Add latest changes from gitlab-org/gitlab@master

7 files changed, 47 insertions, 6 deletions

diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb
index 6acdc02c799..8459d017e6c 100644
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -171,6 +171,11 @@ class ApplicationSetting < ApplicationRecord
 
   validates :kroki_formats, json_schema: { filename: 'application_setting_kroki_formats' }
 
+  validates :metrics_method_call_threshold,
+           numericality: { greater_than_or_equal_to: 0 },
+           presence: true,
+           if: :prometheus_metrics_enabled
+
   validates :plantuml_url,
             presence: true,
             if: :plantuml_enabled
diff --git a/app/models/ci/project_mirror.rb b/app/models/ci/project_mirror.rb
index 9000d1791a6..15a161d5b7c 100644
--- a/app/models/ci/project_mirror.rb
+++ b/app/models/ci/project_mirror.rb
@@ -4,6 +4,8 @@ module Ci
   # This model represents a shadow table of the main database's projects table.
   # It allows us to navigate the project and namespace hierarchy on the ci database.
   class ProjectMirror < ApplicationRecord
+    include FromUnion
+
     belongs_to :project
 
     scope :by_namespace_id, -> (namespace_id) { where(namespace_id: namespace_id) }
diff --git a/app/models/clusters/applications/runner.rb b/app/models/clusters/applications/runner.rb
index 98f5b343ecf..1ac4cbac1da 100644
--- a/app/models/clusters/applications/runner.rb
+++ b/app/models/clusters/applications/runner.rb
@@ -3,7 +3,7 @@
 module Clusters
   module Applications
     class Runner < ApplicationRecord
-      VERSION = '0.42.0'
+      VERSION = '0.42.1'
 
       self.table_name = 'clusters_applications_runners'
 
diff --git a/app/models/concerns/enums/ci/commit_status.rb b/app/models/concerns/enums/ci/commit_status.rb
index 49d4dcfe449..ecb120d8013 100644
--- a/app/models/concerns/enums/ci/commit_status.rb
+++ b/app/models/concerns/enums/ci/commit_status.rb
@@ -38,7 +38,8 @@ module Enums
           bridge_pipeline_is_child_pipeline: 1_006, # not used anymore, but cannot be deleted because of old data
           downstream_pipeline_creation_failed: 1_007,
           secrets_provider_not_found: 1_008,
-          reached_max_descendant_pipelines_depth: 1_009
+          reached_max_descendant_pipelines_depth: 1_009,
+          ip_restriction_failure: 1_010
         }
       end
     end
diff --git a/app/models/deploy_token.rb b/app/models/deploy_token.rb
index 3c0f7d91a03..20d19ec9541 100644
--- a/app/models/deploy_token.rb
+++ b/app/models/deploy_token.rb
@@ -5,9 +5,6 @@ class DeployToken < ApplicationRecord
   include TokenAuthenticatable
   include PolicyActor
   include Gitlab::Utils::StrongMemoize
-  include IgnorableColumns
-
-  ignore_column :token, remove_with: '15.2', remove_after: '2022-07-22'
 
   add_authentication_token_field :token, encrypted: :required
 
diff --git a/app/models/error_tracking/project_error_tracking_setting.rb b/app/models/error_tracking/project_error_tracking_setting.rb
index 3ecfb895dac..30382a1c205 100644
--- a/app/models/error_tracking/project_error_tracking_setting.rb
+++ b/app/models/error_tracking/project_error_tracking_setting.rb
@@ -125,17 +125,22 @@ module ErrorTracking
 
     def issue_details(opts = {})
       with_reactive_cache('issue_details', opts.stringify_keys) do |result|
+        ensure_issue_belongs_to_project!(result[:issue].project_id)
         result
       end
     end
 
     def issue_latest_event(opts = {})
       with_reactive_cache('issue_latest_event', opts.stringify_keys) do |result|
+        ensure_issue_belongs_to_project!(result[:latest_event].project_id)
         result
       end
     end
 
     def update_issue(opts = {})
+      issue_to_be_updated = sentry_client.issue_details(issue_id: opts[:issue_id])
+      ensure_issue_belongs_to_project!(issue_to_be_updated.project_id)
+
       handle_exceptions do
         { updated: sentry_client.update_issue(opts) }
       end
@@ -177,6 +182,25 @@ module ErrorTracking
 
     private
 
+    def ensure_issue_belongs_to_project!(project_id_from_api)
+      raise 'The Sentry issue appers to be outside of the configured Sentry project' if Integer(project_id_from_api) != ensure_sentry_project_id!
+    end
+
+    def ensure_sentry_project_id!
+      return sentry_project_id if sentry_project_id.present?
+
+      raise("Couldn't find project: #{organization_name} / #{project_name} on Sentry") if sentry_project.nil?
+
+      update!(sentry_project_id: sentry_project.id)
+      sentry_project_id
+    end
+
+    def sentry_project
+      strong_memoize(:sentry_project) do
+        sentry_client.projects.find { |project| project.name == project_name && project.organization_name == organization_name }
+      end
+    end
+
     def add_gitlab_issue_details(issue)
       issue.gitlab_commit = match_gitlab_commit(issue.first_release_version)
       issue.gitlab_commit_path = project_commit_path(project, issue.gitlab_commit) if issue.gitlab_commit
diff --git a/app/models/user.rb b/app/models/user.rb
index c86fb56795c..40096dfa411 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -1657,6 +1657,14 @@ class User < ApplicationRecord
     true
   end
 
+  def authorized_project_mirrors(level)
+    projects = Ci::ProjectMirror.by_project_id(ci_project_mirrors_for_project_members(level))
+
+    namespace_projects = Ci::ProjectMirror.by_namespace_id(ci_namespace_mirrors_for_group_members(level).select(:namespace_id))
+
+    Ci::ProjectMirror.from_union([projects, namespace_projects])
+  end
+
   def ci_owned_runners
     @ci_owned_runners ||= begin
       Ci::Runner
@@ -2113,6 +2121,10 @@ class User < ApplicationRecord
   end
   # rubocop: enable CodeReuse/ServiceClass
 
+  def ci_project_mirrors_for_project_members(level)
+    project_members.where('access_level >= ?', level).pluck(:source_id)
+  end
+
   def notification_email_verified
     return if notification_email.blank? || temp_oauth_email?
 
@@ -2250,7 +2262,7 @@ class User < ApplicationRecord
   end
 
   def ci_owned_project_runners_from_project_members
-    project_ids = project_members.where('access_level >= ?', Gitlab::Access::MAINTAINER).pluck(:source_id)
+    project_ids = ci_project_mirrors_for_project_members(Gitlab::Access::MAINTAINER)
 
     Ci::Runner
       .joins(:runner_projects)