From c2858333644a2bca10fd556a5a298b4a1aaedca2 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Thu, 10 Aug 2023 03:07:27 +0000 Subject: [PATCH] Add latest changes from gitlab-org/gitlab@master --- Gemfile | 4 ++-- Gemfile.checksum | 4 ++-- Gemfile.lock | 8 +++---- .../components/markdown/toolbar.vue | 2 +- config/gitlab_loose_foreign_keys.yml | 7 ++++++ ...ces_user_details_enterprise_group_id_fk.rb | 20 +++++++++++++++++ ...user_details_provisioned_by_group_id_fk.rb | 20 +++++++++++++++++ db/schema_migrations/20230804121704 | 1 + db/schema_migrations/20230804121705 | 1 + db/structure.sql | 6 ----- .../cells/cells-feature-user-profile.md | 22 ++++++++++++++++++- .../policies/scan-execution-policies.md | 9 ++++++++ locale/gitlab.pot | 3 +++ .../database/no_cross_db_foreign_keys_spec.rb | 5 ++--- 14 files changed, 93 insertions(+), 19 deletions(-) create mode 100644 db/post_migrate/20230804121704_remove_namespaces_user_details_enterprise_group_id_fk.rb create mode 100644 db/post_migrate/20230804121705_remove_namespaces_user_details_provisioned_by_group_id_fk.rb create mode 100644 db/schema_migrations/20230804121704 create mode 100644 db/schema_migrations/20230804121705 diff --git a/Gemfile b/Gemfile index 208a40560d1..e95dba4cb1b 100644 --- a/Gemfile +++ b/Gemfile @@ -187,9 +187,9 @@ gem 'seed-fu', '~> 2.3.7' gem 'elasticsearch-model', '~> 7.2' gem 'elasticsearch-rails', '~> 7.2', require: 'elasticsearch/rails/instrumentation' gem 'elasticsearch-api', '7.13.3' -gem 'aws-sdk-core', '~> 3.180.2' +gem 'aws-sdk-core', '~> 3.180.3' gem 'aws-sdk-cloudformation', '~> 1' -gem 'aws-sdk-s3', '~> 1.132.0' +gem 'aws-sdk-s3', '~> 1.132.1' gem 'faraday_middleware-aws-sigv4', '~>0.3.0' gem 'typhoeus', '~> 1.4.0' # Used with Elasticsearch to support http keep-alive connections diff --git a/Gemfile.checksum b/Gemfile.checksum index 7a1945afd6c..e7d34d6f626 100644 --- a/Gemfile.checksum +++ b/Gemfile.checksum @@ -37,9 +37,9 @@ {"name":"aws-eventstream","version":"1.2.0","platform":"ruby","checksum":"ffa53482c92880b001ff2fb06919b9bb82fd847cbb0fa244985d2ebb6dd0d1df"}, {"name":"aws-partitions","version":"1.761.0","platform":"ruby","checksum":"291e444e1edfc92c5521a6dbdd1236ccc3f122b3520163b2be6ec5b6ef350ef2"}, {"name":"aws-sdk-cloudformation","version":"1.41.0","platform":"ruby","checksum":"31e47539719734413671edf9b1a31f8673fbf9688549f50c41affabbcb1c6b26"}, -{"name":"aws-sdk-core","version":"3.180.2","platform":"ruby","checksum":"44b2a16492b1fea57bc9e0a9d1efbb329786d120b0dc291a8e2abc5dc3bbb3eb"}, +{"name":"aws-sdk-core","version":"3.180.3","platform":"ruby","checksum":"829915d511bb018acab0905d860c1831c4a7f7e8daba1afd546225b2c9918351"}, {"name":"aws-sdk-kms","version":"1.64.0","platform":"ruby","checksum":"40de596c95047bfc6e1aacea24f3df6241aa716b6f7ce08ac4c5f7e3120395ad"}, -{"name":"aws-sdk-s3","version":"1.132.0","platform":"ruby","checksum":"eec42306e6df54bacf5045a366c69acac8b02834b745b9562a90708838204b32"}, +{"name":"aws-sdk-s3","version":"1.132.1","platform":"ruby","checksum":"cac01fbba5d717907b8df7b4e482447678c8392c7a4707ba09956d10e3549145"}, {"name":"aws-sigv4","version":"1.6.0","platform":"ruby","checksum":"ca9e6a15cd424f1f32b524b9760995331459bc22e67d3daad4fcf0c0084b087d"}, {"name":"axe-core-api","version":"4.6.0","platform":"ruby","checksum":"1b0ddec3353f108dc10363baf2282f43a5ff7f13d4e25f99071294e78f8a6c62"}, {"name":"axe-core-rspec","version":"4.6.0","platform":"ruby","checksum":"11c25bc9dd388c137ba4e5e63d64d20092bf22c884d8ffc829a22acfbacd747f"}, diff --git a/Gemfile.lock b/Gemfile.lock index eae235faae8..824dadab308 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -265,7 +265,7 @@ GEM aws-sdk-cloudformation (1.41.0) aws-sdk-core (~> 3, >= 3.99.0) aws-sigv4 (~> 1.1) - aws-sdk-core (3.180.2) + aws-sdk-core (3.180.3) aws-eventstream (~> 1, >= 1.0.2) aws-partitions (~> 1, >= 1.651.0) aws-sigv4 (~> 1.5) @@ -273,7 +273,7 @@ GEM aws-sdk-kms (1.64.0) aws-sdk-core (~> 3, >= 3.165.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.132.0) + aws-sdk-s3 (1.132.1) aws-sdk-core (~> 3, >= 3.179.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.6) @@ -1737,8 +1737,8 @@ DEPENDENCIES autoprefixer-rails (= 10.2.5.1) awesome_print aws-sdk-cloudformation (~> 1) - aws-sdk-core (~> 3.180.2) - aws-sdk-s3 (~> 1.132.0) + aws-sdk-core (~> 3.180.3) + aws-sdk-s3 (~> 1.132.1) axe-core-rspec babosa (~> 2.0) base32 (~> 0.3.0) diff --git a/app/assets/javascripts/vue_shared/components/markdown/toolbar.vue b/app/assets/javascripts/vue_shared/components/markdown/toolbar.vue index 4fffbb54cb3..a4516fae73d 100644 --- a/app/assets/javascripts/vue_shared/components/markdown/toolbar.vue +++ b/app/assets/javascripts/vue_shared/components/markdown/toolbar.vue @@ -151,7 +151,7 @@ export default { target="_blank" category="tertiary" size="small" - title="Markdown is supported" + :title="__('Markdown is supported')" class="gl-px-3!" /> diff --git a/config/gitlab_loose_foreign_keys.yml b/config/gitlab_loose_foreign_keys.yml index 5b2311da550..3da9e4fd184 100644 --- a/config/gitlab_loose_foreign_keys.yml +++ b/config/gitlab_loose_foreign_keys.yml @@ -308,6 +308,13 @@ terraform_state_versions: - table: p_ci_builds column: ci_build_id on_delete: async_nullify +user_details: + - table: namespaces + column: provisioned_by_group_id + on_delete: async_nullify + - table: namespaces + column: enterprise_group_id + on_delete: async_nullify vulnerability_feedback: - table: ci_pipelines column: pipeline_id diff --git a/db/post_migrate/20230804121704_remove_namespaces_user_details_enterprise_group_id_fk.rb b/db/post_migrate/20230804121704_remove_namespaces_user_details_enterprise_group_id_fk.rb new file mode 100644 index 00000000000..23c23587c43 --- /dev/null +++ b/db/post_migrate/20230804121704_remove_namespaces_user_details_enterprise_group_id_fk.rb @@ -0,0 +1,20 @@ +# frozen_string_literal: true + +class RemoveNamespacesUserDetailsEnterpriseGroupIdFk < Gitlab::Database::Migration[2.1] + disable_ddl_transaction! + + def up + return unless foreign_key_exists?(:user_details, :namespaces, name: "fk_c53c794142") + + with_lock_retries do + remove_foreign_key_if_exists(:user_details, :namespaces, + name: "fk_c53c794142", reverse_lock_order: true) + end + end + + def down + add_concurrent_foreign_key(:user_details, :namespaces, + name: "fk_c53c794142", column: :enterprise_group_id, + target_column: :id, on_delete: :nullify) + end +end diff --git a/db/post_migrate/20230804121705_remove_namespaces_user_details_provisioned_by_group_id_fk.rb b/db/post_migrate/20230804121705_remove_namespaces_user_details_provisioned_by_group_id_fk.rb new file mode 100644 index 00000000000..0d43354b92c --- /dev/null +++ b/db/post_migrate/20230804121705_remove_namespaces_user_details_provisioned_by_group_id_fk.rb @@ -0,0 +1,20 @@ +# frozen_string_literal: true + +class RemoveNamespacesUserDetailsProvisionedByGroupIdFk < Gitlab::Database::Migration[2.1] + disable_ddl_transaction! + + def up + return unless foreign_key_exists?(:user_details, :namespaces, name: "fk_190e4fcc88") + + with_lock_retries do + remove_foreign_key_if_exists(:user_details, :namespaces, + name: "fk_190e4fcc88", reverse_lock_order: true) + end + end + + def down + add_concurrent_foreign_key(:user_details, :namespaces, + name: "fk_190e4fcc88", column: :provisioned_by_group_id, + target_column: :id, on_delete: :nullify) + end +end diff --git a/db/schema_migrations/20230804121704 b/db/schema_migrations/20230804121704 new file mode 100644 index 00000000000..1444b9cc9a3 --- /dev/null +++ b/db/schema_migrations/20230804121704 @@ -0,0 +1 @@ +ea9fa68d5b4001cc4fc8bbcdba5183bfaee216844c87811d2f9d45d008495ee6 \ No newline at end of file diff --git a/db/schema_migrations/20230804121705 b/db/schema_migrations/20230804121705 new file mode 100644 index 00000000000..df3f45a34ed --- /dev/null +++ b/db/schema_migrations/20230804121705 @@ -0,0 +1 @@ +70c78a39fdfe0889a2a5e9adc16f4aeed343b83ff7009d29b303c866e7681740 \ No newline at end of file diff --git a/db/structure.sql b/db/structure.sql index 3e6dadcd29e..a56c9b7729b 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -35965,9 +35965,6 @@ ALTER TABLE ONLY ci_pipelines ALTER TABLE ONLY analytics_devops_adoption_segments ADD CONSTRAINT fk_190a24754d FOREIGN KEY (display_namespace_id) REFERENCES namespaces(id) ON DELETE CASCADE; -ALTER TABLE ONLY user_details - ADD CONSTRAINT fk_190e4fcc88 FOREIGN KEY (provisioned_by_group_id) REFERENCES namespaces(id) ON DELETE SET NULL; - ALTER TABLE ONLY agent_project_authorizations ADD CONSTRAINT fk_1d30bb4987 FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE; @@ -36670,9 +36667,6 @@ ALTER TABLE ONLY timelogs ALTER TABLE ONLY geo_event_log ADD CONSTRAINT fk_c4b1c1f66e FOREIGN KEY (repository_deleted_event_id) REFERENCES geo_repository_deleted_events(id) ON DELETE CASCADE; -ALTER TABLE ONLY user_details - ADD CONSTRAINT fk_c53c794142 FOREIGN KEY (enterprise_group_id) REFERENCES namespaces(id) ON DELETE SET NULL; - ALTER TABLE ONLY issues ADD CONSTRAINT fk_c63cbf6c25 FOREIGN KEY (closed_by_id) REFERENCES users(id) ON DELETE SET NULL; diff --git a/doc/architecture/blueprints/cells/cells-feature-user-profile.md b/doc/architecture/blueprints/cells/cells-feature-user-profile.md index ca555074248..855df497c1e 100644 --- a/doc/architecture/blueprints/cells/cells-feature-user-profile.md +++ b/doc/architecture/blueprints/cells/cells-feature-user-profile.md @@ -15,16 +15,36 @@ we can document the reasons for not choosing this approach. # Cells: User Profile -> TL;DR +The existing User Profiles will initially be scoped to an Organization. Long-term, we should consider aggregating parts of the User activity across Organizations to enable Users a global view of their contributions. ## 1. Definition +Each GitLab account has a [User Profile](../../../user/profile/index.md), which contains information about the User and their GitLab activity. + ## 2. Data flow ## 3. Proposal +User Profiles will be scoped to an Organization. + +- Users can set a Home Organization as their main Organization. +- Users who do not exist in the database at all display a 404 not found error when trying to access their User Profile. +- User who haven't contributed to an Organization display their User Profile with an empty state. +- When displaying a User Profile empty state, if the profile has a Home Organization set to another Organization, we display a call-to-action allowing navigation to the main Organization. + +See [issue #411931](https://gitlab.com/gitlab-org/gitlab/-/issues/411931) for design proposals. + ## 4. Evaluation +We expect the [majority of Users to perform most of their activity in one single Organization](../organization/index.md#data-exploration). +This is why we deem it acceptable to scope the User Profile to an Organization at first. +More discovery is necessary to understand which aspects of the current User Profile are relevant to showcase contributions in a global context. + ## 4.1. Pros +- Viewing a User Profile scoped to an Organization allows you to focus on contributions that are most relevant to your Organization, filtering out the User's other activities. +- Existing User Profile URLs do not break. + ## 4.2. Cons + +- Users will lose the ability to display their entire activity, which may lessen the effectiveness of using their User Profile as a resume of achievements when working across multiple Organizations. diff --git a/doc/user/application_security/policies/scan-execution-policies.md b/doc/user/application_security/policies/scan-execution-policies.md index b84d4d2e49e..6c0023d027c 100644 --- a/doc/user/application_security/policies/scan-execution-policies.md +++ b/doc/user/application_security/policies/scan-execution-policies.md @@ -113,6 +113,11 @@ This rule enforces the defined actions whenever the pipeline runs for a selected > - The `branch_type` field was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/404774) in GitLab 16.1 [with a flag](../../../administration/feature_flags.md) named `security_policies_branch_type`. Disabled by default. > - The `branch_type` field was [enabled on GitLab.com and self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/413062) in GitLab 16.2. +> - The security policy bot users were [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/394958) in GitLab 16.3 [with flags](../../../administration/feature_flags.md) named `scan_execution_group_bot_users` and `scan_execution_bot_users`. Enabled by default. + +FLAG: +On self-managed GitLab, security policy bot users are available. To hide the feature, an administrator can [disable the feature flags](../../../administration/feature_flags.md) named `scan_execution_group_bot_users` and `scan_execution_bot_users`. +On GitLab.com, this feature is available. This rule enforces the defined actions and schedules a scan on the provided date/time. @@ -127,6 +132,10 @@ This rule enforces the defined actions and schedules a scan on the provided date 1. You must specify only one of `branches`, `branch_type`, or `agents`. +Scheduled scan pipelines are triggered by a security policy bot user that is a guest member of the project. Security policy bot users are automatically created when the security policy project is linked, and removed when the security policy project is unlinked. + +If the project does not have a security policy bot user, the scheduled scan pipeline is triggered by the user that modified the security policy project last. + GitLab supports the following types of CRON syntax for the `cadence` field: - A daily cadence of once per hour at a specified hour, for example: `0 18 * * *` diff --git a/locale/gitlab.pot b/locale/gitlab.pot index f0ab1b4b8bc..26d60a767e9 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -28526,6 +28526,9 @@ msgstr "" msgid "Markdown enabled." msgstr "" +msgid "Markdown is supported" +msgstr "" + msgid "Markdown supported." msgstr "" diff --git a/spec/lib/gitlab/database/no_cross_db_foreign_keys_spec.rb b/spec/lib/gitlab/database/no_cross_db_foreign_keys_spec.rb index a11601b6ae0..690a4998b36 100644 --- a/spec/lib/gitlab/database/no_cross_db_foreign_keys_spec.rb +++ b/spec/lib/gitlab/database/no_cross_db_foreign_keys_spec.rb @@ -12,10 +12,9 @@ RSpec.describe 'cross-database foreign keys' do let!(:allowed_cross_database_foreign_keys) do [ 'routes.namespace_id', # https://gitlab.com/gitlab-org/gitlab/-/issues/420869 - 'user_details.enterprise_group_id', # https://gitlab.com/gitlab-org/gitlab/-/issues/420868 - 'user_details.provisioned_by_group_id', # https://gitlab.com/gitlab-org/gitlab/-/issues/420868 'group_import_states.user_id', # https://gitlab.com/gitlab-org/gitlab/-/issues/421210 - 'user_group_callouts.user_id' # https://gitlab.com/gitlab-org/gitlab/-/issues/421287 + 'user_group_callouts.user_id', # https://gitlab.com/gitlab-org/gitlab/-/issues/421287 + 'group_import_states.user_id' # https://gitlab.com/gitlab-org/gitlab/-/issues/421210 ] end