Add latest changes from gitlab-org/gitlab@12-3-stable-ee

CHANGELOG-EE.md

 Please view this file on the master branch, on stable branches it's out of date.
 
+## 12.3.0
+
+### Security (3 changes)
+
+- Limit number of jobs in running pipelines for the past hour on per plan basis. !1182
+- Filter out old system notes for epics in notes api endpoint response.
+- Do not allow creation of projects from group templates if project is not descendant of that group.
+
+### Removed (1 change)
+
+- Remove Ruby Elasticsearch indexer. !15641
+
+### Fixed (53 changes, 5 of them are from the community)
+
+- LDAP group sync: check parent group membership and improve performance. !13435 (Alex Lossent)
+- Added a migration which fixes discussions for existing promoted epics. !14708
+- Fix Docker Registry access when Group SAML session enforcement is active. !14843
+- Fix missing borders between settings items. !14877
+- SCIM uses fallbacks when name.formatted not present. !14878
+- Fix visibility of link to dependency-list in project sidebar based on permissions. !15066
+- Hide info for unlicensed projects on Ops Dashboard. !15099
+- Fix focus-visibility of vulnerability-actions within security dashboard. !15115
+- Resolve Design viewer does not respect version. !15119
+- Fix bug to display alert menu correctly in dashboards. !15261
+- Allow developer role to access group-level templates when creating a new project. !15364
+- Maintain related issues after moving issue. !15391
+- Fix the documentation link on the empty Dependency List page. !15402
+- Fix broken docs link on security dashboard. !15404
+- Change epics count in sidebar to only count open epics. !15459
+- Include ancestor group labels in autocomplete for epics. !15460
+- Enable target users across all feature flag environment scopes. !15500
+- Change payload for comparing security reports in MR widget. !15531
+- Add space between CI usage warning messages. !15563 (briankabiro)
+- Make sure groups with templates finder returns subgroups. !15631
+- Properly delete files when a package is removed. !15634
+- Fix x-axis burndown chart offset by timezone. !15690
+- Resolve SRV records for DB load balancing. !15691
+- Ensure all CI minutes used are reset for all namespaces and relative projects. !15744
+- Show proper error in SCIM create user endpoint. !15756
+- Update permissions on Dependency List page. !15771
+- Allow ancestor group milestones in issue board scope. !15858
+- Show weight on new board issue. !16028 (Lee Tickett)
+- Do not show 'automatically removed' suffix for manually removed labels. !16079
+- Link to the embedded doc in the Geo callout about hashed storage. !16114
+- Fix LFS authentication URL in EE. !16146
+- Prevent project's approval rules having same name. !16216
+- Fix create issue for container scanning from security dashboard. !16226
+- Add current_user to security report comparison services. !16252
+- Fix setting of weight of a new issue in board list. !16299
+- Update ExternalPullRequest on :synchronize action to ensure source_sha is updated locally. !16318
+- Fix wrong tier error message for Operations dashboard. !16319
+- Perform case insensitive diff on license names. !16335
+- Moves Buy additional minutes button to the pipelines tab. !16443
+- Update GitHub Importer Personal Access Token field description for CI/CD projects only to reflect latest OAuth changes. !16453
+- Use Pull Request number instead of internal Pull Request ID. !16504
+- Fix service desk emails not creating issues intermittently. !16577
+- Reinitialize metrics files on webserver master process start. !16623
+- Fix the group's epic page. The Paste issue link placeholder shown as 'undefinedundefinedundefined' in Chinese environment. And the error message showed nothing. !16628 (wdmcheng)
+- Fix issue redirects going to /issues/:id/designs. !16638
+- Eliminate analytics feature flag requirement for /analytics routes. !16663
+- Match environment names case insensitively for feature flag spec search. !16691
+- Fix merge request redirects going to /commits page. !16705
+- Align text color for edited with issue/mr. !16721
+- Added Packages top item to the group level packages fly out navigation menu. !16791
+- Restores data for assignee changes in merge request webhooks. !16812 (Jesse Hall @jessehall3)
+- Fix alignment of comments count in issue and MR lists. !16829
+- Wait until pipeline is completed before checking for software license violations. !16853
+
+### Changed (27 changes, 1 of them is from the community)
+
+-  Geo: Refactor data-sources to allow for replication of content in Object Storage. !13997
+- Improve UX multi assignees in MR. !14851
+- Add ability to block API pushes to protected branches when contents match CODEOWNERS rule. !14900
+- Add browser notications to add/edit/delete vulnability dismissal reasons. !15015
+- Geo: Add orphaned project registry cleaner. !15021
+- Update Security Dashboard for improved usability. !15050
+- Present SAST report comparison logic to backend. !15114
+- Ensure design notifications are sent. !15250
+- Apply the group setting "Restrict access by IP address" to API requests. !15282
+- Hide boards-switcher on group boards. !15293 (briankabiro)
+- Group Security Dashboard shows projects with security reports only. !15334
+- Use GlEmptyState component for design management empty state. !15374
+- DB Load Balancing: Log Prometheus current number of hosts and current index. !15440
+- Clarify SSO enforcement setting behaviour. !15533
+- DB Load Balancing: Support SRV lookups. !15558
+- Add status checking behaviors to pipeline triggers. !15580
+- Only show Service Desk email address to project members. !15676
+- Use static status check names on GitHub integrations. !15737
+- Display the Security Dashboard in the Security tab of the pipeline view. !15824
+- Remove primary button from feature flags empty state and update text. !15841
+- Extend License Compliance entity for Pipelines and MR view. !15957
+- Improve DB load balancing log to log host offline due to replication lag. !15995
+- Eliminating `analytics` feature flag and introduce separate feature flags for Analytics features. !16102
+- Add asterisk to name field in new feature flag form. !16248
+- Update Container Scanning job template, use klar image. !16342
+- Improve projects list page UI. !16656
+- Add user feedback to exit routine of onboarding tour.
+
+### Performance (2 changes)
+
+- Send only necessary fields on mr-widget auto-refresh. !15495
+- Two step Routable lookup. !16621
+
+### Added (46 changes, 1 of them is from the community)
+
+- Public project-level approval rule API. !13895
+- Support reordering issues and epics using Drag&Drop. !14565
+- Add deletion support for designs. !14656
+- Add Epics select dropdown to Issue sidebar. !14763
+- Edit delete vuln dismissal message. !14770
+- add Productivity Analytics page with basic charts. !14772
+- Add License information to the Dependency List based on current license rules. !14905
+- Adds an api to generate suggestions for username. !15048
+- Add Upgrade button to the User Billing page. !15075
+- Enable "only/except: external_pull_request" with GitHub integration when a pull request is open for the given ref. !15082
+- Allow to filter epics by timeframe or state using GraphQL. !15110
+- Support restricting group access by multiple IP subnets. !15142
+- Merge License info to Dependency List report. !15157
+- Add Licenses info into Dependencies response. !15160
+- Add 'License-Check' approval rule to enforce license compliance policy. !15196
+- Added a toggle to show/hide dismissed vulnerabilities in the security dashboard. !15333
+- Add audit event for archiving & unarchiving projects. !15362
+- Pressing the Escape key now closes designs in Design Management. !15379
+- Expose a count of Notes for a Design in a new notes_count property of DesignType in GraphQL. !15433
+- Implement public MR-level approval rules API. !15441
+- Cancel redundant merge train pipelines. !15450
+- Add vulnerabilities to Dependencies API. !15485
+- Expose a new events property of DesignType in GraphQL that represents the change that happened to a Design within a given version. !15561
+- Add new layout for trial. !15630
+- Track repository pushes as audit events. !15667
+- Create Metadata/Tags table. !15770
+- Allow SmartCard authentication to use SAN extensions. !15773
+- Maximum Users metric in Admin Dashboard includes current active user count. !15810
+- Public MR-level approval state API endpoint. !15859
+- Add secondary lag message on Git push over HTTP. !15901
+- Expose epic_iid in issues API. !15998
+- Refresh license approval check when a license is blacklisted. !16070
+- Disable editing of the 'License-Check' approval rule name. !16149
+- Implement Cluster Environments polling. !16316
+- Support creating project from template via API. !16352
+- Add link to additional shared minutes from pipeline quote overview. !16389
+- Add audit events for protected branches. !16399
+- Geo: Exit LogCursor if it has been failing for too long. !16408
+- Implement design comment counts and current-version status icon indicator. !16416
+- Track page view counts for Cycle Analytics and Productivity Analytics features. !16431
+- Update release blocks to support association of milestones. !16562
+- Set default whitespace diff behaviour. !16570 (Lee Tickett)
+- Implement `/zoom` and `/remove_zoom` quick actions. !16609
+- Add Snowplow click tracking for issue sidebar. !16833
+- Upgrade pages to 1.9.0.
+- Adds total usage information to the usage quotas page.
+
+### Other (27 changes, 8 of them are from the community)
+
+- Update Pipelines Minutes expiry banner to Alert Component. !14786
+- Add internal API for group cluster environments. !15096
+- Rename approval rule. !15140
+- Productivity Analytics: Add error handling for reporting on groups which have no plan. !15291
+- Convert Issue Analytics chart into ECharts. !15389
+- Display group's full name when creating a project from custom group-level project templates. !15392
+- Only in ee available selection entries in user settings adapted to match ce. !15452 (Marc Schwede)
+- Rename Approvers field and modal title. !15461
+- Add a tooltip to Add Designs button. !15471
+- Show the paths for groups in groups dropdown. !15513
+- Turn epic dates into one clickable block. !15722 (Lee Tickett)
+- Add default route for admin/geo. !15726 (Lee Tickett)
+- Improve unapproved MR merge button text. !15745 (Lee Tickett)
+- Update the ES indexer to v1.3.0. !15821
+- Groups dropdown: Fix group styles in dropdown. !15839
+- Document SRV handling for DB load balancing. !16000
+- Internationalization of shared/promotions/_promote_audit_events.html.haml. !16033 (Takuya Noguchi)
+- Remove vue-resource from service_desk_service.js. !16041 (Lee Tickett)
+- Remove unused classes for report comparison. !16045
+- Remove vue-resource from related-issues. !16057 (Lee Tickett)
+- Add CI variable for repository languages. !16477
+- SAST template that doesn't rely on Docker-in-Docker. !16487
+- Adding docs for Web IDE Default Commit Options. !16629
+- Adding top border back to snippet files. !16709
+- Remove vue-resource from drafts. (Lee Tickett)
+- Changing instance of key-modern icon to key icon.
+- Fixes style-lint errors and warnings for EE builds.scss file.
+
+
 ## 12.2.5
 
 ### Security (1 change)

VERSION

-12.3.0
+12.3.0-ee

app/assets/javascripts/jobs/components/log/duration_badge.vue

@@ -9,5 +9,7 @@ export default {
 };
 </script>
 <template>
-  <div class="duration rounded align-self-start px-2 ml-2 flex-shrink-0">{{ duration }}</div>
+  <div class="log-duration-badge rounded align-self-start px-2 ml-2 flex-shrink-0">
+    {{ duration }}
+  </div>
 </template>

app/assets/javascripts/jobs/components/log/line.vue

@@ -19,7 +19,7 @@ export default {
 </script>
 
 <template>
-  <div class="line">
+  <div class="log-line">
     <line-number :line-number="line.lineNumber" :path="path" />
     <span v-for="(content, i) in line.content" :key="i" :class="content.style">{{
       content.text

app/assets/javascripts/jobs/components/log/line_header.vue

@@ -43,7 +43,7 @@ export default {
 
 <template>
   <div
-    class="line collapsible-line d-flex justify-content-between"
+    class="log-line collapsible-line d-flex justify-content-between"
     role="button"
     @click="handleOnClick"
   >

app/assets/stylesheets/framework/job_log.scss

@@ -11,7 +11,7 @@
   background-color: $builds-trace-bg;
 }
 
-.line {
+.log-line {
   padding: 1px $gl-padding 1px $job-log-line-padding;
 }
 
@@ -40,7 +40,7 @@
   }
 }
 
-.duration {
+.log-duration-badge {
   background: $gl-gray-400;
 }
 

app/helpers/boards_helper.rb

@@ -88,7 +88,7 @@ module BoardsHelper
   end
 
   def boards_link_text
-    if multiple_boards_available?
+    if current_board_parent.multiple_issue_boards_available?
       s_("IssueBoards|Boards")
     else
       s_("IssueBoards|Board")

app/services/boards/lists/update_service.rb

@@ -4,10 +4,10 @@ module Boards
   module Lists
     class UpdateService < Boards::BaseService
       def execute(list)
-        return not_authorized if preferences? && !can_read?(list)
-        return not_authorized if position? && !can_admin?(list)
+        update_preferences_result = update_preferences(list) if can_read?(list)
+        update_position_result = update_position(list) if can_admin?(list)
 
-        if update_preferences(list) || update_position(list)
+        if update_preferences_result || update_position_result
           success(list: list)
         else
           error(list.errors.messages, 422)
@@ -32,10 +32,6 @@ module Boards
         { collapsed: Gitlab::Utils.to_boolean(params[:collapsed]) }
       end
 
-      def not_authorized
-        error("Not authorized", 403)
-      end
-
       def preferences?
         params.has_key?(:collapsed)
       end

app/views/clusters/clusters/show.html.haml

@@ -3,6 +3,7 @@
 - breadcrumb_title @cluster.name
 - page_title _('Kubernetes Cluster')
 - manage_prometheus_path = edit_project_service_path(@cluster.project, 'prometheus') if @project
+- cluster_environments_path = clusterable.environments_cluster_path(@cluster)
 
 - expanded = expanded_by_default?
 
@@ -16,7 +17,7 @@
   install_jupyter_path: clusterable.install_applications_cluster_path(@cluster, :jupyter),
   install_knative_path: clusterable.install_applications_cluster_path(@cluster, :knative),
   update_knative_path: clusterable.update_applications_cluster_path(@cluster, :knative),
-  cluster_environments_path: clusterable.environments_cluster_path(@cluster),
+  cluster_environments_path: cluster_environments_path,
   toggle_status: @cluster.enabled? ? 'true': 'false',
   has_rbac: has_rbac_enabled?(@cluster) ? 'true': 'false',
   cluster_type: @cluster.cluster_type,
@@ -37,7 +38,7 @@
   %h4= @cluster.name
   = render 'banner'
 
-  = render_if_exists 'clusters/clusters/group_cluster_environments', expanded: expanded
-
-  - unless Gitlab.ee?
+  - if cluster_environments_path.present?
+    = render_if_exists 'clusters/clusters/group_cluster_environments', expanded: expanded
+  - else
     = render 'configure', expanded: expanded

app/views/shared/issuable/_search_bar.html.haml

@@ -6,7 +6,7 @@
 
 .issues-filters{ class: ("w-100" if type == :boards_modal) }
   .issues-details-filters.filtered-search-block.d-flex.flex-column.flex-md-row{ class: block_css_class, "v-pre" => type == :boards_modal }
-    - if type == :boards && (multiple_boards_available? || current_board_parent.boards.size > 1)
+    - if type == :boards
       = render "shared/boards/switcher", board: board
     = form_tag page_filter_path, method: :get, class: 'filter-form js-filter-form w-100' do
       - if params[:search].present?

changelogs/unreleased/32408-fix-css-leak.yml

+---
+title: Fix CSS leak in job log
+merge_request:
+author:
+type: fixed

changelogs/unreleased/32427-cannot-reorder-issue-boards.yml

+---
+title: Fix ordering of issue board lists not being persisted
+merge_request: 17356
+author:
+type: fixed

changelogs/unreleased/sh-fix-any-approver-handling.yml

+---
+title: Fix bug that caused a merge to show an error message
+merge_request: 17466
+author:
+type: fixed

changelogs/unreleased/sh-fix-dupe-approvals-failing.yml

+---
+title: Fix error when duplicate users are merged in approvers list
+merge_request: 17406
+author:
+type: fixed

spec/controllers/boards/lists_controller_spec.rb

@@ -162,10 +162,10 @@ describe Boards::ListsController do
     end
 
     context 'with unauthorized user' do
-      it 'returns a forbidden 403 response' do
+      it 'returns a 422 unprocessable entity response' do
         move user: guest, board: board, list: planning, position: 6
 
-        expect(response).to have_gitlab_http_status(403)
+        expect(response).to have_gitlab_http_status(422)
       end
     end
 

spec/features/clusters/cluster_detail_page_spec.rb

@@ -13,7 +13,7 @@ describe 'Clusterable > Show page' do
     sign_in(current_user)
   end
 
-  shared_examples 'editing domain' do
+  shared_examples 'show page' do
     before do
       clusterable.add_maintainer(current_user)
     end
@@ -53,6 +53,12 @@ describe 'Clusterable > Show page' do
         end
       end
     end
+
+    it 'does not show the environments tab' do
+      visit cluster_path
+
+      expect(page).not_to have_selector('.js-cluster-nav-environments', text: 'Environments')
+    end
   end
 
   shared_examples 'editing a GCP cluster' do
@@ -113,42 +119,30 @@ describe 'Clusterable > Show page' do
   end
 
   context 'when clusterable is a project' do
-    it_behaves_like 'editing domain' do
-      let(:clusterable) { create(:project) }
-      let(:cluster) { create(:cluster, :provided_by_gcp, :project, projects: [clusterable]) }
-      let(:cluster_path) { project_cluster_path(clusterable, cluster) }
-    end
+    let(:clusterable) { create(:project) }
+    let(:cluster_path) { project_cluster_path(clusterable, cluster) }
+    let(:cluster) { create(:cluster, :provided_by_gcp, :project, projects: [clusterable]) }
 
-    it_behaves_like 'editing a GCP cluster' do
-      let(:clusterable) { create(:project) }
-      let(:cluster) { create(:cluster, :provided_by_gcp, :project, projects: [clusterable]) }
-      let(:cluster_path) { project_cluster_path(clusterable, cluster) }
-    end
+    it_behaves_like 'show page'
+
+    it_behaves_like 'editing a GCP cluster'
 
     it_behaves_like 'editing a user-provided cluster' do
-      let(:clusterable) { create(:project) }
       let(:cluster) { create(:cluster, :provided_by_user, :project, projects: [clusterable]) }
-      let(:cluster_path) { project_cluster_path(clusterable, cluster) }
     end
   end
 
   context 'when clusterable is a group' do
-    it_behaves_like 'editing domain' do
-      let(:clusterable) { create(:group) }
-      let(:cluster) { create(:cluster, :provided_by_gcp, :group, groups: [clusterable]) }
-      let(:cluster_path) { group_cluster_path(clusterable, cluster) }
-    end
+    let(:clusterable) { create(:group) }
+    let(:cluster_path) { group_cluster_path(clusterable, cluster) }
+    let(:cluster) { create(:cluster, :provided_by_gcp, :group, groups: [clusterable]) }
 
-    it_behaves_like 'editing a GCP cluster' do
-      let(:clusterable) { create(:group) }
-      let(:cluster) { create(:cluster, :provided_by_gcp, :group, groups: [clusterable]) }
-      let(:cluster_path) { group_cluster_path(clusterable, cluster) }
-    end
+    it_behaves_like 'show page'
+
+    it_behaves_like 'editing a GCP cluster'
 
     it_behaves_like 'editing a user-provided cluster' do
-      let(:clusterable) { create(:group) }
       let(:cluster) { create(:cluster, :provided_by_user, :group, groups: [clusterable]) }
-      let(:cluster_path) { group_cluster_path(clusterable, cluster) }
     end
   end
 end

spec/services/boards/lists/update_service_spec.rb

@@ -10,9 +10,8 @@ describe Boards::Lists::UpdateService do
     context 'when user can admin list' do
       it 'calls Lists::MoveService to update list position' do
         board.parent.add_developer(user)
-        service = described_class.new(board.parent, user, position: 1)
 
-        expect(Boards::Lists::MoveService).to receive(:new).with(board.parent, user, { position: 1 }).and_call_original
+        expect(Boards::Lists::MoveService).to receive(:new).with(board.parent, user, params).and_call_original
         expect_any_instance_of(Boards::Lists::MoveService).to receive(:execute).with(list)
 
         service.execute(list)
@@ -21,8 +20,6 @@ describe Boards::Lists::UpdateService do
 
     context 'when user cannot admin list' do
       it 'does not call Lists::MoveService to update list position' do
-        service = described_class.new(board.parent, user, position: 1)
-
         expect(Boards::Lists::MoveService).not_to receive(:new)
 
         service.execute(list)
@@ -34,7 +31,6 @@ describe Boards::Lists::UpdateService do
     context 'when user can read list' do
       it 'updates list preference for user' do
         board.parent.add_guest(user)
-        service = described_class.new(board.parent, user, collapsed: true)
 
         service.execute(list)
 
@@ -44,8 +40,6 @@ describe Boards::Lists::UpdateService do
 
     context 'when user cannot read list' do
       it 'does not update list preference for user' do
-        service = described_class.new(board.parent, user, collapsed: true)
-
         service.execute(list)
 
         expect(list.preferences_for(user).collapsed).to be_nil
@@ -54,35 +48,61 @@ describe Boards::Lists::UpdateService do
   end
 
   describe '#execute' do
+    let(:service) { described_class.new(board.parent, user, params) }
+
     context 'when position parameter is present' do
+      let(:params) { { position: 1 } }
+
       context 'for projects' do
-        it_behaves_like 'moving list' do
-          let(:project) { create(:project, :private) }
-          let(:board) { create(:board, project: project) }
-        end
+        let(:project) { create(:project, :private) }
+        let(:board) { create(:board, project: project) }
+
+        it_behaves_like 'moving list'
       end
 
       context 'for groups' do
-        it_behaves_like 'moving list' do
-          let(:group) { create(:group, :private) }
-          let(:board) { create(:board, group: group) }
-        end
+        let(:group) { create(:group, :private) }
+        let(:board) { create(:board, group: group) }
+
+        it_behaves_like 'moving list'
       end
     end
 
     context 'when collapsed parameter is present' do
+      let(:params) { { collapsed: true } }
+
       context 'for projects' do
-        it_behaves_like 'updating list preferences' do
-          let(:project) { create(:project, :private) }
-          let(:board) { create(:board, project: project) }
-        end
+        let(:project) { create(:project, :private) }
+        let(:board) { create(:board, project: project) }
+
+        it_behaves_like 'updating list preferences'
       end
 
       context 'for groups' do
-        it_behaves_like 'updating list preferences' do
-          let(:group) { create(:group, :private) }
-          let(:board) { create(:board, group: group) }
-        end
+        let(:project) { create(:project, :private) }
+        let(:board) { create(:board, project: project) }
+
+        it_behaves_like 'updating list preferences'
+      end
+    end
+
+    context 'when position and collapsed are both present' do
+      let(:params) { { collapsed: true, position: 1 } }
+
+      context 'for projects' do
+        let(:project) { create(:project, :private) }
+        let(:board) { create(:board, project: project) }
+
+        it_behaves_like 'moving list'
+        it_behaves_like 'updating list preferences'
+      end
+
+      context 'for groups' do
+        let(:group) { create(:group, :private) }
+        let(:board) { create(:board, group: group) }
+
+        it_behaves_like 'moving list'
+        it_behaves_like 'updating list preferences'
       end
     end
   end

spec/support/shared_examples/boards/multiple_issue_boards_shared_examples.rb

@@ -11,10 +11,6 @@ shared_examples_for 'multiple issue boards' do
       wait_for_requests
     end
 
-    it 'shows board switcher' do
-      expect(page).to have_css('.boards-switcher')
-    end
-
     it 'shows current board name' do
       page.within('.boards-switcher') do
         expect(page).to have_content(board.name)