summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitlab/CODEOWNERS10
-rw-r--r--.rubocop_todo/gitlab/namespaced_class.yml2
-rw-r--r--.rubocop_todo/rails/helper_instance_variable.yml2
-rw-r--r--.rubocop_todo/rspec/any_instance_of.yml2
-rw-r--r--.rubocop_todo/rspec/expect_in_hook.yml4
-rw-r--r--.rubocop_todo/rspec/verified_doubles.yml2
-rw-r--r--.rubocop_todo/style/empty_else.yml2
-rw-r--r--.rubocop_todo/style/string_concatenation.yml2
-rw-r--r--app/controllers/repositories/git_http_client_controller.rb6
-rw-r--r--app/helpers/kerberos_helper.rb (renamed from app/helpers/kerberos_spnego_helper.rb)6
-rw-r--r--app/services/merge_requests/ff_merge_service.rb30
-rw-r--r--app/services/merge_requests/merge_service.rb22
-rw-r--r--app/views/admin/sessions/_signin_box.html.haml2
-rw-r--r--app/views/devise/shared/_signin_box.html.haml2
-rw-r--r--app/views/notify/new_user_email.html.haml16
-rw-r--r--app/views/projects/blame/show.html.haml2
-rw-r--r--config/initializers/1_settings.rb25
-rw-r--r--db/post_migrate/20220913030552_add_tmp_index_system_note_metadata_on_attention_request_actions.rb17
-rw-r--r--db/post_migrate/20220913030624_cleanup_attention_request_related_system_notes.rb30
-rw-r--r--db/schema_migrations/202209130305521
-rw-r--r--db/schema_migrations/202209130306241
-rw-r--r--db/structure.sql2
-rw-r--r--doc/ci/environments/protected_environments.md4
-rw-r--r--doc/development/feature_flags/index.md6
-rw-r--r--doc/integration/kerberos.md21
-rw-r--r--doc/raketasks/backup_gitlab.md4
-rw-r--r--doc/user/application_security/api_fuzzing/index.md120
-rw-r--r--doc/user/application_security/dast_api/index.md117
-rw-r--r--locale/gitlab.pot21
-rw-r--r--spec/features/projects/blobs/blame_spec.rb1
-rw-r--r--spec/migrations/20220913030624_cleanup_attention_request_related_system_notes_spec.rb26
-rw-r--r--spec/services/merge_requests/ff_merge_service_spec.rb8
-rw-r--r--spec/support/rspec_order_todo.yml6
33 files changed, 442 insertions, 80 deletions
diff --git a/.gitlab/CODEOWNERS b/.gitlab/CODEOWNERS
index 4dab0bd5bf5..03fcfc4dd53 100644
--- a/.gitlab/CODEOWNERS
+++ b/.gitlab/CODEOWNERS
@@ -12,13 +12,13 @@ docs/CODEOWNERS @clefelhocz1 @timzallmann @cdu1 @wayne @dsatcher @sgoldstein @je
GITALY_SERVER_VERSION @project_278964_bot6 @gitlab-org/maintainers/rails-backend @gitlab-org/delivery
## Files that are excluded from required approval
-/.gitlab/issue_templates/
-/.gitlab/merge_request_templates/
+/.gitlab/issue_templates/*.md
+/.gitlab/merge_request_templates/*.md
/doc/*.md
/doc/**/*.md
/doc/**/*.png
-/data/deprecations/
-/data/removals/
+/data/deprecations/*.yml
+/data/removals/*.yml
^[Backend]
*.rb @gitlab-org/maintainers/rails-backend
@@ -1160,7 +1160,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
/ee/app/controllers/groups/omniauth_callbacks_controller.rb @gitlab-org/manage/authentication-and-authorization/approvers
/ee/app/controllers/groups/scim_oauth_controller.rb @gitlab-org/manage/authentication-and-authorization/approvers
/ee/app/controllers/oauth/ @gitlab-org/manage/authentication-and-authorization/approvers
-/ee/app/controllers/omniauth_kerberos_spnego_controller.rb @gitlab-org/manage/authentication-and-authorization/approvers
+/ee/app/controllers/omniauth_kerberos_controller.rb @gitlab-org/manage/authentication-and-authorization/approvers
/ee/app/finders/auth/ @gitlab-org/manage/authentication-and-authorization/approvers
/ee/app/helpers/ee/access_tokens_helper.rb @gitlab-org/manage/authentication-and-authorization/approvers
/ee/app/helpers/ee/auth_helper.rb @gitlab-org/manage/authentication-and-authorization/approvers
diff --git a/.rubocop_todo/gitlab/namespaced_class.yml b/.rubocop_todo/gitlab/namespaced_class.yml
index bfb406f37a4..230ef959153 100644
--- a/.rubocop_todo/gitlab/namespaced_class.yml
+++ b/.rubocop_todo/gitlab/namespaced_class.yml
@@ -851,7 +851,7 @@ Gitlab/NamespacedClass:
- 'app/workers/x509_issuer_crl_check_worker.rb'
- 'ee/app/controllers/countries_controller.rb'
- 'ee/app/controllers/country_states_controller.rb'
- - 'ee/app/controllers/omniauth_kerberos_spnego_controller.rb'
+ - 'ee/app/controllers/omniauth_kerberos_controller.rb'
- 'ee/app/controllers/operations_controller.rb'
- 'ee/app/controllers/sitemap_controller.rb'
- 'ee/app/controllers/smartcard_controller.rb'
diff --git a/.rubocop_todo/rails/helper_instance_variable.yml b/.rubocop_todo/rails/helper_instance_variable.yml
index 006e66ed0b2..f43ca39f47c 100644
--- a/.rubocop_todo/rails/helper_instance_variable.yml
+++ b/.rubocop_todo/rails/helper_instance_variable.yml
@@ -66,7 +66,7 @@ Rails/HelperInstanceVariable:
- 'ee/app/helpers/ee/groups/group_members_helper.rb'
- 'ee/app/helpers/ee/groups_helper.rb'
- 'ee/app/helpers/ee/integrations_helper.rb'
- - 'ee/app/helpers/ee/kerberos_spnego_helper.rb'
+ - 'ee/app/helpers/ee/kerberos_helper.rb'
- 'ee/app/helpers/ee/labels_helper.rb'
- 'ee/app/helpers/ee/lock_helper.rb'
- 'ee/app/helpers/ee/merge_requests_helper.rb'
diff --git a/.rubocop_todo/rspec/any_instance_of.yml b/.rubocop_todo/rspec/any_instance_of.yml
index 2cc2478e530..e7855e84b28 100644
--- a/.rubocop_todo/rspec/any_instance_of.yml
+++ b/.rubocop_todo/rspec/any_instance_of.yml
@@ -73,7 +73,7 @@ RSpec/AnyInstanceOf:
- ee/spec/requests/api/projects_spec.rb
- ee/spec/requests/git_http_spec.rb
- ee/spec/requests/groups_controller_spec.rb
- - ee/spec/requests/omniauth_kerberos_spnego_spec.rb
+ - ee/spec/requests/omniauth_kerberos_spec.rb
- ee/spec/requests/repositories/git_http_controller_spec.rb
- ee/spec/services/ee/git/branch_push_service_spec.rb
- ee/spec/services/ee/merge_requests/create_from_vulnerability_data_service_spec.rb
diff --git a/.rubocop_todo/rspec/expect_in_hook.yml b/.rubocop_todo/rspec/expect_in_hook.yml
index 2353c11ce3a..1551f2dc637 100644
--- a/.rubocop_todo/rspec/expect_in_hook.yml
+++ b/.rubocop_todo/rspec/expect_in_hook.yml
@@ -32,7 +32,7 @@ RSpec/ExpectInHook:
- 'ee/spec/helpers/ee/issues_helper_spec.rb'
- 'ee/spec/helpers/ee/projects/security/dast_configuration_helper_spec.rb'
- 'ee/spec/helpers/ee/welcome_helper_spec.rb'
- - 'ee/spec/helpers/kerberos_spnego_helper_spec.rb'
+ - 'ee/spec/helpers/kerberos_helper_spec.rb'
- 'ee/spec/helpers/vulnerabilities_helper_spec.rb'
- 'ee/spec/lib/ee/api/helpers/members_helpers_spec.rb'
- 'ee/spec/lib/ee/gitlab/auth/ldap/sync/group_spec.rb'
@@ -69,7 +69,7 @@ RSpec/ExpectInHook:
- 'ee/spec/requests/api/geo_spec.rb'
- 'ee/spec/requests/api/internal/base_spec.rb'
- 'ee/spec/requests/groups/analytics/devops_adoption_controller_spec.rb'
- - 'ee/spec/requests/omniauth_kerberos_spnego_spec.rb'
+ - 'ee/spec/requests/omniauth_kerberos_spec.rb'
- 'ee/spec/services/analytics/cycle_analytics/stages/update_service_spec.rb'
- 'ee/spec/services/app_sec/dast/profiles/update_service_spec.rb'
- 'ee/spec/services/auto_merge/add_to_merge_train_when_pipeline_succeeds_service_spec.rb'
diff --git a/.rubocop_todo/rspec/verified_doubles.yml b/.rubocop_todo/rspec/verified_doubles.yml
index ee24ed73a27..0fa36d1941c 100644
--- a/.rubocop_todo/rspec/verified_doubles.yml
+++ b/.rubocop_todo/rspec/verified_doubles.yml
@@ -41,7 +41,7 @@ RSpec/VerifiedDoubles:
- ee/spec/helpers/ee/subscribable_banner_helper_spec.rb
- ee/spec/helpers/ee/trial_helper_spec.rb
- ee/spec/helpers/ee/trial_registration_helper_spec.rb
- - ee/spec/helpers/kerberos_spnego_helper_spec.rb
+ - ee/spec/helpers/kerberos_helper_spec.rb
- ee/spec/helpers/license_helper_spec.rb
- ee/spec/helpers/roadmaps_helper_spec.rb
- ee/spec/helpers/routing/pseudonymization_helper_spec.rb
diff --git a/.rubocop_todo/style/empty_else.yml b/.rubocop_todo/style/empty_else.yml
index f211d022dcd..07e42692f60 100644
--- a/.rubocop_todo/style/empty_else.yml
+++ b/.rubocop_todo/style/empty_else.yml
@@ -29,7 +29,7 @@ Style/EmptyElse:
- 'config/initializers/doorkeeper_openid_connect.rb'
- 'ee/app/controllers/admin/audit_logs_controller.rb'
- 'ee/app/controllers/ee/groups_controller.rb'
- - 'ee/app/helpers/ee/kerberos_spnego_helper.rb'
+ - 'ee/app/helpers/ee/kerberos_helper.rb'
- 'ee/app/helpers/ee/trial_helper.rb'
- 'ee/app/models/ee/audit_event.rb'
- 'ee/app/services/ee/users/update_service.rb'
diff --git a/.rubocop_todo/style/string_concatenation.yml b/.rubocop_todo/style/string_concatenation.yml
index 2330683cc18..3dd708d2c49 100644
--- a/.rubocop_todo/style/string_concatenation.yml
+++ b/.rubocop_todo/style/string_concatenation.yml
@@ -74,7 +74,7 @@ Style/StringConcatenation:
- 'ee/lib/elastic/latest/git_class_proxy.rb'
- 'ee/lib/gitlab/elastic/search_results.rb'
- 'ee/lib/gitlab/geo/git_ssh_proxy.rb'
- - 'ee/lib/omni_auth/strategies/kerberos_spnego.rb'
+ - 'ee/lib/omni_auth/strategies/kerberos.rb'
- 'ee/lib/tasks/gitlab/elastic.rake'
- 'ee/lib/tasks/gitlab/license.rake'
- 'ee/spec/controllers/trial_registrations_controller_spec.rb'
diff --git a/app/controllers/repositories/git_http_client_controller.rb b/app/controllers/repositories/git_http_client_controller.rb
index fbf5d82a45b..a5ca17db113 100644
--- a/app/controllers/repositories/git_http_client_controller.rb
+++ b/app/controllers/repositories/git_http_client_controller.rb
@@ -3,7 +3,7 @@
module Repositories
class GitHttpClientController < Repositories::ApplicationController
include ActionController::HttpAuthentication::Basic
- include KerberosSpnegoHelper
+ include KerberosHelper
include Gitlab::Utils::StrongMemoize
attr_reader :authentication_result, :redirected_path
@@ -49,7 +49,7 @@ module Repositories
if handle_basic_authentication(login, password)
return # Allow access
end
- elsif allow_kerberos_spnego_auth? && spnego_provided?
+ elsif allow_kerberos_auth? && spnego_provided?
kerberos_user = find_kerberos_user
if kerberos_user
@@ -91,7 +91,7 @@ module Repositories
def send_challenges
challenges = []
challenges << 'Basic realm="GitLab"' if allow_basic_auth?
- challenges << spnego_challenge if allow_kerberos_spnego_auth?
+ challenges << spnego_challenge if allow_kerberos_auth?
headers['Www-Authenticate'] = challenges.join("\n") if challenges.any?
end
diff --git a/app/helpers/kerberos_spnego_helper.rb b/app/helpers/kerberos_helper.rb
index 0f6812bc31b..31166772367 100644
--- a/app/helpers/kerberos_spnego_helper.rb
+++ b/app/helpers/kerberos_helper.rb
@@ -1,13 +1,13 @@
# frozen_string_literal: true
-module KerberosSpnegoHelper
+module KerberosHelper
def allow_basic_auth?
true # different behavior in GitLab Enterprise Edition
end
- def allow_kerberos_spnego_auth?
+ def allow_kerberos_auth?
false # different behavior in GitLab Enterprise Edition
end
end
-KerberosSpnegoHelper.prepend_mod_with('KerberosSpnegoHelper')
+KerberosHelper.prepend_mod_with('KerberosHelper')
diff --git a/app/services/merge_requests/ff_merge_service.rb b/app/services/merge_requests/ff_merge_service.rb
index c5640047899..6e1d1b6ad23 100644
--- a/app/services/merge_requests/ff_merge_service.rb
+++ b/app/services/merge_requests/ff_merge_service.rb
@@ -8,26 +8,22 @@ module MergeRequests
# Executed when you do fast-forward merge via GitLab UI
#
class FfMergeService < MergeRequests::MergeService
- private
+ extend ::Gitlab::Utils::Override
- def commit
- ff_merge = repository.ff_merge(current_user,
- source,
- merge_request.target_branch,
- merge_request: merge_request)
+ private
- if merge_request.squash_on_merge?
- merge_request.update_column(:squash_commit_sha, merge_request.in_progress_merge_commit_sha)
- end
+ override :execute_git_merge
+ def execute_git_merge
+ repository.ff_merge(current_user,
+ source,
+ merge_request.target_branch,
+ merge_request: merge_request)
+ end
- ff_merge
- rescue Gitlab::Git::PreReceiveError => e
- Gitlab::ErrorTracking.track_exception(e, pre_receive_message: e.raw_message, merge_request_id: merge_request&.id)
- raise MergeError, e.message
- rescue StandardError => e
- raise MergeError, "Something went wrong during merge: #{e.message}"
- ensure
- merge_request.update_and_mark_in_progress_merge_commit_sha(nil)
+ override :merge_success_data
+ def merge_success_data(commit_id)
+ # There is no merge commit to update, so this is just blank.
+ {}
end
end
end
diff --git a/app/services/merge_requests/merge_service.rb b/app/services/merge_requests/merge_service.rb
index 5244f2acd66..6d31a29f5a7 100644
--- a/app/services/merge_requests/merge_service.rb
+++ b/app/services/merge_requests/merge_service.rb
@@ -92,16 +92,26 @@ module MergeRequests
raise_error(GENERIC_ERROR_MESSAGE)
end
- data_to_update = { merge_commit_sha: commit_id }
- data_to_update[:squash_commit_sha] = source if merge_request.squash_on_merge?
+ update_merge_sha_metadata(commit_id)
- merge_request.update!(**data_to_update)
+ commit_id
ensure
merge_request.update_and_mark_in_progress_merge_commit_sha(nil)
end
+ def update_merge_sha_metadata(commit_id)
+ data_to_update = merge_success_data(commit_id)
+ data_to_update[:squash_commit_sha] = source if merge_request.squash_on_merge?
+
+ merge_request.update!(**data_to_update) if data_to_update.present?
+ end
+
+ def merge_success_data(commit_id)
+ { merge_commit_sha: commit_id }
+ end
+
def try_merge
- repository.merge(current_user, source, merge_request, commit_message)
+ execute_git_merge
rescue Gitlab::Git::PreReceiveError => e
raise MergeError,
"Something went wrong during merge pre-receive hook. #{e.message}".strip
@@ -110,6 +120,10 @@ module MergeRequests
raise_error(GENERIC_ERROR_MESSAGE)
end
+ def execute_git_merge
+ repository.merge(current_user, source, merge_request, commit_message)
+ end
+
def after_merge
log_info("Post merge started on JID #{merge_jid} with state #{state}")
MergeRequests::PostMergeService.new(project: project, current_user: current_user).execute(merge_request)
diff --git a/app/views/admin/sessions/_signin_box.html.haml b/app/views/admin/sessions/_signin_box.html.haml
index 9372bae14c3..c7382266480 100644
--- a/app/views/admin/sessions/_signin_box.html.haml
+++ b/app/views/admin/sessions/_signin_box.html.haml
@@ -4,8 +4,6 @@
.login-body
= render 'devise/sessions/new_crowd'
- = render_if_exists 'devise/sessions/new_kerberos_tab'
-
- ldap_servers.each_with_index do |server, i|
.login-box.tab-pane{ id: "#{server['provider_name']}", role: 'tabpanel', class: active_when(i == 0 && form_based_auth_provider_has_active_class?(:ldapmain)) }
.login-body
diff --git a/app/views/devise/shared/_signin_box.html.haml b/app/views/devise/shared/_signin_box.html.haml
index ff93449194a..60f1ff02e76 100644
--- a/app/views/devise/shared/_signin_box.html.haml
+++ b/app/views/devise/shared/_signin_box.html.haml
@@ -4,8 +4,6 @@
.login-body
= render 'devise/sessions/new_crowd'
- = render_if_exists 'devise/sessions/new_kerberos_tab'
-
- ldap_servers.each_with_index do |server, i|
.login-box.tab-pane{ id: "#{server['provider_name']}", role: 'tabpanel', class: active_when(i == 0 && form_based_auth_provider_has_active_class?(:ldapmain)) }
.login-body
diff --git a/app/views/notify/new_user_email.html.haml b/app/views/notify/new_user_email.html.haml
index ec135ae994f..11660126dc2 100644
--- a/app/views/notify/new_user_email.html.haml
+++ b/app/views/notify/new_user_email.html.haml
@@ -1,17 +1,19 @@
%p
- Hi #{sanitize_name(@user['name'])}!
+ = s_('Notify|Hi %{username}!') % {username: sanitize_name(@user['name'])}
%p
- if Gitlab::CurrentSettings.allow_signup?
- Your account has been created successfully.
+ = s_('Notify|Your account has been created successfully.')
- else
- The Administrator created an account for you. Now you are a member of the company GitLab application.
+ = s_('Notify|The Administrator created an account for you. Now you are a member of the company GitLab application.')
%p
- login..........................................
+ = s_('Notify|login..........................................')
%code= @user['email']
- if @user.created_by_id
%p
- = link_to "Click here to set your password", edit_password_url(@user, reset_password_token: @token)
+ = link_to s_('Notify|Click here to set your password'), edit_password_url(@user, reset_password_token: @token)
%p
- This link is valid for #{password_reset_token_valid_time}.
- After it expires, you can #{link_to("request a new one", new_user_password_url(user_email: @user.email))}.
+ = s_('Notify|This link is valid for %{password_reset_token_valid_time}.') % {password_reset_token_valid_time: password_reset_token_valid_time}
+ - a_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % {url: new_user_password_url(user_email: @user.email)}
+ - a_end = '</a>'.html_safe
+ = html_escape(s_('Notify|After it expires, you can %{a_start} request a new one %{a_end}.')) % {a_start: a_start, a_end: a_end}
diff --git a/app/views/projects/blame/show.html.haml b/app/views/projects/blame/show.html.haml
index d4efca668eb..f2c4fe017f2 100644
--- a/app/views/projects/blame/show.html.haml
+++ b/app/views/projects/blame/show.html.haml
@@ -59,7 +59,7 @@
- current_line += line_count
- - if @blame_pagination
+ - if @blame_pagination && @blame_pagination.total_pages > 1
.gl-display-flex.gl-justify-content-center.gl-flex-direction-column.gl-align-items-center.gl-p-3.gl-bg-gray-50.gl-border-t-solid.gl-border-t-1.gl-border-gray-100
= _('For faster browsing, not all history is shown.')
= render Pajamas::ButtonComponent.new(href: namespace_project_blame_path(namespace_id: @project.namespace, project_id: @project, id: @id, no_pagination: true), size: :small, button_options: { class: 'gl-mt-3' }) do |c|
diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb
index 9b9132e2497..3fc4b56f458 100644
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -117,6 +117,27 @@ Settings.omniauth.cas3['session_duration'] ||= 8.hours
Settings.omniauth['session_tickets'] ||= Settingslogic.new({})
Settings.omniauth.session_tickets['cas3'] = 'ticket'
+# Handle backward compatibility with the renamed kerberos_spnego provider
+# https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96335#note_1094265436
+Gitlab.ee do
+ kerberos_spnego = Settings.omniauth.providers.find { |p| p.name == 'kerberos_spnego' }
+ if kerberos_spnego
+ Settings.omniauth.providers.delete_if { |p| p.name == 'kerberos' }
+ kerberos_spnego['name'] = 'kerberos'
+
+ omniauth_keys = %w(allow_single_sign_on auto_link_user external_providers sync_profile_from_provider allow_bypass_two_factor)
+ omniauth_keys.each do |key|
+ next unless Settings.omniauth[key].is_a?(Array)
+
+ Settings.omniauth[key].map! { |p| p == 'kerberos_spnego' ? 'kerberos' : p }
+ end
+
+ if Settings.omniauth['auto_sign_in_with_provider'] == 'kerberos_spnego'
+ Settings.omniauth['auto_sign_in_with_provider'] = 'kerberos'
+ end
+ end
+end
+
# Fill out omniauth-gitlab settings. It is needed for easy set up GHE or GH by just specifying url.
github_default_url = "https://github.com"
@@ -909,8 +930,8 @@ Gitlab.ee do
Settings.kerberos['https'] = Settings.gitlab.https if Settings.kerberos['https'].nil?
Settings.kerberos['port'] ||= Settings.kerberos.https ? 8443 : 8088
- if Settings.kerberos['enabled'] && !Settings.omniauth.providers.map(&:name).include?('kerberos_spnego')
- Settings.omniauth.providers << Settingslogic.new({ 'name' => 'kerberos_spnego' })
+ if Settings.kerberos['enabled'] && !Settings.omniauth.providers.map(&:name).include?('kerberos')
+ Settings.omniauth.providers << Settingslogic.new({ 'name' => 'kerberos' })
end
end
diff --git a/db/post_migrate/20220913030552_add_tmp_index_system_note_metadata_on_attention_request_actions.rb b/db/post_migrate/20220913030552_add_tmp_index_system_note_metadata_on_attention_request_actions.rb
new file mode 100644
index 00000000000..3418dabc0e9
--- /dev/null
+++ b/db/post_migrate/20220913030552_add_tmp_index_system_note_metadata_on_attention_request_actions.rb
@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+class AddTmpIndexSystemNoteMetadataOnAttentionRequestActions < Gitlab::Database::Migration[2.0]
+ INDEX_NAME = "tmp_index_system_note_metadata_on_attention_request_actions"
+
+ disable_ddl_transaction!
+
+ def up
+ add_concurrent_index :system_note_metadata, [:id],
+ where: "action IN ('attention_requested', 'attention_request_removed')",
+ name: INDEX_NAME
+ end
+
+ def down
+ remove_concurrent_index_by_name :system_note_metadata, INDEX_NAME
+ end
+end
diff --git a/db/post_migrate/20220913030624_cleanup_attention_request_related_system_notes.rb b/db/post_migrate/20220913030624_cleanup_attention_request_related_system_notes.rb
new file mode 100644
index 00000000000..b7d6908696b
--- /dev/null
+++ b/db/post_migrate/20220913030624_cleanup_attention_request_related_system_notes.rb
@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+class CleanupAttentionRequestRelatedSystemNotes < Gitlab::Database::Migration[2.0]
+ disable_ddl_transaction!
+ restrict_gitlab_migration gitlab_schema: :gitlab_main
+
+ BATCH_SIZE = 100
+
+ class SystemNoteMetadata < MigrationRecord
+ include EachBatch
+
+ self.table_name = 'system_note_metadata'
+ end
+
+ class Note < MigrationRecord
+ self.table_name = 'notes'
+ end
+
+ def up
+ SystemNoteMetadata
+ .where(action: %w[attention_requested attention_request_removed])
+ .each_batch(of: BATCH_SIZE) do |batch|
+ Note.where(id: batch.pluck(:note_id)).delete_all
+ end
+ end
+
+ def down
+ # no op
+ end
+end
diff --git a/db/schema_migrations/20220913030552 b/db/schema_migrations/20220913030552
new file mode 100644
index 00000000000..6d6a68788dc
--- /dev/null
+++ b/db/schema_migrations/20220913030552
@@ -0,0 +1 @@
+39538feebc6f7f4e1822148567ed369eee1a7ed7ee718f7e913e2b585cc0e808 \ No newline at end of file
diff --git a/db/schema_migrations/20220913030624 b/db/schema_migrations/20220913030624
new file mode 100644
index 00000000000..8a0641b4f8c
--- /dev/null
+++ b/db/schema_migrations/20220913030624
@@ -0,0 +1 @@
+baac0b236b7e91f9aacd03f3cf1ce84974f6c389529143e9b2813d9b70224e53 \ No newline at end of file
diff --git a/db/structure.sql b/db/structure.sql
index 5389ee0ff84..f536bd170eb 100644
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -30864,6 +30864,8 @@ CREATE INDEX tmp_index_on_vulnerabilities_non_dismissed ON vulnerabilities USING
CREATE INDEX tmp_index_project_statistics_cont_registry_size ON project_statistics USING btree (project_id) WHERE (container_registry_size = 0);
+CREATE INDEX tmp_index_system_note_metadata_on_attention_request_actions ON system_note_metadata USING btree (id) WHERE ((action)::text = ANY ((ARRAY['attention_requested'::character varying, 'attention_request_removed'::character varying])::text[]));
+
CREATE INDEX tmp_index_system_note_metadata_on_id_where_task ON system_note_metadata USING btree (id, action) WHERE ((action)::text = 'task'::text);
CREATE INDEX tmp_index_user_callouts_on_attention_request_feature_names ON user_callouts USING btree (id) WHERE (feature_name = ANY (ARRAY[47, 48]));
diff --git a/doc/ci/environments/protected_environments.md b/doc/ci/environments/protected_environments.md
index 98c4c49781d..e63777dc0e0 100644
--- a/doc/ci/environments/protected_environments.md
+++ b/doc/ci/environments/protected_environments.md
@@ -24,6 +24,10 @@ Maintainer role.
## Protecting environments
+Prerequisites:
+
+- When granting the **Allowed to deploy** permission to a group or sub-group, the user configuring the protected environment must be a **direct member** of the group or sub-group to be added. Otherwise, the group or sub-group will not show up in the dropdown. For more information see [issue #345140](https://gitlab.com/gitlab-org/gitlab/-/issues/345140).
+
To protect an environment:
1. On the top bar, select **Main menu > Projects** and find your project.
diff --git a/doc/development/feature_flags/index.md b/doc/development/feature_flags/index.md
index e0441310523..444b53f9c8d 100644
--- a/doc/development/feature_flags/index.md
+++ b/doc/development/feature_flags/index.md
@@ -535,16 +535,18 @@ Feature.remove(:feature_flag_name)
```mermaid
graph LR
- A[flag: default off] -->|'added' / 'changed'| B(flag: default on)
+ A[flag: default off] -->|'added' / 'changed' / 'fixed' / '...'| B(flag: default on)
B -->|'other'| C(remove flag, keep new code)
B -->|'removed' / 'changed'| D(remove flag, keep old code)
- A -->|'added' / 'changed'| C
+ A -->|'added' / 'changed' / 'fixed' / '...'| C
A -->|no changelog| D
```
- Any change behind a feature flag that is **enabled** by default **should** have a changelog entry.
- The changelog for a feature flag should describe the feature and not the
flag, unless a default on feature flag is removed keeping the new code (`other` in the flowchart above).
+- A feature flag can also be used for rolling out a bug fix or a maintenance work. In this scenario, the changelog
+ must be related to it, for example; `fixed` or `other`.
## Feature flags in tests
diff --git a/doc/integration/kerberos.md b/doc/integration/kerberos.md
index 49c5828ae32..5c9af96ebe8 100644
--- a/doc/integration/kerberos.md
+++ b/doc/integration/kerberos.md
@@ -110,13 +110,15 @@ set up GitLab to create a new account when a Kerberos user tries to sign in.
### Link a Kerberos account to an existing GitLab account
+> Kerberos SPNEGO [renamed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/96335) to Kerberos in GitLab 15.4.
+
If you're an administrator, you can link a Kerberos account to an
existing GitLab account. To do so:
1. On the top bar, select **Main menu > Admin**.
1. On the left sidebar, select **Overview > Users**.
1. Select a user, then select the **Identities** tab.
-1. Select 'Kerberos SPNEGO' in the 'Provider' dropdown box.
+1. From the **Provider** dropdown list, select **Kerberos**.
1. Make sure the **Identifier** corresponds to the Kerberos username.
1. Select **Save changes**.
@@ -125,7 +127,7 @@ If you're not an administrator:
1. In the top-right corner, select your avatar.
1. Select **Edit profile**.
1. On the left sidebar, select **Account**.
-1. In the **Service sign-in** section, select **Connect Kerberos SPNEGO**.
+1. In the **Service sign-in** section, select **Connect Kerberos**.
If you don't see a **Service sign-in** Kerberos option, follow the
requirements in [Enable single sign-on](#enable-single-sign-on).
@@ -305,15 +307,12 @@ We [deprecated](../update/deprecations.md#omniauth-kerberos-gem) password-based
Kerberos sign-ins in GitLab 14.3 and [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/2908)
it in GitLab 15.0. You must switch to ticket-based sign in.
-Depending on your existing GitLab configuration, the 'Sign in with:
-Kerberos SPNEGO' button may already be visible on your GitLab sign-in
-page. If not, then add the settings [described above](#configuration).
+Depending on your existing GitLab configuration, **Sign in with:
+Kerberos** may already be visible on your GitLab sign-in page.
+If not, then add the settings [described above](#configuration).
-Once you have verified that the 'Kerberos SPNEGO' button works
-without entering any passwords, you can proceed to disable
-password-based Kerberos sign-ins. To do this you need only need to
-remove the OmniAuth provider named `kerberos` from your `gitlab.yml` /
-`gitlab.rb` file.
+To disable password-based Kerberos sign-ins, remove the OmniAuth provider
+`kerberos` from your `gitlab.yml`/`gitlab.rb` file.
**For installations from source**
@@ -365,7 +364,7 @@ mechanisms it supports to GitLab. If it doesn't support any of the mechanisms
GitLab supports, authentication fails with a message like this in the log:
```plaintext
-OmniauthKerberosSpnegoController: failed to process Negotiate/Kerberos authentication: gss_accept_sec_context did not return GSS_S_COMPLETE: An unsupported mechanism was requested Unknown error
+OmniauthKerberosController: failed to process Negotiate/Kerberos authentication: gss_accept_sec_context did not return GSS_S_COMPLETE: An unsupported mechanism was requested Unknown error
```
There are a number of potential causes and solutions for this error message.
diff --git a/doc/raketasks/backup_gitlab.md b/doc/raketasks/backup_gitlab.md
index 8d72195e43a..a418fc4fe8c 100644
--- a/doc/raketasks/backup_gitlab.md
+++ b/doc/raketasks/backup_gitlab.md
@@ -346,12 +346,14 @@ To create an incremental backup, run:
sudo gitlab-backup create INCREMENTAL=yes PREVIOUS_BACKUP=<timestamp_of_backup>
```
-Incremental backups can also be created from [an untarred backup](#skipping-tar-creation) by using `SKIP=tar`:
+To create an [untarred](#skipping-tar-creation) incremental backup from a tarred backup, use `SKIP=tar`:
```shell
sudo gitlab-backup create INCREMENTAL=yes SKIP=tar
```
+You can't create an incremental backup from an [untarred](#skipping-tar-creation) backup.
+
### Back up specific repository storages
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/86896) in GitLab 15.0.
diff --git a/doc/user/application_security/api_fuzzing/index.md b/doc/user/application_security/api_fuzzing/index.md
index 76b06b2d329..8e371ed4dc6 100644
--- a/doc/user/application_security/api_fuzzing/index.md
+++ b/doc/user/application_security/api_fuzzing/index.md
@@ -39,6 +39,7 @@ or other scanners) during a scan could cause inaccurate results.
You can run a Web API fuzzing scan using the following methods:
- [OpenAPI Specification](#openapi-specification) - version 2, and 3.
+- [GraphQL Schema](#graphql-schema)
- [HTTP Archive](#http-archive-har) (HAR)
- [Postman Collection](#postman-collection) - version 2.0 or 2.1
@@ -76,6 +77,7 @@ To enable Web API fuzzing:
- For manual configuration instructions, see the respective section, depending on the API type:
- [OpenAPI Specification](#openapi-specification)
+ - [GraphQL Schema](#graphql-schema)
- [HTTP Archive (HAR)](#http-archive-har)
- [Postman Collection](#postman-collection)
- Otherwise, see [Web API fuzzing configuration form](#web-api-fuzzing-configuration-form).
@@ -262,7 +264,7 @@ Example `.gitlab-ci.yml` file using a HAR file:
FUZZAPI_TARGET_URL: http://test-deployment/
```
-This is a minimal configuration for API fuzzing. From here you can:
+This example is a minimal configuration for API fuzzing. From here you can:
- [Run your first scan](#running-your-first-scan).
- [Add authentication](#authentication).
@@ -270,6 +272,118 @@ This is a minimal configuration for API fuzzing. From here you can:
For details of API fuzzing configuration options, see [Available CI/CD variables](#available-cicd-variables).
+### GraphQL Schema
+
+> Support for GraphQL Schema was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/352780) in GitLab 15.4.
+
+GraphQL is a query language for your API and an alternative to REST APIs.
+API Fuzzing supports testing GraphQL endpoints multiple ways:
+
+- Test using the GraphQL Schema. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/352780) in GitLab 15.4.
+- Test using a recording (HAR) of GraphQL queries.
+- Test using a Postman Collection containing GraphQL queries.
+
+This section documents how to test using a GraphQL schema. The GraphQL schema support in
+API Fuzzing is able to query the schema from endpoints that support introspection.
+Introspection is enabled by default to allow tools like GraphiQL to work.
+
+#### API Fuzzing scanning with a GraphQL endpoint URL
+
+The GraphQL support in API Fuzzing is able to query a GraphQL endpoint for the schema.
+
+NOTE:
+The GraphQL endpoint must support introspection queries for this method to work correctly.
+
+To configure API Fuzzing to use an GraphQL endpoint URL that provides information about the target API to test:
+
+1. [Include](../../../ci/yaml/index.md#includetemplate)
+ the [`API-Fuzzing.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/API-Fuzzing.gitlab-ci.yml) in your `.gitlab-ci.yml` file.
+
+1. Provide the GraphQL endpoint path, for example `/api/graphql`. Specify the path by adding the `FUZZAPI_GRAPHQL` variable.
+
+1. The target API instance's base URL is also required. Provide it by using the `FUZZAPI_TARGET_URL`
+ variable or an `environment_url.txt` file.
+
+ Adding the URL in an `environment_url.txt` file at your project's root is great for testing in
+ dynamic environments. See the [dynamic environment solutions](#dynamic-environment-solutions) section of our documentation for more information.
+
+Complete example configuration of using a GraphQL endpoint URL:
+
+```yaml
+stages:
+ - fuzz
+
+include:
+ - template: API-Fuzzing.gitlab-ci.yml
+
+apifuzzer_fuzz:
+ variables:
+ FUZZAPI_GRAPHQL: /api/graphql
+ FUZZAPI_TARGET_URL: http://test-deployment/
+```
+
+This example is a minimal configuration for API Fuzzing. From here you can:
+
+- [Run your first scan](#running-your-first-scan).
+- [Add authentication](#authentication).
+- Learn how to [handle false positives](#handling-false-positives).
+
+#### API Fuzzing with a GraphQL Schema file
+
+To configure API Fuzzing to use a GraphQl schema file that provides information about the target API to test:
+
+1. [Include](../../../ci/yaml/index.md#includetemplate)
+ the [`API-Fuzzing.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/API-Fuzzing.gitlab-ci.yml) in your `.gitlab-ci.yml` file.
+
+1. Provide the GraphQL endpoint path, for example `/api/graphql`. Specify the path by adding the `FUZZAPI_GRAPHQL` variable.
+
+1. Provide the location of the GraphQL schema file. You can provide the location as a file path
+ or URL. Specify the location by adding the `FUZZAPI_GRAPHQL_SCHEMA` variable.
+
+1. The target API instance's base URL is also required. Provide it by using the `FUZZAPI_TARGET_URL`
+ variable or an `environment_url.txt` file.
+
+ Adding the URL in an `environment_url.txt` file at your project's root is great for testing in
+ dynamic environments. See the [dynamic environment solutions](#dynamic-environment-solutions) section of our documentation for more information.
+
+Complete example configuration of using an GraphQL schema file:
+
+```yaml
+stages:
+ - fuzz
+
+include:
+ - template: API-Fuzzing.gitlab-ci.yml
+
+apifuzzer_fuzz:
+ variables:
+ FUZZAPI_GRAPHQL: /api/graphql
+ FUZZAPI_GRAPHQL_SCHEMA: test-api-graphql.schema
+ FUZZAPI_TARGET_URL: http://test-deployment/
+```
+
+Complete example configuration of using an GraphQL schema file URL:
+
+```yaml
+stages:
+ - fuzz
+
+include:
+ - template: API-Fuzzing.gitlab-ci.yml
+
+apifuzzer_fuzz:
+ variables:
+ FUZZAPI_GRAPHQL: /api/graphql
+ FUZZAPI_GRAPHQL_SCHEMA: http://file-store/files/test-api-graphql.schema
+ FUZZAPI_TARGET_URL: http://test-deployment/
+```
+
+This example is a minimal configuration for API Fuzzing. From here you can:
+
+- [Run your first scan](#running-your-first-scan).
+- [Add authentication](#authentication).
+- Learn how to [handle false positives](#handling-false-positives).
+
### Postman Collection
The [Postman API Client](https://www.postman.com/product/api-client/) is a popular tool that
@@ -991,6 +1105,8 @@ profile increases as the number of tests increases.
|[`FUZZAPI_OPENAPI_ALL_MEDIA_TYPES`](#openapi-specification) | Use all supported media types instead of one when generating requests. Causes test duration to be longer. Default is disabled. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/333304) in GitLab 14.10. |
|[`FUZZAPI_OPENAPI_MEDIA_TYPES`](#openapi-specification) | Colon (`:`) separated media types accepted for testing. Default is disabled. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/333304) in GitLab 14.10. |
|[`FUZZAPI_HAR`](#http-archive-har) | HTTP Archive (HAR) file. |
+|[`FUZZAPI_GRAPHQL`](#graphql-schema) | Path to GraphQL endpoint, for example `/api/graphql`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/352780) in GitLab 15.4. |
+|[`FUZZAPI_GRAPHQL_SCHEMA`](#graphql-schema) | A URL or filename for a GraphQL schema in JSON format. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/352780) in GitLab 15.4. |
|[`FUZZAPI_POSTMAN_COLLECTION`](#postman-collection) | Postman Collection file. |
|[`FUZZAPI_POSTMAN_COLLECTION_VARIABLES`](#postman-variables) | Path to a JSON file to extract Postman variable values. The support for comma-separated (`,`) files was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/356312) in GitLab 15.1. |
|[`FUZZAPI_POSTMAN_COLLECTION_VARIABLES`](#postman-variables) | Path to a JSON file to extract Postman variable values. |
@@ -2103,7 +2219,7 @@ A bug exists in versions of the API Fuzzing analyzer prior to v1.6.196 that can
The version information can be found in the job details for the `apifuzzer_fuzz` job.
-If the issue is occurring with versions v1.6.196 or greater, please contact Support and provide the following information:
+If the issue is occurring with versions v1.6.196 or greater, contact Support and provide the following information:
1. Reference this troubleshooting section and ask for the issue to be escalated to the Dynamic Analysis Team.
1. The full console output of the job.
diff --git a/doc/user/application_security/dast_api/index.md b/doc/user/application_security/dast_api/index.md
index 022a4a0fd8a..f15dce37123 100644
--- a/doc/user/application_security/dast_api/index.md
+++ b/doc/user/application_security/dast_api/index.md
@@ -55,6 +55,7 @@ The following projects demonstrate DAST API scanning:
You can specify the API you want to scan by using:
- [OpenAPI v2 or v3 Specification](#openapi-specification)
+- [GraphQL Schema](#graphql-schema)
- [HTTP Archive (HAR)](#http-archive-har)
- [Postman Collection v2.0 or v2.1](#postman-collection)
@@ -199,7 +200,119 @@ variables:
DAST_API_TARGET_URL: http://test-deployment/
```
-This is a minimal configuration for DAST API. From here you can:
+This example is a minimal configuration for DAST API. From here you can:
+
+- [Run your first scan](#running-your-first-scan).
+- [Add authentication](#authentication).
+- Learn how to [handle false positives](#handling-false-positives).
+
+### GraphQL Schema
+
+> Support for GraphQL Schema was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/352780) in GitLab 15.4.
+
+GraphQL is a query language for your API and an alternative to REST APIs.
+DAST API supports testing GraphQL endpoints multiple ways:
+
+- Test using the GraphQL Schema. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/352780) in GitLab 15.4.
+- Test using a recording (HAR) of GraphQL queries.
+- Test using a Postman Collection containing GraphQL queries.
+
+This section documents how to test using a GraphQL schema. The GraphQL schema support in
+DAST API is able to query the schema from endpoints that support introspection.
+Introspection is enabled by default to allow tools like GraphiQL to work.
+
+#### DAST API scanning with a GraphQL endpoint URL
+
+The GraphQL support in DAST API is able to query a GraphQL endpoint for the schema.
+
+NOTE:
+The GraphQL endpoint must support introspection queries for this method to work correctly.
+
+To configure DAST API to use a GraphQL endpoint URL that provides information about the target API to test:
+
+1. [Include](../../../ci/yaml/index.md#includetemplate)
+ the [`DAST-API.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/DAST-API.gitlab-ci.yml) in your `.gitlab-ci.yml` file.
+
+1. Provide the path to the GraphQL endpoint, for example `/api/graphql`. Specify the location by adding the `DAST_API_GRAPHQL` variable.
+
+1. The target API instance's base URL is also required. Provide it by using the `DAST_API_TARGET_URL`
+ variable or an `environment_url.txt` file.
+
+ Adding the URL in an `environment_url.txt` file at your project's root is great for testing in
+ dynamic environments. See the [dynamic environment solutions](#dynamic-environment-solutions) section of our documentation for more information.
+
+Complete example configuration of using a GraphQL endpoint path:
+
+```yaml
+stages:
+ - dast
+
+include:
+ - template: DAST-API.gitlab-ci.yml
+
+dast_api:
+ variables:
+ DAST_API_GRAPHQL: /api/graphql
+ DAST_API_TARGET_URL: http://test-deployment/
+```
+
+This example is a minimal configuration for DAST API. From here you can:
+
+- [Run your first scan](#running-your-first-scan).
+- [Add authentication](#authentication).
+- Learn how to [handle false positives](#handling-false-positives).
+
+#### DAST API scanning with a GraphQL Schema file
+
+To configure DAST API to use a GraphQL schema file that provides information about the target API to test:
+
+1. [Include](../../../ci/yaml/index.md#includetemplate)
+ the [`DAST-API.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/DAST-API.gitlab-ci.yml) in your `.gitlab-ci.yml` file.
+
+1. Provide the GraphQL endpoint path, for example `/api/graphql`. Specify the path by adding the `DAST_API_GRAPHQL` variable.
+
+1. Provide the location of the GraphQL schema file. You can provide the location as a file path
+ or URL. Specify the location by adding the `DAST_API_GRAPHQL_SCHEMA` variable.
+
+1. The target API instance's base URL is also required. Provide it by using the `DAST_API_TARGET_URL`
+ variable or an `environment_url.txt` file.
+
+ Adding the URL in an `environment_url.txt` file at your project's root is great for testing in
+ dynamic environments. See the [dynamic environment solutions](#dynamic-environment-solutions) section of our documentation for more information.
+
+Complete example configuration of using an GraphQL schema file:
+
+```yaml
+stages:
+ - dast
+
+include:
+ - template: DAST-API.gitlab-ci.yml
+
+dast_api:
+ variables:
+ DAST_API_GRAPHQL: /api/graphql
+ DAST_API_GRAPHQL_SCHEMA: test-api-graphql.schema
+ DAST_API_TARGET_URL: http://test-deployment/
+```
+
+Complete example configuration of using an GraphQL schema file URL:
+
+```yaml
+stages:
+ - dast
+
+include:
+ - template: DAST-API.gitlab-ci.yml
+
+dast_api:
+ variables:
+ DAST_API_GRAPHQL: /api/graphql
+ DAST_API_GRAPHQL_SCHEMA: http://file-store/files/test-api-graphql.schema
+ DAST_API_TARGET_URL: http://test-deployment/
+```
+
+This example is a minimal configuration for DAST API. From here you can:
- [Run your first scan](#running-your-first-scan).
- [Add authentication](#authentication).
@@ -938,6 +1051,8 @@ can be added, removed, and modified by creating a custom configuration.
|[`DAST_API_OPENAPI_ALL_MEDIA_TYPES`](#openapi-specification) | Use all supported media types instead of one when generating requests. Causes test duration to be longer. Default is disabled. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/333304) in GitLab 14.10. |
|[`DAST_API_OPENAPI_MEDIA_TYPES`](#openapi-specification) | Colon (`:`) separated media types accepted for testing. Default is disabled. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/333304) in GitLab 14.10. |
|[`DAST_API_HAR`](#http-archive-har) | HTTP Archive (HAR) file. |
+|[`DAST_API_GRAPHQL`](#graphql-schema) | Path to GraphQL endpoint, for example `/api/graphql`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/352780) in GitLab 15.4. |
+|[`DAST_API_GRAPHQL_SCHEMA`](#graphql-schema) | A URL or filename for a GraphQL schema in JSON format. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/352780) in GitLab 15.4. |
|[`DAST_API_POSTMAN_COLLECTION`](#postman-collection) | Postman Collection file. |
|[`DAST_API_POSTMAN_COLLECTION_VARIABLES`](#postman-variables) | Path to a JSON file to extract Postman variable values. The support for comma-separated (`,`) files was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/356312) in GitLab 15.1. |
|[`DAST_API_OVERRIDES_FILE`](#overrides) | Path to a JSON file containing overrides. |
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index 408e7f3f75e..87ff69fa9eb 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -27087,6 +27087,9 @@ msgstr ""
msgid "Notify|A remote mirror update has failed."
msgstr ""
+msgid "Notify|After it expires, you can %{a_start} request a new one %{a_end}."
+msgstr ""
+
msgid "Notify|All discussions on merge request %{mr_link} were resolved by %{name}"
msgstr ""
@@ -27108,6 +27111,9 @@ msgstr ""
msgid "Notify|CI/CD project settings"
msgstr ""
+msgid "Notify|Click here to set your password"
+msgstr ""
+
msgid "Notify|Commit Author"
msgstr ""
@@ -27126,6 +27132,9 @@ msgstr ""
msgid "Notify|Fingerprint: %{fingerprint}"
msgstr ""
+msgid "Notify|Hi %{username}!"
+msgstr ""
+
msgid "Notify|Hi %{user}!"
msgstr ""
@@ -27198,6 +27207,9 @@ msgstr ""
msgid "Notify|Remote mirror"
msgstr ""
+msgid "Notify|The Administrator created an account for you. Now you are a member of the company GitLab application."
+msgstr ""
+
msgid "Notify|The Auto DevOps pipeline failed for pipeline %{pipeline_link} and has been disabled for %{project_link}. In order to use the Auto DevOps pipeline with your project, please review the %{supported_langs_link}, adjust your project accordingly, and turn on the Auto DevOps pipeline within your %{settings_link}."
msgstr ""
@@ -27213,6 +27225,9 @@ msgstr ""
msgid "Notify|This issue is due on: %{issue_due_date}"
msgstr ""
+msgid "Notify|This link is valid for %{password_reset_token_valid_time}."
+msgstr ""
+
msgid "Notify|Unless you verify your domain by %{time_start}%{time}%{time_end} it will be removed from your GitLab project."
msgstr ""
@@ -27228,6 +27243,9 @@ msgstr ""
msgid "Notify|Your CSV import for project %{project_link} has been completed."
msgstr ""
+msgid "Notify|Your account has been created successfully."
+msgstr ""
+
msgid "Notify|Your request to join the %{target_to_join} %{target_type} has been %{denied_tag}."
msgstr ""
@@ -27237,6 +27255,9 @@ msgstr ""
msgid "Notify|deleted"
msgstr ""
+msgid "Notify|login.........................................."
+msgstr ""
+
msgid "Notify|pushed new"
msgstr ""
diff --git a/spec/features/projects/blobs/blame_spec.rb b/spec/features/projects/blobs/blame_spec.rb
index f50f6911120..5287d5e4f7d 100644
--- a/spec/features/projects/blobs/blame_spec.rb
+++ b/spec/features/projects/blobs/blame_spec.rb
@@ -38,6 +38,7 @@ RSpec.describe 'File blame', :js do
within '[data-testid="blob-content-holder"]' do
expect(page).to have_css('.blame-commit')
expect(page).not_to have_css('.gl-pagination')
+ expect(page).not_to have_link _('View entire blame')
end
end
diff --git a/spec/migrations/20220913030624_cleanup_attention_request_related_system_notes_spec.rb b/spec/migrations/20220913030624_cleanup_attention_request_related_system_notes_spec.rb
new file mode 100644
index 00000000000..7338a6ab9ae
--- /dev/null
+++ b/spec/migrations/20220913030624_cleanup_attention_request_related_system_notes_spec.rb
@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require_migration!
+
+RSpec.describe CleanupAttentionRequestRelatedSystemNotes, :migration do
+ let(:notes) { table(:notes) }
+ let(:system_note_metadata) { table(:system_note_metadata) }
+
+ it 'removes all notes with attention request related system_note_metadata' do
+ notes.create!(id: 1, note: 'Attention request note', noteable_type: 'MergeRequest')
+ notes.create!(id: 2, note: 'Attention request remove note', noteable_type: 'MergeRequest')
+ notes.create!(id: 3, note: 'MergeRequest note', noteable_type: 'MergeRequest')
+ notes.create!(id: 4, note: 'Commit note', noteable_type: 'Commit')
+ system_note_metadata.create!(id: 11, action: 'attention_requested', note_id: 1)
+ system_note_metadata.create!(id: 22, action: 'attention_request_removed', note_id: 2)
+ system_note_metadata.create!(id: 33, action: 'merged', note_id: 3)
+
+ expect { migrate! }.to change(notes, :count).by(-2)
+
+ expect(system_note_metadata.where(action: %w[attention_requested attention_request_removed]).size).to eq(0)
+ expect(notes.where(noteable_type: 'MergeRequest').size).to eq(1)
+ expect(notes.where(noteable_type: 'Commit').size).to eq(1)
+ expect(system_note_metadata.where(action: 'merged').size).to eq(1)
+ end
+end
diff --git a/spec/services/merge_requests/ff_merge_service_spec.rb b/spec/services/merge_requests/ff_merge_service_spec.rb
index 24a1a8b3113..aa5d6dcd1fb 100644
--- a/spec/services/merge_requests/ff_merge_service_spec.rb
+++ b/spec/services/merge_requests/ff_merge_service_spec.rb
@@ -75,6 +75,7 @@ RSpec.describe MergeRequests::FfMergeService do
expect(merge_request).to receive(:update_and_mark_in_progress_merge_commit_sha).twice.and_call_original
expect { execute_ff_merge }.not_to change { merge_request.squash_commit_sha }
+ expect(merge_request.merge_commit_sha).to be_nil
expect(merge_request.in_progress_merge_commit_sha).to be_nil
end
@@ -87,6 +88,7 @@ RSpec.describe MergeRequests::FfMergeService do
.to change { merge_request.squash_commit_sha }
.from(nil)
+ expect(merge_request.merge_commit_sha).to be_nil
expect(merge_request.in_progress_merge_commit_sha).to be_nil
end
end
@@ -106,7 +108,6 @@ RSpec.describe MergeRequests::FfMergeService do
service.execute(merge_request)
- expect(merge_request.merge_error).to include(error_message)
expect(Gitlab::AppLogger).to have_received(:error).with(a_string_matching(error_message))
end
@@ -117,11 +118,6 @@ RSpec.describe MergeRequests::FfMergeService do
pre_receive_error = Gitlab::Git::PreReceiveError.new(raw_message, fallback_message: error_message)
allow(service).to receive(:repository).and_raise(pre_receive_error)
allow(service).to receive(:execute_hooks)
- expect(Gitlab::ErrorTracking).to receive(:track_exception).with(
- pre_receive_error,
- pre_receive_message: raw_message,
- merge_request_id: merge_request.id
- )
service.execute(merge_request)
diff --git a/spec/support/rspec_order_todo.yml b/spec/support/rspec_order_todo.yml
index ffd0095e57a..4e8a172177a 100644
--- a/spec/support/rspec_order_todo.yml
+++ b/spec/support/rspec_order_todo.yml
@@ -1080,7 +1080,7 @@
- './ee/spec/helpers/groups/sso_helper_spec.rb'
- './ee/spec/helpers/incident_management/escalation_policy_helper_spec.rb'
- './ee/spec/helpers/incident_management/oncall_schedule_helper_spec.rb'
-- './ee/spec/helpers/kerberos_spnego_helper_spec.rb'
+- './ee/spec/helpers/kerberos_helper_spec.rb'
- './ee/spec/helpers/license_helper_spec.rb'
- './ee/spec/helpers/license_monitoring_helper_spec.rb'
- './ee/spec/helpers/manual_quarterly_co_term_banner_helper_spec.rb'
@@ -1692,7 +1692,7 @@
- './ee/spec/lib/gitlab/web_ide/config/entry/schema/uri_spec.rb'
- './ee/spec/lib/incident_management/oncall_shift_generator_spec.rb'
- './ee/spec/lib/omni_auth/strategies/group_saml_spec.rb'
-- './ee/spec/lib/omni_auth/strategies/kerberos_spnego_spec.rb'
+- './ee/spec/lib/omni_auth/strategies/kerberos_spec.rb'
- './ee/spec/lib/peek/views/elasticsearch_spec.rb'
- './ee/spec/lib/sidebars/groups/menus/administration_menu_spec.rb'
- './ee/spec/lib/sidebars/groups/menus/analytics_menu_spec.rb'
@@ -2511,7 +2511,7 @@
- './ee/spec/requests/jwt_controller_spec.rb'
- './ee/spec/requests/lfs_http_spec.rb'
- './ee/spec/requests/lfs_locks_api_spec.rb'
-- './ee/spec/requests/omniauth_kerberos_spnego_spec.rb'
+- './ee/spec/requests/omniauth_kerberos_spec.rb'
- './ee/spec/requests/projects/analytics/code_reviews_controller_spec.rb'
- './ee/spec/requests/projects/audit_events_spec.rb'
- './ee/spec/requests/projects/incidents_controller_spec.rb'