Add latest changes from gitlab-org/gitlab@master

1e4d5960 · GitLab Bot · 60082b33 · 1e4d5960 · 1e4d5960 · 1e4d5960
11 changed file
--- a/app/controllers/admin/services_controller.rb
+++ b/app/controllers/admin/services_controller.rb
@@ -4,16 +4,18 @@ class Admin::ServicesController < Admin::ApplicationController
  include ServiceParams
  before_action :service, only: [:edit, :update]
+  before_action :whitelist_query_limiting, only: [:index]
  before_action only: :edit do
    push_frontend_feature_flag(:integration_form_refactor)
  end
  def index
    @services = Service.find_or_create_templates.sort_by(&:title)
+    @existing_instance_types = Service.instances.pluck(:type) # rubocop: disable CodeReuse/ActiveRecord
  end
  def edit
-    unless service.present?
+    if service.nil? || Service.instance_exists_for?(service.type)
      redirect_to admin_application_settings_services_path,
        alert: "Service is unknown or it doesn't exist"
    end
@@ -37,4 +39,8 @@ class Admin::ServicesController < Admin::ApplicationController
    @service ||= Service.find_by(id: params[:id], template: true)
  end
  # rubocop: enable CodeReuse/ActiveRecord
+  def whitelist_query_limiting
+    Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab/-/issues/220357')
+  end
 end
--- a/app/models/clusters/applications/runner.rb
+++ b/app/models/clusters/applications/runner.rb
@@ -3,7 +3,7 @@
 module Clusters
  module Applications
    class Runner < ApplicationRecord
-      VERSION = '0.17.1'
+      VERSION = '0.18.0'
      self.table_name = 'clusters_applications_runners'

--- a/app/models/service.rb
+++ b/app/models/service.rb
@@ -357,6 +357,10 @@ class Service < ApplicationRecord
    service
  end
+  def self.instance_exists_for?(type)
+    exists?(instance: true, type: type)
+  end
  # override if needed
  def supports_data_fields?
    false

--- a/app/views/admin/services/index.html.haml
+++ b/app/views/admin/services/index.html.haml
@@ -11,13 +11,24 @@
        %th Description
        %th Last edit
    - @services.each do |service|
-      %tr
+      - if service.type.in?(@existing_instance_types)
-        %td
+        %tr
-          = boolean_to_icon service.activated?
+          %td
-        %td
+          %td
-          = link_to edit_admin_application_settings_service_path(service.id) do
+            = link_to edit_admin_application_settings_integration_path(service.to_param), class: 'gl-text-blue-300!' do
-            %strong= service.title
+              %strong.has-tooltip{ title: s_('AdminSettings|Moved to integrations'), data: { container: 'body' } }
-        %td
+                = service.title
-          = service.description
+          %td.gl-cursor-default.gl-text-gray-600
-        %td.light
+            = service.description
-          = time_ago_with_tooltip service.updated_at
+          %td
+      - else
+        %tr
+          %td
+            = boolean_to_icon service.activated?
+          %td
+            = link_to edit_admin_application_settings_service_path(service.id) do
+              %strong= service.title
+          %td
+            = service.description
+          %td.light
+            = time_ago_with_tooltip service.updated_at
--- a/changelogs/unreleased/218257-service-templates-page-disable-service-template-when-instance-leve.yml
+++ b/changelogs/unreleased/218257-service-templates-page-disable-service-template-when-instance-leve.yml
+---
+title: Add UI to disable Service template when instance-level integration is active
+merge_request: 33490
+author:
+type: changed
--- a/changelogs/unreleased/update-gitlab-runner-helm-chart-to-0-18-0.yml
+++ b/changelogs/unreleased/update-gitlab-runner-helm-chart-to-0-18-0.yml
+---
+title: Update GitLab Runner Helm Chart to 0.18.0
+merge_request: 34969
+author:
+type: other
--- a/doc/administration/pages/index.md
+++ b/doc/administration/pages/index.md
@@ -655,3 +655,30 @@ The fix is to correct the source file permissions and restart Pages:
 sudo chmod 644 /opt/gitlab/embedded/ssl/certs/cacert.pem
 sudo gitlab-ctl restart gitlab-pages
 ```
+### `dial tcp: lookup gitlab.example.com` and `x509: certificate signed by unknown authority`
+When setting both `inplace_chroot` and `access_control` to `true`, you might encounter errors like:
+```plaintext
+dial tcp: lookup gitlab.example.com on [::1]:53: dial udp [::1]:53: connect: cannot assign requested address
+```
+Or:
+```plaintext
+open /opt/gitlab/embedded/ssl/certs/cacert.pem: no such file or directory
+x509: certificate signed by unknown authority
+```
+The reason for those errors is that the files `resolv.conf` and `ca-bundle.pem` are missing inside the chroot.
+The fix is to copy the host's `/etc/resolv.conf` and GitLab's certificate bundle inside the chroot:
+```shell
+sudo mkdir -p /var/opt/gitlab/gitlab-rails/shared/pages/etc/ssl
+sudo mkdir -p /var/opt/gitlab/gitlab-rails/shared/pages/opt/gitlab/embedded/ssl/certs/
+sudo cp /etc/resolv.conf /var/opt/gitlab/gitlab-rails/shared/pages/etc
+sudo cp /opt/gitlab/embedded/ssl/certs/cacert.pem /var/opt/gitlab/gitlab-rails/shared/pages/opt/gitlab/embedded/ssl/certs/
+sudo cp /opt/gitlab/embedded/ssl/certs/cacert.pem /var/opt/gitlab/gitlab-rails/shared/pages/etc/ssl/ca-bundle.pem
+```
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -1637,6 +1637,9 @@ msgstr ""
 msgid "AdminSettings|Integrations configured here will automatically apply to all projects on this instance."
 msgstr ""
+msgid "AdminSettings|Moved to integrations"
+msgstr ""
 msgid "AdminSettings|No required pipeline"
 msgstr ""

--- a/spec/controllers/admin/services_controller_spec.rb
+++ b/spec/controllers/admin/services_controller_spec.rb
@@ -10,7 +10,7 @@ RSpec.describe Admin::ServicesController do
  end
  describe 'GET #edit' do
-    let!(:service) do
+    let(:service) do
      create(:jira_service, :template)
    end
@@ -19,6 +19,26 @@ RSpec.describe Admin::ServicesController do
      expect(response).to have_gitlab_http_status(:ok)
    end
+    context 'when integration does not exists' do
+      it 'redirects to the admin application integration page' do
+        get :edit, params: { id: 'invalid' }
+        expect(response).to redirect_to(admin_application_settings_services_path)
+      end
+    end
+    context 'when instance integration exists' do
+      before do
+        create(:jira_service, :instance)
+      end
+      it 'redirects to the admin application integration page' do
+        get :edit, params: { id: service.id }
+        expect(response).to redirect_to(admin_application_settings_services_path)
+      end
+    end
  end
  describe "#update" do

--- a/spec/features/admin/services/admin_visits_service_templates_spec.rb
+++ b/spec/features/admin/services/admin_visits_service_templates_spec.rb
+# frozen_string_literal: true
+require 'spec_helper'
+RSpec.describe 'Admin visits service templates' do
+  let(:admin) { create(:user, :admin) }
+  let(:slack_service) { Service.templates.find { |s| s.type == 'SlackService' } }
+  before do
+    sign_in(admin)
+    visit(admin_application_settings_services_path)
+  end
+  context 'without instance-level integration' do
+    it 'shows a link to service template' do
+      expect(page).to have_link('Slack', href: edit_admin_application_settings_service_path(slack_service.id))
+      expect(page).not_to have_link('Slack', href: edit_admin_application_settings_integration_path(slack_service))
+    end
+  end
+  context 'with instance-level integration' do
+    let_it_be(:slack_instance_integration) { create(:slack_service, instance: true, project: nil) }
+    it 'shows a link to instance-level integration' do
+      expect(page).not_to have_link('Slack', href: edit_admin_application_settings_service_path(slack_service.id))
+      expect(page).to have_link('Slack', href: edit_admin_application_settings_integration_path(slack_service))
+    end
+  end
+end
--- a/spec/models/service_spec.rb
+++ b/spec/models/service_spec.rb
@@ -2,7 +2,7 @@
 require 'spec_helper'
-describe Service do
+RSpec.describe Service do
  describe "Associations" do
    it { is_expected.to belong_to :project }
    it { is_expected.to have_one :service_hook }