Commit 7e2bd2fb authored by GitLab Bot's avatar GitLab Bot

Merge remote-tracking branch 'upstream/master' into ce-to-ee-2018-11-23

# Conflicts:
#	doc/

[ci skip]
parents 6afe9888 fbbe5ccd
......@@ -26,6 +26,7 @@ export default class Clusters {
......@@ -48,6 +49,7 @@ export default class Clusters {
endpoint: statusPath,
installHelmEndpoint: installHelmPath,
installIngressEndpoint: installIngressPath,
installCertManagerEndpoint: installCertManagerPath,
installRunnerEndpoint: installRunnerPath,
installPrometheusEndpoint: installPrometheusPath,
installJupyterEndpoint: installJupyterPath,
......@@ -7,6 +7,7 @@ import helmLogo from 'images/cluster_app_logos/helm.png';
import jeagerLogo from 'images/cluster_app_logos/jeager.png';
import jupyterhubLogo from 'images/cluster_app_logos/jupyterhub.png';
import kubernetesLogo from 'images/cluster_app_logos/kubernetes.png';
import certManagerLogo from 'images/cluster_app_logos/cert_manager.png';
import knativeLogo from 'images/cluster_app_logos/knative.png';
import meltanoLogo from 'images/cluster_app_logos/meltano.png';
import prometheusLogo from 'images/cluster_app_logos/prometheus.png';
......@@ -59,6 +60,7 @@ export default {
......@@ -124,6 +126,23 @@ export default {
certManagerDescription() {
return sprintf(
`ClusterIntegration|cert-manager is a native Kubernetes certificate management controller that helps with issuing certificates.
Installing cert-manager on your cluster will issue a certificate by %{letsEncrypt} and ensure that certificates
are valid and up to date.`,
letsEncrypt: `<a href=""
target="_blank" rel="noopener noreferrer">
${_.escape(s__("ClusterIntegration|Let's Encrypt"))}</a>`,
prometheusDescription() {
return sprintf(
......@@ -265,6 +284,24 @@ export default {
<div v-html="ingressDescription"></div>
class="hide-bottom-border rounded-bottom"
......@@ -6,6 +6,7 @@ export default class ClusterService {
this.appInstallEndpointMap = {
helm: this.options.installHelmEndpoint,
ingress: this.options.installIngressEndpoint,
cert_manager: this.options.installCertManagerEndpoint,
runner: this.options.installRunnerEndpoint,
prometheus: this.options.installPrometheusEndpoint,
jupyter: this.options.installJupyterEndpoint,
......@@ -24,6 +24,13 @@ export default class ClusterStore {
requestReason: null,
externalIp: null,
cert_manager: {
title: s__('ClusterIntegration|Cert-Manager'),
status: null,
statusReason: null,
requestStatus: null,
requestReason: null,
runner: {
title: s__('ClusterIntegration|GitLab Runner'),
status: null,
......@@ -40,7 +40,8 @@ class Profiles::KeysController < Profiles::ApplicationController
user =[:username]).find_by_username
if user.present?
render text: user.all_ssh_keys.join("\n"), content_type: "text/plain"
headers['Content-Disposition'] = 'attachment'
render text: user.all_ssh_keys.join("\n"), content_type: 'text/plain'
return render_404
......@@ -210,7 +210,14 @@ class IssuableFinder
def filter_by_no_label?
labels? && params[:label_name].include?(Label::None.title)
downcased =
# Label::NONE is deprecated and should be removed in 12.0
downcased.include?(FILTER_NONE) || downcased.include?(Label::NONE)
def filter_by_any_label?
def labels
......@@ -465,6 +472,8 @@ class IssuableFinder
items =
if filter_by_no_label?
elsif filter_by_any_label?
items.with_label(label_names, params[:sort])
# frozen_string_literal: true
module Clusters
module Applications
class CertManager < ActiveRecord::Base
VERSION = 'v0.5.0'.freeze
self.table_name = 'clusters_applications_cert_managers'
include ::Clusters::Concerns::ApplicationCore
include ::Clusters::Concerns::ApplicationStatus
include ::Clusters::Concerns::ApplicationVersion
include ::Clusters::Concerns::ApplicationData
default_value_for :version, VERSION
validates :email, presence: true
def chart
def install_command
name: 'certmanager',
version: VERSION,
rbac: cluster.platform_kubernetes_rbac?,
chart: chart,
files: files.merge(cluster_issuer_file),
postinstall: post_install_script
def post_install_script
["/usr/bin/kubectl create -f /data/helm/certmanager/config/cluster_issuer.yaml"]
def cluster_issuer_file
'cluster_issuer.yaml': cluster_issuer_yaml_content
def cluster_issuer_yaml_content
def cluster_issuer_content
def cluster_issue_overlay
{ "spec" => { "acme" => { "email" => } } }
def cluster_issuer_file_path
Rails.root.join('vendor', 'cert_manager', 'cluster_issuer.yaml')
......@@ -10,6 +10,7 @@ module Clusters
Applications::Helm.application_name => Applications::Helm,
Applications::Ingress.application_name => Applications::Ingress,
Applications::CertManager.application_name => Applications::CertManager,
Applications::Prometheus.application_name => Applications::Prometheus,
Applications::Runner.application_name => Applications::Runner,
Applications::Jupyter.application_name => Applications::Jupyter,
......@@ -33,6 +34,7 @@ module Clusters
has_one :application_helm, class_name: 'Clusters::Applications::Helm'
has_one :application_ingress, class_name: 'Clusters::Applications::Ingress'
has_one :application_cert_manager, class_name: 'Clusters::Applications::CertManager'
has_one :application_prometheus, class_name: 'Clusters::Applications::Prometheus'
has_one :application_runner, class_name: 'Clusters::Applications::Runner'
has_one :application_jupyter, class_name: 'Clusters::Applications::Jupyter'
......@@ -100,6 +102,7 @@ module Clusters
application_helm || build_application_helm,
application_ingress || build_application_ingress,
application_cert_manager || build_application_cert_manager,
application_prometheus || build_application_prometheus,
application_runner || build_application_runner,
application_jupyter || build_application_jupyter,
......@@ -90,6 +90,7 @@ module Issuable
scope :order_milestone_due_asc, -> { left_joins_milestones.reorder('milestones.due_date IS NULL, IS NULL, milestones.due_date ASC') }
scope :without_label, -> { joins("LEFT OUTER JOIN label_links ON label_links.target_type = '#{name}' AND label_links.target_id = #{table_name}.id").where(label_links: { id: nil }) }
scope :any_label, -> { joins(:label_links).group(:id) }
scope :join_project, -> { joins(:project) }
scope :inc_notes_with_associations, -> { includes(notes: [:project, :author, :award_emoji]) }
scope :references_project, -> { references(:project) }
......@@ -9,15 +9,10 @@ class Label < ActiveRecord::Base
include Sortable
include FromUnion
# Represents a "No Label" state used for filtering Issues and Merge
# Requests that have no label assigned.
LabelStruct =, :name)
None ='No Label', 'No Label')
Any ='Any Label', '')
cache_markdown_field :description, pipeline: :single_line
DEFAULT_COLOR = '#428BCA'.freeze
NONE = 'no label'
default_value_for :color, DEFAULT_COLOR
......@@ -19,6 +19,10 @@ module Clusters
application.hostname = params[:hostname]
if application.has_attribute?(:email) =
if application.respond_to?(:oauth_application)
application.oauth_application = create_oauth_application(application, request)
......@@ -42,7 +46,8 @@ module Clusters
def builders
"helm" => -> (cluster) { cluster.application_helm || cluster.build_application_helm },
"ingress" => -> (cluster) { cluster.application_ingress || cluster.build_application_ingress }
"ingress" => -> (cluster) { cluster.application_ingress || cluster.build_application_ingress },
"cert_manager" => -> (cluster) { cluster.application_cert_manager || cluster.build_application_cert_manager }
}.tap do |hash|
hash.merge!(project_builders) if cluster.project_type?
......@@ -10,6 +10,7 @@
.edit-cluster-form.js-edit-cluster-form{ data: { status_path: status_path,
install_helm_path: clusterable.install_applications_cluster_path(@cluster, :helm),
install_ingress_path: clusterable.install_applications_cluster_path(@cluster, :ingress),
install_cert_manager_path: clusterable.install_applications_cluster_path(@cluster, :cert_manager),
install_prometheus_path: clusterable.install_applications_cluster_path(@cluster, :prometheus),
install_runner_path: clusterable.install_applications_cluster_path(@cluster, :runner),
install_jupyter_path: clusterable.install_applications_cluster_path(@cluster, :jupyter),
title: Filter by None/Any for labels in issues/mrs API
merge_request: 22622
author: Jacopo Beschi @jacopo-beschi
type: added
title: removes partially matching of No Label filter and makes it case-insensitive
merge_request: 22622
author: Jacopo Beschi @jacopo-beschi
type: changed
title: "#40635: Adds support for cert-manager"
merge_request: 23036
author: Amit Rathi
type: added
title: Force content disposition attachment to several endpoints
merge_request: 23223
type: other
# frozen_string_literal: true
class CreateClustersApplicationsCertManager < ActiveRecord::Migration
include Gitlab::Database::MigrationHelpers
DOWNTIME = false
def change
create_table :clusters_applications_cert_managers do |t|
t.references :cluster, null: false, index: false, foreign_key: { on_delete: :cascade }
t.integer :status, null: false
t.string :version, null: false
t.string :email, null: false
t.timestamps_with_timezone null: false
t.text :status_reason
t.index :cluster_id, unique: true
......@@ -756,6 +756,17 @@ ActiveRecord::Schema.define(version: 20181112103239) do
t.index ["user_id"], name: "index_clusters_on_user_id", using: :btree
create_table "clusters_applications_cert_managers", force: :cascade do |t|
t.integer "cluster_id", null: false
t.integer "status", null: false
t.string "version", null: false
t.string "email", null: false
t.datetime_with_timezone "created_at", null: false
t.datetime_with_timezone "updated_at", null: false
t.text "status_reason"
t.index ["cluster_id"], name: "index_clusters_applications_cert_managers_on_cluster_id", unique: true, using: :btree
create_table "clusters_applications_helm", force: :cascade do |t|
t.integer "cluster_id", null: false
t.datetime "created_at", null: false
......@@ -3125,6 +3136,7 @@ ActiveRecord::Schema.define(version: 20181112103239) do
add_foreign_key "cluster_projects", "projects", on_delete: :cascade
add_foreign_key "cluster_providers_gcp", "clusters", on_delete: :cascade
add_foreign_key "clusters", "users", on_delete: :nullify
add_foreign_key "clusters_applications_cert_managers", "clusters", on_delete: :cascade
add_foreign_key "clusters_applications_helm", "clusters", on_delete: :cascade
add_foreign_key "clusters_applications_ingress", "clusters", on_delete: :cascade
add_foreign_key "clusters_applications_jupyter", "clusters", on_delete: :cascade
......@@ -65,6 +65,7 @@ The following sections provide links to documentation for each DevOps stage:
Back to Overview <i class="fa fa-angle-double-up" aria-hidden="true"></i>
<<<<<<< HEAD
### Manage
......@@ -91,22 +92,59 @@ Whether you use Waterfall, Agile, or Conversational Development, GitLab streamli
Visualize, prioritize, coordinate, and track your progress your way with GitLab’s flexible project
management tools.
### Manage
GitLab provides statistics and insight into ways you can maximize the value of GitLab in your organization.
The following documentation relates to the DevOps **Manage** stage:
| Manage Topics | Description |
| [Authentication and Authorization](administration/auth/ **[CORE ONLY]** | Supported authentication and authorization providers. |
| [GitLab Cycle Analytics](user/project/ | Measure the time it takes to go from an [idea to production]( for each project you have. |
| [Instance Statistics](user/instance_statistics/ | Discover statistics on how many GitLab features you use and user activity. |
<div align="right">
<a type="button" class="btn btn-default" href="#overview">
Back to Overview <i class="fa fa-angle-double-up" aria-hidden="true"></i>
### Plan
Whether you use Waterfall, Agile, or Conversational Development, GitLab streamlines your collaborative workflows.
Visualize, prioritize, coordinate, and track your progress your way with GitLab’s flexible project
management tools.
>>>>>>> upstream/master
The following documentation relates to the DevOps **Plan** stage:
| Plan Topics | Description |
<<<<<<< HEAD
| [Burndown Charts](user/project/milestones/ **[STARTER]** | Watch your project's progress throughout a specific milestone. |
| [Discussions](user/discussions/ | Threads, comments, and resolvable discussions in issues, commits, and merge requests. |
| [Due Dates](user/project/issues/ | Keep track of issue deadlines. |
| [Epics](user/group/epics/ **[ULTIMATE]** | Tracking groups of issues that share a theme. |
| [Discussions](user/discussions/ | Threads, comments, and resolvable discussions in issues, commits, and merge requests. |
| [Due Dates](user/project/issues/ | Keep track of issue deadlines. |
| [Quick Actions](user/project/ | Shortcuts for common actions on issues or merge requests, replacing the need to click buttons or use dropdowns in GitLab's UI. |
>>>>>>> upstream/master
| [Issues](user/project/issues/, including [confidential issues](user/project/issues/, [issue and merge request templates](user/project/, and [moving issues](user/project/issues/ | Project issues, restricting access to issues, create templates for submitting new issues and merge requests, and moving issues between projects. |
| [Labels](user/project/ | Categorize issues or merge requests with descriptive labels. |
| [Milestones](user/project/milestones/ | Set milestones for delivery of issues and merge requests, with optional due date. |
| [Project Issue Board](user/project/ | Display issues on a Scrum or Kanban board. |
<<<<<<< HEAD
| [Quick Actions](user/project/ | Shortcuts for common actions on issues or merge requests, replacing the need to click buttons or use dropdowns in GitLab's UI. |
| [Related Issues](user/project/issues/ **[STARTER]** | Create a relationship between issues. |
| [Roadmap](user/group/roadmap/ **[ULTIMATE]** | Visualize epic timelines. |
| [Service Desk](user/project/ **[PREMIUM]** | A simple way to allow people to create issues in your GitLab instance without needing their own user account. |
>>>>>>> upstream/master
| [Time Tracking](workflow/ | Track time spent on issues and merge requests. |
| [Todos](workflow/ | Keep track of work requiring attention with a chronological list displayed on a simple dashboard. |
......@@ -126,6 +164,7 @@ controls, providing a scalable, single source of truth for collaborating
on projects and code.
The following documentation relates to the DevOps **Create** stage:
<<<<<<< HEAD
#### Projects and Groups
......@@ -168,6 +207,50 @@ The following documentation relates to the DevOps **Create** stage:
| [Repository mirroring](workflow/ **[STARTER]** | Push to or pull from repositories outside of GitLab |
| [Start a merge request](user/project/repository/ | Start merge request when committing via GitLab's user interface. |
<div align="right">
<a type="button" class="btn btn-default" href="#overview">
Back to Overview <i class="fa fa-angle-double-up" aria-hidden="true"></i>
#### Projects and Groups
>>>>>>> upstream/master
| Create Topics - Projects and Groups | Description |
| [Create](gitlab-basics/ and [fork](gitlab-basics/ projects, and [import and export projects between instances](user/project/settings/ | Create, duplicate, and move projects. |
| [GitLab Pages](user/project/pages/ | Build, test, and deploy your static website with GitLab Pages. |
| [Groups](user/group/ and [Subgroups](user/group/subgroups/ | Organize your projects in groups. |
| [Projects](user/project/, including [project access](public_access/ and [settings](user/project/settings/ | Host source code, and control your project's visibility and set configuration. |
| [Search through GitLab](user/search/ | Search for issues, merge requests, projects, groups, and todos. |
| [Snippets](user/ | Snippets allow you to create little bits of code. |
| [Web IDE](user/project/web_ide/ | Edit files within GitLab's user interface. |
| [Wikis](user/project/wiki/ | Enhance your repository documentation with built-in wikis. |
<<<<<<< HEAD
<div align="right">
<a type="button" class="btn btn-default" href="#overview">
Back to Overview <i class="fa fa-angle-double-up" aria-hidden="true"></i>
#### Repositories
| Create Topics - Repositories | Description |
| [Branches](user/project/repository/branches/ and the [default branch](user/project/repository/branches/ | How to use branches in GitLab. |
| [Commits](user/project/repository/ and [signing commits](user/project/repository/gpg_signed_commits/ | Work with commits, and use GPG to sign your commits. |
| [Create branches](user/project/repository/, [create](user/project/repository/ and [upload](user/project/repository/ files, and [create directories](user/project/repository/ | Create branches, create and upload files, and create directories within GitLab. |
| [Delete merged branches](user/project/repository/branches/ | Bulk delete branches after their changes are merged. |
| [File templates](user/project/repository/ | File templates for common files. |
| [Files](user/project/repository/ | Files management. |
| [Jupyter Notebook files](user/project/repository/ | GitLab's support for `.ipynb` files. |
| [Protected branches](user/project/ | Use protected branches. |
| [Repositories](user/project/repository/ | Manage source code repositories in GitLab's user interface. |
| [Start a merge request](user/project/repository/ | Start merge request when committing via GitLab's user interface. |
<div align="right">
<a type="button" class="btn btn-default" href="#overview">
Back to Overview <i class="fa fa-angle-double-up" aria-hidden="true"></i>
......@@ -176,6 +259,7 @@ The following documentation relates to the DevOps **Create** stage:
#### Merge Requests
>>>>>>> upstream/master
| Create Topics - Merge Requests | Description |
| [Checking out merge requests locally](user/project/merge_requests/ | Tips for working with merge requests locally. |
......@@ -192,6 +276,7 @@ The following documentation relates to the DevOps **Create** stage:
#### Integration and Automation
<<<<<<< HEAD
| Create Topics - Integration and Automation | Description |
| [GitLab API](api/ | Integrate GitLab via a simple and powerful API. |
......@@ -200,6 +285,15 @@ The following documentation relates to the DevOps **Create** stage:
| [JIRA Development Panel](integration/ **[PREMIUM]** | See GitLab information in the JIRA Development Panel. |
| [Project Services](user/project/integrations/ | Integrate a project with external services, such as CI and chat. |
| [Trello Power-Up](integration/ | Integrate with GitLab's Trello Power-Up. |
| Create Topics - Integration and Automation | Description |
| [GitLab API](api/ | Integrate GitLab via a simple and powerful API. |
| [GitLab Integration](integration/ | Integrate with multiple third-party services with GitLab to allow external issue trackers and external authentication. |
| [GitLab Webhooks](user/project/integrations/ | Let GitLab notify you when new code has been pushed to your project. |
| [Project Services](user/project/integrations/ | Integrate a project with external services, such as CI and chat. |
| [Trello Power-Up](integration/ | Integrate with GitLab's Trello Power-Up. |
>>>>>>> upstream/master
<div align="right">
<a type="button" class="btn btn-default" href="#overview">
......@@ -219,6 +313,7 @@ scales to run your tests faster.
The following documentation relates to the DevOps **Verify** stage:
<<<<<<< HEAD
| Verify Topics | Description |
| [Code Quality reports](user/project/merge_requests/ **[STARTER]** | Analyze source code quality. |
......@@ -227,6 +322,14 @@ The following documentation relates to the DevOps **Verify** stage:
| [Multi-project pipelines](ci/ **[PREMIUM]** | Visualize entire pipelines that span multiple projects, including all cross-project inter-dependencies. |
| [Pipeline Graphs](ci/ | Visualize builds. |
| [Review Apps](ci/review_apps/ | Preview changes to your application right from a merge request. |
| Verify Topics | Description |
| [GitLab CI/CD](ci/ | Explore the features and capabilities of Continuous Integration with GitLab. |
| [JUnit test reports](ci/ | Display JUnit test reports on merge requests. |
| [Pipeline Graphs](ci/ | Visualize builds. |
| [Review Apps](ci/review_apps/ | Preview changes to your application right from a merge request. |
>>>>>>> upstream/master
<div align="right">
<a type="button" class="btn btn-default" href="#overview">
......@@ -260,6 +363,7 @@ confidently and securely with GitLab’s built-in Continuous Delivery and Deploy
The following documentation relates to the DevOps **Release** stage:
<<<<<<< HEAD
| Release Topics | Description |
| [Auto Deploy](topics/autodevops/ | Configure GitLab for the deployment of your application. |
......@@ -271,6 +375,16 @@ The following documentation relates to the DevOps **Release** stage:
| [GitLab Pages](user/project/pages/ | Build, test, and deploy a static site directly from GitLab. |
| [Protected Runners](ci/runners/ | Select Runners to only pick jobs for protected branches and tags. |
| [Scheduled Pipelines](user/project/pipelines/ | Execute pipelines on a schedule. |
| Release Topics | Description |
| [Auto Deploy](topics/autodevops/ | Configure GitLab for the deployment of your application. |
| [Environments and deployments](ci/ | With environments, you can control the continuous deployment of your software within GitLab. |
| [GitLab CI/CD](ci/ | Explore the features and capabilities of Continuous Deployment and Delivery with GitLab. |
| [GitLab Pages](user/project/pages/ | Build, test, and deploy a static site directly from GitLab. |
| [Protected Runners](ci/runners/ | Select Runners to only pick jobs for protected branches and tags. |
| [Scheduled Pipelines](user/project/pipelines/ | Execute pipelines on a schedule. |
>>>>>>> upstream/master
<div align="right">
<a type="button" class="btn btn-default" href="#overview">
......@@ -291,10 +405,15 @@ The following documentation relates to the DevOps **Configure** stage:
| [Auto DevOps](topics/autodevops/ | Automatically employ a complete DevOps lifecycle. |
| [Easy creation of Kubernetes clusters on GKE](user/project/clusters/ | Use Google Kubernetes Engine and GitLab. |
| [Executable Runbooks](user/project/clusters/runbooks/ | Documented procedures that explain how to carry out particular processes. |
<<<<<<< HEAD
| [GitLab ChatOps](ci/chatops/ **[ULTIMATE]** | Interact with CI/CD jobs through chat services. |
| [Installing Applications](user/project/clusters/ | Deploy Helm, Ingress, and Prometheus on Kubernetes. |
| [Mattermost slash commands](user/project/integrations/ | Enable and use slash commands from within Mattermost. |
| [Multiple Kubernetes Clusters](user/project/clusters/ **[PREMIUM]** | Associate more than one Kubernetes clusters to your project. |
| [Installing Applications](user/project/clusters/ | Deploy Helm, Ingress, and Prometheus on Kubernetes. |
| [Mattermost slash commands](user/project/integrations/ | Enable and use slash commands from within Mattermost. |
>>>>>>> upstream/master
| [Protected variables](ci/variables/ | Restrict variables to protected branches and tags. |
| [Slack slash commands](user/project/integrations/ | Enable and use slash commands from within Slack. |
......@@ -307,6 +426,7 @@ The following documentation relates to the DevOps **Configure** stage:
### Monitor
Ensure your applications are always responsive and available.
<<<<<<< HEAD
GitLab collects and displays performance metrics for deployed applications so you can know in an
instant how code changes impact your production environment.
......@@ -346,6 +466,40 @@ The following documentation relates to the DevOps **Secure** stage:
| [License Management](user/project/merge_requests/ **[ULTIMATE]** | Search your project's dependencies for their licenses. |
| [Project Security Dashboard](user/project/ **[ULTIMATE]** | View the latest security reports for your project. |
| [Static Application Security Testing (SAST)](user/project/merge_requests/ **[ULTIMATE]** | Analyze source code for known vulnerabilities. |
GitLab collects and displays performance metrics for deployed applications so you can know in an
instant how code changes impact your production environment.
The following documentation relates to the DevOps **Monitor** stage:
| Monitor Topics | Description |
| [GitLab Performance Monitoring](administration/monitoring/performance/ **[CORE ONLY]** | Use InfluxDB and Grafana to monitor the performance of your GitLab instance (will be eventually replaced by Prometheus). |
| [GitLab Prometheus](administration/monitoring/prometheus/ **[CORE ONLY]** | Configure the bundled Prometheus to collect various metrics from your GitLab instance. |
| [Health check](user/admin_area/monitoring/ | GitLab provides liveness and readiness probes to indicate service health and reachability to required services. |
| [Prometheus project integration](user/project/integrations/ | Configure the Prometheus integration per project and monitor your CI/CD environments. |
| [Prometheus metrics](user/project/integrations/prometheus_library/ | Let Prometheus collect metrics from various services, like Kubernetes, NGINX, NGINX ingress controller, HAProxy, and Amazon Cloud Watch. |
<div align="right">
<a type="button" class="btn btn-default" href="#overview">
Back to Overview <i class="fa fa-angle-double-up" aria-hidden="true"></i>
### Secure
GitLab can help you secure your applications from within your development lifecycle.
The following documentation relates to the DevOps **Secure** stage:
| Monitor Topics | Description |
| [Container Scanning example](ci/examples/ | `.gitlab-ci.yml` example of using Clair and clair-scanner to scan docker images for known vulnerabilities. |
NOTE: **Note:**
Viewing [Container Scanning reports]( within merge requests requires [GitLab Ultimate](
>>>>>>> upstream/master
## Subscribe to GitLab
......@@ -394,6 +548,68 @@ The following resources are available for more information on GitLab self-manage is hosted, managed, and administered by GitLab, Inc., with
[free and paid subscriptions]( for individuals
and teams in the following tiers:
<<<<<<< HEAD
| Tier | Includes same features available in |
| Free | [Core](#gitlab-self-managed) self-managed tier. |
| Bronze | [Starter](#gitlab-self-managed) self-managed tier. |
| Silver | [Premium](#gitlab-self-managed) self-managed tier. |
| Gold | [Ultimate](#gitlab-self-managed) self-managed tier. | subscriptions grant access
to the same features available in GitLab self-managed, **except
[administration](administration/ tools and settings**.
TIP: **Tip:**
To support the open source community and encourage the development of open source projects, GitLab grants access to **Gold** features for all **public** projects, regardless of the subscription.
The following resources are available for more information on
- [Feature comparison](, for information on what features are available at each tier.
- [GitLab pricing page](, for subscription information and a free trial.
- Our [product marketing page](, for additional information including:
- How [different tiers are licensed](
- The different [GitLab distributions](
<div align="right">
<a type="button" class="btn btn-default" href="#overview">
Back to Overview <i class="fa fa-angle-double-up" aria-hidden="true"></i>
## New to Git and GitLab?
Working with new systems can be daunting.
We have the following documentation to rapidly uplift your GitLab knowledge:
| Topic | Description |
| [GitLab Basics](gitlab-basics/ | Start working on the command line and with GitLab. |
| [GitLab Workflow](workflow/ and [overview]( | Enhance your workflow with the best of GitLab Workflow. |
| [Get started with GitLab CI/CD](ci/quick_start/ | Quickly implement GitLab CI/CD. |
| [Auto DevOps](topics/autodevops/ | Learn more about GitLab's Auto DevOps. |
| [GitLab Markdown](user/ | GitLab's advanced formatting system (GitLab Flavored Markdown) |
<div align="right">
<a type="button" class="btn btn-default" href="#overview">
Back to Overview <i class="fa fa-angle-double-up" aria-hidden="true"></i>
### User account
Learn more about GitLab account management:
| Topic | Description |
| [User account](user/profile/ | Manage your account. |
| [Authentication](topics/authentication/ | Account security with two-factor authentication, set up your ssh keys, and deploy keys for secure access to your projects. |
| [Profile settings](user/profile/ | Manage your profile settings, two factor authentication, and more. |
| [User permissions](user/ | Learn what each role in a project can do. |
| Tier | Includes same features available in |
......@@ -454,6 +670,7 @@ Learn more about GitLab account management:
| [Profile settings](user/profile/ | Manage your profile settings, two factor authentication, and more. |
| [User permissions](user/ | Learn what each role in a project can do. |
>>>>>>> upstream/master
<div align="right">
<a type="button" class="btn btn-default" href="#overview">
Back to Overview <i class="fa fa-angle-double-up" aria-hidden="true"></i>
......@@ -156,6 +156,20 @@ Sample Prometheus queries:
- **Data transmitted:** `rate(node_network_transmit_bytes_total{device!="lo"}[5m])`
- **Data received:** `rate(node_network_receive_bytes_total{device!="lo"}[5m])`
## Prometheus as a Grafana data source
Grafana allows you to import Prometheus performance metrics as a data source
and render the metrics as graphs and dashboards which is helpful with visualisation.
To add a Prometheus dashboard for a single server GitLab setup:
1. Create a new data source in Grafana.
1. Name your data source i.e GitLab.
1. Select `Prometheus` in the type drop down.
1. Add your Prometheus listen address as the URL and set access to `Browser`.
1. Set the HTTP method to `GET`.
1. Save & Test your configuration to verify that it works.
## GitLab metrics
> Introduced in GitLab 9.3.
......@@ -36,7 +36,7 @@ GET /issues?my_reaction_emoji=star
| Attribute | Type | Required | Description |
| ------------------- | ---------------- | ---------- | --------------------------------------------------------------------------------------------------------------------------------------------------- |
| `state` | string | no | Return all issues or just those that are `opened` or `closed` |
| `labels` | string | no | Comma-separated list of label names, issues must have all labels to be returned. `No+Label` lists all issues with no labels |
| `labels` | string | no | Comma-separated list of label names, issues must have all labels to be returned. `None` lists all issues with no labels. `Any` lists all issues with at least one label. `No+Label` (Deprecated) lists all issues with no labels. Predefined names are case-insensitive. |
| `milestone` | string | no | The milestone title. `None` lists all issues with no milestone. `Any` lists all issues that have an assigned milestone. |
| `scope` | string | no | Return issues for the given scope: `created_by_me`, `assigned_to_me` or `all`. Defaults to `created_by_me`<br> For versions before 11.0, use the now deprecated `created-by-me` or `assigned-to-me` scopes instead.<br> _([Introduced][ce-13004] in GitLab 9.5. [Changed to snake_case][ce-18935] in GitLab 11.0)_ |
| `author_id` | integer | no | Return issues created by the given user `id`. Combine with `scope=all` or `scope=assigned_to_me`. _([Introduced][ce-13004] in GitLab 9.5)_ |
......@@ -151,7 +151,7 @@ GET /groups/:id/issues?my_reaction_emoji=star
| ------------------- | ---------------- | ---------- | ----------------------------------------------------------------------------------------------------------------------------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the group]( owned by the authenticated user |
| `state` | string | no | Return all issues or just those that are `opened` or `closed` |
| `labels` | string | no | Comma-separated list of label names, issues must have all labels to be returned. `No+Label` lists all issues with no labels |
| `labels` | string | no | Comma-separated list of label names, issues must have all labels to be returned. `None` lists all issues with no labels. `Any` lists all issues with at least one label. `No+Label` (Deprecated) lists all issues with no labels. Predefined names are case-insensitive. |
| `iids[]` | Array[integer] | no | Return only the issues having the given `iid` |
| `milestone` | string | no | The milestone title. `None` lists all issues with no milestone. `Any` lists all issues that have an assigned milestone. |
| `scope` | string | no | Return issues for the given scope: `created_by_me`, `assigned_to_me` or `all`.<br> For versions before 11.0, use the now deprecated `created-by-me` or `assigned-to-me` scopes instead.<br> _([Introduced][ce-13004] in GitLab 9.5. [Changed to snake_case][ce-18935] in GitLab 11.0)_ |
......@@ -268,7 +268,7 @@ GET /projects/:id/issues?my_reaction_emoji=star
| `id` | integer/string | yes | The ID or [URL-encoded path of the project]( owned by the authenticated user |
| `iids[]` | Array[integer] | no | Return only the milestone having the given `iid` |
| `state` | string | no | Return all issues or just those that are `opened` or `closed` |
| `labels` | string | no | Comma-separated list of label names, issues must have all labels to be returned. `No+Label` lists all issues with no labels |
| `labels` | string | no | Comma-separated list of label names, issues must have all labels to be returned. `None` lists all issues with no labels. `Any` lists all issues with at least one label. `No+Label` (Deprecated) lists all issues with no labels. Predefined names are case-insensitive. |
| `milestone` | string | no | The milestone title. `None` lists all issues with no milestone. `Any` lists all issues that have an assigned milestone. |
| `scope` | string | no | Return issues for the given scope: `created_by_me`, `assigned_to_me` or `all`.<br> For versions before 11.0, use the now deprecated `created-by-me` or `assigned-to-me` scopes instead.<br> _([Introduced][ce-13004] in GitLab 9.5. [Changed to snake_case][ce-18935] in GitLab 11.0)_ |
| `author_id` | integer | no | Return issues created by the given user `id` _([Introduced][ce-13004] in GitLab 9.5)_ |
......@@ -35,7 +35,7 @@ Parameters:
| `sort` | string | no | Return requests sorted in `asc` or `desc` order. Default is `desc` |
| `milestone` | string | no | Return merge requests for a specific milestone. `None` returns merge requests with no milestone. `Any` returns merge requests that have an assigned milestone. |
| `view` | string | no | If `simple`, returns the `iid`, URL, title, description, and basic state of merge request |
| `labels` | string | no | Return merge requests matching a comma separated list of labels |
| `labels` | string | no | Return merge requests matching a comma separated list of labels. `None` lists all merge requests with no labels. `Any` lists all merge requests with at least one label. `No+Label` (Deprecated) lists all merge requests with no labels. Predefined names are case-insensitive. |
| `created_after` | datetime | no | Return merge requests created on or after the given time |
| `created_before` | datetime | no | Return merge requests created on or before the given time |
| `updated_after` | datetime | no | Return merge requests updated on or after the given time |
......@@ -171,7 +171,7 @@ Parameters:
| `sort` | string | no | Return requests sorted in `asc` or `desc` order. Default is `desc` |
| `milestone` | string | no | Return merge requests for a specific milestone. `None` returns merge requests with no milestone. `Any` returns merge requests that have an assigned milestone. |
| `view` | string | no | If `simple`, returns the `iid`, URL, title, description, and basic state of merge request |
| `labels` | string | no | Return merge requests matching a comma separated list of labels |
| `labels` | string | no | Return merge requests matching a comma separated list of labels. `None` lists all merge requests with no labels. `Any` lists all merge requests with at least one label. `No+Label` (Deprecated) lists all merge requests with no labels. Predefined names are case-insensitive. |
| `created_after` | datetime | no | Return merge requests created on or after the given time |
| `created_before` | datetime | no | Return merge requests created on or before the given time |
| `updated_after` | datetime | no | Return merge requests updated on or after the given time |
......@@ -296,7 +296,7 @@ Parameters:
| `sort` | string | no | Return merge requests sorted in `asc` or `desc` order. Default is `desc` |
| `milestone` | string | no | Return merge requests for a specific milestone. `None` returns merge requests with no milestone. `Any` returns merge requests that have an assigned milestone. |
| `view` | string | no | If `simple`, returns the `iid`, URL, title, description, and basic state of merge request |
| `labels` | string | no | Return merge requests matching a comma separated list of labels |
| `labels` | string | no | Return merge requests matching a comma separated list of labels. `None` lists all merge requests with no labels. `Any` lists all merge requests with at least one label. `No+Label` (Deprecated) lists all merge requests with no labels. Predefined names are case-insensitive. |
| `created_after` | datetime | no | Return merge requests created on or after the given time |
| `created_before` | datetime | no | Return merge requests created on or before the given time |
| `updated_after` | datetime | no | Return merge requests updated on or after the given time |
......@@ -673,7 +673,7 @@ POST /projects
| `shared_runners_enabled` | boolean | no | Enable shared runners for this project |
| `visibility` | string | no | See [project visibility level](#project-visibility-level) |
| `import_url` | string | no | URL to import repository from |
| `public_jobs` | boolean | no | If `true`, jobs can be viewed by non-project-members |
| `public_builds` | boolean | no | If `true`, jobs can be viewed by non-project-members |
| `only_allow_merge_if_pipeline_succeeds` | boolean | no | Set whether merge requests can only be merged with successful jobs |
| `only_allow_merge_if_all_discussions_are_resolved` | boolean | no | Set whether merge requests can only be merged when all the discussions are resolved |
| `merge_method` | string | no | Set the merge method used |
......@@ -718,7 +718,7 @@ POST /projects/user/:user_id
| `shared_runners_enabled` | boolean | no | Enable shared runners for this project |
| `visibility` | string | no | See [project visibility level](#project-visibility-level) |
| `import_url` | string | no | URL to import repository from |
| `public_jobs` | boolean | no | If `true`, jobs can be viewed by non-project-members |
| `public_builds` | boolean | no | If `true`, jobs can be viewed by non-project-members |
| `only_allow_merge_if_pipeline_succeeds` | boolean | no | Set whether merge requests can only be merged with successful jobs |
| `only_allow_merge_if_all_discussions_are_resolved` | boolean | no | Set whether merge requests can only be merged when all the discussions are resolved |
| `merge_method` | string | no | Set the merge method used |
......@@ -763,7 +763,7 @@ PUT /projects/:id
| `shared_runners_enabled` | boolean | no | Enable shared runners for this project |
| `visibility` | string | no | See [project visibility level](#project-visibility-level) |
| `import_url` | string | no | URL to import repository from |
| `public_jobs` | boolean | no | If `true`, jobs can be viewed by non-project-members |
| `public_builds` | boolean | no | If `true`, jobs can be viewed by non-project-members |
| `only_allow_merge_if_pipeline_succeeds` | boolean | no | Set whether merge requests can only be merged with successful jobs |
| `only_allow_merge_if_all_discussions_are_resolved` | boolean | no | Set whether merge requests can only be merged when all the discussions are resolved |
| `merge_method` | string | no | Set the merge method used |
......@@ -5,7 +5,14 @@ are very appreciative of the work done by translators and proofreaders!
## Proofreaders
- Albanian
- Proofreaders needed.
- Arabic
- Proofreaders needed.
- Bulgarian
- Lyubomir Vasilev - [Crowdin](
- Catalan
- Proofreaders needed.
- Chinese Simplified
- Huang Tao - [GitLab](, [Crowdin](
- Chinese Traditional
......@@ -14,13 +21,31 @@ are very appreciative of the work done by translators and proofreaders!
- Yi-Jyun Pan - [GitLab](, [Crowdin](
- Chinese Traditional, Hong Kong
- Huang Tao - [GitLab](, [Crowdin](
- Czech
- Proofreaders needed.
- Danish
- Proofreaders needed.
- Dutch
- Emily Hendle - [GitLab](, [Crowdin](
- Emily Hendle - [GitLab](, [Crowdin](
- Esperanto
- Lyubomir Vasilev - [Crowdin](
- Estonian
- Proofreaders needed.
- Filipino
- Proofreaders needed.
- French
- Davy Defaud - [GitLab](, [Crowdin](
- Galician
- Antón Méixome - [Crowdin](
- Pedro Garcia - [GitLab](, [Crowdin](
- German
- Michael Hahnle - [GitLab](, [Crowdin](
- Greek
- Proofreaders needed.
- Hebrew
- Proofreaders needed.
- Hungarian
- Proofreaders needed.
- Indonesian
- Ahmad Naufal Mukhtar - [GitLab](, [Crowdin](
- Italian
......@@ -32,19 +57,38 @@ are very appreciative of the work done by translators and proofreaders!
- Chang-Ho Cha - [GitLab](, [Crowdin](
- Huang Tao - [GitLab](, [Crowdin](
- Ji Hun Oh - [GitLab](, [Crowdin](
- Mongolian
- Proofreaders needed.
- Norwegian Bokmal
- Proofreaders needed.
- Polish
- Filip Mech - [GitLab](, [Crowdin](
- Portuguese
- Proofreaders needed.
- Portuguese, Brazilian
- Paulo George Gomes Bezerra - [GitLab](, [Crowdin](
- André Gama - [GitLab](, [Crowdin](
- Romanian
- Proofreaders needed.
- Russian
- Nikita Grylov - [GitLab](, [Crowdin](
- Alexy Lustin - [GitLab](, [Crowdin](
- NickVolynkin - [Crowdin](
- Serbian (Cyrillic)
- Proofreaders needed.
- Serbian (Latin)
- Proofreaders needed.
- Slovak
- Proofreaders needed.
- Spanish
- Pedro Garcia - [GitLab](, [Crowdin](
- Turkish
- Proofreaders needed.
- Ukrainian
- Volodymyr Sobotovych - [GitLab](, [Crowdin](
- Andrew Vityuk - [GitLab](, [Crowdin](
- Welsh
- Proofreaders needed.
## Become a proofreader
......@@ -92,11 +92,12 @@ If you are running GitLab within a Docker container, you can run the backup from
docker exec -t <container name> gitlab-rake gitlab:backup:create
If you are using the gitlab-omnibus helm chart on a Kubernetes cluster, you can
run the backup task on the gitlab application pod using kubectl:
If you are using the [GitLab helm chart]( on a
Kubernetes cluster, you can run the backup task using `backup-utility` script on
the gitlab task runner pod via `kubectl`. Refer to [backing up a GitLab installation]( for more details:
kubectl exec -it <gitlab-gitlab pod> gitlab-rake gitlab:backup:create
kubectl exec -it <gitlab task-runner pod> backup-utility
Example output:
......@@ -665,7 +666,7 @@ Restart GitLab:
sudo service gitlab restart
### Restore for Omnibus installations
### Restore for Omnibus GitLab installations
This procedure assumes that:
......@@ -714,10 +715,10 @@ If there is a GitLab version mismatch between your backup tar file and the insta
version of GitLab, the restore command will abort with an error. Install the
[correct GitLab version]( and try again.
### Restore for Docker image and gitlab-omnibus helm chart
### Restore for Docker image and GitLab helm chart installations
For GitLab installations using docker image or the gitlab-omnibus helm chart on
a Kubernetes cluster, restore task expects the restore directories to be empty.
For GitLab installations using the Docker image or the GitLab helm chart on
a Kubernetes cluster, the restore task expects the restore directories to be empty.
However, with docker and Kubernetes volume mounts, some system level directories
may be created at the volume roots, like `lost+found` directory found in Linux
operating systems. These directories are usually owned by `root`, which can
......@@ -728,19 +729,14 @@ directories are empty.
For both these installation types, the backup tarball has to be available in the
backup location (default location is `/var/opt/gitlab/backups`).
For docker installations, the restore task can be run from host using the
For docker installations, the restore task can be run from host:
docker exec -it <name of container> gitlab-rake gitlab:backup:restore
Similarly, for gitlab-omnibus helm chart, the restore task can be run on the
gitlab application pod using kubectl
kubectl exec -it <gitlab-gitlab pod> gitlab-rake gitlab:backup:restore
The GitLab helm chart uses a different process, documented in
[restoring a GitLab helm chart installation](
## Alternative backup strategies
# Visibility and access controls
## Import sources
Choose from which hosting sites the users can
[import their projects](../../project/import/
![import sources](img/import_sources.png)
## Enabled Git access protocols
> [Introduced][ce-4696] in GitLab 8.10.
......@@ -226,6 +226,7 @@ twice, which can lead to confusion during deployments.
| ----------- | :------------: | ----------- | --------------- |
| [Helm Tiller]( | 10.2+ | Helm is a package manager for Kubernetes and is required to install all the other applications. It is installed in its own pod inside the cluster which can run the `helm` CLI in a safe environment. | n/a |
| [Ingress]( | 10.2+ | Ingress can provide load balancing, SSL termination, and name-based virtual hosting. It acts as a web proxy for your applications and is useful if you want to use [Auto DevOps] or deploy your own web apps. | [stable/nginx-ingress]( |
| [Cert Manager]( | 11.6+ | Cert Manager is a native Kubernetes certificate management controller that helps with issuing certificates. Installing Cert Manager on your cluster will issue a certificate by [Let's Encrypt]( and ensure that certificates are valid and up to date. The email address used by Let's Encrypt registration will be taken from the GitLab user that installed Cert Manager on the cluster. | [stable/cert-manager]( |
| [Prometheus]( | 10.4+ | Prometheus is an open-source monitoring and alerting system useful to supervise your deployed applications. | [stable/prometheus]( |
| [GitLab Runner]( | 10.6+ | GitLab Runner is the open source project that is used to run your jobs and send the results back to GitLab. It is used in conjunction with [GitLab CI/CD](, the open-source continuous integration service included with GitLab that coordinates the jobs. When installing the GitLab Runner via the applications, it will run in **privileged mode** by default. Make sure you read the [security implications](#security-implications) before doing so. | [runner/gitlab-runner]( |
| [JupyterHub]( | 11.0+ | [JupyterHub]( is a multi-user service for managing notebooks across a team. [Jupyter Notebooks]( provide a web-based interactive programming environment used for data analysis, visualization, and machine learning. We use [this]( custom Jupyter image that installs additional useful packages on top of the base Jupyter. You will also see ready-to-use DevOps Runbooks built with Nurtch's [Rubix library]( More information on creating executable runbooks can be found at [Nurtch Documentation]( **Note**: Authentication will be enabled for any user of the GitLab server via OAuth2. HTTPS will be supported in a future release. | [jupyter/jupyterhub]( |
......@@ -12,6 +12,12 @@ The **Revert** button will only be available for merge requests
created since GitLab 8.5. However, you can still revert a merge request
by reverting the merge commit from the list of Commits page.
NOTE: **Note:**
The **Revert** button will only be shown for projects that use the
merge method "Merge Commit", which can be set under the project's
**Settings > General > Merge request**. [Fast-forward commits](
can not be reverted via the MR view.
After the Merge Request has been merged, a **Revert** button will be available
to revert the changes introduced by that merge request.
......@@ -533,6 +533,7 @@ module API
def send_git_blob(repository, blob)
env['api.format'] = :txt
content_type 'text/plain'
header['Content-Disposition'] = "attachment; filename=#{}"
header(*Gitlab::Workhorse.send_git_blob(repository, blob))
......@@ -146,6 +146,7 @@ module API
env['api.format'] = :txt
content_type 'text/plain'
header['Content-Disposition'] = 'attachment'
present snippet.content
# rubocop: enable CodeReuse/ActiveRecord
......@@ -64,17 +64,17 @@ module Gitlab
name_flag +
optional_tls_flags +
optional_version_flag +
optional_rbac_create_flag +
rbac_create_flag +
namespace_flag +
def optional_rbac_create_flag
return [] unless rbac?
# jupyterhub helm chart is using rbac.enabled
%w[--set rbac.create=true,rbac.enabled=true]
def rbac_create_flag
if rbac?
%w[--set rbac.create=true,rbac.enabled=true]
%w[--set rbac.create=false,rbac.enabled=false]
def optional_version_flag
......@@ -62,6 +62,7 @@ module Gitlab
clusters_platforms_user: count(::Clusters::Cluster.user_provided.enabled),
clusters_applications_helm: count(::Clusters::Applications::Helm.installed),
clusters_applications_ingress: count(::Clusters::Applications::Ingress.installed),
clusters_applications_cert_managers: count(::Clusters::Applications::CertManager.installed),
clusters_applications_prometheus: count(::Clusters::Applications::Prometheus.installed),
clusters_applications_runner: count(::Clusters::Applications::Runner.installed),
clusters_applications_knative: count(::Clusters::Applications::Knative.installed),
......@@ -1744,6 +1744,9 @@ msgstr ""
msgid "ClusterIntegration|CA Certificate"
msgstr ""
msgid "ClusterIntegration|Cert-Manager"
msgstr ""
msgid "ClusterIntegration|Certificate Authority bundle (PEM format)"
msgstr ""
......@@ -1915,6 +1918,9 @@ msgstr ""
msgid "ClusterIntegration|Learn more about group Kubernetes clusters"
msgstr ""
msgid "ClusterIntegration|Let's Encrypt"
msgstr ""
msgid "ClusterIntegration|Machine type"
msgstr ""
......@@ -2077,6 +2083,9 @@ msgstr ""
msgid "ClusterIntegration|access to Google Kubernetes Engine"
msgstr ""
msgid "ClusterIntegration|cert-manager is a native Kubernetes certificate management controller that helps with issuing certificates. Installing cert-manager on your cluster will issue a certificate by %{letsEncrypt} and ensure that certificates are valid and up to date."
msgstr ""
msgid "ClusterIntegration|check the pricing here"
msgstr ""
......@@ -62,8 +62,15 @@ describe Profiles::KeysController do
it "responds with text/plain content type" do
get :get_keys, username: user.username
expect(response.content_type).to eq("text/plain")
it "responds with attachment content disposition" do
get :get_keys, username: user.username
expect(response.headers['Content-Disposition']).to eq('attachment')
......@@ -49,6 +49,11 @@ FactoryBot.define do
cluster factory: %i(cluster with_installed_helm provided_by_gcp)
factory :clusters_applications_cert_managers, class: Clusters::Applications::CertManager do
email ''
cluster factory: %i(cluster with_installed_helm provided_by_gcp)
factory :clusters_applications_prometheus, class: Clusters::Applications::Prometheus do
cluster factory: %i(cluster with_installed_helm provided_by_gcp)
......@@ -302,19 +302,51 @@ describe IssuesFinder do
create(:label_link, label: label2, target: issue2)
it 'returns the unique issues with any of those labels' do
it 'returns the unique issues with all those labels' do
expect(issues).to contain_exactly(issue2)
context 'filtering by a label that includes any or none in the title' do
let(:params) { { label_name: [label.title, label2.title].join(',') } }
let(:label) { create(:label, title: 'any foo', project: project2) }
let(:label2) { create(:label, title: 'bar none', project: project2) }
it 'returns the unique issues with all those labels' do
create(:label_link, label: label2, target: issue2)
expect(issues).to contain_exactly(issue2)
context 'filtering by no label' do
let(:params) { { label_name: Label::None.title } }
let(:params) { { label_name: described_class::FILTER_NONE } }
it 'returns issues with no labels' do
expect(issues).to contain_exactly(issue1, issue3, issue4)
context 'filtering by legacy No+Label' do
let(:params) { { label_name: Label::NONE } }
it 'returns issues with no labels' do
expect(issues).to contain_exactly(issue1, issue3, issue4)
context 'filtering by any label' do
let(:params) { { label_name: described_class::FILTER_ANY } }
it 'returns issues that have one or more label' do
2.times do
create(:label_link, label: create(:label, project: project2), target: issue3)
expect(issues).to contain_exactly(issue2, issue3)
context 'filtering by issue term' do
let(:params) { { search: 'git' } }
......@@ -20,6 +20,7 @@ describe('Applications', () => {
applications: {
helm: { title: 'Helm Tiller' },
ingress: { title: 'Ingress' },
cert_manager: { title: 'Cert-Manager' },
runner: { title: 'GitLab Runner' },
prometheus: { title: 'Prometheus' },
jupyter: { title: 'JupyterHub' },
......@@ -36,6 +37,10 @@ describe('Applications', () => {
it('renders a row for Cert-Manager', () => {
it('renders a row for Prometheus', () => {
......@@ -65,6 +70,7 @@ describe('Applications', () => {
externalIp: '',
helm: { title: 'Helm Tiller' },
cert_manager: { title: 'Cert-Manager' },
runner: { title: 'GitLab Runner' },
prometheus: { title: 'Prometheus' },
jupyter: { title: 'JupyterHub', hostname: '' },
......@@ -89,6 +95,7 @@ describe('Applications', () => {
status: 'installed',
helm: { title: 'Helm Tiller' },
cert_manager: { title: 'Cert-Manager' },
runner: { title: 'GitLab Runner' },
prometheus: { title: 'Prometheus' },
jupyter: { title: 'JupyterHub', hostname: '' },
......@@ -109,6 +116,7 @@ describe('Applications', () => {
applications: {
helm: { title: 'Helm Tiller' },
ingress: { title: 'Ingress' },
cert_manager: { title: 'Cert-Manager' },
runner: { title: 'GitLab Runner' },
prometheus: { title: 'Prometheus' },
jupyter: { title: 'JupyterHub', hostname: '' },
......@@ -128,6 +136,7 @@ describe('Applications', () => {
applications: {
helm: { title: 'Helm Tiller', status: 'installed' },
ingress: { title: 'Ingress', status: 'installed', externalIp: '' },
cert_manager: { title: 'Cert-Manager' },
runner: { title: 'GitLab Runner' },
prometheus: { title: 'Prometheus' },
jupyter: { title: 'JupyterHub', hostname: '', status: 'installable' },
......@@ -145,6 +154,7 @@ describe('Applications', () => {
applications: {
helm: { title: 'Helm Tiller', status: 'installed' },
ingress: { title: 'Ingress', status: 'installed' },
cert_manager: { title: 'Cert-Manager' },
runner: { title: 'GitLab Runner' },
prometheus: { title: 'Prometheus' },
jupyter: { title: 'JupyterHub', hostname: '', status: 'installable' },
......@@ -162,6 +172,7 @@ describe('Applications', () => {
applications: {
helm: { title: 'Helm Tiller', status: 'installed' },
ingress: { title: 'Ingress', status: 'installed', externalIp: '' },
cert_manager: { title: 'Cert-Manager' },
runner: { title: 'GitLab Runner' },
prometheus: { title: 'Prometheus' },
jupyter: { title: 'JupyterHub', status: 'installed', hostname: '' },
......@@ -179,6 +190,7 @@ describe('Applications', () => {
applications: {
helm: { title: 'Helm Tiller' },
ingress: { title: 'Ingress' },
cert_manager: { title: 'Cert-Manager' },
runner: { title: 'GitLab Runner' },
prometheus: { title: 'Prometheus' },
jupyter: { title: 'JupyterHub', status: 'not_installable' },
......@@ -38,6 +38,11 @@ const CLUSTERS_MOCK_DATA = {
status_reason: 'Cannot connect',
name: 'cert_manager',
status_reason: 'Cannot connect',
......@@ -77,6 +82,11 @@ const CLUSTERS_MOCK_DATA = {
status_reason: 'Cannot connect',
name: 'cert_manager',
status_reason: 'Cannot connect',
......@@ -84,6 +94,7 @@ const CLUSTERS_MOCK_DATA = {
'/gitlab-org/gitlab-shell/clusters/1/applications/helm': {},
'/gitlab-org/gitlab-shell/clusters/1/applications/ingress': {},
'/gitlab-org/gitlab-shell/clusters/1/applications/cert_manager': {},
'/gitlab-org/gitlab-shell/clusters/1/applications/runner': {},
'/gitlab-org/gitlab-shell/clusters/1/applications/prometheus': {},
'/gitlab-org/gitlab-shell/clusters/1/applications/jupyter': {},
......@@ -108,6 +108,13 @@ describe('Clusters Store', () => {
requestReason: null,
hostname: null,
cert_manager: {
title: 'Cert-Manager',
status: mockResponseData.applications[6].status,
statusReason: mockResponseData.applications[6].status_reason,
requestStatus: null,
requestReason: null,
......@@ -43,6 +43,7 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
--tls-cert /data/helm/app-name/config/cert.pem
--tls-key /data/helm/app-name/config/key.pem
--version 1.2.3
--set rbac.create\\=false,rbac.enabled\\=false
--namespace gitlab-managed-apps
-f /data/helm/app-name/config/values.yaml
......@@ -101,6 +102,7 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
--tls-cert /data/helm/app-name/config/cert.pem
--tls-key /data/helm/app-name/config/key.pem
--version 1.2.3
--set rbac.create\\=false,rbac.enabled\\=false
--namespace gitlab-managed-apps
-f /data/helm/app-name/config/values.yaml
......@@ -126,7 +128,7 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
helm install chart-name --name app-name --tls --tls-ca-cert /data/helm/app-name/config/ca.pem --tls-cert /data/helm/app-name/config/cert.pem --tls-key /data/helm/app-name/config/key.pem --version 1.2.3 --namespace gitlab-managed-apps -f /data/helm/app-name/config/values.yaml
helm install chart-name --name app-name --tls --tls-ca-cert /data/helm/app-name/config/ca.pem --tls-cert /data/helm/app-name/config/cert.pem --tls-key /data/helm/app-name/config/key.pem --version 1.2.3 --set rbac.create\\=false,rbac.enabled\\=false --namespace gitlab-managed-apps -f /data/helm/app-name/config/values.yaml
......@@ -148,7 +150,7 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
let(:helm_install_command) do
helm install chart-name --name app-name --tls --tls-ca-cert /data/helm/app-name/config/ca.pem --tls-cert /data/helm/app-name/config/cert.pem --tls-key /data/helm/app-name/config/key.pem --version 1.2.3 --namespace gitlab-managed-apps -f /data/helm/app-name/config/values.yaml
helm install chart-name --name app-name --tls --tls-ca-cert /data/helm/app-name/config/ca.pem --tls-cert /data/helm/app-name/config/cert.pem --tls-key /data/helm/app-name/config/key.pem --version 1.2.3 --set rbac.create\\=false,rbac.enabled\\=false --namespace gitlab-managed-apps -f /data/helm/app-name/config/values.yaml
......@@ -175,6 +177,7 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
helm install chart-name
--name app-name
--version 1.2.3
--set rbac.create\\=false,rbac.enabled\\=false
--namespace gitlab-managed-apps
-f /data/helm/app-name/config/values.yaml
......@@ -204,6 +207,7 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
--tls-ca-cert /data/helm/app-name/config/ca.pem
--tls-cert /data/helm/app-name/config/cert.pem
--tls-key /data/helm/app-name/config/key.pem
--set rbac.create\\=false,rbac.enabled\\=false
--namespace gitlab-managed-apps
-f /data/helm/app-name/config/values.yaml
......@@ -20,6 +20,7 @@ describe Gitlab::UsageData do
create(:cluster, :provided_by_user, :disabled)
create(:clusters_applications_helm, :installed, cluster: gcp_cluster)
create(:clusters_applications_ingress, :installed, cluster: gcp_cluster)
create(:clusters_applications_cert_managers, :installed, cluster: gcp_cluster)
create(:clusters_applications_prometheus, :installed, cluster: gcp_cluster)
create(:clusters_applications_runner, :installed, cluster: gcp_cluster)
create(:clusters_applications_knative, :installed, cluster: gcp_cluster)
......@@ -82,6 +83,7 @@ describe Gitlab::UsageData do
......@@ -132,6 +134,7 @@ describe Gitlab::UsageData do
expect(count_data[:clusters_platforms_user]).to eq(1)
expect(count_data[:clusters_applications_helm]).to eq(1)
expect(count_data[:clusters_applications_ingress]).to eq(1)
expect(count_data[:clusters_applications_cert_managers]).to eq(1)
expect(count_data[:clusters_applications_prometheus]).to eq(1)
expect(count_data[:clusters_applications_runner]).to eq(1)
expect(count_data[:clusters_applications_knative]).to eq(1)
require 'rails_helper'
describe Clusters::Applications::CertManager do
let(:cert_manager) { create(:clusters_applications_cert_managers) }
include_examples 'cluster application core specs', :clusters_applications_cert_managers
describe '#make_installing!' do
before do
context 'application install previously errored with older version' do
let(:application) { create(:clusters_applications_cert_managers, :scheduled, version: 'v0.4.0') }
it 'updates the application version' do
expect(application.reload.version).to eq('v0.5.0')
describe '#install_command' do
let(:cluster_issuer_file) { { "cluster_issuer.yaml": "---\napiVersion:\nkind: ClusterIssuer\nmetadata:\n name: letsencrypt-prod\nspec:\n acme:\n server:\n email:\n privateKeySecretRef:\n name: letsencrypt-prod\n http01: {}\n" } }
subject { cert_manager.install_command }
it { be_an_instance_of(Gitlab::Kubernetes::Helm::InstallCommand) }
it 'should be initialized with cert_manager arguments' do
expect( eq('certmanager')
expect(subject.chart).to eq('stable/cert-manager')
expect(subject.version).to eq('v0.5.0')
expect(subject).not_to be_rbac
expect(subject.files).to eq(cert_manager.files.merge(cluster_issuer_file))
expect(subject.postinstall).to eq(['/usr/bin/kubectl create -f /data/helm/certmanager/config/cluster_issuer.yaml'])
context 'for a specific user' do
before do = ''
cluster_issuer_file[:'cluster_issuer.yaml'].gsub! '', ''
it 'should use his/her email to register issuer with certificate provider' do
expect(subject.files).to eq(cert_manager.files.merge(cluster_issuer_file))
context 'on a rbac enabled cluster' do
before do
it { be_rbac }
context 'application failed to install previously' do
let(:cert_manager) { create(:clusters_applications_cert_managers, :errored, version: '0.0.1') }
it 'should be initialized with the locked version' do
expect(subject.version).to eq('v0.5.0')
describe '#files' do
let(:application) { cert_manager }
let(:values) { subject[:'values.yaml'] }
subject { application.files }
it 'should include cert_manager specific keys in the values.yaml file' do
expect(values).to include('ingressShim')
describe 'validations' do
it { validate_presence_of(:email) }
......@@ -311,13 +311,14 @@ describe Clusters::Cluster do
context 'when applications are created' do
let!(:helm) { create(:clusters_applications_helm, cluster: cluster) }
let!(:ingress) { create(:clusters_applications_ingress, cluster: cluster) }
let!(:cert_manager) { create(:clusters_applications_cert_managers, cluster: cluster) }
let!(:prometheus) { create(:clusters_applications_prometheus, cluster: cluster) }
let!(:runner) { create(:clusters_applications_runner, cluster: cluster) }
let!(:jupyter) { create(:clusters_applications_jupyter, cluster: cluster) }
let!(:knative) { create(:clusters_applications_knative, cluster: cluster) }
it 'returns a list of created applications' do contain_exactly(helm, ingress, prometheus, runner, jupyter, knative) contain_exactly(helm, ingress, cert_manager, prometheus, runner, jupyter, knative)
......@@ -178,6 +178,14 @@ describe API::Files do
expect(response).to have_gitlab_http_status(200)
it 'forces attachment content disposition' do
url = route(file_path) + "/raw"
get api(url, current_user), params
expect(headers['Content-Disposition']).to match(/^attachment/)
context 'when mandatory params are not given' do
it_behaves_like '400 response' do
let(:request) { get api(route("any%2Ffile"), current_user) }
......@@ -304,17 +304,31 @@ describe API::Issues do
expect(json_response.first['state']).to eq('opened')
it 'returns unlabeled issues for "No Label" label' do
get api("/issues", user), labels: 'No Label'
it 'returns an empty array if no issue matches labels and state filters' do
get api("/issues", user), labels: label.title, state: :closed
expect_paginated_array_response(size: 0)
it 'returns an array of issues with any label' do
get api("/issues", user), labels: IssuesFinder::FILTER_ANY
expect_paginated_array_response(size: 1)
expect(json_response.first['labels']).to be_empty
expect(json_response.first['id']).to eq(
it 'returns an empty array if no issue matches labels and state filters' do
get api("/issues?labels=#{label.title}&state=closed", user)
it 'returns an array of issues with no label' do
get api("/issues", user), labels: IssuesFinder::FILTER_NONE
expect_paginated_array_response(size: 0)
expect_paginated_array_response(size: 1)
expect(json_response.first['id']).to eq(
it 'returns an array of issues with no label when using the legacy No+Label filter' do
get api("/issues", user), labels: "No Label"
expect_paginated_array_response(size: 1)
expect(json_response.first['id']).to eq(
it 'returns an empty array if no issue matches milestone' do
......@@ -496,58 +510,58 @@ describe API::Issues do
it 'returns group issues without confidential issues for non project members' do
get api("#{base_url}?state=opened", non_member)
get api(base_url, non_member), state: :opened
expect_paginated_array_response(size: 1)
expect(json_response.first['title']).to eq(group_issue.title)
it 'returns group confidential issues for author' do
get api("#{base_url}?state=opened", author)
get api(base_url, author), state: :opened
expect_paginated_array_response(size: 2)
it 'returns group confidential issues for assignee' do
get api("#{base_url}?state=opened", assignee)
get api(base_url, assignee), state: :opened
expect_paginated_array_response(size: 2)
it 'returns group issues with confidential issues for project members' do
get api("#{base_url}?state=opened", user)
get api(base_url, user), state: :opened
expect_paginated_array_response(size: 2)
it 'returns group confidential issues for admin' do
get api("#{base_url}?state=opened", admin)
get api(base_url, admin), state: :opened
expect_paginated_array_response(size: 2)
it 'returns an array of labeled group issues' do
get api("#{base_url}?labels=#{group_label.title}", user)
get api(base_url, user), labels: group_label.title
expect_paginated_array_response(size: 1)
expect(json_response.first['labels']).to eq([group_label.title])
it 'returns an array of labeled group issues where all labels match' do
get api("#{base_url}?labels=#{group_label.title},foo,bar", user)
get api(base_url, user), labels: "#{group_label.title},foo,bar"
expect_paginated_array_response(size: 0)
it 'returns issues matching given search string for title' do
get api("#{base_url}?search=#{group_issue.title}", user)
get api(base_url, user), search: group_issue.title
expect_paginated_array_response(size: 1)
expect(json_response.first['id']).to eq(
it 'returns issues matching given search string for description' do
get api("#{base_url}?search=#{group_issue.description}", user)
get api(base_url, user), search: group_issue.description
expect_paginated_array_response(size: 1)
expect(json_response.first['id']).to eq(
......@@ -560,7 +574,7 @@ describe API::Issues do
create(:label_link, label: label_b, target: group_issue)
create(:label_link, label: label_c, target: group_issue)
get api("#{base_url}", user), labels: "#{group_label.title},#{label_b.title},#{label_c.title}"
get api(base_url, user), labels: "#{group_label.title},#{label_b.title},#{label_c.title}"
expect_paginated_array_response(size: 1)
expect(json_response.first['labels']).to eq([label_c.title, label_b.title, group_label.title])
......@@ -580,40 +594,55 @@ describe API::Issues do
it 'returns an empty array if no group issue matches labels' do
get api("#{base_url}?labels=foo,bar", user)
get api(base_url, user), labels: 'foo,bar'
expect_paginated_array_response(size: 0)
it 'returns an array of group issues with any label' do
get api(base_url, user), labels: IssuesFinder::FILTER_ANY
expect_paginated_array_response(size: 1)
expect(json_response.first['id']).to eq(
it 'returns an array of group issues with no label' do
get api(base_url, user), labels: IssuesFinder::FILTER_NONE
response_ids = { |issue| issue['id'] }
expect_paginated_array_response(size: 2)
expect(response_ids).to contain_exactly(,
it 'returns an empty array if no issue matches milestone' do
get api("#{base_url}?milestone=#{group_empty_milestone.title}", user)
get api(base_url, user), milestone: group_empty_milestone.title
expect_paginated_array_response(size: 0)
it 'returns an empty array if milestone does not exist' do
get api("#{base_url}?milestone=foo", user)
get api(base_url, user), milestone: 'foo'
expect_paginated_array_response(size: 0)
it 'returns an array of issues in given milestone' do
get api("#{base_url}?state=opened&milestone=#{group_milestone.title}", user)
get api(base_url, user), state: :opened, milestone: group_milestone.title
expect_paginated_array_response(size: 1)
expect(json_response.first['id']).to eq(
it 'returns an array of issues matching state in milestone' do
get api("#{base_url}?milestone=#{group_milestone.title}"\
'&state=closed', user)
get api(base_url, user), milestone: group_milestone.title, state: :closed
expect_paginated_array_response(size: 1)
expect(json_response.first['id']).to eq(
it 'returns an array of issues with no milestone' do
get api("#{base_url}?milestone=#{no_milestone_title}", user)
get api(base_url, user), milestone: no_milestone_title
expect(response).to have_gitlab_http_status(200)
......@@ -649,7 +678,7 @@ describe API::Issues do
it 'sorts by updated_at ascending when requested' do
get api("#{base_url}?order_by=updated_at&sort=asc", user)
get api(base_url, user), order_by: :updated_at, sort: :asc
response_dates = { |issue| issue['updated_at'] }
......@@ -752,7 +781,7 @@ describe API::Issues do
it 'returns an array of labeled project issues' do
get api("#{base_url}/issues?labels=#{label.title}", user)
get api("#{base_url}/issues", user), labels: label.title
expect_paginated_array_response(size: 1)
expect(json_response.first['labels']).to eq([label.title])
......@@ -804,26 +833,42 @@ describe API::Issues do
expect_paginated_array_response(size: 0)
it 'returns an array of project issues with any label' do
get api("#{base_url}/issues", user), labels: IssuesFinder::FILTER_ANY
expect_paginated_array_response(size: 1)
expect(json_response.first['id']).to eq(
it 'returns an array of project issues with no label' do
get api("#{base_url}/issues", user), labels: IssuesFinder::FILTER_NONE
response_ids = { |issue| issue['id'] }
expect_paginated_array_response(size: 2)
expect(response_ids).to contain_exactly(,
it 'returns an empty array if no project issue matches labels' do
get api("#{base_url}/issues?labels=foo,bar", user)
get api("#{base_url}/issues", user), labels: 'foo,bar'
expect_paginated_array_response(size: 0)
it 'returns an empty array if no issue matches milestone' do
get api("#{base_url}/issues?milestone=#{empty_milestone.title}", user)
get api("#{base_url}/issues", user), milestone: empty_milestone.title
expect_paginated_array_response(size: 0)
it 'returns an empty array if milestone does not exist' do
get api("#{base_url}/issues?milestone=foo", user)
get api("#{base_url}/issues", user), milestone: :foo
expect_paginated_array_response(size: 0)
it 'returns an array of issues in given milestone' do
get api("#{base_url}/issues?milestone=#{milestone.title}", user)
get api("#{base_url}/issues", user), milestone: milestone.title
expect_paginated_array_response(size: 2)
expect(json_response.first['id']).to eq(
......@@ -831,21 +876,21 @@ describe API::Issues do
it 'returns an array of issues matching state in milestone' do
get api("#{base_url}/issues?milestone=#{milestone.title}&state=closed", user)
get api("#{base_url}/issues", user), milestone: milestone.title, state: :closed
expect_paginated_array_response(size: 1)
expect(json_response.first['id']).to eq(
it 'returns an array of issues with no milestone' do
get api("#{base_url}/issues?milestone=#{no_milestone_title}", user)
get api("#{base_url}/issues", user), milestone: no_milestone_title
expect_paginated_array_response(size: 1)
expect(json_response.first['id']).to eq(
it 'returns an array of issues with any milestone' do
get api("#{base_url}/issues?milestone=#{any_milestone_title}", user)
get api("#{base_url}/issues", user), milestone: any_milestone_title
response_ids = { |issue| issue['id'] }
......@@ -863,7 +908,7 @@ describe API::Issues do
it 'sorts ascending when requested' do
get api("#{base_url}/issues?sort=asc", user)
get api("#{base_url}/issues", user), sort: :asc
response_dates = { |issue| issue['created_at'] }
......@@ -872,7 +917,7 @@ describe API::Issues do
it 'sorts by updated_at descending when requested' do
get api("#{base_url}/issues?order_by=updated_at", user)
get api("#{base_url}/issues", user), order_by: :updated_at
response_dates = { |issue| issue['updated_at'] }
......@@ -881,7 +926,7 @@ describe API::Issues do
it 'sorts by updated_at ascending when requested' do
get api("#{base_url}/issues?order_by=updated_at&sort=asc", user)
get api("#{base_url}/issues", user), order_by: :updated_at, sort: :asc
response_dates = { |issue| issue['updated_at'] }
......@@ -168,6 +168,12 @@ describe API::Repositories do
expect(response).to have_gitlab_http_status(200)
it 'forces attachment content disposition' do
get api(route, current_user)
expect(headers['Content-Disposition']).to match(/^attachment/)
context 'when sha does not exist' do
it_behaves_like '404 response' do
let(:request) { get api(route.sub(sample_blob.oid, '123456'), current_user) }
......@@ -94,6 +94,12 @@ describe API::Snippets do
expect(response.body).to eq(snippet.content)
it 'forces attachment content disposition' do
get api("/snippets/#{}/raw", user)
expect(headers['Content-Disposition']).to match(/^attachment/)
it 'returns 404 for invalid snippet id' do
get api("/snippets/1234/raw", user)
......@@ -186,6 +186,23 @@ shared_examples 'merge requests list' do
expect(json_response.length).to eq(0)
it 'returns an array of merge requests with any label when filtering by any label' do
get api(endpoint_path, user), labels: IssuesFinder::FILTER_ANY
expect(json_response.length).to eq(1)
expect(json_response.first['id']).to eq(
it 'returns an array of merge requests without a label when filtering by no label' do
get api(endpoint_path, user), labels: IssuesFinder::FILTER_NONE
response_ids = { |merge_request| merge_request['id'] }
expect(response_ids).to contain_exactly(,,
it 'returns an array of labeled merge requests that are merged for a milestone' do
bug_label = create(:label, title: 'bug', color: '#FFAABB', project: project)
kind: ClusterIssuer
name: letsencrypt-prod
name: letsencrypt-prod
http01: {}
# These options provide fully automated TLS.
# See
defaultIssuerKind: "ClusterIssuer"
defaultIssuerName: "letsencrypt-prod"
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment