Add latest changes from gitlab-org/gitlab@13-0-stable-ee

13 files changed, 36 insertions, 104 deletions

diff --git a/config/initializers/0_thread_cache.rb b/config/initializers/0_thread_cache.rb
deleted file mode 100644
index feb8057132e..00000000000
--- a/config/initializers/0_thread_cache.rb
+++ /dev/null
@@ -1,3 +0,0 @@
-# frozen_string_literal: true
-
-Gitlab::ThreadMemoryCache.cache_backend
diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb
index c3fcd0f8ff0..c0cd491547a 100644
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -487,6 +487,12 @@ Settings.cron_jobs['namespaces_prune_aggregation_schedules_worker']['job_class']
 Settings.cron_jobs['container_expiration_policy_worker'] ||= Settingslogic.new({})
 Settings.cron_jobs['container_expiration_policy_worker']['cron'] ||= '50 * * * *'
 Settings.cron_jobs['container_expiration_policy_worker']['job_class'] = 'ContainerExpirationPolicyWorker'
+Settings.cron_jobs['x509_issuer_crl_check_worker'] ||= Settingslogic.new({})
+Settings.cron_jobs['x509_issuer_crl_check_worker']['cron'] ||= '30 1 * * *'
+Settings.cron_jobs['x509_issuer_crl_check_worker']['job_class'] = 'X509IssuerCrlCheckWorker'
+Settings.cron_jobs['users_create_statistics_worker'] ||= Settingslogic.new({})
+Settings.cron_jobs['users_create_statistics_worker']['cron'] ||= '2 15 * * *'
+Settings.cron_jobs['users_create_statistics_worker']['job_class'] = 'Users::CreateStatisticsWorker'
 
 Gitlab.ee do
   Settings.cron_jobs['adjourned_group_deletion_worker'] ||= Settingslogic.new({})
@@ -549,9 +555,6 @@ Gitlab.ee do
   Settings.cron_jobs['sync_seat_link_worker'] ||= Settingslogic.new({})
   Settings.cron_jobs['sync_seat_link_worker']['cron'] ||= "#{rand(60)} 0 * * *"
   Settings.cron_jobs['sync_seat_link_worker']['job_class'] = 'SyncSeatLinkWorker'
-  Settings.cron_jobs['users_create_statistics_worker'] ||= Settingslogic.new({})
-  Settings.cron_jobs['users_create_statistics_worker']['cron'] ||= '2 15 * * *'
-  Settings.cron_jobs['users_create_statistics_worker']['job_class'] = 'Users::CreateStatisticsWorker'
 end
 
 #
@@ -698,7 +701,6 @@ Settings.rack_attack.git_basic_auth['ip_whitelist'] ||= %w{127.0.0.1}
 Settings.rack_attack.git_basic_auth['maxretry'] ||= 10
 Settings.rack_attack.git_basic_auth['findtime'] ||= 1.minute
 Settings.rack_attack.git_basic_auth['bantime'] ||= 1.hour
-Settings.rack_attack['admin_area_protected_paths_enabled'] ||= false
 
 #
 # Gitaly
@@ -715,6 +717,12 @@ Settings.webpack.dev_server['host']    ||= 'localhost'
 Settings.webpack.dev_server['port']    ||= 3808
 
 #
+# ActionCable settings
+#
+Settings['action_cable'] ||= Settingslogic.new({})
+Settings.action_cable['worker_pool_size'] ||= 4
+
+#
 # Monitoring settings
 #
 Settings['monitoring'] ||= Settingslogic.new({})
diff --git a/config/initializers/7_prometheus_metrics.rb b/config/initializers/7_prometheus_metrics.rb
index 3ad90ad7d65..267a1f0b1a5 100644
--- a/config/initializers/7_prometheus_metrics.rb
+++ b/config/initializers/7_prometheus_metrics.rb
@@ -44,6 +44,10 @@ if !Rails.env.test? && Gitlab::Metrics.prometheus_metrics_enabled?
 
     Gitlab::Metrics::Samplers::RubySampler.initialize_instance(Settings.monitoring.ruby_sampler_interval).start
 
+    if Gitlab::Utils.to_boolean(ENV['ENABLE_DATABASE_CONNECTION_POOL_METRICS'])
+      Gitlab::Metrics::Samplers::DatabaseSampler.initialize_instance(Gitlab::Metrics::Samplers::DatabaseSampler::SAMPLING_INTERVAL_SECONDS).start
+    end
+
     if Gitlab.ee? && Gitlab::Runtime.sidekiq?
       Gitlab::Metrics::Samplers::GlobalSearchSampler.instance(Settings.monitoring.global_search_sampler_interval).start
     end
@@ -61,6 +65,8 @@ if !Rails.env.test? && Gitlab::Metrics.prometheus_metrics_enabled?
       Gitlab::Metrics::Samplers::PumaSampler.instance(Settings.monitoring.puma_sampler_interval).start
     end
 
+    Gitlab::Metrics.gauge(:deployments, 'GitLab Version', {}, :max).set({ version: Gitlab::VERSION }, 1)
+
     Gitlab::Metrics::RequestsRackMiddleware.initialize_http_request_duration_seconds
   rescue IOError => e
     Gitlab::ErrorTracking.track_exception(e)
diff --git a/config/initializers/action_cable.rb b/config/initializers/action_cable.rb
new file mode 100644
index 00000000000..eb44ff00d09
--- /dev/null
+++ b/config/initializers/action_cable.rb
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+Rails.application.configure do
+  # We only mount the ActionCable engine in tests where we run it in-app
+  # For other environments, we run it on a standalone Puma server
+  config.action_cable.mount_path = Rails.env.test? ? '/-/cable' : nil
+  config.action_cable.url = Gitlab::Utils.append_path(Gitlab.config.gitlab.relative_url_root, '/-/cable')
+  config.action_cable.worker_pool_size = Gitlab.config.action_cable.worker_pool_size
+end
diff --git a/config/initializers/actioncable.rb b/config/initializers/actioncable.rb
deleted file mode 100644
index ed96f965150..00000000000
--- a/config/initializers/actioncable.rb
+++ /dev/null
@@ -1,8 +0,0 @@
-# frozen_string_literal: true
-
-Rails.application.configure do
-  # Prevents the default engine from being mounted because
-  # we're running ActionCable as a standalone server
-  config.action_cable.mount_path = nil
-  config.action_cable.url = Gitlab::Utils.append_path(Gitlab.config.gitlab.relative_url_root, '/-/cable')
-end
diff --git a/config/initializers/active_record_fix_insert_all.rb b/config/initializers/active_record_fix_insert_all.rb
deleted file mode 100644
index 8ae208dd0e5..00000000000
--- a/config/initializers/active_record_fix_insert_all.rb
+++ /dev/null
@@ -1,26 +0,0 @@
-# frozen_string_literal: true
-
-# This fix is needed to properly support
-# columns that perform data mutation to a SQL datatype
-# ex. would be `jsonb` and `enum`
-#
-# This is covered by tests in `BulkInsertSafe`
-# that validates handling of different data types
-
-if Rails.gem_version > Gem::Version.new("6.0.2")
-  raise Gem::DependencyError,
-    "Remove patch once the https://github.com/rails/rails/pull/38763 is included"
-end
-
-module ActiveRecordInsertAllBuilderMixin
-  def extract_types_from_columns_on(table_name, keys:)
-    columns = connection.schema_cache.columns_hash(table_name)
-
-    unknown_column = (keys - columns.keys).first
-    raise UnknownAttributeError.new(model.new, unknown_column) if unknown_column
-
-    keys.index_with { |key| model.type_for_attribute(key) }
-  end
-end
-
-ActiveRecord::InsertAll::Builder.prepend(ActiveRecordInsertAllBuilderMixin)
diff --git a/config/initializers/cookies_serializer.rb b/config/initializers/cookies_serializer.rb
index a04d5044f4e..fa1736dfea6 100644
--- a/config/initializers/cookies_serializer.rb
+++ b/config/initializers/cookies_serializer.rb
@@ -1,4 +1,4 @@
 # Be sure to restart your server when you modify this file.
 
-Rails.application.config.action_dispatch.use_cookies_with_metadata = false
+Rails.application.config.action_dispatch.use_cookies_with_metadata = true
 Rails.application.config.action_dispatch.cookies_serializer = :hybrid
diff --git a/config/initializers/gettext_rails_i18n_patch.rb b/config/initializers/gettext_rails_i18n_patch.rb
index 714dd505824..09c9b325a04 100644
--- a/config/initializers/gettext_rails_i18n_patch.rb
+++ b/config/initializers/gettext_rails_i18n_patch.rb
@@ -45,7 +45,7 @@ module GettextI18nRailsJs
       private
 
       def gettext_messages_by_file
-        @gettext_messages_by_file ||= JSON.parse(load_messages)
+        @gettext_messages_by_file ||= Gitlab::Json.parse(load_messages)
       end
 
       def load_messages
diff --git a/config/initializers/measuring.rb b/config/initializers/measuring.rb
new file mode 100644
index 00000000000..79258cda365
--- /dev/null
+++ b/config/initializers/measuring.rb
@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+Gitlab::Utils::Measuring.logger = Gitlab::Services::Logger.build
diff --git a/config/initializers/rack_attack.rb.example b/config/initializers/rack_attack.rb.example
deleted file mode 100644
index 69052c029f2..00000000000
--- a/config/initializers/rack_attack.rb.example
+++ /dev/null
@@ -1,29 +0,0 @@
-# 1. Rename this file to rack_attack.rb
-# 2. Review the paths_to_be_protected and add any other path you need protecting
-#
-# If you change this file in a Merge Request, please also create a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests
-
-paths_to_be_protected = [
-  "#{Rails.application.config.relative_url_root}/users/password",
-  "#{Rails.application.config.relative_url_root}/users/sign_in",
-  "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session.json",
-  "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session",
-  "#{Rails.application.config.relative_url_root}/users",
-  "#{Rails.application.config.relative_url_root}/users/confirmation",
-  "#{Rails.application.config.relative_url_root}/unsubscribes/",
-  "#{Rails.application.config.relative_url_root}/import/github/personal_access_token"
-
-]
-
-# Create one big regular expression that matches strings starting with any of
-# the paths_to_be_protected.
-paths_regex = Regexp.union(paths_to_be_protected.map { |path| /\A#{Regexp.escape(path)}/ })
-rack_attack_enabled = Gitlab.config.rack_attack.git_basic_auth['enabled']
-
-unless Rails.env.test? || !rack_attack_enabled
-  Rack::Attack.throttle('protected paths', limit: 10, period: 60.seconds) do |req|
-    if req.post? && req.path =~ paths_regex
-      req.ip
-    end
-  end
-end
diff --git a/config/initializers/rack_attack_new.rb b/config/initializers/rack_attack_new.rb
index 267d4c1eda9..51b49bec864 100644
--- a/config/initializers/rack_attack_new.rb
+++ b/config/initializers/rack_attack_new.rb
@@ -8,17 +8,9 @@ module Gitlab::Throttle
 
   # Returns true if we should use the Admin Area protected paths throttle
   def self.protected_paths_enabled?
-    return false if should_use_omnibus_protected_paths?
-
     self.settings.throttle_protected_paths_enabled?
   end
 
-  # To be removed in 13.0: https://gitlab.com/gitlab-org/gitlab/issues/29952
-  def self.should_use_omnibus_protected_paths?
-    !Settings.rack_attack.admin_area_protected_paths_enabled &&
-      self.omnibus_protected_paths_present?
-  end
-
   def self.omnibus_protected_paths_present?
     Rack::Attack.throttles.key?('protected paths')
   end
@@ -168,5 +160,5 @@ class Rack::Attack
   end
 end
 
-::Rack::Attack.extend_if_ee('::EE::Gitlab::Rack::Attack') # rubocop: disable Cop/InjectEnterpriseEditionModule
+::Rack::Attack.extend_if_ee('::EE::Gitlab::Rack::Attack')
 ::Rack::Attack::Request.prepend_if_ee('::EE::Gitlab::Rack::Attack::Request')
diff --git a/config/initializers/sidekiq.rb b/config/initializers/sidekiq.rb
index fa4fc2d2c7b..febcedfee82 100644
--- a/config/initializers/sidekiq.rb
+++ b/config/initializers/sidekiq.rb
@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-require 'sidekiq/web'
-
 def enable_reliable_fetch?
   return true unless Feature::FlipperFeature.table_exists?
 
@@ -14,26 +12,14 @@ def enable_semi_reliable_fetch_mode?
   Feature.enabled?(:gitlab_sidekiq_enable_semi_reliable_fetcher, default_enabled: true)
 end
 
-# Disable the Sidekiq Rack session since GitLab already has its own session store.
-# CSRF protection still works (https://github.com/mperham/sidekiq/commit/315504e766c4fd88a29b7772169060afc4c40329).
-Sidekiq::Web.set :sessions, false
-
 # Custom Queues configuration
 queues_config_hash = Gitlab::Redis::Queues.params
 queues_config_hash[:namespace] = Gitlab::Redis::Queues::SIDEKIQ_NAMESPACE
 
-# Default is to retry 25 times with exponential backoff. That's too much.
-Sidekiq.default_worker_options = { retry: 3 }
-
-if Rails.env.development?
-  Sidekiq.default_worker_options[:backtrace] = true
-end
-
 enable_json_logs = Gitlab.config.sidekiq.log_format == 'json'
 enable_sidekiq_memory_killer = ENV['SIDEKIQ_MEMORY_KILLER_MAX_RSS'].to_i.nonzero?
 use_sidekiq_daemon_memory_killer = ENV["SIDEKIQ_DAEMON_MEMORY_KILLER"].to_i.nonzero?
 use_sidekiq_legacy_memory_killer = !use_sidekiq_daemon_memory_killer
-use_request_store = ENV.fetch('SIDEKIQ_REQUEST_STORE', 1).to_i.nonzero?
 
 Sidekiq.configure_server do |config|
   if enable_json_logs
@@ -50,8 +36,7 @@ Sidekiq.configure_server do |config|
   config.server_middleware(&Gitlab::SidekiqMiddleware.server_configurator({
     metrics: Settings.monitoring.sidekiq_exporter,
     arguments_logger: ENV['SIDEKIQ_LOG_ARGUMENTS'] && !enable_json_logs,
-    memory_killer: enable_sidekiq_memory_killer && use_sidekiq_legacy_memory_killer,
-    request_store: use_request_store
+    memory_killer: enable_sidekiq_memory_killer && use_sidekiq_legacy_memory_killer
   }))
 
   config.client_middleware(&Gitlab::SidekiqMiddleware.client_configurator)
@@ -77,7 +62,7 @@ Sidekiq.configure_server do |config|
 
   # Sidekiq-cron: load recurring jobs from gitlab.yml
   # UGLY Hack to get nested hash from settingslogic
-  cron_jobs = JSON.parse(Gitlab.config.cron_jobs.to_json)
+  cron_jobs = Gitlab::Json.parse(Gitlab.config.cron_jobs.to_json)
   # UGLY hack: Settingslogic doesn't allow 'class' key
   cron_jobs_required_keys = %w(job_class cron)
   cron_jobs.each do |k, v|
diff --git a/config/initializers/zz_metrics.rb b/config/initializers/zz_metrics.rb
index 5bbfb97277c..26f6743f480 100644
--- a/config/initializers/zz_metrics.rb
+++ b/config/initializers/zz_metrics.rb
@@ -100,7 +100,7 @@ def instrument_classes(instrumentation)
     instrumentation.instrument_instance_methods(Gitlab::Elastic::ProjectSearchResults)
     instrumentation.instrument_instance_methods(Gitlab::Elastic::Indexer)
     instrumentation.instrument_instance_methods(Gitlab::Elastic::SnippetSearchResults)
-    instrumentation.instrument_methods(Gitlab::Elastic::Helper)
+    instrumentation.instrument_instance_methods(Gitlab::Elastic::Helper)
 
     instrumentation.instrument_instance_methods(Elastic::ApplicationVersionedSearch)
     instrumentation.instrument_instance_methods(Elastic::ProjectsSearch)
@@ -135,7 +135,6 @@ end
 # loading of our custom migration templates.
 if Gitlab::Metrics.enabled? && !Rails.env.test? && !(Rails.env.development? && defined?(Rails::Generators))
   require 'pathname'
-  require 'influxdb'
   require 'connection_pool'
   require 'method_source'
 
@@ -193,10 +192,6 @@ if Gitlab::Metrics.enabled? && !Rails.env.test? && !(Rails.env.development? && d
 
   GC::Profiler.enable
 
-  Gitlab::Cluster::LifecycleEvents.on_worker_start do
-    Gitlab::Metrics::Samplers::InfluxSampler.initialize_instance.start
-  end
-
   module TrackNewRedisConnections
     def connect(*args)
       val = super