Add latest changes from gitlab-org/gitlab@13-4-stable-ee

5049b3cd · GitLab Bot · d5cc1255 · 5049b3cd · 5049b3cd · 5049b3cd
Commit 5049b3cd authored Oct 05, 2020 by GitLab Bot
16 changed files
--- a/Gemfile
+++ b/Gemfile
@@ -120,7 +120,7 @@ gem 'fog-local', '~> 0.6'
 gem 'fog-openstack', '~> 1.0'
 gem 'fog-rackspace', '~> 0.1.1'
 gem 'fog-aliyun', '~> 0.3'
-gem 'gitlab-fog-azure-rm', '~> 0.9', require: false
+gem 'gitlab-fog-azure-rm', '~> 1.0', require: false
 # for Google storage
 gem 'google-api-client', '~> 0.33'

--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -421,7 +421,7 @@ GEM
    github-markup (1.7.0)
    gitlab-chronic (0.10.5)
      numerizer (~> 0.2)
-    gitlab-fog-azure-rm (0.9.0)
+    gitlab-fog-azure-rm (1.0.0)
      azure-storage-blob (~> 2.0)
      azure-storage-common (~> 2.0)
      fog-core (= 2.1.0)
@@ -1325,7 +1325,7 @@ DEPENDENCIES
  gitaly (~> 13.3.0.pre.rc1)
  github-markup (~> 1.7.0)
  gitlab-chronic (~> 0.10.5)
-  gitlab-fog-azure-rm (~> 0.9)
+  gitlab-fog-azure-rm (~> 1.0)
  gitlab-labkit (= 0.12.1)
  gitlab-license (~> 1.0)
  gitlab-mail_room (~> 0.0.6)

--- a/app/controllers/concerns/enforces_two_factor_authentication.rb
+++ b/app/controllers/concerns/enforces_two_factor_authentication.rb
@@ -11,7 +11,7 @@ module EnforcesTwoFactorAuthentication
  extend ActiveSupport::Concern
  included do
-    before_action :check_two_factor_requirement
+    before_action :check_two_factor_requirement, except: [:route_not_found]
    # to include this in controllers inheriting from `ActionController::Metal`
    # we need to add this block

--- a/app/controllers/uploads_controller.rb
+++ b/app/controllers/uploads_controller.rb
@@ -19,6 +19,7 @@ class UploadsController < ApplicationController
  rescue_from UnknownUploadModelError, with: :render_404
  skip_before_action :authenticate_user!
+  skip_before_action :check_two_factor_requirement, only: [:show]
  before_action :upload_mount_satisfied?
  before_action :authorize_access!, only: [:show]
  before_action :authorize_create_access!, only: [:create, :authorize]

--- a/app/services/issuable/clone/attributes_rewriter.rb
+++ b/app/services/issuable/clone/attributes_rewriter.rb
@@ -56,7 +56,7 @@ module Issuable
      end
      def copy_resource_weight_events
-        return unless original_entity.respond_to?(:resource_weight_events)
+        return unless both_respond_to?(:resource_weight_events)
        copy_events(ResourceWeightEvent.table_name, original_entity.resource_weight_events) do |event|
          event.attributes

--- a/app/services/projects/container_repository/cleanup_tags_service.rb
+++ b/app/services/projects/container_repository/cleanup_tags_service.rb
@@ -25,7 +25,10 @@ module Projects
        tag_names = tags.map(&:name)
        Projects::ContainerRepository::DeleteTagsService
-          .new(container_repository.project, current_user, tags: tag_names)
+          .new(container_repository.project,
+               current_user,
+               tags: tag_names,
+               container_expiration_policy: params['container_expiration_policy'])
          .execute(container_repository)
      end

--- a/app/services/projects/container_repository/delete_tags_service.rb
+++ b/app/services/projects/container_repository/delete_tags_service.rb
@@ -7,7 +7,10 @@ module Projects
      def execute(container_repository)
        @container_repository = container_repository
-        return error('access denied') unless can?(current_user, :destroy_container_image, project)
+        unless params[:container_expiration_policy]
+          return error('access denied') unless can?(current_user, :destroy_container_image, project)
+        end
        @tag_names = params[:tags]
        return error('not tags specified') if @tag_names.blank?

--- a/app/services/projects/update_service.rb
+++ b/app/services/projects/update_service.rb
@@ -135,8 +135,8 @@ module Projects
    end
    def ensure_wiki_exists
-      ProjectWiki.new(project, project.owner).wiki
+      return if project.create_wiki
-    rescue Wiki::CouldNotCreateWikiError
      log_error("Could not create wiki for #{project.full_name}")
      Gitlab::Metrics.counter(:wiki_can_not_be_created_total, 'Counts the times we failed to create a wiki').increment
    end

--- a/changelogs/unreleased/42910-use-create-wiki-method-on-ensure-wiki-exists-in-update-service.yml
+++ b/changelogs/unreleased/42910-use-create-wiki-method-on-ensure-wiki-exists-in-update-service.yml
+---
+title: use create_wiki method on ensure_wiki_exists in update_service
+merge_request: 42910
+author:
+type: fixed
--- a/changelogs/unreleased/cat-2fa-404-redirect.yml
+++ b/changelogs/unreleased/cat-2fa-404-redirect.yml
+---
+title: Exclude 2FA from upload#show routes and 404s
+merge_request: 42784
+author:
+type: fixed
--- a/changelogs/unreleased/sh-update-fog-azure-rm-gem.yml
+++ b/changelogs/unreleased/sh-update-fog-azure-rm-gem.yml
+---
+title: Fix large backups not working with Azure Blob storage
+merge_request: 44233
+author:
+type: fixed
--- a/doc/user/clusters/agent/index.md
+++ b/doc/user/clusters/agent/index.md
@@ -69,7 +69,8 @@ If you don't already have GitLab installed via Helm please refer to our [install
 When installing/upgrading the GitLab Helm chart please consider the following Helm 2 example (if using Helm 3 please modify):
 ```shell
-helm upgrade --force --install gitlab . \
+helm repo update
+helm upgrade --force --install gitlab gitlab/gitlab \
  --timeout 600 \
  --set global.hosts.domain=<YOUR_DOMAIN> \
  --set global.hosts.externalIP=<YOUR_IP> \
@@ -299,6 +300,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: nginx-deployment
+  namespace: gitlab-agent  # Can be any namespace managed by you that the agent has access to.
 spec:
  selector:
    matchLabels:

--- a/spec/services/projects/container_repository/cleanup_tags_service_spec.rb
+++ b/spec/services/projects/container_repository/cleanup_tags_service_spec.rb
@@ -245,7 +245,7 @@ RSpec.describe Projects::ContainerRepository::CleanupTagsService do
        end
        it 'succeeds without a user' do
-          expect_delete(%w(Bb Ba C))
+          expect_delete(%w(Bb Ba C), container_expiration_policy: true)
          is_expected.to include(status: :success, deleted: %w(Bb Ba C))
        end
@@ -287,10 +287,10 @@ RSpec.describe Projects::ContainerRepository::CleanupTagsService do
    end
  end
-  def expect_delete(tags)
+  def expect_delete(tags, container_expiration_policy: nil)
    expect(Projects::ContainerRepository::DeleteTagsService)
      .to receive(:new)
-      .with(repository.project, user, tags: tags)
+      .with(repository.project, user, tags: tags, container_expiration_policy: container_expiration_policy)
      .and_call_original
    expect_any_instance_of(Projects::ContainerRepository::DeleteTagsService)

--- a/spec/services/projects/container_repository/delete_tags_service_spec.rb
+++ b/spec/services/projects/container_repository/delete_tags_service_spec.rb
@@ -85,81 +85,85 @@ RSpec.describe Projects::ContainerRepository::DeleteTagsService do
    end
  end
-  describe '#execute' do
+  RSpec.shared_examples 'supporting fast delete' do
-    let(:tags) { %w[A Ba] }
+    context 'when the registry supports fast delete' do
+      context 'and the feature is enabled' do
-    subject { service.execute(repository) }
+        before do
+          allow(repository.client).to receive(:supports_tag_delete?).and_return(true)
-    before do
+        end
-      stub_feature_flags(container_registry_expiration_policies_throttling: false)
-    end
-    context 'without permissions' do
+        it_behaves_like 'calling the correct delete tags service', ::Projects::ContainerRepository::Gitlab::DeleteTagsService
-      it { is_expected.to include(status: :error) }
-    end
-    context 'with permissions' do
+        it_behaves_like 'handling invalid params'
-      before do
-        project.add_developer(user)
-      end
-      context 'when the registry supports fast delete' do
+        context 'with the real service' do
-        context 'and the feature is enabled' do
          before do
-            allow(repository.client).to receive(:supports_tag_delete?).and_return(true)
+            stub_delete_reference_requests(tags)
+            expect_delete_tag_by_names(tags)
          end
-          it_behaves_like 'calling the correct delete tags service', ::Projects::ContainerRepository::Gitlab::DeleteTagsService
+          it { is_expected.to include(status: :success) }
-          it_behaves_like 'handling invalid params'
+          it_behaves_like 'logging a success response'
+        end
-          context 'with the real service' do
+        context 'with a timeout error' do
-            before do
+          before do
-              stub_delete_reference_requests(tags)
+            expect_next_instance_of(::Projects::ContainerRepository::Gitlab::DeleteTagsService) do |delete_service|
-              expect_delete_tag_by_names(tags)
+              expect(delete_service).to receive(:delete_tags).and_raise(::Projects::ContainerRepository::Gitlab::DeleteTagsService::TimeoutError)
            end
-            it { is_expected.to include(status: :success) }
-            it_behaves_like 'logging a success response'
          end
-          context 'with a timeout error' do
+          it { is_expected.to include(status: :error, message: 'timeout while deleting tags') }
-            before do
-              expect_next_instance_of(::Projects::ContainerRepository::Gitlab::DeleteTagsService) do |delete_service|
-                expect(delete_service).to receive(:delete_tags).and_raise(::Projects::ContainerRepository::Gitlab::DeleteTagsService::TimeoutError)
-              end
-            end
-            it { is_expected.to include(status: :error, message: 'timeout while deleting tags') }
+          it_behaves_like 'logging an error response', message: 'timeout while deleting tags'
+        end
+      end
-            it_behaves_like 'logging an error response', message: 'timeout while deleting tags'
+      context 'and the feature is disabled' do
-          end
+        before do
+          stub_feature_flags(container_registry_fast_tag_delete: false)
        end
-        context 'and the feature is disabled' do
+        it_behaves_like 'calling the correct delete tags service', ::Projects::ContainerRepository::ThirdParty::DeleteTagsService
+        it_behaves_like 'handling invalid params'
+        context 'with the real service' do
          before do
-            stub_feature_flags(container_registry_fast_tag_delete: false)
+            stub_upload('sha256:4435000728ee66e6a80e55637fc22725c256b61de344a2ecdeaac6bdb36e8bc3')
+            tags.each { |tag| stub_put_manifest_request(tag) }
+            expect_delete_tag_by_digest('sha256:dummy')
          end
-          it_behaves_like 'calling the correct delete tags service', ::Projects::ContainerRepository::ThirdParty::DeleteTagsService
+          it { is_expected.to include(status: :success) }
-          it_behaves_like 'handling invalid params'
+          it_behaves_like 'logging a success response'
+        end
+      end
+    end
+  end
-          context 'with the real service' do
+  describe '#execute' do
-            before do
+    let(:tags) { %w[A Ba] }
-              stub_upload('sha256:4435000728ee66e6a80e55637fc22725c256b61de344a2ecdeaac6bdb36e8bc3')
-              tags.each { |tag| stub_put_manifest_request(tag) }
-              expect_delete_tag_by_digest('sha256:dummy')
-            end
-            it { is_expected.to include(status: :success) }
+    subject { service.execute(repository) }
-            it_behaves_like 'logging a success response'
+    before do
-          end
+      stub_feature_flags(container_registry_expiration_policies_throttling: false)
-        end
+    end
+    context 'without permissions' do
+      it { is_expected.to include(status: :error) }
+    end
+    context 'with permissions' do
+      before do
+        project.add_developer(user)
      end
+      it_behaves_like 'supporting fast delete'
      context 'when the registry does not support fast delete' do
        before do
          allow(repository.client).to receive(:supports_tag_delete?).and_return(false)
@@ -170,5 +174,19 @@ RSpec.describe Projects::ContainerRepository::DeleteTagsService do
        it_behaves_like 'handling invalid params'
      end
    end
+    context 'without user' do
+      let_it_be(:user) { nil }
+      context 'when not run by a cleanup policy' do
+        it { is_expected.to include(status: :error) }
+      end
+      context 'when run by a cleanup policy' do
+        let(:params) { { tags: tags, container_expiration_policy: true } }
+        it_behaves_like 'supporting fast delete'
+      end
+    end
  end
 end
--- a/vendor/gitignore/C++.gitignore
+++ b/vendor/gitignore/C++.gitignore
--- a/vendor/gitignore/Java.gitignore
+++ b/vendor/gitignore/Java.gitignore