Merge branch 'bvl-classification-only' into 'master'

Allow enabling External Policy Control without URL Closes #4786 See merge request gitlab-org/gitlab-ee!5083

Merge branch 'bvl-classification-only' into 'master'
Allow enabling External Policy Control without URL Closes #4786 See merge request gitlab-org/gitlab-ee!5083
e78d9834 · Douwe Maan · 58ee6fc1 · bab948a3 · e78d9834 · e78d9834
Commit e78d9834 authored Mar 26, 2018 by Douwe Maan
39 changed files
--- a/doc/user/admin_area/settings/external_authorization.md
+++ b/doc/user/admin_area/settings/external_authorization.md
@@ -37,7 +37,9 @@ admin area under the settings page:
 The available required properties are:
- **Service URL**: The URL to make authorization requests to
+- **Service URL**: The URL to make authorization requests to. When leaving the
+  URL blank, cross project features will remain available while still being able
+  to specify classification labels for projects.
 - **External authorization request timeout**: The timeout after which an
  authorization request is aborted. When a request times out, access is denied
  to the user.

--- a/ee/app/helpers/ee/application_settings_helper.rb
+++ b/ee/app/helpers/ee/application_settings_helper.rb
@@ -13,6 +13,12 @@ module EE
        "denied.")
    end
+    def external_authorization_url_help_text
+      _("When leaving the URL blank, classification labels can still be "\
+        "specified whitout disabling cross project features or performing "\
+        "external authorization checks.")
+    end
    override :visible_attributes
    def visible_attributes
      super + [

--- a/ee/app/models/ee/application_setting.rb
+++ b/ee/app/models/ee/application_setting.rb
@@ -40,14 +40,12 @@ module EE
                presence: { message: "can't be blank when using aws hosted elasticsearch" },
                if: ->(setting) { setting.elasticsearch_indexing? && setting.elasticsearch_aws? }
-      validates :external_authorization_service_url,
+      validates :external_authorization_service_default_label,
-                :external_authorization_service_default_label,
-                :external_authorization_service_timeout,
                presence: true,
                if: :external_authorization_service_enabled?
      validates :external_authorization_service_url,
-                url: true,
+                url: true, allow_blank: true,
                if: :external_authorization_service_enabled?
      validates :external_authorization_service_timeout,

--- a/ee/app/policies/ee/base_policy.rb
+++ b/ee/app/policies/ee/base_policy.rb
@@ -4,7 +4,7 @@ module EE
    prepended do
      condition(:external_authorization_enabled, scope: :global, score: 0) do
-        ::EE::Gitlab::ExternalAuthorization.enabled?
+        ::EE::Gitlab::ExternalAuthorization.perform_check?
      end
      rule { external_authorization_enabled & ~admin & ~auditor }.policy do

--- a/ee/app/views/admin/application_settings/_external_authorization_service_form.html.haml
+++ b/ee/app/views/admin/application_settings/_external_authorization_service_form.html.haml
@@ -13,6 +13,8 @@
          = link_to icon('question-circle'), help_page_path('user/admin_area/settings/external_authorization')
    .form-group
      = f.label :external_authorization_service_url, _('Service URL'), class: 'control-label col-sm-2'
+      %span.help-block
+        = external_authorization_url_help_text
      .col-sm-10
        = f.text_field :external_authorization_service_url, class: 'form-control'
    .form-group

--- a/ee/changelogs/unreleased/bvl-classification-only.yml
+++ b/ee/changelogs/unreleased/bvl-classification-only.yml
+---
+title: Allow enabling classification policy control without external authorization
+  service
+merge_request: 5083
+author:
+type: changed
--- a/ee/lib/ee/gitlab/external_authorization.rb
+++ b/ee/lib/ee/gitlab/external_authorization.rb
@@ -4,7 +4,7 @@ module EE
      RequestFailed = Class.new(StandardError)
      def self.access_allowed?(user, label)
-        return true unless enabled?
+        return true unless perform_check?
        return false unless user
        access_for_user_to_label(user, label).has_access?
@@ -33,6 +33,10 @@ module EE
          .external_authorization_service_enabled?
      end
+      def self.perform_check?
+        enabled? && service_url.present?
+      end
      def self.service_url
        ::Gitlab::CurrentSettings
          .current_application_settings

--- a/ee/spec/controllers/boards/issues_controller_spec.rb
+++ b/ee/spec/controllers/boards/issues_controller_spec.rb
@@ -93,7 +93,7 @@ describe Boards::IssuesController do
    context 'with external authorization' do
      before do
        sign_in(user)
-        enable_external_authorization_service
+        enable_external_authorization_service_check
      end
      it 'returns a 404 for group boards' do

--- a/ee/spec/controllers/dashboard/groups_controller_spec.rb
+++ b/ee/spec/controllers/dashboard/groups_controller_spec.rb
@@ -9,7 +9,7 @@ describe Dashboard::GroupsController do
  describe '#index' do
    it 'works when the external authorization service is enabled' do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
      get :index

--- a/ee/spec/controllers/dashboard/projects_controller_spec.rb
+++ b/ee/spec/controllers/dashboard/projects_controller_spec.rb
@@ -11,7 +11,7 @@ describe Dashboard::ProjectsController do
    subject { get :index }
    it 'it works when the external authorization service is enabled' do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
      get :index

--- a/ee/spec/controllers/groups/avatars_controller_spec.rb
+++ b/ee/spec/controllers/groups/avatars_controller_spec.rb
@@ -12,7 +12,7 @@ describe Groups::AvatarsController do
  end
  it 'works when external authorization service is enabled' do
-    enable_external_authorization_service
+    enable_external_authorization_service_check
    delete :destroy, group_id: group

--- a/ee/spec/controllers/groups/children_controller_spec.rb
+++ b/ee/spec/controllers/groups/children_controller_spec.rb
@@ -12,7 +12,7 @@ describe Groups::ChildrenController do
  end
  it 'works when external authorization service is enabled' do
-    enable_external_authorization_service
+    enable_external_authorization_service_check
    get :index, group_id: group, format: :json

--- a/ee/spec/controllers/groups/group_members_controller_spec.rb
+++ b/ee/spec/controllers/groups/group_members_controller_spec.rb
@@ -14,7 +14,7 @@ describe Groups::GroupMembersController do
  context 'with external authorization enabled' do
    before do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
    end
    describe 'GET #index' do

--- a/ee/spec/controllers/groups/groups_controller_spec.rb
+++ b/ee/spec/controllers/groups/groups_controller_spec.rb
@@ -13,7 +13,7 @@ describe GroupsController do
  context 'with external authorization service enabled' do
    before do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
    end
    describe 'GET #show' do

--- a/ee/spec/controllers/groups/settings/ci_cd_controller_spec.rb
+++ b/ee/spec/controllers/groups/settings/ci_cd_controller_spec.rb
@@ -13,7 +13,7 @@ describe Groups::Settings::CiCdController do
  context 'with external authorization enabled' do
    before do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
    end
    describe 'GET #show' do

--- a/ee/spec/controllers/groups/variables_controller_spec.rb
+++ b/ee/spec/controllers/groups/variables_controller_spec.rb
@@ -13,7 +13,7 @@ describe Groups::VariablesController do
  context 'with external authorization enabled' do
    before do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
    end
    describe 'GET #show' do

--- a/ee/spec/controllers/search_controller_spec.rb
+++ b/ee/spec/controllers/search_controller_spec.rb
@@ -13,7 +13,7 @@ describe SearchController do
  context 'with external authorization service enabled' do
    before do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
    end
    describe 'GET #show' do

--- a/ee/spec/features/dashboards/group_dashboard_with_external_authorization_service_spec.rb
+++ b/ee/spec/features/dashboards/group_dashboard_with_external_authorization_service_spec.rb
@@ -23,7 +23,7 @@ feature 'The group dashboard' do
    end
    it 'hides some links when an external authorization service is enabled' do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
      visit dashboard_groups_path
      within('.navbar') do

--- a/ee/spec/features/groups/group_page_with_external_authorization_service_spec.rb
+++ b/ee/spec/features/groups/group_page_with_external_authorization_service_spec.rb
@@ -11,24 +11,35 @@ feature 'The group page' do
    group.add_owner(user)
  end
-  describe 'The sidebar' do
+  def expect_all_sidebar_links
-    it 'has all the expected links' do
-      visit group_path(group)
    within('.nav-sidebar') do
      expect(page).to have_link('Overview')
      expect(page).to have_link('Details')
      expect(page).to have_link('Activity')
      expect(page).to have_link('Contribution Analytics')
      expect(page).to have_link('Issues')
      expect(page).to have_link('Merge Requests')
      expect(page).to have_link('Members')
    end
  end
-    it 'hides some links when an external authorization service is enabled' do
+  describe 'The sidebar' do
-      enable_external_authorization_service
+    it 'has all the expected links' do
+      visit group_path(group)
+      expect_all_sidebar_links
+    end
+    it 'shows all project features when policy control is enabled' do
+      stub_ee_application_setting(external_authorization_service_enabled: true)
+      visit group_path(group)
+      expect_all_sidebar_links
+    end
+    it 'hides some links when an external authorization service configured with an url' do
+      enable_external_authorization_service_check
      visit group_path(group)
      within('.nav-sidebar') do
@@ -57,7 +68,7 @@ feature 'The group page' do
      end
      it 'hides the epics link when an external authorization service is enabled' do
-        enable_external_authorization_service
+        enable_external_authorization_service_check
        visit group_path(group)
        within('.nav-sidebar') do

--- a/ee/spec/features/projects/classification_label_on_project_pages_spec.rb
+++ b/ee/spec/features/projects/classification_label_on_project_pages_spec.rb
 require 'spec_helper'
 describe 'Classification label on project pages' do
-  include ExternalAuthorizationServiceHelpers
  let(:project) do
    create(:project, external_authorization_classification_label: 'authorized label')
  end
  let(:user) { create(:user) }
  before do
+    stub_ee_application_setting(external_authorization_service_enabled: true)
    project.add_master(user)
    sign_in(user)
  end
  it 'shows the classification label on the project page when the feature is enabled' do
-    external_service_allow_access(user, project)
+    stub_licensed_features(external_authorization_service: true)
    visit project_path(project)

--- a/ee/spec/features/projects/forks/fork_list_spec.rb
+++ b/ee/spec/features/projects/forks/fork_list_spec.rb
@@ -23,7 +23,7 @@ describe 'listing forks of a project' do
  end
  it 'does not show the commit message when an external authorization service is used' do
-    enable_external_authorization_service
+    enable_external_authorization_service_check
    visit project_forks_path(source)

--- a/ee/spec/features/projects/issues/viewing_issues_with_external_authorization_enabled_spec.rb
+++ b/ee/spec/features/projects/issues/viewing_issues_with_external_authorization_enabled_spec.rb
@@ -73,7 +73,7 @@ describe 'viewing an issue with cross project references' do
  context 'when an external authorization service is enabled' do
    before do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
    end
    it 'only hits the external service for the project the user is viewing' do

--- a/ee/spec/features/projects/settings/ee/external_authorization_service_settings_spec.rb
+++ b/ee/spec/features/projects/settings/ee/external_authorization_service_settings_spec.rb
 require 'spec_helper'
 describe 'Project settings > [EE] repository' do
-  include ExternalAuthorizationServiceHelpers
  let(:user) { create(:user) }
  let(:project) { create(:project_empty_repo) }
@@ -12,7 +10,7 @@ describe 'Project settings > [EE] repository' do
  end
  it 'shows the field to set a classification label when the feature is enabled' do
-    external_service_allow_access(user, project)
+    stub_ee_application_setting(external_authorization_service_enabled: true)
    visit edit_project_path(project)

--- a/ee/spec/features/users/show_spec.rb
+++ b/ee/spec/features/users/show_spec.rb
@@ -12,7 +12,7 @@ describe 'User page' do
  describe 'when external authorization is enabled' do
    before do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
    end
    it 'hides the most recent activity' do

--- a/ee/spec/lib/ee/gitlab/external_authorization_spec.rb
+++ b/ee/spec/lib/ee/gitlab/external_authorization_spec.rb
@@ -33,7 +33,7 @@ describe EE::Gitlab::ExternalAuthorization, :request_store do
  describe '#access_for_user_to_label' do
    it 'only loads the access once per request' do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
      expect(EE::Gitlab::ExternalAuthorization::Access)
        .to receive(:new).with(user, label).once.and_call_original

--- a/ee/spec/models/application_setting_spec.rb
+++ b/ee/spec/models/application_setting_spec.rb
@@ -30,9 +30,9 @@ describe ApplicationSetting do
        setting.external_authorization_service_enabled = true
      end
-      it { is_expected.not_to allow_value(nil).for(:external_authorization_service_url) }
      it { is_expected.not_to allow_value('not a URL').for(:external_authorization_service_url) }
      it { is_expected.to allow_value('https://example.com').for(:external_authorization_service_url) }
+      it { is_expected.to allow_value('').for(:external_authorization_service_url) }
      it { is_expected.not_to allow_value(nil).for(:external_authorization_service_default_label) }
      it { is_expected.not_to allow_value(11).for(:external_authorization_service_timeout) }
      it { is_expected.not_to allow_value(0).for(:external_authorization_service_timeout) }

--- a/ee/spec/models/issue_spec.rb
+++ b/ee/spec/models/issue_spec.rb
@@ -66,7 +66,7 @@ describe Issue do
  context 'when an external authentication service' do
    before do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
    end
    describe '#publicly_visible?' do

--- a/ee/spec/models/project_spec.rb
+++ b/ee/spec/models/project_spec.rb
@@ -1269,7 +1269,7 @@ describe Project do
  describe '#external_authorization_classification_label' do
    it 'falls back to the default when none is configured' do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
      expect(build(:project).external_authorization_classification_label)
        .to eq('default_label')
@@ -1286,7 +1286,7 @@ describe Project do
    end
    it 'returns the classification label if it was configured on the project' do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
      project = build(:project,
                      external_authorization_classification_label: 'hello')
@@ -1296,7 +1296,7 @@ describe Project do
    end
    it 'does not break when not stubbing the license check' do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
      enable_namespace_license_check!
      project = build(:project)

--- a/ee/spec/policies/base_policy_spec.rb
+++ b/ee/spec/policies/base_policy_spec.rb
@@ -13,7 +13,7 @@ describe BasePolicy do
    context 'when an external authorization service is enabled' do
      before do
-        enable_external_authorization_service
+        enable_external_authorization_service_check
      end
      it { is_expected.not_to be_allowed(:read_cross_project) }

--- a/ee/spec/policies/epic_policy_spec.rb
+++ b/ee/spec/policies/epic_policy_spec.rb
@@ -139,7 +139,7 @@ describe EpicPolicy do
    let(:group) { create(:group) }
    before do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
      group.add_owner(user)
    end

--- a/ee/spec/policies/issue_policy_spec.rb
+++ b/ee/spec/policies/issue_policy_spec.rb
@@ -10,7 +10,7 @@ describe IssuePolicy do
    let(:policies) { described_class.new(user, issue) }
    before do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
    end
    it 'can read the issue iid without accessing the external service' do

--- a/ee/spec/policies/merge_request_policy_spec.rb
+++ b/ee/spec/policies/merge_request_policy_spec.rb
@@ -118,7 +118,7 @@ describe MergeRequestPolicy do
    let(:policies) { described_class.new(user, merge_request) }
    before do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
    end
    it 'can read the issue iid without accessing the external service' do

--- a/ee/spec/policies/project_policy_spec.rb
+++ b/ee/spec/policies/project_policy_spec.rb
@@ -139,7 +139,7 @@ describe ProjectPolicy do
    context 'with an external authorization service' do
      before do
-        enable_external_authorization_service
+        enable_external_authorization_service_check
      end
      it 'allows access when the external service allows it' do

--- a/ee/spec/serializers/group_child_entity_spec.rb
+++ b/ee/spec/serializers/group_child_entity_spec.rb
@@ -19,7 +19,7 @@ describe GroupChildEntity do
    end
    before do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
      object.add_master(user)
    end

--- a/ee/spec/services/ee/notification_service_spec.rb
+++ b/ee/spec/services/ee/notification_service_spec.rb
@@ -23,7 +23,7 @@ describe EE::NotificationService, :mailer do
    context 'when the service is enabled' do
      before do
-        enable_external_authorization_service
+        enable_external_authorization_service_check
      end
      it 'does not send an email' do

--- a/ee/spec/support/external_authorization_service_helpers.rb
+++ b/ee/spec/support/external_authorization_service_helpers.rb
 module ExternalAuthorizationServiceHelpers
-  def enable_external_authorization_service
+  def enable_external_authorization_service_check
    stub_licensed_features(external_authorization_service: true)
-    # Not using `stub_application_setting` because the method is prepended in
+    stub_ee_application_setting(external_authorization_service_enabled: true)
-    # `EE::ApplicationSetting` which breaks when using `any_instance`
-    # https://gitlab.com/gitlab-org/gitlab-ce/issues/33587
-    allow(::Gitlab::CurrentSettings.current_application_settings)
-      .to receive(:external_authorization_service_enabled) { true }
-    allow(::Gitlab::CurrentSettings.current_application_settings)
-      .to receive(:external_authorization_service_enabled?) { true }
-    stub_application_setting(external_authorization_service_url: 'https://authorize.me')
+    stub_ee_application_setting(external_authorization_service_url: 'https://authorize.me')
-    stub_application_setting(external_authorization_service_default_label: 'default_label')
+    stub_ee_application_setting(external_authorization_service_default_label: 'default_label')
    stub_request(:post, "https://authorize.me").to_return(status: 200)
  end
  def external_service_set_access(allowed, user, project)
-    enable_external_authorization_service
+    enable_external_authorization_service_check
    classification_label = ::Gitlab::CurrentSettings.current_application_settings
                             .external_authorization_service_default_label

--- a/ee/spec/support/shared_examples/controllers/external_authorization_service_shared_examples.rb
+++ b/ee/spec/support/shared_examples/controllers/external_authorization_service_shared_examples.rb
@@ -10,7 +10,7 @@ shared_examples 'disabled when using an external authorization service' do
  end
  it 'renders a 404 with a message when the feature is enabled' do
-    enable_external_authorization_service
+    enable_external_authorization_service_check
    subject

--- a/ee/spec/support/shared_examples/finders/finder_with_external_authorization_enabled.rb
+++ b/ee/spec/support/shared_examples/finders/finder_with_external_authorization_enabled.rb
@@ -16,7 +16,7 @@ shared_examples 'a finder with external authorization service' do
  context 'with an external authorization service' do
    before do
-      enable_external_authorization_service
+      enable_external_authorization_service_check
    end
    it 'does not include the subject when no project was given' do

--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -8,8 +8,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: gitlab 1.0.0\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2018-03-14 16:41+0100\n"
+"POT-Creation-Date: 2018-03-23 20:21+0100\n"
-"PO-Revision-Date: 2018-03-14 16:41+0100\n"
+"PO-Revision-Date: 2018-03-23 20:21+0100\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
 "Language: \n"
@@ -385,6 +385,9 @@ msgstr ""
 msgid "Assign to"
 msgstr ""
+msgid "Assigned to :name"
+msgstr ""
 msgid "Assignee"
 msgstr ""
@@ -690,7 +693,7 @@ msgstr ""
 msgid "Cancel"
 msgstr ""
-msgid "Cancel edit"
+msgid "Cannot be merged automatically"
 msgstr ""
 msgid "Cannot modify managed Kubernetes cluster"
@@ -1249,6 +1252,9 @@ msgstr ""
 msgid "Compare Revisions"
 msgstr ""
+msgid "Compare changes with the last commit"
+msgstr ""
 msgid "CompareBranches|%{source_branch} and %{target_branch} are the same."
 msgstr ""
@@ -1264,6 +1270,9 @@ msgstr ""
 msgid "CompareBranches|There isn't anything to compare."
 msgstr ""
+msgid "Confidential"
+msgstr ""
 msgid "Confidentiality"
 msgstr ""
@@ -1581,6 +1590,9 @@ msgstr ""
 msgid "DownloadSource|Download"
 msgstr ""
+msgid "Downvotes"
+msgstr ""
 msgid "Due date"
 msgstr ""
@@ -1593,6 +1605,9 @@ msgstr ""
 msgid "Edit files in the editor and commit changes here"
 msgstr ""
+msgid "Editing"
+msgstr ""
 msgid "Emails"
 msgstr ""
@@ -2090,9 +2105,6 @@ msgstr ""
 msgid "GroupsEmptyState|You can manage your group member’s permissions and access to each project in the group."
 msgstr ""
-msgid "GroupsTree|Are you sure you want to leave the \"${group.fullName}\" group?"
-msgstr ""
 msgid "GroupsTree|Create a project in this group."
 msgstr ""
@@ -2141,6 +2153,9 @@ msgstr ""
 msgid "HealthCheck|Unhealthy"
 msgstr ""
+msgid "Help"
+msgstr ""
 msgid "Hide value"
 msgid_plural "Hide values"
 msgstr[0] ""
@@ -2408,6 +2423,9 @@ msgstr ""
 msgid "Make everyone on your team more productive regardless of their location. GitLab Geo creates read-only mirrors of your GitLab instance so you can reduce the time it takes to clone and fetch large repos."
 msgstr ""
+msgid "Manage all notifications"
+msgstr ""
 msgid "Manage group labels"
 msgstr ""
@@ -3319,6 +3337,9 @@ msgstr ""
 msgid "Related Merged Requests"
 msgstr ""
+msgid "Related merge requests"
+msgstr ""
 msgid "Remind later"
 msgstr ""
@@ -3372,12 +3393,18 @@ msgstr ""
 msgid "Revert this merge request"
 msgstr ""
+msgid "Reviewing"
+msgstr ""
 msgid "Roadmap"
 msgstr ""
 msgid "Run CI/CD pipelines for external repositories"
 msgstr ""
+msgid "Runners"
+msgstr ""
 msgid "Running"
 msgstr ""
@@ -3545,7 +3572,7 @@ msgstr ""
 msgid "Something went wrong when toggling the button"
 msgstr ""
-msgid "Something went wrong while closing the %{issuable}. Please try again later"
+msgid "Something went wrong while fetching Dependency Scanning."
 msgstr ""
 msgid "Something went wrong while fetching SAST."
@@ -3557,12 +3584,6 @@ msgstr ""
 msgid "Something went wrong while fetching the registry list."
 msgstr ""
-msgid "Something went wrong while reopening the %{issuable}. Please try again later"
-msgstr ""
-msgid "Something went wrong while resolving this discussion. Please try again."
-msgstr ""
 msgid "Something went wrong. Please try again."
 msgstr ""
@@ -3799,6 +3820,9 @@ msgstr ""
 msgid "Target Branch"
 msgstr ""
+msgid "Target branch"
+msgstr ""
 msgid "Team"
 msgstr ""
@@ -4211,9 +4235,6 @@ msgstr ""
 msgid "Turn on Service Desk"
 msgstr ""
-msgid "Unable to load the diff."
-msgstr ""
 msgid "Unknown"
 msgstr ""
@@ -4262,6 +4283,9 @@ msgstr ""
 msgid "UploadLink|click to upload"
 msgstr ""
+msgid "Upvotes"
+msgstr ""
 msgid "Use Service Desk to connect with your users (e.g. to offer customer support) through email right inside GitLab"
 msgstr ""
@@ -4274,6 +4298,9 @@ msgstr ""
 msgid "Variables are applied to environments via the runner. They can be protected by only exposing them to protected branches or tags. You can use variables for passwords, secret keys, or whatever you want."
 msgstr ""
+msgid "View and edit lines"
+msgstr ""
 msgid "View epics list"
 msgstr ""
@@ -4328,6 +4355,9 @@ msgstr ""
 msgid "Weight"
 msgstr ""
+msgid "When leaving the URL blank, classification labels can still be specified whitout disabling cross project features or performing external authorization checks."
+msgstr ""
 msgid "Wiki"
 msgstr ""
@@ -4457,6 +4487,12 @@ msgstr ""
 msgid "You are going to transfer %{project_full_name} to another owner. Are you ABSOLUTELY sure?"
 msgstr ""
+msgid "You are on a read-only GitLab instance."
+msgstr ""
+msgid "You are on a secondary (read-only) Geo node. If you want to make any changes, you must visit the %{primary_node}."
+msgstr ""
 msgid "You can also create a project from the command line."
 msgstr ""
@@ -4529,6 +4565,9 @@ msgstr ""
 msgid "You'll need to use different branch names to get a valid comparison."
 msgstr ""
+msgid "You're receiving this email because of your account on %{host}. %{manage_notifications_link} &middot; %{help_link}"
+msgstr ""
 msgid "Your Kubernetes cluster information on this page is still editable, but you are advised to disable and reconfigure"
 msgstr ""
@@ -4568,6 +4607,18 @@ msgstr ""
 msgid "ciReport|DAST detected no alerts by analyzing the review app"
 msgstr ""
+msgid "ciReport|Dependency scanning"
+msgstr ""
+msgid "ciReport|Dependency scanning detected"
+msgstr ""
+msgid "ciReport|Dependency scanning detected no new security vulnerabilities"
+msgstr ""
+msgid "ciReport|Dependency scanning detected no security vulnerabilities"
+msgstr ""
 msgid "ciReport|Failed to load %{reportName} report"
 msgstr ""
@@ -4595,9 +4646,6 @@ msgstr ""
 msgid "ciReport|SAST"
 msgstr ""
-msgid "ciReport|SAST degraded on"
-msgstr ""
 msgid "ciReport|SAST detected"
 msgstr ""
@@ -4616,15 +4664,12 @@ msgstr ""
 msgid "ciReport|Unapproved vulnerabilities (red) can be marked as approved. %{helpLink}"
 msgstr ""
-msgid "ciReport|no security vulnerabilities"
+msgid "ciReport|no vulnerabilities"
 msgstr ""
 msgid "command line instructions"
 msgstr ""
-msgid "commit"
-msgstr ""
 msgid "confidentiality|You are going to turn off the confidentiality. This means <strong>everyone</strong> will be able to see and leave a comment on this issue."
 msgstr ""