Stan Hu authored 2 years ago and Ezekiel Kigbo committed 2 years ago

In FIPS mode, if a deploy key were present, clicking on the "Allowed
to push" dropdown would fail with a "Failed to load groups, users and
deploy keys" message. This occurred because the JavaScript attempted
to use the `fingerprint` attribute of the key.  However, on a FIPS
system, the MD5 fingerprint is not available, and the `null` value
breaks the dropdown.

To fix this, we use the `fingerprint_sha256` attribute instead. This
commit also puts the SHA256 fingerprint first in the HTML views to
avoid confusion.

Relates to #364562

Changelog: fixed

Laura Montemayor authored 2 years ago and Fabio Pitino committed 2 years ago

* Removes and updates usage of legacy_stage(s)
* Removes Ci::LegacyStage Model
* Removes Ci::LegacyStage presenter
* Removes LegacyStage  from factory

Changelog: changed

Carla Drago authored 2 years ago and Mikołaj Wawrzyniak committed 2 years ago

This change updates the ProjectImportState and StageMethods
to handle a canceled state. This is a part of the work
required to enable cancelling of github imports in the
UI.

Changelog: added

Do inline auth refresh only when there is a single argument

We put a migration on hold when autovacuum is active on the respective
table.

This implements a basic signal/indicators construct. It allows us to add
more indicators and signals as we go.

See #357248

Changelog: other

This strategy uses ErrorTrackingOpenAPI client.

* Introduce OpenApiStrategy and `list_errors`
* Implement find_error call
* Implement update_error in error repository
* Implement last_event_for to view stacktraces
* Implement report_error which raises an error
* Use extracted StacktraceBuilder
* Disable FF use_click_house_database_for_error_tracking in specs
* Configure error tracking API URL via envvar
* Error Tracking: Handle error ID as string not as a number
* Error Tracking: Expose correct DSN when used with ClickHouse backend
* Parse cursor from HTTP headers
* Support search term (query) when listing errors
* Don't truncate title for now
* Support (approximated) user count
* Support first and last release version
* Use GitLab logger
* Add specs for open_api_strategy

Pedro Pombeiro authored 2 years ago and Mayra Cabrera committed 2 years ago

Changelog: added

Rodrigo Tomonari authored 2 years ago and Pavel Shutsin committed 2 years ago

In order to parallelize the project export in Import/Export, two new
are being added to Import/Export to track and store the partial
export files.

The table `project_export_relations` will hold the status of the
relation exportation. And the table `project_export_relation_uploads`
will store the location of the exported file.

Changelog: added

In FIPS mode, the minimum RSA key size is 3072 bits. A number of tests
use small key sizes for speed. Bump up the default to 3072 at the
minimum in most cases.

Relates to #364562

Previously repositories for test were directly copied into the gitaly
filesystem but gitaly cluster cannot support this as it requires some
state in the praefect database.

Adam Hegyi authored 2 years ago and GitLab Release Tools Bot committed 2 years ago

Merge branch 'security-fix-sentry-issue-leaks-and-access-level-check' into 'master'

See merge request gitlab-org/security/gitlab!2461

Changelog: security

Remove tracing show html

Remove tracing show html spec

Update specs and yml

Changelog: removed
MR: !90699

Bala Kumar authored 2 years ago and Shinya Maeda committed 2 years ago

Changelog: fixed

Vitali Tatarintev authored 2 years ago and Vitali Tatarintev committed 2 years ago

Reject the update of timeline events when they aren't editable

Ensure owners and maintainers of all projects
can approve access requests

Changelog: changed

Defines traits for plan_limits for every plan type:

    build(:plan_limits, :default_plan)
    build(:plan_limits, :free_plan)
    build(:plan_limits, :ultimate_plan)

This can be done in the FOSS Plan factory because in FOSS this will
define only the 'default' Plan, and in EE this will define all the EE
Plans.

Max Orefice authored 2 years ago and Marius Bobin committed 2 years ago

This MR fixes a bug which allow to display matrix_id in our
TestReport pipeline page.

Changelog: fixed

Tiger Watson authored 2 years ago and João Alexandre Cunha committed 2 years ago

Previously, deleting a Terraform state did not remove the
files stored in object storage. Before deleting the state
itself, each state version must be removed individually.

A Terraform state may have many previous versions associated
with it, so instead of deleting immediately we must schedule
a worker to handle removing files from object storage.

Once a state is marked for deletion it can no longer be
accessed using the REST API, to prevent subsequent Terraform
operations from modifying it.

Changelog: fixed

When running tests in FIPS mode, `ApplicationSetting` by default has
invalid SSH key size restrictions. We now ensure the FactoryBot
creates a `ApplicationSetting` that conforms to FIPS requirements.

* only task can be set as child
* only issue can be parent
* maximum number of children is 100

Jonas Wälter authored 2 years ago and David Fernandez committed 2 years ago

Add `public_packages` feature flag

Extend project settings specs

Use options "Everyone With Access" and "Everyone"

Adjust milestone of feature flag

Fix packages_access_level on project import/export

Use 'package_registry_access_level' as name

Sync packages_enabled with package_registry_access_level

Test sync packages_enabled - package_registry_access_level

Adjust feature flag milestone

Resort project permissions settings

Set default value to `DISABLED`

Consider global config for default value

Remove `read_package` policies again

Add spec for package_registry_access_level default value

Set required minimum access level for package registry

Adjust setting options related to project visibility

Sync properties depending on project visibility

Add rollout issue URL

Change selected option if project visibility changed

Changelog: added

Sean Arnold authored 2 years ago and Luke Duncalfe committed 2 years ago

Replace uses of `.to receive` in factories with `stub_method`

Changelog: performance

Kerri Miller authored 2 years ago and Terri Chu committed 2 years ago

Part of our work to migrate terminology from WIP -> Draft

Epic: &3879

Brian Williams authored 2 years ago and Mayra Cabrera committed 2 years ago

This is part one of a multi-part implementation to support validation of
git commits signed by SSH keys. This adds the database tables and models
for SSH commit signatures, using the same pattern as the existing
gpg_signatures and x509_signatures tables. These will be used to show
the verification status on commits which are signed.

Changelog: added

Changelog: added

This new table is going to be used to temporary permit a set of users to
use the certificate-based-clusters feature, which allowing us to remove
for the majority of other users. On our first attemp we tried to do this
with FF only on the namespace leve. But the spectrum of users that need
this feature enabled for longer is too big. So big that toggling the FF
for all these actors is something that our FF framework wasn't ready to
handle. So checking the enabled users directly from a table will be much
simpler, faster and easy on memory consumption.

Changelog: other

Project-level secure files are now sorted by the time they are created.

Changelog: changed
MR: !87546

Krasimir Angelov authored 2 years ago and Kamil Trzciński committed 2 years ago

* Add `batched_background_migrations.gitlab_schema` column.
* When fetching the active migration scope to schemas available for the
current connection.

For DML migrations, which are restricted to given gitlab_schema, use this
value when enqueuing batched background migration, if there is not one
provided explicitly.

For v1.0 migrations, set `gitlab-schema` to `gitlab_main`.

Skip batched backfround migration worker if it shares database config
with another database.

#359951

Changelog: changed

Alan (Maciej) Paruszewski authored 2 years ago and Mark Chao committed 2 years ago

Changelog: removed

Darby Frey authored 2 years ago and Enrique Alcántara committed 2 years ago

Project-level Secure Files can now be uploaded and removed via the UI.

Changelog: changed
MR: gitlab-org/gitlab!86293

Max Woolf authored 2 years ago and Terri Chu committed 2 years ago

Instance administrators can no longer allow
expired SSH keys to work.

Changelog: removed
EE: true