Add latest changes from gitlab-org/gitlab@master

92f95cca · GitLab Bot · 85e49493 · 92f95cca · 92f95cca · 92f95cca
--- a/app/assets/javascripts/clusters/components/applications.vue
+++ b/app/assets/javascripts/clusters/components/applications.vue
@@ -129,9 +129,6 @@ export default {
    crossplaneInstalled() {
      return this.applications.crossplane.status === APPLICATION_STATUS.INSTALLED;
    },
-    enableClusterApplicationCrossplane() {
-      return gon.features && gon.features.enableClusterApplicationCrossplane;
-    },
    enableClusterApplicationElasticStack() {
      return gon.features && gon.features.enableClusterApplicationElasticStack;
    },
@@ -519,7 +516,6 @@ Crossplane runs inside your Kubernetes cluster and supports secure connectivity
        </div>
      </application-row>
      <application-row
-        v-if="enableClusterApplicationCrossplane"
        id="crossplane"
        :logo-url="crossplaneLogo"
        :title="applications.crossplane.title"

--- a/app/assets/javascripts/pages/projects/shared/permissions/components/settings_panel.vue
+++ b/app/assets/javascripts/pages/projects/shared/permissions/components/settings_panel.vue
@@ -82,6 +82,11 @@ export default {
      required: false,
      default: false,
    },
+    pagesAccessControlForced: {
+      type: Boolean,
+      required: false,
+      default: false,
+    },
    pagesHelpPath: {
      type: String,
      required: false,
@@ -130,10 +135,22 @@ export default {
    },

    pagesFeatureAccessLevelOptions() {
-      if (this.visibilityLevel !== visibilityOptions.PUBLIC) {
-        return this.featureAccessLevelOptions.concat([[30, PAGE_FEATURE_ACCESS_LEVEL]]);
+      const options = [featureAccessLevelMembers];
+
+      if (this.pagesAccessControlForced) {
+        if (this.visibilityLevel === visibilityOptions.INTERNAL) {
+          options.push(featureAccessLevelEveryone);
+        }
+      } else {
+        if (this.visibilityLevel !== visibilityOptions.PRIVATE) {
+          options.push(featureAccessLevelEveryone);
+        }
+
+        if (this.visibilityLevel !== visibilityOptions.PUBLIC) {
+          options.push([30, PAGE_FEATURE_ACCESS_LEVEL]);
+        }
      }
-      return this.featureAccessLevelOptions;
+      return options;
    },

    repositoryEnabled() {

--- a/app/assets/javascripts/registry/list/components/collapsible_container.vue
+++ b/app/assets/javascripts/registry/list/components/collapsible_container.vue
@@ -14,7 +14,7 @@ import ClipboardButton from '~/vue_shared/components/clipboard_button.vue';
 import Icon from '~/vue_shared/components/icon.vue';
 import TableRegistry from './table_registry.vue';
 import { DELETE_REPO_ERROR_MESSAGE } from '../constants';
-import { __ } from '~/locale';
+import { __, sprintf } from '~/locale';

 export default {
  name: 'CollapsibeContainerRegisty',
@@ -55,6 +55,11 @@ export default {
    canDeleteRepo() {
      return this.repo.canDelete && !this.isDeleteDisabled;
    },
+    deleteImageConfirmationMessage() {
+      return sprintf(__('Image %{imageName} was scheduled for deletion from the registry.'), {
+        imageName: this.repo.name,
+      });
+    },
  },
  methods: {
    ...mapActions(['fetchRepos', 'fetchList', 'deleteItem']),
@@ -69,7 +74,7 @@ export default {
      this.track('confirm_delete');
      return this.deleteItem(this.repo)
        .then(() => {
-          createFlash(__('This container registry has been scheduled for deletion.'), 'notice');
+          createFlash(this.deleteImageConfirmationMessage, 'notice');
          this.fetchRepos();
        })
        .catch(() => createFlash(DELETE_REPO_ERROR_MESSAGE));

--- a/app/controllers/clusters/clusters_controller.rb
+++ b/app/controllers/clusters/clusters_controller.rb
@@ -14,7 +14,6 @@ class Clusters::ClustersController < Clusters::BaseController
  before_action :update_applications_status, only: [:cluster_status]
  before_action only: [:show] do
    push_frontend_feature_flag(:enable_cluster_application_elastic_stack)
-    push_frontend_feature_flag(:enable_cluster_application_crossplane)
  end

  helper_method :token_in_session

--- a/app/controllers/search_controller.rb
+++ b/app/controllers/search_controller.rb
@@ -5,9 +5,6 @@ class SearchController < ApplicationController
  include SearchHelper
  include RendersCommits

-  NON_ES_SEARCH_TERM_LIMIT = 64
-  NON_ES_SEARCH_CHAR_LIMIT = 4096
-
  around_action :allow_gitaly_ref_name_caching

  skip_before_action :authenticate_user!
@@ -68,19 +65,13 @@ def autocomplete
  private

  def search_term_valid?
-    return true if Gitlab::CurrentSettings.elasticsearch_search?
-
-    chars_count = params[:search].length
-    if chars_count > NON_ES_SEARCH_CHAR_LIMIT
-      flash[:alert] = t('errors.messages.search_chars_too_long', count: NON_ES_SEARCH_CHAR_LIMIT)
-
+    unless search_service.valid_query_length?
+      flash[:alert] = t('errors.messages.search_chars_too_long', count: SearchService::SEARCH_CHAR_LIMIT)
      return false
    end

-    search_terms_count = params[:search].split.count { |word| word.length >= 3 }
-    if search_terms_count > NON_ES_SEARCH_TERM_LIMIT
-      flash[:alert] = t('errors.messages.search_terms_too_long', count: NON_ES_SEARCH_TERM_LIMIT)
-
+    unless search_service.valid_terms_count?
+      flash[:alert] = t('errors.messages.search_terms_too_long', count: SearchService::SEARCH_TERM_LIMIT)
      return false
    end


--- a/app/helpers/application_settings_helper.rb
+++ b/app/helpers/application_settings_helper.rb
@@ -202,6 +202,7 @@ def visible_attributes
      :enabled_git_access_protocol,
      :enforce_terms,
      :first_day_of_week,
+      :force_pages_access_control,
      :gitaly_timeout_default,
      :gitaly_timeout_medium,
      :gitaly_timeout_fast,

--- a/app/helpers/projects_helper.rb
+++ b/app/helpers/projects_helper.rb
@@ -587,6 +587,7 @@ def project_permissions_panel_data(project)
      lfsHelpPath: help_page_path('workflow/lfs/manage_large_binaries_with_git_lfs'),
      pagesAvailable: Gitlab.config.pages.enabled,
      pagesAccessControlEnabled: Gitlab.config.pages.access_control,
+      pagesAccessControlForced: ::Gitlab::Pages.access_control_is_forced?,
      pagesHelpPath: help_page_path('user/project/pages/introduction', anchor: 'gitlab-pages-access-control-core')
    }
  end

--- a/app/models/project_feature.rb
+++ b/app/models/project_feature.rb
@@ -97,7 +97,13 @@ def ensure_feature!(feature)
  default_value_for :wiki_access_level,           value: ENABLED, allows_nil: false
  default_value_for :repository_access_level,     value: ENABLED, allows_nil: false

-  default_value_for(:pages_access_level, allows_nil: false) { |feature| feature.project&.public? ? ENABLED : PRIVATE }
+  default_value_for(:pages_access_level, allows_nil: false) do |feature|
+    if ::Gitlab::Pages.access_control_is_forced?
+      PRIVATE
+    else
+      feature.project&.public? ? ENABLED : PRIVATE
+    end
+  end

  def feature_available?(feature, user)
    # This feature might not be behind a feature flag at all, so default to true
@@ -137,6 +143,8 @@ def pages_enabled?
  def public_pages?
    return true unless Gitlab.config.pages.access_control

+    return false if ::Gitlab::Pages.access_control_is_forced?
+
    pages_access_level == PUBLIC || pages_access_level == ENABLED && project.public?
  end


--- a/app/services/clusters/applications/base_service.rb
+++ b/app/services/clusters/applications/base_service.rb
@@ -68,7 +68,7 @@ def raise_invalid_application_error
      end

      def invalid_application?
-        unknown_application? || (application_name == Applications::ElasticStack.application_name && !Feature.enabled?(:enable_cluster_application_elastic_stack)) || (application_name == Applications::Crossplane.application_name && !Feature.enabled?(:enable_cluster_application_crossplane))
+        unknown_application? || (application_name == Applications::ElasticStack.application_name && !Feature.enabled?(:enable_cluster_application_elastic_stack))
      end

      def unknown_application?

--- a/app/services/search_service.rb
+++ b/app/services/search_service.rb
@@ -3,6 +3,9 @@
 class SearchService
  include Gitlab::Allowable

+  SEARCH_TERM_LIMIT = 64
+  SEARCH_CHAR_LIMIT = 4096
+
  def initialize(current_user, params = {})
    @current_user = current_user
    @params = params.dup
@@ -42,6 +45,14 @@ def show_snippets?
    @show_snippets = params[:snippets] == 'true'
  end

+  def valid_query_length?
+    params[:search].length <= SEARCH_CHAR_LIMIT
+  end
+
+  def valid_terms_count?
+    params[:search].split.count { |word| word.length >= 3 } <= SEARCH_TERM_LIMIT
+  end
+
  delegate :scope, to: :search_service

  def search_results

--- a/app/views/admin/application_settings/_pages.html.haml
+++ b/app/views/admin/application_settings/_pages.html.haml
@@ -15,6 +15,15 @@
      .form-text.text-muted
        = _("Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled")
        = link_to icon('question-circle'), help_page_path('user/project/pages/custom_domains_ssl_tls_certification/index.md', anchor: '4-verify-the-domains-ownership')
+    - if Gitlab.config.pages.access_control
+      .form-group
+        .form-check
+          = f.check_box :force_pages_access_control, class: 'form-check-input'
+          = f.label :force_pages_access_control, class: 'form-check-label' do
+            = _("Disable public access to Pages sites")
+        .form-text.text-muted
+          = _("Access to Pages websites are controlled based on the user's membership to a given project. By checking this box, users will be required to be logged in to have access to all Pages websites in your instance.")
+          = link_to icon('question-circle'), help_page_path('administration/pages/index.md', anchor: 'disabling-public-access-to-all-pages-websites')
    %h5
      = _("Configure Let's Encrypt")
    %p

--- a/changelogs/unreleased/32095-allow-administrators-to-disable-gitlab-pages-access.yml
+++ b/changelogs/unreleased/32095-allow-administrators-to-disable-gitlab-pages-access.yml
+---
+title: Allow administrators to enforce access control for all pages web-sites
+merge_request: 22003
+author:
+type: added
--- a/changelogs/unreleased/ak-bubble-up-log-source.yml
+++ b/changelogs/unreleased/ak-bubble-up-log-source.yml
+---
+title: Pass log source to the frontend
+merge_request: 22694
+author:
+type: changed
--- a/changelogs/unreleased/remove_enable_cluster_application_crossplane_flag.yml
+++ b/changelogs/unreleased/remove_enable_cluster_application_crossplane_flag.yml
+---
+title: Enable ability to install Crossplane app by default
+merge_request: 22141
+author:
+type: changed
--- a/changelogs/unreleased/update_dast_default_branch.yml
+++ b/changelogs/unreleased/update_dast_default_branch.yml
+---
+title: Update auto-deploy-image to v0.8.3 for DAST default branch deploy
+merge_request: 22227
+author:
+type: changed
--- a/db/migrate/20191218122457_add_force_pages_access_control_to_application_settings.rb
+++ b/db/migrate/20191218122457_add_force_pages_access_control_to_application_settings.rb
+# frozen_string_literal: true
+
+# See http://doc.gitlab.com/ce/development/migration_style_guide.html
+# for more information on how to write migrations for GitLab.
+
+class AddForcePagesAccessControlToApplicationSettings < ActiveRecord::Migration[5.2]
+  DOWNTIME = false
+
+  def change
+    add_column :application_settings, :force_pages_access_control, :boolean, null: false, default: false
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -364,6 +364,7 @@
    t.string "encrypted_slack_app_secret_iv", limit: 255
    t.text "encrypted_slack_app_verification_token"
    t.string "encrypted_slack_app_verification_token_iv", limit: 255
+    t.boolean "force_pages_access_control", default: false, null: false
    t.boolean "updating_name_disabled_for_users", default: false, null: false
    t.integer "instance_administrators_group_id"
    t.index ["custom_project_templates_group_id"], name: "index_application_settings_on_custom_project_templates_group_id"

--- a/doc/administration/instance_limits.md
+++ b/doc/administration/instance_limits.md
@@ -34,3 +34,11 @@ Read more in the [CI documentation](../ci/yaml/README.md#processing-git-pushes).
 > [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/issues/21164) in GitLab 8.12.

 Activity history for projects and individuals' profiles was limited to one year until [GitLab 11.4](https://gitlab.com/gitlab-org/gitlab-foss/issues/52246) when it was extended to two years, and in [GitLab 12.4](https://gitlab.com/gitlab-org/gitlab/issues/33840) to three years.
+
+## Number of project webhooks
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/merge_requests/20730) in GitLab 12.6.
+
+A maximum number of project webhooks applies to each GitLab.com tier. Check the
+[Maximum number of webhooks (per tier)](../user/project/integrations/webhooks.md#maximum-number-of-webhooks-per-tier)
+section in the Webhooks page.
--- a/doc/administration/pages/index.md
+++ b/doc/administration/pages/index.md
@@ -307,6 +307,27 @@ Pages access control is disabled by default. To enable it:
 1. [Reconfigure GitLab][reconfigure].
 1. Users can now configure it in their [projects' settings](../../user/project/pages/pages_access_control.md).

+#### Disabling public access to all Pages websites
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/32095) in GitLab 12.7.
+
+You can enforce [Access Control](#access-control) for all GitLab Pages websites hosted
+on your GitLab instance. By doing so, only logged-in users will have access to them.
+This setting overrides Access Control set by users in individual projects.
+
+This can be useful to preserve information published with Pages websites to the users
+of your instance only.
+To do that:
+
+1. Navigate to your instance's **Admin Area > Settings > Preferences** and expand **Pages** settings.
+1. Check the **Disable public access to Pages sites** checkbox.
+1. Click **Save changes**.
+
+CAUTION: **Warning:**
+This action will not make all currently public web-sites private until they redeployed.
+This issue among others will be resolved by
+[changing GitLab Pages configuration mechanism](https://gitlab.com/gitlab-org/gitlab-pages/issues/282).
+
 ### Running behind a proxy

 Like the rest of GitLab, Pages can be used in those environments where external

--- a/doc/development/README.md
+++ b/doc/development/README.md
@@ -72,6 +72,7 @@ description: 'Learn how to contribute to GitLab.'
 - [Mass Inserting Models](mass_insert.md)
 - [Cycle Analytics development guide](cycle_analytics.md)
 - [Issue types vs first-class types](issue_types.md)
+- [Application limits](application_limits.md)

 ## Performance guides