diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2019-12-04 21:07:31 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2019-12-04 21:07:31 +0000 |
commit | 71221554dd9ddf30f73035c89f78164e001aa96d (patch) | |
tree | c56e0b2fc3dd16602183b78cb3f68aed211c5e77 /app | |
parent | b41cd8cb92d53454b2b160ba922d33801933a9cf (diff) | |
download | gitlab-ce-71221554dd9ddf30f73035c89f78164e001aa96d.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app')
-rw-r--r-- | app/assets/stylesheets/pages/issuable.scss | 2 | ||||
-rw-r--r-- | app/helpers/emails_helper.rb | 26 | ||||
-rw-r--r-- | app/models/active_session.rb | 5 | ||||
-rw-r--r-- | app/models/clusters/cluster.rb | 15 | ||||
-rw-r--r-- | app/services/clusters/applications/ingress_modsecurity_usage_service.rb | 69 | ||||
-rw-r--r-- | app/views/layouts/notify.html.haml | 2 | ||||
-rw-r--r-- | app/views/layouts/notify.text.erb | 2 |
7 files changed, 103 insertions, 18 deletions
diff --git a/app/assets/stylesheets/pages/issuable.scss b/app/assets/stylesheets/pages/issuable.scss index 5617ab0af41..09b335f9ba2 100644 --- a/app/assets/stylesheets/pages/issuable.scss +++ b/app/assets/stylesheets/pages/issuable.scss @@ -883,7 +883,7 @@ .time-tracking-help-state { background: $white-light; - margin: 16px -20px 0; + margin: 16px -20px -20px; padding: 16px 20px; border-top: 1px solid $border-gray-light; border-bottom: 1px solid $border-gray-light; diff --git a/app/helpers/emails_helper.rb b/app/helpers/emails_helper.rb index c244eba9e08..ba2330dfc9a 100644 --- a/app/helpers/emails_helper.rb +++ b/app/helpers/emails_helper.rb @@ -112,20 +112,20 @@ module EmailsHelper end end - # "You are receiving this email because #{reason}" + # "You are receiving this email because #{reason} on #{gitlab_host}." def notification_reason_text(reason) - string = case reason - when NotificationReason::OWN_ACTIVITY - 'of your activity' - when NotificationReason::ASSIGNED - 'you have been assigned an item' - when NotificationReason::MENTIONED - 'you have been mentioned' - else - 'of your account' - end - - "#{string} on #{Gitlab.config.gitlab.host}" + gitlab_host = Gitlab.config.gitlab.host + + case reason + when NotificationReason::OWN_ACTIVITY + _("You're receiving this email because of your activity on %{host}.") % { host: gitlab_host } + when NotificationReason::ASSIGNED + _("You're receiving this email because you have been assigned an item on %{host}.") % { host: gitlab_host } + when NotificationReason::MENTIONED + _("You're receiving this email because you have been mentioned on %{host}.") % { host: gitlab_host } + else + _("You're receiving this email because of your account on %{host}.") % { host: gitlab_host } + end end def create_list_id_string(project, list_id_max_length = 255) diff --git a/app/models/active_session.rb b/app/models/active_session.rb index a6d5fc1137d..3ecc3137157 100644 --- a/app/models/active_session.rb +++ b/app/models/active_session.rb @@ -146,8 +146,9 @@ class ActiveSession # remove sessions if there are more than ALLOWED_NUMBER_OF_ACTIVE_SESSIONS. sessions = active_session_entries(session_ids, user.id, redis) sessions.sort_by! {|session| session.updated_at }.reverse! - sessions = sessions[ALLOWED_NUMBER_OF_ACTIVE_SESSIONS..-1].map { |session| session.session_id } - destroy_sessions(redis, user, sessions) + sessions = sessions.drop(ALLOWED_NUMBER_OF_ACTIVE_SESSIONS) + sessions = sessions.map { |session| session.session_id } + destroy_sessions(redis, user, sessions) if sessions.any? end def self.cleaned_up_lookup_entries(redis, user) diff --git a/app/models/clusters/cluster.rb b/app/models/clusters/cluster.rb index 62b2217a9af..315cdcffb42 100644 --- a/app/models/clusters/cluster.rb +++ b/app/models/clusters/cluster.rb @@ -271,6 +271,21 @@ module Clusters kubernetes_namespaces.delete_all(:delete_all) end + def clusterable + return unless cluster_type + + case cluster_type + when 'project_type' + project + when 'group_type' + group + when 'instance_type' + instance + else + raise NotImplementedError + end + end + private def unique_management_project_environment_scope diff --git a/app/services/clusters/applications/ingress_modsecurity_usage_service.rb b/app/services/clusters/applications/ingress_modsecurity_usage_service.rb new file mode 100644 index 00000000000..4aac8bb3cbd --- /dev/null +++ b/app/services/clusters/applications/ingress_modsecurity_usage_service.rb @@ -0,0 +1,69 @@ +# frozen_string_literal: true + +# rubocop: disable CodeReuse/ActiveRecord +module Clusters + module Applications + ## + # This service measures usage of the Modsecurity Web Application Firewall across the entire + # instance's deployed environments. + # + # The default configuration is`AUTO_DEVOPS_MODSECURITY_SEC_RULE_ENGINE=DetectionOnly` so we + # measure non-default values via definition of either ci_variables or ci_pipeline_variables. + # Since both these values are encrypted, we must decrypt and count them in memory. + # + # NOTE: this service is an approximation as it does not yet take into account `environment_scope` or `ci_group_variables`. + ## + class IngressModsecurityUsageService + ADO_MODSEC_KEY = "AUTO_DEVOPS_MODSECURITY_SEC_RULE_ENGINE" + + def initialize(blocking_count: 0, disabled_count: 0) + @blocking_count = blocking_count + @disabled_count = disabled_count + end + + def execute + conditions = -> { merge(::Environment.available).merge(::Deployment.success).where(key: ADO_MODSEC_KEY) } + + ci_pipeline_var_enabled = + ::Ci::PipelineVariable + .joins(pipeline: { environments: :last_visible_deployment }) + .merge(conditions) + .order('deployments.environment_id, deployments.id DESC') + + ci_var_enabled = + ::Ci::Variable + .joins(project: { environments: :last_visible_deployment }) + .merge(conditions) + .merge( + # Give priority to pipeline variables by excluding from dataset + ::Ci::Variable.joins(project: :environments).where.not( + environments: { id: ci_pipeline_var_enabled.select('DISTINCT ON (deployments.environment_id) deployments.environment_id') } + ) + ).select('DISTINCT ON (deployments.environment_id) ci_variables.*') + + sum_modsec_config_counts( + ci_pipeline_var_enabled.select('DISTINCT ON (deployments.environment_id) ci_pipeline_variables.*') + ) + sum_modsec_config_counts(ci_var_enabled) + + { + ingress_modsecurity_blocking: @blocking_count, + ingress_modsecurity_disabled: @disabled_count + } + end + + private + + # These are encrypted so we must decrypt and count in memory + def sum_modsec_config_counts(dataset) + dataset.each do |var| + case var.value + when "On" then @blocking_count += 1 + when "Off" then @disabled_count += 1 + # `else` could be default or any unsupported user input + end + end + end + end + end +end diff --git a/app/views/layouts/notify.html.haml b/app/views/layouts/notify.html.haml index de487a94d40..e922b505be8 100644 --- a/app/views/layouts/notify.html.haml +++ b/app/views/layouts/notify.html.haml @@ -20,7 +20,7 @@ #{link_to _("View it on GitLab"), @target_url}. %br -# Don't link the host in the line below, one link in the email is easier to quickly click than two. - = _("You're receiving this email because %{reason}.") % { reason: notification_reason_text(@reason) } + = notification_reason_text(@reason) If you'd like to receive fewer emails, you can - if @labels_url adjust your #{link_to 'label subscriptions', @labels_url}. diff --git a/app/views/layouts/notify.text.erb b/app/views/layouts/notify.text.erb index 0ee30c2a6cf..49ad0b5abc5 100644 --- a/app/views/layouts/notify.text.erb +++ b/app/views/layouts/notify.text.erb @@ -11,7 +11,7 @@ <% end -%> <% end -%> -<%= "You're receiving this email because #{notification_reason_text(@reason)}." %> +<%= notification_reason_text(@reason) %> <%= render_if_exists 'layouts/mailer/additional_text' %> <%= text_footer_message -%> |