Automatic merge of gitlab-org/gitlab master

b52b4279 · GitLab Bot · 7b4d7401 · 6b1ce745 · b52b4279 · b52b4279
Commit b52b4279 authored Jan 29, 2021 by GitLab Bot
11 changed files
--- a/doc/administration/gitaly/praefect.md
+++ b/doc/administration/gitaly/praefect.md
@@ -10,7 +10,7 @@ type: reference
 [Gitaly](index.md), the service that provides storage for Git repositories, can
 be run in a clustered configuration to increase fault tolerance. In this
 configuration, every Git repository is stored on every Gitaly node in the
-cluster. Multiple clusters (or shards) can be configured.
+cluster. Multiple clusters (or storage shards) can be configured.

 NOTE:
 Technical support for Gitaly clusters is limited to GitLab Premium and Ultimate
@@ -21,7 +21,7 @@ component for running a Gitaly Cluster.

 ![Architecture diagram](img/praefect_architecture_v12_10.png)

-Using a Gitaly Cluster increase fault tolerance by:
+Using a Gitaly Cluster increases fault tolerance by:

 - Replicating write operations to warm standby Gitaly nodes.
 - Detecting Gitaly node failures.
@@ -53,7 +53,7 @@ Gitaly Cluster supports:
 - Reporting of possible data loss if replication queue is non-empty.
 - Marking repositories as [read only](#read-only-mode) if data loss is detected to prevent data inconsistencies.

-Follow the [HA Gitaly epic](https://gitlab.com/groups/gitlab-org/-/epics/1489)
+Follow the [Gitaly Cluster epic](https://gitlab.com/groups/gitlab-org/-/epics/1489)
 for improvements including
 [horizontally distributing reads](https://gitlab.com/groups/gitlab-org/-/epics/2013).

@@ -80,23 +80,65 @@ For more information, see:
 - [Gitaly architecture](index.md#architecture).
 - Geo [use cases](../geo/index.md#use-cases) and [architecture](../geo/index.md#architecture).

-## Cluster or shard
+## Where Gitaly Cluster fits
+
+GitLab accesses [repositories](../../user/project/repository/index.md) through the configured
+[repository storages](../repository_storage_paths.md). Each new repository is stored on one of the
+repository storages based on their configured weights. Each repository storage is either:
+
+- A Gitaly storage served directly by Gitaly. These map to a directory on the file system of a
+  Gitaly node.
+- A [virtual storage](#virtual-storage-or-direct-gitaly-storage) served by Praefect. A virtual
+  storage is a cluster of Gitaly storages that appear as a single repository storage.
+
+Virtual storages are a feature of Gitaly Cluster. They support replicating the repositories to
+multiple storages for fault tolerance. Virtual storages can improve performance by distributing
+requests across Gitaly nodes. Their distributed nature makes it viable to have a single repository
+storage in GitLab to simplify repository management.
+
+## Components of Gitaly Cluster
+
+Gitaly Cluster consists of multiple components:
+
+- [Load balancer](#load-balancer) for distributing requests and providing fault-tolerant access to
+  Praefect nodes.
+- [Praefect](#praefect) nodes for managing the cluster and routing requests to Gitaly nodes.
+- [PostgreSQL database](#postgresql) for persisting cluster metadata and [PgBouncer](#pgbouncer),
+  recommended for pooling Praefect's database connections.
+- [Gitaly](index.md) nodes to provide repository storage and Git access.
+
+![Cluster example](img/cluster_example_v13_3.png)
+
+In this example:
+
+- Repositories are stored on a virtual storage called `storage-1`.
+- Three Gitaly nodes provide `storage-1` access: `gitaly-1`, `gitaly-2`, and `gitaly-3`.
+- The three Gitaly nodes store data on their filesystems.
+
+### Virtual storage or direct Gitaly storage

 Gitaly supports multiple models of scaling:

 - Clustering using Gitaly Cluster, where each repository is stored on multiple Gitaly nodes in the
  cluster. Read requests are distributed between repository replicas and write requests are
-  broadcast to repository replicas.
- Sharding using [repository storage paths](../repository_storage_paths.md), where each repository
-  is stored on the assigned Gitaly node. All requests are routed to this node.
+  broadcast to repository replicas. GitLab accesses virtual storage.
+- Direct access to Gitaly storage using [repository storage paths](../repository_storage_paths.md),
+  where each repository is stored on the assigned Gitaly node. All requests are routed to this node.
+
+The following is Gitaly set up to use direct access to Gitaly instead of Gitaly Cluster:
+
+![Shard example](img/shard_example_v13_3.png)
+
+In this example:

-| Cluster                                           | Shard                                         |
-|:--------------------------------------------------|:----------------------------------------------|
-| ![Cluster example](img/cluster_example_v13_3.png) | ![Shard example](img/shard_example_v13_3.png) |
+- Each repository is stored on one of three Gitaly storages: `storage-1`, `storage-2`,
+  or `storage-3`.
+- Each storage is serviced by a Gitaly node.
+- The three Gitaly nodes store data in three separate hashed storage locations.

-Generally, Gitaly Cluster can replace sharded configurations, at the expense of additional storage
-needed to store each repository on multiple Gitaly nodes. The benefit of using Gitaly Cluster over
-sharding is:
+Generally, virtual storage with Gitaly Cluster can replace direct Gitaly storage configurations, at
+the expense of additional storage needed to store each repository on multiple Gitaly nodes. The
+benefit of using Gitaly Cluster over direct Gitaly storage is:

 - Improved fault tolerance, because each Gitaly node has a copy of every repository.
 - Improved resource utilization, reducing the need for over-provisioning for shard-specific peak
@@ -773,7 +815,7 @@ configuration.

 ### Load Balancer

-In a highly available Gitaly configuration, a load balancer is needed to route
+In a fault-tolerant Gitaly configuration, a load balancer is needed to route
 internal traffic from the GitLab application to the Praefect nodes. The
 specifics on which load balancer to use or the exact configuration is beyond the
 scope of the GitLab documentation.
@@ -785,7 +827,7 @@ addition to the GitLab nodes. Some requests handled by
 process. `gitaly-ruby` uses the Gitaly address set in the GitLab server's
 `git_data_dirs` setting to make this connection.

-We hope that if you’re managing HA systems like GitLab, you have a load balancer
+We hope that if you’re managing fault-tolerant systems like GitLab, you have a load balancer
 of choice already. Some examples include [HAProxy](https://www.haproxy.org/)
 (open-source), [Google Internal Load Balancer](https://cloud.google.com/load-balancing/docs/internal/),
 [AWS Elastic Load Balancer](https://aws.amazon.com/elasticloadbalancing/), F5
@@ -974,7 +1016,7 @@ To get started quickly:
 1. Go to **Explore** and query `gitlab_build_info` to verify that you are
   getting metrics from all your machines.

-Congratulations! You've configured an observable highly available Praefect
+Congratulations! You've configured an observable fault-tolerant Praefect
 cluster.

 ## Distributed reads

--- a/doc/administration/integration/kroki.md
+++ b/doc/administration/integration/kroki.md
+---
+stage: Create
+group: Ecosystem
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
 # Kroki diagrams **(FREE SELF)**

 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/241744) in GitLab 13.7.

--- a/doc/api/graphql/removed_items.md
+++ b/doc/api/graphql/removed_items.md
+---
+stage: Plan
+group: Product Planning
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
 # GraphQL API removed items

 GraphQL is a versionless API, unlike the REST API.

--- a/doc/development/integrations/codesandbox.md
+++ b/doc/development/integrations/codesandbox.md
+---
+stage: none
+group: Development
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
 # Set up local Codesandbox development environment

 This guide walks through setting up a local [Codesandbox repository](https://github.com/codesandbox/codesandbox-client) and integrating it with a local GitLab instance. Codesandbox

--- a/ee/app/assets/javascripts/members/utils.js
+++ b/ee/app/assets/javascripts/members/utils.js
@@ -2,6 +2,7 @@ import { __ } from '~/locale';
 import {
  generateBadges as CEGenerateBadges,
  parseDataAttributes as CEParseDataAttributes,
+  isDirectMember,
 } from '~/members/utils';

 export {
@@ -37,7 +38,7 @@ export const generateBadges = (member, isCurrentUser) => [
  },
 ];

-export const canOverride = (member) => member.canOverride;
+export const canOverride = (member) => member.canOverride && isDirectMember(member);

 export const parseDataAttributes = (el) => {
  const { ldapOverridePath } = el.dataset;

--- a/ee/changelogs/unreleased/299179-edit-permission-not-possibe-in-subgroup-of-group-with-ldap-sync.yml
+++ b/ee/changelogs/unreleased/299179-edit-permission-not-possibe-in-subgroup-of-group-with-ldap-sync.yml
+---
+title: Remove LDAP "Edit Permissions" button for inherited group members
+merge_request: 52847
+author:
+type: fixed
--- a/ee/spec/features/groups/members/override_ldap_memberships_spec.rb
+++ b/ee/spec/features/groups/members/override_ldap_memberships_spec.rb
@@ -10,7 +10,8 @@ RSpec.describe 'Groups > Members > Maintainer/Owner can override LDAP access lev
  let(:maryjane) { create(:user, name: 'Mary Jane') }
  let(:owner)    { create(:user) }
  let(:group)    { create(:group_with_ldap_group_link, :public) }
-  let(:project)  { create(:project, namespace: group)  }
+  let(:subgroup) { create(:group, :public, parent: group) }
+  let(:project) { create(:project, namespace: group) }

  let!(:owner_member)   { create(:group_member, :owner, group: group, user: owner) }
  let!(:ldap_member)    { create(:group_member, :guest, group: group, user: johndoe, ldap: true) }
@@ -23,12 +24,18 @@ RSpec.describe 'Groups > Members > Maintainer/Owner can override LDAP access lev
    sign_in(owner)
  end

-  it 'override not available on project members page', :js do
+  it 'does not allow override on project members page', :js do
    visit namespace_project_project_members_path(group, project)

    expect(page).not_to have_button 'Edit permissions'
  end

+  it 'does not allow override of inherited group members', :js do
+    visit group_group_members_path(subgroup)
+
+    expect(page).not_to have_button 'Edit permissions'
+  end
+
  it 'owner cannot override LDAP access level', :js do
    stub_application_setting(allow_group_owners_to_manage_ldap: false)


--- a/ee/spec/frontend/members/components/table/member_table_cell_spec.js
+++ b/ee/spec/frontend/members/components/table/member_table_cell_spec.js
 import { mount, createLocalVue } from '@vue/test-utils';
 import Vuex from 'vuex';
-import { member as memberMock } from 'jest/members/mock_data';
+import { member as memberMock, directMember } from 'jest/members/mock_data';
 import MembersTableCell from 'ee/members/components/table/members_table_cell.vue';

 describe('MemberTableCell', () => {
@@ -80,7 +80,7 @@ describe('MemberTableCell', () => {
    describe('canOverride', () => {
      it('returns `true` when `canOverride` is `true`', () => {
        createComponent({
-          member: { ...memberMock, canOverride: true },
+          member: { ...directMember, canOverride: true },
        });

        expect(findWrappedComponent().props('permissions').canOverride).toBe(true);
@@ -88,7 +88,7 @@ describe('MemberTableCell', () => {

      it('returns `false` when `canOverride` is `false`', () => {
        createComponent({
-          member: { ...memberMock, canOverride: false },
+          member: { ...directMember, canOverride: false },
        });

        expect(findWrappedComponent().props('permissions').canOverride).toBe(false);

--- a/ee/spec/frontend/members/components/table/members_table_spec.js
+++ b/ee/spec/frontend/members/components/table/members_table_spec.js
 import { within } from '@testing-library/dom';
 import { mount, createLocalVue, createWrapper } from '@vue/test-utils';
 import Vuex from 'vuex';
-import { member as memberMock, members } from 'jest/members/mock_data';
+import { member as memberMock, directMember, members } from 'jest/members/mock_data';
 import MembersTable from '~/members/components/table/members_table.vue';

 const localVue = createLocalVue();
@@ -58,8 +58,7 @@ describe('MemberList', () => {
  describe('fields', () => {
    describe('"Actions" field', () => {
      const memberCanOverride = {
-        ...memberMock,
-        source: { ...memberMock.source, id: 1 },
+        ...directMember,
        canOverride: true,
      };


--- a/ee/spec/frontend/members/utils_spec.js
+++ b/ee/spec/frontend/members/utils_spec.js
-import { member as memberMock, membersJsonString, members } from 'jest/members/mock_data';
+import {
+  member as memberMock,
+  directMember,
+  inheritedMember,
+  membersJsonString,
+  members,
+} from 'jest/members/mock_data';
 import { generateBadges, canOverride, parseDataAttributes } from 'ee/members/utils';

 describe('Members Utils', () => {
@@ -30,9 +36,11 @@ describe('Members Utils', () => {

  describe('canOverride', () => {
    test.each`
-      member                                  | expected
-      ${{ ...memberMock, canOverride: true }} | ${true}
-      ${memberMock}                           | ${false}
+      member                                        | expected
+      ${{ ...directMember, canOverride: true }}     | ${true}
+      ${{ ...inheritedMember, canOverride: true }}  | ${false}
+      ${{ ...directMember, canOverride: false }}    | ${false}
+      ${{ ...inheritedMember, canOverride: false }} | ${false}
    `('returns $expected', ({ member, expected }) => {
      expect(canOverride(member)).toBe(expected);
    });

--- a/spec/frontend/pipelines/blank_state_spec.js
+++ b/spec/frontend/pipelines/blank_state_spec.js
-import Vue from 'vue';
-import mountComponent from 'helpers/vue_mount_component_helper';
-import component from '~/pipelines/components/pipelines_list/blank_state.vue';
+import { mount } from '@vue/test-utils';
+import { getByText } from '@testing-library/dom';
+import BlankState from '~/pipelines/components/pipelines_list/blank_state.vue';

 describe('Pipelines Blank State', () => {
-  let vm;
-  let Component;
-
-  beforeEach(() => {
-    Component = Vue.extend(component);
-
-    vm = mountComponent(Component, {
+  const wrapper = mount(BlankState, {
+    propsData: {
      svgPath: 'foo',
      message: 'Blank State',
-    });
+    },
  });

  it('should render svg', () => {
-    expect(vm.$el.querySelector('.svg-content img').getAttribute('src')).toEqual('foo');
+    expect(wrapper.find('.svg-content img').attributes('src')).toEqual('foo');
  });

  it('should render message', () => {
-    expect(vm.$el.querySelector('h4').textContent.trim()).toEqual('Blank State');
+    expect(getByText(wrapper.element, /Blank State/i)).toBeTruthy();
  });
 });