - **Deploy Now: AWS Quick Start for 2 AZs** @@ -215,7 +215,7 @@ If EKS node autoscaling is employed, it is likely that your average loading will - [5K Full Scale GPT Test Results](https://gitlab.com/gitlab-com/alliances/aws/implementation-patterns/gitlab-cloud-native-hybrid-on-eks/-/blob/master/gitlab-alliances-testing/5K/5k-QuickStart-ARM-RDS-Redis_v13-12-3-ee_2021-07-23_140128/5k-QuickStart-ARM-RDS-Redis_v13-12-3-ee_2021-07-23_140128_results.txt) - [5K AutoScale from 25% GPT Test Results](https://gitlab.com/gitlab-com/alliances/aws/implementation-patterns/gitlab-cloud-native-hybrid-on-eks/-/blob/master/gitlab-alliances-testing/5K/5k-QuickStart-AutoScale-From-25Percent-ARM-RDS-Redis_v13-12-3-ee_2021-07-24_102717/5k-QuickStart-AutoScale-From-25Percent-ARM-RDS-Redis_v13-12-3-ee_2021-07-24_102717_results.txt) -**Deploy Now** +**Deploy Now** Deploy Now links leverage the AWS Quick Start automation and only prepopulate the number of instances and instance types for the Quick Start based on the Bill of Meterials below. You must provide appropriate input for all other parameters by following the guidance in the [Quick Start documentation's Deployment steps](https://aws-quickstart.github.io/quickstart-eks-gitlab/#_deployment_steps) section. @@ -266,7 +266,7 @@ If EKS node autoscaling is employed, it is likely that your average loading will - [10K Full Scale GPT Test Results](https://gitlab.com/gitlab-com/alliances/aws/implementation-patterns/gitlab-cloud-native-hybrid-on-eks/-/blob/master/gitlab-alliances-testing/10K/GL-CloudNative-10k-RDS-Graviton_v13-12-3-ee_2021-07-08_194647/GL-CloudNative-10k-RDS-Graviton_v13-12-3-ee_2021-07-08_194647_results.txt) - [10K AutoScale GPT Test Results](https://gitlab.com/gitlab-com/alliances/aws/implementation-patterns/gitlab-cloud-native-hybrid-on-eks/-/blob/master/gitlab-alliances-testing/10K/GL-CloudNative-10k-AutoScaling-Test_v13-12-3-ee_2021-07-09_115139/GL-CloudNative-10k-AutoScaling-Test_v13-12-3-ee_2021-07-09_115139_results.txt) -**Deploy Now** +**Deploy Now** Deploy Now links leverage the AWS Quick Start automation and only prepopulate the number of instances and instance types for the Quick Start based on the Bill of Meterials below. You must provide appropriate input for all other parameters by following the guidance in the [Quick Start documentation's Deployment steps](https://aws-quickstart.github.io/quickstart-eks-gitlab/#_deployment_steps) section. @@ -316,7 +316,7 @@ If EKS node autoscaling is employed, it is likely that your average loading will - [50K Full Scale GPT Test Results](https://gitlab.com/gitlab-com/alliances/aws/implementation-patterns/gitlab-cloud-native-hybrid-on-eks/-/blob/master/gitlab-alliances-testing/50K/50k-Fixed-Scale-Test_v13-12-3-ee_2021-08-13_172819/50k-Fixed-Scale-Test_v13-12-3-ee_2021-08-13_172819_results.txt) - [50K AutoScale GPT Test Results](https://gitlab.com/gitlab-com/alliances/aws/implementation-patterns/gitlab-cloud-native-hybrid-on-eks/-/blob/master/gitlab-alliances-testing/50K/50k-AutoScale-Test_v13-12-3-ee_2021-08-13_192633/50k-AutoScale-Test_v13-12-3-ee_2021-08-13_192633.txt) -**Deploy Now** +**Deploy Now** Deploy Now links leverage the AWS Quick Start automation and only prepopulate the number of instances and instance types for the Quick Start based on the Bill of Meterials below. You must provide appropriate input for all other parameters by following the guidance in the [Quick Start documentation's Deployment steps](https://aws-quickstart.github.io/quickstart-eks-gitlab/#_deployment_steps) section. diff --git a/doc/install/aws/gitlab_sre_for_aws.md b/doc/install/aws/gitlab_sre_for_aws.md index a3a70dde618..8116fed4e39 100644 --- a/doc/install/aws/gitlab_sre_for_aws.md +++ b/doc/install/aws/gitlab_sre_for_aws.md @@ -48,7 +48,7 @@ Background: - When not using provisioned EBS IO, EBS volume size determines the IO level, so provisioning volumes that are much larger than needed can be the least expensive way to improve EBS IO. - Only use nitro instance types due to higher IO and EBS optimization. - Use Amazon Linux 2 to ensure the best disk and memory optimizations (for example, ENA network adapters and drivers). -- If GitLab backup scripts are used, they need a temporary space location large enough to hold 2 times the current size of the Git File system. If that will be done on Gitaly servers, separate volumes should be used. +- If GitLab backup scripts are used, they need a temporary space location large enough to hold 2 times the current size of the Git File system. If that will be done on Gitaly servers, separate volumes should be used. ### Gitaly HA in EKS quick start diff --git a/doc/install/aws/index.md b/doc/install/aws/index.md index 4df8de39eb5..d11a77332bb 100644 --- a/doc/install/aws/index.md +++ b/doc/install/aws/index.md @@ -53,7 +53,7 @@ Testing-backed architectural qualification is a fundamental concept behind imple Implementation patterns enable platform-specific terminology, best practice architecture, and platform-specific build manifests: - Implementation patterns are more vendor specific. For instance, advising specific compute instances / VMs / nodes instead of vCPUs or other generalized measures. -- Implementation patterns are oriented to implementing good architecture for the vendor in view. +- Implementation patterns are oriented to implementing good architecture for the vendor in view. - Implementation patterns are written to an audience who is familiar with building on the infrastructure that the implementation pattern targets. For example, if the implementation pattern is for GCP, the specific terminology of GCP is used - including using the specific names for PaaS services. - Implementation patterns can test and qualify if the versions of PaaS available are compatible with GitLab (for example, PostgreSQL, Redis, etc.). diff --git a/doc/topics/autodevops/stages.md b/doc/topics/autodevops/stages.md index 2f354ad9e66..9e6f3103664 100644 --- a/doc/topics/autodevops/stages.md +++ b/doc/topics/autodevops/stages.md @@ -696,7 +696,7 @@ To use Auto Monitoring: 1. [Install and configure the Auto DevOps requirements](requirements.md). 1. [Enable Auto DevOps](index.md#enable-or-disable-auto-devops), if you haven't done already. -1. On the left sidebar, select **CI/CD > Pipelines**. +1. On the left sidebar, select **CI/CD > Pipelines**. 1. Select **Run pipeline**. 1. After the pipeline finishes successfully, open the [monitoring dashboard for a deployed environment](../../ci/environments/index.md#monitor-environments) diff --git a/doc/user/admin_area/analytics/img/admin_devops_adoption_v14_2.png b/doc/user/admin_area/analytics/img/admin_devops_adoption_v14_2.png Binary files differindex d4b3436f3ee..666e03f1d9d 100644 --- a/doc/user/admin_area/analytics/img/admin_devops_adoption_v14_2.png +++ b/doc/user/admin_area/analytics/img/admin_devops_adoption_v14_2.png diff --git a/doc/user/admin_area/license.md b/doc/user/admin_area/license.md index 88ae39498b5..4e97cb8e49c 100644 --- a/doc/user/admin_area/license.md +++ b/doc/user/admin_area/license.md @@ -167,7 +167,7 @@ your license. However, if you have 111, you must purchase more users before you ### There is a connectivity issue -In GitLab 14.1 and later, to activate your subscription, your GitLab instance must be connected to the internet. +In GitLab 14.1 and later, to activate your subscription, your GitLab instance must be connected to the internet. If you have an offline or airgapped environment, you can [upload a license file](license.md#activate-gitlab-ee-with-a-license-file) instead. diff --git a/doc/user/admin_area/moderate_users.md b/doc/user/admin_area/moderate_users.md index d093f0058c2..a29dbde9379 100644 --- a/doc/user/admin_area/moderate_users.md +++ b/doc/user/admin_area/moderate_users.md @@ -199,7 +199,7 @@ Users can also be activated using the [GitLab API](../../api/users.md#activate-u > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/327353) in GitLab 14.2. -GitLab administrators can ban and unban users. Banned users are blocked, and their issues are hidden. +GitLab administrators can ban and unban users. Banned users are blocked, and their issues are hidden. The banned user's comments are still displayed. Hiding a banned user's comments is [tracked in this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/327356). ### Ban a user diff --git a/doc/user/admin_area/settings/img/domain_denylist_v14_1.png b/doc/user/admin_area/settings/img/domain_denylist_v14_1.png Binary files differindex c988afd75f6..e27997fc2c2 100644 --- a/doc/user/admin_area/settings/img/domain_denylist_v14_1.png +++ b/doc/user/admin_area/settings/img/domain_denylist_v14_1.png diff --git a/doc/user/admin_area/settings/img/rate_limit_on_issues_creation_v14_2.png b/doc/user/admin_area/settings/img/rate_limit_on_issues_creation_v14_2.png Binary files differindex 63f4d5a4a1a..1a0a7548a91 100644 --- a/doc/user/admin_area/settings/img/rate_limit_on_issues_creation_v14_2.png +++ b/doc/user/admin_area/settings/img/rate_limit_on_issues_creation_v14_2.png diff --git a/doc/user/application_security/dependency_list/index.md b/doc/user/application_security/dependency_list/index.md index 1cb21d34853..5890267d629 100644 --- a/doc/user/application_security/dependency_list/index.md +++ b/doc/user/application_security/dependency_list/index.md @@ -10,7 +10,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/10075) in GitLab Ultimate 12.0. Use the dependency list to review your project's dependencies and key -details about those dependencies, including their known vulnerabilities. It is a collection of dependencies in your project, including existing and new findings. +details about those dependencies, including their known vulnerabilities. It is a collection of dependencies in your project, including existing and new findings. To see the dependency list, go to your project and select **Security & Compliance > Dependency List**. diff --git a/doc/user/application_security/img/mr_security_scanning_results_v14_3.png b/doc/user/application_security/img/mr_security_scanning_results_v14_3.png Binary files differindex 7f8faa2026e..3e0113dfb46 100644 --- a/doc/user/application_security/img/mr_security_scanning_results_v14_3.png +++ b/doc/user/application_security/img/mr_security_scanning_results_v14_3.png diff --git a/doc/user/application_security/policies/img/container_policy_rule_mode_v14_3.png b/doc/user/application_security/policies/img/container_policy_rule_mode_v14_3.png Binary files differnew file mode 100644 index 00000000000..3efa344eb59 --- /dev/null +++ b/doc/user/application_security/policies/img/container_policy_rule_mode_v14_3.png diff --git a/doc/user/application_security/policies/img/container_policy_yaml_mode_v14_3.png b/doc/user/application_security/policies/img/container_policy_yaml_mode_v14_3.png Binary files differnew file mode 100644 index 00000000000..31d5eb57228 --- /dev/null +++ b/doc/user/application_security/policies/img/container_policy_yaml_mode_v14_3.png diff --git a/doc/user/application_security/policies/img/policies_list_v14_3.png b/doc/user/application_security/policies/img/policies_list_v14_3.png Binary files differnew file mode 100644 index 00000000000..7a24860d4a7 --- /dev/null +++ b/doc/user/application_security/policies/img/policies_list_v14_3.png diff --git a/doc/user/application_security/policies/img/scan_execution_policy_yaml_mode_v14_3.png b/doc/user/application_security/policies/img/scan_execution_policy_yaml_mode_v14_3.png Binary files differnew file mode 100644 index 00000000000..d04905eda59 --- /dev/null +++ b/doc/user/application_security/policies/img/scan_execution_policy_yaml_mode_v14_3.png diff --git a/doc/user/application_security/policies/img/security_policy_project_v14_3.png b/doc/user/application_security/policies/img/security_policy_project_v14_3.png Binary files differnew file mode 100644 index 00000000000..5e3aefaeb81 --- /dev/null +++ b/doc/user/application_security/policies/img/security_policy_project_v14_3.png diff --git a/doc/user/application_security/policies/index.md b/doc/user/application_security/policies/index.md index 3d0135678b7..6f0167c64d2 100644 --- a/doc/user/application_security/policies/index.md +++ b/doc/user/application_security/policies/index.md @@ -4,57 +4,189 @@ group: Container Security info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers --- -# Scan Policies **(ULTIMATE)** +# Policies **(ULTIMATE)** -> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/5329) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.10. -> - Deployed behind a feature flag, disabled by default. -> - Disabled on GitLab.com. +> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/5329) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.10. Deployed behind a feature flag, disabled by default. +> - [Enabled on self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/321258) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 14.3. -Scan Policies in GitLab provide security teams a way to require scans of their choice to be run +FLAG: +On self-managed GitLab, by default this feature is available. To hide the feature, +ask an administrator to [disable the `security_orchestration_policies_configuration` flag](../../../administration/feature_flags.md). +On GitLab.com, this feature is not available. + +Policies in GitLab provide security teams a way to require scans of their choice to be run whenever a project pipeline runs according to the configuration specified. Security teams can therefore be confident that the scans they set up have not been changed, altered, or disabled. You -can access these by navigating to your project's **Security & Compliance > Scan Policies** page. +can access these by navigating to your project's **Security & Compliance > Policies** page. GitLab supports the following security policies: +- [Container Network Policy](#container-network-policy) - [Scan Execution Policy](#scan-execution-policy-schema) -WARNING: -Scan Policies is under development and is not ready for production use. It's deployed behind a -feature flag that's disabled by default. +## Policy management -NOTE: -We recommend using the [Security Policies project](#security-policies-project) -exclusively for managing policies for the project. Do not add your application's source code to such -projects. +The Policies page displays deployed +policies for all available environments. You can check a +policy's information (for example description, enforcement +status, etc.), and create and edit deployed policies: + +1. On the top bar, select **Menu > Projects** and find your project. +1. On the left sidebar, select **Security & Compliance > Policies**. + + + +Network policies are fetched directly from the selected environment's +deployment platform while other policies are fetched from the project's +security policy project. Changes performed outside of this tab are +reflected upon refresh. + +By default, the policy list contains predefined network policies in a +disabled state. Once enabled, a predefined policy deploys to the +selected environment's deployment platform and you can manage it like +the regular policies. + +Note that if you're using [Auto DevOps](../../../topics/autodevops/index.md) +and change a policy in this section, your `auto-deploy-values.yaml` file doesn't update. Auto DevOps +users must make changes by following the +[Container Network Policy documentation](../../../topics/autodevops/stages.md#network-policy). + +## Policy editor + +> [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/3403) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.4. + +You can use the policy editor to create, edit, and delete policies: + +1. On the top bar, select **Menu > Projects** and find your group. +1. On the left sidebar, select **Security & Compliance > Policies**. + - To create a new policy, select **New policy** which is located in the **Policies** page's header. + - To edit an existing policy, select **Edit policy** in the selected policy drawer. + +The policy editor has two modes: + +- The visual _Rule_ mode allows you to construct and preview policy + rules using rule blocks and related controls. + +  + +- YAML mode allows you to enter a policy definition in `.yaml` format + and is aimed at expert users and cases that the Rule mode doesn't + support. + +  -## Enable or disable scan policies +You can use both modes interchangeably and switch between them at any +time. If a YAML resource is incorrect or contains data not supported +by the Rule mode, Rule mode is automatically +disabled. If the YAML is incorrect, you must use YAML +mode to fix your policy before Rule mode is available again. -Scan Policies is under development and is not ready for production use. It's deployed behind a -feature flag that's disabled by default. -[GitLab administrators with access to the GitLab Rails console](../../../administration/feature_flags.md) -can enable it for your instance. Scan Policies can be enabled or disabled per-project. +## Container Network Policy -To enable it: +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/32365) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.9. -```ruby -# Instance-wide -Feature.enable(:security_orchestration_policies_configuration) -# or by project -Feature.enable(:security_orchestration_policies_configuration, Project.find(<project ID>)) +The **Container Network Policy** section provides packet flow metrics for +your application's Kubernetes namespace. This section has the following +prerequisites: + +- Your project contains at least one [environment](../../../ci/environments/index.md). +- You've [installed Cilium](../../project/clusters/protect/container_network_security/quick_start_guide.md#use-the-cluster-management-template-to-install-cilium). +- You've configured the [Prometheus service](../../project/integrations/prometheus.md#enabling-prometheus-integration). + +If you're using custom Helm values for Cilium, you must enable Hubble +with flow metrics for each namespace by adding the following lines to +your [Cilium values](../../project/clusters/protect/container_network_security/quick_start_guide.md#use-the-cluster-management-template-to-install-cilium): + +```yaml +hubble: + enabled: true + metrics: + enabled: + - 'flow:sourceContext=namespace;destinationContext=namespace' ``` -To disable it: +The **Container Network Policy** section displays the following information +about your packet flow: -```ruby -# Instance-wide -Feature.disable(:security_orchestration_policies_configuration) -# or by project -Feature.disable(:security_orchestration_policies_configuration, Project.find(<project ID>)) +- The total amount of the inbound and outbound packets +- The proportion of packets dropped according to the configured + policies +- The per-second average rate of the forwarded and dropped packets + accumulated over time window for the requested time interval + +If a significant percentage of packets is dropped, you should +investigate it for potential threats by +examining the Cilium logs: + +```shell +kubectl -n gitlab-managed-apps logs -l k8s-app=cilium -c cilium-monitor ``` +### Change the enforcement status + +To change a network policy's enforcement status: + +- Select the network policy you want to update. +- Select **Edit policy**. +- Select the **Policy status** toggle to update the selected policy. +- Select **Save changes** to deploy network policy changes. + +Disabled network policies have the `network-policy.gitlab.com/disabled_by: gitlab` selector inside +the `podSelector` block. This narrows the scope of such a policy and as a result it doesn't affect +any pods. The policy itself is still deployed to the corresponding deployment namespace. + +### Container Network Policy editor + +The policy editor only supports the [CiliumNetworkPolicy](https://docs.cilium.io/en/v1.8/policy/) +specification. Regular Kubernetes [NetworkPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#networkpolicy-v1-networking-k8s-io) +resources aren't supported. + +Rule mode supports the following rule types: + +- [Labels](https://docs.cilium.io/en/v1.8/policy/language/#labels-based). +- [Entities](https://docs.cilium.io/en/v1.8/policy/language/#entities-based). +- [IP/CIDR](https://docs.cilium.io/en/v1.8/policy/language/#ip-cidr-based). Only + the `toCIDR` block without `except` is supported. +- [DNS](https://docs.cilium.io/en/v1.8/policy/language/#dns-based). +- [Level 4](https://docs.cilium.io/en/v1.8/policy/language/#layer-4-examples) + can be added to all other rules. + +Once your policy is complete, save it by selecting **Save policy** +at the bottom of the editor. Existing policies can also be +removed from the editor interface by selecting **Delete policy** +at the bottom of the editor. + +### Configure a Network Policy Alert + +> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/3438) and [enabled by default](https://gitlab.com/gitlab-org/gitlab/-/issues/287676) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.9. +> - The feature flag was removed and the Threat Monitoring Alerts Project was [made generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/287676) in GitLab 14.0. + +You can use policy alerts to track your policy's impact. Alerts are only available if you've +[installed](../../clusters/agent/repository.md) +and [configured](../../clusters/agent/index.md#create-an-agent-record-in-gitlab) +a Kubernetes Agent for this project. + +There are two ways to create policy alerts: + +- In the [policy editor UI](#container-network-policy-editor), + by clicking **Add alert**. +- In the policy editor's YAML mode, through the `metadata.annotations` property: + + ```yaml + metadata: + annotations: + app.gitlab.com/alert: 'true' + ``` + +Once added, the UI updates and displays a warning about the dangers of too many alerts. + ## Security Policies project +NOTE: +We recommend using the [Security Policies project](#security-policies-project) +exclusively for managing policies for the project. Do not add your application's source code to such +projects. + The Security Policies feature is a repository to store policies. All security policies are stored as the `.gitlab/security-policies/policy.yml` YAML file with this format: @@ -85,6 +217,40 @@ scan_execution_policy: site_profile: Site Profile D ``` +## Security Policy project selection + +NOTE: +Only project Owners have the [permissions](../../permissions.md#project-members-permissions) +to select Security Policy Project. + +When the Security Policy project is created and policies are created within that repository, you +must create an association between that project and the project you want to apply policies to: + +1. On the top bar, select **Menu > Projects** and find your project. +1. On the left sidebar, select **Security & Compliance > Policies**. +1. Select **Edit Policy Project**, and search for and select the + project you would like to link from the dropdown menu. +1. Select **Save**. + +  + +### Scan Execution Policy editor + +NOTE: +Only project Owners have the [permissions](../../permissions.md#project-members-permissions) +to select Security Policy Project. + +Once your policy is complete, save it by selecting **Create merge request** +at the bottom of the editor. You will be redirected to the merge request on the project's +configured security policy project. If one does not link to your project, a security +policy project will be automatically created. Existing policies can also be +removed from the editor interface by selecting **Delete policy** +at the bottom of the editor. + + + +The policy editor currently only supports the YAML mode. The Rule mode is tracked in the [Allow Users to Edit Rule-mode Scan Execution Policies in the Policy UI](https://gitlab.com/groups/gitlab-org/-/epics/5363) epic. + ### Scan Execution Policies Schema The YAML file with Scan Execution Policies consists of an array of objects matching Scan Execution Policy Schema nested under the `scan_execution_policy` key. You can configure a maximum of 5 policies under the `scan_execution_policy` key. @@ -198,21 +364,6 @@ In this example: and `Site Profile D`. - Secret detection scans run for every pipeline executed on the `main` branch. -## Security Policy project selection - -When the Security Policy project is created and policies are created within that repository, you -must create an association between that project and the project you want to apply policies to. To do -this, navigate to your project's **Security & Compliance > Policies**, select -**Security policy project** from the dropdown menu, then select the **Create policy** button to save -changes. - -You can always change the **Security policy project** by navigating to your project's -**Security & Compliance > Policies** and modifying the selected project. - -NOTE: -Only project Owners have the [permissions](../../permissions.md#project-members-permissions) -to select Security Policy Project. - ## Roadmap See the [Category Direction page](https://about.gitlab.com/direction/protect/container_network_security/) diff --git a/doc/user/application_security/security_dashboard/img/pipeline_security_dashboard_v14_2.png b/doc/user/application_security/security_dashboard/img/pipeline_security_dashboard_v14_2.png Binary files differindex 3a195a5ce8d..52249cef343 100644 --- a/doc/user/application_security/security_dashboard/img/pipeline_security_dashboard_v14_2.png +++ b/doc/user/application_security/security_dashboard/img/pipeline_security_dashboard_v14_2.png diff --git a/doc/user/application_security/threat_monitoring/img/threat_monitoring_policy_alert_list_v13_12.png b/doc/user/application_security/threat_monitoring/img/threat_monitoring_policy_alert_list_v13_12.png Binary files differdeleted file mode 100644 index e165c7e6ceb..00000000000 --- a/doc/user/application_security/threat_monitoring/img/threat_monitoring_policy_alert_list_v13_12.png +++ /dev/null diff --git a/doc/user/application_security/threat_monitoring/img/threat_monitoring_policy_alert_list_v14_3.png b/doc/user/application_security/threat_monitoring/img/threat_monitoring_policy_alert_list_v14_3.png Binary files differnew file mode 100644 index 00000000000..a11a7fafc4a --- /dev/null +++ b/doc/user/application_security/threat_monitoring/img/threat_monitoring_policy_alert_list_v14_3.png diff --git a/doc/user/application_security/threat_monitoring/index.md b/doc/user/application_security/threat_monitoring/index.md index 8cecb9c5929..9b4d6d616c2 100644 --- a/doc/user/application_security/threat_monitoring/index.md +++ b/doc/user/application_security/threat_monitoring/index.md @@ -9,7 +9,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/14707) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.9. -The **Threat Monitoring** page provides metrics and policy management +The **Threat Monitoring** page provides alerts and metrics for the GitLab application runtime security features. You can access these by navigating to your project's **Security & Compliance > Threat Monitoring** page. @@ -18,153 +18,7 @@ GitLab supports statistics for the following security features: - [Container Network Policies](../../../topics/autodevops/stages.md#network-policy) -## Container Network Policy - -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/32365) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.9. - -The **Container Network Policy** section provides packet flow metrics for -your application's Kubernetes namespace. This section has the following -prerequisites: - -- Your project contains at least one [environment](../../../ci/environments/index.md) -- You've [installed Cilium](../../project/clusters/protect/container_network_security/quick_start_guide.md#use-the-cluster-management-template-to-install-cilium) -- You've configured the [Prometheus service](../../project/integrations/prometheus.md#enabling-prometheus-integration) - -If you're using custom Helm values for Cilium, you must enable Hubble -with flow metrics for each namespace by adding the following lines to -your [Cilium values](../../project/clusters/protect/container_network_security/quick_start_guide.md#use-the-cluster-management-template-to-install-cilium): - -```yaml -hubble: - enabled: true - metrics: - enabled: - - 'flow:sourceContext=namespace;destinationContext=namespace' -``` - -The **Container Network Policy** section displays the following information -about your packet flow: - -- The total amount of the inbound and outbound packets -- The proportion of packets dropped according to the configured - policies -- The per-second average rate of the forwarded and dropped packets - accumulated over time window for the requested time interval - -If a significant percentage of packets is dropped, you should -investigate it for potential threats by -examining the Cilium logs: - -```shell -kubectl -n gitlab-managed-apps logs -l k8s-app=cilium -c cilium-monitor -``` - -## Container Network Policy management - -> [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/3328) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.1. - -The **Threat Monitoring** page's **Policy** tab displays deployed -network policies for all available environments. You can check a -network policy's `yaml` manifest, its enforcement -status, and create and edit deployed policies. This section has the -following prerequisites: - -- Your project contains at least one [environment](../../../ci/environments/index.md) -- You've [installed Cilium](../../project/clusters/protect/container_network_security/quick_start_guide.md#use-the-cluster-management-template-to-install-cilium) - -Network policies are fetched directly from the selected environment's -deployment platform. Changes performed outside of this tab are -reflected upon refresh. - -By default, the network policy list contains predefined policies in a -disabled state. Once enabled, a predefined policy deploys to the -selected environment's deployment platform and you can manage it like -the regular policies. - -Note that if you're using [Auto DevOps](../../../topics/autodevops/index.md) -and change a policy in this section, your `auto-deploy-values.yaml` file doesn't update. Auto DevOps -users must make changes by following the -[Container Network Policy documentation](../../../topics/autodevops/stages.md#network-policy). - -### Changing enforcement status - -To change a network policy's enforcement status: - -- Click the network policy you want to update. -- Click the **Edit policy** button. -- Click the **Policy status** toggle to update the selected policy. -- Click the **Save changes** button to deploy network policy changes. - -Disabled network policies have the `network-policy.gitlab.com/disabled_by: gitlab` selector inside -the `podSelector` block. This narrows the scope of such a policy and as a result it doesn't affect -any pods. The policy itself is still deployed to the corresponding deployment namespace. - -### Container Network Policy editor - -> [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/3403) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.4. - -You can use the policy editor to create, edit, and delete policies. - -- To create a new policy, click the **New policy** button located in the **Policy** tab's header. -- To edit an existing policy, click **Edit policy** in the selected policy drawer. - -The policy editor only supports the [CiliumNetworkPolicy](https://docs.cilium.io/en/v1.8/policy/) -specification. Regular Kubernetes [NetworkPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#networkpolicy-v1-networking-k8s-io) -resources aren't supported. - -The policy editor has two modes: - -- The visual _Rule_ mode allows you to construct and preview policy - rules using rule blocks and related controls. -- YAML mode allows you to enter a policy definition in `.yaml` format - and is aimed at expert users and cases that the Rule mode doesn't - support. - -You can use both modes interchangeably and switch between them at any -time. If a YAML resource is incorrect, Rule mode is automatically -disabled. You must use YAML mode to fix your policy before Rule mode -is available again. - -Rule mode supports the following rule types: - -- [Labels](https://docs.cilium.io/en/v1.8/policy/language/#labels-based). -- [Entities](https://docs.cilium.io/en/v1.8/policy/language/#entities-based). -- [IP/CIDR](https://docs.cilium.io/en/v1.8/policy/language/#ip-cidr-based). Only - the `toCIDR` block without `except` is supported. -- [DNS](https://docs.cilium.io/en/v1.8/policy/language/#dns-based). -- [Level 4](https://docs.cilium.io/en/v1.8/policy/language/#layer-4-examples) - can be added to all other rules. - -Once your policy is complete, save it by pressing the **Save policy** -button at the bottom of the editor. Existing policies can also be -removed from the editor interface by clicking the **Delete policy** -button at the bottom of the editor. - -### Configuring Network Policy Alerts - -> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/3438) and [enabled by default](https://gitlab.com/gitlab-org/gitlab/-/issues/287676) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.9. -> - The feature flag was removed and the Threat Monitoring Alerts Project was [made generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/287676) in GitLab 14.0. - -You can use policy alerts to track your policy's impact. Alerts are only available if you've -[installed](../../clusters/agent/repository.md) -and [configured](../../clusters/agent/index.md#create-an-agent-record-in-gitlab) -a Kubernetes Agent for this project. - -There are two ways to create policy alerts: - -- In the [policy editor UI](#container-network-policy-editor), - by clicking **Add alert**. -- In the policy editor's YAML mode, through the `metadata.annotations` property: - - ```yaml - metadata: - annotations: - app.gitlab.com/alert: 'true' - ``` - -Once added, the UI updates and displays a warning about the dangers of too many alerts. - -### Container Network Policy Alert list +## Container Network Policy Alert list > [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/3438) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.9. @@ -184,7 +38,7 @@ the selector menu in the **Status** column to set the status for each alert: By default, the list doesn't display resolved or dismissed alerts. - + Clicking an alert's row opens the alert drawer, which shows more information about the alert. A user can also create an incident from the alert and update the alert status in the alert drawer. diff --git a/doc/user/application_security/vulnerability_report/img/group_vulnerability_report_v14_2.png b/doc/user/application_security/vulnerability_report/img/group_vulnerability_report_v14_2.png Binary files differindex 193efe9c386..44c689eda3e 100644 --- a/doc/user/application_security/vulnerability_report/img/group_vulnerability_report_v14_2.png +++ b/doc/user/application_security/vulnerability_report/img/group_vulnerability_report_v14_2.png diff --git a/doc/user/application_security/vulnerability_report/img/project_security_dashboard_status_change_v14_2.png b/doc/user/application_security/vulnerability_report/img/project_security_dashboard_status_change_v14_2.png Binary files differindex 056e051363d..a43340544ca 100644 --- a/doc/user/application_security/vulnerability_report/img/project_security_dashboard_status_change_v14_2.png +++ b/doc/user/application_security/vulnerability_report/img/project_security_dashboard_status_change_v14_2.png diff --git a/doc/user/clusters/agent/index.md b/doc/user/clusters/agent/index.md index b180432b0a0..d7a1d3b2b8f 100644 --- a/doc/user/clusters/agent/index.md +++ b/doc/user/clusters/agent/index.md @@ -20,7 +20,7 @@ tasks in a secure and cloud-native way. It enables: - Pull-based GitOps deployments. - [Inventory object](../../infrastructure/clusters/deploy/inventory_object.md) to keep track of objects applied to your cluster. - Real-time access to API endpoints in a cluster. -- Alert generation based on [Container network policy](../../application_security/threat_monitoring/index.md#container-network-policy). +- Alert generation based on [Container network policy](../../application_security/policies/index.md#container-network-policy). - [CI/CD Tunnel](ci_cd_tunnel.md) that enables users to access Kubernetes clusters from GitLab CI/CD jobs even if there is no network connectivity between GitLab Runner and a cluster. Many more features are planned. Please review [our roadmap](https://gitlab.com/groups/gitlab-org/-/epics/3329) @@ -435,8 +435,8 @@ There are several components that work in concert for the Agent to generate the - Enablement of [hubble-relay](https://docs.cilium.io/en/v1.8/concepts/overview/#hubble) on an existing installation. - One or more network policies through any of these options: - - Use the [Container Network Policy editor](../../application_security/threat_monitoring/index.md#container-network-policy-editor) to create and manage policies. - - Use an [AutoDevOps](../../application_security/threat_monitoring/index.md#container-network-policy-management) configuration. + - Use the [Container Network Policy editor](../../application_security/policies/index.md#container-network-policy-editor) to create and manage policies. + - Use an [AutoDevOps](../../application_security/policies/index.md#container-network-policy) configuration. - Add the required labels and annotations to existing network policies. - A configuration repository with [Cilium configured in `config.yaml`](repository.md#surface-network-security-alerts-from-cluster-to-gitlab) diff --git a/doc/user/clusters/migrating_from_gma_to_project_template.md b/doc/user/clusters/migrating_from_gma_to_project_template.md index 5144ddc5e06..23e8e1545e5 100644 --- a/doc/user/clusters/migrating_from_gma_to_project_template.md +++ b/doc/user/clusters/migrating_from_gma_to_project_template.md @@ -14,7 +14,7 @@ some recorded videos with [live examples](#live-examples). 1. Familiarize yourself with the [management project template](management_project_template.md). 1. Create a [new project](../project/working_with_projects.md#create-a-project), either: - From a template, selecting the **GitLab Cluster Management** project template. - - Importing the project from the URL `https://gitlab.com/gitlab-org/project-templates/cluster-management.git`. This + - Importing the project from the URL `https://gitlab.com/gitlab-org/project-templates/cluster-management.git`. This is useful if you are using GitLab Self-Managed and you want to use the latest version of the template. This is your cluster management project. diff --git a/doc/user/compliance/license_compliance/index.md b/doc/user/compliance/license_compliance/index.md index 7375e03343a..566270f3774 100644 --- a/doc/user/compliance/license_compliance/index.md +++ b/doc/user/compliance/license_compliance/index.md @@ -249,7 +249,7 @@ generate a key store file, see the License Compliance uses Java 8 by default. You can specify a different Java version using `LM_JAVA_VERSION`. -`LM_JAVA_VERSION` only accepts versions: 8, 11, 14, 15. +`LM_JAVA_VERSION` only accepts versions: 8, 11, 14, 15. ### Selecting the version of Python diff --git a/doc/user/group/devops_adoption/img/group_devops_adoption_v14_2.png b/doc/user/group/devops_adoption/img/group_devops_adoption_v14_2.png Binary files differindex 073e747153f..21e38907a10 100644 --- a/doc/user/group/devops_adoption/img/group_devops_adoption_v14_2.png +++ b/doc/user/group/devops_adoption/img/group_devops_adoption_v14_2.png diff --git a/doc/user/project/clusters/protect/container_network_security/quick_start_guide.md b/doc/user/project/clusters/protect/container_network_security/quick_start_guide.md index 62010bb7802..1940cf229b8 100644 --- a/doc/user/project/clusters/protect/container_network_security/quick_start_guide.md +++ b/doc/user/project/clusters/protect/container_network_security/quick_start_guide.md @@ -137,7 +137,7 @@ Network Policies can be managed through GitLab in one of two ways: - Management through a YAML file in each application's project (for projects using Auto DevOps). For more information, see the [Network Policy documentation](../../../../../topics/autodevops/stages.md#network-policy). - Management through the GitLab Policy management UI (for projects not using Auto DevOps). For more - information, see the [Container Network Policy documentation](../../../../application_security/threat_monitoring/index.md#container-network-policy-management) (Ultimate only). + information, see the [Container Network Policy documentation](../../../../application_security/policies/index.md#container-network-policy) (Ultimate only). Each method has benefits and drawbacks: @@ -167,7 +167,7 @@ hubble: ``` Additional information about the statistics page is available in the -[documentation that describes the Threat Management UI](../../../../application_security/threat_monitoring/index.md#container-network-policy). +[documentation that describes the Threat Management UI](../../../../application_security/policies/index.md#container-network-policy). ## Forwarding logs to a SIEM diff --git a/doc/user/project/integrations/img/zentao_product_id.png b/doc/user/project/integrations/img/zentao_product_id.png Binary files differindex b6fb8e1fb1a..a91b4c3f82d 100644 --- a/doc/user/project/integrations/img/zentao_product_id.png +++ b/doc/user/project/integrations/img/zentao_product_id.png diff --git a/doc/user/project/releases/img/deploy_freeze_v14_3.png b/doc/user/project/releases/img/deploy_freeze_v14_3.png Binary files differindex 396c8b5cbae..13580ac1576 100644 --- a/doc/user/project/releases/img/deploy_freeze_v14_3.png +++ b/doc/user/project/releases/img/deploy_freeze_v14_3.png diff --git a/doc/user/project/settings/import_export.md b/doc/user/project/settings/import_export.md index de92dbf240b..0a3e1eef64b 100644 --- a/doc/user/project/settings/import_export.md +++ b/doc/user/project/settings/import_export.md @@ -219,7 +219,7 @@ GitLab.com may have [different settings](../../gitlab_com/index.md#importexport) ## Troubleshooting -### Import workaround for large repositories +### Import workaround for large repositories [Maximum import size limitations](#import-the-project) can prevent an import from being successful. @@ -227,7 +227,7 @@ If changing the import limits is not possible, the following local workflow can be used to temporarily reduce the repository size for another import attempt. -1. Create a temporary working directory from the export: +1. Create a temporary working directory from the export: ```shell EXPORT=<filename-without-extension> diff --git a/doc/user/project/settings/project_access_tokens.md b/doc/user/project/settings/project_access_tokens.md index 8b2b22bd521..cae9276eafd 100644 --- a/doc/user/project/settings/project_access_tokens.md +++ b/doc/user/project/settings/project_access_tokens.md @@ -25,7 +25,7 @@ Project access tokens: should: - Review their security and compliance policies with regards to [user self-enrollment](../../admin_area/settings/sign_up_restrictions.md#disable-new-sign-ups). - - Consider [disabling project access tokens](#enable-or-disable-project-access-token-creation) to + - Consider [disabling project access tokens](#enable-or-disable-project-access-token-creation) to lower potential abuse. - Are also supported on GitLab SaaS Premium and above (excluding [trial licenses](https://about.gitlab.com/free-trial/).) diff --git a/doc/user/project/wiki/index.md b/doc/user/project/wiki/index.md index aac0a9e4e1f..d0a1f485fa8 100644 --- a/doc/user/project/wiki/index.md +++ b/doc/user/project/wiki/index.md @@ -46,13 +46,17 @@ for previously created wikis. ## Create the wiki home page -When a wiki is created, it is empty. On your first visit, create the landing page -users see when viewing the wiki: +When a wiki is created, it is empty. On your first visit, you can create the +home page users see when viewing the wiki. This page requires a specific title +to be used as your wiki's home page. To create it: 1. Go to your project or group and select **Wiki**. 1. Select **Create your first page**. +1. GitLab requires this first page be titled `home`. The page with this + title serves as the front page for your wiki. 1. Select a **Format** for styling your text. -1. Add a welcome message in the **Content** section. You can always edit it later. +1. Add a welcome message for your home page in the **Content** section. You can + always edit it later. 1. Add a **Commit message**. Git requires a commit message, so GitLab creates one if you don't enter one yourself. 1. Select **Create page**. diff --git a/doc/user/workspace/img/hardware_settings.png b/doc/user/workspace/img/hardware_settings.png Binary files differindex ff460918f25..919ff46f8c8 100644 --- a/doc/user/workspace/img/hardware_settings.png +++ b/doc/user/workspace/img/hardware_settings.png diff --git a/lib/api/helpers/packages/npm.rb b/lib/api/helpers/packages/npm.rb index ce5db52fdbc..4a7827c1d25 100644 --- a/lib/api/helpers/packages/npm.rb +++ b/lib/api/helpers/packages/npm.rb @@ -57,7 +57,11 @@ module API .by_path(namespace_path) next unless namespace - finder = ::Packages::Npm::PackageFinder.new(package_name, namespace: namespace) + finder = ::Packages::Npm::PackageFinder.new( + package_name, + namespace: namespace, + last_of_each_version: Feature.disabled?(:npm_finder_query_avoid_duplicated_conditions) + ) finder.last&.project_id end diff --git a/locale/gitlab.pot b/locale/gitlab.pot index a97d4bd1eb4..c4eccf1ac58 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -12853,9 +12853,6 @@ msgstr "" msgid "Environments|Deployment %{status}" msgstr "" -msgid "Environments|Dismiss" -msgstr "" - msgid "Environments|Enable review app" msgstr "" @@ -12868,9 +12865,6 @@ msgstr "" msgid "Environments|Environments are places where code gets deployed, such as staging or production." msgstr "" -msgid "Environments|Help us improve environments" -msgstr "" - msgid "Environments|Install Elastic Stack on your cluster to enable advanced querying capabilities such as full text search." msgstr "" @@ -12946,9 +12940,6 @@ msgstr "" msgid "Environments|Stopping %{environmentName}" msgstr "" -msgid "Environments|Take the survey" -msgstr "" - msgid "Environments|There was an error fetching the logs. Please try again." msgstr "" @@ -12970,9 +12961,6 @@ msgstr "" msgid "Environments|You don't have any environments right now" msgstr "" -msgid "Environments|Your feedback helps GitLab make environments better for you and other users. Participate and enter a sweepstake to win a USD 30 gift card." -msgstr "" - msgid "Environments|by %{avatar}" msgstr "" diff --git a/package.json b/package.json index 964ec8bb742..7d08beff2d5 100644 --- a/package.json +++ b/package.json @@ -55,7 +55,7 @@ "@gitlab/favicon-overlay": "2.0.0", "@gitlab/svgs": "1.211.0", "@gitlab/tributejs": "1.0.0", - "@gitlab/ui": "32.7.1", + "@gitlab/ui": "32.8.0", "@gitlab/visual-review-tools": "1.6.1", "@rails/actioncable": "6.1.3-2", "@rails/ujs": "6.1.3-2", diff --git a/spec/finders/packages/npm/package_finder_spec.rb b/spec/finders/packages/npm/package_finder_spec.rb index fba773d48cc..230d267e508 100644 --- a/spec/finders/packages/npm/package_finder_spec.rb +++ b/spec/finders/packages/npm/package_finder_spec.rb @@ -7,6 +7,7 @@ RSpec.describe ::Packages::Npm::PackageFinder do let(:project) { package.project } let(:package_name) { package.name } + let(:last_of_each_version) { true } shared_examples 'accepting a namespace for' do |example_name| before do @@ -38,6 +39,8 @@ RSpec.describe ::Packages::Npm::PackageFinder do end describe '#execute' do + subject { finder.execute } + shared_examples 'finding packages by name' do it { is_expected.to eq([package]) } @@ -56,13 +59,27 @@ RSpec.describe ::Packages::Npm::PackageFinder do end end - subject { finder.execute } + shared_examples 'handling last_of_each_version' do + include_context 'last_of_each_version setup context' + + context 'disabled' do + let(:last_of_each_version) { false } + + it { is_expected.to contain_exactly(package1, package2) } + end + + context 'enabled' do + it { is_expected.to contain_exactly(package2) } + end + end context 'with a project' do - let(:finder) { described_class.new(package_name, project: project) } + let(:finder) { described_class.new(package_name, project: project, last_of_each_version: last_of_each_version) } it_behaves_like 'finding packages by name' + it_behaves_like 'handling last_of_each_version' + context 'set to nil' do let(:project) { nil } @@ -71,10 +88,12 @@ RSpec.describe ::Packages::Npm::PackageFinder do end context 'with a namespace' do - let(:finder) { described_class.new(package_name, namespace: namespace) } + let(:finder) { described_class.new(package_name, namespace: namespace, last_of_each_version: last_of_each_version) } it_behaves_like 'accepting a namespace for', 'finding packages by name' + it_behaves_like 'accepting a namespace for', 'handling last_of_each_version' + context 'set to nil' do let_it_be(:namespace) { nil } @@ -98,16 +117,28 @@ RSpec.describe ::Packages::Npm::PackageFinder do end end + shared_examples 'handling last_of_each_version' do + include_context 'last_of_each_version setup context' + + context 'enabled' do + it { is_expected.to eq(package2) } + end + end + context 'with a project' do - let(:finder) { described_class.new(package_name, project: project) } + let(:finder) { described_class.new(package_name, project: project, last_of_each_version: last_of_each_version) } it_behaves_like 'finding packages by version' + + it_behaves_like 'handling last_of_each_version' end context 'with a namespace' do - let(:finder) { described_class.new(package_name, namespace: namespace) } + let(:finder) { described_class.new(package_name, namespace: namespace, last_of_each_version: last_of_each_version) } it_behaves_like 'accepting a namespace for', 'finding packages by version' + + it_behaves_like 'accepting a namespace for', 'handling last_of_each_version' end end @@ -118,35 +149,49 @@ RSpec.describe ::Packages::Npm::PackageFinder do it { is_expected.to eq(package) } end - shared_examples 'handling project or namespace parameter' do - context 'with a project' do - let(:finder) { described_class.new(package_name, project: project) } + shared_examples 'handling last_of_each_version' do + include_context 'last_of_each_version setup context' + + context 'disabled' do + let(:last_of_each_version) { false } + + it { is_expected.to eq(package2) } + end - it_behaves_like 'finding package by last' + context 'enabled' do + it { is_expected.to eq(package2) } end + end + + context 'with a project' do + let(:finder) { described_class.new(package_name, project: project, last_of_each_version: last_of_each_version) } - context 'with a namespace' do - let(:finder) { described_class.new(package_name, namespace: namespace) } + it_behaves_like 'finding package by last' - it_behaves_like 'accepting a namespace for', 'finding package by last' + it_behaves_like 'handling last_of_each_version' + end + + context 'with a namespace' do + let(:finder) { described_class.new(package_name, namespace: namespace) } - context 'with duplicate packages' do - let_it_be(:namespace) { create(:group) } - let_it_be(:subgroup1) { create(:group, parent: namespace) } - let_it_be(:subgroup2) { create(:group, parent: namespace) } - let_it_be(:project2) { create(:project, namespace: subgroup2) } - let_it_be(:package2) { create(:npm_package, name: package.name, project: project2) } + it_behaves_like 'accepting a namespace for', 'finding package by last' - before do - project.update!(namespace: subgroup1) - end + it_behaves_like 'accepting a namespace for', 'handling last_of_each_version' - # the most recent one is returned - it { is_expected.to eq(package2) } + context 'with duplicate packages' do + let_it_be(:namespace) { create(:group) } + let_it_be(:subgroup1) { create(:group, parent: namespace) } + let_it_be(:subgroup2) { create(:group, parent: namespace) } + let_it_be(:project2) { create(:project, namespace: subgroup2) } + let_it_be(:package2) { create(:npm_package, name: package.name, project: project2) } + + before do + project.update!(namespace: subgroup1) end + + # the most recent one is returned + it { is_expected.to eq(package2) } end end - - it_behaves_like 'handling project or namespace parameter' end end diff --git a/spec/frontend/environments/environments_app_spec.js b/spec/frontend/environments/environments_app_spec.js index afe2e4cdc63..cd05ecbfb53 100644 --- a/spec/frontend/environments/environments_app_spec.js +++ b/spec/frontend/environments/environments_app_spec.js @@ -1,4 +1,4 @@ -import { GlTabs, GlAlert } from '@gitlab/ui'; +import { GlTabs } from '@gitlab/ui'; import { mount, shallowMount } from '@vue/test-utils'; import MockAdapter from 'axios-mock-adapter'; import { extendedWrapper } from 'helpers/vue_test_utils_helper'; @@ -7,9 +7,7 @@ import DeployBoard from '~/environments/components/deploy_board.vue'; import EmptyState from '~/environments/components/empty_state.vue'; import EnableReviewAppModal from '~/environments/components/enable_review_app_modal.vue'; import EnvironmentsApp from '~/environments/components/environments_app.vue'; -import { ENVIRONMENTS_SURVEY_DISMISSED_COOKIE_NAME } from '~/environments/constants'; import axios from '~/lib/utils/axios_utils'; -import { setCookie, getCookie, removeCookie } from '~/lib/utils/common_utils'; import * as urlUtils from '~/lib/utils/url_utility'; import { environment, folder } from './mock_data'; @@ -49,7 +47,6 @@ describe('Environment', () => { const findNewEnvironmentButton = () => wrapper.findByTestId('new-environment'); const findEnvironmentsTabAvailable = () => wrapper.find('.js-environments-tab-available > a'); const findEnvironmentsTabStopped = () => wrapper.find('.js-environments-tab-stopped > a'); - const findSurveyAlert = () => wrapper.find(GlAlert); beforeEach(() => { mock = new MockAdapter(axios); @@ -282,49 +279,4 @@ describe('Environment', () => { expect(wrapper.findComponent(GlTabs).attributes('value')).toBe('1'); }); }); - - describe('survey alert', () => { - beforeEach(async () => { - mockRequest(200, { environments: [] }); - await createWrapper(true); - }); - - afterEach(() => { - removeCookie(ENVIRONMENTS_SURVEY_DISMISSED_COOKIE_NAME); - }); - - describe('when the user has not dismissed the alert', () => { - it('shows the alert', () => { - expect(findSurveyAlert().exists()).toBe(true); - }); - - describe('when the user dismisses the alert', () => { - beforeEach(() => { - findSurveyAlert().vm.$emit('dismiss'); - }); - - it('hides the alert', () => { - expect(findSurveyAlert().exists()).toBe(false); - }); - - it('persists the dismisal using a cookie', () => { - const cookieValue = getCookie(ENVIRONMENTS_SURVEY_DISMISSED_COOKIE_NAME); - - expect(cookieValue).toBe('true'); - }); - }); - }); - - describe('when the user has previously dismissed the alert', () => { - beforeEach(async () => { - setCookie(ENVIRONMENTS_SURVEY_DISMISSED_COOKIE_NAME, 'true'); - - await createWrapper(true); - }); - - it('does not show the alert', () => { - expect(findSurveyAlert().exists()).toBe(false); - }); - }); - }); }); diff --git a/spec/requests/api/npm_instance_packages_spec.rb b/spec/requests/api/npm_instance_packages_spec.rb index 698885ddcf4..90b39791bf5 100644 --- a/spec/requests/api/npm_instance_packages_spec.rb +++ b/spec/requests/api/npm_instance_packages_spec.rb @@ -10,27 +10,39 @@ RSpec.describe API::NpmInstancePackages do include_context 'npm api setup' - describe 'GET /api/v4/packages/npm/*package_name' do - it_behaves_like 'handling get metadata requests', scope: :instance do - let(:url) { api("/packages/npm/#{package_name}") } + shared_examples 'handling all endpoints' do + describe 'GET /api/v4/packages/npm/*package_name' do + it_behaves_like 'handling get metadata requests', scope: :instance do + let(:url) { api("/packages/npm/#{package_name}") } + end end - end - describe 'GET /api/v4/packages/npm/-/package/*package_name/dist-tags' do - it_behaves_like 'handling get dist tags requests', scope: :instance do - let(:url) { api("/packages/npm/-/package/#{package_name}/dist-tags") } + describe 'GET /api/v4/packages/npm/-/package/*package_name/dist-tags' do + it_behaves_like 'handling get dist tags requests', scope: :instance do + let(:url) { api("/packages/npm/-/package/#{package_name}/dist-tags") } + end + end + + describe 'PUT /api/v4/packages/npm/-/package/*package_name/dist-tags/:tag' do + it_behaves_like 'handling create dist tag requests', scope: :instance do + let(:url) { api("/packages/npm/-/package/#{package_name}/dist-tags/#{tag_name}") } + end end - end - describe 'PUT /api/v4/packages/npm/-/package/*package_name/dist-tags/:tag' do - it_behaves_like 'handling create dist tag requests', scope: :instance do - let(:url) { api("/packages/npm/-/package/#{package_name}/dist-tags/#{tag_name}") } + describe 'DELETE /api/v4/packages/npm/-/package/*package_name/dist-tags/:tag' do + it_behaves_like 'handling delete dist tag requests', scope: :instance do + let(:url) { api("/packages/npm/-/package/#{package_name}/dist-tags/#{tag_name}") } + end end end - describe 'DELETE /api/v4/packages/npm/-/package/*package_name/dist-tags/:tag' do - it_behaves_like 'handling delete dist tag requests', scope: :instance do - let(:url) { api("/packages/npm/-/package/#{package_name}/dist-tags/#{tag_name}") } + it_behaves_like 'handling all endpoints' + + context 'with npm_finder_query_avoid_duplicated_conditions disabled' do + before do + stub_feature_flags(npm_finder_query_avoid_duplicated_conditions: false) end + + it_behaves_like 'handling all endpoints' end end diff --git a/spec/support/shared_contexts/finders/packages/npm/package_finder_shared_context.rb b/spec/support/shared_contexts/finders/packages/npm/package_finder_shared_context.rb new file mode 100644 index 00000000000..a2cb9d41f45 --- /dev/null +++ b/spec/support/shared_contexts/finders/packages/npm/package_finder_shared_context.rb @@ -0,0 +1,14 @@ +# frozen_string_literal: true + +RSpec.shared_context 'last_of_each_version setup context' do + let_it_be(:package1) { create(:npm_package, name: 'test', version: '1.2.3', project: project) } + let_it_be(:package2) { create(:npm_package, name: 'test2', version: '1.2.3', project: project) } + + let(:package_name) { 'test' } + let(:version) { '1.2.3' } + + before do + # create a duplicated package without triggering model validation errors + package2.update_column(:name, 'test') + end +end diff --git a/spec/support/shared_contexts/requests/api/npm_packages_shared_context.rb b/spec/support/shared_contexts/requests/api/npm_packages_shared_context.rb index c737091df48..89f290d8d68 100644 --- a/spec/support/shared_contexts/requests/api/npm_packages_shared_context.rb +++ b/spec/support/shared_contexts/requests/api/npm_packages_shared_context.rb @@ -8,7 +8,8 @@ RSpec.shared_context 'npm api setup' do let_it_be(:group) { create(:group, name: 'test-group') } let_it_be(:namespace) { group } let_it_be(:project, reload: true) { create(:project, :public, namespace: namespace) } - let_it_be(:package, reload: true) { create(:npm_package, project: project, name: "@#{group.path}/scoped_package") } + let_it_be(:package1, reload: true) { create(:npm_package, project: project, name: "@#{group.path}/scoped_package", version: '1.2.4') } + let_it_be(:package, reload: true) { create(:npm_package, project: project, name: "@#{group.path}/scoped_package", version: '1.2.3') } let_it_be(:token) { create(:oauth_access_token, scopes: 'api', resource_owner: user) } let_it_be(:personal_access_token) { create(:personal_access_token, user: user) } let_it_be(:job, reload: true) { create(:ci_build, user: user, status: :running, project: project) } @@ -16,6 +17,11 @@ RSpec.shared_context 'npm api setup' do let_it_be(:project_deploy_token) { create(:project_deploy_token, deploy_token: deploy_token, project: project) } let(:package_name) { package.name } + + before do + # create a duplicated package without triggering model validation errors + package1.update_column(:version, '1.2.3') + end end RSpec.shared_context 'set package name from package name type' do diff --git a/yarn.lock b/yarn.lock index eae5144d50e..b5d08fe0908 100644 --- a/yarn.lock +++ b/yarn.lock @@ -974,10 +974,10 @@ resolved "https://registry.yarnpkg.com/@gitlab/tributejs/-/tributejs-1.0.0.tgz#672befa222aeffc83e7d799b0500a7a4418e59b8" integrity sha512-nmKw1+hB6MHvlmPz63yPwVs1qQkycHwsKgxpEbzmky16Y6mL4EJMk3w1b8QlOAF/AIAzjCERPhe/R4MJiohbZw== -"@gitlab/ui@32.7.1": - version "32.7.1" - resolved "https://registry.yarnpkg.com/@gitlab/ui/-/ui-32.7.1.tgz#24813d6365eb1e169b36b0b5c2b927f8ce19d62b" - integrity sha512-SYoI6wXDhQCzf4BE6g349Z/XgMHbvUJb5+uugLFN8310Gj46Ii6gKrUCQ8iungD8VbYad+ah6muOpI9Ec/k6fw== +"@gitlab/ui@32.8.0": + version "32.8.0" + resolved "https://registry.yarnpkg.com/@gitlab/ui/-/ui-32.8.0.tgz#a9f1286373ff63ca4ffdfa22daa88d7a6be01793" + integrity sha512-LKOkEWBxSiVlf6D875wmzK2jMmN+0ZC5x/MrCTOBSVeTddDKcq7TygUHl6T84kfSnumrpmDqaNnOWQh5H5JQbg== dependencies: "@babel/standalone" "^7.0.0" bootstrap-vue "2.18.1" |
