diff options
21 files changed, 238 insertions, 69 deletions
diff --git a/app/assets/javascripts/entrypoints/analytics.js b/app/assets/javascripts/entrypoints/analytics.js index e18c4bc8742..f5c61d82f64 100644 --- a/app/assets/javascripts/entrypoints/analytics.js +++ b/app/assets/javascripts/entrypoints/analytics.js @@ -13,6 +13,10 @@ if (appId && host) { performanceTiming: false, errorTracking: false, }, + pagePingTracking: { + minimumVisitLength: 10, + heartbeatDelay: 10, + }, }); const userId = window.gl?.snowplowStandardContext?.data?.user_id; diff --git a/app/assets/javascripts/packages_and_registries/container_registry/explorer/components/details_page/details_header.vue b/app/assets/javascripts/packages_and_registries/container_registry/explorer/components/details_page/details_header.vue index 75af0286e12..7fd7c0fe542 100644 --- a/app/assets/javascripts/packages_and_registries/container_registry/explorer/components/details_page/details_header.vue +++ b/app/assets/javascripts/packages_and_registries/container_registry/explorer/components/details_page/details_header.vue @@ -142,7 +142,12 @@ export default { </template> <template v-if="formattedSize" #metadata-size> - <metadata-item icon="disk" :text="formattedSize" data-testid="image-size" /> + <metadata-item + icon="disk" + :text="formattedSize" + :text-tooltip="s__('ContainerRegistry|Includes both tagged and untagged images')" + data-testid="image-size" + /> </template> <template #metadata-cleanup> diff --git a/app/assets/stylesheets/framework/top_bar.scss b/app/assets/stylesheets/framework/top_bar.scss index 424d4269c52..d4b36b82584 100644 --- a/app/assets/stylesheets/framework/top_bar.scss +++ b/app/assets/stylesheets/framework/top_bar.scss @@ -5,14 +5,16 @@ .top-bar-fixed { @include gl-inset-border-b-1-gray-100; background-color: $body-bg; - left: var(--application-bar-left); position: fixed; + left: var(--application-bar-left); right: var(--application-bar-right); top: $calc-application-bars-height; - width: auto; + width: calc(100% - var(--application-bar-left)); z-index: $top-bar-z-index; @media (prefers-reduced-motion: no-preference) { - transition: left $gl-transition-duration-medium, right $gl-transition-duration-medium; + transition: left $gl-transition-duration-medium, + right $gl-transition-duration-medium, + width $gl-transition-duration-medium; } } diff --git a/app/assets/stylesheets/page_bundles/issuable.scss b/app/assets/stylesheets/page_bundles/issuable.scss index 8b353b42f58..05563f8e314 100644 --- a/app/assets/stylesheets/page_bundles/issuable.scss +++ b/app/assets/stylesheets/page_bundles/issuable.scss @@ -105,8 +105,3 @@ @include gl-font-weight-normal; } } - -[data-page="projects:issues:show"] .top-bar-fixed, -[data-page="groups:epics:show"] .top-bar-fixed { - width: 100%; -} diff --git a/db/docs/achievements.yml b/db/docs/achievements.yml index 6f471929aea..c0aed4b81f2 100644 --- a/db/docs/achievements.yml +++ b/db/docs/achievements.yml @@ -7,4 +7,8 @@ feature_categories: description: Achievements which can be created by namespaces to award them to users introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/105871 milestone: '15.7' -gitlab_schema: gitlab_main +gitlab_schema: gitlab_main_cell +sharding_key: + namespace_id: namespaces +allow_cross_joins: + - gitlab_main_clusterwide # TODO: Exists just for example in specs diff --git a/db/docs/activity_pub_releases_subscriptions.yml b/db/docs/activity_pub_releases_subscriptions.yml index 6075847c780..9b4c574b4e7 100644 --- a/db/docs/activity_pub_releases_subscriptions.yml +++ b/db/docs/activity_pub_releases_subscriptions.yml @@ -11,3 +11,5 @@ milestone: '16.6' gitlab_schema: gitlab_main_cell sharding_key: project_id: projects +allow_cross_transactions: + - gitlab_main_clusterwide # TODO: Exists just for example in specs diff --git a/db/docs/agent_group_authorizations.yml b/db/docs/agent_group_authorizations.yml index f0d45dbdc3d..506f27778c4 100644 --- a/db/docs/agent_group_authorizations.yml +++ b/db/docs/agent_group_authorizations.yml @@ -7,4 +7,8 @@ feature_categories: description: Configuration for a group that is authorized to use a particular cluster agent introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68023 milestone: '14.3' -gitlab_schema: gitlab_main +gitlab_schema: gitlab_main_cell +sharding_key: + group_id: namespaces +allow_cross_foreign_keys: + - gitlab_main_clusterwide # TODO: Exists just for example in specs diff --git a/db/post_migrate/20240104091627_validate_foreign_key_ci_build_trace_metadata.rb b/db/post_migrate/20240104091627_validate_foreign_key_ci_build_trace_metadata.rb new file mode 100644 index 00000000000..fcf303acc41 --- /dev/null +++ b/db/post_migrate/20240104091627_validate_foreign_key_ci_build_trace_metadata.rb @@ -0,0 +1,15 @@ +# frozen_string_literal: true + +class ValidateForeignKeyCiBuildTraceMetadata < Gitlab::Database::Migration[2.2] + milestone '16.8' + + FK_NAME = :fk_21d25cac1a_p + + def up + validate_foreign_key(:ci_build_trace_metadata, [:partition_id, :trace_artifact_id], name: FK_NAME) + end + + def down + # Can be safely a no-op if we don't roll back the inconsistent data. + end +end diff --git a/db/post_migrate/20240104091858_validate_foreign_key_ci_job_artifact_state.rb b/db/post_migrate/20240104091858_validate_foreign_key_ci_job_artifact_state.rb new file mode 100644 index 00000000000..bc67558fbfb --- /dev/null +++ b/db/post_migrate/20240104091858_validate_foreign_key_ci_job_artifact_state.rb @@ -0,0 +1,15 @@ +# frozen_string_literal: true + +class ValidateForeignKeyCiJobArtifactState < Gitlab::Database::Migration[2.2] + milestone '16.8' + + FK_NAME = :fk_rails_80a9cba3b2_p + + def up + validate_foreign_key(:ci_job_artifact_states, [:partition_id, :job_artifact_id], name: FK_NAME) + end + + def down + # Can be safely a no-op if we don't roll back the inconsistent data. + end +end diff --git a/db/schema_migrations/20240104091627 b/db/schema_migrations/20240104091627 new file mode 100644 index 00000000000..c0a036c1ca1 --- /dev/null +++ b/db/schema_migrations/20240104091627 @@ -0,0 +1 @@ +90614e8c6d73455b96dc7c4652b529ffa844d704fe8e7729e97b4ac557edb423
\ No newline at end of file diff --git a/db/schema_migrations/20240104091858 b/db/schema_migrations/20240104091858 new file mode 100644 index 00000000000..157773a26b5 --- /dev/null +++ b/db/schema_migrations/20240104091858 @@ -0,0 +1 @@ +991849159d57b5bd6d0d0d671f766c715b23a8e04c3130e56e2b6a05a27f49d6
\ No newline at end of file diff --git a/db/structure.sql b/db/structure.sql index ac9141b45f1..b0bd513e601 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -37468,7 +37468,7 @@ ALTER TABLE ONLY ci_build_trace_metadata ADD CONSTRAINT fk_21d25cac1a FOREIGN KEY (trace_artifact_id) REFERENCES ci_job_artifacts(id) ON DELETE CASCADE; ALTER TABLE ONLY ci_build_trace_metadata - ADD CONSTRAINT fk_21d25cac1a_p FOREIGN KEY (partition_id, trace_artifact_id) REFERENCES ci_job_artifacts(partition_id, id) ON UPDATE CASCADE ON DELETE CASCADE NOT VALID; + ADD CONSTRAINT fk_21d25cac1a_p FOREIGN KEY (partition_id, trace_artifact_id) REFERENCES ci_job_artifacts(partition_id, id) ON UPDATE CASCADE ON DELETE CASCADE; ALTER TABLE ONLY users_star_projects ADD CONSTRAINT fk_22cd27ddfc FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE; @@ -39406,7 +39406,7 @@ ALTER TABLE ONLY ci_job_artifact_states ADD CONSTRAINT fk_rails_80a9cba3b2 FOREIGN KEY (job_artifact_id) REFERENCES ci_job_artifacts(id) ON DELETE CASCADE; ALTER TABLE ONLY ci_job_artifact_states - ADD CONSTRAINT fk_rails_80a9cba3b2_p FOREIGN KEY (partition_id, job_artifact_id) REFERENCES ci_job_artifacts(partition_id, id) ON UPDATE CASCADE ON DELETE CASCADE NOT VALID; + ADD CONSTRAINT fk_rails_80a9cba3b2_p FOREIGN KEY (partition_id, job_artifact_id) REFERENCES ci_job_artifacts(partition_id, id) ON UPDATE CASCADE ON DELETE CASCADE; ALTER TABLE ONLY approval_merge_request_rules_users ADD CONSTRAINT fk_rails_80e6801803 FOREIGN KEY (approval_merge_request_rule_id) REFERENCES approval_merge_request_rules(id) ON DELETE CASCADE; diff --git a/doc/ci/yaml/index.md b/doc/ci/yaml/index.md index 2575c78461e..35b35567d8f 100644 --- a/doc/ci/yaml/index.md +++ b/doc/ci/yaml/index.md @@ -303,7 +303,9 @@ include: A `not found or access denied` error may be displayed if the user does not have access to any of the included files. - Be careful when including another project's CI/CD configuration file. No pipelines or notifications trigger when CI/CD configuration files change. From a security perspective, this is similar to pulling a third-party dependency. For the `ref`, consider: - - Using a specific SHA hash, which should be the most stable option. + - Using a specific SHA hash, which should be the most stable option. Use the + full 40-character SHA hash to ensure the desired commit is referenced, because + using a short SHA hash for the `ref` might be ambiguous. - Applying both [protected branch](../../user/project/protected_branches.md) and [protected tag](../../user/project/protected_tags.md#prevent-tag-creation-with-the-same-name-as-branches) rules to the `ref` in the other project. Protected tags and branches are more likely to pass through change management before changing. diff --git a/doc/development/permissions/custom_roles.md b/doc/development/permissions/custom_roles.md index 9d02c0c6f39..844c3546f06 100644 --- a/doc/development/permissions/custom_roles.md +++ b/doc/development/permissions/custom_roles.md @@ -183,21 +183,17 @@ security dashboard. To add a new ability to a custom role: - Generate YAML file by running `./ee/bin/custom-ability` generator -- Add a new column to `member_roles` table, for example in [this change in merge request 114734](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/114734/diffs#diff-content-5c53d6f1c29a272a87eecea3f62d017ab6635275). -- Add the ability to the `MemberRole` model, `ALL_CUSTOMIZABLE_PERMISSIONS` hash, for example in [this change in merge request 121534](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/121534/diffs#ce5ec769500a53ce2b603467d9984fc2b33ca71d_8_8). There are following possible keys in the `ALL_CUSTOMIZABLE_PERMISSIONS` hash: - - - `description` - description of the ability. - - `minimal_level` - minimal level a user has to have in order to be able to be assigned to the ability. - - `requirement` - required ability for the ability defined in the hash, in case the requirement is `false`, the ability can not be `true`. - +- Add a new column to `member_roles` table, either manually or by running `custom_roles:code` generator, eg. by running `rails generate gitlab:custom_roles:code --ability new_ability_name`. The ability parameter is case sensitive and has to exactly match the permission name from the YAML file. - Add the ability to the respective Policy for example in [this change in merge request 114734](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/114734/diffs#diff-content-edcbe28bdecbd848d4d9efdc5b5e9bddd2a7299e). -- Update the specs. +- Update the specs. Don't forget to add a spec to `ee/spec/requests/custom_roles` - the spec template file was generated if you used the code generator Examples of merge requests adding new abilities to custom roles: - [Read code](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/106256) - [Read vulnerability](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/114734) -- [Admin vulnerability](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/121534) - this is the newest MR implementing a new custom role ability. Some changes from the previous MRs are not necessary anymore (such as a change of the Preloader query or adding a method to `User` model). +- [Admin vulnerability](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/121534) + +The above merge request don't use YAML files and code generators. Some of the changes are not needed anymore. We will update the documentation once we have a permission implemented using the generators. You should make sure a new custom roles ability is under a feature flag. @@ -222,7 +218,7 @@ To add a new custom ability: | `description` | yes | Human-readable description of the custom ability. | | `feature_category` | yes | Name of the feature category. For example, `vulnerability_management`. | | `introduced_by_issue` | yes | Issue URL that proposed the addition of this custom ability. | -| `introduced_by_mr` | yes | MR URL that added this custom ability. | +| `introduced_by_mr` | no | MR URL that added this custom ability. | | `milestone` | yes | Milestone in which this custom ability was added. | | `group_ability` | yes | Indicate whether this ability is checked on group level. | | `project_ability` | yes | Indicate whether this ability is checked on project level. | diff --git a/lib/gitlab/database/dictionary.rb b/lib/gitlab/database/dictionary.rb index 4ef392a4e44..d963d6f288e 100644 --- a/lib/gitlab/database/dictionary.rb +++ b/lib/gitlab/database/dictionary.rb @@ -3,6 +3,8 @@ module Gitlab module Database class Dictionary + ALL_SCOPES = ['', 'views', 'deleted_tables'].freeze + def self.entries(scope = '') @entries ||= {} @entries[scope] ||= Dir.glob(dictionary_path_globs(scope)).map do |file_path| @@ -12,6 +14,15 @@ module Gitlab end end + def self.any_entry(name) + ALL_SCOPES.each do |scope| + e = entry(name, scope) + return e if e + end + + nil + end + def self.entry(name, scope = '') entries(scope).find do |entry| entry.key_name == name @@ -69,6 +80,10 @@ module Gitlab data['classes'] end + def allow_cross_to_schemas(type) + data["allow_cross_#{type}"].to_a.map(&:to_sym) + end + def schema?(schema_name) gitlab_schema == schema_name.to_s end diff --git a/lib/gitlab/database/gitlab_schema_info.rb b/lib/gitlab/database/gitlab_schema_info.rb index b7ec3dfc893..36e586313a5 100644 --- a/lib/gitlab/database/gitlab_schema_info.rb +++ b/lib/gitlab/database/gitlab_schema_info.rb @@ -2,11 +2,6 @@ module Gitlab module Database - GitlabSchemaInfoAllowCross = Struct.new( - :specific_tables, - keyword_init: true - ) - GitlabSchemaInfo = Struct.new( :name, :description, @@ -20,9 +15,12 @@ module Gitlab def initialize(*) super self.name = name.to_sym - self.allow_cross_joins = convert_array_to_hash(allow_cross_joins) - self.allow_cross_transactions = convert_array_to_hash(allow_cross_transactions) - self.allow_cross_foreign_keys = convert_array_to_hash(allow_cross_foreign_keys) + self.allow_cross_joins = add_table_specific_allows( + :joins, convert_array_to_hash(allow_cross_joins)) + self.allow_cross_transactions = add_table_specific_allows( + :transactions, convert_array_to_hash(allow_cross_transactions)) + self.allow_cross_foreign_keys = add_table_specific_allows( + :foreign_keys, convert_array_to_hash(allow_cross_foreign_keys)) end def self.load_file(yaml_file) @@ -31,35 +29,37 @@ module Gitlab end def allow_cross_joins?(table_schemas, all_tables) - allowed_schemas = allow_cross_joins || {} - - allowed_for?(allowed_schemas, table_schemas, all_tables) + allowed_for?(allow_cross_joins, table_schemas, all_tables) end def allow_cross_transactions?(table_schemas, all_tables) - allowed_schemas = allow_cross_transactions || {} - - allowed_for?(allowed_schemas, table_schemas, all_tables) + allowed_for?(allow_cross_transactions, table_schemas, all_tables) end def allow_cross_foreign_keys?(table_schemas, all_tables) - allowed_schemas = allow_cross_foreign_keys || {} - - allowed_for?(allowed_schemas, table_schemas, all_tables) + allowed_for?(allow_cross_foreign_keys, table_schemas, all_tables) end private def allowed_for?(allowed_schemas, table_schemas, all_tables) + # Take all the schemas in the query and remove the current schema and all the allowed schemas. If there is + # anything left then it's not allowed. Then we even if there is nothing left we continue to verify + # `specific_tables` used in the allowed schemas. denied_schemas = table_schemas - [name] denied_schemas -= allowed_schemas.keys return false unless denied_schemas.empty? + # Additional validation for specific_tables. We should validate that if `specific_tables` is set then we will + # need all the tables to be in the the allowed specific_tables all_tables.all? do |table| table_schema = ::Gitlab::Database::GitlabSchema.table_schema!(table) allowed_tables = allowed_schemas[table_schema] - allowed_tables.nil? || allowed_tables.specific_tables.include?(table) + # If specific tables key is nil? (not present) then we assume all tables are allowed and return true Otherwise + # we check every table in the current query is in specific_tables list + allowed_tables.nil? || + allowed_tables[:specific_tables].include?(table) end end @@ -72,7 +72,7 @@ module Gitlab # # To: # { :schema_a => nil, - # :schema_b => { specific_tables : [:table_b_of_schema_b, :table_c_of_schema_b] } + # :schema_b => { specific_tables : ['table_b_of_schema_b', 'table_c_of_schema_b'] } # } # def convert_array_to_hash(subject) @@ -81,15 +81,58 @@ module Gitlab subject&.each do |item| if item.is_a?(Hash) item.each do |key, value| - result[key.to_sym] = GitlabSchemaInfoAllowCross.new(value || {}) + result[key.to_sym] = { specific_tables: value[:specific_tables].to_set } end else result[item.to_sym] = nil end end + result + end + + # This method loops over all the `db/docs` files for every table and injects any + # allow_cross_joins/allow_cross_transactions/allow_cross_foreign_keys into the specific_tables lists for the + # current schema. + def add_table_specific_allows(type, schema_allows) + result = schema_allows + all_table_allows(type).each do |schema_from, tables| + # Preserve the meaning of `nil` as defined in convert_array_to_hash as a nil value means that we allow all + # tables + next if result.key?(schema_from) && result[schema_from].nil? + + # Now we add the table to the specific_tables list because this table specifies it is allowed in this schema + result[schema_from] ||= { specific_tables: Set.new } + result[schema_from][:specific_tables] += tables + end result.freeze end + + # For the given type we iterate over all db/docs files build a Hash like: + # + # { + # gitlab_main_cell: ['table_a', 'table_b'] + # } + # + # This specifies that in the `gitlab_main_cell` schema the 'table_a` and `table_b` tables are allowing cross + # queries with the current schema + def all_table_allows(type) + @all_table_allows ||= {} + @all_table_allows[type] ||= begin + result = {} + ::Gitlab::Database::Dictionary.entries.each do |entry| + allowed_schemas = entry.allow_cross_to_schemas(type) + allowed_schemas.each do |schema| + # In the context of this GitlabSchemaInfo we only need the tables that have allowed this schema + next unless schema == name + + result[entry.gitlab_schema.to_sym] ||= [] + result[entry.gitlab_schema.to_sym] << entry.key_name + end + end + result + end + end end end end diff --git a/locale/gitlab.pot b/locale/gitlab.pot index f66d21bc1ad..ec0c1400d85 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -13473,6 +13473,9 @@ msgstr "" msgid "ContainerRegistry|Image tags" msgstr "" +msgid "ContainerRegistry|Includes both tagged and untagged images" +msgstr "" + msgid "ContainerRegistry|Invalid tag: missing manifest digest" msgstr "" diff --git a/spec/db/docs_spec.rb b/spec/db/docs_spec.rb index 03f944735a1..6f7a19fb2b1 100644 --- a/spec/db/docs_spec.rb +++ b/spec/db/docs_spec.rb @@ -17,6 +17,9 @@ RSpec.shared_examples 'validate dictionary' do |objects, directory_path, require schema_inconsistencies sharding_key desired_sharding_key + allow_cross_joins + allow_cross_transactions + allow_cross_foreign_keys ] end diff --git a/spec/frontend/packages_and_registries/container_registry/explorer/components/details_page/details_header_spec.js b/spec/frontend/packages_and_registries/container_registry/explorer/components/details_page/details_header_spec.js index 500fb0d7598..6fee0d1b825 100644 --- a/spec/frontend/packages_and_registries/container_registry/explorer/components/details_page/details_header_spec.js +++ b/spec/frontend/packages_and_registries/container_registry/explorer/components/details_page/details_header_spec.js @@ -207,6 +207,7 @@ describe('Details Header', () => { expect(findSize().props()).toMatchObject({ icon: 'disk', text: numberToHumanSize(size), + textTooltip: 'Includes both tagged and untagged images', }); }); }); diff --git a/spec/lib/gitlab/database/dictionary_spec.rb b/spec/lib/gitlab/database/dictionary_spec.rb index 261cf27ed69..59145842b24 100644 --- a/spec/lib/gitlab/database/dictionary_spec.rb +++ b/spec/lib/gitlab/database/dictionary_spec.rb @@ -24,6 +24,25 @@ RSpec.describe Gitlab::Database::Dictionary, feature_category: :database do end end + describe '.any_entry' do + it 'loads an entry from any scope' do + expect(described_class.any_entry('ci_pipelines')).to be_present # Regular table + expect(described_class.any_entry('audit_events_archived')).to be_present # Deleted table + expect(described_class.any_entry('postgres_constraints')).to be_present # View + expect(described_class.any_entry('not_a_table_ever')).to be_nil + end + end + + describe '.entry' do + it 'loads an Entry from the given scope' do + expect(described_class.entry('ci_pipelines')).to be_present # Regular table + expect(described_class.entry('audit_events_archived')).not_to be_present # Deleted table + expect(described_class.entry('postgres_constraints')).not_to be_present # Deleted table + expect(described_class.entry('audit_events_archived', 'deleted_tables')).to be_present # Deleted table + expect(described_class.entry('postgres_constraints', 'views')).to be_present # View + end + end + describe '::Entry' do subject(:database_dictionary) { described_class::Entry.new(file_path) } @@ -80,6 +99,39 @@ RSpec.describe Gitlab::Database::Dictionary, feature_category: :database do expect { database_dictionary.validate! }.to raise_error(Gitlab::Database::GitlabSchema::UnknownSchemaError) end end + + context 'with allow_cross_joins' do + let(:file_path) { 'db/docs/achievements.yml' } + + describe '#allow_cross_to_schemas' do + it 'returns the list of allowed schemas' do + expect(database_dictionary.allow_cross_to_schemas(:joins)) + .to contain_exactly(:gitlab_main_clusterwide) + end + end + end + + context 'with allow_cross_transactions' do + let(:file_path) { 'db/docs/activity_pub_releases_subscriptions.yml' } + + describe '#allow_cross_to_schemas' do + it 'returns the list of allowed schemas' do + expect(database_dictionary.allow_cross_to_schemas(:transactions)) + .to contain_exactly(:gitlab_main_clusterwide) + end + end + end + + context 'with allow_cross_foreign_keys' do + let(:file_path) { 'db/docs/agent_group_authorizations.yml' } + + describe '#allow_cross_to_schemas' do + it 'returns the list of allowed schemas' do + expect(database_dictionary.allow_cross_to_schemas(:foreign_keys)) + .to contain_exactly(:gitlab_main_clusterwide) + end + end + end end context 'for a view' do diff --git a/spec/lib/gitlab/database/gitlab_schema_spec.rb b/spec/lib/gitlab/database/gitlab_schema_spec.rb index 7fca47c707c..f716bcfcf49 100644 --- a/spec/lib/gitlab/database/gitlab_schema_spec.rb +++ b/spec/lib/gitlab/database/gitlab_schema_spec.rb @@ -217,17 +217,19 @@ RSpec.describe Gitlab::Database::GitlabSchema, feature_category: :database do describe '.cross_joins_allowed?' do where(:schemas, :tables, :result) do - %i[] | %i[] | true - %i[gitlab_main] | %i[] | true - %i[gitlab_main_clusterwide gitlab_main] | %i[] | true - %i[gitlab_main_clusterwide gitlab_ci] | %i[] | false - %i[gitlab_main_clusterwide gitlab_main gitlab_ci] | %i[] | false - %i[gitlab_main_clusterwide gitlab_internal] | %i[] | false - %i[gitlab_main gitlab_ci] | %i[] | false - %i[gitlab_main_clusterwide gitlab_main gitlab_shared] | %i[] | true - %i[gitlab_main_clusterwide gitlab_shared] | %i[] | true + %i[] | %w[] | true + %i[gitlab_main] | %w[evidences] | true + %i[gitlab_main_clusterwide gitlab_main] | %w[users evidences] | true + %i[gitlab_main_clusterwide gitlab_ci] | %w[users ci_pipelines] | false + %i[gitlab_main_clusterwide gitlab_main gitlab_ci] | %w[users evidences ci_pipelines] | false + %i[gitlab_main_clusterwide gitlab_internal] | %w[users schema_migrations] | false + %i[gitlab_main gitlab_ci] | %w[evidences schema_migrations] | false + %i[gitlab_main_clusterwide gitlab_main gitlab_shared] | %w[users evidences detached_partitions] | true + %i[gitlab_main_clusterwide gitlab_shared] | %w[users detached_partitions] | true %i[gitlab_main_clusterwide gitlab_main_cell] | %w[users namespaces] | false %i[gitlab_main_clusterwide gitlab_main_cell] | %w[plans namespaces] | true + %i[gitlab_main_clusterwide gitlab_main_cell] | %w[users achievements] | true + %i[gitlab_main_clusterwide gitlab_main_cell] | %w[users activity_pub_releases_subscriptions] | false end with_them do @@ -237,17 +239,19 @@ RSpec.describe Gitlab::Database::GitlabSchema, feature_category: :database do describe '.cross_transactions_allowed?' do where(:schemas, :tables, :result) do - %i[] | %i[] | true - %i[gitlab_main] | %i[] | true - %i[gitlab_main_clusterwide gitlab_main] | %i[] | true - %i[gitlab_main_clusterwide gitlab_ci] | %i[] | false - %i[gitlab_main_clusterwide gitlab_main gitlab_ci] | %i[] | false - %i[gitlab_main_clusterwide gitlab_internal] | %i[] | true - %i[gitlab_main gitlab_ci] | %i[] | false - %i[gitlab_main_clusterwide gitlab_main gitlab_shared] | %i[] | true - %i[gitlab_main_clusterwide gitlab_shared] | %i[] | true + %i[] | %w[] | true + %i[gitlab_main] | %w[evidences] | true + %i[gitlab_main_clusterwide gitlab_main] | %w[users evidences] | true + %i[gitlab_main_clusterwide gitlab_ci] | %w[users ci_pipelines] | false + %i[gitlab_main_clusterwide gitlab_main gitlab_ci] | %w[users evidences ci_pipelines] | false + %i[gitlab_main_clusterwide gitlab_internal] | %w[users schema_migrations] | true + %i[gitlab_main gitlab_ci] | %w[evidences ci_pipelines] | false + %i[gitlab_main_clusterwide gitlab_main gitlab_shared] | %w[users evidences detached_partitions] | true + %i[gitlab_main_clusterwide gitlab_shared] | %w[users detached_partitions] | true %i[gitlab_main_clusterwide gitlab_main_cell] | %w[users namespaces] | false %i[gitlab_main_clusterwide gitlab_main_cell] | %w[plans namespaces] | true + %i[gitlab_main_clusterwide gitlab_main_cell] | %w[users achievements] | false + %i[gitlab_main_clusterwide gitlab_main_cell] | %w[users activity_pub_releases_subscriptions] | true end with_them do @@ -257,15 +261,17 @@ RSpec.describe Gitlab::Database::GitlabSchema, feature_category: :database do describe '.cross_foreign_key_allowed?' do where(:schemas, :tables, :result) do - %i[] | %i[] | false - %i[gitlab_main] | %i[] | true - %i[gitlab_main_clusterwide gitlab_main] | %i[] | true - %i[gitlab_main_clusterwide gitlab_ci] | %i[] | false - %i[gitlab_main_clusterwide gitlab_internal] | %i[] | false - %i[gitlab_main gitlab_ci] | %i[] | false - %i[gitlab_main_clusterwide gitlab_shared] | %i[] | false + %i[] | %w[] | false + %i[gitlab_main] | %w[evidences] | true + %i[gitlab_main_clusterwide gitlab_main] | %w[users evidences] | true + %i[gitlab_main_clusterwide gitlab_ci] | %w[users ci_pipelines] | false + %i[gitlab_main_clusterwide gitlab_internal] | %w[users schema_migrations] | false + %i[gitlab_main gitlab_ci] | %w[evidences ci_pipelines] | false + %i[gitlab_main_clusterwide gitlab_shared] | %w[users detached_partitions] | false %i[gitlab_main_clusterwide gitlab_main_cell] | %w[users namespaces] | false %i[gitlab_main_clusterwide gitlab_main_cell] | %w[plans namespaces] | true + %i[gitlab_main_clusterwide gitlab_main_cell] | %w[users achievements] | false + %i[gitlab_main_clusterwide gitlab_main_cell] | %w[users agent_group_authorizations] | true end with_them do |