Merge branch 'ce-to-ee-2018-09-10' into 'master'

CE upstream - 2018-09-10 10:57 UTC

Closes gitlab-ce#51295

See merge request gitlab-org/gitlab-ee!7305

doc/ci/interactive_web_terminal/index.md

 # Getting started with interactive web terminals
 
-> Introduced in GitLab 11.3.
-
-CAUTION: **Warning:**
-Interactive web terminals are in beta, so they might not work properly and
-lack features. For more information [follow issue #25990](https://gitlab.com/gitlab-org/gitlab-ce/issues/25990).
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/50144) in GitLab 11.3.
 
 Interactive web terminals give the user access to a terminal in GitLab for
 running one-of commands for their CI pipeline.

doc/development/README.md

@@ -49,6 +49,7 @@ description: 'Learn how to contribute to GitLab.'
 - [Working with the GitHub importer](github_importer.md)
 - [Elasticsearch integration docs](elasticsearch.md)
 - [Working with Merge Request diffs](diffs.md)
+- [Permissions](permissions.md)
 - [Prometheus metrics](prometheus_metrics.md)
 
 ## Performance guides

doc/development/permissions.md

+# GitLab permissions guide
+
+There are multiple types of permissions across GitLab, and when implementing
+anything that deals with permissions, all of them should be considered.
+
+## Groups and Projects
+
+### General permissions
+
+Groups and projects can have the following visibility levels:
+
+- public (20) -  an entity is visible to everyone
+- internal (10) - an entity is visible to logged in users
+- private (0) - an entity is visible only to the approved members of the entity
+
+The visibility level of a group can be changed  only if all subgroups and
+subprojects have the same or lower visibility level. (e.g., a group can be set
+to internal only if all subgroups and projects are internal or private).
+
+Visibility levels can be found in the `Gitlab::VisibilityLevel` module.
+
+### Feature specific permissions
+
+Additionally, the following project features can have different visibility levels:
+
+- Issues
+- Repository
+  - Merge Request
+  - Pipelines
+  - Container Registry
+  - Git Large File Storage
+- Wiki
+- Snippets
+
+These features can be set to "Everyone with Access" or "Only Project Members".
+They make sense only for public or internal projects because private projects
+can be accessed only by project members by default.
+
+### Members
+
+Users can be members of multiple groups and projects. The following access
+levels are available (defined in the `Gitlab::Access` module):
+
+- Guest
+- Reporter
+- Developer
+- Maintainer
+- Owner
+
+If a user is the member of both a project and the project parent group, the
+higher permission is taken into account for the project.
+
+If a user is the member of a project, but not the parent group (or groups), they
+can still view the groups and their entities (like epics).
+
+Project membership (where the group membership is already taken into account)
+is stored in the `project_authorizations` table.
+
+### Confidential issues
+
+Confidential issues can be accessed only by project members who are at least
+reporters (they can't be accessed by guests). Additionally they can be accessed
+by their authors and assignees.

qa/qa/ee/scenario/test/geo.rb

@@ -8,6 +8,8 @@ module QA
         class Geo < QA::Scenario::Template
           include QA::Scenario::Bootable
 
+          tags :geo
+
           attribute :geo_primary_address, '--primary-address PRIMARY'
           attribute :geo_primary_name, '--primary-name PRIMARY_NAME'
           attribute :geo_secondary_address, '--secondary-address SECONDARY'
@@ -32,8 +34,8 @@ module QA
 
             Specs::Runner.perform do |specs|
               specs.tty = true
-              specs.tags = %w[geo]
-              specs.options = rspec_options.any? ? rspec_options : 'qa/specs/features'
+              specs.tags = self.class.focus
+              specs.options = rspec_options if rspec_options.any?
             end
           end
 

qa/qa/specs/runner.rb

@@ -5,10 +5,12 @@ module QA
     class Runner < Scenario::Template
       attr_accessor :tty, :tags, :options
 
+      DEFAULT_TEST_PATH_ARGS = ['--', File.expand_path('./features', __dir__)].freeze
+
       def initialize
         @tty = false
         @tags = []
-        @options = [File.expand_path('./features', __dir__)]
+        @options = []
       end
 
       def perform
@@ -18,10 +20,11 @@ module QA
         if tags.any?
           tags.each { |tag| args.push(['--tag', tag.to_s]) }
         else
-          args.push(%w[--tag ~orchestrated])
+          args.push(%w[--tag ~orchestrated]) unless (%w[-t --tag] & options).any?
         end
 
         args.push(options)
+        args.push(DEFAULT_TEST_PATH_ARGS) unless options.any? { |opt| opt =~ %r{/features/} }
 
         Runtime::Browser.configure!
 

qa/spec/specs/runner_spec.rb

@@ -7,43 +7,65 @@ describe QA::Specs::Runner do
     end
 
     it 'excludes the orchestrated tag by default' do
-      expect(RSpec::Core::Runner).to receive(:run)
-        .with(['--tag', '~orchestrated', File.expand_path('../../qa/specs/features', __dir__)], $stderr, $stdout)
-        .and_return(0)
+      expect_rspec_runner_arguments(['--tag', '~orchestrated', *described_class::DEFAULT_TEST_PATH_ARGS])
 
       subject.perform
     end
 
     context 'when tty is set' do
-      subject do
-        described_class.new.tap do |runner|
-          runner.tty = true
-        end
-      end
+      subject { described_class.new.tap { |runner| runner.tty = true } }
 
       it 'sets the `--tty` flag' do
-        expect(RSpec::Core::Runner).to receive(:run)
-          .with(['--tty', '--tag', '~orchestrated', File.expand_path('../../qa/specs/features', __dir__)], $stderr, $stdout)
-          .and_return(0)
+        expect_rspec_runner_arguments(['--tty', '--tag', '~orchestrated', *described_class::DEFAULT_TEST_PATH_ARGS])
 
         subject.perform
       end
     end
 
     context 'when tags are set' do
-      subject do
-        described_class.new.tap do |runner|
-          runner.tags = %i[orchestrated github]
-        end
-      end
+      subject { described_class.new.tap { |runner| runner.tags = %i[orchestrated github] } }
 
       it 'focuses on the given tags' do
-        expect(RSpec::Core::Runner).to receive(:run)
-          .with(['--tag', 'orchestrated', '--tag', 'github', File.expand_path('../../qa/specs/features', __dir__)], $stderr, $stdout)
-          .and_return(0)
+        expect_rspec_runner_arguments(['--tag', 'orchestrated', '--tag', 'github', *described_class::DEFAULT_TEST_PATH_ARGS])
+
+        subject.perform
+      end
+    end
+
+    context 'when "--tag smoke" is set as options' do
+      subject { described_class.new.tap { |runner| runner.options = %w[--tag smoke] } }
+
+      it 'focuses on the given tag without excluded the orchestrated tag' do
+        expect_rspec_runner_arguments(['--tag', 'smoke', *described_class::DEFAULT_TEST_PATH_ARGS])
+
+        subject.perform
+      end
+    end
+
+    context 'when "qa/specs/features/foo" is set as options' do
+      subject { described_class.new.tap { |runner| runner.options = %w[qa/specs/features/foo] } }
+
+      it 'passes the given tests path and excludes the orchestrated tag' do
+        expect_rspec_runner_arguments(['--tag', '~orchestrated', 'qa/specs/features/foo'])
 
         subject.perform
       end
     end
+
+    context 'when "-- qa/specs/features/foo" is set as options' do
+      subject { described_class.new.tap { |runner| runner.options = %w[-- qa/specs/features/foo] } }
+
+      it 'passes the given tests path and excludes the orchestrated tag' do
+        expect_rspec_runner_arguments(['--tag', '~orchestrated', '--', 'qa/specs/features/foo'])
+
+        subject.perform
+      end
+    end
+
+    def expect_rspec_runner_arguments(arguments)
+      expect(RSpec::Core::Runner).to receive(:run)
+        .with(arguments, $stderr, $stdout)
+        .and_return(0)
+    end
   end
 end