From 0674f12b5e5d41b1ef3e5a1aade5de945a449b93 Mon Sep 17 00:00:00 2001 From: Rodrigo Tomonari Date: Thu, 20 Apr 2023 00:57:25 -0300 Subject: [PATCH 1/2] Disable importers by default in new self-manages instances Changelog: changed --- app/services/projects/create_service.rb | 3 +++ app/views/groups/new.html.haml | 11 +++------- config/initializers/1_settings.rb | 2 +- doc/user/gitlab_com/index.md | 16 +++++++++++++++ doc/user/project/import/bitbucket_server.md | 4 +++- doc/user/project/import/fogbugz.md | 3 +++ doc/user/project/import/gitea.md | 3 +++ doc/user/project/import/github.md | 5 +++++ doc/user/project/import/manifest.md | 3 +++ doc/user/project/import/repo_by_url.md | 3 +++ .../controllers/projects_controller_spec.rb | 2 ++ ee/spec/features/projects/new_project_spec.rb | 2 ++ .../combined_registration_spec.rb | 1 + ...dard_flow_company_creating_project_spec.rb | 4 ++++ ...dard_flow_just_me_creating_project_spec.rb | 2 ++ ...ard_flow_just_me_importing_project_spec.rb | 2 ++ ...rial_flow_company_creating_project_spec.rb | 2 ++ ...ial_flow_company_importing_project_spec.rb | 2 ++ ...rial_flow_just_me_creating_project_spec.rb | 2 ++ ...ial_flow_just_me_importing_project_spec.rb | 2 ++ ...external_site_without_confirmation_spec.rb | 1 + ...external_site_without_confirmation_spec.rb | 1 + .../project_creator_spec.rb | 3 ++- ee/spec/requests/api/project_import_spec.rb | 1 + ee/spec/requests/api/projects_spec.rb | 1 + lib/api/project_import.rb | 12 +++++++---- locale/gitlab.pot | 6 ------ qa/qa/page/component/import/selection.rb | 4 ++++ qa/qa/page/project/new.rb | 8 ++++++-- .../import/import_github_repo_spec.rb | 4 ++++ .../import/import_github_repo_spec.rb | 2 ++ .../revert/reverting_merge_request_spec.rb | 2 ++ .../view_merge_request_diff_patch_spec.rb | 2 ++ .../online_garbage_collection_spec.rb | 2 ++ .../terraform_module_registry_spec.rb | 2 ++ .../maven/maven_group_level_spec.rb | 2 ++ .../maven/maven_project_level_spec.rb | 2 ++ .../import/import_github_repo_spec.rb | 4 ++++ qa/qa/support/helpers/import_source.rb | 19 ++++++++++++++++++ .../import/fogbugz_controller_spec.rb | 2 ++ .../import/gitea_controller_spec.rb | 4 ++++ .../import/manifest_controller_spec.rb | 2 ++ spec/features/admin/admin_settings_spec.rb | 11 ---------- .../file_uploads/project_import_spec.rb | 4 ++++ spec/features/import/manifest_import_spec.rb | 2 ++ .../import_export/import_file_spec.rb | 1 + spec/features/projects/new_project_spec.rb | 4 ++++ .../fogbugz_import/project_creator_spec.rb | 6 +++++- .../project_creator_spec.rb | 2 ++ .../manifest_import/project_creator_spec.rb | 4 +++- spec/requests/api/project_import_spec.rb | 20 +++++++++++++++++++ spec/requests/api/projects_spec.rb | 1 + .../requests/import/github_controller_spec.rb | 2 ++ .../import/github_groups_controller_spec.rb | 2 ++ .../import/gitlab_projects_controller_spec.rb | 2 ++ spec/services/import/fogbugz_service_spec.rb | 1 + .../create_project_service_spec.rb | 1 + spec/services/projects/create_service_spec.rb | 4 ++++ 58 files changed, 191 insertions(+), 36 deletions(-) create mode 100644 qa/qa/support/helpers/import_source.rb diff --git a/app/services/projects/create_service.rb b/app/services/projects/create_service.rb index 691e223560508f..c4eb9dc0600cef 100644 --- a/app/services/projects/create_service.rb +++ b/app/services/projects/create_service.rb @@ -284,6 +284,9 @@ def validate_import_source_enabled! return if INTERNAL_IMPORT_SOURCES.include?(import_type) + # Skip validation when creating project from a built in template + return if @params[:import_export_upload].present? && import_type == 'gitlab_project' + unless ::Gitlab::CurrentSettings.import_sources&.include?(import_type) raise ImportSourceDisabledError, "#{import_type} import source is disabled" end diff --git a/app/views/groups/new.html.haml b/app/views/groups/new.html.haml index 1d306d4d3b8d93..88cb8d989fae57 100644 --- a/app/views/groups/new.html.haml +++ b/app/views/groups/new.html.haml @@ -16,11 +16,6 @@ = render 'new_group_fields', f: f, group_name_id: 'create-group-name' #import-group-pane.tab-pane - - if import_sources_enabled? - = render 'import_group_from_another_instance_panel' - .gl-mt-7.gl-border-b-solid.gl-border-gray-100.gl-border-1 - = render 'import_group_from_file_panel' - - else - .nothing-here-block - %h4= s_('GroupsNew|No import options available') - %p= s_('GroupsNew|Contact an administrator to enable options for importing your group.') + = render 'import_group_from_another_instance_panel' + .gl-mt-7.gl-border-b-solid.gl-border-gray-100.gl-border-1 + = render 'import_group_from_file_panel' diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb index 6b41b32e15c5d3..015269cecc9954 100644 --- a/config/initializers/1_settings.rb +++ b/config/initializers/1_settings.rb @@ -232,7 +232,7 @@ Settings.gitlab.default_projects_features['container_registry'] = true if Settings.gitlab.default_projects_features['container_registry'].nil? Settings.gitlab.default_projects_features['visibility_level'] = Settings.__send__(:verify_constant, Gitlab::VisibilityLevel, Settings.gitlab.default_projects_features['visibility_level'], Gitlab::VisibilityLevel::PRIVATE) Settings.gitlab['domain_allowlist'] ||= [] -Settings.gitlab['import_sources'] ||= Gitlab::ImportSources.values +Settings.gitlab['import_sources'] ||= [] Settings.gitlab['trusted_proxies'] ||= [] Settings.gitlab['content_security_policy'] ||= {} Settings.gitlab['allowed_hosts'] ||= [] diff --git a/doc/user/gitlab_com/index.md b/doc/user/gitlab_com/index.md index 68d1b51ec0877a..fad8969e48cee7 100644 --- a/doc/user/gitlab_com/index.md +++ b/doc/user/gitlab_com/index.md @@ -202,6 +202,22 @@ NOTE: Cloudflare. Git LFS and imports other than a file upload are not affected by this limit. Repository limits apply to both public and private projects. +## Import sources + +GitLab.com has the following import sources enabled. + +| Import source | GitLab.com default | Default (self-managed) | +|------------------------|--------------------| ---------------------------| +| Bitbucket Cloud | **{check-circle}** Yes | **{dotted-circle}** No | +| Bitbucket Server | **{check-circle}** Yes | **{dotted-circle}** No | +| FogBugz | **{check-circle}** Yes | **{dotted-circle}** No | +| GitLab Direct Transfer | **{check-circle}** Yes | **{dotted-circle}** No | +| Gitea | **{check-circle}** Yes | **{dotted-circle}** No | +| GitHub | **{check-circle}** Yes | **{dotted-circle}** No | +| GitLab export | **{check-circle}** Yes | **{dotted-circle}** No | +| Manifest file | **{check-circle}** Yes | **{dotted-circle}** No | +| Repository by URL | **{check-circle}** Yes | **{dotted-circle}** No | + ## IP range GitLab.com uses the IP ranges `34.74.90.64/28` and `34.74.226.0/24` for traffic from its Web/API diff --git a/doc/user/project/import/bitbucket_server.md b/doc/user/project/import/bitbucket_server.md index c7dfc739b71bc4..22f81365755a84 100644 --- a/doc/user/project/import/bitbucket_server.md +++ b/doc/user/project/import/bitbucket_server.md @@ -27,7 +27,9 @@ created as private in GitLab as well. Prerequisites: -- An administrator must enable **Bitbucket Server** in **Admin > Settings > General > Visibility and access controls > Import sources**. +- [Bitbucket Server import source](../../admin_area/settings/visibility_and_access_controls.md#configure-allowed-import-sources) +must be enabled. If not enabled, ask your GitLab administrator to enable it. The Bitbucket Server import source is enabled +by default on GitLab.com. - At least the Maintainer role on the destination group to import to. Using the Developer role for this purpose was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/387891) in GitLab 15.8 and will be removed in GitLab 16.0. diff --git a/doc/user/project/import/fogbugz.md b/doc/user/project/import/fogbugz.md index d66b1dbaa5dc52..6e378ccbb44a39 100644 --- a/doc/user/project/import/fogbugz.md +++ b/doc/user/project/import/fogbugz.md @@ -17,6 +17,9 @@ users. Prerequisite: +- [FogBugz import source](../../admin_area/settings/visibility_and_access_controls.md#configure-allowed-import-sources) +must be enabled. If not enabled, ask your GitLab administrator to enable it. The FogBugz import source is enabled +by default on GitLab.com. - At least the Maintainer role on the destination group to import to. Using the Developer role for this purpose was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/387891) in GitLab 15.8 and will be removed in GitLab 16.0. diff --git a/doc/user/project/import/gitea.md b/doc/user/project/import/gitea.md index f11dc3e18dc526..2eb798fab0f6ca 100644 --- a/doc/user/project/import/gitea.md +++ b/doc/user/project/import/gitea.md @@ -15,6 +15,9 @@ This requires Gitea `v1.0.0` or later. Prerequisite: +- [Gitea import source](../../admin_area/settings/visibility_and_access_controls.md#configure-allowed-import-sources) +must be enabled. If not enabled, ask your GitLab administrator to enable it. The Gitea import source is enabled +by default on GitLab.com. - At least the Maintainer role on the destination group to import to. Using the Developer role for this purpose was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/387891) in GitLab 15.8 and will be removed in GitLab 16.0. diff --git a/doc/user/project/import/github.md b/doc/user/project/import/github.md index 1bd60a037fba2f..4bbb8cee534624 100644 --- a/doc/user/project/import/github.md +++ b/doc/user/project/import/github.md @@ -38,6 +38,9 @@ For an overview of the import process, see [Migrating from GitHub to GitLab](htt To import projects from GitHub: +- [GitHub import source](../../admin_area/settings/visibility_and_access_controls.md#configure-allowed-import-sources) + must be enabled. If not enabled, ask your GitLab administrator to enable it. The GitHub import source is enabled + by default on GitLab.com. - You must have at least the Maintainer role on the destination group to import to. Using the Developer role for this purpose was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/387891) in GitLab 15.8 and will be removed in GitLab 16.0. @@ -61,6 +64,8 @@ perimeter is specified in the [OmniAuth configuration](../../../integration/gith If you are importing from GitHub Enterprise to a self-managed GitLab instance: - You must first enable the [GitHub integration](../../../integration/github.md). +- GitHub must be enabled as an import source in the + [Admin Area](../../admin_area/settings/visibility_and_access_controls.md#configure-allowed-import-sources). - For GitLab 15.10 and earlier, you must add `github.com` and `api.github.com` entries in the [allowlist for local requests](../../../security/webhooks.md#allow-outbound-requests-to-certain-ip-addresses-and-domains). diff --git a/doc/user/project/import/manifest.md b/doc/user/project/import/manifest.md index 8c7f749036ce14..545fd7810dcec3 100644 --- a/doc/user/project/import/manifest.md +++ b/doc/user/project/import/manifest.md @@ -17,6 +17,9 @@ repositories like the Android Open Source Project (AOSP). ## Requirements +- [Manifest import source](../../admin_area/settings/visibility_and_access_controls.md#configure-allowed-import-sources) +must be enabled. If not enabled, ask your GitLab administrator to enable it. The Manifest import source is enabled +by default on GitLab.com. - GitLab must use PostgreSQL for its database, because [subgroups](../../group/subgroups/index.md) are needed for the manifest import to work. Read more about the [database requirements](../../../install/requirements.md#database). - At least the Maintainer role on the destination group to import to. Using the Developer role for this purpose was diff --git a/doc/user/project/import/repo_by_url.md b/doc/user/project/import/repo_by_url.md index 0e7a32b785ca2d..9f6d16cc04a1af 100644 --- a/doc/user/project/import/repo_by_url.md +++ b/doc/user/project/import/repo_by_url.md @@ -8,6 +8,9 @@ info: To determine the technical writer assigned to the Stage/Group associated w Prerequisite: +- [Repository by URL import source](../../admin_area/settings/visibility_and_access_controls.md#configure-allowed-import-sources) +must be enabled. If not enabled, ask your GitLab administrator to enable it. The Repository by URL import source is enabled +by default on GitLab.com. - At least the Maintainer role on the destination group to import to. Using the Developer role for this purpose was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/387891) in GitLab 15.8 and will be removed in GitLab 16.0. diff --git a/ee/spec/controllers/projects_controller_spec.rb b/ee/spec/controllers/projects_controller_spec.rb index dc7fe9a4197537..de841d72f4425f 100644 --- a/ee/spec/controllers/projects_controller_spec.rb +++ b/ee/spec/controllers/projects_controller_spec.rb @@ -195,6 +195,7 @@ context 'with licensed repository mirrors' do before do stub_licensed_features(repository_mirrors: true) + stub_application_setting(import_sources: ['git']) end it 'has mirror enabled in new project' do @@ -209,6 +210,7 @@ context 'with unlicensed repository mirrors' do before do stub_licensed_features(repository_mirrors: false) + stub_application_setting(import_sources: ['git']) end it 'has mirror disabled in new project' do diff --git a/ee/spec/features/projects/new_project_spec.rb b/ee/spec/features/projects/new_project_spec.rb index 02a6acec971ee4..dc065aaf8ca711 100644 --- a/ee/spec/features/projects/new_project_spec.rb +++ b/ee/spec/features/projects/new_project_spec.rb @@ -7,6 +7,8 @@ let(:premium_plan) { create(:license, plan: License::PREMIUM_PLAN) } before do + stub_application_setting(import_sources: Gitlab::ImportSources.values) + sign_in(user) end diff --git a/ee/spec/features/registrations/combined_registration_spec.rb b/ee/spec/features/registrations/combined_registration_spec.rb index e5e7fc2c0dbea9..2037c5a4d14be7 100644 --- a/ee/spec/features/registrations/combined_registration_spec.rb +++ b/ee/spec/features/registrations/combined_registration_spec.rb @@ -11,6 +11,7 @@ # https://gitlab.com/gitlab-org/gitlab/-/issues/340302 allow(Gitlab::QueryLimiting::Transaction).to receive(:threshold).and_return(148) stub_experiments(experiments) + stub_application_setting(import_sources: %w[github gitlab_project]) sign_in(user) visit users_sign_up_welcome_path diff --git a/ee/spec/features/registrations/saas/standard_flow_company_creating_project_spec.rb b/ee/spec/features/registrations/saas/standard_flow_company_creating_project_spec.rb index 9c0170ca12e3f4..1e18ecf322ca76 100644 --- a/ee/spec/features/registrations/saas/standard_flow_company_creating_project_spec.rb +++ b/ee/spec/features/registrations/saas/standard_flow_company_creating_project_spec.rb @@ -6,6 +6,8 @@ feature_category: :onboarding do context 'when opting into a trial' do it 'registers the user and creates a group and project reaching onboarding', :sidekiq_inline do + stub_application_setting(import_sources: %w[github gitlab_project]) + user_signs_up(glm_params) expect_to_see_account_confirmation_page @@ -81,6 +83,8 @@ context 'when not opting into a trial' do it 'registers the user and creates a group and project reaching onboarding' do + stub_application_setting(import_sources: %w[github gitlab_project]) + user_signs_up expect_to_see_account_confirmation_page diff --git a/ee/spec/features/registrations/saas/standard_flow_just_me_creating_project_spec.rb b/ee/spec/features/registrations/saas/standard_flow_just_me_creating_project_spec.rb index f4c1f7de6da7e5..3f4e06a289cd82 100644 --- a/ee/spec/features/registrations/saas/standard_flow_just_me_creating_project_spec.rb +++ b/ee/spec/features/registrations/saas/standard_flow_just_me_creating_project_spec.rb @@ -5,6 +5,8 @@ RSpec.describe 'Standard flow for user picking just me and creating a project', :js, :saas_registration, feature_category: :onboarding do it 'registers the user and creates a group and project reaching onboarding' do + stub_application_setting(import_sources: %w[github gitlab_project]) + user_signs_up expect_to_see_account_confirmation_page diff --git a/ee/spec/features/registrations/saas/standard_flow_just_me_importing_project_spec.rb b/ee/spec/features/registrations/saas/standard_flow_just_me_importing_project_spec.rb index d5a6baf0217dc5..42ea46020dc94e 100644 --- a/ee/spec/features/registrations/saas/standard_flow_just_me_importing_project_spec.rb +++ b/ee/spec/features/registrations/saas/standard_flow_just_me_importing_project_spec.rb @@ -5,6 +5,8 @@ RSpec.describe 'Standard flow for user picking just me and importing a project', :js, :saas_registration, feature_category: :onboarding do it 'registers the user and starts to import a project' do + stub_application_setting(import_sources: %w[github gitlab_project]) + user_signs_up expect_to_see_account_confirmation_page diff --git a/ee/spec/features/registrations/saas/trial_flow_company_creating_project_spec.rb b/ee/spec/features/registrations/saas/trial_flow_company_creating_project_spec.rb index f7cb03803b445e..59336d35c27b53 100644 --- a/ee/spec/features/registrations/saas/trial_flow_company_creating_project_spec.rb +++ b/ee/spec/features/registrations/saas/trial_flow_company_creating_project_spec.rb @@ -5,6 +5,8 @@ RSpec.describe 'Trial flow for user picking company and creating a project', :js, :saas_registration, feature_category: :onboarding do it 'registers the user and creates a group and project reaching onboarding', :sidekiq_inline do + stub_application_setting(import_sources: %w[github gitlab_project]) + visit new_trial_registration_path(glm_params) expect_to_be_on_trial_user_registration diff --git a/ee/spec/features/registrations/saas/trial_flow_company_importing_project_spec.rb b/ee/spec/features/registrations/saas/trial_flow_company_importing_project_spec.rb index eb4994ea43d369..96d949b98a07b3 100644 --- a/ee/spec/features/registrations/saas/trial_flow_company_importing_project_spec.rb +++ b/ee/spec/features/registrations/saas/trial_flow_company_importing_project_spec.rb @@ -5,6 +5,8 @@ RSpec.describe 'Trial flow for user picking company and importing a project', :js, :saas_registration, feature_category: :onboarding do it 'registers the user and starts to import a project' do + stub_application_setting(import_sources: %w[github gitlab_project]) + visit new_trial_registration_path expect_to_be_on_trial_user_registration diff --git a/ee/spec/features/registrations/saas/trial_flow_just_me_creating_project_spec.rb b/ee/spec/features/registrations/saas/trial_flow_just_me_creating_project_spec.rb index 23771fa483a347..e6559a17ca1d3e 100644 --- a/ee/spec/features/registrations/saas/trial_flow_just_me_creating_project_spec.rb +++ b/ee/spec/features/registrations/saas/trial_flow_just_me_creating_project_spec.rb @@ -5,6 +5,8 @@ RSpec.describe 'Trial flow for user picking just me and creating a project', :js, :saas_registration, feature_category: :onboarding do it 'registers the user and creates a group and project reaching onboarding', :sidekiq_inline do + stub_application_setting(import_sources: %w[github gitlab_project]) + visit new_trial_registration_path(glm_params) expect_to_be_on_trial_user_registration diff --git a/ee/spec/features/registrations/saas/trial_flow_just_me_importing_project_spec.rb b/ee/spec/features/registrations/saas/trial_flow_just_me_importing_project_spec.rb index 2cfe4be24e2ea6..539bcac8645afe 100644 --- a/ee/spec/features/registrations/saas/trial_flow_just_me_importing_project_spec.rb +++ b/ee/spec/features/registrations/saas/trial_flow_just_me_importing_project_spec.rb @@ -5,6 +5,8 @@ RSpec.describe 'Trial flow for user picking just me and importing a project', :js, :saas_registration, feature_category: :onboarding do it 'registers the user and starts to import a project' do + stub_application_setting(import_sources: %w[github gitlab_project]) + visit new_trial_registration_path expect_to_be_on_trial_user_registration diff --git a/ee/spec/features/registrations/sign_up_with_trial_from_external_site_without_confirmation_spec.rb b/ee/spec/features/registrations/sign_up_with_trial_from_external_site_without_confirmation_spec.rb index 5ac6c5488ea54a..09afd81fda6268 100644 --- a/ee/spec/features/registrations/sign_up_with_trial_from_external_site_without_confirmation_spec.rb +++ b/ee/spec/features/registrations/sign_up_with_trial_from_external_site_without_confirmation_spec.rb @@ -11,6 +11,7 @@ before do stub_application_setting(require_admin_approval_after_user_signup: false) stub_feature_flags(arkose_labs_signup_challenge: false) + stub_application_setting(import_sources: %w[github gitlab_project]) # The groups_and_projects_controller (on `click_on 'Create project'`) is over # the query limit threshold, so we have to adjust it. diff --git a/ee/spec/features/registrations/start_trial_from_external_site_without_confirmation_spec.rb b/ee/spec/features/registrations/start_trial_from_external_site_without_confirmation_spec.rb index afeb27c85ea277..035b9d00d235b4 100644 --- a/ee/spec/features/registrations/start_trial_from_external_site_without_confirmation_spec.rb +++ b/ee/spec/features/registrations/start_trial_from_external_site_without_confirmation_spec.rb @@ -10,6 +10,7 @@ before do stub_application_setting(require_admin_approval_after_user_signup: false) stub_feature_flags(arkose_labs_signup_challenge: false) + stub_application_setting(import_sources: %w[github gitlab_project]) # The groups_and_projects_controller (on `click_on 'Create project'`) is over # the query limit threshold, so we have to adjust it. diff --git a/ee/spec/lib/gitlab/legacy_github_import/project_creator_spec.rb b/ee/spec/lib/gitlab/legacy_github_import/project_creator_spec.rb index ba9908e4b3af27..8b71ca8da557cb 100644 --- a/ee/spec/lib/gitlab/legacy_github_import/project_creator_spec.rb +++ b/ee/spec/lib/gitlab/legacy_github_import/project_creator_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Gitlab::LegacyGithubImport::ProjectCreator do +RSpec.describe Gitlab::LegacyGithubImport::ProjectCreator, feature_category: :importers do let(:user) { create(:user) } let(:namespace) { create(:group) } @@ -25,6 +25,7 @@ before do namespace.add_owner(user) stub_licensed_features(ci_cd_projects: true) + stub_application_setting(import_sources: %w[github]) allow_any_instance_of(EE::Project).to receive(:add_import_job) allow_any_instance_of(CiCd::SetupProject).to receive(:setup_external_service) diff --git a/ee/spec/requests/api/project_import_spec.rb b/ee/spec/requests/api/project_import_spec.rb index 8c9aca7279d9be..0f28046fc6fc9b 100644 --- a/ee/spec/requests/api/project_import_spec.rb +++ b/ee/spec/requests/api/project_import_spec.rb @@ -18,6 +18,7 @@ before do enable_external_authorization_service_check stub_licensed_features(external_authorization_service_api_management: true) + stub_application_setting(import_sources: ['gitlab_project']) namespace.add_owner(user) end diff --git a/ee/spec/requests/api/projects_spec.rb b/ee/spec/requests/api/projects_spec.rb index 2be40a419d6611..667666ea091237 100644 --- a/ee/spec/requests/api/projects_spec.rb +++ b/ee/spec/requests/api/projects_spec.rb @@ -684,6 +684,7 @@ headers: { 'Content-Type': 'application/x-git-upload-pack-advertisement' } } stub_full_request("#{import_url}/info/refs?service=git-upload-pack", method: :get).to_return(git_response) + stub_application_setting(import_sources: ['git']) end it 'creates new project with pull mirroring set up' do diff --git a/lib/api/project_import.rb b/lib/api/project_import.rb index a00ef7144d498f..6639b3ec3462b8 100644 --- a/lib/api/project_import.rb +++ b/lib/api/project_import.rb @@ -33,16 +33,14 @@ def filtered_override_params(params) end end - before do - forbidden! unless Gitlab::CurrentSettings.import_sources.include?('gitlab_project') - end - resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do desc 'Workhorse authorize the project import upload' do detail 'This feature was introduced in GitLab 12.9' tags ['project_import'] end post 'import/authorize' do + forbidden! unless Gitlab::CurrentSettings.import_sources.include?('gitlab_project') + require_gitlab_workhorse! status 200 @@ -90,6 +88,8 @@ def filtered_override_params(params) consumes ['multipart/form-data'] end post 'import' do + forbidden! unless Gitlab::CurrentSettings.import_sources.include?('gitlab_project') + require_gitlab_workhorse! check_rate_limit! :project_import, scope: [current_user, :project_import] @@ -164,6 +164,8 @@ def filtered_override_params(params) ] end post 'remote-import' do + forbidden! unless Gitlab::CurrentSettings.import_sources.include?('gitlab_project') + check_rate_limit! :project_import, scope: [current_user, :project_import] response = ::Import::GitlabProjects::CreateProjectService.new( @@ -217,6 +219,8 @@ def filtered_override_params(params) ] end post 'remote-import-s3' do + forbidden! unless Gitlab::CurrentSettings.import_sources.include?('gitlab_project') + check_rate_limit! :project_import, scope: [current_user, :project_import] response = ::Import::GitlabProjects::CreateProjectService.new( diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 147a2b187175f1..f19ac0b155243a 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -21401,9 +21401,6 @@ msgstr "" msgid "GroupsNew|Connect instance" msgstr "" -msgid "GroupsNew|Contact an administrator to enable options for importing your group." -msgstr "" - msgid "GroupsNew|Create a token with %{code_start}api%{code_end} and %{code_start}read_repository%{code_end} scopes in the %{pat_link_start}user settings%{pat_link_end} of the source GitLab instance. For %{short_living_link_start}security reasons%{short_living_link_end}, set a short expiration date for the token. Keep in mind that large migrations take more time." msgstr "" @@ -21446,9 +21443,6 @@ msgstr "" msgid "GroupsNew|New subgroup" msgstr "" -msgid "GroupsNew|No import options available" -msgstr "" - msgid "GroupsNew|Not all group items are migrated. %{docs_link_start}What items are migrated%{docs_link_end}?" msgstr "" diff --git a/qa/qa/page/component/import/selection.rb b/qa/qa/page/component/import/selection.rb index 6cacdd84f138f1..db2ff74e0f8ab4 100644 --- a/qa/qa/page/component/import/selection.rb +++ b/qa/qa/page/component/import/selection.rb @@ -14,6 +14,10 @@ def self.included(base) end def click_gitlab + retry_until(reload: true, max_attempts: 10, message: 'Waiting for import source to be enabled') do + has_element?(:gitlab_import_button) + end + click_element(:gitlab_import_button) end end diff --git a/qa/qa/page/project/new.rb b/qa/qa/page/project/new.rb index 8624e4c3d83606..8ea0b57ef3e1be 100644 --- a/qa/qa/page/project/new.rb +++ b/qa/qa/page/project/new.rb @@ -87,11 +87,15 @@ def disable_initialize_with_sast end def click_github_link - click_link 'GitHub' + retry_until(reload: true, max_attempts: 10, message: 'Waiting for import source to be enabled') do + click_link 'GitHub' + end end def click_repo_by_url_link - click_button 'Repository by URL' + retry_until(reload: true, max_attempts: 10, message: 'Waiting for import source to be enabled') do + click_button 'Repository by URL' + end end def disable_initialize_with_readme diff --git a/qa/qa/specs/features/api/1_manage/import/import_github_repo_spec.rb b/qa/qa/specs/features/api/1_manage/import/import_github_repo_spec.rb index 85b62ec2ad17d4..fa64489fb83125 100644 --- a/qa/qa/specs/features/api/1_manage/import/import_github_repo_spec.rb +++ b/qa/qa/specs/features/api/1_manage/import/import_github_repo_spec.rb @@ -9,6 +9,10 @@ module QA describe 'GitHub import' do include_context 'with github import' + before do + QA::Support::Helpers::ImportSource.enable('github') + end + context 'when imported via api' do it 'imports project', testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/347670' do expect_project_import_finished_successfully diff --git a/qa/qa/specs/features/browser_ui/1_manage/import/import_github_repo_spec.rb b/qa/qa/specs/features/browser_ui/1_manage/import/import_github_repo_spec.rb index 94a3835b6c9047..62da946d750946 100644 --- a/qa/qa/specs/features/browser_ui/1_manage/import/import_github_repo_spec.rb +++ b/qa/qa/specs/features/browser_ui/1_manage/import/import_github_repo_spec.rb @@ -29,6 +29,8 @@ module QA end before do + QA::Support::Helpers::ImportSource.enable('github') + Flow::Login.sign_in(as: user) Page::Main::Menu.perform(&:go_to_create_project) Page::Project::New.perform do |project_page| diff --git a/qa/qa/specs/features/browser_ui/3_create/merge_request/revert/reverting_merge_request_spec.rb b/qa/qa/specs/features/browser_ui/3_create/merge_request/revert/reverting_merge_request_spec.rb index 82e2136cd22939..8cdcf1dd721c3d 100644 --- a/qa/qa/specs/features/browser_ui/3_create/merge_request/revert/reverting_merge_request_spec.rb +++ b/qa/qa/specs/features/browser_ui/3_create/merge_request/revert/reverting_merge_request_spec.rb @@ -16,6 +16,8 @@ module QA end before do + QA::Support::Helpers::ImportSource.enable(%w[gitlab_project]) + Flow::Login.sign_in end diff --git a/qa/qa/specs/features/browser_ui/3_create/merge_request/view_merge_request_diff_patch_spec.rb b/qa/qa/specs/features/browser_ui/3_create/merge_request/view_merge_request_diff_patch_spec.rb index 748b989deb8e35..112149a7a5ff38 100644 --- a/qa/qa/specs/features/browser_ui/3_create/merge_request/view_merge_request_diff_patch_spec.rb +++ b/qa/qa/specs/features/browser_ui/3_create/merge_request/view_merge_request_diff_patch_spec.rb @@ -11,6 +11,8 @@ module QA end before do + QA::Support::Helpers::ImportSource.enable(%w[gitlab_project]) + Flow::Login.sign_in merge_request.visit! end diff --git a/qa/qa/specs/features/browser_ui/5_package/container_registry/online_garbage_collection_spec.rb b/qa/qa/specs/features/browser_ui/5_package/container_registry/online_garbage_collection_spec.rb index bf328a2bcedef5..077267ae38accb 100644 --- a/qa/qa/specs/features/browser_ui/5_package/container_registry/online_garbage_collection_spec.rb +++ b/qa/qa/specs/features/browser_ui/5_package/container_registry/online_garbage_collection_spec.rb @@ -64,6 +64,8 @@ module QA end before do + QA::Support::Helpers::ImportSource.enable('git') + Flow::Login.sign_in imported_project diff --git a/qa/qa/specs/features/browser_ui/5_package/infrastructure_registry/terraform_module_registry_spec.rb b/qa/qa/specs/features/browser_ui/5_package/infrastructure_registry/terraform_module_registry_spec.rb index fe320f10416b74..13ad0d1d22a3ab 100644 --- a/qa/qa/specs/features/browser_ui/5_package/infrastructure_registry/terraform_module_registry_spec.rb +++ b/qa/qa/specs/features/browser_ui/5_package/infrastructure_registry/terraform_module_registry_spec.rb @@ -25,6 +25,8 @@ module QA end before do + QA::Support::Helpers::ImportSource.enable('git') + Flow::Login.sign_in imported_project diff --git a/qa/qa/specs/features/browser_ui/5_package/package_registry/maven/maven_group_level_spec.rb b/qa/qa/specs/features/browser_ui/5_package/package_registry/maven/maven_group_level_spec.rb index f8ab9ef15ab0c9..e30703728b2232 100644 --- a/qa/qa/specs/features/browser_ui/5_package/package_registry/maven/maven_group_level_spec.rb +++ b/qa/qa/specs/features/browser_ui/5_package/package_registry/maven/maven_group_level_spec.rb @@ -262,6 +262,8 @@ def show_latest_deploy_job end before do + QA::Support::Helpers::ImportSource.enable('git') + Runtime::Feature.enable(:maven_central_request_forwarding) Flow::Login.sign_in_unless_signed_in diff --git a/qa/qa/specs/features/browser_ui/5_package/package_registry/maven/maven_project_level_spec.rb b/qa/qa/specs/features/browser_ui/5_package/package_registry/maven/maven_project_level_spec.rb index b70ec0bafbc399..653f42ac3f8d4e 100644 --- a/qa/qa/specs/features/browser_ui/5_package/package_registry/maven/maven_project_level_spec.rb +++ b/qa/qa/specs/features/browser_ui/5_package/package_registry/maven/maven_project_level_spec.rb @@ -190,6 +190,8 @@ module QA end before do + QA::Support::Helpers::ImportSource.enable('git') + Runtime::Feature.enable(:maven_central_request_forwarding) Flow::Login.sign_in_unless_signed_in diff --git a/qa/qa/specs/features/ee/api/1_manage/import/import_github_repo_spec.rb b/qa/qa/specs/features/ee/api/1_manage/import/import_github_repo_spec.rb index 1d8038024ca14d..8d8ee9dd4760d4 100644 --- a/qa/qa/specs/features/ee/api/1_manage/import/import_github_repo_spec.rb +++ b/qa/qa/specs/features/ee/api/1_manage/import/import_github_repo_spec.rb @@ -10,6 +10,10 @@ module QA include_context 'with github import' context "when imported via api" do + before do + QA::Support::Helpers::ImportSource.enable('github') + end + it 'imports repo push rules', testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/379494' do expect_project_import_finished_successfully diff --git a/qa/qa/support/helpers/import_source.rb b/qa/qa/support/helpers/import_source.rb new file mode 100644 index 00000000000000..f25466dc1a0440 --- /dev/null +++ b/qa/qa/support/helpers/import_source.rb @@ -0,0 +1,19 @@ +# frozen_string_literal: true + +module QA + module Support + module Helpers + module ImportSource + def self.enable(new_import_sources) + current_import_sources = Runtime::ApplicationSettings.get_application_settings[:import_sources] + + import_sources = current_import_sources | Array(new_import_sources) + + return if (import_sources - current_import_sources).blank? + + Runtime::ApplicationSettings.set_application_settings(import_sources: import_sources) + end + end + end + end +end diff --git a/spec/controllers/import/fogbugz_controller_spec.rb b/spec/controllers/import/fogbugz_controller_spec.rb index 40a5c59fa2d840..3b099ba26134a5 100644 --- a/spec/controllers/import/fogbugz_controller_spec.rb +++ b/spec/controllers/import/fogbugz_controller_spec.rb @@ -11,6 +11,8 @@ let(:namespace_id) { 5 } before do + stub_application_setting(import_sources: ['fogbugz']) + sign_in(user) end diff --git a/spec/controllers/import/gitea_controller_spec.rb b/spec/controllers/import/gitea_controller_spec.rb index 94b02f7c1b99a0..3dfda909a93c39 100644 --- a/spec/controllers/import/gitea_controller_spec.rb +++ b/spec/controllers/import/gitea_controller_spec.rb @@ -10,6 +10,10 @@ include_context 'a GitHub-ish import controller' + before do + stub_application_setting(import_sources: ['gitea']) + end + def assign_host_url session[:gitea_host_url] = host_url end diff --git a/spec/controllers/import/manifest_controller_spec.rb b/spec/controllers/import/manifest_controller_spec.rb index 23d5d37ed887a7..69eb736375c9fc 100644 --- a/spec/controllers/import/manifest_controller_spec.rb +++ b/spec/controllers/import/manifest_controller_spec.rb @@ -13,6 +13,8 @@ end before do + stub_application_setting(import_sources: ['manifest']) + sign_in(user) end diff --git a/spec/features/admin/admin_settings_spec.rb b/spec/features/admin/admin_settings_spec.rb index 4dee97880a5a55..6f058ffcc9f402 100644 --- a/spec/features/admin/admin_settings_spec.rb +++ b/spec/features/admin/admin_settings_spec.rb @@ -53,17 +53,6 @@ end it 'modify import sources' do - expect(current_settings.import_sources).not_to be_empty - - page.within('[data-testid="admin-visibility-access-settings"]') do - Gitlab::ImportSources.options.map do |name, _| - uncheck name - end - - click_button 'Save changes' - end - - expect(page).to have_content "Application settings saved successfully" expect(current_settings.import_sources).to be_empty page.within('[data-testid="admin-visibility-access-settings"]') do diff --git a/spec/features/file_uploads/project_import_spec.rb b/spec/features/file_uploads/project_import_spec.rb index c261834206d20c..3934e0319ad1cf 100644 --- a/spec/features/file_uploads/project_import_spec.rb +++ b/spec/features/file_uploads/project_import_spec.rb @@ -22,6 +22,10 @@ ) end + before do + stub_application_setting(import_sources: ['gitlab_project']) + end + RSpec.shared_examples 'for a project export archive' do it { expect { subject }.to change { Project.count }.by(1) } diff --git a/spec/features/import/manifest_import_spec.rb b/spec/features/import/manifest_import_spec.rb index bb3eb34637b8ed..aba38eb0196185 100644 --- a/spec/features/import/manifest_import_spec.rb +++ b/spec/features/import/manifest_import_spec.rb @@ -7,6 +7,8 @@ let(:group) { create(:group) } before do + stub_application_setting(import_sources: ['manifest']) + sign_in(user) group.add_owner(user) diff --git a/spec/features/projects/import_export/import_file_spec.rb b/spec/features/projects/import_export/import_file_spec.rb index 8fb11f06cdda36..f4ed0728402a65 100644 --- a/spec/features/projects/import_export/import_file_spec.rb +++ b/spec/features/projects/import_export/import_file_spec.rb @@ -8,6 +8,7 @@ let(:export_path) { "#{Dir.tmpdir}/import_file_spec" } before do + stub_application_setting(import_sources: ['gitlab_project']) stub_uploads_object_storage(FileUploader) allow_next_instance_of(Gitlab::ImportExport) do |instance| allow(instance).to receive(:storage_path).and_return(export_path) diff --git a/spec/features/projects/new_project_spec.rb b/spec/features/projects/new_project_spec.rb index b87f8ab667f020..b601a64a7c0d16 100644 --- a/spec/features/projects/new_project_spec.rb +++ b/spec/features/projects/new_project_spec.rb @@ -5,6 +5,10 @@ RSpec.describe 'New project', :js, feature_category: :projects do include Features::TopNavSpecHelpers + before do + stub_application_setting(import_sources: Gitlab::ImportSources.values) + end + context 'as a user' do let_it_be(:user) { create(:user) } diff --git a/spec/lib/gitlab/fogbugz_import/project_creator_spec.rb b/spec/lib/gitlab/fogbugz_import/project_creator_spec.rb index 8be9f55dbb6fcf..39dad1360a53c2 100644 --- a/spec/lib/gitlab/fogbugz_import/project_creator_spec.rb +++ b/spec/lib/gitlab/fogbugz_import/project_creator_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Gitlab::FogbugzImport::ProjectCreator do +RSpec.describe Gitlab::FogbugzImport::ProjectCreator, feature_category: :importers do let(:user) { create(:user) } let(:repo) do instance_double(Gitlab::FogbugzImport::Repository, @@ -22,6 +22,10 @@ project_creator.execute end + before do + stub_application_setting(import_sources: ['fogbugz']) + end + it 'creates project with private visibility level' do expect(subject.persisted?).to eq(true) expect(subject.visibility_level).to eq(Gitlab::VisibilityLevel::PRIVATE) diff --git a/spec/lib/gitlab/legacy_github_import/project_creator_spec.rb b/spec/lib/gitlab/legacy_github_import/project_creator_spec.rb index f1dbe2bf8e2115..15624a0558e225 100644 --- a/spec/lib/gitlab/legacy_github_import/project_creator_spec.rb +++ b/spec/lib/gitlab/legacy_github_import/project_creator_spec.rb @@ -23,6 +23,8 @@ allow_next_instance_of(Project) do |project| allow(project).to receive(:add_import_job) end + + stub_application_setting(import_sources: ['github']) end describe '#execute' do diff --git a/spec/lib/gitlab/manifest_import/project_creator_spec.rb b/spec/lib/gitlab/manifest_import/project_creator_spec.rb index 0ab5b277552f13..2d878e5496e1b6 100644 --- a/spec/lib/gitlab/manifest_import/project_creator_spec.rb +++ b/spec/lib/gitlab/manifest_import/project_creator_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Gitlab::ManifestImport::ProjectCreator do +RSpec.describe Gitlab::ManifestImport::ProjectCreator, feature_category: :importers do let(:group) { create(:group) } let(:user) { create(:user) } let(:repository) do @@ -14,6 +14,8 @@ before do group.add_owner(user) + + stub_application_setting(import_sources: ['manifest']) end subject { described_class.new(repository, group, user) } diff --git a/spec/requests/api/project_import_spec.rb b/spec/requests/api/project_import_spec.rb index 8ad5aaa8bc3acb..4496e3aa7c37ec 100644 --- a/spec/requests/api/project_import_spec.rb +++ b/spec/requests/api/project_import_spec.rb @@ -14,6 +14,8 @@ before do namespace.add_owner(user) if user + + stub_application_setting(import_sources: ['gitlab_project']) end shared_examples 'requires authentication' do @@ -26,6 +28,20 @@ end end + shared_examples 'requires import source to be enabled' do + context 'when gitlab_project import_sources is disabled' do + before do + stub_application_setting(import_sources: []) + end + + it 'returns 403' do + subject + + expect(response).to have_gitlab_http_status(:forbidden) + end + end + end + describe 'POST /projects/import' do subject { upload_archive(file_upload, workhorse_headers, params) } @@ -43,6 +59,7 @@ end it_behaves_like 'requires authentication' + it_behaves_like 'requires import source to be enabled' it 'executes a limited number of queries', :use_clean_rails_redis_caching do control_count = ActiveRecord::QueryRecorder.new { subject }.count @@ -337,6 +354,7 @@ def stub_import(namespace) end it_behaves_like 'requires authentication' + it_behaves_like 'requires import source to be enabled' context 'when the response is successful' do it 'schedules the import successfully' do @@ -402,6 +420,7 @@ def stub_import(namespace) end it_behaves_like 'requires authentication' + it_behaves_like 'requires import source to be enabled' context 'when the response is successful' do it 'schedules the import successfully' do @@ -496,6 +515,7 @@ def stub_import(namespace) subject { post api('/projects/import/authorize', user), headers: workhorse_headers } it_behaves_like 'requires authentication' + it_behaves_like 'requires import source to be enabled' it 'authorizes importing project with workhorse header' do subject diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb index 4ebc79b63906eb..a2ca9706f54fc2 100644 --- a/spec/requests/api/projects_spec.rb +++ b/spec/requests/api/projects_spec.rb @@ -1431,6 +1431,7 @@ def request body: '001e# service=git-upload-pack', headers: { 'Content-Type': 'application/x-git-upload-pack-advertisement' } } + stub_application_setting(import_sources: ['git']) stub_full_request(endpoint_url, method: :get).to_return(git_response) project_params = { import_url: url, path: 'path-project-Foo', name: 'Foo Project' } diff --git a/spec/requests/import/github_controller_spec.rb b/spec/requests/import/github_controller_spec.rb index 5ac97e3d330e12..8d57c2895defb1 100644 --- a/spec/requests/import/github_controller_spec.rb +++ b/spec/requests/import/github_controller_spec.rb @@ -9,6 +9,8 @@ let_it_be(:user) { create(:user) } before do + stub_application_setting(import_sources: ['github']) + login_as(user) end diff --git a/spec/requests/import/github_groups_controller_spec.rb b/spec/requests/import/github_groups_controller_spec.rb index 6393dd35a98aec..dada84758f37a0 100644 --- a/spec/requests/import/github_groups_controller_spec.rb +++ b/spec/requests/import/github_groups_controller_spec.rb @@ -11,6 +11,8 @@ let(:params) { {} } before do + stub_application_setting(import_sources: ['github']) + login_as(user) end diff --git a/spec/requests/import/gitlab_projects_controller_spec.rb b/spec/requests/import/gitlab_projects_controller_spec.rb index fe3ea9e9c9e467..732851c7828c04 100644 --- a/spec/requests/import/gitlab_projects_controller_spec.rb +++ b/spec/requests/import/gitlab_projects_controller_spec.rb @@ -12,6 +12,8 @@ before do login_as(user) + + stub_application_setting(import_sources: ['gitlab_project']) end describe 'POST create' do diff --git a/spec/services/import/fogbugz_service_spec.rb b/spec/services/import/fogbugz_service_spec.rb index ad02dc31da1c73..e9c676dcd23dc7 100644 --- a/spec/services/import/fogbugz_service_spec.rb +++ b/spec/services/import/fogbugz_service_spec.rb @@ -18,6 +18,7 @@ before do allow(subject).to receive(:authorized?).and_return(true) + stub_application_setting(import_sources: ['fogbugz']) end context 'when no repo is found' do diff --git a/spec/services/import/gitlab_projects/create_project_service_spec.rb b/spec/services/import/gitlab_projects/create_project_service_spec.rb index 35378bcee92a4b..a77e9bdfce1e9c 100644 --- a/spec/services/import/gitlab_projects/create_project_service_spec.rb +++ b/spec/services/import/gitlab_projects/create_project_service_spec.rb @@ -35,6 +35,7 @@ def project_params before do stub_const('FakeStrategy', fake_file_acquisition_strategy) + stub_application_setting(import_sources: ['gitlab_project']) end describe 'validation' do diff --git a/spec/services/projects/create_service_spec.rb b/spec/services/projects/create_service_spec.rb index 35b715d82ee27c..9ec7b34bae96c6 100644 --- a/spec/services/projects/create_service_spec.rb +++ b/spec/services/projects/create_service_spec.rb @@ -256,6 +256,10 @@ it_behaves_like 'has sync-ed traversal_ids' context 'when project is an import' do + before do + stub_application_setting(import_sources: ['gitlab_project']) + end + context 'when user is not allowed to import projects' do let(:group) do create(:group).tap do |group| -- GitLab From f72198e65a3ee08365f1c359e6b54d954369f016 Mon Sep 17 00:00:00 2001 From: Rodrigo Tomonari Date: Wed, 3 May 2023 18:45:38 -0300 Subject: [PATCH 2/2] Add missing stub_application_setting --- .../saas/standard_flow_company_creating_project_spec.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/ee/spec/features/registrations/saas/standard_flow_company_creating_project_spec.rb b/ee/spec/features/registrations/saas/standard_flow_company_creating_project_spec.rb index 1e18ecf322ca76..87ef8a0439d8fb 100644 --- a/ee/spec/features/registrations/saas/standard_flow_company_creating_project_spec.rb +++ b/ee/spec/features/registrations/saas/standard_flow_company_creating_project_spec.rb @@ -43,6 +43,7 @@ context 'when user in automatic_trial_registration experiment' do it 'registers the user and creates a group and project reaching onboarding', :sidekiq_inline do + stub_application_setting(import_sources: %w[github gitlab_project]) stub_experiments(automatic_trial_registration: :candidate) user_signs_up(glm_params) -- GitLab