Add latest changes from gitlab-org/gitlab@15-6-stable-eev15.6.0-rc42

14 files changed, 140 insertions, 94 deletions

diff --git a/config/initializers/0_inject_enterprise_edition_module.rb b/config/initializers/0_inject_enterprise_edition_module.rb
index 1951940a2a1..cc67e384d83 100644
--- a/config/initializers/0_inject_enterprise_edition_module.rb
+++ b/config/initializers/0_inject_enterprise_edition_module.rb
@@ -35,6 +35,12 @@ module InjectEnterpriseEditionModule
     include_mod_with(name) # rubocop: disable Cop/InjectEnterpriseEditionModule
   end
 
+  def gitlab_extensions
+    extensions = [self]
+    each_extension_for(name, Object) { |c| extensions << c }
+    extensions
+  end
+
   private
 
   def prepend_module(mod, with_descendants)
diff --git a/config/initializers/0_marginalia.rb b/config/initializers/0_marginalia.rb
index e88599fd93c..c776747939f 100644
--- a/config/initializers/0_marginalia.rb
+++ b/config/initializers/0_marginalia.rb
@@ -13,7 +13,8 @@ require 'marginalia'
 # matching against the raw SQL, and prepending the comment prevents color
 # coding from working in the development log.
 Marginalia::Comment.prepend_comment = true if Rails.env.production?
-Marginalia::Comment.components = [:application, :correlation_id, :jid, :endpoint_id, :db_config_name]
+Marginalia::Comment.components = [:application, :correlation_id, :jid, :endpoint_id, :db_config_name,
+                                  :console_hostname, :console_username]
 
 # As mentioned in https://github.com/basecamp/marginalia/pull/93/files,
 # adding :line has some overhead because a regexp on the backtrace has
diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb
index 2244e415c3d..da4277c8146 100644
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -457,7 +457,7 @@ if Gitlab.ee? && Settings['ee_cron_jobs']
   Settings.cron_jobs.merge!(Settings.ee_cron_jobs)
 end
 
-Settings.cron_jobs['poll_interval'] ||= 30
+Settings.cron_jobs['poll_interval'] ||= nil
 Settings.cron_jobs['stuck_ci_jobs_worker'] ||= Settingslogic.new({})
 Settings.cron_jobs['stuck_ci_jobs_worker']['cron'] ||= '0 * * * *'
 Settings.cron_jobs['stuck_ci_jobs_worker']['job_class'] = 'StuckCiJobsWorker'
@@ -572,6 +572,9 @@ Settings.cron_jobs['container_registry_migration_observer_worker']['job_class']
 Settings.cron_jobs['container_registry_migration_enqueuer_worker'] ||= Settingslogic.new({})
 Settings.cron_jobs['container_registry_migration_enqueuer_worker']['cron'] ||= '15,45 */1 * * *'
 Settings.cron_jobs['container_registry_migration_enqueuer_worker']['job_class'] = 'ContainerRegistry::Migration::EnqueuerWorker'
+Settings.cron_jobs['cleanup_container_registry_worker'] ||= Settingslogic.new({})
+Settings.cron_jobs['cleanup_container_registry_worker']['cron'] ||= '*/5 * * * *'
+Settings.cron_jobs['cleanup_container_registry_worker']['job_class'] = 'ContainerRegistry::CleanupWorker'
 Settings.cron_jobs['image_ttl_group_policy_worker'] ||= Settingslogic.new({})
 Settings.cron_jobs['image_ttl_group_policy_worker']['cron'] ||= '40 0 * * *'
 Settings.cron_jobs['image_ttl_group_policy_worker']['job_class'] = 'DependencyProxy::ImageTtlGroupPolicyWorker'
@@ -579,7 +582,7 @@ Settings.cron_jobs['cleanup_dependency_proxy_worker'] ||= Settingslogic.new({})
 Settings.cron_jobs['cleanup_dependency_proxy_worker']['cron'] ||= '20 3,15 * * *'
 Settings.cron_jobs['cleanup_dependency_proxy_worker']['job_class'] = 'DependencyProxy::CleanupDependencyProxyWorker'
 Settings.cron_jobs['cleanup_package_registry_worker'] ||= Settingslogic.new({})
-Settings.cron_jobs['cleanup_package_registry_worker']['cron'] ||= '20 0,12 * * *'
+Settings.cron_jobs['cleanup_package_registry_worker']['cron'] ||= '20 * * * *'
 Settings.cron_jobs['cleanup_package_registry_worker']['job_class'] = 'Packages::CleanupPackageRegistryWorker'
 Settings.cron_jobs['x509_issuer_crl_check_worker'] ||= Settingslogic.new({})
 Settings.cron_jobs['x509_issuer_crl_check_worker']['cron'] ||= '30 1 * * *'
@@ -770,7 +773,7 @@ Gitlab.ee do
   Settings.cron_jobs['iterations_generator_worker']['cron'] ||= '5 0 * * *'
   Settings.cron_jobs['iterations_generator_worker']['job_class'] = 'Iterations::Cadences::ScheduleCreateIterationsWorker'
   Settings.cron_jobs['vulnerability_statistics_schedule_worker'] ||= Settingslogic.new({})
-  Settings.cron_jobs['vulnerability_statistics_schedule_worker']['cron'] ||= '15 1 * * *'
+  Settings.cron_jobs['vulnerability_statistics_schedule_worker']['cron'] ||= '15 1,20 * * *'
   Settings.cron_jobs['vulnerability_statistics_schedule_worker']['job_class'] = 'Vulnerabilities::Statistics::ScheduleWorker'
   Settings.cron_jobs['vulnerability_historical_statistics_deletion_worker'] ||= Settingslogic.new({})
   Settings.cron_jobs['vulnerability_historical_statistics_deletion_worker']['cron'] ||= '15 3 * * *'
@@ -1023,6 +1026,7 @@ Settings.monitoring.sidekiq_health_checks['port'] ||= 8092
 
 Settings.monitoring['web_exporter'] ||= Settingslogic.new({})
 Settings.monitoring.web_exporter['enabled'] ||= false
+Settings.monitoring.web_exporter['log_enabled'] ||= true
 Settings.monitoring.web_exporter['address'] ||= 'localhost'
 Settings.monitoring.web_exporter['port'] ||= 8083
 Settings.monitoring.web_exporter['tls_enabled'] ||= false
diff --git a/config/initializers/8_devise.rb b/config/initializers/8_devise.rb
index 65314c4472f..237231f544f 100644
--- a/config/initializers/8_devise.rb
+++ b/config/initializers/8_devise.rb
@@ -178,14 +178,6 @@ Devise.setup do |config|
   # reset. Defaults to true, so a user is signed in automatically after a reset.
   config.sign_in_after_reset_password = false
 
-  # ==> Configuration for :encryptable
-  # Allow you to use another encryption algorithm besides bcrypt (default). You can use
-  # :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1,
-  # :authlogic_sha512 (then you should set stretches above to 20 for default behavior)
-  # and :restful_authentication_sha1 (then you should set stretches to 10, and copy
-  # REST_AUTH_SITE_KEY to pepper)
-  config.encryptor = :pbkdf2_sha512
-
   # Authentication through token does not store user in session and needs
   # to be supplied on each request. Useful if you are using the token as API token.
   config.skip_session_storage << :token_auth
diff --git a/config/initializers/active_support_json.rb b/config/initializers/active_support_json.rb
new file mode 100644
index 00000000000..5e38ebd7c89
--- /dev/null
+++ b/config/initializers/active_support_json.rb
@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module ActiveSupport
+  module JSON
+    module Encoding
+      self.json_encoder = Gitlab::Json::RailsEncoder
+
+      # This method is used only to test that our
+      # encoder maintains compatibility with the default
+      # ActiveSupport encoder. See spec/lib/gitlab/json_spec.rb
+      def self.use_encoder(encoder)
+        previous_encoder = json_encoder
+        self.json_encoder = encoder
+
+        result = yield
+
+        self.json_encoder = previous_encoder
+
+        result
+      end
+    end
+  end
+end
diff --git a/config/initializers/database_query_analyzers.rb b/config/initializers/database_query_analyzers.rb
index 2e73fbb79a2..ad6ed20b94d 100644
--- a/config/initializers/database_query_analyzers.rb
+++ b/config/initializers/database_query_analyzers.rb
@@ -1,15 +1,19 @@
 # frozen_string_literal: true
 
 # Currently we register validator only for `dev` or `test` environment
-Gitlab::Database::QueryAnalyzer.instance.hook!
-Gitlab::Database::QueryAnalyzer.instance.all_analyzers.append(::Gitlab::Database::QueryAnalyzers::GitlabSchemasMetrics)
-Gitlab::Database::QueryAnalyzer.instance.all_analyzers.append(
-  ::Gitlab::Database::QueryAnalyzers::PreventCrossDatabaseModification
-)
+Gitlab::Database::QueryAnalyzer.instance.tap do |query_analyzer|
+  query_analyzer.hook!
 
-if Gitlab.dev_or_test_env?
-  query_analyzer = ::Gitlab::Database::QueryAnalyzers::GitlabSchemasValidateConnection
-  Gitlab::Database::QueryAnalyzer.instance.all_analyzers.append(query_analyzer)
+  query_analyzer.all_analyzers.tap do |analyzers|
+    analyzers.append(::Gitlab::Database::QueryAnalyzers::GitlabSchemasMetrics)
+    analyzers.append(::Gitlab::Database::QueryAnalyzers::PreventCrossDatabaseModification)
+    analyzers.append(::Gitlab::Database::QueryAnalyzers::Ci::PartitioningRoutingAnalyzer)
+
+    if Gitlab.dev_or_test_env?
+      analyzers.append(::Gitlab::Database::QueryAnalyzers::GitlabSchemasValidateConnection)
+      analyzers.append(::Gitlab::Database::QueryAnalyzers::QueryRecorder)
+    end
+  end
 end
 
 Gitlab::Application.configure do |config|
diff --git a/config/initializers/google_api_client_patch.rb b/config/initializers/google_api_client_patch.rb
index 1408dcb0501..2a832790f97 100644
--- a/config/initializers/google_api_client_patch.rb
+++ b/config/initializers/google_api_client_patch.rb
@@ -1,8 +1,9 @@
 # frozen_string_literal: true
 
 require 'google/apis/core/http_command'
+require 'google/apis/version'
 
-raise 'This patch is only tested with google-api-client-ruby v0.50.0' unless Google::Apis::VERSION == "0.50.0"
+raise 'This patch is only tested with google-api-client-ruby v0.53.0' unless Google::Apis::VERSION == "0.53.0"
 
 # The google-api-ruby-client does not have a way to increase or disable
 # the maximum allowed time for a request to be retried. By default, it
diff --git a/config/initializers/hashie_mash_permitted_patch.rb b/config/initializers/hashie_mash_permitted_patch.rb
new file mode 100644
index 00000000000..b793a408c91
--- /dev/null
+++ b/config/initializers/hashie_mash_permitted_patch.rb
@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+# Pulls logic from https://github.com/Maxim-Filimonov/hashie-forbidden_attributes so we could drop the dependency.
+# This gem is simply `Hashie::Mash` monkey patch to allow mass assignment bypassing `:permitted?` check.
+#
+# Reasons:
+# 1. The gem was last updated 5 years ago and does not have CI setup to test under the latest Ruby/Rails.
+# 2. There is a significant chance this logic is not used at all.
+# We didn't find any explicit places in the code where we mass-assign to `Hashie::Mash`.
+# Experimental MR where we dropped the gem showed that no tests from the full suite failed:
+# https://gitlab.com/gitlab-org/gitlab/-/merge_requests/101535
+# 3. The logic is very simple. Even if we need it, keeping it in our codebase is better than pulling a dependency.
+# This logic will be visible and it will be one less gem to install.
+#
+# Next steps:
+# 1. Keep the patch for at least one milestone in our codebase. Log its usage.
+# 2. After that, check if there were any related log events.
+# 3. If no usages were tracked, we could drop the patch (delete this file).
+# 4. Otherwise, audit where and why we need it, and add a comment to that place.
+#
+# See discussion https://gitlab.com/gitlab-org/gitlab/-/issues/378398#note_1143133426
+
+require 'hashie/mash'
+
+module Hashie
+  class Mash
+    module MonkeyPatch
+      def respond_to_missing?(method_name, *args)
+        if method_name == :permitted?
+          Gitlab::AppLogger.info(message: 'Hashie::Mash#respond_to?(:permitted?)',
+                                 caller: Gitlab::BacktraceCleaner.clean_backtrace(caller))
+
+          return false
+        end
+
+        super
+      end
+
+      def method_missing(method_name, *args)
+        if method_name == :permitted?
+          Gitlab::AppLogger.info(message: 'Hashie::Mash#permitted?',
+                                 caller: Gitlab::BacktraceCleaner.clean_backtrace(caller))
+
+          raise ArgumentError
+        end
+
+        super
+      end
+    end
+
+    prepend MonkeyPatch
+  end
+end
diff --git a/config/initializers/memory_watchdog.rb b/config/initializers/memory_watchdog.rb
index ce8e5029e7a..99c5d61293f 100644
--- a/config/initializers/memory_watchdog.rb
+++ b/config/initializers/memory_watchdog.rb
@@ -1,35 +1,14 @@
 # frozen_string_literal: true
 
 return unless Gitlab::Runtime.application?
-return unless Gitlab::Utils.to_boolean(ENV['GITLAB_MEMORY_WATCHDOG_ENABLED'])
+return unless Gitlab::Utils.to_boolean(ENV['GITLAB_MEMORY_WATCHDOG_ENABLED'], default: Gitlab::Runtime.puma?)
 
 Gitlab::Cluster::LifecycleEvents.on_worker_start do
   watchdog = Gitlab::Memory::Watchdog.new
-  max_strikes = ENV.fetch('GITLAB_MEMWD_MAX_STRIKES', 5).to_i
-  sleep_time_seconds = ENV.fetch('GITLAB_MEMWD_SLEEP_TIME_SEC', 60).to_i
-  max_mem_growth = ENV.fetch('GITLAB_MEMWD_MAX_MEM_GROWTH', 3.0).to_f
-  max_heap_frag = ENV.fetch('GITLAB_MEMWD_MAX_HEAP_FRAG', 0.5).to_f
-
-  watchdog.configure do |config|
-    config.handler =
-      if Gitlab::Runtime.puma?
-        Gitlab::Memory::Watchdog::PumaHandler.new
-      elsif Gitlab::Runtime.sidekiq?
-        Gitlab::Memory::Watchdog::TermProcessHandler.new
-      else
-        Gitlab::Memory::Watchdog::NullHandler.instance
-      end
-
-    config.logger = Gitlab::AppLogger
-    config.sleep_time_seconds = sleep_time_seconds
-    # config.monitor.use MonitorClass, args*, max_strikes:, kwargs**, &block
-    config.monitors.use Gitlab::Memory::Watchdog::Monitor::HeapFragmentation,
-      max_heap_fragmentation: max_heap_frag,
-      max_strikes: max_strikes
-
-    config.monitors.use Gitlab::Memory::Watchdog::Monitor::UniqueMemoryGrowth,
-      max_mem_growth: max_mem_growth,
-      max_strikes: max_strikes
+  if Gitlab::Runtime.puma?
+    watchdog.configure(&Gitlab::Memory::Watchdog::Configurator.configure_for_puma)
+  elsif Gitlab::Runtime.sidekiq?
+    watchdog.configure(&Gitlab::Memory::Watchdog::Configurator.configure_for_sidekiq)
   end
 
   Gitlab::BackgroundTask.new(watchdog).start
diff --git a/config/initializers/sawyer_patch.rb b/config/initializers/sawyer_patch.rb
index 34d2843d165..2a946cf0f7d 100644
--- a/config/initializers/sawyer_patch.rb
+++ b/config/initializers/sawyer_patch.rb
@@ -6,47 +6,21 @@ module SawyerClassPatch
   def attr_accessor(*attrs)
     attrs.each do |attribute|
       class_eval do
-        # rubocop:disable Gitlab/ModuleWithInstanceVariables
-        if method_defined?(attribute) || method_defined?("#{attribute}=") || method_defined?("#{attribute}?")
-          define_method attribute do
-            raise Sawyer::Error,
-              "Sawyer method \"#{attribute}\" overlaps Ruby method. Convert to a hash to access the attribute."
-          end
-
-          define_method "#{attribute}=" do |value|
-            raise Sawyer::Error,
-              "Sawyer method \"#{attribute}\" overlaps Ruby method. Convert to a hash to access the attribute."
-          end
-
-          define_method "#{attribute}?" do
-            raise Sawyer::Error,
-              "Sawyer method \"#{attribute}\" overlaps Ruby method. Convert to a hash to access the attribute."
-          end
-        else
-          define_method attribute do
-            Gitlab::Import::Logger.warn(
-              Gitlab::ApplicationContext.current.merge(
-                {
-                  message: 'Sawyer attribute called',
-                  attribute: attribute,
-                  caller: Gitlab::BacktraceCleaner.clean_backtrace(caller)
-                }
-              )
-            )
-
-            @attrs[attribute.to_sym]
-          end
+        define_method attribute do
+          raise Sawyer::Error,
+            "Sawyer method \"#{attribute}\" access is forbidden. Convert to a hash to access the attribute."
+        end
 
-          define_method "#{attribute}=" do |value|
-            @attrs[attribute.to_sym] = value
-          end
+        define_method "#{attribute}=" do |value|
+          raise Sawyer::Error,
+            "Sawyer method \"#{attribute}=\" access is forbidden. Convert to a hash to access the attribute."
+        end
 
-          define_method "#{attribute}?" do
-            !!@attrs[attribute.to_sym]
-          end
+        define_method "#{attribute}?" do
+          raise Sawyer::Error,
+            "Sawyer method \"#{attribute}?\" overlaps Ruby method. Convert to a hash to access the attribute."
         end
       end
-      # rubocop:enable Gitlab/ModuleWithInstanceVariables
     end
   end
 end
diff --git a/config/initializers/sidekiq.rb b/config/initializers/sidekiq.rb
index cef34425bf4..363438849ed 100644
--- a/config/initializers/sidekiq.rb
+++ b/config/initializers/sidekiq.rb
@@ -35,19 +35,19 @@ enable_json_logs = Gitlab.config.sidekiq.log_format == 'json'
 enable_sidekiq_memory_killer = ENV['SIDEKIQ_MEMORY_KILLER_MAX_RSS'].to_i.nonzero?
 
 Sidekiq.configure_server do |config|
-  config.options[:strict] = false
-  config.options[:queues] = Gitlab::SidekiqConfig.expand_queues(config.options[:queues])
+  config[:strict] = false
+  config[:queues] = Gitlab::SidekiqConfig.expand_queues(config[:queues])
 
   if enable_json_logs
     config.log_formatter = Gitlab::SidekiqLogging::JSONFormatter.new
-    config.options[:job_logger] = Gitlab::SidekiqLogging::StructuredLogger
+    config[:job_logger] = Gitlab::SidekiqLogging::StructuredLogger
 
     # Remove the default-provided handler. The exception is logged inside
     # Gitlab::SidekiqLogging::StructuredLogger
-    config.error_handlers.reject! { |handler| handler.is_a?(Sidekiq::ExceptionHandler::Logger) }
+    config.error_handlers.delete(Sidekiq::DEFAULT_ERROR_HANDLER)
   end
 
-  Sidekiq.logger.info "Listening on queues #{config.options[:queues].uniq.sort}"
+  Sidekiq.logger.info "Listening on queues #{config[:queues].uniq.sort}"
 
   config.redis = queues_config_hash
 
@@ -83,14 +83,18 @@ Sidekiq.configure_server do |config|
     end
   end
 
+  config.on(:shutdown) do
+    Gitlab::Cluster::LifecycleEvents.do_worker_stop
+  end
+
   if enable_reliable_fetch?
-    config.options[:semi_reliable_fetch] = enable_semi_reliable_fetch_mode?
+    config[:semi_reliable_fetch] = enable_semi_reliable_fetch_mode?
     Sidekiq::ReliableFetch.setup_reliable_fetch!(config)
   end
 
   Gitlab::SidekiqVersioning.install!
 
-  config.options[:cron_poll_interval] = Gitlab.config.cron_jobs.poll_interval
+  config[:cron_poll_interval] = Gitlab.config.cron_jobs.poll_interval
   load_cron_jobs!
 
   # Avoid autoload issue such as 'Mail::Parsers::AddressStruct'
@@ -114,3 +118,4 @@ end
 
 Sidekiq::Scheduled::Poller.prepend Gitlab::Patch::SidekiqPoller
 Sidekiq::Cron::Poller.prepend Gitlab::Patch::SidekiqPoller
+Sidekiq::Cron::Poller.prepend Gitlab::Patch::SidekiqCronPoller
diff --git a/config/initializers/sidekiq_cluster.rb b/config/initializers/sidekiq_cluster.rb
index 6fd598b3e25..5851e3bd838 100644
--- a/config/initializers/sidekiq_cluster.rb
+++ b/config/initializers/sidekiq_cluster.rb
@@ -19,7 +19,7 @@ if ENV['ENABLE_SIDEKIQ_CLUSTER']
       # Allow sidekiq to cleanly terminate and push any running jobs back
       # into the queue.  We use the configured timeout and add a small
       # grace period
-      sleep(Sidekiq.options[:timeout] + 5)
+      sleep(Sidekiq[:timeout] + 5)
 
       # Signaling the Sidekiq Pgroup as KILL is not forwarded to
       # a possible child process. In Sidekiq Cluster, all child Sidekiq
diff --git a/config/initializers/types.rb b/config/initializers/types.rb
new file mode 100644
index 00000000000..4a20e257469
--- /dev/null
+++ b/config/initializers/types.rb
@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+ActiveRecord::Type.register(:sym_jsonb, Gitlab::Database::Type::SymbolizedJsonb)
diff --git a/config/initializers/zz_metrics.rb b/config/initializers/zz_metrics.rb
index 940d8eed61f..ff3ae9a2467 100644
--- a/config/initializers/zz_metrics.rb
+++ b/config/initializers/zz_metrics.rb
@@ -40,8 +40,9 @@ if Gitlab::Metrics.enabled? && !Rails.env.test? && !(Rails.env.development? && d
   if Gitlab::Runtime.puma?
     Gitlab::Metrics::RequestsRackMiddleware.initialize_metrics
     Gitlab::Metrics::GlobalSearchSlis.initialize_slis!
-  elsif Gitlab.ee? && Gitlab::Runtime.sidekiq?
-    Gitlab::Metrics::GlobalSearchIndexingSlis.initialize_slis!
+  elsif Gitlab::Runtime.sidekiq?
+    Gitlab::Metrics::GlobalSearchIndexingSlis.initialize_slis! if Gitlab.ee?
+    Gitlab::Metrics::LooseForeignKeysSlis.initialize_slis!
   end
 
   GC::Profiler.enable