diff options
28 files changed, 510 insertions, 158 deletions
diff --git a/app/assets/javascripts/graphql_shared/issuable_client.js b/app/assets/javascripts/graphql_shared/issuable_client.js index 0d911c497ff..8e19de9f7c2 100644 --- a/app/assets/javascripts/graphql_shared/issuable_client.js +++ b/app/assets/javascripts/graphql_shared/issuable_client.js @@ -160,7 +160,7 @@ export const config = { }, EpicConnection: { merge(existing = { nodes: [] }, incoming, { args }) { - if (!args.after) { + if (!args?.after) { return incoming; } return { diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index 49230e558a8..892b046e410 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -295,10 +295,6 @@ module ApplicationHelper end end - def truncate_first_line(message, length = 50) - truncate(message.each_line.first.chomp, length: length) if message - end - # While similarly named to Rails's `link_to_if`, this method behaves quite differently. # If `condition` is truthy, a link will be returned with the result of the block # as its body. If `condition` is falsy, only the result of the block will be returned. diff --git a/app/models/ci/pipeline_variable.rb b/app/models/ci/pipeline_variable.rb index b1831e365b1..4fddb3e053e 100644 --- a/app/models/ci/pipeline_variable.rb +++ b/app/models/ci/pipeline_variable.rb @@ -5,9 +5,6 @@ module Ci include Ci::Partitionable include Ci::HasVariable include Ci::RawVariable - include IgnorableColumns - - ignore_column :pipeline_id_convert_to_bigint, remove_with: '16.5', remove_after: '2023-10-22' belongs_to :pipeline diff --git a/app/models/concerns/integrations/has_issue_tracker_fields.rb b/app/models/concerns/integrations/has_issue_tracker_fields.rb index 223191fb963..3ce1dd36a5e 100644 --- a/app/models/concerns/integrations/has_issue_tracker_fields.rb +++ b/app/models/concerns/integrations/has_issue_tracker_fields.rb @@ -10,16 +10,16 @@ module Integrations field :project_url, required: true, title: -> { _('Project URL') }, - help: -> do - s_('IssueTracker|The URL to the project in the external issue tracker.') - end + description: -> { s_('URL of the project.') }, + help: -> { s_('IssueTracker|URL of the project in the external issue tracker.') } field :issues_url, required: true, title: -> { s_('IssueTracker|Issue URL') }, + description: -> { s_('URL of the issue.') }, help: -> do ERB::Util.html_escape( - s_('IssueTracker|The URL to view an issue in the external issue tracker. Must contain %{colon_id}.') + s_('IssueTracker|URL to view an issue in the external issue tracker. Must contain %{colon_id}.') ) % { colon_id: '<code>:id</code>'.html_safe } @@ -28,9 +28,8 @@ module Integrations field :new_issue_url, required: true, title: -> { s_('IssueTracker|New issue URL') }, - help: -> do - s_('IssueTracker|The URL to create an issue in the external issue tracker.') - end + description: -> { s_('URL of the new issue.') }, + help: -> { s_('IssueTracker|URL to create an issue in the external issue tracker.') } end end end diff --git a/app/models/integrations/clickup.rb b/app/models/integrations/clickup.rb index 25287b53300..1737aa7ff61 100644 --- a/app/models/integrations/clickup.rb +++ b/app/models/integrations/clickup.rb @@ -32,8 +32,8 @@ module Integrations 'clickup' end - def fields - super.select { _1.name.in?(%w[project_url issues_url]) } + def self.fields + super.select { %w[project_url issues_url].include?(_1.name) } end end end diff --git a/app/models/integrations/youtrack.rb b/app/models/integrations/youtrack.rb index 932e588a829..4d825adb961 100644 --- a/app/models/integrations/youtrack.rb +++ b/app/models/integrations/youtrack.rb @@ -31,8 +31,8 @@ module Integrations 'youtrack' end - def fields - super.select { _1.name.in?(%w[project_url issues_url]) } + def self.fields + super.select { %w[project_url issues_url].include?(_1.name) } end end end diff --git a/app/presenters/projects/security/configuration_presenter.rb b/app/presenters/projects/security/configuration_presenter.rb index a0d731f0ccf..244f36f627d 100644 --- a/app/presenters/projects/security/configuration_presenter.rb +++ b/app/presenters/projects/security/configuration_presenter.rb @@ -85,7 +85,8 @@ module Projects available: scan.available?, can_enable_by_merge_request: scan.can_enable_by_merge_request?, meta_info_path: scan.meta_info_path, - on_demand_available: scan.on_demand_available? + on_demand_available: scan.on_demand_available?, + security_features: scan.security_features } end diff --git a/db/docs/batched_background_migrations/backfill_user_preferences_with_defaults.yml b/db/docs/batched_background_migrations/backfill_user_preferences_with_defaults.yml index b95527cc32c..30043317d4c 100644 --- a/db/docs/batched_background_migrations/backfill_user_preferences_with_defaults.yml +++ b/db/docs/batched_background_migrations/backfill_user_preferences_with_defaults.yml @@ -4,3 +4,4 @@ description: Backfills the user_preferences table columns with their default val feature_category: user_profile introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/125774 milestone: '16.4' +finalized_by: '20231219075929' diff --git a/db/docs/batched_background_migrations/backfill_users_with_defaults.yml b/db/docs/batched_background_migrations/backfill_users_with_defaults.yml index 6faa1fbf655..a288dc410a3 100644 --- a/db/docs/batched_background_migrations/backfill_users_with_defaults.yml +++ b/db/docs/batched_background_migrations/backfill_users_with_defaults.yml @@ -4,3 +4,4 @@ description: Backfills the users table columns with their default values feature_category: user_profile introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/125881 milestone: '16.4' +finalized_by: '20231219075928' diff --git a/db/post_migrate/20231219075928_finalize_backfill_users_with_defaults.rb b/db/post_migrate/20231219075928_finalize_backfill_users_with_defaults.rb new file mode 100644 index 00000000000..373ea1faaa9 --- /dev/null +++ b/db/post_migrate/20231219075928_finalize_backfill_users_with_defaults.rb @@ -0,0 +1,22 @@ +# frozen_string_literal: true + +class FinalizeBackfillUsersWithDefaults < Gitlab::Database::Migration[2.2] + milestone '16.8' + disable_ddl_transaction! + restrict_gitlab_migration gitlab_schema: :gitlab_main + + MIGRATION = "BackfillUsersWithDefaults" + + def up + ensure_batched_background_migration_is_finished( + job_class_name: MIGRATION, + table_name: 'users', + column_name: 'id', + job_arguments: [] + ) + end + + def down + # no-op + end +end diff --git a/db/post_migrate/20231219075929_finalize_backfill_user_preferences_with_defaults.rb b/db/post_migrate/20231219075929_finalize_backfill_user_preferences_with_defaults.rb new file mode 100644 index 00000000000..fb10385ad20 --- /dev/null +++ b/db/post_migrate/20231219075929_finalize_backfill_user_preferences_with_defaults.rb @@ -0,0 +1,22 @@ +# frozen_string_literal: true + +class FinalizeBackfillUserPreferencesWithDefaults < Gitlab::Database::Migration[2.2] + milestone '16.8' + disable_ddl_transaction! + restrict_gitlab_migration gitlab_schema: :gitlab_main + + MIGRATION = "BackfillUserPreferencesWithDefaults" + + def up + ensure_batched_background_migration_is_finished( + job_class_name: MIGRATION, + table_name: 'user_preferences', + column_name: 'id', + job_arguments: [] + ) + end + + def down + # no-op + end +end diff --git a/db/post_migrate/20231222051050_add_search_vector_index_to_catalog_resources.rb b/db/post_migrate/20231222051050_add_search_vector_index_to_catalog_resources.rb new file mode 100644 index 00000000000..036aadbe10f --- /dev/null +++ b/db/post_migrate/20231222051050_add_search_vector_index_to_catalog_resources.rb @@ -0,0 +1,21 @@ +# frozen_string_literal: true + +class AddSearchVectorIndexToCatalogResources < Gitlab::Database::Migration[2.2] + disable_ddl_transaction! + milestone '16.8' + + INDEX_NAME = 'index_catalog_resources_on_search_vector_triagram' + + def up + disable_statement_timeout do + execute <<-SQL + CREATE INDEX CONCURRENTLY IF NOT EXISTS #{INDEX_NAME} ON catalog_resources + USING GIN (search_vector); + SQL + end + end + + def down + remove_concurrent_index_by_name :catalog_resources, name: INDEX_NAME + end +end diff --git a/db/schema_migrations/20231219075928 b/db/schema_migrations/20231219075928 new file mode 100644 index 00000000000..757bf662643 --- /dev/null +++ b/db/schema_migrations/20231219075928 @@ -0,0 +1 @@ +0d77fa753395582bb945114b4eaab0526b1cb13ee7b950f15f54321f3bac5429
\ No newline at end of file diff --git a/db/schema_migrations/20231219075929 b/db/schema_migrations/20231219075929 new file mode 100644 index 00000000000..60873b5661b --- /dev/null +++ b/db/schema_migrations/20231219075929 @@ -0,0 +1 @@ +874081aece1c10b0bd12ddfe0c51eef8426dc60d79f008b803126a357029baa5
\ No newline at end of file diff --git a/db/schema_migrations/20231222051050 b/db/schema_migrations/20231222051050 new file mode 100644 index 00000000000..9b94b45c2fd --- /dev/null +++ b/db/schema_migrations/20231222051050 @@ -0,0 +1 @@ +b99645404537df761bcb4deb8c4f9745c6b54eec3a27b346ccc2a1a44c46f93d
\ No newline at end of file diff --git a/db/structure.sql b/db/structure.sql index e9d4956562b..1720cf79e29 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -32124,6 +32124,8 @@ CREATE INDEX index_catalog_resource_versions_on_resource_id_and_released_at ON c CREATE UNIQUE INDEX index_catalog_resources_on_project_id ON catalog_resources USING btree (project_id); +CREATE INDEX index_catalog_resources_on_search_vector_triagram ON catalog_resources USING gin (search_vector); + CREATE INDEX index_catalog_resources_on_state ON catalog_resources USING btree (state); CREATE INDEX index_chat_names_on_team_id_and_chat_id ON chat_names USING btree (team_id, chat_id); diff --git a/doc/administration/settings/scim_setup.md b/doc/administration/settings/scim_setup.md index 52061150fa7..2e1b40d58b8 100644 --- a/doc/administration/settings/scim_setup.md +++ b/doc/administration/settings/scim_setup.md @@ -33,6 +33,51 @@ To configure GitLab SCIM: - Token from the **Your SCIM token** field. - URL from the **SCIM API endpoint URL** field. +## Configure an identity provider + +You can configure the following as an identity provider: + +- [Okta](#configure-okta). + +NOTE: +Other identity providers can work with GitLab but they have not been tested and are not supported. You should contact the provider for support. GitLab support can assist by reviewing related log entries. + +### Configure Okta + +The SAML application created during [single sign-on](index.md) set up for Okta must be set up for SCIM. + +Prerequisites: + +- You must use the [Okta Lifecycle Management](https://www.okta.com/products/lifecycle-management/) product. This + product tier is required to use SCIM on Okta. +- [GitLab is configured](#configure-gitlab) for SCIM. +- The SAML application for [Okta](https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/) set up as + described in the [Okta setup notes](../../integration/saml.md#set-up-okta). +- Your Okta SAML setup matches the [configuration steps](index.md), especially the NameID configuration. + +To configure Okta for SCIM: + +1. Sign in to Okta. +1. In the upper-right corner, select **Admin**. The button is not visible from the Admin Area. +1. In the **Application** tab, select **Browse App Catalog**. +1. Find and select the **GitLab** application. +1. On the GitLab application overview page, select **Add Integration**. +1. Under **Application Visibility**, select both checkboxes. The GitLab application does not support SAML + authentication so the icon should not be shown to users. +1. Select **Done** to finish adding the application. +1. In the **Provisioning** tab, select **Configure API integration**. +1. Select **Enable API integration**. + - For **Base URL**, paste the URL you copied from **SCIM API endpoint URL** on the GitLab SCIM configuration page. + - For **API Token**, paste the SCIM token you copied from **Your SCIM token** on the GitLab SCIM + configuration page. +1. To verify the configuration, select **Test API Credentials**. +1. Select **Save**. +1. After saving the API integration details, new settings tabs appear on the left. Select **To App**. +1. Select **Edit**. +1. Select the **Enable** checkbox for both **Create Users** and **Deactivate Users**. +1. Select **Save**. +1. Assign users in the **Assignments** tab. Assigned users are created and managed in your GitLab group. + ## Remove access Removing or deactivating a user on the identity provider blocks the user on diff --git a/doc/api/integrations.md b/doc/api/integrations.md index 0abf155133e..92cbaaab0b5 100644 --- a/doc/api/integrations.md +++ b/doc/api/integrations.md @@ -232,9 +232,9 @@ Parameters: | Parameter | Type | Required | Description | | --------- | ---- | -------- | ----------- | -| `new_issue_url` | string | true | New issue URL. | -| `issues_url` | string | true | Issue URL. | -| `project_url` | string | true | Project URL. | +| `new_issue_url` | string | true | URL of the new issue. | +| `issues_url` | string | true | URL of the issue. | +| `project_url` | string | true | URL of the project. | ### Disable Bugzilla @@ -339,8 +339,8 @@ Parameters: | Parameter | Type | Required | Description | | ------------- | ------ | -------- | -------------- | -| `issues_url` | string | true | Issue URL. | -| `project_url` | string | true | Project URL. | +| `issues_url` | string | true | URL of the issue. | +| `project_url` | string | true | URL of the project. | ### Disable ClickUp @@ -404,9 +404,9 @@ Parameters: | Parameter | Type | Required | Description | | --------- | ---- | -------- | ----------- | -| `new_issue_url` | string | true | New issue URL. | -| `issues_url` | string | true | Issue URL. | -| `project_url` | string | true | Project URL. | +| `new_issue_url` | string | true | URL of the new issue. | +| `issues_url` | string | true | URL of the issue. | +| `project_url` | string | true | URL of the project. | ### Disable a custom issue tracker @@ -610,9 +610,9 @@ Parameters: | Parameter | Type | Required | Description | | --------- | ---- | -------- | ----------- | -| `new_issue_url` | string | true | The URL to create an issue in EWM. | -| `project_url` | string | true | The URL to the project in EWM. | -| `issues_url` | string | true | The URL to view an issue in EWM. Must contain `:id`. | +| `new_issue_url` | string | true | URL of the new issue. | +| `project_url` | string | true | URL of the project. | +| `issues_url` | string | true | URL of the issue. | ### Disable EWM @@ -1364,9 +1364,9 @@ Parameters: | Parameter | Type | Required | Description | | --------- | ---- | -------- | ----------- | -| `new_issue_url` | string | true | New issue URL. | -| `project_url` | string | true | Project URL. | -| `issues_url` | string | true | Issue URL. | +| `new_issue_url` | string | true | URL of the new issue. | +| `project_url` | string | true | URL of the project. | +| `issues_url` | string | true | URL of the issue. | ### Disable Redmine @@ -1620,8 +1620,8 @@ Parameters: | Parameter | Type | Required | Description | | --------- | ---- | -------- | ----------- | -| `issues_url` | string | true | Issue URL. | -| `project_url` | string | true | Project URL. | +| `issues_url` | string | true | URL of the issue. | +| `project_url` | string | true | URL of the project. | ### Disable YouTrack diff --git a/doc/api/users.md b/doc/api/users.md index 31fe6234ad2..83947f63384 100644 --- a/doc/api/users.md +++ b/doc/api/users.md @@ -25,8 +25,6 @@ GET /users | Attribute | Type | Required | Description | | ------------------ | ------- | -------- | ---------------------------------------------------------------------------------------------------------------------- | | `username` | string | no | Get a single user with a specific username. | -| `extern_uid` | string | no | Get a single user with a specific external authentication provider UID. | -| `provider` | string | no | The external provider. | | `search` | string | no | Search for a username. | | `active` | boolean | no | Filters only active users. Default is `false`. | | `external` | boolean | no | Filters only external users. Default is `false`. | @@ -146,6 +144,8 @@ You can use all [parameters available for everyone](#for-non-administrator-users | Attribute | Type | Required | Description | | ------------------ | ------- | -------- | --------------------------------------------------------------------------------------------------------------------- | +| `extern_uid` | string | no | Get a single user with a specific external authentication provider UID. | +| `provider` | string | no | The external provider. | | `order_by` | string | no | Return users ordered by `id`, `name`, `username`, `created_at`, or `updated_at` fields. Default is `id` | | `sort` | string | no | Return users sorted in `asc` or `desc` order. Default is `desc` | | `two_factor` | string | no | Filter users by Two-factor authentication. Filter values are `enabled` or `disabled`. By default it returns all users | diff --git a/doc/development/cicd/configuration.md b/doc/development/cicd/configuration.md new file mode 100644 index 00000000000..903a3d63e8c --- /dev/null +++ b/doc/development/cicd/configuration.md @@ -0,0 +1,100 @@ +--- +stage: Verify +group: Pipeline Authoring +info: Any user with at least the Maintainer role can merge updates to this content. For details, see https://docs.gitlab.com/ee/development/development_processes.html#development-guidelines-review. +--- + +# Contribute to the CI/CD configuration + +## Glossary + +- **CI/CD configuration**: The YAML file that defines the CI/CD configuration for a project. +- **keyword**: Each keyword in the CI/CD configuration. +- **entry**: An `Entry` class that represents a keyword in the CI/CD configuration. + +Not every keyword in the CI/CD configuration is represented by an `Entry` class. +We create `Entry` classes for keywords that have a complex structure or reusable parts. + +For example; + +- The `image` keyword is represented by the [`Entry::Image`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/config/entry/image.rb) class. +- The `name` subkeyword of the `image` keyword is not represented by an `Entry` class. +- The `pull_policy` subkeyword of the `image` keyword is represented by the [`Entry::PullPolicy`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/config/entry/pull_policy.rb) class. + +## Adding New Keywords + +CI config keywords are added in the [`lib/gitlab/ci/config/entry`](https://gitlab.com/gitlab-org/gitlab/-/tree/master/lib/gitlab/ci/config/entry) directory. +For EE-specific changes, use the [`ee/lib/gitlab/ci/config/entry`](https://gitlab.com/gitlab-org/gitlab/-/tree/master/ee/lib/gitlab/ci/config/entry) +or [`ee/lib/ee/gitlab/ci/config/entry`](https://gitlab.com/gitlab-org/gitlab/-/tree/master/ee/lib/ee/gitlab/ci/config/entry) directory. + +### Inheritance + +An entry is represented by a class that inherits from; + +- `Entry::Node`: for simple keywords. +(e.g. [`Entry::Stage`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/config/entry/stage.rb)) +- `Entry::Simplifiable`: for keywords that have multiple structures. +For example, [`Entry::Retry`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/config/entry/retry.rb) can be a simple number or a hash configuration. +- `Entry::ComposableArray`: for keywords that have a list of single-type sub-elements. +For example, [`Entry::Includes`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/config/entry/includes.rb) has a list of `Entry::Include` elements. +- `Entry::ComposableHash`: for keywords that have single-type sub-elements with user-defined keys. +For example, [`Entry::Variables`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/config/entry/variables.rb) has a list of `Entry::Variable` elements with user-defined keys. + +### Helper Classes + +The following helper classes are available for use in entries: + +- `Entry::Validatable`: Enables the `validations` block in an entry class and provides validations. +- `Entry::Attributable`: Enables the `attributes` method in an entry class. It creates these methods for each attribute; `xxx`, `has_xxx?`, `has_xxx_value?`. +- `Entry::Configurable`: Enables the `entry` method in an entry class. It creates these methods for each entry; `xxx_defined?`, `xxx_entry`, `xxx_value`. + +### The `value` Method + +The `value` method is the main method of an entry class. It returns the actual value of the entry. +By default, from the `Entry::Node` class, the `value` method returns the hash configuration of the entry unless it has nested entries. +It can be useful for simple entries. For example, `Entry::Paths` has an array of strings as its value. So, it can return the array of strings directly. + +In some keywords, we override the `value` method. In this method, we return what and how we want to return from the entry. +The usage of `Entry::Attributable` and `Entry::Configurable` may have a significant role here. For example, +in `Entry::Secret`, we have this; + +```ruby +attributes %i[vault file token].freeze + +entry :vault, Entry::Vault::Secret +entry :file, ::Gitlab::Config::Entry::Boolean + +def value + { + vault: vault_value, + file: file_value, + token: token + }.compact +end +``` + +- `vault_value` is the value of the nested `vault` entry. +- `file_value` is the value of the nested `file` entry. +- `token` is the value of the basic `token` attribute. + +**It is important** that we should always use the `xxx_value` method to get the value of a nested entry. + +## Feature Flag Usage + +When adding new CI/CD configuration keywords, it is important to use feature flags to control the rollout of the change. +This allows us to test the change in production without affecting all users. For more information, see the [feature flags documentation](../feature_flags/index.md). + +### Feature Flag Actor + +In entry classes, we have no access to the current project or user. However, it's discouraged to use feature flags without [an actor](../feature_flags/index.md#feature-actors). +To solve this problem, we have three options; + +1. Use `Feature.enabled?(:feature_flag, Feature.current_request)`. +1. Use `YamlProcessor::FeatureFlags.enabled?(:feature_flag)` +1. Do not use feature flags in entry classes and use them in other parts of the code. + +## Testing and Validation + +When adding or modifying an entry, the corresponding spec file must be either added or updated. +Besides, to have a fully integrated test, it's also important to add/modify tests in the `spec/lib/gitlab/ci/yaml_processor_spec.rb` file or +the files in `spec/lib/gitlab/ci/yaml_processor/test_cases/*` directory. diff --git a/doc/development/cicd/index.md b/doc/development/cicd/index.md index 18781f9315a..693ef6817ee 100644 --- a/doc/development/cicd/index.md +++ b/doc/development/cicd/index.md @@ -9,7 +9,9 @@ info: Any user with at least the Maintainer role can merge updates to this conte Development guides that are specific to CI/CD are listed here: - If you are creating new CI/CD templates, read [the development guide for GitLab CI/CD templates](templates.md). -- If you are adding a new keyword or changing the CI schema, check the [CI schema guide](schema.md) +- If you are adding a new keyword or changing the CI schema, refer to the following guides: + - [The CI configuration guide](configuration.md) + - [The CI schema guide](schema.md) See the [CI/CD YAML reference documentation guide](cicd_reference_documentation_guide.md) to learn how to update the [reference page](../../ci/yaml/index.md). diff --git a/doc/user/project/repository/code_suggestions/self_managed.md b/doc/user/project/repository/code_suggestions/self_managed.md index d0218c87ab0..f16b1b05abb 100644 --- a/doc/user/project/repository/code_suggestions/self_managed.md +++ b/doc/user/project/repository/code_suggestions/self_managed.md @@ -109,6 +109,8 @@ This setting is visible only in self-managed GitLab instances. WARNING: If you clear the **Turn on Code Suggestions for this instance** checkbox, the users in your instance can still use Code Suggestions for up to one hour, until the issued JSON web token (JWT) expires. +::EndTabs + ### Request access to Code Suggestions GitLab provisions access on a customer-by-customer basis for Code Suggestions @@ -150,8 +152,6 @@ You must [manually synchronize your subscription](../../../../subscriptions/self Without the manual synchronization, it might take up to 24 hours to active Code Suggestions on your instance. -::EndTabs - ## Use Code Suggestions Prerequisites: diff --git a/lib/api/helpers/integrations_helpers.rb b/lib/api/helpers/integrations_helpers.rb index 53a7fc24052..eebf7009b6d 100644 --- a/lib/api/helpers/integrations_helpers.rb +++ b/lib/api/helpers/integrations_helpers.rb @@ -130,26 +130,7 @@ module API 'asana' => ::Integrations::Asana.api_fields, 'assembla' => ::Integrations::Assembla.api_fields, 'bamboo' => ::Integrations::Bamboo.api_fields, - 'bugzilla' => [ - { - required: true, - name: :new_issue_url, - type: String, - desc: 'New issue URL' - }, - { - required: true, - name: :issues_url, - type: String, - desc: 'Issues URL' - }, - { - required: true, - name: :project_url, - type: String, - desc: 'Project URL' - } - ], + 'bugzilla' => ::Integrations::Bugzilla.api_fields, 'buildkite' => [ { required: true, @@ -191,26 +172,7 @@ module API } ], 'confluence' => ::Integrations::Confluence.api_fields, - 'custom-issue-tracker' => [ - { - required: true, - name: :new_issue_url, - type: String, - desc: 'New issue URL' - }, - { - required: true, - name: :issues_url, - type: String, - desc: 'Issues URL' - }, - { - required: true, - name: :project_url, - type: String, - desc: 'Project URL' - } - ], + 'custom-issue-tracker' => ::Integrations::CustomIssueTracker.api_fields, 'datadog' => [ { required: true, @@ -634,74 +596,10 @@ module API desc: 'The sound of the notification' } ], - 'redmine' => [ - { - required: true, - name: :new_issue_url, - type: String, - desc: 'The new issue URL' - }, - { - required: true, - name: :project_url, - type: String, - desc: 'The project URL' - }, - { - required: true, - name: :issues_url, - type: String, - desc: 'The issues URL' - } - ], - 'ewm' => [ - { - required: true, - name: :new_issue_url, - type: String, - desc: 'New Issue URL' - }, - { - required: true, - name: :project_url, - type: String, - desc: 'Project URL' - }, - { - required: true, - name: :issues_url, - type: String, - desc: 'Issues URL' - } - ], - 'youtrack' => [ - { - required: true, - name: :project_url, - type: String, - desc: 'The project URL' - }, - { - required: true, - name: :issues_url, - type: String, - desc: 'The issues URL' - } - ], - 'clickup' => [ - { - required: true, - name: :project_url, - type: String, - desc: 'The project URL' - }, - { - required: true, - name: :issues_url, - type: String, - desc: 'The issues URL' - } - ], + 'redmine' => ::Integrations::Redmine.api_fields, + 'ewm' => ::Integrations::Ewm.api_fields, + 'youtrack' => ::Integrations::Youtrack.api_fields, + 'clickup' => ::Integrations::Clickup.api_fields, 'slack' => [ chat_notification_settings, chat_notification_flags, diff --git a/lib/gitlab/security/features.rb b/lib/gitlab/security/features.rb new file mode 100644 index 00000000000..5eb54ee567c --- /dev/null +++ b/lib/gitlab/security/features.rb @@ -0,0 +1,134 @@ +# frozen_string_literal: true + +module Gitlab + module Security + class Features + # rubocop: disable Metrics/AbcSize -- Generate dynamic translation as per + # https://docs.gitlab.com/ee/development/i18n/externalization.html#keep-translations-dynamic + def self.data + { + sast: { + name: _('Static Application Security Testing (SAST)'), + short_name: _('SAST'), + description: _('Analyze your source code for known vulnerabilities.'), + help_path: Gitlab::Routing.url_helpers.help_page_path('user/application_security/sast/index'), + config_help_path: Gitlab::Routing.url_helpers.help_page_path('user/application_security/sast/index', + anchor: 'configuration'), + type: 'sast' + }, + sast_iac: { + name: _('Infrastructure as Code (IaC) Scanning'), + short_name: _('ciReport|SAST IaC'), + description: _('Analyze your infrastructure as code configuration files for known vulnerabilities.'), + help_path: Gitlab::Routing.url_helpers.help_page_path('user/application_security/iac_scanning/index'), + config_help_path: Gitlab::Routing.url_helpers.help_page_path( + 'user/application_security/iac_scanning/index', + anchor: 'configuration'), + type: 'sast_iac' + }, + dast: { + badge: { + text: _('Available on demand'), + tooltip_text: _( + 'On-demand scans run outside of the DevOps cycle and find vulnerabilities in your projects'), + variant: 'info' + }, + secondary: { + type: 'dast_profiles', + name: _('DAST profiles'), + description: _('SecurityConfiguration|Manage profiles for use by DAST scans.'), + configuration_text: _('SecurityConfiguration|Manage profiles') + }, + name: _('Dynamic Application Security Testing (DAST)'), + short_name: _('ciReport|DAST'), + description: _('ciReport|Analyze a deployed version of your web application for known vulnerabilities by ' \ + 'examining it from the outside in. DAST works by simulating external attacks ' \ + 'on your application while it is running.'), + help_path: Gitlab::Routing.url_helpers.help_page_path('user/application_security/dast/index'), + config_help_path: Gitlab::Routing.url_helpers.help_page_path('user/application_security/dast/index', + anchor: 'enable-automatic-dast-run'), + type: 'dast', + anchor: 'dast' + }, + dependency_scanning: { + name: _('Dependency Scanning'), + description: _('Analyze your dependencies for known vulnerabilities.'), + help_path: Gitlab::Routing.url_helpers.help_page_path( + 'user/application_security/dependency_scanning/index'), + config_help_path: Gitlab::Routing.url_helpers.help_page_path( + 'user/application_security/dependency_scanning/index', anchor: 'configuration'), + type: 'dependency_scanning', + anchor: 'dependency-scanning' + }, + container_scanning: { + name: _('Container Scanning'), + description: _('Check your Docker images for known vulnerabilities.'), + help_path: Gitlab::Routing.url_helpers.help_page_path( + 'user/application_security/container_scanning/index'), + config_help_path: Gitlab::Routing.url_helpers.help_page_path( + 'user/application_security/container_scanning/index', anchor: 'configuration'), + type: 'container_scanning' + }, + secret_detection: { + name: _('Secret Detection'), + description: _('Analyze your source code and git history for secrets.'), + help_path: Gitlab::Routing.url_helpers.help_page_path( + 'user/application_security/secret_detection/index'), + config_help_path: Gitlab::Routing.url_helpers.help_page_path( + 'user/application_security/secret_detection/index', anchor: 'configuration'), + type: 'secret_detection' + }, + api_fuzzing: { + name: _('API Fuzzing'), + description: _('Find bugs in your code with API fuzzing.'), + help_path: Gitlab::Routing.url_helpers.help_page_path( + 'user/application_security/api_fuzzing/index'), + type: 'api_fuzzing' + }, + coverage_fuzzing: { + name: _('Coverage Fuzzing'), + description: _('Find bugs in your code with coverage-guided fuzzing.'), + help_path: Gitlab::Routing.url_helpers.help_page_path( + 'user/application_security/coverage_fuzzing/index'), + config_help_path: Gitlab::Routing.url_helpers.help_page_path( + 'user/application_security/coverage_fuzzing/index', anchor: 'enable-coverage-guided-fuzz-testing'), + type: 'coverage_fuzzing', + secondary: { + type: 'corpus_management', + name: _('Corpus Management'), + description: _('SecurityConfiguration|Manage corpus files used as seed ' \ + 'inputs with coverage-guided fuzzing.'), + configuration_text: _('SecurityConfiguration|Manage corpus') + } + }, + breach_and_attack_simulation: { + anchor: 'bas', + badge: { + always_display: true, + text: _('SecurityConfiguration|Incubating feature'), + tooltip_text: _('SecurityConfiguration|Breach and Attack Simulation is an incubating ' \ + 'feature extending existing security testing by simulating adversary activity.'), + variant: 'info' + }, + description: _('SecurityConfiguration|Simulate breach and attack scenarios against your ' \ + 'running application by attempting to detect and exploit known vulnerabilities.'), + name: _('SecurityConfiguration|Breach and Attack Simulation (BAS)'), + help_path: Gitlab::Routing.url_helpers.help_page_path( + 'user/application_security/breach_and_attack_simulation/index'), + secondary: { + config_help_path: Gitlab::Routing.url_helpers.help_page_path( + 'user/application_security/breach_and_attack_simulation/index', + anchor: 'extend-dynamic-application-security-testing-dast'), + description: _('SecurityConfiguration|Enable incubating Breach and Attack Simulation focused ' \ + 'features such as callback attacks in your DAST scans.'), + name: _('SecurityConfiguration|Out-of-Band Application Security Testing (OAST)') + }, + short_name: _('SecurityConfiguration|BAS'), + type: 'breach_and_attack_simulation' + } + }.freeze + end + # rubocop: enable Metrics/AbcSize + end + end +end diff --git a/lib/gitlab/security/scan_configuration.rb b/lib/gitlab/security/scan_configuration.rb index 18767dd332a..c5faf3f589f 100644 --- a/lib/gitlab/security/scan_configuration.rb +++ b/lib/gitlab/security/scan_configuration.rb @@ -37,6 +37,10 @@ module Gitlab false end + def security_features + Features.data[type] || {} + end + private attr_reader :project, :configured diff --git a/locale/gitlab.pot b/locale/gitlab.pot index b3fd7a978f4..f9c9fff0aae 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -16539,12 +16539,6 @@ msgstr "" msgid "DeletionSettings|Deletion protection" msgstr "" -msgid "DeletionSettings|Only administrators can delete projects." -msgstr "" - -msgid "DeletionSettings|Owners and administrators can delete projects." -msgstr "" - msgid "DeletionSettings|Period that deleted groups and projects will remain restorable for. Personal projects are always deleted immediately." msgstr "" @@ -26686,13 +26680,13 @@ msgstr "" msgid "IssueTracker|New issue URL" msgstr "" -msgid "IssueTracker|The URL to create an issue in the external issue tracker." +msgid "IssueTracker|URL of the project in the external issue tracker." msgstr "" -msgid "IssueTracker|The URL to the project in the external issue tracker." +msgid "IssueTracker|URL to create an issue in the external issue tracker." msgstr "" -msgid "IssueTracker|The URL to view an issue in the external issue tracker. Must contain %{colon_id}." +msgid "IssueTracker|URL to view an issue in the external issue tracker. Must contain %{colon_id}." msgstr "" msgid "IssueTracker|Use Bugzilla as this project's issue tracker." @@ -51772,6 +51766,15 @@ msgstr "" msgid "URL of the external storage to serve the repository static objects." msgstr "" +msgid "URL of the issue." +msgstr "" + +msgid "URL of the new issue." +msgstr "" + +msgid "URL of the project." +msgstr "" + msgid "URL or request ID" msgstr "" diff --git a/spec/lib/gitlab/security/scan_configuration_spec.rb b/spec/lib/gitlab/security/scan_configuration_spec.rb index 9151db3c5ff..706f6664a41 100644 --- a/spec/lib/gitlab/security/scan_configuration_spec.rb +++ b/spec/lib/gitlab/security/scan_configuration_spec.rb @@ -86,4 +86,104 @@ RSpec.describe ::Gitlab::Security::ScanConfiguration do it { is_expected.to be_falsey } end end + + describe '#security_features' do + subject { scan.security_features } + + using RSpec::Parameterized::TableSyntax + + where(:scan_type, :features_hash) do + :sast | { name: "Static Application Security Testing (SAST)", + short_name: "SAST", + description: "Analyze your source code for known vulnerabilities.", + help_path: "/help/user/application_security/sast/index", + config_help_path: "/help/user/application_security/sast/index#configuration", + type: "sast" } + :sast_iac | { name: "Infrastructure as Code (IaC) Scanning", + short_name: "ciReport|SAST IaC", + description: "Analyze your infrastructure as code configuration files for known vulnerabilities.", + help_path: "/help/user/application_security/iac_scanning/index", + config_help_path: "/help/user/application_security/iac_scanning/index#configuration", + type: "sast_iac" } + :dast | { + badge: { text: "Available on demand", + tooltip_text: "On-demand scans run outside of the DevOps " \ + "cycle and find vulnerabilities in your projects", + variant: "info" }, + secondary: { + type: "dast_profiles", + name: "DAST profiles", + description: "SecurityConfiguration|Manage profiles for use by DAST scans.", + configuration_text: "SecurityConfiguration|Manage profiles" + }, + name: "Dynamic Application Security Testing (DAST)", + short_name: "ciReport|DAST", + description: "ciReport|Analyze a deployed version of your web application for known " \ + "vulnerabilities by examining it from the outside in. DAST works by simulating " \ + "external attacks on your application while it is running.", + help_path: "/help/user/application_security/dast/index", + config_help_path: "/help/user/application_security/dast/index#enable-automatic-dast-run", + type: "dast", + anchor: "dast" + } + :dependency_scanning | { name: "Dependency Scanning", + description: "Analyze your dependencies for known vulnerabilities.", + help_path: "/help/user/application_security/dependency_scanning/index", + config_help_path: "/help/user/application_security/dependency_scanning/index#configuration", + type: "dependency_scanning", + anchor: "dependency-scanning" } + :container_scanning | { name: "Container Scanning", + description: "Check your Docker images for known vulnerabilities.", + help_path: "/help/user/application_security/container_scanning/index", + config_help_path: "/help/user/application_security/container_scanning/index#configuration", + type: "container_scanning" } + :secret_detection | { name: "Secret Detection", + description: "Analyze your source code and git history for secrets.", + help_path: "/help/user/application_security/secret_detection/index", + config_help_path: "/help/user/application_security/secret_detection/index#configuration", + type: "secret_detection" } + :api_fuzzing | { name: "API Fuzzing", + description: "Find bugs in your code with API fuzzing.", + help_path: "/help/user/application_security/api_fuzzing/index", + type: "api_fuzzing" } + :coverage_fuzzing | { name: "Coverage Fuzzing", + description: "Find bugs in your code with coverage-guided fuzzing.", + help_path: "/help/user/application_security/coverage_fuzzing/index", + config_help_path: "/help/user/application_security/coverage_fuzzing/index#enable-coverage-guided-fuzz-testing", + type: "coverage_fuzzing", + secondary: { type: "corpus_management", + name: "Corpus Management", + description: "SecurityConfiguration|Manage corpus files used as " \ + "seed inputs with coverage-guided fuzzing.", + configuration_text: "SecurityConfiguration|Manage corpus" } } + :breach_and_attack_simulation | { anchor: "bas", + badge: { always_display: true, + text: "SecurityConfiguration|Incubating feature", + tooltip_text: "SecurityConfiguration|Breach and Attack Simulation is an incubating feature " \ + "extending existing security " \ + "testing by simulating adversary activity.", + variant: "info" }, + description: "SecurityConfiguration|Simulate breach and attack scenarios against your running " \ + "application by attempting to detect " \ + "and exploit known vulnerabilities.", + name: "SecurityConfiguration|Breach and Attack Simulation (BAS)", + help_path: "/help/user/application_security/breach_and_attack_simulation/index", + secondary: { config_help_path: "/help/user/application_security/breach_and_attack_simulation/" \ + "index#extend-dynamic-application-security-testing-dast", + description: "SecurityConfiguration|Enable incubating Breach and " \ + "Attack Simulation focused features " \ + "such as callback attacks in your DAST scans.", + name: "SecurityConfiguration|Out-of-Band Application Security Testing (OAST)" }, + short_name: "SecurityConfiguration|BAS", + type: "breach_and_attack_simulation" } + :invalid | {} + end + + with_them do + let(:type) { scan_type } + let(:configured) { true } + + it { is_expected.to eq features_hash } + end + end end diff --git a/spec/presenters/projects/security/configuration_presenter_spec.rb b/spec/presenters/projects/security/configuration_presenter_spec.rb index fcd170dfd66..9f6efb08fb1 100644 --- a/spec/presenters/projects/security/configuration_presenter_spec.rb +++ b/spec/presenters/projects/security/configuration_presenter_spec.rb @@ -88,6 +88,7 @@ RSpec.describe Projects::Security::ConfigurationPresenter, feature_category: :so expect(feature['can_enable_by_merge_request']).to eq(true) expect(feature['meta_info_path']).to be_nil expect(feature['on_demand_available']).to eq(false) + expect(feature['security_features']).not_to be_empty end context 'when checking features configured status' do |