Add latest changes from gitlab-org/gitlab@master

VERSION

-12.3.0-pre
+12.5.0-pre

app/assets/javascripts/repository/components/last_commit.vue

@@ -125,19 +125,21 @@ export default {
         </div>
         <div class="commit-actions flex-row">
           <div v-if="commit.signatureHtml" v-html="commit.signatureHtml"></div>
-          <gl-link
-            v-if="commit.latestPipeline"
-            v-gl-tooltip
-            :href="commit.latestPipeline.detailedStatus.detailsPath"
-            :title="statusTitle"
-            class="js-commit-pipeline"
-          >
-            <ci-icon
-              :status="commit.latestPipeline.detailedStatus"
-              :size="24"
-              :aria-label="statusTitle"
-            />
-          </gl-link>
+          <div class="ci-status-link">
+            <gl-link
+              v-if="commit.latestPipeline"
+              v-gl-tooltip
+              :href="commit.latestPipeline.detailedStatus.detailsPath"
+              :title="statusTitle"
+              class="js-commit-pipeline"
+            >
+              <ci-icon
+                :status="commit.latestPipeline.detailedStatus"
+                :size="24"
+                :aria-label="statusTitle"
+              />
+            </gl-link>
+          </div>
           <div class="commit-sha-group d-flex">
             <div class="label label-monospace monospace">
               {{ showCommitId }}

app/assets/stylesheets/framework/memory_graph.scss

 .memory-graph-container {
   svg {
     background: $white-light;
-    cursor: pointer;
-
-    &:hover {
-      box-shadow: 0 0 4px $gray-darkest inset;
-    }
+    border: 1px solid $gray-200;
   }
   path {

app/controllers/clusters/clusters_controller.rb

@@ -142,6 +142,7 @@ class Clusters::ClustersController < Clusters::BaseController
         :environment_scope,
         :managed,
         :base_domain,
+        :management_project_id,
         platform_kubernetes_attributes: [
           :api_url,
           :token,
@@ -155,6 +156,7 @@ class Clusters::ClustersController < Clusters::BaseController
         :environment_scope,
         :managed,
         :base_domain,
+        :management_project_id,
         platform_kubernetes_attributes: [
           :namespace
         ]

app/models/clusters/cluster.rb

@@ -117,6 +117,8 @@ module Clusters
     scope :default_environment, -> { where(environment_scope: DEFAULT_ENVIRONMENT) }
+    scope :for_project_namespace, -> (namespace_id) { joins(:projects).where(projects: { namespace_id: namespace_id }) }
+
     def self.ancestor_clusters_for_clusterable(clusterable, hierarchy_order: :asc)
       return [] if clusterable.is_a?(Instance)

app/models/clusters/clusters_hierarchy.rb

@@ -20,7 +20,7 @@ module Clusters
         .with
         .recursive(cte.to_arel)
         .from(cte_alias)
-        .order(DEPTH_COLUMN => :asc)
+        .order(depth_order_clause)
     end
     private
@@ -40,7 +40,7 @@ module Clusters
                    end
       if clusterable.is_a?(::Project) && include_management_project
-        cte << management_clusters_query
+        cte << same_namespace_management_clusters_query
       end
       cte << base_query
@@ -49,13 +49,42 @@ module Clusters
       cte
     end
+    # Returns project-level clusters where the project is the management project
+    # for the cluster. The management project has to be in the same namespace /
+    # group as the cluster's project.
+    #
+    # Support for management project in sub-groups is planned in
+    # https://gitlab.com/gitlab-org/gitlab/issues/34650
+    #
+    # NB: group_parent_id is un-used but we still need to match the same number of
+    # columns as other queries in the CTE.
+    def same_namespace_management_clusters_query
+      clusterable.management_clusters
+        .project_type
+        .select([clusters_star, 'NULL AS group_parent_id', "0 AS #{DEPTH_COLUMN}"])
+        .for_project_namespace(clusterable.namespace_id)
+    end
+
     # Management clusters should be first in the hierarchy so we use 0 for the
     # depth column.
     #
-    # group_parent_id is un-used but we still need to match the same number of
-    # columns as other queries in the CTE.
-    def management_clusters_query
-      clusterable.management_clusters.select([clusters_star, 'NULL AS group_parent_id', "0 AS #{DEPTH_COLUMN}"])
+    # Only applicable if the clusterable is a project (most especially when
+    # requesting project.deployment_platform).
+    def depth_order_clause
+      return { DEPTH_COLUMN => :asc } unless clusterable.is_a?(::Project) && include_management_project
+
+      order = <<~SQL
+        (CASE clusters.management_project_id
+          WHEN :project_id THEN 0
+          ELSE #{DEPTH_COLUMN}
+        END) ASC
+      SQL
+
+      values = {
+        project_id: clusterable.id
+      }
+
+      model.sanitize_sql_array([Arel.sql(order), values])
     end
     def group_clusters_base_query

app/models/concerns/deployment_platform.rb

@@ -12,7 +12,7 @@ module DeploymentPlatform
   private
   def cluster_management_project_enabled?
-    Feature.enabled?(:cluster_management_project, default_enabled: true)
+    Feature.enabled?(:cluster_management_project, self)
   end
   def find_deployment_platform(environment)

app/services/clusters/update_service.rb

@@ -9,7 +9,55 @@ module Clusters
     end
     def execute(cluster)
-      cluster.update(params)
+      if validate_params(cluster)
+        cluster.update(params)
+      else
+        false
+      end
+    end
+
+    private
+
+    def can_admin_pipeline_for_project?(project)
+      Ability.allowed?(current_user, :admin_pipeline, project)
+    end
+
+    def validate_params(cluster)
+      if params[:management_project_id]
+        management_project = management_project_scope(cluster).find_by_id(params[:management_project_id])
+
+        unless management_project
+          cluster.errors.add(:management_project_id, _('Project does not exist or you don\'t have permission to perform this action'))
+
+          return false
+        end
+
+        unless can_admin_pipeline_for_project?(management_project)
+          # Use same message as not found to prevent enumeration
+          cluster.errors.add(:management_project_id, _('Project does not exist or you don\'t have permission to perform this action'))
+
+          return false
+        end
+      end
+
+      true
+    end
+
+    def management_project_scope(cluster)
+      return ::Project.all if cluster.instance_type?
+
+      group =
+        if cluster.group_type?
+          cluster.first_group
+        elsif cluster.project_type?
+          cluster.first_project&.namespace
+        end
+
+      # Prevent users from selecting nested projects until
+      # https://gitlab.com/gitlab-org/gitlab/issues/34650 is resolved
+      include_subgroups = cluster.group_type?
+
+      ::GroupProjectsFinder.new(group: group, current_user: current_user, options: { only_owned: true, include_subgroups: include_subgroups }).execute
     end
   end
 end

changelogs/unreleased/31390-remove-pointer-cursor-from-memory-usage-chart.yml

+---
+title: Remove pointer cursor from MemoryUsage chart on MR widget deployment
+merge_request: 18599
+author:
+type: fixed

changelogs/unreleased/cluster_management_projects_updating.yml

+---
+title: Adds ability to set management project for cluster via API
+merge_request: 18429
+author:
+type: added

changelogs/unreleased/ph-fixAdminGeoSidebarFlyOut.yml

+---
+title: Fixed admin geo collapsed sidebar fly out not showing
+merge_request: 19012
+author:
+type: fixed

doc/api/group_clusters.md

@@ -53,6 +53,16 @@ Example response:
       "api_url":"https://104.197.68.152",
       "authorization_type":"rbac",
       "ca_cert":"-----BEGIN CERTIFICATE-----\r\nhFiK1L61owwDQYJKoZIhvcNAQELBQAw\r\nLzEtMCsGA1UEAxMkZDA1YzQ1YjctNzdiMS00NDY0LThjNmEtMTQ0ZDJkZjM4ZDBj\r\nMB4XDTE4MTIyNzIwMDM1MVoXDTIzMTIyNjIxMDM1MVowLzEtMCsGA1UEAxMkZDA1\r\nYzQ1YjctNzdiMS00NDY0LThjNmEtMTQ0ZDJkZjM.......-----END CERTIFICATE-----"
+    },
+    "management_project":
+    {
+      "id":2,
+      "description":null,
+      "name":"project2",
+      "name_with_namespace":"John Doe8 / project2",
+      "path":"project2",
+      "path_with_namespace":"namespace2/project2",
+      "created_at":"2019-10-11T02:55:54.138Z"
     }
   },
   {
@@ -111,6 +121,16 @@ Example response:
     "authorization_type":"rbac",
     "ca_cert":"-----BEGIN CERTIFICATE-----\r\nhFiK1L61owwDQYJKoZIhvcNAQELBQAw\r\nLzEtMCsGA1UEAxMkZDA1YzQ1YjctNzdiMS00NDY0LThjNmEtMTQ0ZDJkZjM4ZDBj\r\nMB4XDTE4MTIyNzIwMDM1MVoXDTIzMTIyNjIxMDM1MVowLzEtMCsGA1UEAxMkZDA1\r\nYzQ1YjctNzdiMS00NDY0LThjNmEtMTQ0ZDJkZjM.......-----END CERTIFICATE-----"
   },
+  "management_project":
+  {
+    "id":2,
+    "description":null,
+    "name":"project2",
+    "name_with_namespace":"John Doe8 / project2",
+    "path":"project2",
+    "path_with_namespace":"namespace2/project2",
+    "created_at":"2019-10-11T02:55:54.138Z"
+  },
   "group":
   {
     "id":26,
@@ -135,6 +155,7 @@ Parameters:
 | `id` | integer/string | yes | The ID or [URL-encoded path of the group](README.md#namespaced-path-encoding) |
 | `name` | String | yes | The name of the cluster |
 | `domain` | String | no | The [base domain](../user/group/clusters/index.md#base-domain) of the cluster |
+| `management_project_id` | integer | no | The ID of the [management project](../user/clusters/management_project.md) for the cluster |
 | `enabled` | Boolean | no | Determines if cluster is active or not, defaults to true |
 | `managed` | Boolean | no | Determines if GitLab will manage namespaces and service accounts for this cluster, defaults to true |
 | `platform_kubernetes_attributes[api_url]` | String | yes | The URL to access the Kubernetes API |
@@ -178,6 +199,7 @@ Example response:
     "authorization_type":"rbac",
     "ca_cert":"-----BEGIN CERTIFICATE-----\r\nhFiK1L61owwDQYJKoZIhvcNAQELBQAw\r\nLzEtMCsGA1UEAxMkZDA1YzQ1YjctNzdiMS00NDY0LThjNmEtMTQ0ZDJkZjM4ZDBj\r\nMB4XDTE4MTIyNzIwMDM1MVoXDTIzMTIyNjIxMDM1MVowLzEtMCsGA1UEAxMkZDA1\r\nYzQ1YjctNzdiMS00NDY0LThjNmEtMTQ0ZDJkZjM.......-----END CERTIFICATE-----"
   },
+  "management_project":null,
   "group":
   {
     "id":26,
@@ -248,6 +270,16 @@ Example response:
     "authorization_type":"rbac",
     "ca_cert":null
   },
+  "management_project":
+  {
+    "id":2,
+    "description":null,
+    "name":"project2",
+    "name_with_namespace":"John Doe8 / project2",
+    "path":"project2",
+    "path_with_namespace":"namespace2/project2",
+    "created_at":"2019-10-11T02:55:54.138Z"
+  },
   "group":
   {
     "id":26,

doc/api/project_clusters.md

@@ -54,6 +54,16 @@ Example response:
       "namespace":"cluster-1-namespace",
       "authorization_type":"rbac",
       "ca_cert":"-----BEGIN CERTIFICATE-----\r\nhFiK1L61owwDQYJKoZIhvcNAQELBQAw\r\nLzEtMCsGA1UEAxMkZDA1YzQ1YjctNzdiMS00NDY0LThjNmEtMTQ0ZDJkZjM4ZDBj\r\nMB4XDTE4MTIyNzIwMDM1MVoXDTIzMTIyNjIxMDM1MVowLzEtMCsGA1UEAxMkZDA1\r\nYzQ1YjctNzdiMS00NDY0LThjNmEtMTQ0ZDJkZjM.......-----END CERTIFICATE-----"
+    },
+    "management_project":
+    {
+      "id":2,
+      "description":null,
+      "name":"project2",
+      "name_with_namespace":"John Doe8 / project2",
+      "path":"project2",
+      "path_with_namespace":"namespace2/project2",
+      "created_at":"2019-10-11T02:55:54.138Z"
     }
   },
   {
@@ -113,6 +123,16 @@ Example response:
     "authorization_type":"rbac",
     "ca_cert":"-----BEGIN CERTIFICATE-----\r\nhFiK1L61owwDQYJKoZIhvcNAQELBQAw\r\nLzEtMCsGA1UEAxMkZDA1YzQ1YjctNzdiMS00NDY0LThjNmEtMTQ0ZDJkZjM4ZDBj\r\nMB4XDTE4MTIyNzIwMDM1MVoXDTIzMTIyNjIxMDM1MVowLzEtMCsGA1UEAxMkZDA1\r\nYzQ1YjctNzdiMS00NDY0LThjNmEtMTQ0ZDJkZjM.......-----END CERTIFICATE-----"
   },
+  "management_project":
+  {
+    "id":2,
+    "description":null,
+    "name":"project2",
+    "name_with_namespace":"John Doe8 / project2",
+    "path":"project2",
+    "path_with_namespace":"namespace2/project2",
+    "created_at":"2019-10-11T02:55:54.138Z"
+  },
   "project":
   {
     "id":26,
@@ -205,6 +225,7 @@ Example response:
     "authorization_type":"rbac",
     "ca_cert":"-----BEGIN CERTIFICATE-----\r\nhFiK1L61owwDQYJKoZIhvcNAQELBQAw\r\nLzEtMCsGA1UEAxMkZDA1YzQ1YjctNzdiMS00NDY0LThjNmEtMTQ0ZDJkZjM4ZDBj\r\nMB4XDTE4MTIyNzIwMDM1MVoXDTIzMTIyNjIxMDM1MVowLzEtMCsGA1UEAxMkZDA1\r\nYzQ1YjctNzdiMS00NDY0LThjNmEtMTQ0ZDJkZjM.......-----END CERTIFICATE-----"
   },
+  "management_project":null,
   "project":
   {
     "id":26,
@@ -253,6 +274,7 @@ Parameters:
 | `cluster_id` | integer | yes | The ID of the cluster |
 | `name` | String | no | The name of the cluster |
 | `domain` | String | no | The [base domain](../user/project/clusters/index.md#base-domain) of the cluster |
+| `management_project_id` | integer | no | The ID of the [management project](../user/clusters/management_project.md) for the cluster |
 | `platform_kubernetes_attributes[api_url]` | String | no | The URL to access the Kubernetes API |
 | `platform_kubernetes_attributes[token]` | String | no | The token to authenticate against Kubernetes |
 | `platform_kubernetes_attributes[ca_cert]` | String | no | TLS certificate (needed if API is using a self-signed TLS certificate |
@@ -300,6 +322,16 @@ Example response:
     "authorization_type":"rbac",
     "ca_cert":null
   },
+  "management_project":
+  {
+    "id":2,
+    "description":null,
+    "name":"project2",
+    "name_with_namespace":"John Doe8 / project2",
+    "path":"project2",
+    "path_with_namespace":"namespace2/project2",
+    "created_at":"2019-10-11T02:55:54.138Z"
+  },
   "project":
   {
     "id":26,

doc/user/clusters/management_project.md

@@ -4,7 +4,7 @@ CAUTION: **Warning:**
 This is an _alpha_ feature, and it is subject to change at any time without
 prior notice.
-> [Introduced](https://gitlab.com/gitlab-org/gitlab/merge_requests/17866) in GitLab 12.4
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/32810) in GitLab 12.5
 A project can be designated as the management project for a cluster.
 A management project can be used to run deployment jobs with
@@ -22,6 +22,14 @@ This can be useful for:
 Only the management project will receive `cluster-admin` privileges. All
 other projects will continue to receive [namespace scoped `edit` level privileges](../project/clusters/index.md#rbac-cluster-resources).
+Management projects are restricted to the following:
+
+- For project-level clusters, the management project must in the same
+  namespace (or descendants) as the cluster's project.
+- For group-level clusters, the management project must in the same
+  group (or descendants) as as the cluster's group.
+- For instance-level clusters, there are no such restrictions.
+
 ## Usage
 ### Selecting a cluster management project
@@ -87,9 +95,9 @@ configure production cluster:
     name: production
 ```
-## Disabling this feature
-This feature is enabled by default. To disable this feature, disable the
+## Enabling this feature
+This feature is disabled by default. To enable this feature, enable the
 feature flag `:cluster_management_project`.
 To check if the feature flag is enabled on your GitLab instance,

lib/api/entities.rb

@@ -1791,6 +1791,7 @@ module API
       expose :user, using: Entities::UserBasic
       expose :platform_kubernetes, using: Entities::Platform::Kubernetes
       expose :provider_gcp, using: Entities::Provider::Gcp
+      expose :management_project, using: Entities::ProjectIdentity
     end
     class ClusterProject < Cluster

lib/api/group_clusters.rb

@@ -84,6 +84,7 @@ module API
         requires :cluster_id, type: Integer, desc: 'The cluster ID'
         optional :name, type: String, desc: 'Cluster name'
         optional :domain, type: String, desc: 'Cluster base domain'
+        optional :management_project_id, type: Integer, desc: 'The ID of the management project'
         optional :platform_kubernetes_attributes, type: Hash, desc: %q(Platform Kubernetes data) do
           optional :api_url, type: String, desc: 'URL to access the Kubernetes API'
           optional :token, type: String, desc: 'Token to authenticate against Kubernetes'

lib/api/helpers/internal_helpers.rb

@@ -140,7 +140,8 @@ module API
         {
           repository: repository.gitaly_repository,
           address: Gitlab::GitalyClient.address(project.repository_storage),
-          token: Gitlab::GitalyClient.token(project.repository_storage)
+          token: Gitlab::GitalyClient.token(project.repository_storage),
+          features: Feature::Gitaly.server_feature_flags
         }
       end
     end

lib/api/project_clusters.rb

@@ -88,6 +88,7 @@ module API
         requires :cluster_id, type: Integer, desc: 'The cluster ID'
         optional :name, type: String, desc: 'Cluster name'
         optional :domain, type: String, desc: 'Cluster base domain'
+        optional :management_project_id, type: Integer, desc: 'The ID of the management project'
         optional :platform_kubernetes_attributes, type: Hash, desc: %q(Platform Kubernetes data) do
           optional :api_url, type: String, desc: 'URL to access the Kubernetes API'
           optional :token, type: String, desc: 'Token to authenticate against Kubernetes'

locale/gitlab.pot

@@ -12701,6 +12701,9 @@ msgstr ""
 msgid "Project details"
 msgstr ""
+msgid "Project does not exist or you don't have permission to perform this action"
+msgstr ""
+
 msgid "Project export could not be deleted."
 msgstr ""

spec/frontend/repository/components/__snapshots__/last_commit_spec.js.snap

@@ -62,19 +62,23 @@ exports[`Repository last commit component renders commit widget 1`] = `
     >
       <!---->
        
-      <gllink-stub
-        class="js-commit-pipeline"
-        data-original-title="Commit: failed"
-        href="https://test.com/pipeline"
-        title=""
+      <div
+        class="ci-status-link"
       >
-        <ciicon-stub
-          aria-label="Commit: failed"
-          cssclasses=""
-          size="24"
-          status="[object Object]"
-        />
-      </gllink-stub>
+        <gllink-stub
+          class="js-commit-pipeline"
+          data-original-title="Commit: failed"
+          href="https://test.com/pipeline"
+          title=""
+        >
+          <ciicon-stub
+            aria-label="Commit: failed"
+            cssclasses=""
+            size="24"
+            status="[object Object]"
+          />
+        </gllink-stub>
+      </div>
        
       <div
         class="commit-sha-group d-flex"
@@ -165,19 +169,23 @@ exports[`Repository last commit component renders the signature HTML as returned
         </button>
       </div>
        
-      <gllink-stub
-        class="js-commit-pipeline"
-        data-original-title="Commit: failed"
-        href="https://test.com/pipeline"
-        title=""
+      <div
+        class="ci-status-link"
       >
-        <ciicon-stub
-          aria-label="Commit: failed"
-          cssclasses=""
-          size="24"
-          status="[object Object]"
-        />
-      </gllink-stub>
+        <gllink-stub
+          class="js-commit-pipeline"
+          data-original-title="Commit: failed"
+          href="https://test.com/pipeline"
+          title=""
+        >
+          <ciicon-stub
+            aria-label="Commit: failed"
+            cssclasses=""
+            size="24"
+            status="[object Object]"
+          />
+        </gllink-stub>
+      </div>
        
       <div
         class="commit-sha-group d-flex"