10 files changed, 32 insertions, 23 deletions

diff --git a/app/assets/javascripts/error_tracking/components/error_details_info.vue b/app/assets/javascripts/error_tracking/components/error_details_info.vue
index 0b4eabe25d1..3db946acdfc 100644
--- a/app/assets/javascripts/error_tracking/components/error_details_info.vue
+++ b/app/assets/javascripts/error_tracking/components/error_details_info.vue
@@ -74,7 +74,9 @@ export default {
         </template>
       </gl-card>
 
+      <!-- user count is currently not supported for integrated error tracking https://gitlab.com/gitlab-org/opstrace/opstrace/-/issues/2345 -->
       <gl-card
+        v-if="!error.integrated"
         :class="$options.CARD_CLASS"
         :body-class="$options.BODY_CLASS"
         :header-class="$options.HEADER_CLASS"
diff --git a/app/assets/javascripts/error_tracking/components/error_tracking_list.vue b/app/assets/javascripts/error_tracking/components/error_tracking_list.vue
index 95ae5e5a92c..95b47a9e491 100644
--- a/app/assets/javascripts/error_tracking/components/error_tracking_list.vue
+++ b/app/assets/javascripts/error_tracking/components/error_tracking_list.vue
@@ -76,7 +76,7 @@ export default {
     {
       key: 'status',
       label: '',
-      tdClass: `${tableDataClass}`,
+      tdClass: `${tableDataClass} gl-text-center`,
     },
   ],
   statusFilters: {
@@ -182,6 +182,13 @@ export default {
     showIntegratedDisabledAlert() {
       return !this.isAlertDismissed && this.showIntegratedTrackingDisabledAlert;
     },
+    fields() {
+      if (this.integratedErrorTrackingEnabled) {
+        // user count is currently not supported for integrated error tracking https://gitlab.com/gitlab-org/opstrace/opstrace/-/issues/2345
+        return this.$options.fields.filter((field) => field.key !== 'users');
+      }
+      return this.$options.fields;
+    },
   },
   watch: {
     pagination() {
@@ -417,7 +424,7 @@ export default {
         <gl-table
           class="error-list-table gl-mt-5"
           :items="errors"
-          :fields="$options.fields"
+          :fields="fields"
           :show-empty="true"
           fixed
           stacked="md"
diff --git a/app/controllers/concerns/enforces_two_factor_authentication.rb b/app/controllers/concerns/enforces_two_factor_authentication.rb
index 24475909b62..81130fcd6a6 100644
--- a/app/controllers/concerns/enforces_two_factor_authentication.rb
+++ b/app/controllers/concerns/enforces_two_factor_authentication.rb
@@ -46,15 +46,11 @@ module EnforcesTwoFactorAuthentication
   end
 
   # rubocop: disable CodeReuse/ActiveRecord
-  def two_factor_authentication_reason(global: -> {}, group: -> {})
-    if two_factor_authentication_required?
-      if Gitlab::CurrentSettings.require_two_factor_authentication?
-        global.call
-      else
-        groups = current_user.source_groups_of_two_factor_authentication_requirement.reorder(name: :asc)
-        group.call(groups)
-      end
-    end
+  def execute_action_for_2fa_reason(actions)
+    reason = two_factor_verifier.two_factor_authentication_reason
+    groups_enforcing_two_factor = current_user.source_groups_of_two_factor_authentication_requirement
+                                              .reorder(name: :asc)
+    actions[reason].call(groups_enforcing_two_factor)
   end
   # rubocop: enable CodeReuse/ActiveRecord
 
diff --git a/app/controllers/profiles/two_factor_auths_controller.rb b/app/controllers/profiles/two_factor_auths_controller.rb
index f1646027e8e..5a956a14552 100644
--- a/app/controllers/profiles/two_factor_auths_controller.rb
+++ b/app/controllers/profiles/two_factor_auths_controller.rb
@@ -207,15 +207,19 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
 
   def setup_show_page
     if two_factor_authentication_required? && !current_user.two_factor_enabled?
-      two_factor_authentication_reason(
-        global: lambda do
+      two_factor_auth_actions = {
+        global: lambda do |_|
           flash.now[:alert] =
             _('The global settings require you to enable Two-Factor Authentication for your account.')
         end,
+        admin_2fa: lambda do |_|
+          flash.now[:alert] = _('Administrator users are required to enable Two-Factor Authentication for their account.')
+        end,
         group: lambda do |groups|
           flash.now[:alert] = groups_notification(groups)
         end
-      )
+      }
+      execute_action_for_2fa_reason(two_factor_auth_actions)
 
       unless two_factor_grace_period_expired?
         grace_period_deadline = current_user.otp_grace_period_started_at + two_factor_grace_period.hours
diff --git a/app/graphql/types/ci/catalog/resources/version_type.rb b/app/graphql/types/ci/catalog/resources/version_type.rb
index c568403f320..b52a1c6b13d 100644
--- a/app/graphql/types/ci/catalog/resources/version_type.rb
+++ b/app/graphql/types/ci/catalog/resources/version_type.rb
@@ -20,18 +20,10 @@ module Types
           field :released_at, Types::TimeType, null: true, description: 'Timestamp of when the version was released.',
             alpha: { milestone: '16.7' }
 
-          field :tag_name, GraphQL::Types::String, null: true, method: :name,
-            description: 'Deprecated in 16.8. Use name.',
-            alpha: { milestone: '16.7' }
-
           field :name, GraphQL::Types::String, null: true,
             description: 'Name that uniquely identifies the version within the catalog resource.',
             alpha: { milestone: '16.8' }
 
-          field :tag_path, GraphQL::Types::String, null: true, method: :path,
-            description: 'Deprecated in 16.8. Use path.',
-            alpha: { milestone: '16.7' }
-
           field :path, GraphQL::Types::String, null: true,
             description: 'Relative web path to the version.',
             alpha: { milestone: '16.8' }
diff --git a/app/helpers/application_settings_helper.rb b/app/helpers/application_settings_helper.rb
index 919fc485d64..b9a59047238 100644
--- a/app/helpers/application_settings_helper.rb
+++ b/app/helpers/application_settings_helper.rb
@@ -353,6 +353,7 @@ module ApplicationSettingsHelper
       :repository_checks_enabled,
       :repository_storages_weighted,
       :require_admin_approval_after_user_signup,
+      :require_admin_two_factor_authentication,
       :require_two_factor_authentication,
       :remember_me_enabled,
       :restricted_visibility_levels,
diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb
index cb533a5e99d..d1dfc051b25 100644
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -835,6 +835,9 @@ class ApplicationSetting < MainClusterwide::ApplicationRecord
   validates :math_rendering_limits_enabled,
     inclusion: { in: [true, false], message: N_('must be a boolean value') }
 
+  validates :require_admin_two_factor_authentication,
+    inclusion: { in: [true, false], message: N_('must be a boolean value') }
+
   before_validation :ensure_uuid!
   before_validation :coerce_repository_storages_weighted, if: :repository_storages_weighted_changed?
   before_validation :normalize_default_branch_name
diff --git a/app/models/application_setting_implementation.rb b/app/models/application_setting_implementation.rb
index eddc508a6ee..e18476bbae6 100644
--- a/app/models/application_setting_implementation.rb
+++ b/app/models/application_setting_implementation.rb
@@ -79,6 +79,7 @@ module ApplicationSettingImplementation
         ecdsa_sk_key_restriction: default_min_key_size(:ecdsa_sk),
         ed25519_key_restriction: default_min_key_size(:ed25519),
         ed25519_sk_key_restriction: default_min_key_size(:ed25519_sk),
+        require_admin_two_factor_authentication: false,
         eks_access_key_id: nil,
         eks_account_id: nil,
         eks_integration_enabled: false,
diff --git a/app/views/admin/application_settings/_signin.html.haml b/app/views/admin/application_settings/_signin.html.haml
index 2b972a2d7f1..3d3d4ab29d1 100644
--- a/app/views/admin/application_settings/_signin.html.haml
+++ b/app/views/admin/application_settings/_signin.html.haml
@@ -24,6 +24,9 @@
         _('Enforce two-factor authentication'),
         help_text: '%{help_text} %{help_link}'.html_safe % { help_text: help_text, help_link: help_link }
     .form-group
+      = f.label :require_admin_two_factor_authentication, _('Enforce Two-Factor authentication for administrator users'), class: 'label-bold'
+      = f.gitlab_ui_checkbox_component :require_admin_two_factor_authentication, _('Require administrators to enable 2FA')
+    .form-group
       = f.label :two_factor_authentication, _('Two-factor grace period'), class: 'label-bold'
       = f.number_field :two_factor_grace_period, min: 0, class: 'form-control gl-form-input', placeholder: '0'
       .form-text.text-muted
diff --git a/app/views/layouts/_snowplow.html.haml b/app/views/layouts/_snowplow.html.haml
index 7cb4abd06d6..503b38496f7 100644
--- a/app/views/layouts/_snowplow.html.haml
+++ b/app/views/layouts/_snowplow.html.haml
@@ -2,7 +2,7 @@
 
 - namespace = @group || @project&.namespace || @namespace
 = webpack_bundle_tag 'tracker'
-- if Gitlab.com? && Feature.enabled?(:browsersdk_tracking) && Feature.enabled?(:gl_analytics_tracking, Feature.current_request)
+- if Gitlab.com? && Feature.enabled?(:gl_analytics_tracking, Feature.current_request)
   = webpack_bundle_tag 'analytics'
 = javascript_tag do
   :plain