Automatic merge of gitlab-org/gitlab-ce master

doc/administration/environment_variables.md

@@ -64,4 +64,4 @@ instructions](https://docs.gitlab.com/omnibus/settings/environment-variables.htm
 
 It's possible to preconfigure the GitLab docker image by adding the environment
 variable `GITLAB_OMNIBUS_CONFIG` to the `docker run` command.
-For more information see the ['preconfigure-docker-container' section in the Omnibus documentation](http://docs.gitlab.com/omnibus/docker/#preconfigure-docker-container).
+For more information see the ['preconfigure-docker-container' section in the Omnibus documentation](https://docs.gitlab.com/omnibus/docker/#preconfigure-docker-container).

doc/administration/high_availability/database.md

@@ -111,7 +111,7 @@ deploy the bundled PostgreSQL.
 > - If you are a Community Edition or Starter user, consider using a cloud hosted solution.
 > - This document will not cover installations from source.
 >
-> - If HA setup is not what you were looking for, see the [database configuration document](http://docs.gitlab.com/omnibus/settings/database.html)
+> - If HA setup is not what you were looking for, see the [database configuration document](https://docs.gitlab.com/omnibus/settings/database.html)
 >   for the Omnibus GitLab packages.
 >
 > Please read this document fully before attempting to configure PostgreSQL HA
@@ -1146,7 +1146,7 @@ postgresql['trust_auth_cidr_addresses'] = %w(123.123.123.123/32 <other_cidrs>)
 If you're running into an issue with a component not outlined here, be sure to check the troubleshooting section of their specific documentation page.
 
 - [Consul](consul.md#troubleshooting)
-- [PostgreSQL](http://docs.gitlab.com/omnibus/settings/database.html#troubleshooting)
+- [PostgreSQL](https://docs.gitlab.com/omnibus/settings/database.html#troubleshooting)
 - [GitLab application](gitlab.md#troubleshooting)
 
 ## Configure using Omnibus

doc/administration/high_availability/gitlab.md

@@ -85,7 +85,7 @@
     > **Note:** When you specify `https` in the `external_url`, as in the example
     above, GitLab assumes you have SSL certificates in `/etc/gitlab/ssl/`. If
     certificates are not present, Nginx will fail to start. See
-    [Nginx documentation](http://docs.gitlab.com/omnibus/settings/nginx.html#enable-https)
+    [Nginx documentation](https://docs.gitlab.com/omnibus/settings/nginx.html#enable-https)
     for more information.
     >
     > **Note:** It is best to set the `uid` and `gid`s prior to the initial reconfigure of GitLab. Omnibus will not recursively `chown` directories if set after the initial reconfigure.

doc/administration/high_availability/nfs.md

@@ -235,4 +235,4 @@ Read more on high-availability configuration:
 1. [Configure the GitLab application servers](gitlab.md)
 1. [Configure the load balancers](load_balancer.md)
 
-[udp-log-shipping]: http://docs.gitlab.com/omnibus/settings/logs.html#udp-log-shipping-gitlab-enterprise-edition-only "UDP log shipping"
+[udp-log-shipping]: https://docs.gitlab.com/omnibus/settings/logs.html#udp-log-shipping-gitlab-enterprise-edition-only "UDP log shipping"

doc/administration/logs.md

@@ -4,7 +4,7 @@ GitLab has an advanced log system where everything is logged so that you
 can analyze your instance using various system log files. In addition to
 system log files, GitLab Enterprise Edition comes with Audit Events.
 Find more about them [in Audit Events
-documentation](http://docs.gitlab.com/ee/administration/audit_events.html)
+documentation](https://docs.gitlab.com/ee/administration/audit_events.html)
 
 System log files are typically plain text in a standard log file format.
 This guide talks about how to read and use these system log files.

doc/administration/raketasks/maintenance.md

@@ -62,7 +62,7 @@ It will check that each component was set up according to the installation guide
 You may also have a look at our Troubleshooting Guides:
 
 - [Troubleshooting Guide (GitLab)](http://docs.gitlab.com/ee/README.html#troubleshooting)
-- [Troubleshooting Guide (Omnibus Gitlab)](http://docs.gitlab.com/omnibus/README.html#troubleshooting)
+- [Troubleshooting Guide (Omnibus Gitlab)](https://docs.gitlab.com/omnibus/README.html#troubleshooting)
 
 **Omnibus Installation**
 

doc/ci/docker/using_docker_images.md

@@ -741,7 +741,7 @@ creation.
 [tutum/wordpress]: https://hub.docker.com/r/tutum/wordpress/
 [postgres-hub]: https://hub.docker.com/r/_/postgres/
 [mysql-hub]: https://hub.docker.com/r/_/mysql/
-[runner-priv-reg]: http://docs.gitlab.com/runner/configuration/advanced-configuration.html#using-a-private-container-registry
+[runner-priv-reg]: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#using-a-private-container-registry
 [entrypoint]: https://docs.docker.com/engine/reference/builder/#entrypoint
 [cmd]: https://docs.docker.com/engine/reference/builder/#cmd
 [register]: https://docs.gitlab.com/runner/register/

doc/ci/runners/README.md

@@ -418,9 +418,9 @@ You can find the IP address of a Runner for a specific project by:
 
 ![specific Runner IP address](img/specific_runner_ip_address.png)
 
-[install]: http://docs.gitlab.com/runner/install/
+[install]: https://docs.gitlab.com/runner/install/
 [fifo]: https://en.wikipedia.org/wiki/FIFO_(computing_and_electronics)
-[register]: http://docs.gitlab.com/runner/register/
+[register]: https://docs.gitlab.com/runner/register/
 [protected branches]: ../../user/project/protected_branches.md
 [protected tags]: ../../user/project/protected_tags.md
 [project defined timeout]: ../../user/project/pipelines/settings.html#timeout

doc/development/documentation/site_architecture/global_nav.md

@@ -283,7 +283,7 @@ For instance, for `https://docs.gitlab.com/ce/user/index.html`,
 #### Default URL
 
 The default and canonical URL for GitLab documentation is
-`http://docs.gitlab.com/ee/`, thus, all links
+`https://docs.gitlab.com/ee/`, thus, all links
 in the docs site should link to `/ee/` except when linking
 among `/ce/` docs themselves.
 

doc/development/documentation/styleguide.md

@@ -710,7 +710,7 @@ for the changes to take effect.
 
 If the document you are editing resides in a place other than the GitLab CE/EE
 `doc/` directory, instead of the relative link, use the full path:
-`http://docs.gitlab.com/ce/administration/restart_gitlab.html`.
+`https://docs.gitlab.com/ce/administration/restart_gitlab.html`.
 Replace `reconfigure` with `restart` where appropriate.
 
 ### Installation guide
@@ -962,6 +962,6 @@ curl --request PUT --header "PRIVATE-TOKEN: <your_access_token>" --data "domain_
 
 [cURL]: http://curl.haxx.se/ "cURL website"
 [single spaces]: http://www.slate.com/articles/technology/technology/2011/01/space_invaders.html
-[gfm]: http://docs.gitlab.com/ce/user/markdown.html#newlines "GitLab flavored markdown documentation"
+[gfm]: https://docs.gitlab.com/ce/user/markdown.html#newlines "GitLab flavored markdown documentation"
 [ce-1242]: https://gitlab.com/gitlab-org/gitlab-ce/issues/1242
 [doc-restart]: ../../administration/restart_gitlab.md "GitLab restart documentation"

doc/install/relative_url.md

@@ -123,7 +123,7 @@ To disable the relative URL:
 1.  Follow the same as above starting from 2. and set up the
     GitLab URL to one that doesn't contain a relative path.
 
-[omnibus-rel]: http://docs.gitlab.com/omnibus/settings/configuration.html#configuring-a-relative-url-for-gitlab "How to set up relative URL in Omnibus GitLab"
+[omnibus-rel]: https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-a-relative-url-for-gitlab "How to set up relative URL in Omnibus GitLab"
 [restart gitlab]: ../administration/restart_gitlab.md#installations-from-source "How to restart GitLab"
 
 <!-- ## Troubleshooting

doc/integration/README.md

@@ -55,7 +55,7 @@ at Super User also has relevant information.
 
 **Omnibus Trusted Chain**
 
-[Install the self signed certificate or custom certificate authorities](http://docs.gitlab.com/omnibus/common_installation_problems/README.html#using-self-signed-certificate-or-custom-certificate-authorities)
+[Install the self signed certificate or custom certificate authorities](https://docs.gitlab.com/omnibus/common_installation_problems/README.html#using-self-signed-certificate-or-custom-certificate-authorities)
 in to GitLab Omnibus.
 
 It is enough to concatenate the certificate to the main trusted certificate
@@ -71,4 +71,4 @@ After that restart GitLab with:
 sudo gitlab-ctl restart
 ```
 
-[jenkins]: http://docs.gitlab.com/ee/integration/jenkins.html
+[jenkins]: https://docs.gitlab.com/ee/integration/jenkins.html

doc/intro/README.md

@@ -43,4 +43,4 @@ Install and update your GitLab installation.
 
 - [Install GitLab](https://about.gitlab.com/installation/)
 - [Update GitLab](https://about.gitlab.com/update/)
-- [Explore Omnibus GitLab configuration options](http://docs.gitlab.com/omnibus/settings/configuration.html)
+- [Explore Omnibus GitLab configuration options](https://docs.gitlab.com/omnibus/settings/configuration.html)

doc/university/training/index.md

@@ -34,7 +34,7 @@ This section contains the following topics:
 
 ## Additional Resources
 
-1. [GitLab Documentation](http://docs.gitlab.com)
+1. [GitLab Documentation](https://docs.gitlab.com)
 1. [GUI Clients](http://git-scm.com/downloads/guis)
 1. [Pro Git book](http://git-scm.com/book)
 1. [Platzi Course](https://courses.platzi.com/courses/git-gitlab/)

doc/update/README.md

@@ -146,7 +146,7 @@ possible.
 - [Upgrading PostgreSQL Using Slony](upgrading_postgresql_using_slony.md), for
   upgrading a PostgreSQL database with minimal downtime.
 
-[omnidocker]: http://docs.gitlab.com/omnibus/docker/README.html
+[omnidocker]: https://docs.gitlab.com/omnibus/docker/README.html
 [old-ee-upgrade-docs]: https://gitlab.com/gitlab-org/gitlab-ee/tree/11-8-stable-ee/doc/update
 [old-ce-upgrade-docs]: https://gitlab.com/gitlab-org/gitlab-ce/tree/11-8-stable/doc/update
 [source-ce-to-ee]: upgrading_from_ce_to_ee.md

doc/user/project/integrations/webhooks.md

@@ -24,7 +24,7 @@ to the webhook URL.
 
 In most cases, you'll need to set up your own [webhook receiver](#example-webhook-receiver)
 to receive information from GitLab, and send it to another app, according to your needs.
-We already have a [built-in receiver](http://docs.gitlab.com/ce/project_services/slack.html)
+We already have a [built-in receiver](https://docs.gitlab.com/ce/project_services/slack.html)
 for sending [Slack](https://api.slack.com/incoming-webhooks) notifications _per project_.
 
 ## Overview

doc/user/project/protected_branches.md

@@ -180,6 +180,6 @@ for details about the pipelines security model.
 [ce-4892]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4892 "Allow developers to merge into a protected branch without having push access"
 [ce-5081]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/5081 "Allow creating protected branches that can't be pushed to"
 [ce-21393]: https://gitlab.com/gitlab-org/gitlab-ce/issues/21393
-[ee-restrict]: http://docs.gitlab.com/ee/user/project/protected_branches.html#restricting-push-and-merge-access-to-certain-users
+[ee-restrict]: https://docs.gitlab.com/ee/user/project/protected_branches.html#restricting-push-and-merge-access-to-certain-users
 [perm]: ../permissions.md
 [ee]: https://about.gitlab.com/pricing/

lib/feature/gitaly.rb

+# frozen_string_literal: true
+
+require 'set'
+
+class Feature
+  class Gitaly
+    # Server feature flags should use '_' to separate words.
+    # CATFILE_CACHE sets an incorrect example
+    CATFILE_CACHE = 'catfile-cache'.freeze
+
+    SERVER_FEATURE_FLAGS = [CATFILE_CACHE].freeze
+    DEFAULT_ON_FLAGS = Set.new([CATFILE_CACHE]).freeze
+
+    class << self
+      def enabled?(feature_flag)
+        return false unless Feature::FlipperFeature.table_exists?
+
+        default_on = DEFAULT_ON_FLAGS.include?(feature_flag)
+        Feature.enabled?("gitaly_#{feature_flag}", default_enabled: default_on)
+      rescue ActiveRecord::NoDatabaseError
+        false
+      end
+
+      def server_feature_flags
+        SERVER_FEATURE_FLAGS.map do |f|
+          ["gitaly-feature-#{f.tr('_', '-')}", enabled?(f).to_s]
+        end.to_h
+      end
+    end
+  end
+end

lib/gitlab/gitaly_client.rb

@@ -31,10 +31,6 @@ module Gitlab
     MAXIMUM_GITALY_CALLS = 30
     CLIENT_NAME = (Sidekiq.server? ? 'gitlab-sidekiq' : 'gitlab-web').freeze
 
-    SERVER_FEATURE_CATFILE_CACHE = 'catfile-cache'.freeze
-    # Server feature flags should use '_' to separate words.
-    SERVER_FEATURE_FLAGS = [SERVER_FEATURE_CATFILE_CACHE].freeze
-
     MUTEX = Mutex.new
 
     define_histogram :gitaly_controller_action_duration_seconds do
@@ -223,9 +219,9 @@ module Gitlab
       metadata['call_site'] = feature.to_s if feature
       metadata['gitaly-servers'] = address_metadata(remote_storage) if remote_storage
       metadata['x-gitlab-correlation-id'] = Labkit::Correlation::CorrelationId.current_id if Labkit::Correlation::CorrelationId.current_id
-      metadata['gitaly-session-id'] = session_id if feature_enabled?(SERVER_FEATURE_CATFILE_CACHE)
+      metadata['gitaly-session-id'] = session_id if Feature::Gitaly.enabled?(Feature::Gitaly::CATFILE_CACHE)
 
-      metadata.merge!(server_feature_flags)
+      metadata.merge!(Feature::Gitaly.server_feature_flags)
 
       result = { metadata: metadata }
 
@@ -244,12 +240,6 @@ module Gitlab
       Gitlab::SafeRequestStore[:gitaly_session_id] ||= SecureRandom.uuid
     end
 
-    def self.server_feature_flags
-      SERVER_FEATURE_FLAGS.map do |f|
-        ["gitaly-feature-#{f.tr('_', '-')}", feature_enabled?(f).to_s]
-      end.to_h
-    end
-
     def self.token(storage)
       params = Gitlab.config.repositories.storages[storage]
       raise "storage not found: #{storage.inspect}" if params.nil?
@@ -257,12 +247,6 @@ module Gitlab
       params['gitaly_token'].presence || Gitlab.config.gitaly['token']
     end
 
-    def self.feature_enabled?(feature_name)
-      Feature::FlipperFeature.table_exists? && Feature.enabled?("gitaly_#{feature_name}")
-    rescue ActiveRecord::NoDatabaseError
-      false
-    end
-
     # Ensures that Gitaly is not being abuse through n+1 misuse etc
     def self.enforce_gitaly_request_limits(call_site)
       # Only count limits in request-response environments (not sidekiq for example)
@@ -295,7 +279,7 @@ module Gitlab
       # check if the limit is being exceeded while testing in those environments
       # In that case we can use a feature flag to indicate that we do want to
       # enforce request limits.
-      return true if feature_enabled?('enforce_requests_limits')
+      return true if Feature::Gitaly.enabled?('enforce_requests_limits')
 
       !(Rails.env.production? || ENV["GITALY_DISABLE_REQUEST_LIMITS"])
     end

lib/gitlab/gitaly_client/storage_settings.rb

@@ -34,7 +34,7 @@ module Gitlab
       def self.disk_access_denied?
         return false if rugged_enabled?
 
-        !temporarily_allowed?(ALLOW_KEY) && GitalyClient.feature_enabled?(DISK_ACCESS_DENIED_FLAG)
+        !temporarily_allowed?(ALLOW_KEY) && Feature::Gitaly.enabled?(DISK_ACCESS_DENIED_FLAG)
       rescue
         false # Err on the side of caution, don't break gitlab for people
       end

spec/lib/feature/gitaly_spec.rb

+require 'spec_helper'
+
+describe Feature::Gitaly do
+  let(:feature_flag) { "mep_mep" }
+
+  before do
+    stub_const("#{described_class}::SERVER_FEATURE_FLAGS", [feature_flag])
+  end
+
+  describe ".enabled?" do
+    context 'when the gate is closed' do
+      before do
+        stub_feature_flags(gitaly_mep_mep: false)
+      end
+
+      it 'returns false' do
+        expect(described_class.enabled?(feature_flag)).to be(false)
+      end
+    end
+
+    context 'when the flag defaults to on' do
+      it 'returns true' do
+        expect(described_class.enabled?(feature_flag)).to be(true)
+      end
+    end
+  end
+
+  describe ".server_feature_flags" do
+    context 'when one flag is disabled' do
+      before do
+        stub_feature_flags(gitaly_mep_mep: false)
+      end
+
+      subject { described_class.server_feature_flags }
+
+      it { is_expected.to be_a(Hash) }
+      it { is_expected.to eq("gitaly-feature-mep-mep" => "false") }
+    end
+  end
+end

spec/lib/gitlab/gitaly_client/storage_settings_spec.rb

@@ -28,12 +28,16 @@ describe Gitlab::GitalyClient::StorageSettings do
   end
 
   describe '.disk_access_denied?' do
-    it 'return false when Rugged is enabled', :enable_rugged do
+    context 'when Rugged is enabled', :enable_rugged do
+      it 'returns false' do
         expect(described_class.disk_access_denied?).to be_falsey
       end
+    end
 
+    context 'when Rugged is disabled' do
       it 'returns true' do
         expect(described_class.disk_access_denied?).to be_truthy
       end
     end
+  end
 end

spec/lib/gitlab/gitaly_client_spec.rb

@@ -330,20 +330,6 @@ describe Gitlab::GitalyClient do
     end
   end
 
-  describe 'feature_enabled?' do
-    let(:feature_name) { 'my_feature' }
-    let(:real_feature_name) { "gitaly_#{feature_name}" }
-
-    before do
-      allow(Feature).to receive(:enabled?).and_return(false)
-    end
-
-    it 'returns false' do
-      expect(Feature).to receive(:enabled?).with(real_feature_name)
-      expect(described_class.feature_enabled?(feature_name)).to be(false)
-    end
-  end
-
   describe 'timeouts' do
     context 'with default values' do
       before do

spec/support/helpers/cycle_analytics_helpers.rb

@@ -10,7 +10,7 @@ module CycleAnalyticsHelpers
     repository = project.repository
     oldrev = repository.commit(branch_name)&.sha || Gitlab::Git::BLANK_SHA
 
-    if Timecop.frozen? && Gitlab::GitalyClient.feature_enabled?(:operation_user_commit_files)
+    if Timecop.frozen?
       mock_gitaly_multi_action_dates(repository, commit_time)
     end