Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
gitlab-ce
Commits
f50b93c3
Commit
f50b93c3
authored
Mar 27, 2020
by
GitLab Bot
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add latest changes from gitlab-org/gitlab@master
parent
e20baee8
Changes
15
Expand all
Show whitespace changes
Inline
Side-by-side
Showing
15 changed files
with
670 additions
and
12 deletions
+670
-12
app/assets/javascripts/clusters/components/ingress_modsecurity_settings.vue
...ipts/clusters/components/ingress_modsecurity_settings.vue
+8
-4
app/assets/javascripts/clusters/stores/clusters_store.js
app/assets/javascripts/clusters/stores/clusters_store.js
+2
-0
app/controllers/projects/merge_requests/diffs_controller.rb
app/controllers/projects/merge_requests/diffs_controller.rb
+1
-1
app/controllers/projects/prometheus/alerts_controller.rb
app/controllers/projects/prometheus/alerts_controller.rb
+148
-0
changelogs/unreleased/212398-harden-optimie-jira-usage-data.yml
...logs/unreleased/212398-harden-optimie-jira-usage-data.yml
+5
-0
changelogs/unreleased/add_restriction_for_ingress_update.yml
changelogs/unreleased/add_restriction_for_ingress_update.yml
+5
-0
db/migrate/20200213100530_add_verification_columns_to_packages.rb
...te/20200213100530_add_verification_columns_to_packages.rb
+13
-0
db/structure.sql
db/structure.sql
+6
-0
doc/development/geo/framework.md
doc/development/geo/framework.md
+1
-1
lib/gitlab/usage_data.rb
lib/gitlab/usage_data.rb
+4
-6
spec/controllers/projects/merge_requests/diffs_controller_spec.rb
...trollers/projects/merge_requests/diffs_controller_spec.rb
+12
-0
spec/controllers/projects/prometheus/alerts_controller_spec.rb
...controllers/projects/prometheus/alerts_controller_spec.rb
+394
-0
spec/frontend/clusters/components/ingress_modsecurity_settings_spec.js
.../clusters/components/ingress_modsecurity_settings_spec.js
+25
-0
spec/lib/gitlab/usage_data_spec.rb
spec/lib/gitlab/usage_data_spec.rb
+7
-0
spec/support/shared_examples/models/concerns/blob_replicator_strategy_shared_examples.rb
...dels/concerns/blob_replicator_strategy_shared_examples.rb
+39
-0
No files found.
app/assets/javascripts/clusters/components/ingress_modsecurity_settings.vue
View file @
f50b93c3
...
...
@@ -93,7 +93,10 @@ export default {
return
[
UPDATING
].
includes
(
this
.
ingress
.
status
);
},
saveButtonDisabled
()
{
return
[
UNINSTALLING
,
UPDATING
,
INSTALLING
].
includes
(
this
.
ingress
.
status
);
return
(
[
UNINSTALLING
,
UPDATING
,
INSTALLING
].
includes
(
this
.
ingress
.
status
)
||
this
.
ingress
.
updateAvailable
);
},
saveButtonLabel
()
{
return
this
.
saving
?
__
(
'
Saving
'
)
:
__
(
'
Save changes
'
);
...
...
@@ -105,13 +108,14 @@ export default {
* neither getting installed nor updated.
*/
showButtons
()
{
return
(
this
.
saving
||
(
this
.
hasValueChanged
&&
[
INSTALLED
,
UPDATED
].
includes
(
this
.
ingress
.
status
))
);
return
this
.
saving
||
this
.
valuesChangedByUser
;
},
modSecurityModeName
()
{
return
this
.
modes
[
this
.
ingress
.
modsecurity_mode
].
name
;
},
valuesChangedByUser
()
{
return
this
.
hasValueChanged
&&
[
INSTALLED
,
UPDATED
].
includes
(
this
.
ingress
.
status
);
},
},
methods
:
{
updateApplication
()
{
...
...
app/assets/javascripts/clusters/stores/clusters_store.js
View file @
f50b93c3
...
...
@@ -59,6 +59,7 @@ export default class ClusterStore {
isEditingModSecurityEnabled
:
false
,
isEditingModSecurityMode
:
false
,
updateFailed
:
false
,
updateAvailable
:
false
,
},
cert_manager
:
{
...
applicationInitialState
,
...
...
@@ -213,6 +214,7 @@ export default class ClusterStore {
if
(
appId
===
INGRESS
)
{
this
.
state
.
applications
.
ingress
.
externalIp
=
serverAppEntry
.
external_ip
;
this
.
state
.
applications
.
ingress
.
externalHostname
=
serverAppEntry
.
external_hostname
;
this
.
state
.
applications
.
ingress
.
updateAvailable
=
updateAvailable
;
if
(
!
this
.
state
.
applications
.
ingress
.
isEditingModSecurityEnabled
)
{
this
.
state
.
applications
.
ingress
.
modsecurity_enabled
=
serverAppEntry
.
modsecurity_enabled
;
}
...
...
app/controllers/projects/merge_requests/diffs_controller.rb
View file @
f50b93c3
...
...
@@ -98,7 +98,7 @@ class Projects::MergeRequests::DiffsController < Projects::MergeRequests::Applic
@merge_request
.
merge_request_diff
end
return
unless
@merge_request_diff
return
unless
@merge_request_diff
&
.
id
@comparable_diffs
=
@merge_request_diffs
.
select
{
|
diff
|
diff
.
id
<
@merge_request_diff
.
id
}
...
...
app/controllers/projects/prometheus/alerts_controller.rb
0 → 100644
View file @
f50b93c3
# frozen_string_literal: true
module
Projects
module
Prometheus
class
AlertsController
<
Projects
::
ApplicationController
include
MetricsDashboard
respond_to
:json
protect_from_forgery
except:
[
:notify
]
skip_before_action
:project
,
only:
[
:notify
]
prepend_before_action
:repository
,
:project_without_auth
,
only:
[
:notify
]
before_action
:authorize_read_prometheus_alerts!
,
except:
[
:notify
]
before_action
:alert
,
only:
[
:update
,
:show
,
:destroy
,
:metrics_dashboard
]
def
index
render
json:
serialize_as_json
(
alerts
)
end
def
show
render
json:
serialize_as_json
(
alert
)
end
def
notify
token
=
extract_alert_manager_token
(
request
)
if
notify_service
.
execute
(
token
)
head
:ok
else
head
:unprocessable_entity
end
end
def
create
@alert
=
create_service
.
execute
if
@alert
.
persisted?
schedule_prometheus_update!
render
json:
serialize_as_json
(
@alert
)
else
head
:no_content
end
end
def
update
if
update_service
.
execute
(
alert
)
schedule_prometheus_update!
render
json:
serialize_as_json
(
alert
)
else
head
:no_content
end
end
def
destroy
if
destroy_service
.
execute
(
alert
)
schedule_prometheus_update!
head
:ok
else
head
:no_content
end
end
private
def
alerts_params
params
.
permit
(
:operator
,
:threshold
,
:environment_id
,
:prometheus_metric_id
)
end
def
notify_service
Projects
::
Prometheus
::
Alerts
::
NotifyService
.
new
(
project
,
current_user
,
params
.
permit!
)
end
def
create_service
Projects
::
Prometheus
::
Alerts
::
CreateService
.
new
(
project
,
current_user
,
alerts_params
)
end
def
update_service
Projects
::
Prometheus
::
Alerts
::
UpdateService
.
new
(
project
,
current_user
,
alerts_params
)
end
def
destroy_service
Projects
::
Prometheus
::
Alerts
::
DestroyService
.
new
(
project
,
current_user
,
nil
)
end
def
schedule_prometheus_update!
::
Clusters
::
Applications
::
ScheduleUpdateService
.
new
(
application
,
project
).
execute
end
def
serialize_as_json
(
alert_obj
)
serializer
.
represent
(
alert_obj
)
end
def
serializer
PrometheusAlertSerializer
.
new
(
project:
project
,
current_user:
current_user
)
end
def
alerts
alerts_finder
.
execute
end
def
alert
@alert
||=
alerts_finder
(
metric:
params
[
:id
]).
execute
.
first
||
render_404
end
def
alerts_finder
(
opts
=
{})
Projects
::
Prometheus
::
AlertsFinder
.
new
({
project:
project
,
environment:
params
[
:environment_id
]
}.
reverse_merge
(
opts
))
end
def
application
@application
||=
alert
.
environment
.
cluster_prometheus_adapter
end
def
extract_alert_manager_token
(
request
)
Doorkeeper
::
OAuth
::
Token
.
from_bearer_authorization
(
request
)
end
def
project_without_auth
@project
||=
Project
.
find_by_full_path
(
"
#{
params
[
:namespace_id
]
}
/
#{
params
[
:project_id
]
}
"
)
end
def
prometheus_alerts
project
.
prometheus_alerts
.
for_environment
(
params
[
:environment_id
])
end
def
metrics_dashboard_params
{
embedded:
true
,
prometheus_alert_id:
alert
.
id
}
end
end
end
end
changelogs/unreleased/212398-harden-optimie-jira-usage-data.yml
0 → 100644
View file @
f50b93c3
---
title
:
Harden jira usage data
merge_request
:
27973
author
:
type
:
performance
changelogs/unreleased/add_restriction_for_ingress_update.yml
0 → 100644
View file @
f50b93c3
---
title
:
WAF settings will be read-only if there is a new version of ingress available
merge_request
:
27845
author
:
type
:
changed
db/migrate/20200213100530_add_verification_columns_to_packages.rb
0 → 100644
View file @
f50b93c3
# frozen_string_literal: true
class
AddVerificationColumnsToPackages
<
ActiveRecord
::
Migration
[
6.0
]
DOWNTIME
=
false
def
change
add_column
:packages_package_files
,
:verification_retry_at
,
:datetime_with_timezone
add_column
:packages_package_files
,
:verified_at
,
:datetime_with_timezone
add_column
:packages_package_files
,
:verification_checksum
,
:string
,
limit:
255
add_column
:packages_package_files
,
:verification_failure
,
:string
,
limit:
255
add_column
:packages_package_files
,
:verification_retry_count
,
:integer
end
end
db/structure.sql
View file @
f50b93c3
...
...
@@ -4364,6 +4364,11 @@ CREATE TABLE public.packages_package_files (
file_sha1
bytea
,
file_name
character
varying
NOT
NULL
,
file
text
NOT
NULL
,
verification_retry_at
timestamp
with
time
zone
,
verified_at
timestamp
with
time
zone
,
verification_checksum
character
varying
(
255
),
verification_failure
character
varying
(
255
),
verification_retry_count
integer
,
file_sha256
bytea
);
...
...
@@ -12720,6 +12725,7 @@ COPY "schema_migrations" (version) FROM STDIN;
20200212133945
20200212134201
20200213093702
20200213100530
20200213155311
20200213204737
20200213220159
...
...
doc/development/geo/framework.md
View file @
f50b93c3
...
...
@@ -174,7 +174,7 @@ For example, to add support for files referenced by a `Widget` model with a
def
change
add_column
:widgets
,
:verification_retry_at
,
:datetime_with_timezone
add_column
:widgets
,
:
last_verification_ran
_at
,
:datetime_with_timezone
add_column
:widgets
,
:
verified
_at
,
:datetime_with_timezone
add_column
:widgets
,
:verification_checksum
,
:string
add_column
:widgets
,
:verification_failure
,
:string
add_column
:widgets
,
:verification_retry_count
,
:integer
...
...
lib/gitlab/usage_data.rb
View file @
f50b93c3
...
...
@@ -202,7 +202,7 @@ module Gitlab
results
=
{
projects_jira_server_active:
0
,
projects_jira_cloud_active:
0
,
projects_jira_active:
-
1
projects_jira_active:
0
}
Service
.
active
...
...
@@ -217,14 +217,12 @@ module Gitlab
results
[
:projects_jira_server_active
]
+=
counts
[
:server
].
count
if
counts
[
:server
]
results
[
:projects_jira_cloud_active
]
+=
counts
[
:cloud
].
count
if
counts
[
:cloud
]
if
results
[
:projects_jira_active
]
==
-
1
results
[
:projects_jira_active
]
=
services
.
size
else
results
[
:projects_jira_active
]
+=
services
.
size
end
end
results
rescue
ActiveRecord
::
StatementInvalid
{
projects_jira_server_active:
-
1
,
projects_jira_cloud_active:
-
1
,
projects_jira_active:
-
1
}
end
# rubocop: enable CodeReuse/ActiveRecord
...
...
spec/controllers/projects/merge_requests/diffs_controller_spec.rb
View file @
f50b93c3
...
...
@@ -16,6 +16,18 @@ describe Projects::MergeRequests::DiffsController do
expect
(
response
).
to
have_gitlab_http_status
(
:not_found
)
end
end
context
'when the merge_request_diff.id is blank'
do
it
'returns 404'
do
allow_next_instance_of
(
MergeRequest
)
do
|
instance
|
allow
(
instance
).
to
receive
(
:merge_request_diff
).
and_return
(
MergeRequestDiff
.
new
(
merge_request_id:
instance
.
id
))
go
expect
(
response
).
to
have_gitlab_http_status
(
:not_found
)
end
end
end
end
shared_examples
'forked project with submodules'
do
...
...
spec/controllers/projects/prometheus/alerts_controller_spec.rb
0 → 100644
View file @
f50b93c3
This diff is collapsed.
Click to expand it.
spec/frontend/clusters/components/ingress_modsecurity_settings_spec.js
View file @
f50b93c3
...
...
@@ -14,6 +14,7 @@ describe('IngressModsecuritySettings', () => {
status
:
'
installable
'
,
installed
:
false
,
modsecurity_mode
:
'
logging
'
,
updateAvailable
:
false
,
};
const
createComponent
=
(
props
=
defaultProps
)
=>
{
...
...
@@ -61,6 +62,11 @@ describe('IngressModsecuritySettings', () => {
expect
(
findCancelButton
().
exists
()).
toBe
(
true
);
});
it
(
'
enables related toggle and buttons
'
,
()
=>
{
expect
(
findSaveButton
().
attributes
().
disabled
).
toBeUndefined
();
expect
(
findCancelButton
().
attributes
().
disabled
).
toBeUndefined
();
});
describe
(
'
with dropdown changed by the user
'
,
()
=>
{
beforeEach
(()
=>
{
findModSecurityDropdown
().
vm
.
$children
[
1
].
$emit
(
'
click
'
);
...
...
@@ -105,6 +111,25 @@ describe('IngressModsecuritySettings', () => {
expect
(
findCancelButton
().
exists
()).
toBe
(
false
);
});
});
describe
(
'
with a new version available
'
,
()
=>
{
beforeEach
(()
=>
{
wrapper
.
setProps
({
ingress
:
{
...
defaultProps
,
installed
:
true
,
status
:
'
installed
'
,
modsecurity_enabled
:
true
,
updateAvailable
:
true
,
},
});
});
it
(
'
disables related toggle and buttons
'
,
()
=>
{
expect
(
findSaveButton
().
attributes
().
disabled
).
toBe
(
'
true
'
);
expect
(
findCancelButton
().
attributes
().
disabled
).
toBe
(
'
true
'
);
});
});
});
it
(
'
triggers set event to be propagated with the current modsecurity value
'
,
()
=>
{
...
...
spec/lib/gitlab/usage_data_spec.rb
View file @
f50b93c3
...
...
@@ -85,6 +85,13 @@ describe Gitlab::UsageData, :aggregate_failures do
expect
{
subject
}.
not_to
raise_error
end
it
'jira usage works when queries time out'
do
allow_any_instance_of
(
ActiveRecord
::
Relation
)
.
to
receive
(
:find_in_batches
).
and_raise
(
ActiveRecord
::
StatementInvalid
.
new
(
''
))
expect
{
described_class
.
jira_usage
}.
not_to
raise_error
end
end
describe
'#usage_data_counters'
do
...
...
spec/support/shared_examples/models/concerns/blob_replicator_strategy_shared_examples.rb
View file @
f50b93c3
...
...
@@ -27,6 +27,45 @@ RSpec.shared_examples 'a blob replicator' do
expect
(
::
Geo
::
Event
.
last
.
attributes
).
to
include
(
"replicable_name"
=>
replicator
.
replicable_name
,
"event_name"
=>
"created"
,
"payload"
=>
{
"model_record_id"
=>
replicator
.
model_record
.
id
})
end
it
'schedules the checksum calculation if needed'
do
expect
(
Geo
::
BlobVerificationPrimaryWorker
).
to
receive
(
:perform_async
)
expect
(
replicator
).
to
receive
(
:needs_checksum?
).
and_return
(
true
)
replicator
.
handle_after_create_commit
end
it
'does not schedule the checksum calculation if feature flag is disabled'
do
stub_feature_flags
(
geo_self_service_framework:
false
)
expect
(
Geo
::
BlobVerificationPrimaryWorker
).
not_to
receive
(
:perform_async
)
allow
(
replicator
).
to
receive
(
:needs_checksum?
).
and_return
(
true
)
replicator
.
handle_after_create_commit
end
end
describe
'#calculate_checksum!'
do
it
'calculates the checksum'
do
model_record
.
save!
replicator
.
calculate_checksum!
expect
(
model_record
.
reload
.
verification_checksum
).
not_to
be_nil
end
it
'saves the error message and increments retry counter'
do
model_record
.
save!
allow
(
model_record
).
to
receive
(
:calculate_checksum!
)
do
raise
StandardError
.
new
(
'Failure to calculate checksum'
)
end
replicator
.
calculate_checksum!
expect
(
model_record
.
reload
.
verification_failure
).
to
eq
'Failure to calculate checksum'
expect
(
model_record
.
verification_retry_count
).
to
be
1
end
end
describe
'#consume_created_event'
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment