@@ -17,3 +17,4 @@ GitLab’s [security features](../security/README.md) may also help you meet rel
|**[Audit logs](audit_events.md)**<br>To maintain the integrity of your code, GitLab Enterprise Edition Premium gives admins the ability to view any modifications made within the GitLab server in an advanced audit log system, so you can control, analyze, and track every change.|Premium+||
|**[Auditor users](auditor_users.md)**<br>Auditor users are users who are given read-only access to all projects, groups, and other resources on the GitLab instance.|Premium+||
|**[Credentials inventory](../user/admin_area/credentials_inventory.md)**<br>With a credentials inventory, GitLab administrators can keep track of the credentials used by all of the users in their GitLab instance. |Ultimate||
|**Separation of Duties using [Protected branches](../user/project/protected_branches.md#protected-branches-approval-by-code-owners-premium) and [custom CI Configuration Paths](../user/project/pipelines/settings.md#custom-ci-configuration-path)**<br> GitLab Silver and Premium users can leverage GitLab's cross-project YAML configuration's to define deployers of code and developers of code. View the [Separation of Duties Deploy Project](https://gitlab.com/guided-explorations/separation-of-duties-deploy/blob/master/README.md) and [Separation of Duties Project](https://gitlab.com/guided-explorations/separation-of-duties/blob/master/README.md) to see how to use this set up to define these roles.|Premium+||
#'path_style' => false # If true, use 'host/bucket_name/object' instead of 'bucket_name.host/object'.
}
```
NOTE: **Note:**
Some build tools, like Gradle, must make `HEAD` requests to Amazon S3 to pull a dependency’s metadata. The `gitlab_rails['packages_object_store_proxy_download']` property must be set to `true`. Without this setting, GitLab won't act as a proxy to the Amazon S3 service, and will instead return the signed URL. This will cause a `HTTP 403 Forbidden` response, since Amazon S3 expects a signed URL.
1. Save the file and [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure)
@@ -128,11 +128,11 @@ The last option is to import a project using a Rails console:
For Performance testing, we should:
- Import a quite large project, [`gitlabhq`](https://gitlab.com/gitlab-org/quality/performance-data#gitlab-performance-test-framework-data) should be a good example.
- Measure the execution time of `ProjectTreeRestorer`.
- Measure the execution time of `Project::TreeRestorer`.
- Count the number of executed SQL queries during the restore.
- Observe the number of GC cycles happening.
You can use this [snippet](https://gitlab.com/gitlab-org/gitlab/snippets/1924954), which will restore the project, and measure the execution time of `ProjectTreeRestorer`, number of SQL queries and number of GC cycles happening.
You can use this [snippet](https://gitlab.com/gitlab-org/gitlab/snippets/1924954), which will restore the project, and measure the execution time of `Project::TreeRestorer`, number of SQL queries and number of GC cycles happening.
You can execute the script from the `gdk/gitlab` directory like this:
@@ -38,7 +38,7 @@ describe "User views milestones" do
end
context"with associated releases"do
set(:first_release){create(:release,project: project,name: "The first release",milestones: [milestone],released_at: Time.zone.parse('2019-10-07'))}
let_it_be(:first_release){create(:release,project: project,name: "The first release",milestones: [milestone],released_at: Time.zone.parse('2019-10-07'))}
context"with a single associated release"do
it"shows the associated release"do
...
...
@@ -48,10 +48,10 @@ describe "User views milestones" do
end
context"with lots of associated releases"do
set(:second_release){create(:release,project: project,name: "The second release",milestones: [milestone],released_at: first_release.released_at+1.day)}
set(:third_release){create(:release,project: project,name: "The third release",milestones: [milestone],released_at: second_release.released_at+1.day)}
set(:fourth_release){create(:release,project: project,name: "The fourth release",milestones: [milestone],released_at: third_release.released_at+1.day)}
set(:fifth_release){create(:release,project: project,name: "The fifth release",milestones: [milestone],released_at: fourth_release.released_at+1.day)}
let_it_be(:second_release){create(:release,project: project,name: "The second release",milestones: [milestone],released_at: first_release.released_at+1.day)}
let_it_be(:third_release){create(:release,project: project,name: "The third release",milestones: [milestone],released_at: second_release.released_at+1.day)}
let_it_be(:fourth_release){create(:release,project: project,name: "The fourth release",milestones: [milestone],released_at: third_release.released_at+1.day)}
let_it_be(:fifth_release){create(:release,project: project,name: "The fifth release",milestones: [milestone],released_at: fourth_release.released_at+1.day)}
it"shows the associated releases and the truncation text"do
expect(page).tohave_content("Releases #{fifth_release.name} • #{fourth_release.name} • #{third_release.name} • 2 more releases")
...
...
@@ -66,9 +66,9 @@ describe "User views milestones" do
set(:current_user){create(:user)}# Using `current_user` instead of just `user` because of the hardoced call in `assigned_mrs_dashboard_path` which is used below.
let_it_be(:current_user){create(:user)}# Using `current_user` instead of just `user` because of the hardoced call in `assigned_mrs_dashboard_path` which is used below.
expect{subject.validate!}.toraise_error(Gitlab::GitAccess::UnauthorizedError,'You are not allowed to force push code to a protected branch on this project.')
expect{subject.validate!}.toraise_error(Gitlab::GitAccess::ForbiddenError,'You are not allowed to force push code to a protected branch on this project.')
end
it'raises an error if the user is not allowed to merge to protected branches'do
...
...
@@ -38,13 +38,13 @@ describe Gitlab::Checks::BranchCheck do
expect{subject.validate!}.toraise_error(Gitlab::GitAccess::UnauthorizedError,'You are not allowed to merge code into protected branches on this project.')
expect{subject.validate!}.toraise_error(Gitlab::GitAccess::ForbiddenError,'You are not allowed to merge code into protected branches on this project.')
end
it'raises an error if the user is not allowed to push to protected branches'do
expect{subject.validate!}.toraise_error(Gitlab::GitAccess::UnauthorizedError,'You are not allowed to push code to protected branches on this project.')
expect{subject.validate!}.toraise_error(Gitlab::GitAccess::ForbiddenError,'You are not allowed to push code to protected branches on this project.')
end
context'when project repository is empty'do
...
...
@@ -58,7 +58,7 @@ describe Gitlab::Checks::BranchCheck do
end
it'raises an error'do
expect{subject.validate!}.toraise_error(Gitlab::GitAccess::UnauthorizedError,/Ask a project Owner or Maintainer to create a default branch/)
expect{subject.validate!}.toraise_error(Gitlab::GitAccess::ForbiddenError,/Ask a project Owner or Maintainer to create a default branch/)
end
end
...
...
@@ -109,7 +109,7 @@ describe Gitlab::Checks::BranchCheck do
end
it'raises an error'do
expect{subject.validate!}.toraise_error(Gitlab::GitAccess::UnauthorizedError,'You are not allowed to create protected branches on this project.')
expect{subject.validate!}.toraise_error(Gitlab::GitAccess::ForbiddenError,'You are not allowed to create protected branches on this project.')
end
end
...
...
@@ -135,7 +135,7 @@ describe Gitlab::Checks::BranchCheck do
end
it'raises an error'do
expect{subject.validate!}.toraise_error(Gitlab::GitAccess::UnauthorizedError,'You can only use an existing protected branch ref as the basis of a new protected branch.')
expect{subject.validate!}.toraise_error(Gitlab::GitAccess::ForbiddenError,'You can only use an existing protected branch ref as the basis of a new protected branch.')
end
end
...
...
@@ -157,7 +157,7 @@ describe Gitlab::Checks::BranchCheck do
context'via SSH'do
it'raises an error'do
expect{subject.validate!}.toraise_error(Gitlab::GitAccess::UnauthorizedError,'You can only create protected branches using the web interface and API.')
expect{subject.validate!}.toraise_error(Gitlab::GitAccess::ForbiddenError,'You can only create protected branches using the web interface and API.')
end
end
end
...
...
@@ -171,7 +171,7 @@ describe Gitlab::Checks::BranchCheck do
context'if the user is not allowed to delete protected branches'do
it'raises an error'do
expect{subject.validate!}.toraise_error(Gitlab::GitAccess::UnauthorizedError,'You are not allowed to delete protected branches from this project. Only a project maintainer or owner can delete a protected branch.')
expect{subject.validate!}.toraise_error(Gitlab::GitAccess::ForbiddenError,'You are not allowed to delete protected branches from this project. Only a project maintainer or owner can delete a protected branch.')
end
end
...
...
@@ -190,7 +190,7 @@ describe Gitlab::Checks::BranchCheck do
context'over SSH or HTTP'do
it'raises an error'do
expect{subject.validate!}.toraise_error(Gitlab::GitAccess::UnauthorizedError,'You can only delete protected branches using the web interface.')
expect{subject.validate!}.toraise_error(Gitlab::GitAccess::ForbiddenError,'You can only delete protected branches using the web interface.')
expect{pull_access_check}.toraise_unauthorized('Your account has been blocked.')
expect{pull_access_check}.toraise_forbidden('Your account has been blocked.')
end
it'disallows deactivated users to pull'do
project.add_maintainer(user)
user.deactivate!
expect{pull_access_check}.toraise_unauthorized("Your account has been deactivated by your administrator. Please log back in from a web browser to reactivate your account at #{Gitlab.config.gitlab.url}")
expect{pull_access_check}.toraise_forbidden("Your account has been deactivated by your administrator. Please log back in from a web browser to reactivate your account at #{Gitlab.config.gitlab.url}")
end
context'when the project repository does not exist'do
expect{push_access_check}.toraise_unauthorized("Your account has been deactivated by your administrator. Please log back in from a web browser to reactivate your account at #{Gitlab.config.gitlab.url}")
expect{push_access_check}.toraise_forbidden("Your account has been deactivated by your administrator. Please log back in from a web browser to reactivate your account at #{Gitlab.config.gitlab.url}")
end
it'cleans up the files'do
...
...
@@ -1009,26 +1009,26 @@ describe Gitlab::GitAccess do
it'returns an informational message with rules that can run'do
expect(described_class.local_warning_message).toeq('==> Only the following Danger rules can be run locally: changes_size, gemfile, documentation, frozen_string, duplicate_yarn_dependencies, prettier, eslint, database, commit_messages')
expect(described_class.local_warning_message).toeq('==> Only the following Danger rules can be run locally: changes_size, documentation, frozen_string, duplicate_yarn_dependencies, prettier, eslint, database, commit_messages')