diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-01-09 20:05:59 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-01-09 20:05:59 +0000 |
commit | 8f414ef222a5098d6f87d5e25283c603228908a1 (patch) | |
tree | 0af521d3b04633206da127d32df5168444e81fce | |
parent | 9fc86114fb1d573d5b1b45986472f9beee83d50d (diff) | |
download | gitlab-ce-8f414ef222a5098d6f87d5e25283c603228908a1.tar.gz |
Add latest changes from gitlab-org/security/gitlab@12-6-stable-ee
47 files changed, 292 insertions, 356 deletions
@@ -327,7 +327,7 @@ group :metrics do gem 'influxdb', '~> 0.2', require: false # Prometheus - gem 'prometheus-client-mmap', '~> 0.9.10' + gem 'prometheus-client-mmap', '~> 0.10.0' gem 'raindrops', '~> 0.18' end diff --git a/Gemfile.lock b/Gemfile.lock index 0e322705862..57e428ca955 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -531,8 +531,8 @@ GEM regexp_parser (~> 1.1) regexp_property_values (~> 0.3) json (1.8.6) - json-jwt (1.9.4) - activesupport + json-jwt (1.11.0) + activesupport (>= 4.2) aes_key_wrap bindata json-schema (2.8.0) @@ -746,7 +746,7 @@ GEM parser unparser procto (0.0.3) - prometheus-client-mmap (0.9.10) + prometheus-client-mmap (0.10.0) pry (0.11.3) coderay (~> 1.1.0) method_source (~> 0.9.0) @@ -1283,7 +1283,7 @@ DEPENDENCIES peek (~> 1.1) pg (~> 1.1) premailer-rails (~> 1.10.3) - prometheus-client-mmap (~> 0.9.10) + prometheus-client-mmap (~> 0.10.0) pry-byebug (~> 3.5.1) pry-rails (~> 0.3.4) rack (~> 2.0.7) diff --git a/app/finders/clusters/knative_serving_namespace_finder.rb b/app/finders/clusters/knative_serving_namespace_finder.rb deleted file mode 100644 index b6cf84beb79..00000000000 --- a/app/finders/clusters/knative_serving_namespace_finder.rb +++ /dev/null @@ -1,25 +0,0 @@ -# frozen_string_literal: true - -module Clusters - class KnativeServingNamespaceFinder - attr_reader :cluster - - def initialize(cluster) - @cluster = cluster - end - - def execute - cluster.kubeclient&.get_namespace(Clusters::Kubernetes::KNATIVE_SERVING_NAMESPACE) - rescue Kubeclient::ResourceNotFoundError - nil - rescue Kubeclient::HttpError => e - # If the kubernetes auth engine is enabled, it will return 403 - if e.error_code == 403 - Gitlab::ErrorTracking.track_exception(e) - nil - else - raise - end - end - end -end diff --git a/app/finders/clusters/knative_version_role_binding_finder.rb b/app/finders/clusters/knative_version_role_binding_finder.rb deleted file mode 100644 index 26f5492840a..00000000000 --- a/app/finders/clusters/knative_version_role_binding_finder.rb +++ /dev/null @@ -1,17 +0,0 @@ -# frozen_string_literal: true - -module Clusters - class KnativeVersionRoleBindingFinder - attr_reader :cluster - - def initialize(cluster) - @cluster = cluster - end - - def execute - cluster.kubeclient&.get_cluster_role_binding(Clusters::Kubernetes::GITLAB_KNATIVE_VERSION_ROLE_BINDING_NAME) - rescue Kubeclient::ResourceNotFoundError - nil - end - end -end diff --git a/app/models/project.rb b/app/models/project.rb index cfdcdbed502..3f6c2d6a448 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -1320,7 +1320,7 @@ class Project < ApplicationRecord end def has_active_hooks?(hooks_scope = :push_hooks) - hooks.hooks_for(hooks_scope).any? || SystemHook.hooks_for(hooks_scope).any? + hooks.hooks_for(hooks_scope).any? || SystemHook.hooks_for(hooks_scope).any? || Gitlab::Plugin.any? end def has_active_services?(hooks_scope = :push_hooks) diff --git a/app/presenters/release_presenter.rb b/app/presenters/release_presenter.rb index b38bbc8d96c..099ac9b09cd 100644 --- a/app/presenters/release_presenter.rb +++ b/app/presenters/release_presenter.rb @@ -40,7 +40,7 @@ class ReleasePresenter < Gitlab::View::Presenter::Delegated def evidence_file_path return unless release.evidence.present? - evidence_project_release_url(project, tag, format: :json) + evidence_project_release_url(project, release.to_param, format: :json) end private diff --git a/app/services/ci/find_exposed_artifacts_service.rb b/app/services/ci/find_exposed_artifacts_service.rb index 5c75af294bf..d268252577f 100644 --- a/app/services/ci/find_exposed_artifacts_service.rb +++ b/app/services/ci/find_exposed_artifacts_service.rb @@ -46,6 +46,8 @@ module Ci # it could contain many. We only need to know whether it has 1 or more # artifacts, so fetching the first 2 would be sufficient. def first_2_metadata_entries_for_artifacts_paths(job) + return [] unless job.artifacts_metadata + job.artifacts_paths .lazy .map { |path| job.artifacts_metadata_entry(path, recursive: true) } diff --git a/app/services/clusters/aws/provision_service.rb b/app/services/clusters/aws/provision_service.rb index 35fe8433b4d..109e4c04a9c 100644 --- a/app/services/clusters/aws/provision_service.rb +++ b/app/services/clusters/aws/provision_service.rb @@ -38,8 +38,7 @@ module Clusters def credentials @credentials ||= Clusters::Aws::FetchCredentialsService.new( provision_role, - provider: provider, - region: provider.region + provider: provider ).execute end diff --git a/app/services/clusters/kubernetes.rb b/app/services/clusters/kubernetes.rb index 59cb1c4b3a9..d29519999b2 100644 --- a/app/services/clusters/kubernetes.rb +++ b/app/services/clusters/kubernetes.rb @@ -12,8 +12,5 @@ module Clusters GITLAB_KNATIVE_SERVING_ROLE_BINDING_NAME = 'gitlab-knative-serving-rolebinding' GITLAB_CROSSPLANE_DATABASE_ROLE_NAME = 'gitlab-crossplane-database-role' GITLAB_CROSSPLANE_DATABASE_ROLE_BINDING_NAME = 'gitlab-crossplane-database-rolebinding' - GITLAB_KNATIVE_VERSION_ROLE_NAME = 'gitlab-knative-version-role' - GITLAB_KNATIVE_VERSION_ROLE_BINDING_NAME = 'gitlab-knative-version-rolebinding' - KNATIVE_SERVING_NAMESPACE = 'knative-serving' end end diff --git a/app/services/clusters/kubernetes/create_or_update_service_account_service.rb b/app/services/clusters/kubernetes/create_or_update_service_account_service.rb index 046046bf5a3..d798dcdcfd3 100644 --- a/app/services/clusters/kubernetes/create_or_update_service_account_service.rb +++ b/app/services/clusters/kubernetes/create_or_update_service_account_service.rb @@ -49,14 +49,8 @@ module Clusters create_or_update_knative_serving_role create_or_update_knative_serving_role_binding - create_or_update_crossplane_database_role create_or_update_crossplane_database_role_binding - - return unless knative_serving_namespace - - create_or_update_knative_version_role - create_or_update_knative_version_role_binding end private @@ -70,12 +64,6 @@ module Clusters ).ensure_exists! end - def knative_serving_namespace - kubeclient.get_namespace(Clusters::Kubernetes::KNATIVE_SERVING_NAMESPACE) - rescue Kubeclient::ResourceNotFoundError - nil - end - def create_role_or_cluster_role_binding if namespace_creator kubeclient.create_or_update_role_binding(role_binding_resource) @@ -100,14 +88,6 @@ module Clusters kubeclient.update_role_binding(crossplane_database_role_binding_resource) end - def create_or_update_knative_version_role - kubeclient.update_cluster_role(knative_version_role_resource) - end - - def create_or_update_knative_version_role_binding - kubeclient.update_cluster_role_binding(knative_version_role_binding_resource) - end - def service_account_resource Gitlab::Kubernetes::ServiceAccount.new( service_account_name, @@ -186,27 +166,6 @@ module Clusters service_account_name: service_account_name ).generate end - - def knative_version_role_resource - Gitlab::Kubernetes::ClusterRole.new( - name: Clusters::Kubernetes::GITLAB_KNATIVE_VERSION_ROLE_NAME, - rules: [{ - apiGroups: %w(apps), - resources: %w(deployments), - verbs: %w(list get) - }] - ).generate - end - - def knative_version_role_binding_resource - subjects = [{ kind: 'ServiceAccount', name: service_account_name, namespace: service_account_namespace }] - - Gitlab::Kubernetes::ClusterRoleBinding.new( - Clusters::Kubernetes::GITLAB_KNATIVE_VERSION_ROLE_BINDING_NAME, - Clusters::Kubernetes::GITLAB_KNATIVE_VERSION_ROLE_NAME, - subjects - ).generate - end end end end diff --git a/changelogs/unreleased/121670-redis-cache-read-error-prevents-cas-users-from-remaining-signed-in.yml b/changelogs/unreleased/121670-redis-cache-read-error-prevents-cas-users-from-remaining-signed-in.yml new file mode 100644 index 00000000000..3a54a6dce20 --- /dev/null +++ b/changelogs/unreleased/121670-redis-cache-read-error-prevents-cas-users-from-remaining-signed-in.yml @@ -0,0 +1,5 @@ +--- +title: Fix CAS users being signed out repeatedly +merge_request: 22704 +author: +type: fixed diff --git a/changelogs/unreleased/121751-new-eks-cluster-results-in-error-unknown-keyword-region.yml b/changelogs/unreleased/121751-new-eks-cluster-results-in-error-unknown-keyword-region.yml new file mode 100644 index 00000000000..09cd2f00fb5 --- /dev/null +++ b/changelogs/unreleased/121751-new-eks-cluster-results-in-error-unknown-keyword-region.yml @@ -0,0 +1,5 @@ +--- +title: Remove unused keyword from EKS provision service +merge_request: 22633 +author: +type: fixed diff --git a/changelogs/unreleased/39119-actioncontroller-urlgenerationerror-no-route-matches-action-evidenc.yml b/changelogs/unreleased/39119-actioncontroller-urlgenerationerror-no-route-matches-action-evidenc.yml new file mode 100644 index 00000000000..25d8ef6651b --- /dev/null +++ b/changelogs/unreleased/39119-actioncontroller-urlgenerationerror-no-route-matches-action-evidenc.yml @@ -0,0 +1,5 @@ +--- +title: Fix releases page when tag contains a slash +merge_request: 22527 +author: +type: fixed diff --git a/changelogs/unreleased/fix-no-artifacts-when-exposed.yml b/changelogs/unreleased/fix-no-artifacts-when-exposed.yml new file mode 100644 index 00000000000..7ca77f520a6 --- /dev/null +++ b/changelogs/unreleased/fix-no-artifacts-when-exposed.yml @@ -0,0 +1,5 @@ +--- +title: Fix bug when trying to expose artifacts and no artifacts are produced by the job +merge_request: 22378 +author: +type: fixed diff --git a/changelogs/unreleased/fix-on-train-method-in-mr.yml b/changelogs/unreleased/fix-on-train-method-in-mr.yml new file mode 100644 index 00000000000..5599964638d --- /dev/null +++ b/changelogs/unreleased/fix-on-train-method-in-mr.yml @@ -0,0 +1,5 @@ +--- +title: Fix RefreshMergeRequestsService raises an exception and unnecessary sidekiq retry +merge_request: 22262 +author: +type: fixed diff --git a/changelogs/unreleased/revert-knative-version-prerequisite.yml b/changelogs/unreleased/revert-knative-version-prerequisite.yml new file mode 100644 index 00000000000..bc0bb1e25f3 --- /dev/null +++ b/changelogs/unreleased/revert-knative-version-prerequisite.yml @@ -0,0 +1,5 @@ +--- +title: Reverts Add RBAC permissions for getting knative version +merge_request: 22560 +author: +type: fixed diff --git a/changelogs/unreleased/sh-bump-json-jwt.yml b/changelogs/unreleased/sh-bump-json-jwt.yml new file mode 100644 index 00000000000..afa8c8bbf20 --- /dev/null +++ b/changelogs/unreleased/sh-bump-json-jwt.yml @@ -0,0 +1,5 @@ +--- +title: Upgrade json-jwt to v1.11.0 +merge_request: 22440 +author: +type: security diff --git a/changelogs/unreleased/sh-disable-prom-metrics-on-failure.yml b/changelogs/unreleased/sh-disable-prom-metrics-on-failure.yml new file mode 100644 index 00000000000..d9db2847d2e --- /dev/null +++ b/changelogs/unreleased/sh-disable-prom-metrics-on-failure.yml @@ -0,0 +1,5 @@ +--- +title: Disable Prometheus metrics if initialization fails +merge_request: 22355 +author: +type: fixed diff --git a/changelogs/unreleased/sh-fix-ci-lint-errors.yml b/changelogs/unreleased/sh-fix-ci-lint-errors.yml new file mode 100644 index 00000000000..5f97b98f3d9 --- /dev/null +++ b/changelogs/unreleased/sh-fix-ci-lint-errors.yml @@ -0,0 +1,5 @@ +--- +title: Gracefully error handle CI lint errors in artifacts section +merge_request: 22388 +author: +type: fixed diff --git a/changelogs/unreleased/sh-fix-plugins-not-executing.yml b/changelogs/unreleased/sh-fix-plugins-not-executing.yml new file mode 100644 index 00000000000..206d8bedc41 --- /dev/null +++ b/changelogs/unreleased/sh-fix-plugins-not-executing.yml @@ -0,0 +1,5 @@ +--- +title: Fix GitLab plugins not working without hooks configured +merge_request: 22409 +author: +type: fixed diff --git a/config/application.rb b/config/application.rb index cad5c8bbe76..33c1c1b90d2 100644 --- a/config/application.rb +++ b/config/application.rb @@ -260,6 +260,10 @@ module Gitlab caching_config_hash[:pool_timeout] = 1 end + # Overrides RedisCacheStore's default value of 0 + # This makes the default value the same with Gitlab::Redis::Cache + caching_config_hash[:reconnect_attempts] ||= ::Redis::Client::DEFAULTS[:reconnect_attempts] + config.cache_store = :redis_cache_store, caching_config_hash config.active_job.queue_adapter = :sidekiq diff --git a/config/initializers/7_prometheus_metrics.rb b/config/initializers/7_prometheus_metrics.rb index c14ee1458bc..383fe6493ad 100644 --- a/config/initializers/7_prometheus_metrics.rb +++ b/config/initializers/7_prometheus_metrics.rb @@ -43,6 +43,9 @@ if !Rails.env.test? && Gitlab::Metrics.prometheus_metrics_enabled? defined?(::Prometheus::Client.reinitialize_on_pid_change) && Prometheus::Client.reinitialize_on_pid_change Gitlab::Metrics::Samplers::RubySampler.initialize_instance(Settings.monitoring.ruby_sampler_interval).start + rescue IOError => e + Gitlab::ErrorTracking.track_exception(e) + Gitlab::Metrics.error_detected! end Gitlab::Cluster::LifecycleEvents.on_master_start do @@ -55,6 +58,9 @@ if !Rails.env.test? && Gitlab::Metrics.prometheus_metrics_enabled? end Gitlab::Metrics::RequestsRackMiddleware.initialize_http_request_duration_seconds + rescue IOError => e + Gitlab::ErrorTracking.track_exception(e) + Gitlab::Metrics.error_detected! end end diff --git a/doc/user/project/clusters/serverless/index.md b/doc/user/project/clusters/serverless/index.md index ae04dbab1a0..9aaf046e78b 100644 --- a/doc/user/project/clusters/serverless/index.md +++ b/doc/user/project/clusters/serverless/index.md @@ -118,8 +118,7 @@ You must do the following: 1. Ensure GitLab can manage Knative: - For a non-GitLab managed cluster, ensure that the service account for the token - provided can manage resources in the `serving.knative.dev` API group. It will also - need list access to the deployments in the `knative-serving` namespace. + provided can manage resources in the `serving.knative.dev` API group. - For a GitLab managed cluster, if you added the cluster in [GitLab 12.1 or later](https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/30235), then GitLab will already have the required access and you can proceed to the next step. @@ -156,19 +155,6 @@ You must do the following: - delete - patch - watch - --- - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: gitlab-knative-version-role - rules: - - apiGroups: - - apps - resources: - - deployments - verbs: - - list - - get ``` Then run the following command: diff --git a/lib/gitlab/ci/build/prerequisite/kubernetes_namespace.rb b/lib/gitlab/ci/build/prerequisite/kubernetes_namespace.rb index 465877871ea..b64990d6a7a 100644 --- a/lib/gitlab/ci/build/prerequisite/kubernetes_namespace.rb +++ b/lib/gitlab/ci/build/prerequisite/kubernetes_namespace.rb @@ -8,7 +8,7 @@ module Gitlab def unmet? deployment_cluster.present? && deployment_cluster.managed? && - (missing_namespace? || need_knative_version_role_binding?) + missing_namespace? end def complete! @@ -23,10 +23,6 @@ module Gitlab kubernetes_namespace.nil? || kubernetes_namespace.service_account_token.blank? end - def need_knative_version_role_binding? - !knative_serving_namespace.nil? && knative_version_role_binding.nil? - end - def deployment_cluster build.deployment&.cluster end @@ -35,22 +31,6 @@ module Gitlab build.deployment.environment end - def knative_serving_namespace - strong_memoize(:knative_serving_namespace) do - Clusters::KnativeServingNamespaceFinder.new( - deployment_cluster - ).execute - end - end - - def knative_version_role_binding - strong_memoize(:knative_version_role_binding) do - Clusters::KnativeVersionRoleBindingFinder.new( - deployment_cluster - ).execute - end - end - def kubernetes_namespace strong_memoize(:kubernetes_namespace) do Clusters::KubernetesNamespaceFinder.new( diff --git a/lib/gitlab/ci/config/entry/artifacts.rb b/lib/gitlab/ci/config/entry/artifacts.rb index 9d8d7675234..aebc1675bec 100644 --- a/lib/gitlab/ci/config/entry/artifacts.rb +++ b/lib/gitlab/ci/config/entry/artifacts.rb @@ -54,6 +54,11 @@ module Gitlab def expose_as_present? return false unless Feature.enabled?(:ci_expose_arbitrary_artifacts_in_mr, default_enabled: true) + # This duplicates the `validates :config, type: Hash` above, + # but Validatable currently doesn't halt the validation + # chain if it encounters a validation error. + return false unless @config.is_a?(Hash) + !@config[:expose_as].nil? end end diff --git a/lib/gitlab/kubernetes/cluster_role.rb b/lib/gitlab/kubernetes/cluster_role.rb deleted file mode 100644 index 4d40736a0b5..00000000000 --- a/lib/gitlab/kubernetes/cluster_role.rb +++ /dev/null @@ -1,29 +0,0 @@ -# frozen_string_literal: true - -module Gitlab - module Kubernetes - class ClusterRole - attr_reader :name, :rules - - def initialize(name:, rules:) - @name = name - @rules = rules - end - - def generate - ::Kubeclient::Resource.new( - metadata: metadata, - rules: rules - ) - end - - private - - def metadata - { - name: name - } - end - end - end -end diff --git a/lib/gitlab/kubernetes/kube_client.rb b/lib/gitlab/kubernetes/kube_client.rb index b23ca095414..66c28a9b702 100644 --- a/lib/gitlab/kubernetes/kube_client.rb +++ b/lib/gitlab/kubernetes/kube_client.rb @@ -56,7 +56,6 @@ module Gitlab # group client delegate :create_cluster_role_binding, :get_cluster_role_binding, - :get_cluster_role_bindings, :update_cluster_role_binding, to: :rbac_client @@ -69,13 +68,6 @@ module Gitlab # RBAC methods delegates to the apis/rbac.authorization.k8s.io api # group client - delegate :create_cluster_role, - :get_cluster_role, - :update_cluster_role, - to: :rbac_client - - # RBAC methods delegates to the apis/rbac.authorization.k8s.io api - # group client delegate :create_role_binding, :get_role_binding, :update_role_binding, diff --git a/lib/gitlab/metrics.rb b/lib/gitlab/metrics.rb index 61ed20ad623..d759ae24051 100644 --- a/lib/gitlab/metrics.rb +++ b/lib/gitlab/metrics.rb @@ -5,8 +5,14 @@ module Gitlab include Gitlab::Metrics::InfluxDb include Gitlab::Metrics::Prometheus + @error = false + def self.enabled? influx_metrics_enabled? || prometheus_metrics_enabled? end + + def self.error? + @error + end end end diff --git a/lib/gitlab/metrics/prometheus.rb b/lib/gitlab/metrics/prometheus.rb index cab1edab48f..757762499a9 100644 --- a/lib/gitlab/metrics/prometheus.rb +++ b/lib/gitlab/metrics/prometheus.rb @@ -61,6 +61,22 @@ module Gitlab safe_provide_metric(:histogram, name, docstring, base_labels, buckets) end + def error_detected! + set_error!(true) + end + + def clear_errors! + set_error!(false) + end + + def set_error!(status) + clear_memoization(:prometheus_metrics_enabled) + + PROVIDER_MUTEX.synchronize do + @error = status + end + end + private def safe_provide_metric(method, name, *args) @@ -81,7 +97,7 @@ module Gitlab end def prometheus_metrics_enabled_unmemoized - metrics_folder_present? && Gitlab::CurrentSettings.prometheus_metrics_enabled || false + !error? && metrics_folder_present? && Gitlab::CurrentSettings.prometheus_metrics_enabled || false end end end diff --git a/lib/gitlab/plugin.rb b/lib/gitlab/plugin.rb index 23353f36025..b6700f4733b 100644 --- a/lib/gitlab/plugin.rb +++ b/lib/gitlab/plugin.rb @@ -2,10 +2,16 @@ module Gitlab module Plugin + def self.any? + plugin_glob.any? { |entry| File.file?(entry) } + end + def self.files - Dir.glob(Rails.root.join('plugins/*')).select do |entry| - File.file?(entry) - end + plugin_glob.select { |entry| File.file?(entry) } + end + + def self.plugin_glob + Dir.glob(Rails.root.join('plugins/*')) end def self.execute_all_async(data) diff --git a/scripts/static-analysis b/scripts/static-analysis index 1392a4f6a23..c26c9a55bb1 100755 --- a/scripts/static-analysis +++ b/scripts/static-analysis @@ -26,6 +26,19 @@ def emit_errors(static_analysis) end end +ALLOWED_WARNINGS = [ + # https://github.com/browserslist/browserslist/blob/d0ec62eb48c41c218478cd3ac28684df051cc865/node.js#L329 + # warns if caniuse-lite package is older than 6 months. Ignore this + # warning message so that GitLab backports don't fail. + "Browserslist: caniuse-lite is outdated. Please run next command `yarn upgrade`" +].freeze + +def warning_count(static_analysis) + static_analysis.warned_results + .reject { |result| ALLOWED_WARNINGS.include?(result.stderr.strip) } + .count +end + def jobs_to_run(node_index, node_total) all_tasks = [ %w[bin/rake lint:all], @@ -81,7 +94,7 @@ elsif static_analysis.all_success? emit_warnings(static_analysis) - exit 2 + exit 2 if warning_count(static_analysis).nonzero? else puts 'Some static analyses failed:' diff --git a/spec/features/boards/sidebar_spec.rb b/spec/features/boards/sidebar_spec.rb index 2b923df40c5..9143db16b87 100644 --- a/spec/features/boards/sidebar_spec.rb +++ b/spec/features/boards/sidebar_spec.rb @@ -318,6 +318,7 @@ describe 'Issue Boards', :js do wait_for_requests click_link bug.title + within('.dropdown-menu-labels') { expect(page).to have_selector('.is-active', count: 3) } click_link regression.title wait_for_requests diff --git a/spec/features/projects/releases/user_views_releases_spec.rb b/spec/features/projects/releases/user_views_releases_spec.rb index a9b8ff9dc4d..4507d90576b 100644 --- a/spec/features/projects/releases/user_views_releases_spec.rb +++ b/spec/features/projects/releases/user_views_releases_spec.rb @@ -57,4 +57,14 @@ describe 'User views releases', :js do expect(page).to have_content('Upcoming Release') end end + + context 'with a tag containing a slash' do + it 'sees the release' do + release = create :release, :with_evidence, project: project, tag: 'debian/2.4.0-1' + visit project_releases_path(project) + + expect(page).to have_content(release.name) + expect(page).to have_content(release.tag) + end + end end diff --git a/spec/finders/clusters/knative_serving_namespace_finder_spec.rb b/spec/finders/clusters/knative_serving_namespace_finder_spec.rb deleted file mode 100644 index f3587df680a..00000000000 --- a/spec/finders/clusters/knative_serving_namespace_finder_spec.rb +++ /dev/null @@ -1,55 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' - -describe Clusters::KnativeServingNamespaceFinder do - include KubernetesHelpers - let(:cluster) { create(:cluster, :project, :provided_by_gcp) } - let(:service) { environment.deployment_platform } - let(:project) { cluster.cluster_project.project } - let(:environment) { create(:environment, project: project) } - - subject { described_class.new(cluster) } - - before do - stub_kubeclient_discover(service.api_url) - end - - it 'finds the namespace in a cluster where it exists' do - stub_kubeclient_get_namespace(service.api_url, namespace: Clusters::Kubernetes::KNATIVE_SERVING_NAMESPACE) - expect(subject.execute).to be_a Kubeclient::Resource - end - - it 'returns nil in a cluster where it does not' do - stub_kubeclient_get_namespace( - service.api_url, - namespace: Clusters::Kubernetes::KNATIVE_SERVING_NAMESPACE, - response: { - status: [404, "Resource Not Found"] - } - ) - expect(subject.execute).to be nil - end - - it 'returns nil in a cluster where the lookup results in a 403 as it will in some versions of kubernetes' do - stub_kubeclient_get_namespace( - service.api_url, - namespace: Clusters::Kubernetes::KNATIVE_SERVING_NAMESPACE, - response: { - status: [403, "Resource Not Found"] - } - ) - expect(subject.execute).to be nil - end - - it 'raises an error if error code is not 404 or 403' do - stub_kubeclient_get_namespace( - service.api_url, - namespace: Clusters::Kubernetes::KNATIVE_SERVING_NAMESPACE, - response: { - status: [500, "Internal Server Error"] - } - ) - expect { subject.execute }.to raise_error(Kubeclient::HttpError) - end -end diff --git a/spec/lib/gitlab/ci/build/prerequisite/kubernetes_namespace_spec.rb b/spec/lib/gitlab/ci/build/prerequisite/kubernetes_namespace_spec.rb index 2493855f851..66240380edd 100644 --- a/spec/lib/gitlab/ci/build/prerequisite/kubernetes_namespace_spec.rb +++ b/spec/lib/gitlab/ci/build/prerequisite/kubernetes_namespace_spec.rb @@ -38,44 +38,12 @@ describe Gitlab::Ci::Build::Prerequisite::KubernetesNamespace do .and_return(double(execute: kubernetes_namespace)) end - context 'and the knative-serving namespace is missing' do - before do - allow(Clusters::KnativeServingNamespaceFinder).to receive(:new) - .and_return(double(execute: false)) - end - - it { is_expected.to be_truthy } - end - - context 'and the knative-serving namespace exists' do - before do - allow(Clusters::KnativeServingNamespaceFinder).to receive(:new) - .and_return(double(execute: true)) - end - - context 'and the knative version role binding is missing' do - before do - allow(Clusters::KnativeVersionRoleBindingFinder).to receive(:new) - .and_return(double(execute: nil)) - end - - it { is_expected.to be_truthy } - end - - context 'and the knative version role binding already exists' do - before do - allow(Clusters::KnativeVersionRoleBindingFinder).to receive(:new) - .and_return(double(execute: true)) - end - - it { is_expected.to be_falsey } + it { is_expected.to be_falsey } - context 'and the service_account_token is blank' do - let(:kubernetes_namespace) { instance_double(Clusters::KubernetesNamespace, service_account_token: nil) } + context 'and the service_account_token is blank' do + let(:kubernetes_namespace) { instance_double(Clusters::KubernetesNamespace, service_account_token: nil) } - it { is_expected.to be_truthy } - end - end + it { is_expected.to be_truthy } end end end @@ -188,24 +156,6 @@ describe Gitlab::Ci::Build::Prerequisite::KubernetesNamespace do subject end end - - context 'knative version role binding is missing' do - before do - allow(Clusters::KubernetesNamespaceFinder).to receive(:new) - .and_return(double(execute: kubernetes_namespace)) - allow(Clusters::KnativeVersionRoleBindingFinder).to receive(:new) - .and_return(double(execute: nil)) - end - - it 'creates the knative version role binding' do - expect(Clusters::Kubernetes::CreateOrUpdateNamespaceService) - .to receive(:new) - .with(cluster: cluster, kubernetes_namespace: kubernetes_namespace) - .and_return(service) - - subject - end - end end context 'completion is not required' do diff --git a/spec/lib/gitlab/ci/yaml_processor_spec.rb b/spec/lib/gitlab/ci/yaml_processor_spec.rb index 8f9c5c74260..fea8073f999 100644 --- a/spec/lib/gitlab/ci/yaml_processor_spec.rb +++ b/spec/lib/gitlab/ci/yaml_processor_spec.rb @@ -1255,6 +1255,19 @@ module Gitlab expect(builds.first[:options][:artifacts][:when]).to eq(when_state) end end + + it "gracefully handles errors in artifacts type" do + config = <<~YAML + test: + script: + - echo "Hello world" + artifacts: + - paths: + - test/ + YAML + + expect { described_class.new(config) }.to raise_error(described_class::ValidationError) + end end describe '#environment' do diff --git a/spec/lib/gitlab/metrics/prometheus_spec.rb b/spec/lib/gitlab/metrics/prometheus_spec.rb index b37624982e2..e15a063fc9e 100644 --- a/spec/lib/gitlab/metrics/prometheus_spec.rb +++ b/spec/lib/gitlab/metrics/prometheus_spec.rb @@ -6,6 +6,10 @@ describe Gitlab::Metrics::Prometheus, :prometheus do let(:all_metrics) { Gitlab::Metrics } let(:registry) { all_metrics.registry } + after do + all_metrics.clear_errors! + end + describe '#reset_registry!' do it 'clears existing metrics' do registry.counter(:test, 'test metric') @@ -17,4 +21,21 @@ describe Gitlab::Metrics::Prometheus, :prometheus do expect(all_metrics.registry.metrics.count).to eq(0) end end + + describe '#error_detected!' do + before do + allow(all_metrics).to receive(:metrics_folder_present?).and_return(true) + stub_application_setting(prometheus_metrics_enabled: true) + end + + it 'disables Prometheus metrics' do + expect(all_metrics.error?).to be_falsey + expect(all_metrics.prometheus_metrics_enabled?).to be_truthy + + all_metrics.error_detected! + + expect(all_metrics.prometheus_metrics_enabled?).to be_falsey + expect(all_metrics.error?).to be_truthy + end + end end diff --git a/spec/lib/gitlab/plugin_spec.rb b/spec/lib/gitlab/plugin_spec.rb index a8ddd774f3f..5d9f6d04caa 100644 --- a/spec/lib/gitlab/plugin_spec.rb +++ b/spec/lib/gitlab/plugin_spec.rb @@ -3,22 +3,59 @@ require 'spec_helper' describe Gitlab::Plugin do + let(:plugin) { Rails.root.join('plugins', 'test.rb') } + let(:tmp_file) { Tempfile.new('plugin-dump') } + + let(:plugin_source) do + <<~EOS + #!/usr/bin/env ruby + x = STDIN.read + File.write('#{tmp_file.path}', x) + EOS + end + + context 'with plugins present' do + before do + File.write(plugin, plugin_source) + end + + after do + FileUtils.rm(plugin) + end + + describe '.any?' do + it 'returns true' do + expect(described_class.any?).to be true + end + end + + describe '.files?' do + it 'returns a list of plugins' do + expect(described_class.files).to match_array([plugin.to_s]) + end + end + end + + context 'without any plugins' do + describe '.any?' do + it 'returns false' do + expect(described_class.any?).to be false + end + end + + describe '.files' do + it 'returns an empty list' do + expect(described_class.files).to be_empty + end + end + end + describe '.execute' do let(:data) { Gitlab::DataBuilder::Push::SAMPLE_DATA } - let(:plugin) { Rails.root.join('plugins', 'test.rb') } - let(:tmp_file) { Tempfile.new('plugin-dump') } let(:result) { described_class.execute(plugin.to_s, data) } let(:success) { result.first } let(:message) { result.last } - let(:plugin_source) do - <<~EOS - #!/usr/bin/env ruby - x = STDIN.read - File.write('#{tmp_file.path}', x) - EOS - end - before do File.write(plugin, plugin_source) end diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb index 99d7e4d156f..d55530bf820 100644 --- a/spec/models/project_spec.rb +++ b/spec/models/project_spec.rb @@ -4714,6 +4714,13 @@ describe Project do expect(project.has_active_hooks?(:merge_request_events)).to be_falsey expect(project.has_active_hooks?).to be_truthy end + + it 'returns true when a plugin exists' do + expect(Gitlab::Plugin).to receive(:any?).twice.and_return(true) + + expect(project.has_active_hooks?(:merge_request_events)).to be_truthy + expect(project.has_active_hooks?).to be_truthy + end end describe '#has_active_services?' do diff --git a/spec/presenters/release_presenter_spec.rb b/spec/presenters/release_presenter_spec.rb index 2f978b0a036..4c6142f2edb 100644 --- a/spec/presenters/release_presenter_spec.rb +++ b/spec/presenters/release_presenter_spec.rb @@ -96,4 +96,28 @@ describe ReleasePresenter do it { is_expected.to be_nil } end end + + describe '#evidence_file_path' do + subject { presenter.evidence_file_path } + + context 'without evidence' do + it { is_expected.to be_falsy } + end + + context 'with evidence' do + let(:release) { create :release, :with_evidence, project: project } + + specify do + is_expected.to match /#{evidence_project_release_url(project, release.tag, format: :json)}/ + end + end + + context 'when a tag contains a slash' do + let(:release) { create :release, :with_evidence, project: project, tag: 'debian/2.4.0-1' } + + specify do + is_expected.to match /#{evidence_project_release_url(project, CGI.escape(release.tag), format: :json)}/ + end + end + end end diff --git a/spec/requests/api/releases_spec.rb b/spec/requests/api/releases_spec.rb index 233f0497b7f..d3fe4c22b1d 100644 --- a/spec/requests/api/releases_spec.rb +++ b/spec/requests/api/releases_spec.rb @@ -115,6 +115,16 @@ describe API::Releases do end end + context 'when tag contains a slash' do + let!(:release) { create(:release, project: project, tag: 'debian/2.4.0-1', description: "debian/2.4.0-1") } + + it 'returns 200 HTTP status' do + get api("/projects/#{project.id}/releases", maintainer) + + expect(response).to have_gitlab_http_status(:ok) + end + end + context 'when user is a guest' do let!(:release) do create(:release, diff --git a/spec/services/ci/find_exposed_artifacts_service_spec.rb b/spec/services/ci/find_exposed_artifacts_service_spec.rb index f6309822fe0..b0f190b0e7a 100644 --- a/spec/services/ci/find_exposed_artifacts_service_spec.rb +++ b/spec/services/ci/find_exposed_artifacts_service_spec.rb @@ -50,10 +50,39 @@ describe Ci::FindExposedArtifactsService do end end + shared_examples 'does not find any matches' do + it 'returns empty array' do + expect(subject).to eq [] + end + end + let_it_be(:pipeline) { create(:ci_pipeline, project: project) } subject { described_class.new(project, user).for_pipeline(pipeline) } + context 'with jobs having no exposed artifacts' do + let!(:job) do + create_job_with_artifacts(artifacts: { + paths: ['other_artifacts_0.1.2/doc_sample.txt', 'something-else.html'] + }) + end + + it_behaves_like 'does not find any matches' + end + + context 'with jobs having no artifacts (metadata)' do + let!(:job) do + create(:ci_build, pipeline: pipeline, options: { + artifacts: { + expose_as: 'Exposed artifact', + paths: ['other_artifacts_0.1.2/doc_sample.txt', 'something-else.html'] + } + }) + end + + it_behaves_like 'does not find any matches' + end + context 'with jobs having at most 1 matching exposed artifact' do let!(:job) do create_job_with_artifacts(artifacts: { diff --git a/spec/services/clusters/aws/provision_service_spec.rb b/spec/services/clusters/aws/provision_service_spec.rb index 927ffaef002..15571c64e13 100644 --- a/spec/services/clusters/aws/provision_service_spec.rb +++ b/spec/services/clusters/aws/provision_service_spec.rb @@ -35,7 +35,7 @@ describe Clusters::Aws::ProvisionService do before do allow(Clusters::Aws::FetchCredentialsService).to receive(:new) - .with(provision_role, provider: provider, region: provider.region) + .with(provision_role, provider: provider) .and_return(double(execute: credentials)) allow(provider).to receive(:api_client) diff --git a/spec/services/clusters/kubernetes/create_or_update_namespace_service_spec.rb b/spec/services/clusters/kubernetes/create_or_update_namespace_service_spec.rb index 5dc4a1dc0b3..bd1a90996a8 100644 --- a/spec/services/clusters/kubernetes/create_or_update_namespace_service_spec.rb +++ b/spec/services/clusters/kubernetes/create_or_update_namespace_service_spec.rb @@ -22,6 +22,7 @@ describe Clusters::Kubernetes::CreateOrUpdateNamespaceService, '#execute' do before do stub_kubeclient_discover(api_url) + stub_kubeclient_get_namespace(api_url) stub_kubeclient_get_service_account_error(api_url, 'gitlab') stub_kubeclient_create_service_account(api_url) stub_kubeclient_get_secret_error(api_url, 'gitlab-token') @@ -30,7 +31,6 @@ describe Clusters::Kubernetes::CreateOrUpdateNamespaceService, '#execute' do stub_kubeclient_get_role_binding(api_url, "gitlab-#{namespace}", namespace: namespace) stub_kubeclient_put_role_binding(api_url, "gitlab-#{namespace}", namespace: namespace) stub_kubeclient_get_namespace(api_url, namespace: namespace) - stub_kubeclient_get_namespace(api_url, namespace: Clusters::Kubernetes::KNATIVE_SERVING_NAMESPACE) stub_kubeclient_get_service_account_error(api_url, "#{namespace}-service-account", namespace: namespace) stub_kubeclient_create_service_account(api_url, namespace: namespace) stub_kubeclient_create_secret(api_url, namespace: namespace) @@ -39,8 +39,6 @@ describe Clusters::Kubernetes::CreateOrUpdateNamespaceService, '#execute' do stub_kubeclient_put_role_binding(api_url, Clusters::Kubernetes::GITLAB_KNATIVE_SERVING_ROLE_BINDING_NAME, namespace: namespace) stub_kubeclient_put_role(api_url, Clusters::Kubernetes::GITLAB_CROSSPLANE_DATABASE_ROLE_NAME, namespace: namespace) stub_kubeclient_put_role_binding(api_url, Clusters::Kubernetes::GITLAB_CROSSPLANE_DATABASE_ROLE_BINDING_NAME, namespace: namespace) - stub_kubeclient_put_cluster_role(api_url, Clusters::Kubernetes::GITLAB_KNATIVE_VERSION_ROLE_NAME) - stub_kubeclient_put_cluster_role_binding(api_url, Clusters::Kubernetes::GITLAB_KNATIVE_VERSION_ROLE_BINDING_NAME) stub_kubeclient_get_secret( api_url, diff --git a/spec/services/clusters/kubernetes/create_or_update_service_account_service_spec.rb b/spec/services/clusters/kubernetes/create_or_update_service_account_service_spec.rb index 1ca3c50c46c..4df73fcc2ae 100644 --- a/spec/services/clusters/kubernetes/create_or_update_service_account_service_spec.rb +++ b/spec/services/clusters/kubernetes/create_or_update_service_account_service_spec.rb @@ -141,15 +141,12 @@ describe Clusters::Kubernetes::CreateOrUpdateServiceAccountService do before do cluster.platform_kubernetes.rbac! - stub_kubeclient_get_namespace(api_url, namespace: Clusters::Kubernetes::KNATIVE_SERVING_NAMESPACE) stub_kubeclient_get_role_binding_error(api_url, role_binding_name, namespace: namespace) stub_kubeclient_create_role_binding(api_url, namespace: namespace) stub_kubeclient_put_role(api_url, Clusters::Kubernetes::GITLAB_KNATIVE_SERVING_ROLE_NAME, namespace: namespace) stub_kubeclient_put_role_binding(api_url, Clusters::Kubernetes::GITLAB_KNATIVE_SERVING_ROLE_BINDING_NAME, namespace: namespace) stub_kubeclient_put_role(api_url, Clusters::Kubernetes::GITLAB_CROSSPLANE_DATABASE_ROLE_NAME, namespace: namespace) stub_kubeclient_put_role_binding(api_url, Clusters::Kubernetes::GITLAB_CROSSPLANE_DATABASE_ROLE_BINDING_NAME, namespace: namespace) - stub_kubeclient_put_cluster_role(api_url, Clusters::Kubernetes::GITLAB_KNATIVE_VERSION_ROLE_NAME) - stub_kubeclient_put_cluster_role_binding(api_url, Clusters::Kubernetes::GITLAB_KNATIVE_VERSION_ROLE_BINDING_NAME) end it_behaves_like 'creates service account and token' @@ -237,30 +234,6 @@ describe Clusters::Kubernetes::CreateOrUpdateServiceAccountService do ) ) end - - it 'creates a role and role binding granting the ability to get the version of deployments in knative-serving namespace' do - subject - - expect(WebMock).to have_requested(:put, api_url + "/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/#{Clusters::Kubernetes::GITLAB_KNATIVE_VERSION_ROLE_BINDING_NAME}").with( - body: hash_including( - metadata: { - name: Clusters::Kubernetes::GITLAB_KNATIVE_VERSION_ROLE_BINDING_NAME - }, - roleRef: { - apiGroup: "rbac.authorization.k8s.io", - kind: "ClusterRole", - name: Clusters::Kubernetes::GITLAB_KNATIVE_VERSION_ROLE_NAME - }, - subjects: [ - { - kind: "ServiceAccount", - name: service_account_name, - namespace: namespace - } - ] - ) - ) - end end end end diff --git a/spec/services/clusters/kubernetes_spec.rb b/spec/services/clusters/kubernetes_spec.rb index 7f2c5e0461d..09cc304debe 100644 --- a/spec/services/clusters/kubernetes_spec.rb +++ b/spec/services/clusters/kubernetes_spec.rb @@ -13,7 +13,4 @@ describe Clusters::Kubernetes do it { is_expected.to be_const_defined(:GITLAB_KNATIVE_SERVING_ROLE_BINDING_NAME) } it { is_expected.to be_const_defined(:GITLAB_CROSSPLANE_DATABASE_ROLE_NAME) } it { is_expected.to be_const_defined(:GITLAB_CROSSPLANE_DATABASE_ROLE_BINDING_NAME) } - it { is_expected.to be_const_defined(:GITLAB_KNATIVE_VERSION_ROLE_NAME) } - it { is_expected.to be_const_defined(:GITLAB_KNATIVE_VERSION_ROLE_BINDING_NAME) } - it { is_expected.to be_const_defined(:KNATIVE_SERVING_NAMESPACE) } end diff --git a/spec/support/helpers/kubernetes_helpers.rb b/spec/support/helpers/kubernetes_helpers.rb index b2145ca729f..9435a0e1487 100644 --- a/spec/support/helpers/kubernetes_helpers.rb +++ b/spec/support/helpers/kubernetes_helpers.rb @@ -194,11 +194,6 @@ module KubernetesHelpers .to_return(kube_response({})) end - def stub_kubeclient_put_cluster_role_binding(api_url, name) - WebMock.stub_request(:put, api_url + "/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/#{name}") - .to_return(kube_response({})) - end - def stub_kubeclient_get_role_binding(api_url, name, namespace: 'default') WebMock.stub_request(:get, api_url + "/apis/rbac.authorization.k8s.io/v1/namespaces/#{namespace}/rolebindings/#{name}") .to_return(kube_response({})) @@ -224,18 +219,8 @@ module KubernetesHelpers .to_return(kube_response({})) end - def stub_kubeclient_get_namespaces(api_url) - WebMock.stub_request(:get, api_url + '/api/v1/namespaces') - .to_return(kube_response(kube_v1_namespace_list_body)) - end - - def stub_kubeclient_get_namespace(api_url, namespace: 'default', response: kube_response({})) + def stub_kubeclient_get_namespace(api_url, namespace: 'default') WebMock.stub_request(:get, api_url + "/api/v1/namespaces/#{namespace}") - .to_return(response) - end - - def stub_kubeclient_put_cluster_role(api_url, name) - WebMock.stub_request(:put, api_url + "/apis/rbac.authorization.k8s.io/v1/clusterroles/#{name}") .to_return(kube_response({})) end @@ -272,20 +257,6 @@ module KubernetesHelpers } end - def kube_v1_namespace_list_body - { - "kind" => "NamespaceList", - "apiVersion" => "v1", - "items" => [ - { - "metadata" => { - "name" => "knative-serving" - } - } - ] - } - end - def kube_v1beta1_discovery_body { "kind" => "APIResourceList", |