Change default of `restrict_user_defined_variables` to `true` behind FF
Related to: #502382
Today restrict_user_defined_variables
is set to false
by default, meaning that all developers are allowed to pass pipeline variables when creating pipelines. This default setting violates the least privilege principle.
What does this MR do and why?
Set restrict_user_defined_variables
to true
by default.
Use pipeline_variables_minimum_override_role
from the root namespace settings (pipeline_variables_default_role
).
Default pipeline_variables_default_role
to developer
in namespace settings.
Behind an FF change_namespace_default_role_for_pipeline_variables
disabled by default:
- disabled -
pipeline_variables_default_role
=developer
- enabled -
pipeline_variables_default_role
=no_one_allowed
The idea is to:
- Begin the rollout with the default developer role, enabling both restrict_user_defined_variables and pipeline_variables_minimum_override_role.
- In later milestones, use namespace migrations to enforce stricter limits, first changing the role to
maintainer
and eventually tono_one_allowed
.
References
Please include cross links to any resources that are relevant to this MR This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
Merge request reports
Activity
assigned to @dbiryukov
changed milestone to %17.6
added pipelinetier-1 label
added 1 commit
- 9faf84f3 - Move the initialization of defaults to initialize
added grouppipeline security label
added devopsgovern sectionsec labels
added backend label
added priority1 label
- Resolved by 🤖 GitLab Bot 🤖
Proper labels assigned to this merge request. Please ignore me.
@dbiryukov
- please see the following guidance and update this merge request.1 Error Please add typebug typefeature, or typemaintenance label to this merge request. Edited by 🤖 GitLab Bot 🤖
added security-fix-in-public label
5 Warnings This MR changes code in ee/
, but its Changelog commit is missing theEE: true
trailer. Consider adding it to your Changelog commits.a97a6368: The commit body should not contain more than 72 characters per line. For more information, take a look at our Commit message guidelines. 890d1785: The commit subject may not be longer than 72 characters. For more information, take a look at our Commit message guidelines. 5cc271f4: The commit subject may not be longer than 72 characters. For more information, take a look at our Commit message guidelines. 5cc271f4: The commit subject must not end with a period. For more information, take a look at our Commit message guidelines. 2 Messages This merge request adds or changes documentation files. A review from the Technical Writing team before you merge is recommended. Reviews can happen after you merge. config/feature_flags/development/change_namespace_default_role_for_pipeline_variables.yml: Consider filling feature_issue_url:
Documentation review
The following files require a review from a technical writer:
-
doc/ci/variables/index.md
(Link to current live version)
The review does not need to block merging this merge request. See the:
-
Metadata for the
*.md
files that you've changed. The first few lines of each*.md
file identify the stage and group most closely associated with your docs change. - The Technical Writer assigned for that stage and group.
- Documentation workflows for information on when to assign a merge request for review.
Reviewer roulette
Category Reviewer Maintainer backend @shubhamkrai
(UTC+1, same timezone as author)
@partiaga
(UTC+11, 10 hours ahead of author)
database @irina.bronipolsky
(UTC+0, 1 hour behind author)
@ahegyi
(UTC+1, same timezone as author)
QA @svistas
(UTC+2, 1 hour ahead of author)
Maintainer review is optional for QA test for spec/features/*
@shubhamkrai
(UTC+1, same timezone as author)
Maintainer review is optional for test for spec/features/*
~"Verify" Reviewer review is optional for ~"Verify" @hfyngvason
(UTC-5, 6 hours behind author)
Please refer to documentation page for guidance on how you can benefit from the Reviewer Roulette, or use the GitLab Review Workload Dashboard to find other available reviewers.
If needed, you can retry the
danger-review
job that generated this comment.Generated by
Danger-
- A deleted user
added feature flag label
mentioned in merge request !171189 (closed)
- A deleted user
added documentation label
- Resolved by Marcel Amirault
@akotte Could you please perform an initial backend review?
@marcel.amirault Could you please review a documentation update?
requested review from @akotte and @marcel.amirault
- Resolved by Dmytro Biryukov
added Technical Writing label
added pipeline:mr-approved label
added pipelinetier-2 label and removed pipelinetier-1 label
Before you set this MR to auto-merge
This merge request will progress on pipeline tiers until it reaches the last tier: pipelinetier-3. We will trigger a new pipeline for each transition to a higher tier.
Before you set this MR to auto-merge, please check the following:
- You are the last maintainer of this merge request
- The latest pipeline for this merge request is pipelinetier-3 (You can find which tier it is in the pipeline name)
- This pipeline is recent enough (created in the last 8 hours)
If all the criteria above apply, please set auto-merge for this merge request.
See pipeline tiers and merging a merge request for more details.
requested review from @radbatnag
E2E Test Result Summary
allure-report-publisher
generated test report!e2e-test-on-gdk:
test report for 890d1785expand test summary
+------------------------------------------------------------------+ | suites summary | +-------------+--------+--------+---------+-------+-------+--------+ | | passed | failed | skipped | flaky | total | result | +-------------+--------+--------+---------+-------+-------+--------+ | Verify | 96 | 0 | 34 | 0 | 130 | ✅ | | Plan | 164 | 0 | 16 | 0 | 180 | ✅ | | Govern | 160 | 0 | 24 | 0 | 184 | ✅ | | Fulfillment | 4 | 0 | 14 | 0 | 18 | ✅ | | Create | 270 | 0 | 40 | 0 | 310 | ✅ | | Data Stores | 66 | 0 | 20 | 0 | 86 | ✅ | | Release | 10 | 0 | 2 | 0 | 12 | ✅ | | ModelOps | 0 | 0 | 2 | 0 | 2 | ➖ | | Monitor | 16 | 0 | 24 | 0 | 40 | ✅ | | Package | 50 | 0 | 26 | 0 | 76 | ✅ | | Analytics | 4 | 0 | 0 | 0 | 4 | ✅ | | Manage | 2 | 0 | 18 | 0 | 20 | ✅ | | Configure | 0 | 0 | 6 | 0 | 6 | ➖ | | Secure | 8 | 0 | 6 | 0 | 14 | ✅ | | Growth | 0 | 0 | 4 | 0 | 4 | ➖ | | Ai-powered | 0 | 0 | 4 | 0 | 4 | ➖ | +-------------+--------+--------+---------+-------+-------+--------+ | Total | 850 | 0 | 240 | 0 | 1090 | ✅ | +-------------+--------+--------+---------+-------+-------+--------+
e2e-test-on-cng:
test report for 890d1785expand test summary
+------------------------------------------------------------------+ | suites summary | +-------------+--------+--------+---------+-------+-------+--------+ | | passed | failed | skipped | flaky | total | result | +-------------+--------+--------+---------+-------+-------+--------+ | Plan | 82 | 0 | 8 | 0 | 90 | ✅ | | Release | 5 | 0 | 1 | 0 | 6 | ✅ | | Create | 136 | 0 | 19 | 1 | 155 | ✅ | | Monitor | 8 | 0 | 12 | 0 | 20 | ✅ | | Data Stores | 33 | 0 | 10 | 0 | 43 | ✅ | | Verify | 49 | 0 | 16 | 0 | 65 | ✅ | | Package | 24 | 0 | 14 | 0 | 38 | ✅ | | Configure | 0 | 0 | 3 | 0 | 3 | ➖ | | Govern | 82 | 0 | 10 | 1 | 92 | ✅ | | Growth | 0 | 0 | 2 | 0 | 2 | ➖ | | Manage | 1 | 0 | 9 | 0 | 10 | ✅ | | Analytics | 2 | 0 | 0 | 1 | 2 | ✅ | | ModelOps | 0 | 0 | 1 | 0 | 1 | ➖ | | Secure | 2 | 0 | 5 | 0 | 7 | ✅ | | Fulfillment | 2 | 0 | 7 | 1 | 9 | ✅ | | Ai-powered | 0 | 0 | 2 | 0 | 2 | ➖ | +-------------+--------+--------+---------+-------+-------+--------+ | Total | 426 | 0 | 119 | 4 | 545 | ✅ | +-------------+--------+--------+---------+-------+-------+--------+
added 1181 commits
-
fe370596...e8db7e20 - 1180 commits from branch
master
- f3f868cb - Enforce pipeline override variables to true
-
fe370596...e8db7e20 - 1180 commits from branch
added typebug label
@dbiryukov I added typebug label - please update if that is incorrect!
Edited by Radamanthus Batnagaborted automatic add to merge train because the source branch was updated. Learn more.
added 1 commit
- f1ec61d8 - Force restrict_user_defined_variables to be false
reset approvals from @marcel.amirault and @radbatnag by pushing to the branch
- Resolved by Dmytro Biryukov
- Resolved by Fabio Pitino
added 1 commit
- 490a1d0d - Disable resriction of user defined variables on pipeline trigger spec
- Resolved by Dmytro Biryukov
- Resolved by Dmytro Biryukov
added 1 commit
- dd4a823d - Disable restrict_user_defined_variables for UpdateService spec
added 1 commit
- 76e3034e - Disable restrict_user_defined_variables for paritioning spec
added 1 commit
- dd280199 - Address multiple controllers/services tests with removed restriction on user defined vars
added 1 commit
- 52f3022e - Address multiple controllers/services tests with removed restriction on user defined vars
- A deleted user
added QA label
- Resolved by Fabio Pitino
- Resolved by Dmytro Biryukov
added 1 commit
- 2c239212 - Set projects factory with default restrict_user_defined_variables false
- Resolved by Fabio Pitino
The default settings of restrict_user_defined_variables create numerous dependencies across different tests:
- I've resolved most of the issues by using
before do project.update!(restrict_user_defined_variables: false)
- Additionally, a few
QA
tests are still failing because this setting needs to be adjusted either by modifying the project settings through UI steps or by stubbing it with a different value, though it’s unclear if stubbing is feasible.
Failing QA tests:
qa/qa/specs/features/browser_ui/4_verify/ci_variable/ui_variable_inheritable_when_forward_pipeline_variables_true_spec.rb
qa/qa/specs/features/browser_ui/4_verify/ci_variable/custom_variable_spec.rb
Instead of addressing all the unit tests with:
before do project.update!(restrict_user_defined_variables: false) end
We can set by default a project factory with
restrict_user_defined_variables = false
@fabiopitino Please take a look. What do you think about failing QA tests?
- I've resolved most of the issues by using
requested review from @fabiopitino
- Resolved by Fabio Pitino
added 1 commit
- d25651bf - Do not restrict_defined_variables on qa specs
added 1 commit
- 2c0d2065 - Move restrict_user_defined_variables update to REST
added 2 commits
- 5b12ddb4 - Change restrict user defined variables
- 7581e96a - Set restrict user defined variables to false on upstream
- Resolved by Dmytro Biryukov
- Resolved by Dmytro Biryukov
added 1 commit
- c86602b1 - Rename FF and update tests with change role fix
added 1 commit
- e9c896ed - Update requests mutation Job::Play spec with change role fix to maintainer
added 1 commit
- 696c4558 - Change override role instead of user_defined_Variables restriction
added 1 commit
- e5444cb9 - Introduce namespace settings pipeline_variables_default_role
- A deleted user
added database databasereview pending labels
- Resolved by Fabio Pitino
- Resolved by Fabio Pitino
- A deleted user
added Data WarehouseImpact Check label
added 920 commits
-
e5444cb9...b82dfb91 - 919 commits from branch
master
- a0ca5f1b - Enforce pipeline override variables to true
-
e5444cb9...b82dfb91 - 919 commits from branch
added Data WarehouseNot Impacted label and removed Data WarehouseImpact Check label
added 23 commits
-
a0ca5f1b...07fec9ca - 22 commits from branch
master
- 648da0ef - Enforce pipeline override variables to true
-
a0ca5f1b...07fec9ca - 22 commits from branch
- Resolved by Dmytro Biryukov
added 11 commits
-
652565a0...50f54a95 - 10 commits from branch
master
- 44317710 - Enforce pipeline override variables to true
-
652565a0...50f54a95 - 10 commits from branch
requested review from @fabiopitino
Database migrations (on the main database)
1 Warnings 20241112055215 - AddPipelineVariablesDefaultRoleToNamespaceSettings had a query that
exceeded timing guidelines. Run time should not exceed 100ms, but it was 21426.15ms. Please
consider possible options to improve the query performance.ALTER TABLE namespace_settings
VALIDATE CONSTRAINT check_1daa2f02edMigrations included in this change have been executed on gitlab.com data for testing purposes. For details, please see the migration testing pipeline (limited access).
Migration Type Total runtime Result DB size change 20241112055215 - AddPipelineVariablesDefaultRoleToNamespaceSettings Regular 26.7 s +0.00 B Runtime Histogram for all migrations
Query Runtime Count 0 seconds - 0.01 seconds 0 0.01 seconds - 0.1 seconds 4 0.1 seconds - 1 second 1 1 second - 5 seconds 0 5 seconds - 15 seconds 0 15 seconds - 5 minutes 1 5 minutes + 0 Migration: 20241112055215 - AddPipelineVariablesDefaultRoleToNamespaceSettings- Type: Regular
- Duration: 26.7 s
- Database size change: +0.00 B
Calls Total Time Max Time Mean Time Rows Query 1 21426.2 ms 21426.2 ms 21426.2 ms 0 ALTER TABLE namespace_settings VALIDATE CONSTRAINT check_1daa2f02ed
1 8.0 ms 8.0 ms 8.0 ms 0 ALTER TABLE "namespace_settings" ADD "pipeline_variables_default_role" text DEFAULT 'developer'
1 0.5 ms 0.5 ms 0.5 ms 0 ALTER TABLE namespace_settings ADD CONSTRAINT check_1daa2f02ed CHECK ( char_length(pipeline_variables_default_role) <= 32 ) NOT VALID
2 0.0 ms 0.0 ms 0.0 ms 2 SELECT pg_backend_pid()
1 0.0 ms 0.0 ms 0.0 ms 1 SELECT $1::regtype::oid
Histogram for AddPipelineVariablesDefaultRoleToNamespaceSettings
Query Runtime Count 0 seconds - 0.01 seconds 0 0.01 seconds - 0.1 seconds 4 0.1 seconds - 1 second 1 1 second - 5 seconds 0 5 seconds - 15 seconds 0 15 seconds - 5 minutes 1 5 minutes + 0 Other information
Other migrations pending on GitLab.com
Migration Type Total runtime Result DB size change 20241104090601 - AddIsKnownExploitToPmCveEnrichment Regular 5.3 s +0.00 B 20241105150912 - AddProjectEventsToWebHooks Regular 5.9 s +0.00 B 20241107131541 - AddUserSeatManagementToApplicationSettings Regular 4.4 s +0.00 B 20241107180528 - AddCursorsToBatchedBackgroundMigrationJobs Regular 4.4 s +0.00 B 20241107180531 - AddCursorsToBatchedBackgroundMigrations Regular 5.0 s +0.00 B 20241107180533 - AddIdsOrCursorsConstraintToBatchedBackgroundMigrationJobs Regular 5.8 s +0.00 B 20241107180537 - AddIdsOrCursorsConstraintToBatchedBackgroundMigrations Regular 5.2 s +0.00 B 20241107180541 - RemoveValuesNotNullConstraintsFromBatchedBackgroundMigrationJobs Regular 4.2 s +0.00 B 20241107180543 - RemoveValuesNotNullConstraintsFromBatchedBackgroundMigrations Regular 4.2 s +0.00 B 20241108192945 - AddWorkItemTypesOldIdColumn Regular 4.4 s +0.00 B 20241028135334 - UpdatePostgresSequencesView2 Post deploy 4.6 s +0.00 B 20241103164158 - MigrateSoftwareLicenseWithoutSpdxIdentifierToCustomLicensesTable Post deploy 1292.7 s +3.85 MiB 20241104212609 - AddIndexOnMembersSourceAccessLevelMemberRole Post deploy 66.6 s +1.21 GiB 20241105232559 - FinalizeBackfillDesignManagementVersionsNamespaceId Post deploy 5.3 s +0.00 B 20241106092213 - SyncForeignKeyValidationForPipelinesUpstreamPipelineId Post deploy 8.7 s +8.00 KiB [note] 20241106163530 - AllowNullForPlanLimitsRepositorySize Post deploy 4.4 s +0.00 B 20241106163630 - UpdateDefaultPlanLimitsRepositorySize Post deploy 5.1 s +0.00 B 20241106163900 - SetExistingPlanLimitsRepositorySizeToNull Post deploy 4.1 s +0.00 B 20241107064635 - QueueBackfillCiRunnerMachinesPartitionedTable Post deploy 4.0 s +0.00 B 20241107180535 - AddJsonbArrayConstraintsToBatchedBackgroundMigrationJobs Post deploy 5.6 s +0.00 B 20241107180539 - AddJsonbArrayConstraintsToBatchedBackgroundMigrations Post deploy 5.2 s +0.00 B 20241107180545 - IndexBackgroundMigrationJobsOnMigrationIdAndMaxCursor Post deploy 5.6 s +8.00 KiB [note] 20241107232543 - FinalizeBackfillIssueLinksNamespaceId Post deploy 5.1 s +0.00 B 20241107232848 - FinalizeBackfillOperationsFeatureFlagsIssuesProjectId Post deploy 4.8 s +0.00 B 20241108105453 - EnsureIdUniquenessForPCiPipelines Post deploy 5.1 s +0.00 B 20241108205025 - SetWorkItemTypesOldId Post deploy 4.4 s +0.00 B 20241109084629 - AddDependencyListExportsProjectIdGroupIdOrganizationIdNotNull Post deploy 5.2 s +0.00 B 20241110232543 - FinalizeBackfillMergeRequestBlocksProjectId Post deploy 4.8 s +0.00 B Clone details
Clone ID Clone Created At Clone Data Timestamp Expected Removal Time database-testing-3880554-16005167-main
2024-11-12T13:00:55Z 2024-11-09T02:08:37Z 2024-11-13 01:38:46 +0000 database-testing-3880554-16005167-ci
2024-11-12T13:00:54Z 2024-11-11T16:17:16Z 2024-11-13 01:38:46 +0000 Database migrations (on the ci database)
Migrations included in this change have been executed on gitlab.com data for testing purposes. For details, please see the migration testing pipeline (limited access).
Migration Type Total runtime Result DB size change 20241112055215 - AddPipelineVariablesDefaultRoleToNamespaceSettings Regular 7.7 s +0.00 B Runtime Histogram for all migrations
Query Runtime Count 0 seconds - 0.01 seconds 0 0.01 seconds - 0.1 seconds 4 0.1 seconds - 1 second 2 1 second - 5 seconds 0 5 seconds - 15 seconds 0 15 seconds - 5 minutes 0 5 minutes + 0 Migration: 20241112055215 - AddPipelineVariablesDefaultRoleToNamespaceSettings
- Type: Regular
- Duration: 7.7 s
- Database size change: +0.00 B
Calls Total Time Max Time Mean Time Rows Query 1 2.2 ms 2.2 ms 2.2 ms 0 ALTER TABLE "namespace_settings" ADD "pipeline_variables_default_role" text DEFAULT 'developer'
1 0.8 ms 0.8 ms 0.8 ms 0 ALTER TABLE namespace_settings ADD CONSTRAINT check_1daa2f02ed CHECK ( char_length(pipeline_variables_default_role) <= 32 ) NOT VALID
1 0.4 ms 0.4 ms 0.4 ms 0 ALTER TABLE namespace_settings VALIDATE CONSTRAINT check_1daa2f02ed
2 0.0 ms 0.0 ms 0.0 ms 2 SELECT pg_backend_pid()
1 0.0 ms 0.0 ms 0.0 ms 1 SELECT $1::regtype::oid
Histogram for AddPipelineVariablesDefaultRoleToNamespaceSettings
Query Runtime Count 0 seconds - 0.01 seconds 0 0.01 seconds - 0.1 seconds 4 0.1 seconds - 1 second 2 1 second - 5 seconds 0 5 seconds - 15 seconds 0 15 seconds - 5 minutes 0 5 minutes + 0 Other information
Other migrations pending on GitLab.com
Migration Type Total runtime Result DB size change 20241104090601 - AddIsKnownExploitToPmCveEnrichment Regular 7.5 s +0.00 B 20241105150912 - AddProjectEventsToWebHooks Regular 6.6 s +8.00 KiB [note] 20241107131541 - AddUserSeatManagementToApplicationSettings Regular 6.5 s +0.00 B 20241108192945 - AddWorkItemTypesOldIdColumn Regular 6.4 s +0.00 B 20241028135334 - UpdatePostgresSequencesView2 Post deploy 6.5 s +0.00 B 20241104212609 - AddIndexOnMembersSourceAccessLevelMemberRole Post deploy 8.9 s +8.00 KiB [note] 20241106163530 - AllowNullForPlanLimitsRepositorySize Post deploy 6.4 s +0.00 B 20241106163630 - UpdateDefaultPlanLimitsRepositorySize Post deploy 6.6 s +0.00 B 20241106163900 - SetExistingPlanLimitsRepositorySizeToNull Post deploy 6.2 s +0.00 B 20241108205025 - SetWorkItemTypesOldId Post deploy 6.5 s +0.00 B 20241109084629 - AddDependencyListExportsProjectIdGroupIdOrganizationIdNotNull Post deploy 7.2 s +0.00 B 20241110232543 - FinalizeBackfillMergeRequestBlocksProjectId Post deploy 6.1 s +0.00 B Clone details
Clone ID Clone Created At Clone Data Timestamp Expected Removal Time database-testing-3880554-16005167-main
2024-11-12T13:00:55Z 2024-11-09T02:08:37Z 2024-11-13 01:38:46 +0000 database-testing-3880554-16005167-ci
2024-11-12T13:00:54Z 2024-11-11T16:17:16Z 2024-11-13 01:38:46 +0000
Brought to you by gitlab-org/database-team/gitlab-com-database-testing. Epic
Edited by ****added database-testing-automation label
Generated bygitlab_quality-test_tooling
.
Slow tests detected in this merge request. These slow tests might be related to this merge request's changes.Click to expand
Job File Name Duration Expected duration #8334607406 spec/lib/gitlab/database/decomposition/migrate_spec.rb#L103
Gitlab::Database::Decomposition::Migrate#process! when the checks pass copies main database to ci database 27.94 s < 27.12 s #8449529395 spec/lib/gitlab/database/decomposition/migrate_spec.rb#L103
Gitlab::Database::Decomposition::Migrate#process! when the checks pass copies main database to ci database 29.64 s < 27.12 s - A deleted user
added rspec:slow test detected label
- Resolved by Fabio Pitino
- Resolved by Fabio Pitino
- Resolved by Fabio Pitino
- Resolved by Fabio Pitino
@dbiryukov I've left an initial feedback.
added 1 commit
- 4ba5896b - Refactor namespace variables default role migration to enum
added 1 commit
- 9059b166 - Adjust default role reference from namespace to namespace_settings
added 1 commit
- dd576338 - Validate default pipeline variabe role on namespace settings
- Resolved by Fabio Pitino
added 1 commit
- 884ce4c8 - Restore nil allownace for the role on namespace
- Resolved by Fabio Pitino
added 1 commit
- e05cf5aa - Move FF to namespace_settings and use no_one_allowed as default role
- Resolved by Fabio Pitino
requested review from @fabiopitino
- Resolved by Fabio Pitino
- Resolved by Fabio Pitino
- Resolved by Dmytro Biryukov
- Resolved by Dmytro Biryukov
- Resolved by Fabio Pitino
- Resolved by Fabio Pitino
- Resolved by Dmytro Biryukov
- Resolved by Dmytro Biryukov
- Resolved by Fabio Pitino
- Resolved by Dmytro Biryukov
- Resolved by Dmytro Biryukov
- Resolved by Fabio Pitino
- Resolved by Fabio Pitino
- Resolved by Dmytro Biryukov
- Resolved by Dmytro Biryukov
- Resolved by Dmytro Biryukov
mentioned in merge request !154510 (merged)
changed milestone to %17.7
added missed:17.6 label
mentioned in merge request !173278 (merged)
added 2211 commits
-
5627d987...9cd2b396 - 2210 commits from branch
master
- 764367fb - Change default of `restrict_user_defined_variables` to `true` behind FF
-
5627d987...9cd2b396 - 2210 commits from branch
added 1 commit
- edbf6ca2 - Remove change_restrict_user_defined_variables
added 1 commit
- 80e50174 - Change restrict user defined variables on upstream and downstream projects
added 1 commit
- 9b2e5a03 - Leave only enum validation on namespace settings
added 2 commits
- Resolved by Fabio Pitino
added 1 commit
- 42540c4e - Change default of `restrict_user_defined_variables` to `true` behind FF
added 824 commits
-
98836d4d...898a81c7 - 822 commits from branch
master
- 19300283 - Change default of `restrict_user_defined_variables` to `true` behind FF
- 2e75a6ac - Make line shorter
-
98836d4d...898a81c7 - 822 commits from branch
- Resolved by Dmytro Biryukov
- Resolved by Dmytro Biryukov
@fabiopitino I have addressed all the suggestions and questions, please take a look again.
- Updated documentation.
- Updated pipeline_variables_default_role in namespace_settings to align with SSoT compliance referencing it to ProjectCiCdSettings
- Replaced
after_initialize
withbefore_create
- Refactored tests
requested review from @fabiopitino
- Resolved by Fabio Pitino
- Resolved by Dmytro Biryukov
- Resolved by Dmytro Biryukov
- Resolved by Dmytro Biryukov
- Resolved by Fabio Pitino
- Resolved by Fabio Pitino
- Resolved by Fabio Pitino
- Resolved by Fabio Pitino
- Resolved by Dmytro Biryukov
- Resolved by Dmytro Biryukov
- Resolved by Dmytro Biryukov
- Resolved by Dmytro Biryukov
- Resolved by Dmytro Biryukov
- Resolved by Dmytro Biryukov
added 1 commit
- 833d7728 - Remove restrict_user_defined_variables update to true in tests
added 1 commit
- 1d2f8418 - Change default of `restrict_user_defined_variables` to `true` behind FF
added 1 commit
- ae484c5f - Fallback to default if no namespace settings defined, address tests accordingly
added 434 commits
-
ae484c5f...d7eedad5 - 433 commits from branch
master
- b52b1c30 - Change default of `restrict_user_defined_variables` to `true` behind FF
-
ae484c5f...d7eedad5 - 433 commits from branch
- Resolved by Dmytro Biryukov
requested review from @fabiopitino
- Resolved by Fabio Pitino
@fabiopitino I have addressed all the latest questions and suggestions. Would you mind taking another look?
added 889 commits
-
8a6164ba...313567ac - 888 commits from branch
master
- a97a6368 - Change default of `restrict_user_defined_variables` to `true` behind FF
-
8a6164ba...313567ac - 888 commits from branch
added 1 commit
- 4d3399d0 - Restore set_default_values, removed by mistake on conflict resolution
added 1 commit
- 4c157085 - Rename set_default_values to set_pipeline_variables_default_role
- Resolved by Dmytro Biryukov
- Resolved by Fabio Pitino
mentioned in issue #508323
added 1 commit
- 5cc271f4 - This method was previously mixed with the default set callback, but with the...
- Resolved by Dmytro Biryukov
- Resolved by Dmytro Biryukov
added 1 commit
- 890d1785 - Add a notice about possible breaking change for self-hosted and dedicated
- Resolved by Jarka Košanová
@bmarjanovic Could you please perform a database review?
requested review from @bmarjanovic
requested review from @stomlinson and removed review request for @bmarjanovic
requested review from @jarka
removed review request for @stomlinson
added pipelinetier-3 pipeline:run-e2e-omnibus-once labels and removed pipelinetier-2 label
added databaseapproved label and removed databasereview pending label
Thanks @dbiryukov , approving and setting auto-merge
started a merge train
mentioned in commit 9c13c660
Hello @dbiryukov
The database team is looking for ways to improve the database review process and we would love your help!
If you'd be open to someone on the database team reaching out to you for a chat, or if you'd like to leave some feedback asynchronously, just post a reply to this comment mentioning:
@gitlab-org/database-team
And someone will be by shortly!
Thanks for your help!
This message was generated automatically. Improve it or delete it.
added security-fix-in-public workflowstaging-canary labels and removed security-fix-in-public label
@dbiryukov This merge request was deployed to the workflowstaging-canary environment. You may want to enable the associated feature flag on this environment with/chatops run feature set change_namespace_default_role_for_pipeline_variables true --staging
.This message was generated automatically. Improve it or delete it.
This merge request was deployed to the workflowcanary environment. You may want to enable the associated feature flag on this environment with/chatops run feature set change_namespace_default_role_for_pipeline_variables true --production
.This message was generated automatically. Improve it or delete it.
This merge request was deployed to the workflowstaging environment. You may want to enable the associated feature flag on this environment with/chatops run feature set change_namespace_default_role_for_pipeline_variables true --staging
.This message was generated automatically. Improve it or delete it.
This merge request was deployed to the workflowproduction environment. You may want to enable the associated feature flag on this environment with/chatops run feature set change_namespace_default_role_for_pipeline_variables true --production
.This message was generated automatically. Improve it or delete it.
added workflowcanary label and removed workflowstaging-canary label
added security-fix-in-public workflowstaging labels and removed security-fix-in-public workflowcanary labels
added security-fix-in-public workflowproduction labels and removed security-fix-in-public workflowstaging labels
mentioned in merge request !174365 (merged)
mentioned in merge request !175588 (closed)
mentioned in merge request !175592 (merged)
added workflowpost-deploy-db-production label and removed workflowproduction label
added releasedcandidate label
added releasedpublished label and removed releasedcandidate label
mentioned in issue #514243