Skip to content
Snippets Groups Projects

Change default of `restrict_user_defined_variables` to `true` behind FF

1 unresolved thread

Related to: #502382

Today restrict_user_defined_variables is set to false by default, meaning that all developers are allowed to pass pipeline variables when creating pipelines. This default setting violates the least privilege principle.

What does this MR do and why?

Set restrict_user_defined_variables to true by default.

Use pipeline_variables_minimum_override_role from the root namespace settings (pipeline_variables_default_role).

Default pipeline_variables_default_role to developer in namespace settings.

Behind an FF change_namespace_default_role_for_pipeline_variables disabled by default:

  1. disabled - pipeline_variables_default_role = developer
  2. enabled - pipeline_variables_default_role = no_one_allowed

The idea is to:

  1. Begin the rollout with the default developer role, enabling both restrict_user_defined_variables and pipeline_variables_minimum_override_role.
  2. In later milestones, use namespace migrations to enforce stricter limits, first changing the role to maintainer and eventually to no_one_allowed.

References

Please include cross links to any resources that are relevant to this MR This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Edited by Dmytro Biryukov

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Marcel Amirault requested changes

    requested changes

  • Abhilash Kotte approved this merge request

    approved this merge request

  • added pipelinetier-2 label and removed pipelinetier-1 label

  • Before you set this MR to auto-merge

    This merge request will progress on pipeline tiers until it reaches the last tier: pipelinetier-3. We will trigger a new pipeline for each transition to a higher tier.

    Before you set this MR to auto-merge, please check the following:

    • You are the last maintainer of this merge request
    • The latest pipeline for this merge request is pipelinetier-3 (You can find which tier it is in the pipeline name)
    • This pipeline is recent enough (created in the last 8 hours)

    If all the criteria above apply, please set auto-merge for this merge request.

    See pipeline tiers and merging a merge request for more details.

  • Abhilash Kotte requested review from @radbatnag

    requested review from @radbatnag

  • added 1 commit

    • fe370596 - Apply 1 suggestion(s) to 1 file(s)

    Compare with previous version

  • E2E Test Result Summary

    allure-report-publisher generated test report!

    e2e-test-on-gdk: :white_check_mark: test report for 890d1785

    expand test summary
    +------------------------------------------------------------------+
    |                          suites summary                          |
    +-------------+--------+--------+---------+-------+-------+--------+
    |             | passed | failed | skipped | flaky | total | result |
    +-------------+--------+--------+---------+-------+-------+--------+
    | Verify      | 96     | 0      | 34      | 0     | 130   | ✅     |
    | Plan        | 164    | 0      | 16      | 0     | 180   | ✅     |
    | Govern      | 160    | 0      | 24      | 0     | 184   | ✅     |
    | Fulfillment | 4      | 0      | 14      | 0     | 18    | ✅     |
    | Create      | 270    | 0      | 40      | 0     | 310   | ✅     |
    | Data Stores | 66     | 0      | 20      | 0     | 86    | ✅     |
    | Release     | 10     | 0      | 2       | 0     | 12    | ✅     |
    | ModelOps    | 0      | 0      | 2       | 0     | 2     | ➖     |
    | Monitor     | 16     | 0      | 24      | 0     | 40    | ✅     |
    | Package     | 50     | 0      | 26      | 0     | 76    | ✅     |
    | Analytics   | 4      | 0      | 0       | 0     | 4     | ✅     |
    | Manage      | 2      | 0      | 18      | 0     | 20    | ✅     |
    | Configure   | 0      | 0      | 6       | 0     | 6     | ➖     |
    | Secure      | 8      | 0      | 6       | 0     | 14    | ✅     |
    | Growth      | 0      | 0      | 4       | 0     | 4     | ➖     |
    | Ai-powered  | 0      | 0      | 4       | 0     | 4     | ➖     |
    +-------------+--------+--------+---------+-------+-------+--------+
    | Total       | 850    | 0      | 240     | 0     | 1090  | ✅     |
    +-------------+--------+--------+---------+-------+-------+--------+

    e2e-test-on-cng: :white_check_mark: test report for 890d1785

    expand test summary
    +------------------------------------------------------------------+
    |                          suites summary                          |
    +-------------+--------+--------+---------+-------+-------+--------+
    |             | passed | failed | skipped | flaky | total | result |
    +-------------+--------+--------+---------+-------+-------+--------+
    | Plan        | 82     | 0      | 8       | 0     | 90    | ✅     |
    | Release     | 5      | 0      | 1       | 0     | 6     | ✅     |
    | Create      | 136    | 0      | 19      | 1     | 155   | ✅     |
    | Monitor     | 8      | 0      | 12      | 0     | 20    | ✅     |
    | Data Stores | 33     | 0      | 10      | 0     | 43    | ✅     |
    | Verify      | 49     | 0      | 16      | 0     | 65    | ✅     |
    | Package     | 24     | 0      | 14      | 0     | 38    | ✅     |
    | Configure   | 0      | 0      | 3       | 0     | 3     | ➖     |
    | Govern      | 82     | 0      | 10      | 1     | 92    | ✅     |
    | Growth      | 0      | 0      | 2       | 0     | 2     | ➖     |
    | Manage      | 1      | 0      | 9       | 0     | 10    | ✅     |
    | Analytics   | 2      | 0      | 0       | 1     | 2     | ✅     |
    | ModelOps    | 0      | 0      | 1       | 0     | 1     | ➖     |
    | Secure      | 2      | 0      | 5       | 0     | 7     | ✅     |
    | Fulfillment | 2      | 0      | 7       | 1     | 9     | ✅     |
    | Ai-powered  | 0      | 0      | 2       | 0     | 2     | ➖     |
    +-------------+--------+--------+---------+-------+-------+--------+
    | Total       | 426    | 0      | 119     | 4     | 545   | ✅     |
    +-------------+--------+--------+---------+-------+-------+--------+
  • Marcel Amirault approved this merge request

    approved this merge request

  • Dmytro Biryukov added 1181 commits

    added 1181 commits

    Compare with previous version

  • Radamanthus Batnag approved this merge request

    approved this merge request

  • Radamanthus Batnag resolved all threads

    resolved all threads

  • Radamanthus Batnag enabled automatic add to merge train when checks pass

    enabled automatic add to merge train when checks pass

  • 🤖 GitLab Bot 🤖 resolved all threads

    resolved all threads

  • !171424 (comment 2189603320)

    @dbiryukov I added typebug label - please update if that is incorrect!

    Edited by Radamanthus Batnag
  • Dmytro Biryukov aborted automatic add to merge train because the source branch was updated. Learn more.

    aborted automatic add to merge train because the source branch was updated. Learn more.

  • added 1 commit

    • f1ec61d8 - Force restrict_user_defined_variables to be false

    Compare with previous version

  • Dmytro Biryukov reset approvals from @marcel.amirault and @radbatnag by pushing to the branch

    reset approvals from @marcel.amirault and @radbatnag by pushing to the branch

  • Dmytro Biryukov
  • added 1 commit

    • 490a1d0d - Disable resriction of user defined variables on pipeline trigger spec

    Compare with previous version

  • added 1 commit

    • dd4a823d - Disable restrict_user_defined_variables for UpdateService spec

    Compare with previous version

  • added 1 commit

    • 76e3034e - Disable restrict_user_defined_variables for paritioning spec

    Compare with previous version

  • added 1 commit

    • 3a11d045 - Fix associations and play build specs

    Compare with previous version

  • added 1 commit

    • dd280199 - Address multiple controllers/services tests with removed restriction on user defined vars

    Compare with previous version

  • added 1 commit

    • 52f3022e - Address multiple controllers/services tests with removed restriction on user defined vars

    Compare with previous version

  • Dmytro Biryukov added 2 commits

    added 2 commits

    • e9b0754c - Address more tests with removed restriction on user defined vars
    • c81590e8 - Address more tests with removed restriction on user defined vars

    Compare with previous version

  • A deleted user added QA label

    added QA label

  • Ghost User
  • added 1 commit

    Compare with previous version

  • added 1 commit

    Compare with previous version

  • added 1 commit

    • 2c239212 - Set projects factory with default restrict_user_defined_variables false

    Compare with previous version

  • added 1 commit

    Compare with previous version

    • Resolved by Fabio Pitino

      The default settings of restrict_user_defined_variables create numerous dependencies across different tests:

      1. I've resolved most of the issues by using before do project.update!(restrict_user_defined_variables: false)
      2. Additionally, a few QA tests are still failing because this setting needs to be adjusted either by modifying the project settings through UI steps or by stubbing it with a different value, though it’s unclear if stubbing is feasible.

      Failing QA tests:

      1. qa/qa/specs/features/browser_ui/4_verify/ci_variable/ui_variable_inheritable_when_forward_pipeline_variables_true_spec.rb
      2. qa/qa/specs/features/browser_ui/4_verify/ci_variable/custom_variable_spec.rb

      Instead of addressing all the unit tests with:

      before do
        project.update!(restrict_user_defined_variables: false)
      end

      We can set by default a project factory with restrict_user_defined_variables = false

      @fabiopitino Please take a look. What do you think about failing QA tests?

  • requested review from @fabiopitino

  • added 1 commit

    • d25651bf - Do not restrict_defined_variables on qa specs

    Compare with previous version

  • added 1 commit

    • 2c0d2065 - Move restrict_user_defined_variables update to REST

    Compare with previous version

  • added 1 commit

    • 06f4b798 - sign_in as a maintainer user

    Compare with previous version

  • added 1 commit

    Compare with previous version

  • Dmytro Biryukov added 2 commits

    added 2 commits

    • 5b12ddb4 - Change restrict user defined variables
    • 7581e96a - Set restrict user defined variables to false on upstream

    Compare with previous version

  • added 1 commit

    Compare with previous version

  • added 1 commit

    Compare with previous version

  • added 1 commit

    • 2440da99 - Sign in as admin in custom variables spec

    Compare with previous version

  • added 1 commit

    Compare with previous version

  • added 1 commit

    • 8764d70a - Sign in as admin on shared context

    Compare with previous version

  • added 1 commit

    Compare with previous version

  • added 1 commit

    • c86602b1 - Rename FF and update tests with change role fix

    Compare with previous version

  • added 1 commit

    • e9c896ed - Update requests mutation Job::Play spec with change role fix to maintainer

    Compare with previous version

  • added 1 commit

    • 696c4558 - Change override role instead of user_defined_Variables restriction

    Compare with previous version

  • Dmytro Biryukov changed the description

    changed the description

  • added 1 commit

    • e5444cb9 - Introduce namespace settings pipeline_variables_default_role

    Compare with previous version

  • Ghost User
  • Ghost User
  • Dmytro Biryukov added 920 commits

    added 920 commits

    Compare with previous version

  • Dmytro Biryukov added 23 commits

    added 23 commits

    Compare with previous version

  • added 1 commit

    Compare with previous version

  • Dmytro Biryukov changed the description

    changed the description

  • Dmytro Biryukov added 11 commits

    added 11 commits

    Compare with previous version

  • requested review from @fabiopitino

  • Database migrations (on the main database)

    1 Warnings
    :warning: 20241112055215 - AddPipelineVariablesDefaultRoleToNamespaceSettings had a query that
    exceeded timing guidelines. Run time should not exceed 100ms, but it was 21426.15ms. Please
    consider possible options to improve the query performance.
    ALTER TABLE namespace_settings
    VALIDATE CONSTRAINT check_1daa2f02ed

    Migrations included in this change have been executed on gitlab.com data for testing purposes. For details, please see the migration testing pipeline (limited access).

    Migration Type Total runtime Result DB size change
    20241112055215 - AddPipelineVariablesDefaultRoleToNamespaceSettings Regular 26.7 s :warning: +0.00 B
    Runtime Histogram for all migrations
    Query Runtime Count
    0 seconds - 0.01 seconds 0
    0.01 seconds - 0.1 seconds 4
    0.1 seconds - 1 second 1
    1 second - 5 seconds 0
    5 seconds - 15 seconds 0
    15 seconds - 5 minutes 1
    5 minutes + 0

    :warning: Migration: 20241112055215 - AddPipelineVariablesDefaultRoleToNamespaceSettings

    • Type: Regular
    • Duration: 26.7 s
    • Database size change: +0.00 B
    Calls Total Time Max Time Mean Time Rows Query
    1 21426.2 ms 21426.2 ms 21426.2 ms 0
    ALTER TABLE namespace_settings VALIDATE CONSTRAINT check_1daa2f02ed
    1 8.0 ms 8.0 ms 8.0 ms 0
    ALTER TABLE "namespace_settings" ADD "pipeline_variables_default_role" text DEFAULT 'developer'
    1 0.5 ms 0.5 ms 0.5 ms 0
    ALTER TABLE namespace_settings ADD CONSTRAINT check_1daa2f02ed CHECK ( char_length(pipeline_variables_default_role) <= 32 ) NOT VALID
    2 0.0 ms 0.0 ms 0.0 ms 2
    SELECT pg_backend_pid()
    1 0.0 ms 0.0 ms 0.0 ms 1
    SELECT $1::regtype::oid
    Histogram for AddPipelineVariablesDefaultRoleToNamespaceSettings
    Query Runtime Count
    0 seconds - 0.01 seconds 0
    0.01 seconds - 0.1 seconds 4
    0.1 seconds - 1 second 1
    1 second - 5 seconds 0
    5 seconds - 15 seconds 0
    15 seconds - 5 minutes 1
    5 minutes + 0

    Other information

    Other migrations pending on GitLab.com
    Migration Type Total runtime Result DB size change
    20241104090601 - AddIsKnownExploitToPmCveEnrichment Regular 5.3 s :white_check_mark: +0.00 B
    20241105150912 - AddProjectEventsToWebHooks Regular 5.9 s :white_check_mark: +0.00 B
    20241107131541 - AddUserSeatManagementToApplicationSettings Regular 4.4 s :white_check_mark: +0.00 B
    20241107180528 - AddCursorsToBatchedBackgroundMigrationJobs Regular 4.4 s :white_check_mark: +0.00 B
    20241107180531 - AddCursorsToBatchedBackgroundMigrations Regular 5.0 s :white_check_mark: +0.00 B
    20241107180533 - AddIdsOrCursorsConstraintToBatchedBackgroundMigrationJobs Regular 5.8 s :warning: +0.00 B
    20241107180537 - AddIdsOrCursorsConstraintToBatchedBackgroundMigrations Regular 5.2 s :white_check_mark: +0.00 B
    20241107180541 - RemoveValuesNotNullConstraintsFromBatchedBackgroundMigrationJobs Regular 4.2 s :white_check_mark: +0.00 B
    20241107180543 - RemoveValuesNotNullConstraintsFromBatchedBackgroundMigrations Regular 4.2 s :white_check_mark: +0.00 B
    20241108192945 - AddWorkItemTypesOldIdColumn Regular 4.4 s :white_check_mark: +0.00 B
    20241028135334 - UpdatePostgresSequencesView2 Post deploy 4.6 s :white_check_mark: +0.00 B
    20241103164158 - MigrateSoftwareLicenseWithoutSpdxIdentifierToCustomLicensesTable Post deploy 1292.7 s :warning: +3.85 MiB
    20241104212609 - AddIndexOnMembersSourceAccessLevelMemberRole Post deploy 66.6 s :white_check_mark: +1.21 GiB
    20241105232559 - FinalizeBackfillDesignManagementVersionsNamespaceId Post deploy 5.3 s :white_check_mark: +0.00 B
    20241106092213 - SyncForeignKeyValidationForPipelinesUpstreamPipelineId Post deploy 8.7 s :white_check_mark: +8.00 KiB [note]
    20241106163530 - AllowNullForPlanLimitsRepositorySize Post deploy 4.4 s :white_check_mark: +0.00 B
    20241106163630 - UpdateDefaultPlanLimitsRepositorySize Post deploy 5.1 s :white_check_mark: +0.00 B
    20241106163900 - SetExistingPlanLimitsRepositorySizeToNull Post deploy 4.1 s :white_check_mark: +0.00 B
    20241107064635 - QueueBackfillCiRunnerMachinesPartitionedTable Post deploy 4.0 s :white_check_mark: +0.00 B
    20241107180535 - AddJsonbArrayConstraintsToBatchedBackgroundMigrationJobs Post deploy 5.6 s :warning: +0.00 B
    20241107180539 - AddJsonbArrayConstraintsToBatchedBackgroundMigrations Post deploy 5.2 s :white_check_mark: +0.00 B
    20241107180545 - IndexBackgroundMigrationJobsOnMigrationIdAndMaxCursor Post deploy 5.6 s :white_check_mark: +8.00 KiB [note]
    20241107232543 - FinalizeBackfillIssueLinksNamespaceId Post deploy 5.1 s :white_check_mark: +0.00 B
    20241107232848 - FinalizeBackfillOperationsFeatureFlagsIssuesProjectId Post deploy 4.8 s :white_check_mark: +0.00 B
    20241108105453 - EnsureIdUniquenessForPCiPipelines Post deploy 5.1 s :white_check_mark: +0.00 B
    20241108205025 - SetWorkItemTypesOldId Post deploy 4.4 s :white_check_mark: +0.00 B
    20241109084629 - AddDependencyListExportsProjectIdGroupIdOrganizationIdNotNull Post deploy 5.2 s :white_check_mark: +0.00 B
    20241110232543 - FinalizeBackfillMergeRequestBlocksProjectId Post deploy 4.8 s :white_check_mark: +0.00 B
    Clone details
    Clone ID Clone Created At Clone Data Timestamp Expected Removal Time
    database-testing-3880554-16005167-main 2024-11-12T13:00:55Z 2024-11-09T02:08:37Z 2024-11-13 01:38:46 +0000
    database-testing-3880554-16005167-ci 2024-11-12T13:00:54Z 2024-11-11T16:17:16Z 2024-11-13 01:38:46 +0000

    Job artifacts

    Database migrations (on the ci database)

    Migrations included in this change have been executed on gitlab.com data for testing purposes. For details, please see the migration testing pipeline (limited access).

    Migration Type Total runtime Result DB size change
    20241112055215 - AddPipelineVariablesDefaultRoleToNamespaceSettings Regular 7.7 s :white_check_mark: +0.00 B
    Runtime Histogram for all migrations
    Query Runtime Count
    0 seconds - 0.01 seconds 0
    0.01 seconds - 0.1 seconds 4
    0.1 seconds - 1 second 2
    1 second - 5 seconds 0
    5 seconds - 15 seconds 0
    15 seconds - 5 minutes 0
    5 minutes + 0

    Migration: 20241112055215 - AddPipelineVariablesDefaultRoleToNamespaceSettings

    • Type: Regular
    • Duration: 7.7 s
    • Database size change: +0.00 B
    Calls Total Time Max Time Mean Time Rows Query
    1 2.2 ms 2.2 ms 2.2 ms 0
    ALTER TABLE "namespace_settings" ADD "pipeline_variables_default_role" text DEFAULT 'developer'
    1 0.8 ms 0.8 ms 0.8 ms 0
    ALTER TABLE namespace_settings ADD CONSTRAINT check_1daa2f02ed CHECK ( char_length(pipeline_variables_default_role) <= 32 ) NOT VALID
    1 0.4 ms 0.4 ms 0.4 ms 0
    ALTER TABLE namespace_settings VALIDATE CONSTRAINT check_1daa2f02ed
    2 0.0 ms 0.0 ms 0.0 ms 2
    SELECT pg_backend_pid()
    1 0.0 ms 0.0 ms 0.0 ms 1
    SELECT $1::regtype::oid
    Histogram for AddPipelineVariablesDefaultRoleToNamespaceSettings
    Query Runtime Count
    0 seconds - 0.01 seconds 0
    0.01 seconds - 0.1 seconds 4
    0.1 seconds - 1 second 2
    1 second - 5 seconds 0
    5 seconds - 15 seconds 0
    15 seconds - 5 minutes 0
    5 minutes + 0

    Other information

    Other migrations pending on GitLab.com
    Migration Type Total runtime Result DB size change
    20241104090601 - AddIsKnownExploitToPmCveEnrichment Regular 7.5 s :white_check_mark: +0.00 B
    20241105150912 - AddProjectEventsToWebHooks Regular 6.6 s :white_check_mark: +8.00 KiB [note]
    20241107131541 - AddUserSeatManagementToApplicationSettings Regular 6.5 s :white_check_mark: +0.00 B
    20241108192945 - AddWorkItemTypesOldIdColumn Regular 6.4 s :white_check_mark: +0.00 B
    20241028135334 - UpdatePostgresSequencesView2 Post deploy 6.5 s :white_check_mark: +0.00 B
    20241104212609 - AddIndexOnMembersSourceAccessLevelMemberRole Post deploy 8.9 s :white_check_mark: +8.00 KiB [note]
    20241106163530 - AllowNullForPlanLimitsRepositorySize Post deploy 6.4 s :white_check_mark: +0.00 B
    20241106163630 - UpdateDefaultPlanLimitsRepositorySize Post deploy 6.6 s :white_check_mark: +0.00 B
    20241106163900 - SetExistingPlanLimitsRepositorySizeToNull Post deploy 6.2 s :white_check_mark: +0.00 B
    20241108205025 - SetWorkItemTypesOldId Post deploy 6.5 s :white_check_mark: +0.00 B
    20241109084629 - AddDependencyListExportsProjectIdGroupIdOrganizationIdNotNull Post deploy 7.2 s :white_check_mark: +0.00 B
    20241110232543 - FinalizeBackfillMergeRequestBlocksProjectId Post deploy 6.1 s :white_check_mark: +0.00 B
    Clone details
    Clone ID Clone Created At Clone Data Timestamp Expected Removal Time
    database-testing-3880554-16005167-main 2024-11-12T13:00:55Z 2024-11-09T02:08:37Z 2024-11-13 01:38:46 +0000
    database-testing-3880554-16005167-ci 2024-11-12T13:00:54Z 2024-11-11T16:17:16Z 2024-11-13 01:38:46 +0000

    Job artifacts


    Brought to you by gitlab-org/database-team/gitlab-com-database-testing. Epic

    Edited by ****
  • :tools: Generated by gitlab_quality-test_tooling.


    :snail: Slow tests detected in this merge request. These slow tests might be related to this merge request's changes.

    Click to expand
    Job File Name Duration Expected duration
    #8334607406 spec/lib/gitlab/database/decomposition/migrate_spec.rb#L103 Gitlab::Database::Decomposition::Migrate#process! when the checks pass copies main database to ci database 27.94 s < 27.12 s
    #8449529395 spec/lib/gitlab/database/decomposition/migrate_spec.rb#L103 Gitlab::Database::Decomposition::Migrate#process! when the checks pass copies main database to ci database 29.64 s < 27.12 s
  • A deleted user added rspec:slow test detected label
  • added 1 commit

    • 4ba5896b - Refactor namespace variables default role migration to enum

    Compare with previous version

  • added 1 commit

    • 9059b166 - Adjust default role reference from namespace to namespace_settings

    Compare with previous version

  • added 1 commit

    • dd576338 - Validate default pipeline variabe role on namespace settings

    Compare with previous version

  • Ghost User
  • added 1 commit

    • 884ce4c8 - Restore nil allownace for the role on namespace

    Compare with previous version

  • added 1 commit

    • e05cf5aa - Move FF to namespace_settings and use no_one_allowed as default role

    Compare with previous version

  • added 1 commit

    Compare with previous version

  • added 1 commit

    Compare with previous version

  • requested review from @fabiopitino

  • Dmytro Biryukov changed the description

    changed the description

  • Fabio Pitino
  • Fabio Pitino
  • Fabio Pitino
  • Fabio Pitino
  • Marcel Amirault
  • Marcel Amirault requested changes

    requested changes

  • Marcel Amirault mentioned in merge request !154510 (merged)

    mentioned in merge request !154510 (merged)

  • changed milestone to %17.7

  • Marcel Amirault mentioned in merge request !173278 (merged)

    mentioned in merge request !173278 (merged)

  • Dmytro Biryukov added 2211 commits

    added 2211 commits

    • 5627d987...9cd2b396 - 2210 commits from branch master
    • 764367fb - Change default of `restrict_user_defined_variables` to `true` behind FF

    Compare with previous version

  • added 1 commit

    • edbf6ca2 - Remove change_restrict_user_defined_variables

    Compare with previous version

  • added 1 commit

    Compare with previous version

  • added 1 commit

    • 80e50174 - Change restrict user defined variables on upstream and downstream projects

    Compare with previous version

  • added 1 commit

    • 1106a3dc - Add admin users to upstream and group

    Compare with previous version

  • added 1 commit

    Compare with previous version

  • added 1 commit

    Compare with previous version

  • added 1 commit

    Compare with previous version

  • added 1 commit

    • 06800a3f - Update role to developer on pipeline spec

    Compare with previous version

  • added 1 commit

    • 06800a3f - Update role to developer on pipeline spec

    Compare with previous version

  • added 1 commit

    • 06800a3f - Update role to developer on pipeline spec

    Compare with previous version

  • added 1 commit

    • 06800a3f - Update role to developer on pipeline spec

    Compare with previous version

  • added 1 commit

    • 9b2e5a03 - Leave only enum validation on namespace settings

    Compare with previous version

  • added 1 commit

    • ece6bf07 - Define DEVELOPER_ROLE in the transaction

    Compare with previous version

  • added 1 commit

    Compare with previous version

  • Dmytro Biryukov added 2 commits

    added 2 commits

    Compare with previous version

  • added 1 commit

    Compare with previous version

  • added 1 commit

    • 40393d29 - Safeguard project and namespace

    Compare with previous version

  • added 1 commit

    • 42540c4e - Change default of `restrict_user_defined_variables` to `true` behind FF

    Compare with previous version

  • added 1 commit

    • 98836d4d - replace after_initialize with before_create

    Compare with previous version

  • Dmytro Biryukov added 824 commits

    added 824 commits

    Compare with previous version

  • Dmytro Biryukov added 2 commits

    added 2 commits

    • 63c0756e - Adjust qa tests with minimum_override_role developer
    • 352017a3 - Adjust qa tests with minimum_override_role developer

    Compare with previous version

  • added 1 commit

    • ac32ec31 - Align downstream projects to developer role

    Compare with previous version

  • added 1 commit

    • 21e68e94 - Move Chain Associations to 4th line

    Compare with previous version

  • added 1 commit

    • 5edca513 - Remove safeguard on project and namespace

    Compare with previous version

  • added 1 commit

    • 464167e3 - Remove guarding around root_namespace

    Compare with previous version

  • Ghost User
  • Ghost User
  • @fabiopitino I have addressed all the suggestions and questions, please take a look again.

    1. Updated documentation.
    2. Updated pipeline_variables_default_role in namespace_settings to align with SSoT compliance referencing it to ProjectCiCdSettings
    3. Replaced after_initialize with before_create
    4. Refactored tests
  • requested review from @fabiopitino

  • added 1 commit

    • 64ac657a - Apply 1 suggestion(s) to 1 file(s)

    Compare with previous version

  • added 1 commit

    • 88bbfec3 - Apply 1 suggestion(s) to 1 file(s)

    Compare with previous version

  • added 1 commit

    • cd2bec87 - Apply 1 suggestion(s) to 1 file(s)

    Compare with previous version

  • Ghost User
  • Ghost User
  • added 1 commit

    • 833d7728 - Remove restrict_user_defined_variables update to true in tests

    Compare with previous version

  • added 1 commit

    • 5d0a3cbd - Remove with_namespace_settings

    Compare with previous version

  • added 1 commit

    • 1d2f8418 - Change default of `restrict_user_defined_variables` to `true` behind FF

    Compare with previous version

  • added 1 commit

    • ae484c5f - Fallback to default if no namespace settings defined, address tests accordingly

    Compare with previous version

  • Dmytro Biryukov added 434 commits

    added 434 commits

    • ae484c5f...d7eedad5 - 433 commits from branch master
    • b52b1c30 - Change default of `restrict_user_defined_variables` to `true` behind FF

    Compare with previous version

  • Ghost User
  • added 1 commit

    • 1bc85dfc - Fix namespace and project_policy specs

    Compare with previous version

  • added 1 commit

    Compare with previous version

  • added 1 commit

    • 1ffb1c9b - Apply 1 suggestion(s) to 1 file(s)

    Compare with previous version

  • requested review from @fabiopitino

  • added 1 commit

    • 8a6164ba - Remove unneeded RSpec prefix

    Compare with previous version

  • Dmytro Biryukov added 889 commits

    added 889 commits

    • 8a6164ba...313567ac - 888 commits from branch master
    • a97a6368 - Change default of `restrict_user_defined_variables` to `true` behind FF

    Compare with previous version

  • added 1 commit

    • 4d3399d0 - Restore set_default_values, removed by mistake on conflict resolution

    Compare with previous version

  • added 1 commit

    • 4c157085 - Rename set_default_values to set_pipeline_variables_default_role

    Compare with previous version

  • Fabio Pitino
  • Fabio Pitino mentioned in issue #508323

    mentioned in issue #508323

  • added 1 commit

    • 5cc271f4 - This method was previously mixed with the default set callback, but with the...

    Compare with previous version

  • Ghost User
  • Ghost User
  • added 1 commit

    • 890d1785 - Add a notice about possible breaking change for self-hosted and dedicated

    Compare with previous version

  • requested review from @bmarjanovic

  • Bojan Marjanovic approved this merge request

    approved this merge request

  • Bojan Marjanovic requested review from @stomlinson and removed review request for @bmarjanovic

    requested review from @stomlinson and removed review request for @bmarjanovic

  • Fabio Pitino approved this merge request

    approved this merge request

  • Dmytro Biryukov requested review from @jarka

    requested review from @jarka

  • Dmytro Biryukov removed review request for @stomlinson

    removed review request for @stomlinson

  • Jarka Košanová approved this merge request

    approved this merge request

  • Jarka Košanová resolved all threads

    resolved all threads

  • Thanks @dbiryukov , approving and setting auto-merge :rocket:

  • Jarka Košanová bypassed reviews on this merge request

    bypassed reviews on this merge request

  • Jarka Košanová enabled automatic add to merge train when checks pass

    enabled automatic add to merge train when checks pass

  • mentioned in commit 9c13c660

  • Hello @dbiryukov :wave:

    The database team is looking for ways to improve the database review process and we would love your help!

    If you'd be open to someone on the database team reaching out to you for a chat, or if you'd like to leave some feedback asynchronously, just post a reply to this comment mentioning:

    @gitlab-org/database-team

    And someone will be by shortly!

    Thanks for your help! :heart:

    This message was generated automatically. Improve it or delete it.

  • Kev Kloss mentioned in merge request !174365 (merged)

    mentioned in merge request !174365 (merged)

  • Kev Kloss mentioned in merge request !175588 (closed)

    mentioned in merge request !175588 (closed)

  • Dmytro Biryukov mentioned in merge request !175592 (merged)

    mentioned in merge request !175592 (merged)

  • Fabio Pitino mentioned in issue #514243

    mentioned in issue #514243

  • Please register or sign in to reply
    Loading