Add latest changes from gitlab-org/gitlab@master

16 files changed, 94 insertions, 42 deletions

diff --git a/app/assets/javascripts/monitoring/components/embed.vue b/app/assets/javascripts/monitoring/components/embed.vue
index 15366b45618..826b73908a4 100644
--- a/app/assets/javascripts/monitoring/components/embed.vue
+++ b/app/assets/javascripts/monitoring/components/embed.vue
@@ -67,7 +67,7 @@ export default {
       'setShowErrorBanner',
     ]),
     chartHasData(chart) {
-      return chart.metrics.some(metric => this.metricsWithData().includes(metric.metric_id));
+      return chart.metrics.some(metric => this.metricsWithData().includes(metric.metricId));
     },
     onSidebarMutation() {
       setTimeout(() => {
diff --git a/app/assets/javascripts/monitoring/stores/utils.js b/app/assets/javascripts/monitoring/stores/utils.js
index 0e97d50f317..066d0bf7676 100644
--- a/app/assets/javascripts/monitoring/stores/utils.js
+++ b/app/assets/javascripts/monitoring/stores/utils.js
@@ -13,11 +13,12 @@ export const gqClient = createGqClient(
 /**
  * Metrics loaded from project-defined dashboards do not have a metric_id.
  * This method creates a unique ID combining metric_id and id, if either is present.
- * This is hopefully a temporary solution until BE processes metrics before passing to fE
+ * This is hopefully a temporary solution until BE processes metrics before passing to FE
  * @param {Object} metric - metric
  * @returns {Object} - normalized metric with a uniqueID
  */
-export const uniqMetricsId = metric => `${metric.metric_id}_${metric.id}`;
+// eslint-disable-next-line babel/camelcase
+export const uniqMetricsId = ({ metric_id, id }) => `${metric_id}_${id}`;
 
 /**
  * Project path has a leading slash that doesn't work well
@@ -68,10 +69,6 @@ const mapToMetricsViewModel = (metrics, defaultLabel) =>
     queryRange: query_range,
     prometheusEndpointPath: prometheus_endpoint_path,
     metricId: uniqMetricsId({ metric_id, id }),
-
-    // `metric_id` is used by embed.vue, keeping this duplicated.
-    // https://gitlab.com/gitlab-org/gitlab/issues/37492
-    metric_id: uniqMetricsId({ metric_id, id }),
     ...metric,
   }));
 
diff --git a/app/controllers/projects/logs_controller.rb b/app/controllers/projects/logs_controller.rb
index 1b0fdf2a337..d598171e92c 100644
--- a/app/controllers/projects/logs_controller.rb
+++ b/app/controllers/projects/logs_controller.rb
@@ -48,7 +48,7 @@ module Projects
     end
 
     def elasticsearch_params
-      params.permit(:container_name, :pod_name, :search, :start, :end)
+      params.permit(:container_name, :pod_name, :search, :start, :end, :cursor)
     end
 
     def environment
diff --git a/app/models/issue.rb b/app/models/issue.rb
index ef65b002816..145807457a1 100644
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -77,7 +77,7 @@ class Issue < ApplicationRecord
 
   scope :counts_by_state, -> { reorder(nil).group(:state_id).count }
 
-  ignore_column :state, remove_with: '12.7', remove_after: '2019-12-22'
+  ignore_column :state, remove_with: '12.10', remove_after: '2020-03-22'
 
   after_commit :expire_etag_cache, unless: :importing?
   after_save :ensure_metrics, unless: :importing?
diff --git a/app/models/merge_request.rb b/app/models/merge_request.rb
index 0aaeed9f977..d165c88fd48 100644
--- a/app/models/merge_request.rb
+++ b/app/models/merge_request.rb
@@ -261,7 +261,7 @@ class MergeRequest < ApplicationRecord
     includes(:metrics)
   end
 
-  ignore_column :state, remove_with: '12.7', remove_after: '2019-12-22'
+  ignore_column :state, remove_with: '12.10', remove_after: '2020-03-22'
 
   after_save :keep_around_commit, unless: :importing?
 
diff --git a/app/models/project_services/jira_service.rb b/app/models/project_services/jira_service.rb
index 028cd1ecce0..e3cd345d065 100644
--- a/app/models/project_services/jira_service.rb
+++ b/app/models/project_services/jira_service.rb
@@ -280,21 +280,17 @@ class JiraService < IssueTrackerService
     return unless client_url.present?
 
     jira_request do
-      create_issue_link(issue, remote_link_props)
-      create_issue_comment(issue, message)
+      remote_link = find_remote_link(issue, remote_link_props[:object][:url])
+
+      create_issue_comment(issue, message) unless remote_link
+      remote_link ||= issue.remotelink.build
+      remote_link.save!(remote_link_props)
 
       log_info("Successfully posted", client_url: client_url)
       "SUCCESS: Successfully posted to #{client_url}."
     end
   end
 
-  def create_issue_link(issue, remote_link_props)
-    remote_link = find_remote_link(issue, remote_link_props[:object][:url])
-    remote_link ||= issue.remotelink.build
-
-    remote_link.save!(remote_link_props)
-  end
-
   def create_issue_comment(issue, message)
     return unless comment_on_event_enabled
 
diff --git a/app/models/x509_certificate.rb b/app/models/x509_certificate.rb
index 43927e65db1..75b711eab5b 100644
--- a/app/models/x509_certificate.rb
+++ b/app/models/x509_certificate.rb
@@ -2,6 +2,7 @@
 
 class X509Certificate < ApplicationRecord
   include X509SerialNumberAttribute
+  include AfterCommitQueue
 
   x509_serial_number_attribute :serial_number
 
@@ -25,8 +26,14 @@ class X509Certificate < ApplicationRecord
 
   validates :x509_issuer_id, presence: true
 
+  after_commit :mark_commit_signatures_unverified
+
   def self.safe_create!(attributes)
     create_with(attributes)
       .safe_find_or_create_by!(subject_key_identifier: attributes[:subject_key_identifier])
   end
+
+  def mark_commit_signatures_unverified
+    X509CertificateRevokeWorker.perform_async(self.id) if revoked?
+  end
 end
diff --git a/app/services/pod_logs/base_service.rb b/app/services/pod_logs/base_service.rb
index 668ee6b88a8..d94d4e92eb6 100644
--- a/app/services/pod_logs/base_service.rb
+++ b/app/services/pod_logs/base_service.rb
@@ -10,8 +10,6 @@ module PodLogs
     CACHE_KEY_GET_POD_LOG = 'get_pod_log'
     K8S_NAME_MAX_LENGTH = 253
 
-    SUCCESS_RETURN_KEYS = %i(status logs pod_name container_name pods).freeze
-
     def id
       cluster.id
     end
@@ -49,6 +47,10 @@ module PodLogs
       %w(pod_name container_name)
     end
 
+    def success_return_keys
+      %i(status logs pod_name container_name pods)
+    end
+
     def check_arguments(result)
       return error(_('Cluster does not exist')) if cluster.nil?
       return error(_('Namespace is empty')) if namespace.blank?
@@ -122,7 +124,7 @@ module PodLogs
     end
 
     def filter_return_keys(result)
-      result.slice(*SUCCESS_RETURN_KEYS)
+      result.slice(*success_return_keys)
     end
 
     def filter_params(params)
diff --git a/app/services/pod_logs/elasticsearch_service.rb b/app/services/pod_logs/elasticsearch_service.rb
index cd56565ec61..3bb6e2bd846 100644
--- a/app/services/pod_logs/elasticsearch_service.rb
+++ b/app/services/pod_logs/elasticsearch_service.rb
@@ -10,6 +10,7 @@ module PodLogs
           :check_container_name,
           :check_times,
           :check_search,
+          :check_cursor,
           :pod_logs,
           :filter_return_keys
 
@@ -18,7 +19,11 @@ module PodLogs
     private
 
     def valid_params
-      %w(pod_name container_name search start end)
+      super + %w(search start end cursor)
+    end
+
+    def success_return_keys
+      super + %i(cursor)
     end
 
     def check_times(result)
@@ -36,19 +41,28 @@ module PodLogs
       success(result)
     end
 
+    def check_cursor(result)
+      result[:cursor] = params['cursor'] if params.key?('cursor')
+
+      success(result)
+    end
+
     def pod_logs(result)
       client = cluster&.application_elastic_stack&.elasticsearch_client
       return error(_('Unable to connect to Elasticsearch')) unless client
 
-      result[:logs] = ::Gitlab::Elasticsearch::Logs.new(client).pod_logs(
+      response = ::Gitlab::Elasticsearch::Logs.new(client).pod_logs(
         namespace,
         result[:pod_name],
-        result[:container_name],
-        result[:search],
-        result[:start],
-        result[:end]
+        container_name: result[:container_name],
+        search: result[:search],
+        start_time: result[:start],
+        end_time: result[:end],
+        cursor: result[:cursor]
       )
 
+      result.merge!(response)
+
       success(result)
     rescue Elasticsearch::Transport::Transport::ServerError => e
       ::Gitlab::ErrorTracking.track_exception(e)
@@ -58,6 +72,8 @@ module PodLogs
         # there is no method on the exception other than the class name to determine the type of error encountered.
         status_code: e.class.name.split('::').last
       })
+    rescue ::Gitlab::Elasticsearch::Logs::InvalidCursor
+      error(_('Invalid cursor value provided'))
     end
   end
 end
diff --git a/app/services/projects/update_repository_storage_service.rb b/app/services/projects/update_repository_storage_service.rb
index 1565b534b19..0adfd4f8fd7 100644
--- a/app/services/projects/update_repository_storage_service.rb
+++ b/app/services/projects/update_repository_storage_service.rb
@@ -5,19 +5,12 @@ module Projects
     include Gitlab::ShellAdapter
 
     Error = Class.new(StandardError)
-    RepositoryAlreadyMoved = Class.new(StandardError)
 
     def initialize(project)
       @project = project
     end
 
     def execute(new_repository_storage_key)
-      # Raising an exception is a little heavy handed but this behavior (doing
-      # nothing if the repo is already on the right storage) prevents data
-      # loss, so it is valuable for us to be able to observe it via the
-      # exception.
-      raise RepositoryAlreadyMoved if project.repository_storage == new_repository_storage_key
-
       mirror_repositories(new_repository_storage_key)
 
       mark_old_paths_for_archive
@@ -30,7 +23,7 @@ module Projects
 
       success
 
-    rescue Error => e
+    rescue Error, ArgumentError, Gitlab::Git::BaseError => e
       project.update(repository_read_only: false)
 
       Gitlab::ErrorTracking.track_exception(e, project_path: project.full_path)
@@ -65,10 +58,7 @@ module Projects
                                                    raw_repository.gl_repository,
                                                    full_path)
 
-      unless new_repository.fetch_repository_as_mirror(raw_repository)
-        raise Error, s_('UpdateRepositoryStorage|Failed to fetch %{type} repository as mirror') % { type: type.name }
-      end
-
+      new_repository.replicate(raw_repository)
       new_checksum = new_repository.checksum
 
       if checksum != new_checksum
diff --git a/app/services/x509_certificate_revoke_service.rb b/app/services/x509_certificate_revoke_service.rb
new file mode 100644
index 00000000000..fdd0dd74a59
--- /dev/null
+++ b/app/services/x509_certificate_revoke_service.rb
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class X509CertificateRevokeService
+  def execute(certificate)
+    return unless certificate.revoked?
+
+    certificate.x509_commit_signatures.update_all(verification_status: :unverified)
+  end
+end
diff --git a/app/uploaders/attachment_uploader.rb b/app/uploaders/attachment_uploader.rb
index b488bba00e9..47de6fe0fbd 100644
--- a/app/uploaders/attachment_uploader.rb
+++ b/app/uploaders/attachment_uploader.rb
@@ -11,4 +11,15 @@ class AttachmentUploader < GitlabUploader
   def dynamic_segment
     File.join(model.class.underscore, mounted_as.to_s, model.id.to_s)
   end
+
+  def mounted_as
+    # Geo fails to sync attachments on Note, and LegacyDiffNotes with missing mount_point.
+    #
+    # See https://gitlab.com/gitlab-org/gitlab/-/issues/209752 for more details.
+    if model.class.underscore.include?('note')
+      super || 'attachment'
+    else
+      super
+    end
+  end
 end
diff --git a/app/views/projects/commit/x509/_certificate_details.html.haml b/app/views/projects/commit/x509/_certificate_details.html.haml
index 51667010d6f..cea216d0d9d 100644
--- a/app/views/projects/commit/x509/_certificate_details.html.haml
+++ b/app/views/projects/commit/x509/_certificate_details.html.haml
@@ -1,5 +1,7 @@
 .gpg-popover-certificate-details
   %strong= _('Certificate Subject')
+  - if signature.x509_certificate.revoked?
+    %strong.cred= _('(revoked)')
   %ul
     - x509_subject(signature.x509_certificate.subject, ["CN", "O"]).map do |key, value|
       %li= key + "=" + value
diff --git a/app/workers/all_queues.yml b/app/workers/all_queues.yml
index d70df18ffaf..545e8886d61 100644
--- a/app/workers/all_queues.yml
+++ b/app/workers/all_queues.yml
@@ -1291,3 +1291,10 @@
   :resource_boundary: :unknown
   :weight: 1
   :idempotent: 
+- :name: x509_certificate_revoke
+  :feature_category: :source_code_management
+  :has_external_dependencies: 
+  :urgency: :low
+  :resource_boundary: :unknown
+  :weight: 1
+  :idempotent: true
diff --git a/app/workers/project_update_repository_storage_worker.rb b/app/workers/project_update_repository_storage_worker.rb
index 2d88b532dbf..ea2b9e799c0 100644
--- a/app/workers/project_update_repository_storage_worker.rb
+++ b/app/workers/project_update_repository_storage_worker.rb
@@ -9,7 +9,5 @@ class ProjectUpdateRepositoryStorageWorker # rubocop:disable Scalability/Idempot
     project = Project.find(project_id)
 
     ::Projects::UpdateRepositoryStorageService.new(project).execute(new_repository_storage_key)
-  rescue ::Projects::UpdateRepositoryStorageService::RepositoryAlreadyMoved
-    Rails.logger.info "#{self.class}: repository already moved: #{project}" # rubocop:disable Gitlab/RailsLogger
   end
 end
diff --git a/app/workers/x509_certificate_revoke_worker.rb b/app/workers/x509_certificate_revoke_worker.rb
new file mode 100644
index 00000000000..abd0e5eefa7
--- /dev/null
+++ b/app/workers/x509_certificate_revoke_worker.rb
@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+class X509CertificateRevokeWorker
+  include ApplicationWorker
+
+  feature_category :source_code_management
+
+  idempotent!
+
+  def perform(certificate_id)
+    return unless certificate_id
+
+    X509Certificate.find_by_id(certificate_id).try do |certificate|
+      X509CertificateRevokeService.new.execute(certificate)
+    end
+  end
+end