Add latest changes from gitlab-org/gitlab@master

5 files changed, 30 insertions, 3 deletions

diff --git a/config/feature_flags/development/add_issues_button.yml b/config/feature_flags/development/add_issues_button.yml
new file mode 100644
index 00000000000..cc4727a29c4
--- /dev/null
+++ b/config/feature_flags/development/add_issues_button.yml
@@ -0,0 +1,8 @@
+---
+name: add_issues_button
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/47898
+rollout_issue_url:
+milestone: '13.6'
+type: development
+group: group::project management
+default_enabled: false
diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index 8822e57e153..948724bdf76 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -1042,6 +1042,10 @@ production: &base
   shared:
     # path: /mnt/gitlab # Default: shared
 
+  # Encrypted Settings configuration
+  encrypted_settings:
+    # path: /mnt/gitlab/encrypted_settings  # Default: shared/encrypted_settings
+
   # Gitaly settings
   gitaly:
     # Path to the directory containing Gitaly client executables.
diff --git a/config/initializers/01_secret_token.rb b/config/initializers/01_secret_token.rb
index 5949f463457..d7e725477eb 100644
--- a/config/initializers/01_secret_token.rb
+++ b/config/initializers/01_secret_token.rb
@@ -34,6 +34,9 @@ def create_tokens
     openid_connect_signing_key: generate_new_rsa_private_key
   }
 
+  # encrypted_settings_key_base is optional for now
+  defaults[:encrypted_settings_key_base] = generate_new_secure_token if ENV['GITLAB_GENERATE_ENCRYPTED_SETTINGS_KEY_BASE']
+
   missing_secrets = set_missing_keys(defaults)
   write_secrets_yml(missing_secrets) unless missing_secrets.empty?
 
diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb
index d0c4cccd874..f2315b2a431 100644
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -3,6 +3,13 @@ require_relative '../object_store_settings'
 require_relative '../smime_signature_settings'
 
 # Default settings
+Settings['shared'] ||= Settingslogic.new({})
+Settings.shared['path'] = Settings.absolute(Settings.shared['path'] || "shared")
+
+Settings['encrypted_settings'] ||= Settingslogic.new({})
+Settings.encrypted_settings['path'] ||= File.join(Settings.shared['path'], "encrypted_settings")
+Settings.encrypted_settings['path'] = Settings.absolute(Settings.encrypted_settings['path'])
+
 Settings['ldap'] ||= Settingslogic.new({})
 Settings.ldap['enabled'] = false if Settings.ldap['enabled'].nil?
 Settings.ldap['prevent_ldap_sign_in'] = false if Settings.ldap['prevent_ldap_sign_in'].blank?
@@ -140,9 +147,6 @@ if Gitlab.ee? && Rails.env.test? && !saml_provider_enabled
   Settings.omniauth.providers << Settingslogic.new({ 'name' => 'group_saml' })
 end
 
-Settings['shared'] ||= Settingslogic.new({})
-Settings.shared['path'] = Settings.absolute(Settings.shared['path'] || "shared")
-
 Settings['issues_tracker'] ||= {}
 
 #
diff --git a/config/settings.rb b/config/settings.rb
index c681fa32491..3369f2a4480 100644
--- a/config/settings.rb
+++ b/config/settings.rb
@@ -152,6 +152,14 @@ class Settings < Settingslogic
       Gitlab::Application.secrets.db_key_base
     end
 
+    def encrypted(path)
+      Gitlab::EncryptedConfiguration.new(
+        content_path: path,
+        base_key: Gitlab::Application.secrets.encrypted_settings_key_base,
+        previous_keys: Gitlab::Application.secrets.rotated_encrypted_settings_key_base || []
+      )
+    end
+
     def load_dynamic_cron_schedules!
       cron_jobs['gitlab_usage_ping_worker']['cron'] ||= cron_for_usage_ping
     end