diff options
-rw-r--r-- | Gemfile | 2 | ||||
-rw-r--r-- | Gemfile.lock | 4 | ||||
-rw-r--r-- | app/controllers/concerns/enforces_two_factor_authentication.rb | 2 | ||||
-rw-r--r-- | app/controllers/uploads_controller.rb | 1 | ||||
-rw-r--r-- | app/services/issuable/clone/attributes_rewriter.rb | 2 | ||||
-rw-r--r-- | app/services/projects/container_repository/cleanup_tags_service.rb | 5 | ||||
-rw-r--r-- | app/services/projects/container_repository/delete_tags_service.rb | 5 | ||||
-rw-r--r-- | app/services/projects/update_service.rb | 4 | ||||
-rw-r--r-- | changelogs/unreleased/42910-use-create-wiki-method-on-ensure-wiki-exists-in-update-service.yml | 5 | ||||
-rw-r--r-- | changelogs/unreleased/cat-2fa-404-redirect.yml | 5 | ||||
-rw-r--r-- | changelogs/unreleased/sh-update-fog-azure-rm-gem.yml | 5 | ||||
-rw-r--r-- | doc/user/clusters/agent/index.md | 4 | ||||
-rw-r--r-- | spec/services/projects/container_repository/cleanup_tags_service_spec.rb | 6 | ||||
-rw-r--r-- | spec/services/projects/container_repository/delete_tags_service_spec.rb | 120 | ||||
-rw-r--r--[-rwxr-xr-x] | vendor/gitignore/C++.gitignore | 0 | ||||
-rw-r--r--[-rwxr-xr-x] | vendor/gitignore/Java.gitignore | 0 |
16 files changed, 106 insertions, 64 deletions
@@ -120,7 +120,7 @@ gem 'fog-local', '~> 0.6' gem 'fog-openstack', '~> 1.0' gem 'fog-rackspace', '~> 0.1.1' gem 'fog-aliyun', '~> 0.3' -gem 'gitlab-fog-azure-rm', '~> 0.9', require: false +gem 'gitlab-fog-azure-rm', '~> 1.0', require: false # for Google storage gem 'google-api-client', '~> 0.33' diff --git a/Gemfile.lock b/Gemfile.lock index 7d743f2029e..8d36a89b410 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -421,7 +421,7 @@ GEM github-markup (1.7.0) gitlab-chronic (0.10.5) numerizer (~> 0.2) - gitlab-fog-azure-rm (0.9.0) + gitlab-fog-azure-rm (1.0.0) azure-storage-blob (~> 2.0) azure-storage-common (~> 2.0) fog-core (= 2.1.0) @@ -1325,7 +1325,7 @@ DEPENDENCIES gitaly (~> 13.3.0.pre.rc1) github-markup (~> 1.7.0) gitlab-chronic (~> 0.10.5) - gitlab-fog-azure-rm (~> 0.9) + gitlab-fog-azure-rm (~> 1.0) gitlab-labkit (= 0.12.1) gitlab-license (~> 1.0) gitlab-mail_room (~> 0.0.6) diff --git a/app/controllers/concerns/enforces_two_factor_authentication.rb b/app/controllers/concerns/enforces_two_factor_authentication.rb index 02082f81598..bf38e4ad117 100644 --- a/app/controllers/concerns/enforces_two_factor_authentication.rb +++ b/app/controllers/concerns/enforces_two_factor_authentication.rb @@ -11,7 +11,7 @@ module EnforcesTwoFactorAuthentication extend ActiveSupport::Concern included do - before_action :check_two_factor_requirement + before_action :check_two_factor_requirement, except: [:route_not_found] # to include this in controllers inheriting from `ActionController::Metal` # we need to add this block diff --git a/app/controllers/uploads_controller.rb b/app/controllers/uploads_controller.rb index 0b092d2622b..9510734bc9b 100644 --- a/app/controllers/uploads_controller.rb +++ b/app/controllers/uploads_controller.rb @@ -19,6 +19,7 @@ class UploadsController < ApplicationController rescue_from UnknownUploadModelError, with: :render_404 skip_before_action :authenticate_user! + skip_before_action :check_two_factor_requirement, only: [:show] before_action :upload_mount_satisfied? before_action :authorize_access!, only: [:show] before_action :authorize_create_access!, only: [:create, :authorize] diff --git a/app/services/issuable/clone/attributes_rewriter.rb b/app/services/issuable/clone/attributes_rewriter.rb index b185ab592ff..c84074039ea 100644 --- a/app/services/issuable/clone/attributes_rewriter.rb +++ b/app/services/issuable/clone/attributes_rewriter.rb @@ -56,7 +56,7 @@ module Issuable end def copy_resource_weight_events - return unless original_entity.respond_to?(:resource_weight_events) + return unless both_respond_to?(:resource_weight_events) copy_events(ResourceWeightEvent.table_name, original_entity.resource_weight_events) do |event| event.attributes diff --git a/app/services/projects/container_repository/cleanup_tags_service.rb b/app/services/projects/container_repository/cleanup_tags_service.rb index 204a54ff23a..31500043544 100644 --- a/app/services/projects/container_repository/cleanup_tags_service.rb +++ b/app/services/projects/container_repository/cleanup_tags_service.rb @@ -25,7 +25,10 @@ module Projects tag_names = tags.map(&:name) Projects::ContainerRepository::DeleteTagsService - .new(container_repository.project, current_user, tags: tag_names) + .new(container_repository.project, + current_user, + tags: tag_names, + container_expiration_policy: params['container_expiration_policy']) .execute(container_repository) end diff --git a/app/services/projects/container_repository/delete_tags_service.rb b/app/services/projects/container_repository/delete_tags_service.rb index a23a6a369b2..fa3de4ae2ac 100644 --- a/app/services/projects/container_repository/delete_tags_service.rb +++ b/app/services/projects/container_repository/delete_tags_service.rb @@ -7,7 +7,10 @@ module Projects def execute(container_repository) @container_repository = container_repository - return error('access denied') unless can?(current_user, :destroy_container_image, project) + + unless params[:container_expiration_policy] + return error('access denied') unless can?(current_user, :destroy_container_image, project) + end @tag_names = params[:tags] return error('not tags specified') if @tag_names.blank? diff --git a/app/services/projects/update_service.rb b/app/services/projects/update_service.rb index bb430811497..d44f5e637f1 100644 --- a/app/services/projects/update_service.rb +++ b/app/services/projects/update_service.rb @@ -135,8 +135,8 @@ module Projects end def ensure_wiki_exists - ProjectWiki.new(project, project.owner).wiki - rescue Wiki::CouldNotCreateWikiError + return if project.create_wiki + log_error("Could not create wiki for #{project.full_name}") Gitlab::Metrics.counter(:wiki_can_not_be_created_total, 'Counts the times we failed to create a wiki').increment end diff --git a/changelogs/unreleased/42910-use-create-wiki-method-on-ensure-wiki-exists-in-update-service.yml b/changelogs/unreleased/42910-use-create-wiki-method-on-ensure-wiki-exists-in-update-service.yml new file mode 100644 index 00000000000..02400808f54 --- /dev/null +++ b/changelogs/unreleased/42910-use-create-wiki-method-on-ensure-wiki-exists-in-update-service.yml @@ -0,0 +1,5 @@ +--- +title: use create_wiki method on ensure_wiki_exists in update_service +merge_request: 42910 +author: +type: fixed diff --git a/changelogs/unreleased/cat-2fa-404-redirect.yml b/changelogs/unreleased/cat-2fa-404-redirect.yml new file mode 100644 index 00000000000..c5d88827295 --- /dev/null +++ b/changelogs/unreleased/cat-2fa-404-redirect.yml @@ -0,0 +1,5 @@ +--- +title: Exclude 2FA from upload#show routes and 404s +merge_request: 42784 +author: +type: fixed diff --git a/changelogs/unreleased/sh-update-fog-azure-rm-gem.yml b/changelogs/unreleased/sh-update-fog-azure-rm-gem.yml new file mode 100644 index 00000000000..25d143a011b --- /dev/null +++ b/changelogs/unreleased/sh-update-fog-azure-rm-gem.yml @@ -0,0 +1,5 @@ +--- +title: Fix large backups not working with Azure Blob storage +merge_request: 44233 +author: +type: fixed diff --git a/doc/user/clusters/agent/index.md b/doc/user/clusters/agent/index.md index 7b745577cc4..6521b71e9e6 100644 --- a/doc/user/clusters/agent/index.md +++ b/doc/user/clusters/agent/index.md @@ -69,7 +69,8 @@ If you don't already have GitLab installed via Helm please refer to our [install When installing/upgrading the GitLab Helm chart please consider the following Helm 2 example (if using Helm 3 please modify): ```shell -helm upgrade --force --install gitlab . \ +helm repo update +helm upgrade --force --install gitlab gitlab/gitlab \ --timeout 600 \ --set global.hosts.domain=<YOUR_DOMAIN> \ --set global.hosts.externalIP=<YOUR_IP> \ @@ -299,6 +300,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment + namespace: gitlab-agent # Can be any namespace managed by you that the agent has access to. spec: selector: matchLabels: diff --git a/spec/services/projects/container_repository/cleanup_tags_service_spec.rb b/spec/services/projects/container_repository/cleanup_tags_service_spec.rb index 2c708e75a25..2f2474f2681 100644 --- a/spec/services/projects/container_repository/cleanup_tags_service_spec.rb +++ b/spec/services/projects/container_repository/cleanup_tags_service_spec.rb @@ -245,7 +245,7 @@ RSpec.describe Projects::ContainerRepository::CleanupTagsService do end it 'succeeds without a user' do - expect_delete(%w(Bb Ba C)) + expect_delete(%w(Bb Ba C), container_expiration_policy: true) is_expected.to include(status: :success, deleted: %w(Bb Ba C)) end @@ -287,10 +287,10 @@ RSpec.describe Projects::ContainerRepository::CleanupTagsService do end end - def expect_delete(tags) + def expect_delete(tags, container_expiration_policy: nil) expect(Projects::ContainerRepository::DeleteTagsService) .to receive(:new) - .with(repository.project, user, tags: tags) + .with(repository.project, user, tags: tags, container_expiration_policy: container_expiration_policy) .and_call_original expect_any_instance_of(Projects::ContainerRepository::DeleteTagsService) diff --git a/spec/services/projects/container_repository/delete_tags_service_spec.rb b/spec/services/projects/container_repository/delete_tags_service_spec.rb index 5116427dad2..54375193067 100644 --- a/spec/services/projects/container_repository/delete_tags_service_spec.rb +++ b/spec/services/projects/container_repository/delete_tags_service_spec.rb @@ -85,81 +85,85 @@ RSpec.describe Projects::ContainerRepository::DeleteTagsService do end end - describe '#execute' do - let(:tags) { %w[A Ba] } - - subject { service.execute(repository) } - - before do - stub_feature_flags(container_registry_expiration_policies_throttling: false) - end + RSpec.shared_examples 'supporting fast delete' do + context 'when the registry supports fast delete' do + context 'and the feature is enabled' do + before do + allow(repository.client).to receive(:supports_tag_delete?).and_return(true) + end - context 'without permissions' do - it { is_expected.to include(status: :error) } - end + it_behaves_like 'calling the correct delete tags service', ::Projects::ContainerRepository::Gitlab::DeleteTagsService - context 'with permissions' do - before do - project.add_developer(user) - end + it_behaves_like 'handling invalid params' - context 'when the registry supports fast delete' do - context 'and the feature is enabled' do + context 'with the real service' do before do - allow(repository.client).to receive(:supports_tag_delete?).and_return(true) + stub_delete_reference_requests(tags) + expect_delete_tag_by_names(tags) end - it_behaves_like 'calling the correct delete tags service', ::Projects::ContainerRepository::Gitlab::DeleteTagsService + it { is_expected.to include(status: :success) } - it_behaves_like 'handling invalid params' + it_behaves_like 'logging a success response' + end - context 'with the real service' do - before do - stub_delete_reference_requests(tags) - expect_delete_tag_by_names(tags) + context 'with a timeout error' do + before do + expect_next_instance_of(::Projects::ContainerRepository::Gitlab::DeleteTagsService) do |delete_service| + expect(delete_service).to receive(:delete_tags).and_raise(::Projects::ContainerRepository::Gitlab::DeleteTagsService::TimeoutError) end - - it { is_expected.to include(status: :success) } - - it_behaves_like 'logging a success response' end - context 'with a timeout error' do - before do - expect_next_instance_of(::Projects::ContainerRepository::Gitlab::DeleteTagsService) do |delete_service| - expect(delete_service).to receive(:delete_tags).and_raise(::Projects::ContainerRepository::Gitlab::DeleteTagsService::TimeoutError) - end - end + it { is_expected.to include(status: :error, message: 'timeout while deleting tags') } - it { is_expected.to include(status: :error, message: 'timeout while deleting tags') } + it_behaves_like 'logging an error response', message: 'timeout while deleting tags' + end + end - it_behaves_like 'logging an error response', message: 'timeout while deleting tags' - end + context 'and the feature is disabled' do + before do + stub_feature_flags(container_registry_fast_tag_delete: false) end - context 'and the feature is disabled' do + it_behaves_like 'calling the correct delete tags service', ::Projects::ContainerRepository::ThirdParty::DeleteTagsService + + it_behaves_like 'handling invalid params' + + context 'with the real service' do before do - stub_feature_flags(container_registry_fast_tag_delete: false) + stub_upload('sha256:4435000728ee66e6a80e55637fc22725c256b61de344a2ecdeaac6bdb36e8bc3') + tags.each { |tag| stub_put_manifest_request(tag) } + expect_delete_tag_by_digest('sha256:dummy') end - it_behaves_like 'calling the correct delete tags service', ::Projects::ContainerRepository::ThirdParty::DeleteTagsService + it { is_expected.to include(status: :success) } - it_behaves_like 'handling invalid params' + it_behaves_like 'logging a success response' + end + end + end + end - context 'with the real service' do - before do - stub_upload('sha256:4435000728ee66e6a80e55637fc22725c256b61de344a2ecdeaac6bdb36e8bc3') - tags.each { |tag| stub_put_manifest_request(tag) } - expect_delete_tag_by_digest('sha256:dummy') - end + describe '#execute' do + let(:tags) { %w[A Ba] } - it { is_expected.to include(status: :success) } + subject { service.execute(repository) } - it_behaves_like 'logging a success response' - end - end + before do + stub_feature_flags(container_registry_expiration_policies_throttling: false) + end + + context 'without permissions' do + it { is_expected.to include(status: :error) } + end + + context 'with permissions' do + before do + project.add_developer(user) end + it_behaves_like 'supporting fast delete' + context 'when the registry does not support fast delete' do before do allow(repository.client).to receive(:supports_tag_delete?).and_return(false) @@ -170,5 +174,19 @@ RSpec.describe Projects::ContainerRepository::DeleteTagsService do it_behaves_like 'handling invalid params' end end + + context 'without user' do + let_it_be(:user) { nil } + + context 'when not run by a cleanup policy' do + it { is_expected.to include(status: :error) } + end + + context 'when run by a cleanup policy' do + let(:params) { { tags: tags, container_expiration_policy: true } } + + it_behaves_like 'supporting fast delete' + end + end end end diff --git a/vendor/gitignore/C++.gitignore b/vendor/gitignore/C++.gitignore index 259148fa18f..259148fa18f 100755..100644 --- a/vendor/gitignore/C++.gitignore +++ b/vendor/gitignore/C++.gitignore diff --git a/vendor/gitignore/Java.gitignore b/vendor/gitignore/Java.gitignore index a1c2a238a96..a1c2a238a96 100755..100644 --- a/vendor/gitignore/Java.gitignore +++ b/vendor/gitignore/Java.gitignore |