Commit 1e00a38d authored by Andrew Fontaine's avatar Andrew Fontaine

Merge branch...

Merge branch '220858-implement-token-selector-component-for-group-restrict-access-by-ip-address-field' into 'master'

Implement token selector component for "Restrict access by IP address" field

See merge request gitlab-org/gitlab!36240
parents 6b310d57 44eb9998
...@@ -543,7 +543,7 @@ underlying projects, issues, etc, by IP address. This can help ensure that ...@@ -543,7 +543,7 @@ underlying projects, issues, etc, by IP address. This can help ensure that
particular content doesn't leave the premises, while not blocking off access to particular content doesn't leave the premises, while not blocking off access to
the entire instance. the entire instance.
Add one or more allowed IP subnets using CIDR notation in comma separated format to the group settings and anyone Add one or more allowed IP subnets using CIDR notation to the group settings and anyone
coming from a different IP address won't be able to access the restricted coming from a different IP address won't be able to access the restricted
content. content.
...@@ -556,6 +556,12 @@ Restriction currently applies to: ...@@ -556,6 +556,12 @@ Restriction currently applies to:
To avoid accidental lock-out, admins and group owners are able to access To avoid accidental lock-out, admins and group owners are able to access
the group regardless of the IP restriction. the group regardless of the IP restriction.
To enable this feature:
1. Navigate to the group’s **Settings > General** page.
1. Expand the **Permissions, LFS, 2FA** section, and enter IP address ranges into **Allow access to the following IP addresses** field.
1. Click **Save changes**.
#### Allowed domain restriction **(PREMIUM)** #### Allowed domain restriction **(PREMIUM)**
>- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/7297) in [GitLab Premium and Silver](https://about.gitlab.com/pricing/) 12.2. >- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/7297) in [GitLab Premium and Silver](https://about.gitlab.com/pricing/) 12.2.
......
...@@ -2,10 +2,10 @@ import Vue from 'vue'; ...@@ -2,10 +2,10 @@ import Vue from 'vue';
import { __, sprintf } from '~/locale'; import { __, sprintf } from '~/locale';
import CommaSeparatedListTokenSelector from '../components/comma_separated_list_token_selector.vue'; import CommaSeparatedListTokenSelector from '../components/comma_separated_list_token_selector.vue';
export default () => { export default (el, placeholder, qaSelector) => {
// eslint-disable-next-line no-new // eslint-disable-next-line no-new
new Vue({ new Vue({
el: '.js-allowed-email-domains', el,
components: { components: {
CommaSeparatedListTokenSelector, CommaSeparatedListTokenSelector,
}, },
...@@ -16,14 +16,17 @@ export default () => { ...@@ -16,14 +16,17 @@ export default () => {
}, },
render(createElement) { render(createElement) {
return createElement('comma-separated-list-token-selector', { return createElement('comma-separated-list-token-selector', {
attrs: {
'data-qa-selector': qaSelector,
},
props: { props: {
hiddenInputId: this.hiddenInputId, hiddenInputId: this.hiddenInputId,
ariaLabelledby: this.labelId, ariaLabelledby: this.labelId,
placeholder: __('Enter domain'), placeholder,
}, },
scopedSlots: { scopedSlots: {
'user-defined-token-content': ({ inputText: value }) => { 'user-defined-token-content': ({ inputText: value }) => {
return sprintf(__('Add "%{value}" to allowlist'), { value }); return sprintf(__('Add "%{value}"'), { value });
}, },
}, },
}); });
......
import '~/pages/groups/edit'; import '~/pages/groups/edit';
import initAllowedEmailDomains from 'ee/groups/settings/allowed_email_domains'; import initAccessRestrictionField from 'ee/groups/settings/access_restriction_field';
import { __ } from '~/locale';
document.addEventListener('DOMContentLoaded', () => { document.addEventListener('DOMContentLoaded', () => {
initAllowedEmailDomains(); initAccessRestrictionField('.js-allowed-email-domains', __('Enter domain'));
initAccessRestrictionField(
'.js-ip-restriction',
__('Enter IP address range'),
'ip_restriction_field',
);
}); });
- return if !group.feature_available?(:group_ip_restriction) || group.parent_id.present? - return if !group.feature_available?(:group_ip_restriction) || group.parent_id.present?
- hidden_input_id = 'group_ip_restriction_ranges'
%h5= _('Restrict access by IP address') - label_id = "#{hidden_input_id}_label"
.form-group .form-group
= f.text_field :ip_restriction_ranges, class: 'form-control', data: { qa_selector: 'ip_restriction_field' }, placeholder: _('Enter IP address range') %label{ id: label_id }
= _('Allow access to the following IP addresses')
.js-ip-restriction{ data: { hidden_input_id: hidden_input_id, label_id: label_id } }
= f.hidden_field :ip_restriction_ranges, id: hidden_input_id
.form-text.text-muted .form-text.text-muted
- read_more_link = link_to(_('Read more'), help_page_path('user/group/index.md', anchor: 'ip-access-restriction-premium')) - read_more_link = link_to(_('Read more'), help_page_path('user/group/index.md', anchor: 'ip-access-restriction-premium'))
= _('This group, including all subgroups, projects and git repositories, will only be reachable from the specified IP address range. Multiple addresses are supported with comma delimiters.<br>Example: <code>192.168.0.0/24,192.168.1.0/24</code>. %{read_more_link}.').html_safe % { read_more_link: read_more_link } = _('This group, including all subgroups, projects and git repositories, will be reachable from only the specified IP address ranges.')
%br
= _('Multiple IP address ranges are supported.')
%br
= _('Example: <code>192.168.0.0/24</code>. %{read_more_link}.').html_safe % { read_more_link: read_more_link }
---
title: Change "Restrict access by IP address" field from a comma separated list to
the GitLab UI Token Selector component
merge_request: 36240
author:
type: changed
...@@ -21,7 +21,8 @@ RSpec.describe 'groups/edit.html.haml' do ...@@ -21,7 +21,8 @@ RSpec.describe 'groups/edit.html.haml' do
expect(rendered).to render_template('groups/settings/_ip_restriction') expect(rendered).to render_template('groups/settings/_ip_restriction')
expect(rendered).to(have_field('group_ip_restriction_ranges', expect(rendered).to(have_field('group_ip_restriction_ranges',
{ disabled: false, { disabled: false,
with: ranges.join(",") })) with: ranges.join(","),
type: :hidden }))
end end
end end
...@@ -30,7 +31,7 @@ RSpec.describe 'groups/edit.html.haml' do ...@@ -30,7 +31,7 @@ RSpec.describe 'groups/edit.html.haml' do
render render
expect(rendered).to render_template('groups/settings/_ip_restriction') expect(rendered).to render_template('groups/settings/_ip_restriction')
expect(rendered).not_to have_field('group_ip_restriction_ranges') expect(rendered).not_to have_field('group_ip_restriction_ranges', { type: :hidden })
end end
end end
......
...@@ -1330,7 +1330,7 @@ msgstr "" ...@@ -1330,7 +1330,7 @@ msgstr ""
msgid "Add" msgid "Add"
msgstr "" msgstr ""
msgid "Add \"%{value}\" to allowlist" msgid "Add \"%{value}\""
msgstr "" msgstr ""
msgid "Add %d issue" msgid "Add %d issue"
...@@ -2285,6 +2285,9 @@ msgstr "" ...@@ -2285,6 +2285,9 @@ msgstr ""
msgid "Allow \"%{group_name}\" to sign you in" msgid "Allow \"%{group_name}\" to sign you in"
msgstr "" msgstr ""
msgid "Allow access to the following IP addresses"
msgstr ""
msgid "Allow commits from members who can merge to the target branch." msgid "Allow commits from members who can merge to the target branch."
msgstr "" msgstr ""
...@@ -9537,6 +9540,9 @@ msgstr "" ...@@ -9537,6 +9540,9 @@ msgstr ""
msgid "Exactly one of %{attributes} is required" msgid "Exactly one of %{attributes} is required"
msgstr "" msgstr ""
msgid "Example: <code>192.168.0.0/24</code>. %{read_more_link}."
msgstr ""
msgid "Example: @sub\\.company\\.com$" msgid "Example: @sub\\.company\\.com$"
msgstr "" msgstr ""
...@@ -15209,6 +15215,9 @@ msgstr "" ...@@ -15209,6 +15215,9 @@ msgstr ""
msgid "MrDeploymentActions|Stop environment" msgid "MrDeploymentActions|Stop environment"
msgstr "" msgstr ""
msgid "Multiple IP address ranges are supported."
msgstr ""
msgid "Multiple domains are supported." msgid "Multiple domains are supported."
msgstr "" msgstr ""
...@@ -19951,9 +19960,6 @@ msgstr "" ...@@ -19951,9 +19960,6 @@ msgstr ""
msgid "Restoring the project will prevent the project from being removed on this date and restore people's ability to make changes to it." msgid "Restoring the project will prevent the project from being removed on this date and restore people's ability to make changes to it."
msgstr "" msgstr ""
msgid "Restrict access by IP address"
msgstr ""
msgid "Restrict membership by email domain" msgid "Restrict membership by email domain"
msgstr "" msgstr ""
...@@ -23845,7 +23851,7 @@ msgstr "" ...@@ -23845,7 +23851,7 @@ msgstr ""
msgid "This group has been scheduled for permanent removal on %{date}" msgid "This group has been scheduled for permanent removal on %{date}"
msgstr "" msgstr ""
msgid "This group, including all subgroups, projects and git repositories, will only be reachable from the specified IP address range. Multiple addresses are supported with comma delimiters.<br>Example: <code>192.168.0.0/24,192.168.1.0/24</code>. %{read_more_link}." msgid "This group, including all subgroups, projects and git repositories, will be reachable from only the specified IP address ranges."
msgstr "" msgstr ""
msgid "This group, its subgroups and projects has been scheduled for removal on %{date}." msgid "This group, its subgroups and projects has been scheduled for removal on %{date}."
......
...@@ -21,7 +21,7 @@ module QA ...@@ -21,7 +21,7 @@ module QA
element :save_changes_button element :save_changes_button
end end
view 'ee/app/views/groups/settings/_ip_restriction.html.haml' do view 'ee/app/assets/javascripts/pages/groups/edit/index.js' do
element :ip_restriction_field element :ip_restriction_field
end end
...@@ -63,15 +63,17 @@ module QA ...@@ -63,15 +63,17 @@ module QA
def set_ip_address_restriction(ip_address) def set_ip_address_restriction(ip_address)
QA::Runtime::Logger.debug(%Q[Setting ip address restriction to: #{ip_address}]) QA::Runtime::Logger.debug(%Q[Setting ip address restriction to: #{ip_address}])
expand_section(:permission_lfs_2fa_section) expand_section(:permission_lfs_2fa_section)
find_element(:ip_restriction_field).send_keys([:command, 'a'], :backspace)
find_element(:ip_restriction_field).set ip_address
click_element :save_permissions_changes_button
end
def restricted_ip_address # GitLab UI Token Selector (https://gitlab-org.gitlab.io/gitlab-ui/?path=/story/base-token-selector--default)
expand_section(:permission_lfs_2fa_section) # `data-qa-*` can only be added to the wrapper so custom selector used to find token close buttons and text input
scroll_to_element(:ip_restriction_field) find_element(:ip_restriction_field).all('.gl-token-close', minimum: 0).each do |el|
find_element(:ip_restriction_field).value el.click
end
ip_restriction_field_input = find_element(:ip_restriction_field).find('input[type="text"]')
ip_restriction_field_input.set ip_address
ip_restriction_field_input.send_keys(:enter)
click_element :save_permissions_changes_button
end end
def set_membership_lock_enabled def set_membership_lock_enabled
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment