Automatic merge of gitlab-org/gitlab master

04a4c443 · GitLab Bot · e19bfdf5 · 42d44783 · 04a4c443 · 04a4c443
Commit 04a4c443 authored Sep 29, 2021 by GitLab Bot
23 changed files
--- a/app/controllers/projects/google_cloud_controller.rb
+++ b/app/controllers/projects/google_cloud_controller.rb
+# frozen_string_literal: true
+
+class Projects::GoogleCloudController < Projects::ApplicationController
+  before_action :authorize_can_manage_google_cloud_deployments!
+
+  feature_category :release_orchestration
+
+  def index
+  end
+
+  private
+
+  def authorize_can_manage_google_cloud_deployments!
+    access_denied! unless can?(current_user, :manage_project_google_cloud, project)
+  end
+end
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -438,6 +438,7 @@ class ProjectPolicy < BasePolicy
    enable :destroy_freeze_period
    enable :admin_feature_flags_client
    enable :update_runners_registration_token
+    enable :manage_project_google_cloud
  end

  rule { public_project & metrics_dashboard_allowed }.policy do

--- a/app/views/projects/google_cloud/index.html.haml
+++ b/app/views/projects/google_cloud/index.html.haml
+- breadcrumb_title _('Google Cloud')
+- page_title _('Google Cloud')
+
+- @content_class = "limit-container-width" unless fluid_layout
+
+#js-google-cloud
+
+  %h1.gl-font-size-h1 Google Cloud
+
+  %section#js-section-google-cloud-service-accounts
+
+    %h2.gl-font-size-h2 Service Accounts
+
+    %p= _('Service Accounts keys are required to authorize GitLab to deploy your Google Cloud project.')
+
+    %table.table.b-table.gl-table
+
+      %thead
+        %tr
+          %th Environment
+          %th GCP Project ID
+          %th Service Account Key
+
+      %tbody
+
+        %tr
+          %td *
+          %td serving-salutes-453
+          %td .....
+
+        %tr
+          %td production
+          %td crimson-corey-234
+          %td .....
+
+        %tr
+          %td review/*
+          %td roving-river-379
+          %td .....
+
+    %a.gl-button.btn.btn-primary= _('Add new service account')
+
+  %br
+
+  %section#js-section-google-cloud-deployments
+
+    .row.row-fluid
+
+      .col-lg-4
+        %h2.gl-font-size-h2 Deployments
+        %p= _('Google Cloud offers several deployment targets. Select the one most suitable for your project.')
+        %p
+          = _('Deployments to Google Kubernetes Engine can be ')
+          %a{ href: '#' }= _('managed')
+          = _('in Infrastructure :: Kubernetes clusters')
+
+      .col-lg-8
+
+        %br
+
+        .gl-card.gl-mb-6
+          .gl-card-body
+            .gl-display-flex.gl-align-items-baseline
+              %strong.gl-font-lg App Engine
+              .gl-ml-auto.gl-text-gray-500 Disabled
+            %p= _('App Engine description and apps that are suitable for this deployment target')
+            %button.gl-button.btn.btn-default= _('Configure via Merge Request')
+
+        .gl-card.gl-mb-6
+          .gl-card-body
+            .gl-display-flex.gl-align-items-baseline
+              %strong.gl-font-lg Cloud Functions
+              .gl-ml-auto.gl-text-gray-500 Disabled
+            %p= _('Cloud Functions description and apps that are suitable for this deployment target')
+            %button.gl-button.btn.btn-default= _('Configure via Merge Request')
+
+        .gl-card.gl-mb-6
+          .gl-card-body
+            .gl-display-flex.gl-align-items-baseline
+              %strong.gl-font-lg Cloud Run
+              .gl-ml-auto.gl-text-gray-500 Disabled
+            %p= _('Cloud Run description and apps that are suitable for this deployment target')
+            %button.gl-button.btn.btn-default= _('Configure via Merge Request')
--- a/config/feature_flags/development/incubation_5mp_google_cloud.yml
+++ b/config/feature_flags/development/incubation_5mp_google_cloud.yml
+---
+name: incubation_5mp_google_cloud
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/70715
+rollout_issue_url:
+milestone: '14.3'
+type: development
+group: group::incubation
+default_enabled: false
--- a/config/routes/project.rb
+++ b/config/routes/project.rb
@@ -313,6 +313,8 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do

        resources :terraform, only: [:index]

+        resources :google_cloud, only: [:index]
+
        resources :environments, except: [:destroy] do
          member do
            post :stop

--- a/doc/administration/reference_architectures/10k_users.md
+++ b/doc/administration/reference_architectures/10k_users.md
@@ -12,6 +12,7 @@ full list of reference architectures, see

 > - **Supported users (approximate):** 10,000
 > - **High Availability:** Yes ([Praefect](#configure-praefect-postgresql) needs a third-party PostgreSQL solution for HA)
+> - **Cloud Native Hybrid:** [Yes](#cloud-native-hybrid-reference-architecture-with-helm-charts-alternative)
 > - **Test requests per second (RPS) rates:** API: 200 RPS, Web: 20 RPS, Git (Pull): 20 RPS, Git (Push): 4 RPS
 > - **[Latest 10k weekly performance testing results](https://gitlab.com/gitlab-org/quality/performance/-/wikis/Benchmarks/Latest/10k)**


--- a/doc/administration/reference_architectures/1k_users.md
+++ b/doc/administration/reference_architectures/1k_users.md
@@ -18,6 +18,8 @@ many organizations.
 > - **Supported users (approximate):** 1,000
 > - **High Availability:** No. For a highly-available environment, you can
 >   follow a modified [3K reference architecture](3k_users.md#supported-modifications-for-lower-user-counts-ha).
+> - **Cloud Native Hybrid:** No. For a cloud native hybrid environment, you
+>  can follow a [modified hybrid reference architecture](#cloud-native-hybrid-reference-architecture-with-helm-charts).
 > - **Test requests per second (RPS) rates:** API: 20 RPS, Web: 2 RPS, Git (Pull): 2 RPS, Git (Push): 1 RPS
 > - **[Latest 1k weekly performance testing results](https://gitlab.com/gitlab-org/quality/performance/-/wikis/Benchmarks/Latest/1k)**

@@ -58,3 +60,12 @@ Elasticsearch cluster design and requirements are dependent on your specific
 data. For recommended best practices about how to set up your Elasticsearch
 cluster alongside your instance, read how to
 [choose the optimal cluster configuration](../../integration/elasticsearch.md#guidance-on-choosing-optimal-cluster-configuration).
+
+## Cloud Native Hybrid reference architecture with Helm Charts
+
+Cloud Native Hybrid Reference Architecture is an alternative approach where select _stateless_
+components are deployed in Kubernetes via our official [Helm Charts](https://docs.gitlab.com/charts/),
+and _stateful_ components are deployed in compute VMs with Omnibus.
+
+The [2k GitLab Cloud Native Hybrid](2k_users.md#cloud-native-hybrid-reference-architecture-with-helm-charts-alternative) (non HA) and [3k GitLab Cloud Native Hybrid](3k_users.md#cloud-native-hybrid-reference-architecture-with-helm-charts-alternative) (HA) reference architectures are the smallest we recommend in Kubernetes.
+For environments that need to serve less users, you can lower the node specs. Depending on your user count, you can lower all suggested node specs as desired. However, it's recommended that you don't go lower than the [general requirements](../../install/requirements.md).
--- a/doc/administration/reference_architectures/25k_users.md
+++ b/doc/administration/reference_architectures/25k_users.md
@@ -12,6 +12,7 @@ full list of reference architectures, see

 > - **Supported users (approximate):** 25,000
 > - **High Availability:** Yes ([Praefect](#configure-praefect-postgresql) needs a third-party PostgreSQL solution for HA)
+> - **Cloud Native Hybrid:** [Yes](#cloud-native-hybrid-reference-architecture-with-helm-charts-alternative)
 > - **Test requests per second (RPS) rates:** API: 500 RPS, Web: 50 RPS, Git (Pull): 50 RPS, Git (Push): 10 RPS
 > - **[Latest 25k weekly performance testing results](https://gitlab.com/gitlab-org/quality/performance/-/wikis/Benchmarks/Latest/25k)**


--- a/doc/administration/reference_architectures/2k_users.md
+++ b/doc/administration/reference_architectures/2k_users.md
@@ -13,6 +13,7 @@ For a full list of reference architectures, see
 > - **Supported users (approximate):** 2,000
 > - **High Availability:** No. For a highly-available environment, you can
 >   follow a modified [3K reference architecture](3k_users.md#supported-modifications-for-lower-user-counts-ha).
+> - **Cloud Native Hybrid:** [Yes](#cloud-native-hybrid-reference-architecture-with-helm-charts-alternative)
 > - **Test requests per second (RPS) rates:** API: 40 RPS, Web: 4 RPS, Git (Pull): 4 RPS, Git (Push): 1 RPS
 > - **[Latest 2k weekly performance testing results](https://gitlab.com/gitlab-org/quality/performance/-/wikis/Benchmarks/Latest/2k)**


--- a/doc/administration/reference_architectures/3k_users.md
+++ b/doc/administration/reference_architectures/3k_users.md
@@ -22,6 +22,7 @@ For a full list of reference architectures, see

 > - **Supported users (approximate):** 3,000
 > - **High Availability:** Yes, although [Praefect](#configure-praefect-postgresql) needs a third-party PostgreSQL solution
+> - **Cloud Native Hybrid:** [Yes](#cloud-native-hybrid-reference-architecture-with-helm-charts-alternative)
 > - **Test requests per second (RPS) rates:** API: 60 RPS, Web: 6 RPS, Git (Pull): 6 RPS, Git (Push): 1 RPS
 > - **[Latest 3k weekly performance testing results](https://gitlab.com/gitlab-org/quality/performance/-/wikis/Benchmarks/Latest/3k)**


--- a/doc/administration/reference_architectures/50k_users.md
+++ b/doc/administration/reference_architectures/50k_users.md
@@ -12,6 +12,7 @@ full list of reference architectures, see

 > - **Supported users (approximate):** 50,000
 > - **High Availability:** Yes ([Praefect](#configure-praefect-postgresql) needs a third-party PostgreSQL solution for HA)
+> - **Cloud Native Hybrid:** [Yes](#cloud-native-hybrid-reference-architecture-with-helm-charts-alternative)
 > - **Test requests per second (RPS) rates:** API: 1000 RPS, Web: 100 RPS, Git (Pull): 100 RPS, Git (Push): 20 RPS
 > - **[Latest 50k weekly performance testing results](https://gitlab.com/gitlab-org/quality/performance/-/wikis/Benchmarks/Latest/50k)**


--- a/doc/administration/reference_architectures/5k_users.md
+++ b/doc/administration/reference_architectures/5k_users.md
@@ -19,6 +19,7 @@ costly-to-operate environment by using the

 > - **Supported users (approximate):** 5,000
 > - **High Availability:** Yes ([Praefect](#configure-praefect-postgresql) needs a third-party PostgreSQL solution for HA)
+> - **Cloud Native Hybrid:** [Yes](#cloud-native-hybrid-reference-architecture-with-helm-charts-alternative)
 > - **Test requests per second (RPS) rates:** API: 100 RPS, Web: 10 RPS, Git (Pull): 10 RPS, Git (Push): 2 RPS
 > - **[Latest 5k weekly performance testing results](https://gitlab.com/gitlab-org/quality/performance/-/wikis/Benchmarks/Latest/5k)**


--- a/doc/development/changelog.md
+++ b/doc/development/changelog.md
@@ -62,8 +62,8 @@ The value must be the full URL of the merge request.

 ### GitLab Enterprise changes

-If a change is for GitLab Enterprise Edition, you must also add the trailer `EE:
-true`:
+If a change is exclusively for GitLab Enterprise Edition, **you must add** the
+trailer `EE: true`:

 ```plaintext
 Update git vendor to gitlab
@@ -77,6 +77,8 @@ MR: https://gitlab.com/foo/bar/-/merge_requests/123
 EE: true
 ```

+**Do not** add the trailer for changes that apply to both EE and CE.
+
 ## What warrants a changelog entry?

 - Any change that introduces a database migration, whether it's regular, post,

--- a/doc/development/fe_guide/style/scss.md
+++ b/doc/development/fe_guide/style/scss.md
@@ -45,7 +45,7 @@ result (such as `ml-1` becoming `gl-ml-2`).

 If a class you need has not been added to GitLab UI, you get to add it! Follow the naming patterns documented in the [utility files](https://gitlab.com/gitlab-org/gitlab-ui/-/tree/main/src/scss/utility-mixins) and refer to [GitLab UI's CSS documentation](https://gitlab.com/gitlab-org/gitlab-ui/-/blob/main/doc/contributing/adding_css.md#adding-utility-mixins) for more details, especially about adding responsive and stateful rules.

-If it is not possible to wait for a GitLab UI update (generally one day), add the class to [`utilities.scss`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/app/assets/stylesheets/utilities.scss) following the same naming conventions documented in GitLab UI. A follow—up issue to backport the class to GitLab UI and delete it from GitLab should be opened.
+If it is not possible to wait for a GitLab UI update (generally one day), add the class to [`utilities.scss`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/app/assets/stylesheets/utilities.scss) following the same naming conventions documented in GitLab UI. A follow-up issue to backport the class to GitLab UI and delete it from GitLab should be opened.

 #### When should I create component classes?


--- a/doc/operations/error_tracking.md
+++ b/doc/operations/error_tracking.md
@@ -10,6 +10,24 @@ info: To determine the technical writer assigned to the Stage/Group associated w

 Error Tracking allows developers to easily discover and view the errors that their application may be generating. By surfacing error information where the code is being developed, efficiency and awareness can be increased.

+## How error tracking works
+
+For error tracking to work, you need two pieces:
+
+- **Your application with Sentry SDK:** when the error happens, Sentry SDK captures information
+  about it and sends it over the network to the backend. The backend stores information about all
+  errors.
+
+- **Error tracking backend:** the backend can be either GitLab itself or Sentry. When it's GitLab,
+  we name it _integrated error tracking_ because you don't need to set up a separate backend. It's
+  already part of the product.
+
+  - To use the GitLab backend, see [integrated error tracking](#integrated-error-tracking).
+  - To use Sentry as the backend, see [Sentry error tracking](#sentry-error-tracking).
+
+  No matter what backend you choose, the [error tracking UI](#error-tracking-list)
+  is the same.
+
 ## Sentry error tracking

 [Sentry](https://sentry.io/) is an open source error tracking system. GitLab allows administrators to connect Sentry to GitLab, to allow users to view a list of Sentry errors in GitLab.
@@ -141,15 +159,14 @@ You must use the GitLab API to enable it.
 1. Take the DSN from the previous step and configure your Sentry SDK with it. Errors are now
   reported to the GitLab collector and are visible in the [GitLab UI](#error-tracking-list).

-#### How to disable
+#### Managing DSN

-To disable the feature, run this command. This is the same command as the one that enables the
-feature, but with a `false` value instead:
+When you enable the feature you receive a DSN. It includes a hash used for authentication. This hash
+is a client key. GitLab uses client keys to authenticate error tracking requests from your
+application to the GitLab backend.

-```shell
-curl --request PATCH --header "PRIVATE-TOKEN: <your_access_token>" \
-    "https://gitlab.example.com/api/v4/projects/PROJECT_ID/error_tracking/settings?active=false&integrated=false"
-```
+In some situations, you may want to create a new client key and remove an existing one.
+You can do so by managing client keys with the [error tracking API](../api/error_tracking.md).

 #### Limitations


--- a/ee/app/models/elastic/reindexing_task.rb
+++ b/ee/app/models/elastic/reindexing_task.rb
 # frozen_string_literal: true

 class Elastic::ReindexingTask < ApplicationRecord
-  include IgnorableColumns
-
  self.table_name = 'elastic_reindexing_tasks'

  validates :max_slices_running, presence: true
  validates :slice_multiplier, presence: true

-  ignore_columns %i[documents_count index_name_from index_name_to elastic_task documents_count_target], remove_with: '14.3', remove_after: '2021-09-10'
-
  has_many :subtasks, class_name: 'Elastic::ReindexingSubtask', foreign_key: :elastic_reindexing_task_id

  enum state: {

--- a/ee/spec/features/projects/navbar_spec.rb
+++ b/ee/spec/features/projects/navbar_spec.rb
@@ -16,6 +16,7 @@ RSpec.describe 'Project navbar' do

    insert_package_nav(_('Infrastructure'))
    insert_infrastructure_registry_nav
+    insert_infrastructure_google_cloud_nav
  end

  context 'when issue analytics is available' do

--- a/lib/sidebars/projects/menus/infrastructure_menu.rb
+++ b/lib/sidebars/projects/menus/infrastructure_menu.rb
@@ -11,6 +11,7 @@ module Sidebars
          add_item(kubernetes_menu_item)
          add_item(serverless_menu_item)
          add_item(terraform_menu_item)
+          add_item(google_cloud_menu_item)

          true
        end
@@ -87,6 +88,22 @@ module Sidebars
            item_id: :terraform
          )
        end
+
+        def google_cloud_menu_item
+          feature_is_enabled = Feature.enabled?(:incubation_5mp_google_cloud)
+          user_has_permissions = can?(context.current_user, :manage_project_google_cloud, context.project)
+
+          unless feature_is_enabled && user_has_permissions
+            return ::Sidebars::NilMenuItem.new(item_id: :incubation_5mp_google_cloud)
+          end
+
+          ::Sidebars::MenuItem.new(
+            title: _('Google Cloud'),
+            link: project_google_cloud_index_path(context.project),
+            active_routes: {},
+            item_id: :google_cloud
+          )
+        end
      end
    end
  end

--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -2045,6 +2045,9 @@ msgstr ""
 msgid "Add new directory"
 msgstr ""

+msgid "Add new service account"
+msgstr ""
+
 msgid "Add or remove previously merged commits"
 msgstr ""

@@ -3959,6 +3962,9 @@ msgstr ""
 msgid "Any namespace"
 msgstr ""

+msgid "App Engine description and apps that are suitable for this deployment target"
+msgstr ""
+
 msgid "App ID"
 msgstr ""

@@ -7174,6 +7180,12 @@ msgstr ""
 msgid "Closes this %{quick_action_target}."
 msgstr ""

+msgid "Cloud Functions description and apps that are suitable for this deployment target"
+msgstr ""
+
+msgid "Cloud Run description and apps that are suitable for this deployment target"
+msgstr ""
+
 msgid "Cloud licenses can not be removed."
 msgstr ""

@@ -8613,6 +8625,9 @@ msgstr ""
 msgid "Configure the way a user creates a new account."
 msgstr ""

+msgid "Configure via Merge Request"
+msgstr ""
+
 msgid "Configure which lists are shown for anyone who visits this board"
 msgstr ""

@@ -11385,6 +11400,9 @@ msgstr ""
 msgid "Deployments"
 msgstr ""

+msgid "Deployments to Google Kubernetes Engine can be "
+msgstr ""
+
 msgid "Deployments|%{deployments} environment impacted."
 msgid_plural "Deployments|%{deployments} environments impacted."
 msgstr[0] ""
@@ -15832,6 +15850,12 @@ msgstr ""
 msgid "Goal of the changes and what reviewers should be aware of"
 msgstr ""

+msgid "Google Cloud"
+msgstr ""
+
+msgid "Google Cloud offers several deployment targets. Select the one most suitable for your project."
+msgstr ""
+
 msgid "Google authentication is not %{link_start}properly configured%{link_end}. Ask your GitLab administrator if you want to use this service."
 msgstr ""

@@ -30832,6 +30856,9 @@ msgstr ""
 msgid "Service"
 msgstr ""

+msgid "Service Accounts keys are required to authorize GitLab to deploy your Google Cloud project."
+msgstr ""
+
 msgid "Service Desk"
 msgstr ""

@@ -40165,6 +40192,9 @@ msgstr ""
 msgid "in"
 msgstr ""

+msgid "in Infrastructure :: Kubernetes clusters"
+msgstr ""
+
 msgid "in all GitLab"
 msgstr ""

@@ -40320,6 +40350,9 @@ msgstr ""
 msgid "log in"
 msgstr ""

+msgid "managed"
+msgstr ""
+
 msgid "manual"
 msgstr ""


--- a/spec/features/projects/navbar_spec.rb
+++ b/spec/features/projects/navbar_spec.rb
@@ -18,6 +18,7 @@ RSpec.describe 'Project navbar' do
    stub_config(registry: { enabled: false })
    insert_package_nav(_('Infrastructure'))
    insert_infrastructure_registry_nav
+    insert_infrastructure_google_cloud_nav
  end

  it_behaves_like 'verified navigation bar' do

--- a/spec/requests/projects/google_cloud_controller_spec.rb
+++ b/spec/requests/projects/google_cloud_controller_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Projects::GoogleCloudController do
+  let_it_be(:project) { create(:project, :public) }
+
+  describe 'GET index' do
+    let_it_be(:url) { "#{project_google_cloud_index_path(project)}" }
+
+    let(:subject) { get url }
+
+    context 'when user is authorized' do
+      let(:user) { project.creator }
+
+      before do
+        sign_in(user)
+        subject
+      end
+
+      it 'renders content' do
+        expect(response).to be_successful
+      end
+    end
+
+    context 'when user is unauthorized' do
+      let(:user) { create(:user) }
+
+      before do
+        project.add_guest(user)
+        sign_in(user)
+        subject
+      end
+
+      it 'shows 404' do
+        expect(response).to have_gitlab_http_status(:not_found)
+      end
+    end
+
+    context 'when no user is present' do
+      before do
+        subject
+      end
+
+      it 'shows 404' do
+        expect(response).to have_gitlab_http_status(:not_found)
+      end
+    end
+  end
+end
--- a/spec/support/helpers/navbar_structure_helper.rb
+++ b/spec/support/helpers/navbar_structure_helper.rb
@@ -52,4 +52,12 @@ module NavbarStructureHelper
      new_sub_nav_item_name: _('Infrastructure Registry')
    )
  end
+
+  def insert_infrastructure_google_cloud_nav
+    insert_after_sub_nav_item(
+      _('Terraform'),
+      within: _('Infrastructure'),
+      new_sub_nav_item_name: _('Google Cloud')
+    )
+  end
 end
--- a/spec/views/layouts/nav/sidebar/_project.html.haml_spec.rb
+++ b/spec/views/layouts/nav/sidebar/_project.html.haml_spec.rb
@@ -580,6 +580,23 @@ RSpec.describe 'layouts/nav/sidebar/_project' do
        end
      end
    end
+
+    describe 'Google Cloud' do
+      it 'has a link to the google cloud page' do
+        render
+        expect(rendered).to have_link('Google Cloud', href: project_google_cloud_index_path(project))
+      end
+
+      describe 'when the user does not have access' do
+        let(:user) { nil }
+
+        it 'does not have a link to the google cloud page' do
+          render
+
+          expect(rendered).not_to have_link('Google Cloud')
+        end
+      end
+    end
  end

  describe 'Packages and Registries' do