From f32a580aa1560a8beaec6a8640077cc50a6ed904 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Mon, 13 Jan 2020 18:08:05 +0000 Subject: [PATCH] Add latest changes from gitlab-org/gitlab@master --- app/models/merge_request.rb | 2 +- changelogs/unreleased/bvl-fix-mwps-api.yml | 6 ++++ .../security-project-import-vn-master.yml | 5 +++ ...resa-user-without-project-license-seat.yml | 5 +++ doc/administration/instance_limits.md | 16 ++++++++++ doc/integration/vault.md | 2 +- doc/user/clusters/applications.md | 2 +- lib/api/merge_requests.rb | 31 +++++++++++++------ lib/gitlab/import_export/attribute_cleaner.rb | 4 +-- qa/qa/page/project/issue/index.rb | 3 +- qa/qa/resource/issue.rb | 4 --- .../import_export/attribute_cleaner_spec.rb | 15 +++++++-- spec/models/merge_request_spec.rb | 10 ++++++ spec/requests/api/merge_requests_spec.rb | 11 ++++++- 14 files changed, 93 insertions(+), 23 deletions(-) create mode 100644 changelogs/unreleased/bvl-fix-mwps-api.yml create mode 100644 changelogs/unreleased/security-project-import-vn-master.yml create mode 100644 changelogs/unreleased/tpresa-user-without-project-license-seat.yml diff --git a/app/models/merge_request.rb b/app/models/merge_request.rb index 4eb9c8706d3..61f10620e39 100644 --- a/app/models/merge_request.rb +++ b/app/models/merge_request.rb @@ -258,7 +258,7 @@ class MergeRequest < ApplicationRecord alias_method :issuing_parent, :target_project delegate :active?, to: :head_pipeline, prefix: true, allow_nil: true - delegate :success?, to: :actual_head_pipeline, prefix: true, allow_nil: true + delegate :success?, :active?, to: :actual_head_pipeline, prefix: true, allow_nil: true RebaseLockTimeout = Class.new(StandardError) diff --git a/changelogs/unreleased/bvl-fix-mwps-api.yml b/changelogs/unreleased/bvl-fix-mwps-api.yml new file mode 100644 index 00000000000..e5f26aa17ba --- /dev/null +++ b/changelogs/unreleased/bvl-fix-mwps-api.yml @@ -0,0 +1,6 @@ +--- +title: Merge a merge request immediately when passing merge when pipeline succeeds + to the merge API when the head pipeline already succeeded +merge_request: 22777 +author: +type: fixed diff --git a/changelogs/unreleased/security-project-import-vn-master.yml b/changelogs/unreleased/security-project-import-vn-master.yml new file mode 100644 index 00000000000..930358626fd --- /dev/null +++ b/changelogs/unreleased/security-project-import-vn-master.yml @@ -0,0 +1,5 @@ +--- +title: Fix private objects exposure when using Project Import functionality +merge_request: +author: +type: security diff --git a/changelogs/unreleased/tpresa-user-without-project-license-seat.yml b/changelogs/unreleased/tpresa-user-without-project-license-seat.yml new file mode 100644 index 00000000000..d205b2b8782 --- /dev/null +++ b/changelogs/unreleased/tpresa-user-without-project-license-seat.yml @@ -0,0 +1,5 @@ +--- +title: Users without projects use a license seat in a non-premium license +merge_request: 20664 +author: +type: fixed diff --git a/doc/administration/instance_limits.md b/doc/administration/instance_limits.md index 3e2f6caf328..288177e98c9 100644 --- a/doc/administration/instance_limits.md +++ b/doc/administration/instance_limits.md @@ -18,3 +18,19 @@ added so that the history of events is not lost, but user-submitted comments will fail. - **Max limit:** 5.000 comments + +## Number of pipelines per Git push + +> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/issues/51401) in GitLab 11.10. + +The number of pipelines that can be created in a single push is 4. +This is to prevent the accidental creation of pipelines when `git push --all` +or `git push --mirror` is used. + +Read more in the [CI documentation](../ci/yaml/README.md#processing-git-pushes). + +## Retention of activity history + +> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/issues/21164) in GitLab 8.12. + +Activity history for projects and individuals' profiles was limited to one year until [GitLab 11.4](https://gitlab.com/gitlab-org/gitlab-foss/issues/52246) when it was extended to two years, and in [GitLab 12.4](https://gitlab.com/gitlab-org/gitlab/issues/33840) to three years. diff --git a/doc/integration/vault.md b/doc/integration/vault.md index 68803fed35d..8bd0897548a 100644 --- a/doc/integration/vault.md +++ b/doc/integration/vault.md @@ -7,7 +7,7 @@ type: reference, howto > [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/issues/22323) in GitLab 9.0 [Vault](https://www.vaultproject.io/) is a secrets management application offered by HashiCorp. -It allows you to store and manage sensitive information such secret environment variables, encryption keys, and authentication tokens. +It allows you to store and manage sensitive information such as secret environment variables, encryption keys, and authentication tokens. Vault offers Identity-based Access, which means Vault users can authenticate through several of their preferred cloud providers. In this document, we'll explain how Vault users can authenticate themselves through GitLab by utilizing our OpenID authentication feature. diff --git a/doc/user/clusters/applications.md b/doc/user/clusters/applications.md index 0e584003c1c..1bb608c38ab 100644 --- a/doc/user/clusters/applications.md +++ b/doc/user/clusters/applications.md @@ -264,7 +264,7 @@ This feature: For example: ```sh - kubectl -n gitlab-managed-apps exec -it $(kubectl get pods -n gitlab-managed-apps | grep 'ingress-controller' | awk '{print $1}') -- tail -f /var/log/modsec/audit.log + kubectl logs -n gitlab-managed-apps $(kubectl get pod -n gitlab-managed-apps -l app=nginx-ingress,component=controller --no-headers=true -o custom-columns=:metadata.name) modsecurity-log -f ``` To enable ModSecurity, check the **Enable Web Application Firewall** checkbox diff --git a/lib/api/merge_requests.rb b/lib/api/merge_requests.rb index b7c9217988e..8e65fe2b7a2 100644 --- a/lib/api/merge_requests.rb +++ b/lib/api/merge_requests.rb @@ -68,8 +68,17 @@ module API end end - def not_automatically_mergeable?(merge_when_pipeline_succeeds, merge_request) - merge_when_pipeline_succeeds && !merge_request.head_pipeline_active? && !merge_request.actual_head_pipeline_success? + def automatically_mergeable?(merge_when_pipeline_succeeds, merge_request) + pipeline_active = merge_request.head_pipeline_active? || merge_request.actual_head_pipeline_active? + merge_when_pipeline_succeeds && merge_request.mergeable_state?(skip_ci_check: true) && pipeline_active + end + + def immediately_mergeable?(merge_when_pipeline_succeeds, merge_request) + if merge_when_pipeline_succeeds + merge_request.actual_head_pipeline_success? + else + merge_request.mergeable_state? + end end def serializer_options_for(merge_requests) @@ -393,16 +402,18 @@ module API Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-foss/issues/42317') merge_request = find_project_merge_request(params[:merge_request_iid]) - merge_when_pipeline_succeeds = to_boolean(params[:merge_when_pipeline_succeeds]) - not_automatically_mergeable = not_automatically_mergeable?(merge_when_pipeline_succeeds, merge_request) # Merge request can not be merged # because user dont have permissions to push into target branch unauthorized! unless merge_request.can_be_merged_by?(current_user) - not_allowed! if !merge_request.mergeable_state?(skip_ci_check: merge_when_pipeline_succeeds) || not_automatically_mergeable + merge_when_pipeline_succeeds = to_boolean(params[:merge_when_pipeline_succeeds]) + automatically_mergeable = automatically_mergeable?(merge_when_pipeline_succeeds, merge_request) + immediately_mergeable = immediately_mergeable?(merge_when_pipeline_succeeds, merge_request) + + not_allowed! if !immediately_mergeable && !automatically_mergeable - render_api_error!('Branch cannot be merged', 406) unless merge_request.mergeable?(skip_ci_check: merge_when_pipeline_succeeds) + render_api_error!('Branch cannot be merged', 406) unless merge_request.mergeable?(skip_ci_check: automatically_mergeable) check_sha_param!(params, merge_request) @@ -415,13 +426,13 @@ module API sha: params[:sha] || merge_request.diff_head_sha ) - if merge_when_pipeline_succeeds - AutoMergeService.new(merge_request.target_project, current_user, merge_params) - .execute(merge_request, AutoMergeService::STRATEGY_MERGE_WHEN_PIPELINE_SUCCEEDS) - else + if immediately_mergeable ::MergeRequests::MergeService .new(merge_request.target_project, current_user, merge_params) .execute(merge_request) + elsif automatically_mergeable + AutoMergeService.new(merge_request.target_project, current_user, merge_params) + .execute(merge_request, AutoMergeService::STRATEGY_MERGE_WHEN_PIPELINE_SUCCEEDS) end present merge_request, with: Entities::MergeRequest, current_user: current_user, project: user_project diff --git a/lib/gitlab/import_export/attribute_cleaner.rb b/lib/gitlab/import_export/attribute_cleaner.rb index c8dbec7bcba..00c4c41e6be 100644 --- a/lib/gitlab/import_export/attribute_cleaner.rb +++ b/lib/gitlab/import_export/attribute_cleaner.rb @@ -3,8 +3,8 @@ module Gitlab module ImportExport class AttributeCleaner - ALLOWED_REFERENCES = RelationFactory::PROJECT_REFERENCES + RelationFactory::USER_REFERENCES + %w[group_id commit_id discussion_id] - PROHIBITED_REFERENCES = Regexp.union(/\Acached_markdown_version\Z/, /_id\Z/, /_ids\Z/, /_html\Z/).freeze + ALLOWED_REFERENCES = RelationFactory::PROJECT_REFERENCES + RelationFactory::USER_REFERENCES + %w[group_id commit_id discussion_id custom_attributes] + PROHIBITED_REFERENCES = Regexp.union(/\Acached_markdown_version\Z/, /_id\Z/, /_ids\Z/, /_html\Z/, /attributes/).freeze def self.clean(*args) new(*args).clean diff --git a/qa/qa/page/project/issue/index.rb b/qa/qa/page/project/issue/index.rb index ece49ae80c4..b5ad63ab8de 100644 --- a/qa/qa/page/project/issue/index.rb +++ b/qa/qa/page/project/issue/index.rb @@ -10,6 +10,7 @@ module QA end view 'app/views/projects/issues/_issue.html.haml' do + element :issue element :issue_link, 'link_to issue.title' # rubocop:disable QA/ElementWithPattern end @@ -38,7 +39,7 @@ module QA end def has_issue?(issue) - has_element? :issue, issue_title: issue.to_s + has_element? :issue, issue_title: issue.title end end end diff --git a/qa/qa/resource/issue.rb b/qa/qa/resource/issue.rb index 3bcff6a10ac..0817a9de06f 100644 --- a/qa/qa/resource/issue.rb +++ b/qa/qa/resource/issue.rb @@ -38,10 +38,6 @@ module QA end end - def to_s - @title - end - def api_get_path "/projects/#{project.id}/issues/#{id}" end diff --git a/spec/lib/gitlab/import_export/attribute_cleaner_spec.rb b/spec/lib/gitlab/import_export/attribute_cleaner_spec.rb index 44192c4639d..12857f97f7c 100644 --- a/spec/lib/gitlab/import_export/attribute_cleaner_spec.rb +++ b/spec/lib/gitlab/import_export/attribute_cleaner_spec.rb @@ -25,11 +25,21 @@ describe Gitlab::ImportExport::AttributeCleaner do 'legit_html' => '

legit html

', '_html' => '

perfectly ordinary html

', 'cached_markdown_version' => 12345, + 'custom_attributes' => 'whatever', + 'some_attributes_metadata' => 'whatever', 'group_id' => 99, 'commit_id' => 99, 'issue_ids' => [1, 2, 3], 'merge_request_ids' => [1, 2, 3], - 'note_ids' => [1, 2, 3] + 'note_ids' => [1, 2, 3], + 'attributes' => { + 'issue_ids' => [1, 2, 3], + 'merge_request_ids' => [1, 2, 3], + 'note_ids' => [1, 2, 3] + }, + 'variables_attributes' => { + 'id' => 1 + } } end @@ -40,7 +50,8 @@ describe Gitlab::ImportExport::AttributeCleaner do 'random_id_in_the_middle' => 99, 'notid' => 99, 'group_id' => 99, - 'commit_id' => 99 + 'commit_id' => 99, + 'custom_attributes' => 'whatever' } end diff --git a/spec/models/merge_request_spec.rb b/spec/models/merge_request_spec.rb index 7e28736954c..6566074fb33 100644 --- a/spec/models/merge_request_spec.rb +++ b/spec/models/merge_request_spec.rb @@ -2214,6 +2214,16 @@ describe MergeRequest do end end + describe "#actual_head_pipeline_active? " do + it do + is_expected + .to delegate_method(:active?) + .to(:actual_head_pipeline) + .with_prefix + .with_arguments(allow_nil: true) + end + end + describe '#mergeable_ci_state?' do let(:project) { create(:project, only_allow_merge_if_pipeline_succeeds: true) } let(:pipeline) { create(:ci_empty_pipeline) } diff --git a/spec/requests/api/merge_requests_spec.rb b/spec/requests/api/merge_requests_spec.rb index 2e9031c49bb..d322c6de6bf 100644 --- a/spec/requests/api/merge_requests_spec.rb +++ b/spec/requests/api/merge_requests_spec.rb @@ -1549,7 +1549,7 @@ describe API::MergeRequests do end end - describe "PUT /projects/:id/merge_requests/:merge_request_iid/merge" do + describe "PUT /projects/:id/merge_requests/:merge_request_iid/merge", :clean_gitlab_redis_cache do let(:pipeline) { create(:ci_pipeline) } it "returns merge_request in case of success" do @@ -1637,6 +1637,15 @@ describe API::MergeRequests do expect(merge_request.reload.state).to eq('opened') end + it 'merges if the head pipeline already succeeded and `merge_when_pipeline_succeeds` is passed' do + create(:ci_pipeline, :success, sha: merge_request.diff_head_sha, merge_requests_as_head_pipeline: [merge_request]) + + put api("/projects/#{project.id}/merge_requests/#{merge_request.iid}/merge", user), params: { merge_when_pipeline_succeeds: true } + + expect(response).to have_gitlab_http_status(200) + expect(json_response['state']).to eq('merged') + end + it "enables merge when pipeline succeeds if the pipeline is active" do allow_any_instance_of(MergeRequest).to receive_messages(head_pipeline: pipeline, actual_head_pipeline: pipeline) allow(pipeline).to receive(:active?).and_return(true) -- GitLab