Add latest changes from gitlab-org/gitlab@master

app/models/error_tracking/project_error_tracking_setting.rb

@@ -7,6 +7,7 @@ module ErrorTracking
 
     SENTRY_API_ERROR_TYPE_MISSING_KEYS = 'missing_keys_in_sentry_response'
     SENTRY_API_ERROR_TYPE_NON_20X_RESPONSE = 'non_20x_response_from_sentry'
+    SENTRY_API_ERROR_INVALID_SIZE = 'invalid_size_of_sentry_response'
 
     API_URL_PATH_REGEXP = %r{
       \A
@@ -116,6 +117,8 @@ module ErrorTracking
       { error: e.message, error_type: SENTRY_API_ERROR_TYPE_NON_20X_RESPONSE }
     rescue Sentry::Client::MissingKeysError => e
       { error: e.message, error_type: SENTRY_API_ERROR_TYPE_MISSING_KEYS }
+    rescue Sentry::Client::ResponseInvalidSizeError => e
+      { error: e.message, error_type: SENTRY_API_ERROR_INVALID_SIZE }
     end
 
     # http://HOST/api/0/projects/ORG/PROJECT

changelogs/unreleased/ff-user-ids-per-scope-fe.yml

+---
+title: Make User IDs work per scope in Feature Flags
+merge_request: 19399
+author:
+type: added

doc/api/scim.md

@@ -21,7 +21,7 @@ Parameters:
 
 | Attribute | Type    | Required | Description                                                                                                                             |
 |:----------|:--------|:---------|:----------------------------------------------------------------------------------------------------------------------------------------|
-| `filter`   | string  | yes     | A [filter](#available-filters) expression. |
+| `filter`   | string  | no     | A [filter](#available-filters) expression. |
 | `group_path` | string | yes    | Full path to the group. |
 | `startIndex` | integer | no    | The 1-based index indicating where to start returning results from. A value of less than one will be interpreted as 1. |
 | `count` | integer | no    | Desired maximum number of query results. |

doc/api/users.md

@@ -1124,7 +1124,7 @@ Parameters:
 
 ## Block user
 
-Blocks the specified user.  Available only for admin.
+Blocks the specified user. Available only for admin.
 
 ```
 POST /users/:id/block
@@ -1139,7 +1139,7 @@ Will return `201 OK` on success, `404 User Not Found` is user cannot be found or
 
 ## Unblock user
 
-Unblocks the specified user.  Available only for admin.
+Unblocks the specified user. Available only for admin.
 
 ```
 POST /users/:id/unblock

doc/user/admin_area/index.md

@@ -112,8 +112,8 @@ To list users matching a specific criteria, click on one of the following tabs o
 - **2FA Enabled**
 - **2FA Disabled**
 - **External**
-- **Blocked**
-- **Deactivated**
+- **[Blocked](../profile/account/blocking_unblocking_users.md)**
+- **[Deactivated](../profile/account/activating_deactivating_users.md)**
 - **Without projects**
 
 For each user, their username, email address, are listed, also the date their account was

doc/user/discussions/index.md

@@ -352,10 +352,7 @@ bottom of the screen with two buttons:
   Clicking **Submit review** will publish all comments. Any quick actions
   submitted are performed at this time.
 
-Alternatively, to finish the entire review from a pending comment:
-
-- Click the **Finish review** button on the comment.
-- Use the `/submit_review` [quick action](../project/quick_actions.md) in the text of the comment.
+Alternatively, every pending comment has a button to finish the entire review.
 
 ![Review submission](img/review_preview.png)
 

doc/user/profile/account/activating_deactivating_users.md

+---
+type: howto
+---
+
+# Activating and deactivating users
+
+## Deactivating a user
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/63921) in GitLab 12.4.
+
+In order to temporarily prevent access by a GitLab user that has no recent activity, administrators can choose to deactivate the user.
+
+Deactivating a user is functionally identical to [blocking a user](blocking_unblocking_users.md), with the following differences:
+
+- It does not prohibit the user from logging back in via the UI.
+- Once a deactivated user logs back into the GitLab UI, their account is set to active.
+
+A deactivated user:
+
+- Cannot access Git repositories or the API.
+- Will not receive any notifications from GitLab.
+- Will not be able to use [slash commands](../../../integration/slash_commands.md).
+
+Personal projects, group and user history of the deactivated user will be left intact.
+
+A user can be deactivated from the Admin area. To do this:
+
+1. Navigate to  **Admin Area > Overview > Users**.
+1. Select a user.
+1. Under the **Account** tab, click **Deactivate user**.
+
+Please note that for the deactivation option to be visible to an admin, the user:
+
+- Must be currently active.
+- Should not have any activity in the last 180 days.
+
+Users can also be deactivated using the [GitLab API](../../../api/users.html#deactivate-user).
+
+NOTE: **Note:**
+A deactivated user does not consume a [seat](../../../subscriptions/index.md#managing-subscriptions).
+
+## Activating a user
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/63921) in GitLab 12.4.
+
+A deactivated user can be activated from the Admin area.
+
+To do this:
+
+1. Navigate to  **Admin Area > Overview > Users**.
+1. Click on the **Deactivated** tab.
+1. Select a user.
+1. Under the **Account** tab, click **Activate user**.
+
+Users can also be activated using the [GitLab API](../../../api/users.html#activate-user).
+
+NOTE: **Note:**
+Activating a user will change the user's state to active and it consumes a [seat](../../../subscriptions/index.md#managing-subscriptions).
+
+TIP: **Tip:**
+A deactivated user can also activate their account by themselves by simply logging back via the UI.

doc/user/profile/account/blocking_unblocking_users.md

+---
+type: howto
+---
+
+# Blocking and unblocking users
+
+## Blocking a user
+
+Inorder to completely prevent access of a user to the GitLab instance, admin can choose to block the user.
+
+Users can be blocked [via an abuse report](../../admin_area/abuse_reports.md#blocking-users),
+or directly from the Admin area. To do this:
+
+1. Navigate to  **Admin Area > Overview > Users**.
+1. Select a user.
+1. Under the **Account** tab, click **Block user**.
+
+A blocked user:
+
+- Will not be able to login.
+- Cannot access Git repositories or the API.
+- Will not receive any notifications from GitLab.
+- Will not be able to use [slash commands](../../../integration/slash_commands.md).
+
+Personal projects, group and user history of the blocked user will be left intact.
+
+Users can also be blocked using the [GitLab API](../../../api/users.html#block-user).
+
+NOTE: **Note:**
+A blocked user does not consume a [seat](../../../subscriptions/index.md#managing-subscriptions).
+
+## Unblocking a user
+
+A blocked user can be unblocked from the Admin area. To do this:
+
+1. Navigate to  **Admin Area > Overview > Users**.
+1. Click on the **Blocked** tab.
+1. Select a user.
+1. Under the **Account** tab, click **Unblock user**.
+
+Users can also be unblocked using the [GitLab API](../../../api/users.html#unblock-user).
+
+NOTE: **Note:**
+Unblocking a user will change the user's state to active and it consumes a [seat](../../../subscriptions/index.md#managing-subscriptions).

doc/user/profile/account/delete_account.md

@@ -32,63 +32,6 @@ As an administrator, you can delete a user account by:
    - **Delete user and contributions** to delete the user and
      their associated records.
 
-### Blocking a user
-
-In addition to blocking a user
-[via an abuse report](../../admin_area/abuse_reports.md#blocking-users),
-a user can be blocked directly from the Admin area. To do this:
-
-1. Navigate to  **Admin Area > Overview > Users**.
-1. Selecting a user.
-1. Under the **Account** tab, click **Block user**.
-
-### Deactivating a user
-
-> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/63921) in GitLab 12.4.
-
-A user can be deactivated from the Admin area. Deactivating a user is functionally identical to blocking a user, with the following differences:
-
-- It does not prohibit the user from logging back in via the UI.
-- Once a deactivated user logs back into the GitLab UI, their account is set to active.
-
-A deactivated user:
-
-- Cannot access Git repositories or the API.
-- Will not receive any notifications from GitLab.
-- Will not be able to use [slash commands](../../../integration/slash_commands.md).
-
-Personal projects, group and user history of the deactivated user will be left intact.
-
-NOTE: **Note:**
-A deactivated user does not consume a [seat](../../../subscriptions/index.md#managing-subscriptions).
-
-To do this:
-
-1. Navigate to  **Admin Area > Overview > Users**.
-1. Select a user.
-1. Under the **Account** tab, click **Deactivate user**.
-
-Please note that for the deactivation option to be visible to an admin, the user:
-
-- Must be currently active.
-- Should not have any activity in the last 180 days.
-
-### Activating a user
-
-> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/63921) in GitLab 12.4.
-
-A deactivated user can be activated from the Admin area. Activating a user sets their account to active state.
-
-To do this:
-
-1. Navigate to  **Admin Area > Overview > Users**.
-1. Click on the **Deactivated** tab.
-1. Select a user.
-1. Under the **Account** tab, click **Activate user**.
-
-TIP: **Tip:**
-A deactivated user can also activate their account by themselves by simply logging back via the UI.
-
 ## Associated Records
 
 > - Introduced for issues in

doc/user/project/quick_actions.md

@@ -68,8 +68,7 @@ The following quick actions are applicable to descriptions, discussions and thre
 | `/remove_zoom`                        | ✓     |               |      | Remove Zoom meeting from this issue. ([Introduced in GitLab 12.4](https://gitlab.com/gitlab-org/gitlab/merge_requests/16609)) |
 | `/target_branch <local branch name>`  |       | ✓             |      | Set target branch |
 | `/wip`                                |       | ✓             |      | Toggle the Work In Progress status |
-| `/approve`                            |       | ✓             |      | Approve the merge request **(STARTER)** |
-| `/submit_review`                      |       | ✓             |      | Submit a pending review. ([Introduced in GitLab 12.5](https://gitlab.com/gitlab-org/gitlab/issues/8041)) **(PREMIUM)** |
+| `/approve`                            |       | ✓             |      | Approve the merge request |
 | `/merge`                              |       | ✓             |      | Merge (when pipeline succeeds) |
 | `/child_epic <epic>`                  |       |               | ✓    | Add child epic to `<epic>`. The `<epic>` value should be in the format of `&epic`, `group&epic`, or a URL to an epic. ([Introduced in GitLab 12.0](https://gitlab.com/gitlab-org/gitlab/issues/7330)) **(ULTIMATE)** |
 | `/remove_child_epic <epic>`           |       |               | ✓    | Remove child epic from `<epic>`. The `<epic>` value should be in the format of `&epic`, `group&epic`, or a URL to an epic. ([Introduced in GitLab 12.0](https://gitlab.com/gitlab-org/gitlab/issues/7330)) **(ULTIMATE)** |

lib/gitlab/utils/deep_size.rb

@@ -25,6 +25,10 @@ module Gitlab
         !too_big? && !too_deep?
       end
 
+      def self.human_default_max_size
+        ActiveSupport::NumberHelper.number_to_human_size(DEFAULT_MAX_SIZE)
+      end
+
       private
 
       def evaluate

lib/sentry/client.rb

@@ -4,6 +4,7 @@ module Sentry
   class Client
     Error = Class.new(StandardError)
     MissingKeysError = Class.new(StandardError)
+    ResponseInvalidSizeError = Class.new(StandardError)
 
     attr_accessor :url, :token
 
@@ -27,6 +28,8 @@ module Sentry
     def list_issues(issue_status:, limit:)
       issues = get_issues(issue_status: issue_status, limit: limit)
 
+      validate_size(issues)
+
       handle_mapping_exceptions do
         map_to_errors(issues)
       end
@@ -42,6 +45,16 @@ module Sentry
 
     private
 
+    def validate_size(issues)
+      return if Gitlab::Utils::DeepSize.new(issues).valid?
+
+      raise Client::ResponseInvalidSizeError, "Sentry API response is too big. Limit is #{Gitlab::Utils::DeepSize.human_default_max_size}."
+    end
+
+    def valid_size?(issues)
+      Gitlab::Utils::DeepSize.new(issues).valid?
+    end
+
     def handle_mapping_exceptions(&block)
       yield
     rescue KeyError => e
@@ -108,7 +121,7 @@ module Sentry
         raise_error "Sentry response status code: #{response.code}"
       end
 
-      response
+      response.parsed_response
     end
 
     def raise_error(message)

locale/gitlab.pot

@@ -7264,6 +7264,9 @@ msgstr ""
 msgid "FeatureFlags|Inactive flag for %{scope}"
 msgstr ""
 
+msgid "FeatureFlags|Include additional user IDs"
+msgstr ""
+
 msgid "FeatureFlags|Install a %{docs_link_anchored_start}compatible client library%{docs_link_anchored_end} and specify the API URL, application name, and instance ID during the configuration setup. %{docs_link_start}More Information%{docs_link_end}"
 msgstr ""
 
@@ -13621,7 +13624,7 @@ msgstr ""
 msgid "Promotions|Learn more"
 msgstr ""
 
-msgid "Promotions|See the other features in the %{subscription_link_start}bronze plan%{subscriptions_link_end}"
+msgid "Promotions|See the other features in the %{subscription_link_start}bronze plan%{subscription_link_end}"
 msgstr ""
 
 msgid "Promotions|This feature is locked."
@@ -16280,9 +16283,6 @@ msgstr ""
 msgid "Subkeys"
 msgstr ""
 
-msgid "Submit a review"
-msgstr ""
-
 msgid "Submit as spam"
 msgstr ""
 
@@ -16298,12 +16298,6 @@ msgstr ""
 msgid "Submit search"
 msgstr ""
 
-msgid "Submit the current review."
-msgstr ""
-
-msgid "Submitted the current review."
-msgstr ""
-
 msgid "Subscribe"
 msgstr ""
 

spec/features/markdown/metrics_spec.rb

@@ -4,6 +4,7 @@ require 'spec_helper'
 
 describe 'Metrics rendering', :js, :use_clean_rails_memory_store_caching, :sidekiq_might_not_need_inline do
   include PrometheusHelpers
+  include GrafanaApiHelpers
 
   let(:user) { create(:user) }
   let(:project) { create(:prometheus_project) }
@@ -14,11 +15,7 @@ describe 'Metrics rendering', :js, :use_clean_rails_memory_store_caching, :sidek
 
   before do
     configure_host
-    import_common_metrics
-    stub_any_prometheus_request_with_response
-
     project.add_developer(user)
-
     sign_in(user)
   end
 
@@ -26,31 +23,58 @@ describe 'Metrics rendering', :js, :use_clean_rails_memory_store_caching, :sidek
     restore_host
   end
 
-  it 'shows embedded metrics' do
-    visit project_issue_path(project, issue)
+  context 'internal metrics embeds' do
+    before do
+      import_common_metrics
+      stub_any_prometheus_request_with_response
+    end
+
+    it 'shows embedded metrics' do
+      visit project_issue_path(project, issue)
+
+      expect(page).to have_css('div.prometheus-graph')
+      expect(page).to have_text('Memory Usage (Total)')
+      expect(page).to have_text('Core Usage (Total)')
+    end
+
+    context 'when dashboard params are in included the url' do
+      let(:metrics_url) { metrics_project_environment_url(project, environment, **chart_params) }
 
-    expect(page).to have_css('div.prometheus-graph')
-    expect(page).to have_text('Memory Usage (Total)')
-    expect(page).to have_text('Core Usage (Total)')
+      let(:chart_params) do
+        {
+          group: 'System metrics (Kubernetes)',
+          title: 'Memory Usage (Pod average)',
+          y_label: 'Memory Used per Pod (MB)'
+        }
+      end
+
+      it 'shows embedded metrics for the specific chart' do
+        visit project_issue_path(project, issue)
+
+        expect(page).to have_css('div.prometheus-graph')
+        expect(page).to have_text(chart_params[:title])
+        expect(page).to have_text(chart_params[:y_label])
+      end
+    end
   end
 
-  context 'when dashboard params are in included the url' do
-    let(:metrics_url) { metrics_project_environment_url(project, environment, **chart_params) }
+  context 'grafana metrics embeds' do
+    let(:grafana_integration) { create(:grafana_integration, project: project) }
+    let(:grafana_base_url) { grafana_integration.grafana_url }
+    let(:metrics_url) { valid_grafana_dashboard_link(grafana_base_url) }
 
-    let(:chart_params) do
-      {
-        group: 'System metrics (Kubernetes)',
-        title: 'Memory Usage (Pod average)',
-        y_label: 'Memory Used per Pod (MB)'
-      }
+    before do
+      stub_dashboard_request(grafana_base_url)
+      stub_datasource_request(grafana_base_url)
+      stub_all_grafana_proxy_requests(grafana_base_url)
     end
 
-    it 'shows embedded metrics for the specifiec chart' do
+    it 'shows embedded metrics' do
       visit project_issue_path(project, issue)
 
       expect(page).to have_css('div.prometheus-graph')
-      expect(page).to have_text(chart_params[:title])
-      expect(page).to have_text(chart_params[:y_label])
+      expect(page).to have_text('Expired / Evicted')
+      expect(page).to have_text('expired - test-attribute-value')
     end
   end
 

spec/fixtures/grafana/dashboard_response.json

@@ -424,7 +424,7 @@
             "format": "time_series",
             "interval": "1m",
             "intervalFactor": 2,
-            "legendFormat": "expired",
+            "legendFormat": "expired - {{ test_attribute }}",
             "metric": "",
             "refId": "A",
             "step": 240,

spec/lib/gitlab/utils/deep_size_spec.rb

@@ -42,4 +42,10 @@ describe Gitlab::Utils::DeepSize do
       end
     end
   end
+
+  describe '.human_default_max_size' do
+    it 'returns 1 MB' do
+      expect(described_class.human_default_max_size).to eq('1 MB')
+    end
+  end
 end

spec/lib/sentry/client_spec.rb

@@ -192,6 +192,15 @@ describe Sentry::Client do
       end
     end
 
+    context 'sentry api response too large' do
+      it 'raises exception' do
+        deep_size = double('Gitlab::Utils::DeepSize', valid?: false)
+        allow(Gitlab::Utils::DeepSize).to receive(:new).with(sentry_api_response).and_return(deep_size)
+
+        expect { subject }.to raise_error(Sentry::Client::ResponseInvalidSizeError, 'Sentry API response is too big. Limit is 1 MB.')
+      end
+    end
+
     it_behaves_like 'maps exceptions'
   end
 

spec/models/error_tracking/project_error_tracking_setting_spec.rb

@@ -208,6 +208,28 @@ describe ErrorTracking::ProjectErrorTrackingSetting do
         expect(sentry_client).to have_received(:list_issues)
       end
     end
+
+    context 'when sentry client raises Sentry::Client::ResponseInvalidSizeError' do
+      let(:sentry_client) { spy(:sentry_client) }
+      let(:error_msg) {"Sentry API response is too big. Limit is #{Gitlab::Utils::DeepSize.human_default_max_size}."}
+
+      before do
+        synchronous_reactive_cache(subject)
+
+        allow(subject).to receive(:sentry_client).and_return(sentry_client)
+        allow(sentry_client).to receive(:list_issues).with(opts)
+          .and_raise(Sentry::Client::ResponseInvalidSizeError, error_msg)
+      end
+
+      it 'returns error' do
+        expect(result).to eq(
+          error: error_msg,
+          error_type: ErrorTracking::ProjectErrorTrackingSetting::SENTRY_API_ERROR_INVALID_SIZE
+        )
+        expect(subject).to have_received(:sentry_client)
+        expect(sentry_client).to have_received(:list_issues)
+      end
+    end
   end
 
   describe '#list_sentry_projects' do

spec/support/helpers/grafana_api_helpers.rb

@@ -29,4 +29,13 @@ module GrafanaApiHelpers
         headers: { 'Content-Type' => 'application/json' }
       )
   end
+
+  def stub_all_grafana_proxy_requests(base_url)
+    stub_request(:any, /#{base_url}\/api\/datasources\/proxy/)
+      .to_return(
+        status: 200,
+        body: fixture_file('grafana/proxy_response.json'),
+        headers: { 'Content-Type' => 'application/json' }
+      )
+  end
 end