Add latest changes from gitlab-org/gitlab@master

app/controllers/projects/settings/integrations_controller.rb

@@ -3,23 +3,12 @@
 module Projects
   module Settings
     class IntegrationsController < Projects::ApplicationController
-      include ServiceParams
-
       before_action :authorize_admin_project!
       layout "project_settings"
 
       def show
-        @services = @project.find_or_initialize_services(exceptions: service_exceptions)
-      end
-
-      private
-
-      # Returns a list of services that should be hidden from the list
-      def service_exceptions
-        @project.disabled_services.dup
+        @services = @project.find_or_initialize_services
       end
     end
   end
 end
-
-Projects::Settings::IntegrationsController.prepend_if_ee('EE::Projects::Settings::IntegrationsController')

app/finders/group_members_finder.rb

 # frozen_string_literal: true
 
 class GroupMembersFinder < UnionFinder
+  include CreatedAtFilter
+
   # Params can be any of the following:
   #   two_factor: string. 'enabled' or 'disabled' are returning different set of data, other values are not effective.
   #   sort:       string
   #   search:     string
+  #   created_after: datetime
+  #   created_before: datetime
 
   def initialize(group, user = nil)
     @group = group
@@ -15,6 +19,7 @@ class GroupMembersFinder < UnionFinder
   def execute(include_relations: [:inherited, :direct], params: {})
     group_members = group.members
     relations = []
+    @params = params
 
     return group_members if include_relations == [:direct]
 
@@ -39,15 +44,15 @@ class GroupMembersFinder < UnionFinder
     return GroupMember.none if relations.empty?
 
     members = find_union(relations, GroupMember)
-    filter_members(members, params)
+    filter_members(members)
   end
   # rubocop: enable CodeReuse/ActiveRecord
 
   private
 
-  attr_reader :user, :group
+  attr_reader :user, :group, :params
 
-  def filter_members(members, params)
+  def filter_members(members)
     members = members.search(params[:search]) if params[:search].present?
     members = members.sort_by_attribute(params[:sort]) if params[:sort].present?
 
@@ -55,7 +60,7 @@ class GroupMembersFinder < UnionFinder
       members = members.filter_by_2fa(params[:two_factor])
     end
 
-    members
+    by_created_at(members)
   end
 
   def can_manage_members

app/models/members/group_member.rb

@@ -2,6 +2,7 @@
 
 class GroupMember < Member
   include FromUnion
+  include CreatedAtFilterable
 
   SOURCE_TYPE = 'Namespace'
 

app/models/project.rb

@@ -1238,14 +1238,12 @@ class Project < ApplicationRecord
     update_column(:has_external_wiki, services.external_wikis.any?) if Gitlab::Database.read_write?
   end
 
-  def find_or_initialize_services(exceptions: [])
-    available_services_names = Service.available_services_names - exceptions
+  def find_or_initialize_services
+    available_services_names = Service.available_services_names - disabled_services
 
-    available_services = available_services_names.map do |service_name|
+    available_services_names.map do |service_name|
       find_or_initialize_service(service_name)
     end
-
-    available_services.compact
   end
 
   def disabled_services
@@ -1258,13 +1256,11 @@ class Project < ApplicationRecord
     service = find_service(services, name)
     return service if service
 
-    # We should check if template for the service exists
     template = find_service(services_templates, name)
 
     if template
       Service.build_from_template(id, template)
     else
-      # If no template, we should create an instance. Ex `build_gitlab_ci_service`
       public_send("build_#{name}_service") # rubocop:disable GitlabSecurity/PublicSend
     end
   end
@@ -1278,10 +1274,6 @@ class Project < ApplicationRecord
   end
   # rubocop: enable CodeReuse/ServiceClass
 
-  def find_service(list, name)
-    list.find { |service| service.to_param == name }
-  end
-
   def ci_services
     services.where(category: :ci)
   end
@@ -2422,6 +2414,10 @@ class Project < ApplicationRecord
 
   private
 
+  def find_service(services, name)
+    services.find { |service| service.to_param == name }
+  end
+
   def closest_namespace_setting(name)
     namespace.closest_setting(name)
   end

app/models/service.rb

@@ -348,7 +348,7 @@ class Service < ApplicationRecord
 
     service.template = false
     service.project_id = project_id
-    service.active = false if service.active? && !service.valid?
+    service.active = false if service.active? && service.invalid?
     service
   end
 

app/models/system_note_metadata.rb

@@ -16,8 +16,8 @@ class SystemNoteMetadata < ApplicationRecord
   ICON_TYPES = %w[
     commit description merge confidential visible label assignee cross_reference
     title time_tracking branch milestone discussion task moved
-    opened closed merged duplicate locked unlocked
-    outdated tag due_date pinned_embed cherry_pick
+    opened closed merged duplicate locked unlocked outdated
+    tag due_date pinned_embed cherry_pick health_status
   ].freeze
 
   validates :note, presence: true

changelogs/unreleased/119092-add-scala-to-ds-tpl-2.yml

+---
+title: Update detected languages for dependency scanning in no dind mode
+merge_request: 27723
+author:
+type: fixed

doc/development/elasticsearch.md

@@ -42,7 +42,7 @@ Search queries are generated by the concerns found in [ee/app/models/concerns/el
 
 ## Existing Analyzers/Tokenizers/Filters
 
-These are all defined in <https://gitlab.com/gitlab-org/gitlab/blob/master/ee/lib/elasticsearch/git/model.rb>
+These are all defined in [ee/lib/elastic/latest/config.rb](https://gitlab.com/gitlab-org/gitlab/blob/master/ee/lib/elastic/latest/config.rb)
 
 ### Analyzers
 

doc/user/admin_area/settings/index.md

@@ -36,7 +36,8 @@ Access the default page for admin area settings by navigating to
 | [Slack application](../../../user/project/integrations/gitlab_slack_application.md#configuration) **(FREE ONLY)** | Slack integration allows you to interact with GitLab via slash commands in a chat window. This option is only available on GitLab.com, though it may be [available for self-managed instances in the future](https://gitlab.com/gitlab-org/gitlab/-/issues/28164). |
 | [Third party offers](third_party_offers.md) | Control the display of third party offers. |
 | [Snowplow](../../../telemetry/index.md#enabling-tracking) | Configure the Snowplow integration. |
-| [Amazon EKS](../../project/clusters/add_new_eks_cluster.md#additional-requirements-for-self-managed-instances-core-only) | Amazon EKS integration allows you to provision EKS clusters from GitLab. |
+| [Google GKE](../../project/clusters/add_gke_clusters.md) | Google GKE integration allows you to provision GKE clusters from GitLab. |
+| [Amazon EKS](../../project/clusters/add_eks_clusters.md) | Amazon EKS integration allows you to provision EKS clusters from GitLab. |
 
 ## Repository
 
@@ -45,7 +46,7 @@ Access the default page for admin area settings by navigating to
 | [Repository mirror](visibility_and_access_controls.md#allow-mirrors-to-be-set-up-for-projects) | Configure repository mirroring. |
 | [Repository storage](../../../administration/repository_storage_types.md#how-to-migrate-to-hashed-storage) | Configure storage path settings. |
 | Repository maintenance | ([Repository checks](../../../administration/repository_checks.md) and [Housekeeping](../../../administration/housekeeping.md)). Configure automatic Git checks and housekeeping on repositories. |
-| [Repository static objects](../../../administration/static_objects_external_storage.md) | Serve repository static objects (e.g. archives, blobs, ...) from an external storage (e.g. a CDN). |
+| [Repository static objects](../../../administration/static_objects_external_storage.md) | Serve repository static objects (for example, archives, blobs, ...) from an external storage (for example, a CDN). |
 
 ## Templates **(PREMIUM ONLY)**
 

doc/user/application_security/container_scanning/index.md

@@ -209,13 +209,14 @@ If you want to whitelist specific vulnerabilities, you'll need to:
    in the [whitelist example file](https://github.com/arminc/clair-scanner/blob/v12/example-whitelist.yaml).
 1. Add the `clair-whitelist.yml` file to the Git repository of your project.
 
-### Running Container Scanning in an offline, air-gapped installation
+### Running Container Scanning in an offline environment deployment
 
-Container Scanning can be executed on an offline air-gapped GitLab Ultimate installation using the following process:
+Container Scanning can be executed on an offline GitLab Ultimate installation by using the following process:
 
 1. Host the following Docker images on a [local Docker container registry](../../packages/container_registry/index.md):
    - [arminc/clair-db vulnerabilities database](https://hub.docker.com/r/arminc/clair-db)
    - GitLab klar analyzer: `registry.gitlab.com/gitlab-org/security-products/analyzers/klar`
+
 1. [Override the container scanning template](#overriding-the-container-scanning-template) in your `.gitlab-ci.yml` file to refer to the Docker images hosted on your local Docker container registry:
 
    ```yaml

doc/user/application_security/dast/index.md

@@ -442,9 +442,9 @@ dast:
 The DAST job does not require the project's repository to be present when running, so by default
 [`GIT_STRATEGY`](../../../ci/yaml/README.md#git-strategy) is set to `none`.
 
-## Running DAST in an offline air-gapped installation
+## Running DAST in an offline environment deployment
 
-DAST can be executed on an offline air-gapped GitLab Ultimate installation using the following process:
+DAST can be executed on an offline GitLab Ultimate installation by using the following process:
 
 1. Host the DAST image `registry.gitlab.com/gitlab-org/security-products/dast:latest` in your local
    Docker container registry.

doc/user/application_security/index.md

@@ -226,7 +226,7 @@ must be created with the case-sensitive name `License-Check`. This approval grou
 with the number of approvals required greater than zero.
 
 Once this group is added to your project, the approval rule is enabled for all Merge Requests. To
-configure how this rule behaves, you can choose which licenses to `approve` or `blacklist` in the
+configure how this rule behaves, you can choose which licenses to `allow` or `deny` in the
 [project policies for License Compliance](../compliance/license_compliance/index.md#project-policies-for-license-compliance)
 section.
 
@@ -234,13 +234,13 @@ Any code changes cause the approvals required to reset.
 
 An approval is required when a license report:
 
-- Contains a dependency that includes a software license that is `blacklisted`.
+- Contains a dependency that includes a software license that is `denied`.
 - Is not generated during pipeline execution.
 
 An approval is optional when a license report:
 
 - Contains no software license violations.
-- Contains only new licenses that are `approved` or unknown.
+- Contains only new licenses that are `allowed` or unknown.
 
 ## Working in an offline environment
 

doc/user/application_security/offline_deployments/index.md

@@ -2,17 +2,26 @@
 type: reference, howto
 ---
 
-# Air-gapped (or offline) environment deployments
+# Offline environment deployments
 
 It is possible to run most of the GitLab security scanners when not
 connected to the internet.
 
-This document describes how to operate Secure scanners in an air-gapped or offline envionment. These instructions also apply to
-self-managed installations that are secured, have security policies (e.g., firewall policies), or otherwise restricted from
-accessing the full internet. These instructions are designed for physically disconnected networks,
-but can also be followed in these other use cases.
+This document describes how to operate Secure Categories (that is, scanner types) in an offline environment. These instructions also apply to
+self-managed installations that are secured, have security policies (for example, firewall policies), or are otherwise restricted from
+accessing the full internet. GitLab refers to these deployments as _offline environment deployments_.
+Other common names include:
 
-## Air-gapped (or offline) environments
+- Air-gapped environments
+- Limited connectivity environments
+- Local area network (LAN) environments
+- Intranet environments
+
+These environments have physical barriers or security policies (for example, firewalls) that prevent
+or limit internet access. These instructions are designed for physically disconnected networks, but
+can also be followed in these other use cases.
+
+## Offline environments
 
 In this situation, the GitLab instance can be one or more servers and services that can communicate
 on a local network, but with no or very restricted access to the internet. Assume anything within
@@ -64,6 +73,6 @@ hosted within your network.
 Each individual scanner may be slightly different than the steps described
 above. You can find more info at each of the pages below:
 
-- [Container scanning offline directions](../container_scanning/index.md#running-container-scanning-in-an-offline-air-gapped-installation)
-- [SAST offline directions](../sast/index.md#gitlab-sast-in-an-offline-air-gapped-installation)
-- [DAST offline directions](../dast/index.md#running-dast-in-an-offline-air-gapped-installation)
+- [Container scanning offline directions](../container_scanning/index.md#running-container-scanning-in-an-offline-environment-deployment)
+- [SAST offline directions](../sast/index.md#gitlab-sast-in-an-offline-environment-deployment)
+- [DAST offline directions](../dast/index.md#running-dast-in-an-offline-environment-deployment)

doc/user/application_security/sast/index.md

@@ -491,7 +491,7 @@ Once a vulnerability is found, you can interact with it. Read more on how to
 For more information about the vulnerabilities database update, check the
 [maintenance table](../index.md#maintenance-and-update-of-the-vulnerabilities-database).
 
-## GitLab SAST in an offline air-gapped installation
+## GitLab SAST in an offline environment deployment
 
 For self-managed GitLab instances in an environment with limited, restricted, or intermittent access
 to external resources via the internet, some adjustments are required for the SAST job to

doc/user/project/clusters/add_new_eks_cluster.md → doc/user/project/clusters/add_eks_clusters.md

-# Adding a new EKS Cluster
+# Adding EKS clusters
+
+GitLab supports adding new and existing EKS clusters.
 
 ## EKS requirements
 
@@ -7,7 +9,7 @@ requirements are met:
 
 - An [Amazon Web Services](https://aws.amazon.com/) account is set up and you are able to log in.
 - You have permissions to manage IAM resources.
-- If you want to use an [existing EKS cluster](add_new_eks_cluster.md#existing-eks-cluster):
+- If you want to use an [existing EKS cluster](#existing-eks-cluster):
   - An Amazon EKS cluster with worker nodes properly configured.
   - `kubectl` [installed and configured](https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html#get-started-kubectl)
     for access to the EKS cluster.
@@ -48,9 +50,9 @@ Generate an access key for the IAM user, and configure GitLab with the credentia
 To create and add a new Kubernetes cluster to your project, group, or instance:
 
 1. Navigate to your:
-   - Project's **Operations > Kubernetes** page, for a project-level cluster.
-   - Group's **Kubernetes** page, for a group-level cluster.
-   - **Admin Area > Kubernetes** page, for an instance-level cluster.
+   - Project's **{cloud-gear}** **Operations > Kubernetes** page, for a project-level cluster.
+   - Group's **{cloud-gear}** **Kubernetes** page, for a group-level cluster.
+   - **{admin}** **Admin Area >** **{cloud-gear}** **Kubernetes**, for an instance-level cluster.
 1. Click **Add Kubernetes cluster**.
 1. Under the **Create new cluster** tab, click **Amazon EKS**. You will be provided with an
    `Account ID` and `External ID` to use in the next step.
@@ -246,9 +248,9 @@ To add an existing EKS cluster to your project, group, or instance:
    1. Locate the the API server endpoint so GitLab can connect to the cluster. This is displayed on
       the AWS EKS console, when viewing the EKS cluster details.
 1. Navigate to your:
-   - Project's **Operations > Kubernetes** page, for a project-level cluster.
-   - Group's **Kubernetes** page, for a group-level cluster.
-   - **Admin Area > Kubernetes** page, for an instance-level cluster.
+   - Project's **{cloud-gear}** **Operations > Kubernetes** page, for a project-level cluster.
+   - Group's **{cloud-gear}** **Kubernetes** page, for a group-level cluster.
+   - **{admin}** **Admin Area >** **{cloud-gear}** **Kubernetes** page, for an instance-level cluster.
 1. Click **Add Kubernetes cluster**.
 1. Click the **Add existing cluster** tab and fill in the details:
    - **Kubernetes cluster name**: A name for the cluster to identify it within GitLab.

doc/user/project/clusters/add_new_gke_cluster.md → doc/user/project/clusters/add_gke_clusters.md

-# Adding a new GKE Cluster
+# Adding GKE clusters
+
+GitLab supports adding new and existing GKE clusters.
 
 ## GKE requirements
 
@@ -39,9 +41,9 @@ Note the following:
 To create and add a new Kubernetes cluster to your project, group, or instance:
 
 1. Navigate to your:
-   - Project's **Operations > Kubernetes** page, for a project-level cluster.
-   - Group's **Kubernetes** page, for a group-level cluster.
-   - **Admin Area > Kubernetes** page, for an instance-level cluster.
+   - Project's **{cloud-gear}** **Operations > Kubernetes** page, for a project-level cluster.
+   - Group's **{cloud-gear}** **Kubernetes** page, for a group-level cluster.
+   - **{admin}** **Admin Area >** **{cloud-gear}** **Kubernetes** page, for an instance-level cluster.
 1. Click **Add Kubernetes cluster**.
 1. Under the **Create new cluster** tab, click **Google GKE**.
 1. Connect your Google account if you haven't done already by clicking the
@@ -74,3 +76,8 @@ You can choose to use Cloud Run for Anthos in place of installing Knative and Is
 separately after the cluster has been created. This means that Cloud Run
 (Knative), Istio, and HTTP Load Balancing will be enabled on the cluster at
 create time and cannot be [installed or uninstalled](../../clusters/applications.md) separately.
+
+## Existing GKE cluster
+
+For information on adding an existing GKE cluster, see
+[Existing Kubernetes cluster](add_remove_clusters.md#existing-kubernetes-cluster).

doc/user/project/clusters/add_remove_clusters.md

@@ -28,13 +28,6 @@ Before [adding a Kubernetes cluster](#add-new-cluster) using GitLab, you need:
   - [Admin Area access](../../admin_area/index.md) for a self-managed instance-level
     cluster. **(CORE ONLY)**
 
-## Add new cluster
-
-New clusters can be added using GitLab for:
-
-- [Google Kubernetes Engine (GKE)](add_new_gke_cluster.md).
-- [Amazon Elastic Kubernetes Service (EKS)](add_new_eks_cluster.md).
-
 ## Access controls
 
 When creating a cluster in GitLab, you will be asked if you would like to create either:
@@ -134,14 +127,21 @@ If you don't want to use GitLab Runner in privileged mode, either:
   1. Installing a Runner
      [using `docker+machine`](https://docs.gitlab.com/runner/executors/docker_machine.html).
 
+## Add new cluster
+
+New clusters can be added using GitLab for:
+
+- [Google Kubernetes Engine (GKE)](add_gke_clusters.md).
+- [Amazon Elastic Kubernetes Service (EKS)](add_eks_clusters.md).
+
 ## Add existing cluster
 
 If you have an existing Kubernetes cluster, you can add it to a project, group, or instance.
 
 For more information, see information for adding an:
 
-- [Existing Kubernetes cluster](#existing-kubernetes-cluster).
-- [Existing Elastic Kubernetes Service cluster](add_new_eks_cluster.md#existing-eks-cluster).
+- [Existing Kubernetes cluster](#existing-kubernetes-cluster), including GKE clusters.
+- [Existing EKS cluster](add_eks_clusters.md#existing-eks-cluster).
 
 NOTE: **Note:**
 Kubernetes integration is not supported for arm64 clusters. See the issue
@@ -152,9 +152,9 @@ Kubernetes integration is not supported for arm64 clusters. See the issue
 To add a Kubernetes cluster to your project, group, or instance:
 
 1. Navigate to your:
-   - Project's **Operations > Kubernetes** page, for a project-level cluster.
-   - Group's **Kubernetes** page, for a group-level cluster.
-   - **Admin Area > Kubernetes** page, for an instance-level cluster.
+   - Project's **{cloud-gear}** **Operations > Kubernetes** page, for a project-level cluster.
+   - Group's **{cloud-gear}** **Kubernetes** page, for a group-level cluster.
+   - **{admin}** **Admin Area >** **{cloud-gear}** **Kubernetes** page, for an instance-level cluster.
 1. Click **Add Kubernetes cluster**.
 1. Click the **Add existing cluster** tab and fill in the details:
    - **Kubernetes cluster name** (required) - The name you wish to give the cluster.
@@ -162,8 +162,8 @@ To add a Kubernetes cluster to your project, group, or instance:
      [associated environment](index.md#setting-the-environment-scope-premium) to this cluster.
    - **API URL** (required) -
      It's the URL that GitLab uses to access the Kubernetes API. Kubernetes
-     exposes several APIs, we want the "base" URL that is common to all of them,
-     e.g., `https://kubernetes.example.com` rather than `https://kubernetes.example.com/api/v1`.
+     exposes several APIs, we want the "base" URL that is common to all of them.
+     For example, `https://kubernetes.example.com` rather than `https://kubernetes.example.com/api/v1`.
 
      Get the API URL by running this command:
 

doc/user/project/clusters/eks_and_gitlab/index.md

 ---
-redirect_to: '../add_new_eks_cluster.md#existing-eks-cluster'
+redirect_to: '../add_eks_clusters.md#existing-eks-cluster'
 ---
 
-This document was moved to [another location](../add_new_eks_cluster.md#existing-eks-cluster).
+This document was moved to [another location](../add_eks_clusters.md#existing-eks-cluster).

doc/user/project/clusters/index.md

@@ -238,7 +238,7 @@ The result will then be:
 
 With GitLab Premium, you can associate more than one Kubernetes cluster to your
 project. That way you can have different clusters for different environments,
-like dev, staging, production, etc.
+like dev, staging, production, and so on.
 
 Simply add another cluster, like you did the first time, and make sure to
 [set an environment scope](#setting-the-environment-scope-premium) that will
@@ -247,7 +247,7 @@ differentiate the new cluster with the rest.
 ## Installing applications
 
 GitLab can install and manage some applications like Helm, GitLab Runner, Ingress,
-Prometheus, etc., in your project-level cluster. For more information on
+Prometheus, and so on, in your project-level cluster. For more information on
 installing, upgrading, uninstalling, and troubleshooting applications for
 your project cluster, see
 [GitLab Managed Apps](../../clusters/applications.md).

lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml

@@ -109,7 +109,7 @@ gemnasium-maven-dependency_scanning:
     variables:
       - $GITLAB_FEATURES =~ /\bdependency_scanning\b/ &&
         $DS_DEFAULT_ANALYZERS =~ /gemnasium-maven/ &&
-        $CI_PROJECT_REPOSITORY_LANGUAGES =~ /\bjava\b/
+        $CI_PROJECT_REPOSITORY_LANGUAGES =~ /\b(java|scala)\b/
 
 gemnasium-python-dependency_scanning:
   extends: .ds-analyzer