summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2022-02-08 16:54:12 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2022-02-08 16:54:12 +0000
commit9104dda057cc7f2c65f07e509013f3cff10db590 (patch)
tree74af16bfb1bc2afc23fb385727fda39b0f211862
parent2b77b43bec240eb5ed2c5422eb810df5eb8edfcc (diff)
downloadgitlab-ce-9104dda057cc7f2c65f07e509013f3cff10db590.tar.gz
Add latest changes from gitlab-org/gitlab@14-7-stable-ee
-rw-r--r--Gemfile.lock2
-rw-r--r--app/assets/javascripts/pages/admin/index.js2
-rw-r--r--app/controllers/application_controller.rb2
-rw-r--r--app/models/clusters/concerns/elasticsearch_client.rb2
-rw-r--r--data/whats_new/202201200001_14_07.yml42
-rw-r--r--lib/gitlab/gitaly_client.rb3
-rw-r--r--spec/features/admin/dashboard_spec.rb10
-rw-r--r--spec/support/shared_examples/models/clusters/elastic_stack_client_shared.rb2
8 files changed, 59 insertions, 6 deletions
diff --git a/Gemfile.lock b/Gemfile.lock
index 797a72ce943..4fd0bf053c4 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1121,7 +1121,7 @@ GEM
rubocop-ast (>= 0.7.1)
ruby-fogbugz (0.2.1)
crack (~> 0.4)
- ruby-magic (0.5.3)
+ ruby-magic (0.5.4)
mini_portile2 (~> 2.6)
ruby-prof (1.3.1)
ruby-progressbar (1.11.0)
diff --git a/app/assets/javascripts/pages/admin/index.js b/app/assets/javascripts/pages/admin/index.js
index 8d5dfd689e8..f0f85b82e2b 100644
--- a/app/assets/javascripts/pages/admin/index.js
+++ b/app/assets/javascripts/pages/admin/index.js
@@ -1,8 +1,10 @@
+import initGitlabVersionCheck from '~/gitlab_version_check';
import initAdminStatisticsPanel from '../../admin/statistics_panel/index';
import initVueAlerts from '../../vue_alerts';
import initAdmin from './admin';
initVueAlerts();
+initGitlabVersionCheck();
const statisticsPanelContainer = document.getElementById('js-admin-statistics-container');
initAdmin();
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index d3ecbdcc1f6..8e758c669db 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -273,7 +273,7 @@ class ApplicationController < ActionController::Base
end
def default_headers
- headers['X-Frame-Options'] = 'DENY'
+ headers['X-Frame-Options'] = 'SAMEORIGIN'
headers['X-XSS-Protection'] = '1; mode=block'
headers['X-UA-Compatible'] = 'IE=edge'
headers['X-Content-Type-Options'] = 'nosniff'
diff --git a/app/models/clusters/concerns/elasticsearch_client.rb b/app/models/clusters/concerns/elasticsearch_client.rb
index 7b0b6bdae02..e9aab7897a8 100644
--- a/app/models/clusters/concerns/elasticsearch_client.rb
+++ b/app/models/clusters/concerns/elasticsearch_client.rb
@@ -15,7 +15,7 @@ module Clusters
proxy_url = kube_client.proxy_url('service', service_name, ELASTICSEARCH_PORT, ELASTICSEARCH_NAMESPACE)
- Elasticsearch::Client.new(url: proxy_url) do |faraday|
+ Elasticsearch::Client.new(url: proxy_url, adapter: :net_http) do |faraday|
# ensures headers containing auth data are appended to original client options
faraday.headers.merge!(kube_client.headers)
# ensure TLS certs are properly verified
diff --git a/data/whats_new/202201200001_14_07.yml b/data/whats_new/202201200001_14_07.yml
new file mode 100644
index 00000000000..4f260ee8a8c
--- /dev/null
+++ b/data/whats_new/202201200001_14_07.yml
@@ -0,0 +1,42 @@
+- title: GitLab Runner compliant with FIPS 140-2
+ body: |
+ For some GitLab customers, U.S. government regulatory requirements require the use of FIPS (Federal Information Processing Standards) compliant software. The FIPS 140-2 and FIPS 140-3 publications define the security requirements for cryptographic modules used in computer and telecommunication systems, and within cyber systems that protect sensitive information. GitLab Runner is now FIPS 140-2 compliant for AMD64 compute architectures and Red Hat Enterprise Linux (RHEL) distributions. Refer to [this epic](https://gitlab.com/groups/gitlab-org/-/epics/5104) to follow the discussions about making GitLab FIPS compliant.
+ stage: Verify
+ self-managed: true
+ gitlab-com: false
+ packages: [Free, Premium, Ultimate]
+ url: 'https://docs.gitlab.com/runner/install/index.html#fips-compliant-gitlab-runner'
+ image_url: https://about.gitlab.com/images/growth/verify.png
+ published_at: 2022-01-22
+ release: 14.7
+- title: Streaming audit events
+ body: |
+ You can now stream audit events to a destination of your choosing! This is a great way to correlate GitLab audit events with other data streams you have, maintain a backup of audit events, or build out your own automation to take action when a specific audit event happens.
+
+ You can specify an HTTPS endpoint with our new GraphQL API and events are sent to it as webhooks. These messages contain the same information as the Audit Events UI about what type of change happened, when it happened, who was involved, as well as some additional metadata.
+
+ After you receive those messages, you can filter based on person, type, or inject that data into another third-party tool. This is a great way to trigger any custom automation you have built if, for example, a new user is created or a key setting is changed. We're excited to see what you use streaming audit events for and would love to hear from you about it! Let us know by commenting on the [epic](https://gitlab.com/groups/gitlab-org/-/epics/5925).
+ stage: Manage
+ self-managed: true
+ gitlab-com: true
+ packages: [Ultimate]
+ url: 'https://docs.gitlab.com/ee/administration/audit_event_streaming.html'
+ image_url: https://about.gitlab.com/images/growth/manage.jpg
+ published_at: 2022-01-22
+ release: 14.7
+- title: Group access tokens
+ body: |
+ With group access tokens, you can use a single token to perform actions for groups, manage the projects within the group, and, in GitLab 14.2 and later, authenticate with Git over HTTPS.
+
+ Previously, group access tokens were limited to self-managed instances only, and could only be generated using the Rails console. Now, you can create group access tokens using the UI and API. You can define token name, expiration date, and scope. You can also revoke an existing group access token.
+
+ Thank you [Fabio Huser](https://gitlab.com/fh1ch) for your contribution!
+ stage: Manage
+ self-managed: true
+ gitlab-com: true
+ packages: [Free, Premium, Ultimate]
+ url: 'https://docs.gitlab.com/ee/user/group/settings/group_access_tokens.html'
+ image_url: https://about.gitlab.com/images/14_7/group_access_token.png
+ published_at: 2022-01-22
+ release: 14.7
+
diff --git a/lib/gitlab/gitaly_client.rb b/lib/gitlab/gitaly_client.rb
index cc3f20ab774..a824f97e197 100644
--- a/lib/gitlab/gitaly_client.rb
+++ b/lib/gitlab/gitaly_client.rb
@@ -56,8 +56,7 @@ module Gitlab
# https://gitlab.com/gitlab-org/gitaly/-/blob/bf9f52bc/client/dial.go#L78
{
'grpc.keepalive_time_ms': 20000,
- 'grpc.keepalive_permit_without_calls': 1,
- 'grpc.http2.max_pings_without_data': 0
+ 'grpc.keepalive_permit_without_calls': 1
}
end
private_class_method :channel_args
diff --git a/spec/features/admin/dashboard_spec.rb b/spec/features/admin/dashboard_spec.rb
index 112dc9e01d8..e7ff8c23a8c 100644
--- a/spec/features/admin/dashboard_spec.rb
+++ b/spec/features/admin/dashboard_spec.rb
@@ -53,4 +53,14 @@ RSpec.describe 'admin visits dashboard' do
expect(page).to have_content('Active users 71')
end
end
+
+ describe 'Version check', :js do
+ it 'shows badge on CE' do
+ visit admin_root_path
+
+ page.within('.admin-dashboard') do
+ expect(find('.badge')).to have_content('Up to date')
+ end
+ end
+ end
end
diff --git a/spec/support/shared_examples/models/clusters/elastic_stack_client_shared.rb b/spec/support/shared_examples/models/clusters/elastic_stack_client_shared.rb
index d3ce916cd64..744262d79ea 100644
--- a/spec/support/shared_examples/models/clusters/elastic_stack_client_shared.rb
+++ b/spec/support/shared_examples/models/clusters/elastic_stack_client_shared.rb
@@ -47,7 +47,7 @@ RSpec.shared_examples 'cluster-based #elasticsearch_client' do |factory|
it 'copies proxy_url, options and headers from kube client to elasticsearch_client' do
expect(Elasticsearch::Client)
.to(receive(:new))
- .with(url: a_valid_url)
+ .with(url: a_valid_url, adapter: :net_http)
.and_call_original
client = subject.elasticsearch_client