Automatic merge of gitlab-org/gitlab master

80714bf9 · GitLab Bot · 5669d387 · 1d8521c8 · 80714bf9 · 80714bf9
Commit 80714bf9 authored Feb 03, 2022 by GitLab Bot
18 changed files
--- a/app/events/members/members_added_event.rb
+++ b/app/events/members/members_added_event.rb
+# frozen_string_literal: true
+
+module Members
+  class MembersAddedEvent < ::Gitlab::EventStore::Event
+    def schema
+      {
+        'type' => 'object',
+        'required' => %w[source_id source_type],
+        'properties' => {
+          'source_id' => { 'type' => 'integer' },
+          'source_type' => { 'type' => 'string' }
+        }
+      }
+    end
+  end
+end
--- a/app/services/members/create_service.rb
+++ b/app/services/members/create_service.rb
@@ -24,6 +24,9 @@ module Members

      add_members
      enqueue_onboarding_progress_action
+
+      publish_event!
+
      result
    rescue BlankInvitesError, TooManyInvitesError, MembershipLockedError => e
      error(e.message)
@@ -144,6 +147,15 @@ module Members
    def formatted_errors
      errors.to_sentence
    end
+
+    def publish_event!
+      Gitlab::EventStore.publish(
+        Members::MembersAddedEvent.new(data: {
+          source_id: source.id,
+          source_type: source.class.name
+        })
+      )
+    end
  end
 end


--- a/config/sidekiq_queues.yml
+++ b/config/sidekiq_queues.yml
@@ -177,6 +177,8 @@
  - 1
 - - gitlab_shell
  - 2
+- - gitlab_subscriptions_notify_seats_exceeded
+  - 1
 - - group_destroy
  - 1
 - - group_export

--- a/doc/ci/jobs/job_control.md
+++ b/doc/ci/jobs/job_control.md
@@ -263,6 +263,9 @@ Other commonly used variables for `if` clauses:
  branch. Use when you want to have the same configuration in multiple
  projects with different default branches.
 - `if: '$CI_COMMIT_BRANCH =~ /regex-expression/'`: If the commit branch matches a regular expression.
+- `if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_COMMIT_TITLE =~ /Merge branch.*/`:
+   If the commit branch is the default branch and the commit message title matches a regular expression.
+   For example, the default commit message for a merge commit starts with `Merge branch`.
 - `if: '$CUSTOM_VARIABLE !~ /regex-expression/'`: If the [custom variable](../variables/index.md#custom-cicd-variables)
  `CUSTOM_VARIABLE` does **not** match a regular expression.
 - `if: '$CUSTOM_VARIABLE == "value1"'`: If the custom variable `CUSTOM_VARIABLE` is

--- a/doc/development/event_store.md
+++ b/doc/development/event_store.md
@@ -252,19 +252,20 @@ add a line like this to the `Gitlab::EventStore.configure!` method:
 ```ruby
 module Gitlab
  module EventStore
-    def self.configure!
-      Store.new.tap do |store|
-        # ...
+    def self.configure!(store)
+      # ...

-        store.subscribe ::MergeRequests::UpdateHeadPipelineWorker, to: ::Ci::PipelineCreatedEvent
+      store.subscribe ::MergeRequests::UpdateHeadPipelineWorker, to: ::Ci::PipelineCreatedEvent

-        # ...
-      end
+      # ...
    end
  end
 end
 ```

+A worker that is only defined in the EE codebase can subscribe to an event in the same way by 
+declaring the subscription in `ee/lib/ee/gitlab/event_store.rb`.
+
 Subscriptions are stored in memory when the Rails app is loaded and they are immediately frozen.
 It's not possible to modify subscriptions at runtime.


--- a/doc/user/project/clusters/protect/container_host_security/index.md
+++ b/doc/user/project/clusters/protect/container_host_security/index.md
@@ -6,11 +6,12 @@ info: To determine the technical writer assigned to the Stage/Group associated w

 # Container Host Security **(FREE)**

-NOTE:
-In GitLab 14.5, using a certificate to connect GitLab to a Kubernetes cluster is [deprecated](https://gitlab.com/groups/gitlab-org/configure/-/epics/8).
-You can continue using Container Host Security, even though it relies on this certificate-based
-method. The work to allow all aspects of Container Host Security to function through the [GitLab Agent](../../../../clusters/agent/index.md)
-instead of the certificate-based method can be tracked [in this GitLab issue](https://gitlab.com/gitlab-org/gitlab/-/issues/299350).
+> [Deprecated](https://gitlab.com/groups/gitlab-org/-/epics/7476) in GitLab 14.8, and planned for [removal](https://gitlab.com/groups/gitlab-org/-/epics/7477) in GitLab 15.0.
+
+WARNING:
+Container Host Security is in its end-of-life process. It's [deprecated](https://gitlab.com/groups/gitlab-org/-/epics/7476)
+for use in GitLab 14.8, and planned for [removal](https://gitlab.com/groups/gitlab-org/-/epics/7477)
+in GitLab 15.0.

 Container Host Security in GitLab provides Intrusion Detection and Prevention capabilities that can
 monitor and (optionally) block activity inside the containers themselves. This is done by leveraging

--- a/doc/user/project/clusters/protect/container_host_security/quick_start_guide.md
+++ b/doc/user/project/clusters/protect/container_host_security/quick_start_guide.md
@@ -6,6 +6,13 @@ info: To determine the technical writer assigned to the Stage/Group associated w

 # Getting started with Container Host Security **(FREE)**

+> [Deprecated](https://gitlab.com/groups/gitlab-org/-/epics/7476) in GitLab 14.8, and planned for [removal](https://gitlab.com/groups/gitlab-org/-/epics/7477) in GitLab 15.0.
+
+WARNING:
+Container Host Security is in its end-of-life process. It's [deprecated](https://gitlab.com/groups/gitlab-org/-/epics/7476)
+for use in GitLab 14.8, and planned for [removal](https://gitlab.com/groups/gitlab-org/-/epics/7477)
+in GitLab 15.0.
+
 The following steps are recommended for installing Container Host Security.

 ## Installation steps

--- a/doc/user/project/clusters/protect/container_network_security/index.md
+++ b/doc/user/project/clusters/protect/container_network_security/index.md
@@ -6,11 +6,12 @@ info: To determine the technical writer assigned to the Stage/Group associated w

 # Container Network Security **(FREE)**

-NOTE:
-In GitLab 14.5, using a certificate to connect GitLab to a Kubernetes cluster is [deprecated](https://gitlab.com/groups/gitlab-org/configure/-/epics/8).
-You can continue using Container Network Security, even though it relies on this certificate-based
-method. The work to allow all aspects of Container Network Security to function through the [GitLab Agent](../../../../clusters/agent/index.md)
-instead of the certificate-based method can be tracked [in this GitLab issue](https://gitlab.com/gitlab-org/gitlab/-/issues/299350) and [this GitLab Epic](https://gitlab.com/groups/gitlab-org/-/epics/7057).
+> [Deprecated](https://gitlab.com/groups/gitlab-org/-/epics/7476) in GitLab 14.8, and planned for [removal](https://gitlab.com/groups/gitlab-org/-/epics/7477) in GitLab 15.0.
+
+WARNING:
+Container Network Security is in its end-of-life process. It's [deprecated](https://gitlab.com/groups/gitlab-org/-/epics/7476)
+for use in GitLab 14.8, and planned for [removal](https://gitlab.com/groups/gitlab-org/-/epics/7477)
+in GitLab 15.0.

 Container Network Security in GitLab provides basic firewall functionality by leveraging Cilium
 NetworkPolicies to filter traffic going in and out of the cluster as well as traffic between pods

--- a/doc/user/project/clusters/protect/container_network_security/quick_start_guide.md
+++ b/doc/user/project/clusters/protect/container_network_security/quick_start_guide.md
@@ -6,6 +6,13 @@ info: To determine the technical writer assigned to the Stage/Group associated w

 # Getting started with Container Network Security **(FREE)**

+> [Deprecated](https://gitlab.com/groups/gitlab-org/-/epics/7476) in GitLab 14.8, and planned for [removal](https://gitlab.com/groups/gitlab-org/-/epics/7477) in GitLab 15.0.
+
+WARNING:
+Container Network Security is in its end-of-life process. It's [deprecated](https://gitlab.com/groups/gitlab-org/-/epics/7476)
+for use in GitLab 14.8, and planned for [removal](https://gitlab.com/groups/gitlab-org/-/epics/7477)
+in GitLab 15.0.
+
 The following steps are recommended for installing Container Network Security.

 ## Installation steps

--- a/doc/user/project/clusters/protect/index.md
+++ b/doc/user/project/clusters/protect/index.md
@@ -6,6 +6,15 @@ info: To determine the technical writer assigned to the Stage/Group associated w

 # Protecting your deployed applications **(FREE)**

+> [Deprecated](https://gitlab.com/groups/gitlab-org/-/epics/7476) in GitLab 14.8, and planned for [removal](https://gitlab.com/groups/gitlab-org/-/epics/7477) in GitLab 15.0.
+
+WARNING:
+The Container Network Security and Container Host Security features are in their end-of-life
+processes. They're
+[deprecated](https://gitlab.com/groups/gitlab-org/-/epics/7476)
+for use in GitLab 14.8, and planned for [removal](https://gitlab.com/groups/gitlab-org/-/epics/7477)
+in GitLab 15.0.
+
 GitLab makes it straightforward to protect applications deployed in [connected Kubernetes clusters](index.md).
 These protections are available in the Kubernetes network layer and in the container itself. At
 the network layer, the Container Network Security capabilities in GitLab provide basic firewall

--- a/ee/app/workers/all_queues.yml
+++ b/ee/app/workers/all_queues.yml
@@ -1020,6 +1020,15 @@
  :weight: 1
  :idempotent:
  :tags: []
+- :name: gitlab_subscriptions_notify_seats_exceeded
+  :worker_name: GitlabSubscriptions::NotifySeatsExceededWorker
+  :feature_category: :purchase
+  :has_external_dependencies: true
+  :urgency: :low
+  :resource_boundary: :unknown
+  :weight: 1
+  :idempotent: true
+  :tags: []
 - :name: group_saml_group_sync
  :worker_name: GroupSamlGroupSyncWorker
  :feature_category: :authentication_and_authorization

--- a/ee/app/workers/gitlab_subscriptions/notify_seats_exceeded_worker.rb
+++ b/ee/app/workers/gitlab_subscriptions/notify_seats_exceeded_worker.rb
+# frozen_string_literal: true
+
+module GitlabSubscriptions
+  class NotifySeatsExceededWorker
+    include ApplicationWorker
+    include Gitlab::EventStore::Subscriber
+
+    feature_category :purchase
+    data_consistency :delayed
+    deduplicate :until_executing, including_scheduled: true
+
+    idempotent!
+    worker_has_external_dependencies!
+
+    def handle_event(event)
+      # no-op for now, to be implemented in https://gitlab.com/gitlab-org/gitlab/-/issues/348487
+    end
+  end
+end
--- a/ee/lib/ee/gitlab/event_store.rb
+++ b/ee/lib/ee/gitlab/event_store.rb
+# frozen_string_literal: true
+
+module EE
+  module Gitlab
+    module EventStore
+      extend ActiveSupport::Concern
+
+      class_methods do
+        extend ::Gitlab::Utils::Override
+        # Define event subscriptions using:
+        #
+        #   store.subscribe(DomainA::SomeWorker, to: DomainB::SomeEvent)
+        #
+        # It is possible to subscribe to a subset of events matching a condition:
+        #
+        #   store.subscribe(DomainA::SomeWorker, to: DomainB::SomeEvent), if: ->(event) { event.data == :some_value }
+        #
+        # Only EE subscriptions should be declared in this module.
+        override :configure!
+        def configure!(store)
+          super(store)
+
+          ###
+          # Add EE only subscriptions here:
+
+          store.subscribe ::GitlabSubscriptions::NotifySeatsExceededWorker, to: ::Members::MembersAddedEvent
+        end
+      end
+    end
+  end
+end
--- a/ee/spec/lib/gitlab/event_store_spec.rb
+++ b/ee/spec/lib/gitlab/event_store_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Gitlab::EventStore do
+  describe '.instance' do
+    it 'returns a store with CE and EE subscriptions' do
+      instance = described_class.instance
+
+      expect(instance.subscriptions.keys).to include(
+        ::Ci::PipelineCreatedEvent,
+        ::Members::MembersAddedEvent
+      )
+    end
+  end
+end
--- a/lib/gitlab/event_store.rb
+++ b/lib/gitlab/event_store.rb
@@ -18,7 +18,7 @@ module Gitlab
    end

    def self.instance
-      @instance ||= configure!
+      @instance ||= Store.new { |store| configure!(store) }
    end

    # Define all event subscriptions using:
@@ -29,14 +29,14 @@ module Gitlab
    #
    #   store.subscribe(DomainA::SomeWorker, to: DomainB::SomeEvent), if: ->(event) { event.data == :some_value }
    #
-    def self.configure!
-      Store.new do |store|
-        ###
-        # Add subscriptions here:
+    def self.configure!(store)
+      ###
+      # Add subscriptions here:

-        store.subscribe ::MergeRequests::UpdateHeadPipelineWorker, to: ::Ci::PipelineCreatedEvent
-      end
+      store.subscribe ::MergeRequests::UpdateHeadPipelineWorker, to: ::Ci::PipelineCreatedEvent
    end
    private_class_method :configure!
  end
 end
+
+Gitlab::EventStore.prepend_mod_with('Gitlab::EventStore')
--- a/lib/gitlab/event_store/store.rb
+++ b/lib/gitlab/event_store/store.rb
@@ -29,7 +29,7 @@ module Gitlab
          raise InvalidEvent, "Event being published is not an instance of Gitlab::EventStore::Event: got #{event.inspect}"
        end

-        subscriptions[event.class].each do |subscription|
+        subscriptions.fetch(event.class, []).each do |subscription|
          subscription.consume_event(event)
        end
      end

--- a/spec/lib/gitlab/event_store/store_spec.rb
+++ b/spec/lib/gitlab/event_store/store_spec.rb
@@ -224,6 +224,26 @@ RSpec.describe Gitlab::EventStore::Store do
        store.publish(event)
      end
    end
+
+    context 'when the event does not have any subscribers' do
+      let(:store) do
+        described_class.new do |s|
+          s.subscribe unrelated_worker, to: another_event_klass
+        end
+      end
+
+      let(:event) { event_klass.new(data: data) }
+
+      it 'returns successfully' do
+        expect { store.publish(event) }.not_to raise_error
+      end
+
+      it 'does not dispatch the event to another subscription' do
+        expect(unrelated_worker).not_to receive(:perform_async)
+
+        store.publish(event)
+      end
+    end
  end

  describe 'subscriber' do

--- a/spec/services/members/create_service_spec.rb
+++ b/spec/services/members/create_service_spec.rb
@@ -39,6 +39,15 @@ RSpec.describe Members::CreateService, :aggregate_failures, :clean_gitlab_redis_
        expect(source.users).to include member
        expect(OnboardingProgress.completed?(source, :user_added)).to be(true)
      end
+
+      it 'triggers a members added event' do
+        expect(Gitlab::EventStore)
+          .to receive(:publish)
+          .with(an_instance_of(Members::MembersAddedEvent))
+          .and_call_original
+
+        expect(execute_service[:status]).to eq(:success)
+      end
    end
  end