From 0b320988a8c4fee1c92e78cd46c6dd11c6af7e18 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Mon, 5 Jun 2023 03:08:44 +0000 Subject: Add latest changes from gitlab-org/gitlab@master --- app/models/organizations/organization.rb | 4 ++++ app/services/issuable/destroy_service.rb | 4 ++++ db/migrate/20230530112122_add_path_to_organizations.rb | 18 ++++++++++++++++++ ...230530112602_add_text_limit_on_organization_path.rb | 13 +++++++++++++ ...30530114845_cleanup_organizations_with_null_path.rb | 18 ++++++++++++++++++ ...230530115830_remove_default_on_organization_path.rb | 11 +++++++++++ db/schema_migrations/20230530112122 | 1 + db/schema_migrations/20230530112602 | 1 + db/schema_migrations/20230530114845 | 1 + db/schema_migrations/20230530115830 | 1 + db/structure.sql | 4 ++++ doc/user/application_security/policies/index.md | 1 + spec/factories/organizations/organizations.rb | 1 + spec/models/organizations/organization_spec.rb | 2 ++ 14 files changed, 80 insertions(+) create mode 100644 db/migrate/20230530112122_add_path_to_organizations.rb create mode 100644 db/migrate/20230530112602_add_text_limit_on_organization_path.rb create mode 100644 db/post_migrate/20230530114845_cleanup_organizations_with_null_path.rb create mode 100644 db/post_migrate/20230530115830_remove_default_on_organization_path.rb create mode 100644 db/schema_migrations/20230530112122 create mode 100644 db/schema_migrations/20230530112602 create mode 100644 db/schema_migrations/20230530114845 create mode 100644 db/schema_migrations/20230530115830 diff --git a/app/models/organizations/organization.rb b/app/models/organizations/organization.rb index ee082e12c18..5eaef1419c1 100644 --- a/app/models/organizations/organization.rb +++ b/app/models/organizations/organization.rb @@ -15,6 +15,10 @@ module Organizations presence: true, length: { maximum: 255 } + validates :path, + presence: true, + length: { minimum: 2, maximum: 255 } + def default? id == DEFAULT_ORGANIZATION_ID end diff --git a/app/services/issuable/destroy_service.rb b/app/services/issuable/destroy_service.rb index 261afb767bb..47770d101f9 100644 --- a/app/services/issuable/destroy_service.rb +++ b/app/services/issuable/destroy_service.rb @@ -8,11 +8,15 @@ module Issuable end def execute(issuable) + before_destroy(issuable) after_destroy(issuable) if issuable.destroy end private + # overriden in EE + def before_destroy(issuable); end + def after_destroy(issuable) delete_associated_records(issuable) issuable.update_project_counter_caches diff --git a/db/migrate/20230530112122_add_path_to_organizations.rb b/db/migrate/20230530112122_add_path_to_organizations.rb new file mode 100644 index 00000000000..fbd037f1251 --- /dev/null +++ b/db/migrate/20230530112122_add_path_to_organizations.rb @@ -0,0 +1,18 @@ +# frozen_string_literal: true + +class AddPathToOrganizations < Gitlab::Database::Migration[2.1] + disable_ddl_transaction! + + INDEX_NAME = 'unique_organizations_on_path' + + def up + # text limit is added in 20230530112602_add_text_limit_on_organization_path + add_column :organizations, :path, :text, null: false, default: '', if_not_exists: true # rubocop:disable Migration/AddLimitToTextColumns + + add_concurrent_index :organizations, :path, name: INDEX_NAME, unique: true + end + + def down + remove_column :organizations, :path, if_exists: true + end +end diff --git a/db/migrate/20230530112602_add_text_limit_on_organization_path.rb b/db/migrate/20230530112602_add_text_limit_on_organization_path.rb new file mode 100644 index 00000000000..6eb9105cf97 --- /dev/null +++ b/db/migrate/20230530112602_add_text_limit_on_organization_path.rb @@ -0,0 +1,13 @@ +# frozen_string_literal: true + +class AddTextLimitOnOrganizationPath < Gitlab::Database::Migration[2.1] + disable_ddl_transaction! + + def up + add_text_limit :organizations, :path, 255 + end + + def down + remove_text_limit :organizations, :path + end +end diff --git a/db/post_migrate/20230530114845_cleanup_organizations_with_null_path.rb b/db/post_migrate/20230530114845_cleanup_organizations_with_null_path.rb new file mode 100644 index 00000000000..6d04bf6e4ec --- /dev/null +++ b/db/post_migrate/20230530114845_cleanup_organizations_with_null_path.rb @@ -0,0 +1,18 @@ +# frozen_string_literal: true + +class CleanupOrganizationsWithNullPath < Gitlab::Database::Migration[2.1] + restrict_gitlab_migration gitlab_schema: :gitlab_main + + module Organizations + class Organization < Gitlab::Database::Migration[2.1]::MigrationRecord + end + end + + def up + Organizations::Organization.update_all("path = lower(name)") + end + + def down + Organizations::Organization.update_all(path: '') + end +end diff --git a/db/post_migrate/20230530115830_remove_default_on_organization_path.rb b/db/post_migrate/20230530115830_remove_default_on_organization_path.rb new file mode 100644 index 00000000000..82c71d5fef3 --- /dev/null +++ b/db/post_migrate/20230530115830_remove_default_on_organization_path.rb @@ -0,0 +1,11 @@ +# frozen_string_literal: true + +class RemoveDefaultOnOrganizationPath < Gitlab::Database::Migration[2.1] + def up + change_column_default :organizations, :path, nil + end + + def down + change_column_default :organizations, :path, '' + end +end diff --git a/db/schema_migrations/20230530112122 b/db/schema_migrations/20230530112122 new file mode 100644 index 00000000000..6c8fc76ba31 --- /dev/null +++ b/db/schema_migrations/20230530112122 @@ -0,0 +1 @@ +f42b0e96388af93c226418f09c2b81a31677f9ba9fe10aa357f2b88ea1d415d8 \ No newline at end of file diff --git a/db/schema_migrations/20230530112602 b/db/schema_migrations/20230530112602 new file mode 100644 index 00000000000..4d1e17322d8 --- /dev/null +++ b/db/schema_migrations/20230530112602 @@ -0,0 +1 @@ +81dca424fac6ac462d15b8bb03bb272de970f6a701b3cbd78e86587bfa2a5733 \ No newline at end of file diff --git a/db/schema_migrations/20230530114845 b/db/schema_migrations/20230530114845 new file mode 100644 index 00000000000..57327b54419 --- /dev/null +++ b/db/schema_migrations/20230530114845 @@ -0,0 +1 @@ +442196dbc3b0e8669e697971cf74b1235d35211ea6db1d861eca80dd277e7f9a \ No newline at end of file diff --git a/db/schema_migrations/20230530115830 b/db/schema_migrations/20230530115830 new file mode 100644 index 00000000000..99371531685 --- /dev/null +++ b/db/schema_migrations/20230530115830 @@ -0,0 +1 @@ +6e78a4ca76337129033cc9660ac203eb12187665ab5bb404fe6d8e3e5764365b \ No newline at end of file diff --git a/db/structure.sql b/db/structure.sql index 7822973b778..904b6a3e79c 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -19240,6 +19240,8 @@ CREATE TABLE organizations ( created_at timestamp with time zone NOT NULL, updated_at timestamp with time zone NOT NULL, name text DEFAULT ''::text NOT NULL, + path text NOT NULL, + CONSTRAINT check_0b4296b5ea CHECK ((char_length(path) <= 255)), CONSTRAINT check_d130d769e0 CHECK ((char_length(name) <= 255)) ); @@ -33276,6 +33278,8 @@ CREATE UNIQUE INDEX unique_index_on_system_note_metadata_id ON resource_link_eve CREATE UNIQUE INDEX unique_merge_request_metrics_by_merge_request_id ON merge_request_metrics USING btree (merge_request_id); +CREATE UNIQUE INDEX unique_organizations_on_path ON organizations USING btree (path); + CREATE UNIQUE INDEX unique_packages_project_id_and_name_and_version_when_debian ON packages_packages USING btree (project_id, name, version) WHERE ((package_type = 9) AND (status <> 4)); CREATE UNIQUE INDEX unique_postgres_async_fk_validations_name_and_table_name ON postgres_async_foreign_key_validations USING btree (name, table_name); diff --git a/doc/user/application_security/policies/index.md b/doc/user/application_security/policies/index.md index 0d821f8e47c..0b5ea6993a2 100644 --- a/doc/user/application_security/policies/index.md +++ b/doc/user/application_security/policies/index.md @@ -150,5 +150,6 @@ The workaround is to amend your group or instance push rules to allow branches f - When scheduling pipelines, keep in mind that CRON scheduling is based on UTC on GitLab SaaS and is based on your server time for self managed instances. When testing new policies, it may appear pipelines are not running properly when in fact they are scheduled in your server's timezone. - When enforcing scan execution policies, the target project's pipeline is triggered by the user who last updated the security policy project's `policy.yml` file. The user must have permission to trigger the pipeline in the project for the policy to be enforced, and the pipeline to run. Work to address this is being tracked in [issue 394958](https://gitlab.com/gitlab-org/gitlab/-/issues/394958). - You should not link a security policy project to a development project and to the group or sub-group the development project belongs to at the same time. Linking this way will result in approval rules from the Scan Result Policy not being applied to merge requests in the development project. +- When creating a Scan Result Policy, neither the array `severity_levels` nor the array `vulnerability_states` in the [scan_finding rule](../policies/scan-result-policies.md#scan_finding-rule-type) can be left empty; for a working rule, at least one entry must exist. If you are still experiencing issues, you can [view recent reported bugs](https://gitlab.com/gitlab-org/gitlab/-/issues/?sort=popularity&state=opened&label_name%5B%5D=group%3A%3Asecurity%20policies&label_name%5B%5D=type%3A%3Abug&first_page_size=20) and raise new unreported issues. diff --git a/spec/factories/organizations/organizations.rb b/spec/factories/organizations/organizations.rb index 5e609cf3d49..c916b966abc 100644 --- a/spec/factories/organizations/organizations.rb +++ b/spec/factories/organizations/organizations.rb @@ -3,6 +3,7 @@ FactoryBot.define do factory :organization, class: 'Organizations::Organization' do sequence(:name) { |n| "Organization ##{n}" } + path { name.parameterize } trait :default do id { Organizations::Organization::DEFAULT_ORGANIZATION_ID } diff --git a/spec/models/organizations/organization_spec.rb b/spec/models/organizations/organization_spec.rb index fd4676fbfe3..bb3d0c2307d 100644 --- a/spec/models/organizations/organization_spec.rb +++ b/spec/models/organizations/organization_spec.rb @@ -16,6 +16,8 @@ RSpec.describe Organizations::Organization, type: :model, feature_category: :cel it { is_expected.to validate_presence_of(:name) } it { is_expected.to validate_length_of(:name).is_at_most(255) } + it { is_expected.to validate_presence_of(:path) } + it { is_expected.to validate_length_of(:path).is_at_least(2).is_at_most(255) } end context 'when using scopes' do -- cgit v1.2.3