Add latest changes from gitlab-org/gitlab@13-4-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-09-19 04:45:44 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-09-19 04:45:44 +0300
commit: 85dc423f7090da0a52c73eb66faf22ddb20efff9 (patch)
tree: 9160f299afd8c80c038f08e1545be119f5e3f1e1 /config/initializers
parent: 15c2c8c66dbe422588e5411eee7e68f1fa440bb8 (diff)
17 files changed, 107 insertions, 25 deletions
diff --git a/config/initializers/0_inject_feature_flags.rb b/config/initializers/0_inject_feature_flags.rb
index 45e6546e294..5b33b3bb4ea 100644
--- a/config/initializers/0_inject_feature_flags.rb
+++ b/config/initializers/0_inject_feature_flags.rb
@@ -3,3 +3,4 @@
 
 Feature.register_feature_groups
 Feature.register_definitions
+Feature.register_hot_reloader unless Rails.configuration.cache_classes
diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb
index 628d9c65ce0..6ccd027dd5d 100644
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -176,8 +176,8 @@ Settings.gitlab['user'] ||= 'git'
 Settings.gitlab['ssh_user'] ||= Settings.gitlab.user
 Settings.gitlab['user_home'] ||= begin
   Etc.getpwnam(Settings.gitlab['user']).dir
-rescue ArgumentError # no user configured
-  '/home/' + Settings.gitlab['user']
+                                 rescue ArgumentError # no user configured
+                                   '/home/' + Settings.gitlab['user']
 end
 Settings.gitlab['time_zone'] ||= nil
 Settings.gitlab['signup_enabled'] ||= true if Settings.gitlab['signup_enabled'].nil?
@@ -511,6 +511,12 @@ Settings.cron_jobs['update_container_registry_info_worker']['job_class'] = 'Upda
 Settings.cron_jobs['postgres_dynamic_partitions_creator'] ||= Settingslogic.new({})
 Settings.cron_jobs['postgres_dynamic_partitions_creator']['cron'] ||= '21 */6 * * *'
 Settings.cron_jobs['postgres_dynamic_partitions_creator']['job_class'] ||= 'PartitionCreationWorker'
+Settings.cron_jobs['ci_platform_metrics_update_cron_worker'] ||= Settingslogic.new({})
+Settings.cron_jobs['ci_platform_metrics_update_cron_worker']['cron'] ||= '47 9 * * *'
+Settings.cron_jobs['ci_platform_metrics_update_cron_worker']['job_class'] = 'CiPlatformMetricsUpdateCronWorker'
+Settings.cron_jobs['analytics_instance_statistics_count_job_trigger_worker'] ||= Settingslogic.new({})
+Settings.cron_jobs['analytics_instance_statistics_count_job_trigger_worker']['cron'] ||= '50 23 */1 * *'
+Settings.cron_jobs['analytics_instance_statistics_count_job_trigger_worker']['job_class'] ||= 'Analytics::InstanceStatistics::CountJobTriggerWorker'
 
 Gitlab.ee do
   Settings.cron_jobs['adjourned_group_deletion_worker'] ||= Settingslogic.new({})
@@ -635,6 +641,12 @@ Settings['workhorse'] ||= Settingslogic.new({})
 Settings.workhorse['secret_file'] ||= Rails.root.join('.gitlab_workhorse_secret')
 
 #
+# GitLab KAS
+#
+Settings['gitlab_kas'] ||= Settingslogic.new({})
+Settings.gitlab_kas['secret_file'] ||= Rails.root.join('.gitlab_kas_secret')
+
+#
 # Repositories
 #
 Settings['repositories'] ||= Settingslogic.new({})
@@ -772,6 +784,7 @@ Settings.monitoring['ip_whitelist'] ||= ['127.0.0.1/8']
 Settings.monitoring['unicorn_sampler_interval'] ||= 10
 Settings.monitoring['sidekiq_exporter'] ||= Settingslogic.new({})
 Settings.monitoring.sidekiq_exporter['enabled'] ||= false
+Settings.monitoring.sidekiq_exporter['log_enabled'] ||= false
 Settings.monitoring.sidekiq_exporter['address'] ||= 'localhost'
 Settings.monitoring.sidekiq_exporter['port'] ||= 8082
 Settings.monitoring['web_exporter'] ||= Settingslogic.new({})
diff --git a/config/initializers/7_prometheus_metrics.rb b/config/initializers/7_prometheus_metrics.rb
index cec1a213ed2..d5d8587f1c8 100644
--- a/config/initializers/7_prometheus_metrics.rb
+++ b/config/initializers/7_prometheus_metrics.rb
@@ -16,7 +16,7 @@ def prometheus_default_multiproc_dir
 end
 
 Prometheus::Client.configure do |config|
-  config.logger = Rails.logger # rubocop:disable Gitlab/RailsLogger
+  config.logger = Gitlab::AppLogger
 
   config.initial_mmap_file_size = 4 * 1024
 
@@ -46,6 +46,10 @@ if !Rails.env.test? && Gitlab::Metrics.prometheus_metrics_enabled?
     Gitlab::Metrics::Samplers::DatabaseSampler.initialize_instance.start
     Gitlab::Metrics::Samplers::ThreadsSampler.initialize_instance.start
 
+    if Gitlab::Runtime.action_cable?
+      Gitlab::Metrics::Samplers::ActionCableSampler.instance.start
+    end
+
     if Gitlab.ee? && Gitlab::Runtime.sidekiq?
       Gitlab::Metrics::Samplers::GlobalSearchSampler.instance.start
     end
diff --git a/config/initializers/8_devise.rb b/config/initializers/8_devise.rb
index 2be6e535fee..b91a4622ce8 100644
--- a/config/initializers/8_devise.rb
+++ b/config/initializers/8_devise.rb
@@ -41,7 +41,7 @@ Devise.setup do |config|
   # Configure which authentication keys should be case-insensitive.
   # These keys will be downcased upon creating or modifying a user and when used
   # to authenticate or find a user. Default is :email.
-  config.case_insensitive_keys = [:email, :email_confirmation]
+  config.case_insensitive_keys = [:email]
 
   # Configure which authentication keys should have whitespace stripped.
   # These keys will have whitespace before and after removed upon creating or
diff --git a/config/initializers/active_record_lifecycle.rb b/config/initializers/active_record_lifecycle.rb
index 493d328b93e..4d63ffaf711 100644
--- a/config/initializers/active_record_lifecycle.rb
+++ b/config/initializers/active_record_lifecycle.rb
@@ -7,7 +7,7 @@ if defined?(ActiveRecord::Base) && !Gitlab::Runtime.sidekiq?
     ActiveSupport.on_load(:active_record) do
       ActiveRecord::Base.establish_connection
 
-      Rails.logger.debug("ActiveRecord connection established") # rubocop:disable Gitlab/RailsLogger
+      Gitlab::AppLogger.debug("ActiveRecord connection established")
     end
   end
 end
@@ -20,6 +20,6 @@ if defined?(ActiveRecord::Base)
     # as there's no need for the master process to hold a connection
     ActiveRecord::Base.connection.disconnect!
 
-    Rails.logger.debug("ActiveRecord connection disconnected") # rubocop:disable Gitlab/RailsLogger
+    Gitlab::AppLogger.debug("ActiveRecord connection disconnected")
   end
 end
diff --git a/config/initializers/backtrace_silencers.rb b/config/initializers/backtrace_silencers.rb
index f25bb7d25fa..2f892f78112 100644
--- a/config/initializers/backtrace_silencers.rb
+++ b/config/initializers/backtrace_silencers.rb
@@ -2,7 +2,7 @@ Rails.backtrace_cleaner.remove_silencers!
 
 # This allows us to see the proper caller of SQL calls in {development,test}.log
 if (Rails.env.development? || Rails.env.test?) && Gitlab.ee?
-  Rails.backtrace_cleaner.add_silencer { |line| line =~ %r(^ee/lib/gitlab/database/load_balancing) }
+  Rails.backtrace_cleaner.add_silencer { |line| %r(^ee/lib/gitlab/database/load_balancing).match?(line) }
 end
 
-Rails.backtrace_cleaner.add_silencer { |line| line !~ Gitlab::APP_DIRS_PATTERN }
+Rails.backtrace_cleaner.add_silencer { |line| !Gitlab::APP_DIRS_PATTERN.match?(line) }
diff --git a/config/initializers/carrierwave_patch.rb b/config/initializers/carrierwave_patch.rb
index 53fba307926..ad3ff36138f 100644
--- a/config/initializers/carrierwave_patch.rb
+++ b/config/initializers/carrierwave_patch.rb
@@ -7,7 +7,9 @@ require "carrierwave/storage/fog"
 #
 # This patch also incorporates
 # https://github.com/carrierwaveuploader/carrierwave/pull/2375 to
-# provide Azure support. This is already in CarrierWave v2.1.x, but
+# provide Azure support
+# and https://github.com/carrierwaveuploader/carrierwave/pull/2397 to
+# support custom expire_at. This is already in CarrierWave v2.1.x, but
 # upgrading this gem is a significant task:
 # https://gitlab.com/gitlab-org/gitlab/-/issues/216067
 module CarrierWave
@@ -28,7 +30,7 @@ module CarrierWave
             # avoid a get by using local references
             local_directory = connection.directories.new(key: @uploader.fog_directory)
             local_file = local_directory.files.new(key: path)
-            expire_at = ::Fog::Time.now + @uploader.fog_authenticated_url_expiration
+            expire_at = options[:expire_at] || ::Fog::Time.now + @uploader.fog_authenticated_url_expiration
             case @uploader.fog_credentials[:provider]
             when 'AWS', 'Google'
               # Older versions of fog-google do not support options as a parameter
diff --git a/config/initializers/deprecations.rb b/config/initializers/deprecations.rb
index 0d096e34eb7..2b07ca665e2 100644
--- a/config/initializers/deprecations.rb
+++ b/config/initializers/deprecations.rb
@@ -2,7 +2,7 @@ if Rails.env.development? || ENV['GITLAB_LEGACY_PATH_LOG_MESSAGE']
   deprecator = ActiveSupport::Deprecation.new('11.0', 'GitLab')
 
   deprecator.behavior = -> (message, callstack) {
-    Rails.logger.warn("#{message}: #{callstack[1..20].join}") # rubocop:disable Gitlab/RailsLogger
+    Gitlab::AppLogger.warn("#{message}: #{callstack[1..20].join}")
   }
 
   ActiveSupport::Deprecation.deprecate_methods(Gitlab::GitalyClient::StorageSettings, :legacy_disk_path, deprecator: deprecator)
diff --git a/config/initializers/direct_upload_support.rb b/config/initializers/direct_upload_support.rb
index 94e90727f0c..919b80b79c0 100644
--- a/config/initializers/direct_upload_support.rb
+++ b/config/initializers/direct_upload_support.rb
@@ -1,5 +1,7 @@
 class DirectUploadsValidator
-  SUPPORTED_DIRECT_UPLOAD_PROVIDERS = %w(Google AWS AzureRM).freeze
+  SUPPORTED_DIRECT_UPLOAD_PROVIDERS = [ObjectStorage::Config::GOOGLE_PROVIDER,
+                                       ObjectStorage::Config::AWS_PROVIDER,
+                                       ObjectStorage::Config::AZURE_PROVIDER].freeze
 
   ValidationError = Class.new(StandardError)
 
@@ -24,7 +26,7 @@ class DirectUploadsValidator
   def provider_loaded?(provider)
     return false unless SUPPORTED_DIRECT_UPLOAD_PROVIDERS.include?(provider)
 
-    require 'fog/azurerm' if provider == 'AzureRM'
+    require 'fog/azurerm' if provider == ObjectStorage::Config::AZURE_PROVIDER
 
     true
   end
diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb
index ad0b0c2008f..6b54b5074d5 100644
--- a/config/initializers/doorkeeper.rb
+++ b/config/initializers/doorkeeper.rb
@@ -3,6 +3,10 @@ Doorkeeper.configure do
   # Currently supported options are :active_record, :mongoid2, :mongoid3, :mongo_mapper
   orm :active_record
 
+  # Restore to pre-5.1 generator due to breaking change.
+  # See https://gitlab.com/gitlab-org/gitlab/-/issues/244371
+  default_generator_method :hex
+
   # This block will be called to check whether the resource owner is authenticated or not.
   resource_owner_authenticator do
     # Put your resource owner authentication logic here.
@@ -79,13 +83,6 @@ Doorkeeper.configure do
   # Check out the wiki for more information on customization
   access_token_methods :from_access_token_param, :from_bearer_authorization, :from_bearer_param
 
-  # Change the native redirect uri for client apps
-  # When clients register with the following redirect uri, they won't be redirected to any server and the authorization code will be displayed within the provider
-  # The value can be any string. Use nil to disable this feature. When disabled, clients must provide a valid URL
-  # (Similar behaviour: https://developers.google.com/accounts/docs/OAuth2InstalledApp#choosingredirecturi)
-  #
-  native_redirect_uri nil # 'urn:ietf:wg:oauth:2.0:oob'
-
   # Specify what grant flows are enabled in array of Strings. The valid
   # strings and the flows they enable are:
   #
diff --git a/config/initializers/forbid_sidekiq_in_transactions.rb b/config/initializers/forbid_sidekiq_in_transactions.rb
index 9bade443aae..6bcd4dbd52f 100644
--- a/config/initializers/forbid_sidekiq_in_transactions.rb
+++ b/config/initializers/forbid_sidekiq_in_transactions.rb
@@ -28,7 +28,7 @@ module Sidekiq
                 Use an `after_commit` hook, or include `AfterCommitQueue` and use a `run_after_commit` block instead.
                 MSG
               rescue Sidekiq::Worker::EnqueueFromTransactionError => e
-                ::Rails.logger.error(e.message) if ::Rails.env.production?
+                Gitlab::AppLogger.error(e.message) if ::Rails.env.production?
                 Gitlab::ErrorTracking.track_and_raise_for_dev_exception(e)
               end
             end
diff --git a/config/initializers/gitlab_kas_secret.rb b/config/initializers/gitlab_kas_secret.rb
new file mode 100644
index 00000000000..5e86e954684
--- /dev/null
+++ b/config/initializers/gitlab_kas_secret.rb
@@ -0,0 +1 @@
+Gitlab::Kas.ensure_secret!
diff --git a/config/initializers/remove_active_job_execute_callback.rb b/config/initializers/remove_active_job_execute_callback.rb
new file mode 100644
index 00000000000..c8efcb11202
--- /dev/null
+++ b/config/initializers/remove_active_job_execute_callback.rb
@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+return unless Rails.env.test?
+
+Rails.application.configure do
+  config.after_initialize do
+    # We don't care about ActiveJob reloading the code in test env as we run
+    # jobs inline in test env.
+    # So in test, we remove this callback, which calls app.reloader.wrap, and
+    # ultimately calls FileUpdateChecker#updated? which is slow on macOS
+    #
+    # https://github.com/rails/rails/blob/6-0-stable/activejob/lib/active_job/railtie.rb#L39-L46
+    def active_job_railtie_callback?
+      callbacks = ActiveJob::Callbacks.singleton_class.__callbacks[:execute]
+
+      callbacks &&
+        callbacks.send(:chain).size == 1 &&
+        callbacks.first.kind == :around &&
+        callbacks.first.raw_filter.is_a?(Proc) &&
+        callbacks.first.raw_filter.source_location.first.ends_with?('lib/active_job/railtie.rb')
+    end
+
+    if active_job_railtie_callback?
+      ActiveJob::Callbacks.singleton_class.reset_callbacks(:execute)
+    end
+  end
+end
diff --git a/config/initializers/sidekiq.rb b/config/initializers/sidekiq.rb
index febcedfee82..a33c28090e2 100644
--- a/config/initializers/sidekiq.rb
+++ b/config/initializers/sidekiq.rb
@@ -18,7 +18,7 @@ queues_config_hash[:namespace] = Gitlab::Redis::Queues::SIDEKIQ_NAMESPACE
 
 enable_json_logs = Gitlab.config.sidekiq.log_format == 'json'
 enable_sidekiq_memory_killer = ENV['SIDEKIQ_MEMORY_KILLER_MAX_RSS'].to_i.nonzero?
-use_sidekiq_daemon_memory_killer = ENV["SIDEKIQ_DAEMON_MEMORY_KILLER"].to_i.nonzero?
+use_sidekiq_daemon_memory_killer = ENV.fetch("SIDEKIQ_DAEMON_MEMORY_KILLER", 1).to_i.nonzero?
 use_sidekiq_legacy_memory_killer = !use_sidekiq_daemon_memory_killer
 
 Sidekiq.configure_server do |config|
@@ -70,7 +70,7 @@ Sidekiq.configure_server do |config|
       cron_jobs[k]['class'] = cron_jobs[k].delete('job_class')
     else
       cron_jobs.delete(k)
-      Rails.logger.error("Invalid cron_jobs config key: '#{k}'. Check your gitlab config file.") # rubocop:disable Gitlab/RailsLogger
+      Gitlab::AppLogger.error("Invalid cron_jobs config key: '#{k}'. Check your gitlab config file.")
     end
   end
   Sidekiq::Cron::Job.load_from_hash! cron_jobs
diff --git a/config/initializers/trusted_proxies.rb b/config/initializers/trusted_proxies.rb
index 13896408806..93c4d2b10cc 100644
--- a/config/initializers/trusted_proxies.rb
+++ b/config/initializers/trusted_proxies.rb
@@ -15,7 +15,7 @@ end
 
 gitlab_trusted_proxies = Array(Gitlab.config.gitlab.trusted_proxies).map do |proxy|
   IPAddr.new(proxy)
-rescue IPAddr::InvalidAddressError
+                         rescue IPAddr::InvalidAddressError
 end.compact
 
 Rails.application.config.action_dispatch.trusted_proxies = (
diff --git a/config/initializers/warden.rb b/config/initializers/warden.rb
index d8a4da8cdf9..84bda81a33a 100644
--- a/config/initializers/warden.rb
+++ b/config/initializers/warden.rb
@@ -19,7 +19,7 @@ Rails.application.configure do |config|
 
   Warden::Manager.after_authentication(scope: :user) do |user, auth, opts|
     ActiveSession.cleanup(user)
-    Gitlab::AnonymousSession.new(auth.request.remote_ip, session_id: auth.request.session.id).cleanup_session_per_ip_entries
+    Gitlab::AnonymousSession.new(auth.request.remote_ip).cleanup_session_per_ip_count
   end
 
   Warden::Manager.after_set_user(scope: :user, only: :fetch) do |user, auth, opts|
diff --git a/config/initializers/webauthn.rb b/config/initializers/webauthn.rb
new file mode 100644
index 00000000000..8dc5dfd56ed
--- /dev/null
+++ b/config/initializers/webauthn.rb
@@ -0,0 +1,35 @@
+WebAuthn.configure do |config|
+  # This value needs to match `window.location.origin` evaluated by
+  # the User Agent during registration and authentication ceremonies.
+  config.origin = Settings.gitlab['base_url']
+
+  # Relying Party name for display purposes
+  # config.rp_name = "Example Inc."
+
+  # Optionally configure a client timeout hint, in milliseconds.
+  # This hint specifies how long the browser should wait for any
+  # interaction with the user.
+  # This hint may be overridden by the browser.
+  # https://www.w3.org/TR/webauthn/#dom-publickeycredentialcreationoptions-timeout
+  # config.credential_options_timeout = 120_000
+
+  # You can optionally specify a different Relying Party ID
+  # (https://www.w3.org/TR/webauthn/#relying-party-identifier)
+  # if it differs from the default one.
+  #
+  # In this case the default would be "auth.example.com", but you can set it to
+  # the suffix "example.com"
+  #
+  # config.rp_id = "example.com"
+
+  # Configure preferred binary-to-text encoding scheme. This should match the encoding scheme
+  # used in your client-side (user agent) code before sending the credential to the server.
+  # Supported values: `:base64url` (default), `:base64` or `false` to disable all encoding.
+  #
+  config.encoding = :base64
+
+  # Possible values: "ES256", "ES384", "ES512", "PS256", "PS384", "PS512", "RS256", "RS384", "RS512", "RS1"
+  # Default: ["ES256", "PS256", "RS256"]
+  #
+  # config.algorithms << "ES384"
+end
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-09-19 04:45:44 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-09-19 04:45:44 +0300
commit	85dc423f7090da0a52c73eb66faf22ddb20efff9 (patch)
tree	9160f299afd8c80c038f08e1545be119f5e3f1e1 /config/initializers
parent	15c2c8c66dbe422588e5411eee7e68f1fa440bb8 (diff)