summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Gemfile2
-rw-r--r--Gemfile.lock4
-rw-r--r--app/controllers/concerns/enforces_two_factor_authentication.rb2
-rw-r--r--app/controllers/uploads_controller.rb1
-rw-r--r--app/services/issuable/clone/attributes_rewriter.rb2
-rw-r--r--app/services/projects/container_repository/cleanup_tags_service.rb5
-rw-r--r--app/services/projects/container_repository/delete_tags_service.rb5
-rw-r--r--app/services/projects/update_service.rb4
-rw-r--r--changelogs/unreleased/42910-use-create-wiki-method-on-ensure-wiki-exists-in-update-service.yml5
-rw-r--r--changelogs/unreleased/cat-2fa-404-redirect.yml5
-rw-r--r--changelogs/unreleased/sh-update-fog-azure-rm-gem.yml5
-rw-r--r--doc/user/clusters/agent/index.md4
-rw-r--r--spec/services/projects/container_repository/cleanup_tags_service_spec.rb6
-rw-r--r--spec/services/projects/container_repository/delete_tags_service_spec.rb120
-rw-r--r--[-rwxr-xr-x]vendor/gitignore/C++.gitignore0
-rw-r--r--[-rwxr-xr-x]vendor/gitignore/Java.gitignore0
16 files changed, 106 insertions, 64 deletions
diff --git a/Gemfile b/Gemfile
index 90abfd30900..0e28aa7a2d4 100644
--- a/Gemfile
+++ b/Gemfile
@@ -120,7 +120,7 @@ gem 'fog-local', '~> 0.6'
gem 'fog-openstack', '~> 1.0'
gem 'fog-rackspace', '~> 0.1.1'
gem 'fog-aliyun', '~> 0.3'
-gem 'gitlab-fog-azure-rm', '~> 0.9', require: false
+gem 'gitlab-fog-azure-rm', '~> 1.0', require: false
# for Google storage
gem 'google-api-client', '~> 0.33'
diff --git a/Gemfile.lock b/Gemfile.lock
index 7d743f2029e..8d36a89b410 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -421,7 +421,7 @@ GEM
github-markup (1.7.0)
gitlab-chronic (0.10.5)
numerizer (~> 0.2)
- gitlab-fog-azure-rm (0.9.0)
+ gitlab-fog-azure-rm (1.0.0)
azure-storage-blob (~> 2.0)
azure-storage-common (~> 2.0)
fog-core (= 2.1.0)
@@ -1325,7 +1325,7 @@ DEPENDENCIES
gitaly (~> 13.3.0.pre.rc1)
github-markup (~> 1.7.0)
gitlab-chronic (~> 0.10.5)
- gitlab-fog-azure-rm (~> 0.9)
+ gitlab-fog-azure-rm (~> 1.0)
gitlab-labkit (= 0.12.1)
gitlab-license (~> 1.0)
gitlab-mail_room (~> 0.0.6)
diff --git a/app/controllers/concerns/enforces_two_factor_authentication.rb b/app/controllers/concerns/enforces_two_factor_authentication.rb
index 02082f81598..bf38e4ad117 100644
--- a/app/controllers/concerns/enforces_two_factor_authentication.rb
+++ b/app/controllers/concerns/enforces_two_factor_authentication.rb
@@ -11,7 +11,7 @@ module EnforcesTwoFactorAuthentication
extend ActiveSupport::Concern
included do
- before_action :check_two_factor_requirement
+ before_action :check_two_factor_requirement, except: [:route_not_found]
# to include this in controllers inheriting from `ActionController::Metal`
# we need to add this block
diff --git a/app/controllers/uploads_controller.rb b/app/controllers/uploads_controller.rb
index 0b092d2622b..9510734bc9b 100644
--- a/app/controllers/uploads_controller.rb
+++ b/app/controllers/uploads_controller.rb
@@ -19,6 +19,7 @@ class UploadsController < ApplicationController
rescue_from UnknownUploadModelError, with: :render_404
skip_before_action :authenticate_user!
+ skip_before_action :check_two_factor_requirement, only: [:show]
before_action :upload_mount_satisfied?
before_action :authorize_access!, only: [:show]
before_action :authorize_create_access!, only: [:create, :authorize]
diff --git a/app/services/issuable/clone/attributes_rewriter.rb b/app/services/issuable/clone/attributes_rewriter.rb
index b185ab592ff..c84074039ea 100644
--- a/app/services/issuable/clone/attributes_rewriter.rb
+++ b/app/services/issuable/clone/attributes_rewriter.rb
@@ -56,7 +56,7 @@ module Issuable
end
def copy_resource_weight_events
- return unless original_entity.respond_to?(:resource_weight_events)
+ return unless both_respond_to?(:resource_weight_events)
copy_events(ResourceWeightEvent.table_name, original_entity.resource_weight_events) do |event|
event.attributes
diff --git a/app/services/projects/container_repository/cleanup_tags_service.rb b/app/services/projects/container_repository/cleanup_tags_service.rb
index 204a54ff23a..31500043544 100644
--- a/app/services/projects/container_repository/cleanup_tags_service.rb
+++ b/app/services/projects/container_repository/cleanup_tags_service.rb
@@ -25,7 +25,10 @@ module Projects
tag_names = tags.map(&:name)
Projects::ContainerRepository::DeleteTagsService
- .new(container_repository.project, current_user, tags: tag_names)
+ .new(container_repository.project,
+ current_user,
+ tags: tag_names,
+ container_expiration_policy: params['container_expiration_policy'])
.execute(container_repository)
end
diff --git a/app/services/projects/container_repository/delete_tags_service.rb b/app/services/projects/container_repository/delete_tags_service.rb
index a23a6a369b2..fa3de4ae2ac 100644
--- a/app/services/projects/container_repository/delete_tags_service.rb
+++ b/app/services/projects/container_repository/delete_tags_service.rb
@@ -7,7 +7,10 @@ module Projects
def execute(container_repository)
@container_repository = container_repository
- return error('access denied') unless can?(current_user, :destroy_container_image, project)
+
+ unless params[:container_expiration_policy]
+ return error('access denied') unless can?(current_user, :destroy_container_image, project)
+ end
@tag_names = params[:tags]
return error('not tags specified') if @tag_names.blank?
diff --git a/app/services/projects/update_service.rb b/app/services/projects/update_service.rb
index bb430811497..d44f5e637f1 100644
--- a/app/services/projects/update_service.rb
+++ b/app/services/projects/update_service.rb
@@ -135,8 +135,8 @@ module Projects
end
def ensure_wiki_exists
- ProjectWiki.new(project, project.owner).wiki
- rescue Wiki::CouldNotCreateWikiError
+ return if project.create_wiki
+
log_error("Could not create wiki for #{project.full_name}")
Gitlab::Metrics.counter(:wiki_can_not_be_created_total, 'Counts the times we failed to create a wiki').increment
end
diff --git a/changelogs/unreleased/42910-use-create-wiki-method-on-ensure-wiki-exists-in-update-service.yml b/changelogs/unreleased/42910-use-create-wiki-method-on-ensure-wiki-exists-in-update-service.yml
new file mode 100644
index 00000000000..02400808f54
--- /dev/null
+++ b/changelogs/unreleased/42910-use-create-wiki-method-on-ensure-wiki-exists-in-update-service.yml
@@ -0,0 +1,5 @@
+---
+title: use create_wiki method on ensure_wiki_exists in update_service
+merge_request: 42910
+author:
+type: fixed
diff --git a/changelogs/unreleased/cat-2fa-404-redirect.yml b/changelogs/unreleased/cat-2fa-404-redirect.yml
new file mode 100644
index 00000000000..c5d88827295
--- /dev/null
+++ b/changelogs/unreleased/cat-2fa-404-redirect.yml
@@ -0,0 +1,5 @@
+---
+title: Exclude 2FA from upload#show routes and 404s
+merge_request: 42784
+author:
+type: fixed
diff --git a/changelogs/unreleased/sh-update-fog-azure-rm-gem.yml b/changelogs/unreleased/sh-update-fog-azure-rm-gem.yml
new file mode 100644
index 00000000000..25d143a011b
--- /dev/null
+++ b/changelogs/unreleased/sh-update-fog-azure-rm-gem.yml
@@ -0,0 +1,5 @@
+---
+title: Fix large backups not working with Azure Blob storage
+merge_request: 44233
+author:
+type: fixed
diff --git a/doc/user/clusters/agent/index.md b/doc/user/clusters/agent/index.md
index 7b745577cc4..6521b71e9e6 100644
--- a/doc/user/clusters/agent/index.md
+++ b/doc/user/clusters/agent/index.md
@@ -69,7 +69,8 @@ If you don't already have GitLab installed via Helm please refer to our [install
When installing/upgrading the GitLab Helm chart please consider the following Helm 2 example (if using Helm 3 please modify):
```shell
-helm upgrade --force --install gitlab . \
+helm repo update
+helm upgrade --force --install gitlab gitlab/gitlab \
--timeout 600 \
--set global.hosts.domain=<YOUR_DOMAIN> \
--set global.hosts.externalIP=<YOUR_IP> \
@@ -299,6 +300,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
+ namespace: gitlab-agent # Can be any namespace managed by you that the agent has access to.
spec:
selector:
matchLabels:
diff --git a/spec/services/projects/container_repository/cleanup_tags_service_spec.rb b/spec/services/projects/container_repository/cleanup_tags_service_spec.rb
index 2c708e75a25..2f2474f2681 100644
--- a/spec/services/projects/container_repository/cleanup_tags_service_spec.rb
+++ b/spec/services/projects/container_repository/cleanup_tags_service_spec.rb
@@ -245,7 +245,7 @@ RSpec.describe Projects::ContainerRepository::CleanupTagsService do
end
it 'succeeds without a user' do
- expect_delete(%w(Bb Ba C))
+ expect_delete(%w(Bb Ba C), container_expiration_policy: true)
is_expected.to include(status: :success, deleted: %w(Bb Ba C))
end
@@ -287,10 +287,10 @@ RSpec.describe Projects::ContainerRepository::CleanupTagsService do
end
end
- def expect_delete(tags)
+ def expect_delete(tags, container_expiration_policy: nil)
expect(Projects::ContainerRepository::DeleteTagsService)
.to receive(:new)
- .with(repository.project, user, tags: tags)
+ .with(repository.project, user, tags: tags, container_expiration_policy: container_expiration_policy)
.and_call_original
expect_any_instance_of(Projects::ContainerRepository::DeleteTagsService)
diff --git a/spec/services/projects/container_repository/delete_tags_service_spec.rb b/spec/services/projects/container_repository/delete_tags_service_spec.rb
index 5116427dad2..54375193067 100644
--- a/spec/services/projects/container_repository/delete_tags_service_spec.rb
+++ b/spec/services/projects/container_repository/delete_tags_service_spec.rb
@@ -85,81 +85,85 @@ RSpec.describe Projects::ContainerRepository::DeleteTagsService do
end
end
- describe '#execute' do
- let(:tags) { %w[A Ba] }
-
- subject { service.execute(repository) }
-
- before do
- stub_feature_flags(container_registry_expiration_policies_throttling: false)
- end
+ RSpec.shared_examples 'supporting fast delete' do
+ context 'when the registry supports fast delete' do
+ context 'and the feature is enabled' do
+ before do
+ allow(repository.client).to receive(:supports_tag_delete?).and_return(true)
+ end
- context 'without permissions' do
- it { is_expected.to include(status: :error) }
- end
+ it_behaves_like 'calling the correct delete tags service', ::Projects::ContainerRepository::Gitlab::DeleteTagsService
- context 'with permissions' do
- before do
- project.add_developer(user)
- end
+ it_behaves_like 'handling invalid params'
- context 'when the registry supports fast delete' do
- context 'and the feature is enabled' do
+ context 'with the real service' do
before do
- allow(repository.client).to receive(:supports_tag_delete?).and_return(true)
+ stub_delete_reference_requests(tags)
+ expect_delete_tag_by_names(tags)
end
- it_behaves_like 'calling the correct delete tags service', ::Projects::ContainerRepository::Gitlab::DeleteTagsService
+ it { is_expected.to include(status: :success) }
- it_behaves_like 'handling invalid params'
+ it_behaves_like 'logging a success response'
+ end
- context 'with the real service' do
- before do
- stub_delete_reference_requests(tags)
- expect_delete_tag_by_names(tags)
+ context 'with a timeout error' do
+ before do
+ expect_next_instance_of(::Projects::ContainerRepository::Gitlab::DeleteTagsService) do |delete_service|
+ expect(delete_service).to receive(:delete_tags).and_raise(::Projects::ContainerRepository::Gitlab::DeleteTagsService::TimeoutError)
end
-
- it { is_expected.to include(status: :success) }
-
- it_behaves_like 'logging a success response'
end
- context 'with a timeout error' do
- before do
- expect_next_instance_of(::Projects::ContainerRepository::Gitlab::DeleteTagsService) do |delete_service|
- expect(delete_service).to receive(:delete_tags).and_raise(::Projects::ContainerRepository::Gitlab::DeleteTagsService::TimeoutError)
- end
- end
+ it { is_expected.to include(status: :error, message: 'timeout while deleting tags') }
- it { is_expected.to include(status: :error, message: 'timeout while deleting tags') }
+ it_behaves_like 'logging an error response', message: 'timeout while deleting tags'
+ end
+ end
- it_behaves_like 'logging an error response', message: 'timeout while deleting tags'
- end
+ context 'and the feature is disabled' do
+ before do
+ stub_feature_flags(container_registry_fast_tag_delete: false)
end
- context 'and the feature is disabled' do
+ it_behaves_like 'calling the correct delete tags service', ::Projects::ContainerRepository::ThirdParty::DeleteTagsService
+
+ it_behaves_like 'handling invalid params'
+
+ context 'with the real service' do
before do
- stub_feature_flags(container_registry_fast_tag_delete: false)
+ stub_upload('sha256:4435000728ee66e6a80e55637fc22725c256b61de344a2ecdeaac6bdb36e8bc3')
+ tags.each { |tag| stub_put_manifest_request(tag) }
+ expect_delete_tag_by_digest('sha256:dummy')
end
- it_behaves_like 'calling the correct delete tags service', ::Projects::ContainerRepository::ThirdParty::DeleteTagsService
+ it { is_expected.to include(status: :success) }
- it_behaves_like 'handling invalid params'
+ it_behaves_like 'logging a success response'
+ end
+ end
+ end
+ end
- context 'with the real service' do
- before do
- stub_upload('sha256:4435000728ee66e6a80e55637fc22725c256b61de344a2ecdeaac6bdb36e8bc3')
- tags.each { |tag| stub_put_manifest_request(tag) }
- expect_delete_tag_by_digest('sha256:dummy')
- end
+ describe '#execute' do
+ let(:tags) { %w[A Ba] }
- it { is_expected.to include(status: :success) }
+ subject { service.execute(repository) }
- it_behaves_like 'logging a success response'
- end
- end
+ before do
+ stub_feature_flags(container_registry_expiration_policies_throttling: false)
+ end
+
+ context 'without permissions' do
+ it { is_expected.to include(status: :error) }
+ end
+
+ context 'with permissions' do
+ before do
+ project.add_developer(user)
end
+ it_behaves_like 'supporting fast delete'
+
context 'when the registry does not support fast delete' do
before do
allow(repository.client).to receive(:supports_tag_delete?).and_return(false)
@@ -170,5 +174,19 @@ RSpec.describe Projects::ContainerRepository::DeleteTagsService do
it_behaves_like 'handling invalid params'
end
end
+
+ context 'without user' do
+ let_it_be(:user) { nil }
+
+ context 'when not run by a cleanup policy' do
+ it { is_expected.to include(status: :error) }
+ end
+
+ context 'when run by a cleanup policy' do
+ let(:params) { { tags: tags, container_expiration_policy: true } }
+
+ it_behaves_like 'supporting fast delete'
+ end
+ end
end
end
diff --git a/vendor/gitignore/C++.gitignore b/vendor/gitignore/C++.gitignore
index 259148fa18f..259148fa18f 100755..100644
--- a/vendor/gitignore/C++.gitignore
+++ b/vendor/gitignore/C++.gitignore
diff --git a/vendor/gitignore/Java.gitignore b/vendor/gitignore/Java.gitignore
index a1c2a238a96..a1c2a238a96 100755..100644
--- a/vendor/gitignore/Java.gitignore
+++ b/vendor/gitignore/Java.gitignore