Add latest changes from gitlab-org/gitlab@master

31040b5b · GitLab Bot · 185f428f · 31040b5b · 31040b5b · 31040b5b
Commit 31040b5b authored 5 years ago by GitLab Bot
--- a/app/views/devise/shared/_signin_box.html.haml
+++ b/app/views/devise/shared/_signin_box.html.haml
@@ -22,3 +22,8 @@
  .login-box.tab-pane.active{ id: 'login-pane', role: 'tabpanel' }
    .login-body
      = render 'devise/sessions/new_base'
+
+- if use_experimental_separate_sign_up_flow?
+  %p.light.mt-2
+    = _("Don't have an account yet?")
+    = link_to _("Register now"), new_registration_path(:user)
--- a/app/views/layouts/_head.html.haml
+++ b/app/views/layouts/_head.html.haml
 - page_description brand_title unless page_description
  
+-# Needs a redirect on the client side since it's using an anchor to distuingish
+-# between sign in and registration. We need to inline the JS to not render
+-# anything from this page beforehand.
+-# Part of an experiment to build a new sign up flow. Will be removed again with
+-# https://gitlab.com/gitlab-org/growth/engineering/issues/64
+- if use_experimental_separate_sign_up_flow? && current_path?("sessions#new")
+  = javascript_tag nonce: true do
+    :plain
+      if (window.location.hash === '#register-pane') {
+        window.location.replace("/users/sign_up")
+      }
+
 - site_name = "GitLab"
 %head{ prefix: "og: http://ogp.me/ns#" }
  %meta{ charset: "utf-8" }

--- a/app/views/layouts/devise_experimental_separate_sign_up_flow.html.haml
+++ b/app/views/layouts/devise_experimental_separate_sign_up_flow.html.haml
+!!! 5
+%html.devise-layout-html.navless{ class: system_message_class }
+  = render "layouts/head"
+  %body.ui-indigo.signup-page.application.navless{ class: "#{client_class_list}", data: { page: body_data_page, qa_selector: 'signup_page' } }
+    = header_message
+    = render "layouts/init_client_detection_flags"
+    .page-wrap
+      .container.signup-box-container.navless-container.mt-0
+        = render "layouts/broadcast"
+        .content
+          = render "layouts/flash"
+          .row.mb-3
+            .col-sm-8.offset-sm-2.col-md-6.offset-md-3.new-session-forms-container
+              = render_if_exists 'layouts/devise_help_text'
+              .text-center.signup-heading.mt-3.mb-3
+                = image_tag(image_url('logo.svg'), class: 'gitlab-logo', alt: 'GitLab Logo')
+                %h2= _('Register for GitLab.com')
+              = yield
+      %hr.footer-fixed
+      .footer-container
+        .container
+          .footer-links
+            = link_to _("Help"), help_path
+            = link_to _("About GitLab"), "https://about.gitlab.com/"
+      = footer_message
--- a/changelogs/unreleased/16482-split-sign-in-and-sign-up.yml
+++ b/changelogs/unreleased/16482-split-sign-in-and-sign-up.yml
+---
+title: Experimental separate sign up flow
+merge_request: 16482
+author:
+type: other
--- a/changelogs/unreleased/add-health-checks-exporter.yml
+++ b/changelogs/unreleased/add-health-checks-exporter.yml
+---
+title: Export liveness and readiness probes
+merge_request:
+author:
+type: changed
--- a/changelogs/unreleased/fix-moved-help-doc-administration-monitoring-performance.yml
+++ b/changelogs/unreleased/fix-moved-help-doc-administration-monitoring-performance.yml
+---
+title: Fix moved help URL for monitoring performance
+merge_request:
+author:
+type: fixed
--- a/changelogs/unreleased/groups_api.yml
+++ b/changelogs/unreleased/groups_api.yml
+---
+title: 'API: Add missing group parameters'
+merge_request: 17220
+author: Mathieu Parent
+type: added
--- a/changelogs/unreleased/security-search-by-iid-leaks-data.yml
+++ b/changelogs/unreleased/security-search-by-iid-leaks-data.yml
+---
+title: Limit search for IID to a type to avoid leaking records with the same IID that
+  the user does not have access to
+merge_request:
+author:
+type: security
--- a/doc/api/groups.md
+++ b/doc/api/groups.md
@@ -31,6 +31,13 @@ GET /groups
    "path": "foo-bar",
    "description": "An interesting group",
    "visibility": "public",
+    "share_with_group_lock": false,
+    "require_two_factor_authentication": false,
+    "two_factor_grace_period": 48,
+    "project_creation_level": "developer",
+    "auto_devops_enabled": null,
+    "subgroup_creation_level": "owner",
+    "emails_disabled": null,
    "lfs_enabled": true,
    "avatar_url": "http://localhost:3000/uploads/group/avatar/1/foo.jpg",
    "web_url": "http://localhost:3000/groups/foo-bar",
@@ -57,6 +64,13 @@ GET /groups?statistics=true
    "path": "foo-bar",
    "description": "An interesting group",
    "visibility": "public",
+    "share_with_group_lock": false,
+    "require_two_factor_authentication": false,
+    "two_factor_grace_period": 48,
+    "project_creation_level": "developer",
+    "auto_devops_enabled": null,
+    "subgroup_creation_level": "owner",
+    "emails_disabled": null,
    "lfs_enabled": true,
    "avatar_url": "http://localhost:3000/uploads/group/avatar/1/foo.jpg",
    "web_url": "http://localhost:3000/groups/foo-bar",
@@ -119,6 +133,13 @@ GET /groups/:id/subgroups
    "path": "foo-bar",
    "description": "An interesting group",
    "visibility": "public",
+    "share_with_group_lock": false,
+    "require_two_factor_authentication": false,
+    "two_factor_grace_period": 48,
+    "project_creation_level": "developer",
+    "auto_devops_enabled": null,
+    "subgroup_creation_level": "owner",
+    "emails_disabled": null,
    "lfs_enabled": true,
    "avatar_url": "http://gitlab.example.com/uploads/group/avatar/1/foo.jpg",
    "web_url": "http://gitlab.example.com/groups/foo-bar",
@@ -434,6 +455,13 @@ Parameters:
 | `path`                               | string  | yes      | The path of the group. |
 | `description`                        | string  | no       | The group's description. |
 | `visibility`                         | string  | no       | The group's visibility. Can be `private`, `internal`, or `public`. |
+| `share_with_group_lock`              | boolean | no       | Prevent sharing a project with another group within this group. |
+| `require_two_factor_authentication`  | boolean | no       | Require all users in this group to setup Two-factor authentication. |
+| `two_factor_grace_period`            | integer | no       | Time before Two-factor authentication is enforced (in hours). |
+| `project_creation_level`             | string  | no       | Determine if developers can create projects in the group. Can be `noone` (No one), `maintainer` (Maintainers), or `developer` (Developers + Maintainers). |
+| `auto_devops_enabled`                | boolean | no       | Default to Auto DevOps pipeline for all projects within this group. |
+| `subgroup_creation_level`            | integer | no       | Allowed to create subgroups. Can be `owner` (Owners), or `maintainer` (Maintainers). |
+| `emails_disabled`                    | boolean | no       | Disable email notifications |
 | `lfs_enabled`                        | boolean | no       | Enable/disable Large File Storage (LFS) for the projects in this group. |
 | `request_access_enabled`             | boolean | no       | Allow users to request member access. |
 | `parent_id`                          | integer | no       | The parent group ID for creating nested group. |
@@ -472,6 +500,13 @@ PUT /groups/:id
 | `membership_lock`                    | boolean | no       | **(STARTER)** Prevent adding new members to project membership within this group. |
 | `share_with_group_lock`              | boolean | no       | Prevent sharing a project with another group within this group. |
 | `visibility`                         | string  | no       | The visibility level of the group. Can be `private`, `internal`, or `public`. |
+| `share_with_group_lock`              | boolean | no       | Prevent sharing a project with another group within this group. |
+| `require_two_factor_authentication`  | boolean | no       | Require all users in this group to setup Two-factor authentication. |
+| `two_factor_grace_period`            | integer | no       | Time before Two-factor authentication is enforced (in hours). |
+| `project_creation_level`             | string  | no       | Determine if developers can create projects in the group. Can be `noone` (No one), `maintainer` (Maintainers), or `developer` (Developers + Maintainers). |
+| `auto_devops_enabled`                | boolean | no       | Default to Auto DevOps pipeline for all projects within this group. |
+| `subgroup_creation_level`            | integer | no       | Allowed to create subgroups. Can be `owner` (Owners), or `maintainer` (Maintainers). |
+| `emails_disabled`                    | boolean | no       | Disable email notifications |
 | `lfs_enabled` (optional)             | boolean | no       | Enable/disable Large File Storage (LFS) for the projects in this group. |
 | `request_access_enabled`             | boolean | no       | Allow users to request member access. |
 | `file_template_project_id`           | integer | no       | **(PREMIUM)** The ID of a project to load custom file templates from. |

--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -378,6 +378,13 @@ module API
  
    class Group < BasicGroupDetails
      expose :path, :description, :visibility
+      expose :share_with_group_lock
+      expose :require_two_factor_authentication
+      expose :two_factor_grace_period
+      expose :project_creation_level_str, as: :project_creation_level
+      expose :auto_devops_enabled
+      expose :subgroup_creation_level_str, as: :subgroup_creation_level
+      expose :emails_disabled
      expose :lfs_enabled?, as: :lfs_enabled
      expose :avatar_url do |group, options|
        group.avatar_url(only_path: false)

--- a/lib/api/helpers/groups_helpers.rb
+++ b/lib/api/helpers/groups_helpers.rb
@@ -11,9 +11,15 @@ module API
        optional :visibility, type: String,
                 values: Gitlab::VisibilityLevel.string_values,
                 desc: 'The visibility of the group'
+        optional :share_with_group_lock, type: Boolean, desc: 'Prevent sharing a project with another group within this group'
+        optional :require_two_factor_authentication, type: Boolean, desc: 'Require all users in this group to setup Two-factor authentication'
+        optional :two_factor_grace_period, type: Integer, desc: 'Time before Two-factor authentication is enforced'
+        optional :project_creation_level, type: String, values: ::Gitlab::Access.project_creation_string_values, desc: 'Determine if developers can create projects in the group', as: :project_creation_level_str
+        optional :auto_devops_enabled, type: Boolean, desc: 'Default to Auto DevOps pipeline for all projects within this group'
+        optional :subgroup_creation_level, type: String, values: ::Gitlab::Access.subgroup_creation_string_values, desc: 'Allowed to create subgroups', as: :subgroup_creation_level_str
+        optional :emails_disabled, type: Boolean, desc: 'Disable email notifications'
        optional :lfs_enabled, type: Boolean, desc: 'Enable/disable LFS for the projects in this group'
        optional :request_access_enabled, type: Boolean, desc: 'Allow users to request member access'
-        optional :share_with_group_lock, type: Boolean, desc: 'Prevent sharing a project with another group within this group'
      end
  
      params :optional_params_ee do

--- a/lib/gitlab/access.rb
+++ b/lib/gitlab/access.rb
@@ -103,10 +103,22 @@ module Gitlab
        }
      end
  
+      def project_creation_string_options
+        {
+          'noone'       => NO_ONE_PROJECT_ACCESS,
+          'maintainer'  => MAINTAINER_PROJECT_ACCESS,
+          'developer'   => DEVELOPER_MAINTAINER_PROJECT_ACCESS
+        }
+      end
+
      def project_creation_values
        project_creation_options.values
      end
  
+      def project_creation_string_values
+        project_creation_string_options.keys
+      end
+
      def project_creation_level_name(name)
        project_creation_options.key(name)
      end
@@ -117,6 +129,21 @@ module Gitlab
          s_('SubgroupCreationlevel|Maintainers') => MAINTAINER_SUBGROUP_ACCESS
        }
      end
+
+      def subgroup_creation_string_options
+        {
+          'owner'      => OWNER_SUBGROUP_ACCESS,
+          'maintainer' => MAINTAINER_SUBGROUP_ACCESS
+        }
+      end
+
+      def subgroup_creation_values
+        subgroup_creation_options.values
+      end
+
+      def subgroup_creation_string_values
+        subgroup_creation_string_options.keys
+      end
    end
  
    def human_access

--- a/lib/gitlab/health_checks/probes/liveness.rb
+++ b/lib/gitlab/health_checks/probes/liveness.rb
+# frozen_string_literal: true
+
+module Gitlab
+  module HealthChecks
+    module Probes
+      class Liveness
+        def execute
+          Probes::Status.new(200, status: 'ok')
+        end
+      end
+    end
+  end
+end
--- a/lib/gitlab/health_checks/probes/readiness.rb
+++ b/lib/gitlab/health_checks/probes/readiness.rb
+# frozen_string_literal: true
+
+module Gitlab
+  module HealthChecks
+    module Probes
+      class Readiness
+        attr_reader :checks
+
+        # This accepts an array of Proc
+        # that returns `::Gitlab::HealthChecks::Result`
+        def initialize(*additional_checks)
+          @checks = ::Gitlab::HealthChecks::CHECKS.map { |check| check.method(:readiness) }
+          @checks += additional_checks
+        end
+
+        def execute
+          readiness = probe_readiness
+          success = all_succeeded?(readiness)
+
+          Probes::Status.new(
+            success ? 200 : 503,
+            status(success).merge(payload(readiness))
+          )
+        end
+
+        private
+
+        def all_succeeded?(readiness)
+          readiness.all? do |name, probes|
+            probes.any?(&:success)
+          end
+        end
+
+        def status(success)
+          { status: success ? 'ok' : 'failed' }
+        end
+
+        def payload(readiness)
+          readiness.transform_values do |probes|
+            probes.map(&:payload)
+          end
+        end
+
+        def probe_readiness
+          checks
+            .flat_map(&:call)
+            .compact
+            .group_by(&:name)
+        end
+      end
+    end
+  end
+end
--- a/lib/gitlab/health_checks/probes/status.rb
+++ b/lib/gitlab/health_checks/probes/status.rb
+# frozen_string_literal: true
+
+module Gitlab
+  module HealthChecks
+    module Probes
+      Status = Struct.new(:http_status, :json) do
+        # We accept 2xx
+        def success?
+          http_status / 100 == 2
+        end
+      end
+    end
+  end
+end
--- a/lib/gitlab/metrics/exporter/base_exporter.rb
+++ b/lib/gitlab/metrics/exporter/base_exporter.rb
@@ -31,7 +31,15 @@ module Gitlab
          @server = ::WEBrick::HTTPServer.new(
            Port: settings.port, BindAddress: settings.address,
            Logger: logger, AccessLog: access_log)
-          server.mount "/", Rack::Handler::WEBrick, rack_app
+          server.mount_proc '/readiness' do |req, res|
+            render_probe(
+              ::Gitlab::HealthChecks::Probes::Readiness.new, req, res)
+          end
+          server.mount_proc '/liveness' do |req, res|
+            render_probe(
+              ::Gitlab::HealthChecks::Probes::Liveness.new, req, res)
+          end
+          server.mount '/', Rack::Handler::WEBrick, rack_app
          server.start
        end
  
@@ -51,6 +59,14 @@ module Gitlab
            run -> (env) { [404, {}, ['']] }
          end
        end
+
+        def render_probe(probe, req, res)
+          result = probe.execute
+
+          res.status = result.http_status
+          res.content_type = 'application/json; charset=utf-8'
+          res.body = result.json.to_json
+        end
      end
    end
  end

--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -5472,6 +5472,9 @@ msgstr ""
 msgid "Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled"
 msgstr ""
  
+msgid "Don't have an account yet?"
+msgstr ""
+
 msgid "Don't paste the private part of the GPG key. Paste the public part which begins with '-----BEGIN PGP PUBLIC KEY BLOCK-----'."
 msgstr ""
  
@@ -13081,6 +13084,12 @@ msgstr ""
 msgid "Register and see your runners for this project."
 msgstr ""
  
+msgid "Register for GitLab.com"
+msgstr ""
+
+msgid "Register now"
+msgstr ""
+
 msgid "Register with two-factor app"
 msgstr ""
  

--- a/qa/qa.rb
+++ b/qa/qa.rb
@@ -259,6 +259,7 @@ module QA
      module Milestone
        autoload :New, 'qa/page/project/milestone/new'
        autoload :Index, 'qa/page/project/milestone/index'
+        autoload :Show, 'qa/page/project/milestone/show'
      end
  
      module Operations
@@ -449,6 +450,7 @@ module QA
      autoload :Logging, 'qa/support/page/logging'
    end
    autoload :Api, 'qa/support/api'
+    autoload :Dates, 'qa/support/dates'
    autoload :Waiter, 'qa/support/waiter'
    autoload :Retrier, 'qa/support/retrier'
  end

--- a/qa/qa/page/project/milestone/index.rb
+++ b/qa/qa/page/project/milestone/index.rb
@@ -17,5 +17,3 @@ module QA
    end
  end
 end
-
-QA::Page::Project::Milestone::Index.prepend_if_ee('QA::EE::Page::Project::Milestone::Index')
--- a/qa/qa/page/project/milestone/show.rb
+++ b/qa/qa/page/project/milestone/show.rb
+# frozen_string_literal: true
+
+module QA
+  module Page
+    module Project
+      module Milestone
+        class Show < Page::Base
+        end
+      end
+    end
+  end
+end
+
+QA::Page::Project::Milestone::Show.prepend_if_ee('QA::EE::Page::Project::Milestone::Show')