Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
ad1824fc
Commit
ad1824fc
authored
Sep 28, 2021
by
GitLab Bot
Browse files
Options
Browse Files
Download
Plain Diff
Automatic merge of gitlab-org/gitlab master
parents
5fbbc478
02f8eadd
Changes
17
Hide whitespace changes
Inline
Side-by-side
Showing
17 changed files
with
157 additions
and
103 deletions
+157
-103
app/assets/javascripts/mr_popover/index.js
app/assets/javascripts/mr_popover/index.js
+6
-1
app/assets/javascripts/vue_merge_request_widget/components/extensions/base.vue
...s/vue_merge_request_widget/components/extensions/base.vue
+1
-3
doc/administration/gitaly/index.md
doc/administration/gitaly/index.md
+12
-0
ee/app/services/app_sec/dast/site_profile_secret_variables/create_or_update_service.rb
...site_profile_secret_variables/create_or_update_service.rb
+58
-0
ee/app/services/app_sec/dast/site_profile_secret_variables/destroy_service.rb
...sec/dast/site_profile_secret_variables/destroy_service.rb
+27
-0
ee/app/services/app_sec/dast/site_profiles/create_service.rb
ee/app/services/app_sec/dast/site_profiles/create_service.rb
+1
-1
ee/app/services/app_sec/dast/site_profiles/update_service.rb
ee/app/services/app_sec/dast/site_profiles/update_service.rb
+2
-2
ee/app/services/dast/site_profile_secret_variables/create_or_update_service.rb
...site_profile_secret_variables/create_or_update_service.rb
+0
-56
ee/app/services/dast/site_profile_secret_variables/destroy_service.rb
...ces/dast/site_profile_secret_variables/destroy_service.rb
+0
-25
ee/spec/graphql/mutations/dast_site_profiles/create_spec.rb
ee/spec/graphql/mutations/dast_site_profiles/create_spec.rb
+2
-2
ee/spec/graphql/mutations/dast_site_profiles/update_spec.rb
ee/spec/graphql/mutations/dast_site_profiles/update_spec.rb
+2
-2
ee/spec/services/app_sec/dast/site_profile_secret_variables/create_or_update_service_spec.rb
...profile_secret_variables/create_or_update_service_spec.rb
+1
-1
ee/spec/services/app_sec/dast/site_profile_secret_variables/destroy_service_spec.rb
...ast/site_profile_secret_variables/destroy_service_spec.rb
+1
-1
ee/spec/services/app_sec/dast/site_profiles/create_service_spec.rb
...ervices/app_sec/dast/site_profiles/create_service_spec.rb
+1
-1
ee/spec/services/app_sec/dast/site_profiles/update_service_spec.rb
...ervices/app_sec/dast/site_profiles/update_service_spec.rb
+1
-1
lib/backup/gitaly_backup.rb
lib/backup/gitaly_backup.rb
+8
-1
spec/lib/backup/gitaly_backup_spec.rb
spec/lib/backup/gitaly_backup_spec.rb
+34
-6
No files found.
app/assets/javascripts/mr_popover/index.js
View file @
ad1824fc
...
...
@@ -48,7 +48,12 @@ export default (elements) => {
Vue
.
use
(
VueApollo
);
const
apolloProvider
=
new
VueApollo
({
defaultClient
:
createDefaultClient
(),
defaultClient
:
createDefaultClient
(
{},
{
assumeImmutableResults
:
true
,
},
),
});
const
listenerAddedAttr
=
'
data-mr-listener-added
'
;
...
...
app/assets/javascripts/vue_merge_request_widget/components/extensions/base.vue
View file @
ad1824fc
...
...
@@ -140,9 +140,7 @@ export default {
<div
class=
"gl-mt-2 gl-mb-2 align-content-around align-items-start flex-wrap align-self-center d-flex"
>
<div
class=
"gl-mr-4"
>
{{ data.text }}
</div>
<div
v-safe-html=
"data.text"
class=
"gl-mr-4"
></div>
<div
v-if=
"data.link"
>
<gl-link
:href=
"data.link.href"
>
{{ data.link.text }}
</gl-link>
</div>
...
...
doc/administration/gitaly/index.md
View file @
ad1824fc
...
...
@@ -379,6 +379,18 @@ Some [known database inconsistency issues](#known-issues) exist in Gitaly Cluste
remain on your current service for now. We can adjust the date for
[
NFS support removal
](
#nfs-deprecation-notice
)
if this applies to you.
### Migrate off Gitaly Cluster
If you have repositories stored on a Gitaly Cluster, but you'd like to migrate
them back to direct Gitaly storage:
1.
Create and configure a new
[
Gitaly server
](
configure_gitaly.md#run-gitaly-on-its-own-server
)
.
1.
[
Move the repositories
](
../operations/moving_repositories.md#move-repositories
)
to the newly created storage. There are different possibilities to move them
by shard or by group, this gives you the opportunity to spread them over
multiple Gitaly servers.
## Monitor Gitaly and Gitaly Cluster
You can use the available logs and
[
Prometheus metrics
](
../monitoring/prometheus/index.md
)
to
...
...
ee/app/services/app_sec/dast/site_profile_secret_variables/create_or_update_service.rb
0 → 100644
View file @
ad1824fc
# frozen_string_literal: true
module
AppSec
module
Dast
module
SiteProfileSecretVariables
class
CreateOrUpdateService
<
BaseContainerService
def
execute
return
error_response
(
'Insufficient permissions'
)
unless
allowed?
return
error_response
(
'Dast site profile param is missing'
)
unless
site_profile
return
error_response
(
'Key param is missing'
)
unless
key
return
error_response
(
'Raw value param is missing'
)
unless
raw_value
secret_variable
=
find_or_create_secret_variable
return
error_response
(
secret_variable
.
errors
.
full_messages
)
unless
secret_variable
.
valid?
&&
secret_variable
.
persisted?
success_response
(
secret_variable
)
end
private
def
allowed?
Ability
.
allowed?
(
current_user
,
:create_on_demand_dast_scan
,
container
)
end
def
site_profile
params
[
:dast_site_profile
]
end
def
key
params
[
:key
]
end
def
raw_value
params
[
:raw_value
]
end
def
success_response
(
secret_variable
)
ServiceResponse
.
success
(
payload:
secret_variable
)
end
def
error_response
(
message
)
ServiceResponse
.
error
(
message:
message
)
end
# rubocop: disable CodeReuse/ActiveRecord
def
find_or_create_secret_variable
secret_variable
=
::
Dast
::
SiteProfileSecretVariable
.
find_or_initialize_by
(
dast_site_profile:
site_profile
,
key:
key
)
secret_variable
.
update
(
raw_value:
raw_value
)
secret_variable
end
# rubocop: enable CodeReuse/ActiveRecord
end
end
end
end
ee/app/services/app_sec/dast/site_profile_secret_variables/destroy_service.rb
0 → 100644
View file @
ad1824fc
# frozen_string_literal: true
module
AppSec
module
Dast
module
SiteProfileSecretVariables
class
DestroyService
<
BaseContainerService
def
execute
return
ServiceResponse
.
error
(
message:
'Insufficient permissions'
)
unless
allowed?
return
ServiceResponse
.
error
(
message:
'Variable parameter missing'
)
unless
dast_site_profile_secret_variable
return
ServiceResponse
.
error
(
message:
'Variable failed to delete'
)
unless
dast_site_profile_secret_variable
.
destroy
ServiceResponse
.
success
(
payload:
dast_site_profile_secret_variable
)
end
private
def
allowed?
Ability
.
allowed?
(
current_user
,
:create_on_demand_dast_scan
,
container
)
end
def
dast_site_profile_secret_variable
params
[
:dast_site_profile_secret_variable
]
end
end
end
end
end
ee/app/services/app_sec/dast/site_profiles/create_service.rb
View file @
ad1824fc
...
...
@@ -51,7 +51,7 @@ module AppSec
def
create_secret_variable!
(
key
,
value
)
return
ServiceResponse
.
success
unless
value
response
=
::
Dast
::
SiteProfileSecretVariables
::
CreateOrUpdateService
.
new
(
response
=
::
AppSec
::
Dast
::
SiteProfileSecretVariables
::
CreateOrUpdateService
.
new
(
container:
project
,
current_user:
current_user
,
params:
{
dast_site_profile:
dast_site_profile
,
key:
key
,
raw_value:
value
}
...
...
ee/app/services/app_sec/dast/site_profiles/update_service.rb
View file @
ad1824fc
...
...
@@ -73,7 +73,7 @@ module AppSec
return
delete_secret_variable!
(
key
)
if
value
==
''
response
=
::
Dast
::
SiteProfileSecretVariables
::
CreateOrUpdateService
.
new
(
response
=
::
AppSec
::
Dast
::
SiteProfileSecretVariables
::
CreateOrUpdateService
.
new
(
container:
project
,
current_user:
current_user
,
params:
{
dast_site_profile:
dast_site_profile
,
key:
key
,
raw_value:
value
}
...
...
@@ -90,7 +90,7 @@ module AppSec
return
ServiceResponse
.
success
unless
variable
response
=
::
Dast
::
SiteProfileSecretVariables
::
DestroyService
.
new
(
response
=
::
AppSec
::
Dast
::
SiteProfileSecretVariables
::
DestroyService
.
new
(
container:
project
,
current_user:
current_user
,
params:
{
dast_site_profile_secret_variable:
variable
}
...
...
ee/app/services/dast/site_profile_secret_variables/create_or_update_service.rb
deleted
100644 → 0
View file @
5fbbc478
# frozen_string_literal: true
module
Dast
module
SiteProfileSecretVariables
class
CreateOrUpdateService
<
BaseContainerService
def
execute
return
error_response
(
'Insufficient permissions'
)
unless
allowed?
return
error_response
(
'Dast site profile param is missing'
)
unless
site_profile
return
error_response
(
'Key param is missing'
)
unless
key
return
error_response
(
'Raw value param is missing'
)
unless
raw_value
secret_variable
=
find_or_create_secret_variable
return
error_response
(
secret_variable
.
errors
.
full_messages
)
unless
secret_variable
.
valid?
&&
secret_variable
.
persisted?
success_response
(
secret_variable
)
end
private
def
allowed?
Ability
.
allowed?
(
current_user
,
:create_on_demand_dast_scan
,
container
)
end
def
site_profile
params
[
:dast_site_profile
]
end
def
key
params
[
:key
]
end
def
raw_value
params
[
:raw_value
]
end
def
success_response
(
secret_variable
)
ServiceResponse
.
success
(
payload:
secret_variable
)
end
def
error_response
(
message
)
ServiceResponse
.
error
(
message:
message
)
end
# rubocop: disable CodeReuse/ActiveRecord
def
find_or_create_secret_variable
secret_variable
=
Dast
::
SiteProfileSecretVariable
.
find_or_initialize_by
(
dast_site_profile:
site_profile
,
key:
key
)
secret_variable
.
update
(
raw_value:
raw_value
)
secret_variable
end
# rubocop: enable CodeReuse/ActiveRecord
end
end
end
ee/app/services/dast/site_profile_secret_variables/destroy_service.rb
deleted
100644 → 0
View file @
5fbbc478
# frozen_string_literal: true
module
Dast
module
SiteProfileSecretVariables
class
DestroyService
<
BaseContainerService
def
execute
return
ServiceResponse
.
error
(
message:
'Insufficient permissions'
)
unless
allowed?
return
ServiceResponse
.
error
(
message:
'Variable parameter missing'
)
unless
dast_site_profile_secret_variable
return
ServiceResponse
.
error
(
message:
'Variable failed to delete'
)
unless
dast_site_profile_secret_variable
.
destroy
ServiceResponse
.
success
(
payload:
dast_site_profile_secret_variable
)
end
private
def
allowed?
Ability
.
allowed?
(
current_user
,
:create_on_demand_dast_scan
,
container
)
end
def
dast_site_profile_secret_variable
params
[
:dast_site_profile_secret_variable
]
end
end
end
end
ee/spec/graphql/mutations/dast_site_profiles/create_spec.rb
View file @
ad1824fc
...
...
@@ -129,10 +129,10 @@ RSpec.describe Mutations::DastSiteProfiles::Create do
context
'when variable creation fails'
do
it
'returns an error and the dast_site_profile'
do
service
=
double
(
Dast
::
SiteProfileSecretVariables
::
CreateOrUpdateService
)
service
=
double
(
AppSec
::
Dast
::
SiteProfileSecretVariables
::
CreateOrUpdateService
)
result
=
ServiceResponse
.
error
(
payload:
create
(
:dast_site_profile
),
message:
'Oops'
)
allow
(
Dast
::
SiteProfileSecretVariables
::
CreateOrUpdateService
).
to
receive
(
:new
).
and_return
(
service
)
allow
(
AppSec
::
Dast
::
SiteProfileSecretVariables
::
CreateOrUpdateService
).
to
receive
(
:new
).
and_return
(
service
)
allow
(
service
).
to
receive
(
:execute
).
and_return
(
result
)
expect
(
subject
).
to
include
(
errors:
[
'Oops'
])
...
...
ee/spec/graphql/mutations/dast_site_profiles/update_spec.rb
View file @
ad1824fc
...
...
@@ -146,10 +146,10 @@ RSpec.describe Mutations::DastSiteProfiles::Update do
context
'when variable creation fails'
do
it
'returns an error and the dast_site_profile'
do
service
=
double
(
Dast
::
SiteProfileSecretVariables
::
CreateOrUpdateService
)
service
=
double
(
AppSec
::
Dast
::
SiteProfileSecretVariables
::
CreateOrUpdateService
)
result
=
ServiceResponse
.
error
(
payload:
create
(
:dast_site_profile
),
message:
'Oops'
)
allow
(
Dast
::
SiteProfileSecretVariables
::
CreateOrUpdateService
).
to
receive
(
:new
).
and_return
(
service
)
allow
(
AppSec
::
Dast
::
SiteProfileSecretVariables
::
CreateOrUpdateService
).
to
receive
(
:new
).
and_return
(
service
)
allow
(
service
).
to
receive
(
:execute
).
and_return
(
result
)
expect
(
subject
).
to
include
(
errors:
[
'Oops'
])
...
...
ee/spec/services/dast/site_profile_secret_variables/create_or_update_service_spec.rb
→
ee/spec/services/
app_sec/
dast/site_profile_secret_variables/create_or_update_service_spec.rb
View file @
ad1824fc
...
...
@@ -2,7 +2,7 @@
require
'spec_helper'
RSpec
.
describe
Dast
::
SiteProfileSecretVariables
::
CreateOrUpdateService
do
RSpec
.
describe
AppSec
::
Dast
::
SiteProfileSecretVariables
::
CreateOrUpdateService
do
let_it_be
(
:project
)
{
create
(
:project
)
}
let_it_be
(
:dast_profile
)
{
create
(
:dast_profile
,
project:
project
)
}
let_it_be
(
:developer
)
{
create
(
:user
,
developer_projects:
[
project
]
)
}
...
...
ee/spec/services/dast/site_profile_secret_variables/destroy_service_spec.rb
→
ee/spec/services/
app_sec/
dast/site_profile_secret_variables/destroy_service_spec.rb
View file @
ad1824fc
...
...
@@ -2,7 +2,7 @@
require
'spec_helper'
RSpec
.
describe
Dast
::
SiteProfileSecretVariables
::
DestroyService
do
RSpec
.
describe
AppSec
::
Dast
::
SiteProfileSecretVariables
::
DestroyService
do
include
GraphqlHelpers
let_it_be
(
:user
)
{
create
(
:user
)
}
...
...
ee/spec/services/app_sec/dast/site_profiles/create_service_spec.rb
View file @
ad1824fc
...
...
@@ -150,7 +150,7 @@ RSpec.describe AppSec::Dast::SiteProfiles::CreateService do
shared_examples
'it handles secret variable creation failure'
do
before
do
allow_next_instance_of
(
Dast
::
SiteProfileSecretVariables
::
CreateOrUpdateService
)
do
|
service
|
allow_next_instance_of
(
AppSec
::
Dast
::
SiteProfileSecretVariables
::
CreateOrUpdateService
)
do
|
service
|
response
=
ServiceResponse
.
error
(
message:
'Something went wrong'
)
allow
(
service
).
to
receive
(
:execute
).
and_return
(
response
)
...
...
ee/spec/services/app_sec/dast/site_profiles/update_service_spec.rb
View file @
ad1824fc
...
...
@@ -184,7 +184,7 @@ RSpec.describe AppSec::Dast::SiteProfiles::UpdateService do
shared_examples
'it handles secret variable updating failure'
do
before
do
allow_next_instance_of
(
Dast
::
SiteProfileSecretVariables
::
CreateOrUpdateService
)
do
|
service
|
allow_next_instance_of
(
AppSec
::
Dast
::
SiteProfileSecretVariables
::
CreateOrUpdateService
)
do
|
service
|
response
=
ServiceResponse
.
error
(
message:
'Something went wrong'
)
allow
(
service
).
to
receive
(
:execute
).
and_return
(
response
)
...
...
lib/backup/gitaly_backup.rb
View file @
ad1824fc
...
...
@@ -25,7 +25,7 @@ module Backup
args
+=
[
'-parallel'
,
@parallel
.
to_s
]
if
@parallel
args
+=
[
'-parallel-storage'
,
@parallel_storage
.
to_s
]
if
@parallel_storage
@stdin
,
stdout
,
@thread
=
Open3
.
popen2
(
ENV
,
bin_path
,
command
,
'-path'
,
backup_repos_path
,
*
args
)
@stdin
,
stdout
,
@thread
=
Open3
.
popen2
(
build_env
,
bin_path
,
command
,
'-path'
,
backup_repos_path
,
*
args
)
@out_reader
=
Thread
.
new
do
IO
.
copy_stream
(
stdout
,
@progress
)
...
...
@@ -63,6 +63,13 @@ module Backup
private
def
build_env
{
'SSL_CERT_FILE'
=>
OpenSSL
::
X509
::
DEFAULT_CERT_FILE
,
'SSL_CERT_DIR'
=>
OpenSSL
::
X509
::
DEFAULT_CERT_DIR
}.
merge
(
ENV
)
end
def
started?
@thread
.
present?
end
...
...
spec/lib/backup/gitaly_backup_spec.rb
View file @
ad1824fc
...
...
@@ -5,12 +5,20 @@ require 'spec_helper'
RSpec
.
describe
Backup
::
GitalyBackup
do
let
(
:parallel
)
{
nil
}
let
(
:parallel_storage
)
{
nil
}
let
(
:progress
)
do
Tempfile
.
new
(
'progress'
).
tap
do
|
progress
|
progress
.
unlink
end
end
let
(
:expected_env
)
do
{
'SSL_CERT_FILE'
=>
OpenSSL
::
X509
::
DEFAULT_CERT_FILE
,
'SSL_CERT_DIR'
=>
OpenSSL
::
X509
::
DEFAULT_CERT_DIR
}.
merge
(
ENV
)
end
after
do
progress
.
close
end
...
...
@@ -32,7 +40,7 @@ RSpec.describe Backup::GitalyBackup do
project_snippet
=
create
(
:project_snippet
,
:repository
,
project:
project
)
personal_snippet
=
create
(
:personal_snippet
,
:repository
,
author:
project
.
owner
)
expect
(
Open3
).
to
receive
(
:popen2
).
with
(
ENV
,
anything
,
'create'
,
'-path'
,
anything
).
and_call_original
expect
(
Open3
).
to
receive
(
:popen2
).
with
(
expected_env
,
anything
,
'create'
,
'-path'
,
anything
).
and_call_original
subject
.
start
(
:create
)
subject
.
enqueue
(
project
,
Gitlab
::
GlRepository
::
PROJECT
)
...
...
@@ -53,7 +61,7 @@ RSpec.describe Backup::GitalyBackup do
let
(
:parallel
)
{
3
}
it
'passes parallel option through'
do
expect
(
Open3
).
to
receive
(
:popen2
).
with
(
ENV
,
anything
,
'create'
,
'-path'
,
anything
,
'-parallel'
,
'3'
).
and_call_original
expect
(
Open3
).
to
receive
(
:popen2
).
with
(
expected_env
,
anything
,
'create'
,
'-path'
,
anything
,
'-parallel'
,
'3'
).
and_call_original
subject
.
start
(
:create
)
subject
.
wait
...
...
@@ -64,7 +72,7 @@ RSpec.describe Backup::GitalyBackup do
let
(
:parallel_storage
)
{
3
}
it
'passes parallel option through'
do
expect
(
Open3
).
to
receive
(
:popen2
).
with
(
ENV
,
anything
,
'create'
,
'-path'
,
anything
,
'-parallel-storage'
,
'3'
).
and_call_original
expect
(
Open3
).
to
receive
(
:popen2
).
with
(
expected_env
,
anything
,
'create'
,
'-path'
,
anything
,
'-parallel-storage'
,
'3'
).
and_call_original
subject
.
start
(
:create
)
subject
.
wait
...
...
@@ -90,6 +98,26 @@ RSpec.describe Backup::GitalyBackup do
it_behaves_like
'creates a repository backup'
end
context
'custom SSL envs set'
do
let
(
:ssl_env
)
do
{
'SSL_CERT_FILE'
=>
'/some/cert/file'
,
'SSL_CERT_DIR'
=>
'/some/cert'
}
end
before
do
stub_const
(
'ENV'
,
ssl_env
)
end
it
'passes through SSL envs'
do
expect
(
Open3
).
to
receive
(
:popen2
).
with
(
ssl_env
,
anything
,
'create'
,
'-path'
,
anything
).
and_call_original
subject
.
start
(
:create
)
subject
.
wait
end
end
end
context
'restore'
do
...
...
@@ -109,7 +137,7 @@ RSpec.describe Backup::GitalyBackup do
copy_bundle_to_backup_path
(
'personal_snippet_repo.bundle'
,
personal_snippet
.
disk_path
+
'.bundle'
)
copy_bundle_to_backup_path
(
'project_snippet_repo.bundle'
,
project_snippet
.
disk_path
+
'.bundle'
)
expect
(
Open3
).
to
receive
(
:popen2
).
with
(
ENV
,
anything
,
'restore'
,
'-path'
,
anything
).
and_call_original
expect
(
Open3
).
to
receive
(
:popen2
).
with
(
expected_env
,
anything
,
'restore'
,
'-path'
,
anything
).
and_call_original
subject
.
start
(
:restore
)
subject
.
enqueue
(
project
,
Gitlab
::
GlRepository
::
PROJECT
)
...
...
@@ -132,7 +160,7 @@ RSpec.describe Backup::GitalyBackup do
let
(
:parallel
)
{
3
}
it
'passes parallel option through'
do
expect
(
Open3
).
to
receive
(
:popen2
).
with
(
ENV
,
anything
,
'restore'
,
'-path'
,
anything
,
'-parallel'
,
'3'
).
and_call_original
expect
(
Open3
).
to
receive
(
:popen2
).
with
(
expected_env
,
anything
,
'restore'
,
'-path'
,
anything
,
'-parallel'
,
'3'
).
and_call_original
subject
.
start
(
:restore
)
subject
.
wait
...
...
@@ -143,7 +171,7 @@ RSpec.describe Backup::GitalyBackup do
let
(
:parallel_storage
)
{
3
}
it
'passes parallel option through'
do
expect
(
Open3
).
to
receive
(
:popen2
).
with
(
ENV
,
anything
,
'restore'
,
'-path'
,
anything
,
'-parallel-storage'
,
'3'
).
and_call_original
expect
(
Open3
).
to
receive
(
:popen2
).
with
(
expected_env
,
anything
,
'restore'
,
'-path'
,
anything
,
'-parallel-storage'
,
'3'
).
and_call_original
subject
.
start
(
:restore
)
subject
.
wait
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment