Add latest changes from gitlab-org/gitlab@master

17 files changed, 320 insertions, 163 deletions

diff --git a/spec/factories/notes.rb b/spec/factories/notes.rb
index 848590efabc..a15c7625500 100644
--- a/spec/factories/notes.rb
+++ b/spec/factories/notes.rb
@@ -164,6 +164,10 @@ FactoryBot.define do
       attachment { fixture_file_upload("spec/fixtures/git-cheat-sheet.pdf", "application/pdf") }
     end
 
+    trait :confidential do
+      confidential { true }
+    end
+
     transient do
       in_reply_to { nil }
     end
diff --git a/spec/factories/pages_domains.rb b/spec/factories/pages_domains.rb
index f914128ed3b..4efb5c7dbb1 100644
--- a/spec/factories/pages_domains.rb
+++ b/spec/factories/pages_domains.rb
@@ -7,39 +7,11 @@ FactoryBot.define do
     enabled_until { 1.week.from_now }
 
     certificate do
-      '-----BEGIN CERTIFICATE-----
-MIICGzCCAYSgAwIBAgIBATANBgkqhkiG9w0BAQUFADAbMRkwFwYDVQQDExB0ZXN0
-LWNlcnRpZmljYXRlMB4XDTE2MDIxMjE0MzIwMFoXDTIwMDQxMjE0MzIwMFowGzEZ
-MBcGA1UEAxMQdGVzdC1jZXJ0aWZpY2F0ZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEApL4J9L0ZxFJ1hI1LPIflAlAGvm6ZEvoT4qKU5Xf2JgU7/2geNR1qlNFa
-SvCc08Knupp5yTgmvyK/Xi09U0N82vvp4Zvr/diSc4A/RA6Mta6egLySNT438kdT
-nY2tR5feoTLwQpX0t4IMlwGQGT5h6Of2fKmDxzuwuyffcIHqLdsCAwEAAaNvMG0w
-DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUxl9WSxBprB0z0ibJs3rXEk0+95AwCwYD
-VR0PBAQDAgXgMBEGCWCGSAGG+EIBAQQEAwIGQDAeBglghkgBhvhCAQ0EERYPeGNh
-IGNlcnRpZmljYXRlMA0GCSqGSIb3DQEBBQUAA4GBAGC4T8SlFHK0yPSa+idGLQFQ
-joZp2JHYvNlTPkRJ/J4TcXxBTJmArcQgTIuNoBtC+0A/SwdK4MfTCUY4vNWNdese
-5A4K65Nb7Oh1AdQieTBHNXXCdyFsva9/ScfQGEl7p55a52jOPs0StPd7g64uvjlg
-YHi2yesCrOvVXt+lgPTd
------END CERTIFICATE-----'
+      File.read(Rails.root.join('spec/fixtures/', 'ssl_certificate.pem'))
     end
 
     key do
-      '-----BEGIN PRIVATE KEY-----
-MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKS+CfS9GcRSdYSN
-SzyH5QJQBr5umRL6E+KilOV39iYFO/9oHjUdapTRWkrwnNPCp7qaeck4Jr8iv14t
-PVNDfNr76eGb6/3YknOAP0QOjLWunoC8kjU+N/JHU52NrUeX3qEy8EKV9LeCDJcB
-kBk+Yejn9nypg8c7sLsn33CB6i3bAgMBAAECgYA2D26w80T7WZvazYr86BNMePpd
-j2mIAqx32KZHzt/lhh40J/SRtX9+Kl0Y7nBoRR5Ja9u/HkAIxNxLiUjwg9r6cpg/
-uITEF5nMt7lAk391BuI+7VOZZGbJDsq2ulPd6lO+C8Kq/PI/e4kXcIjeH6KwQsuR
-5vrXfBZ3sQfflaiN4QJBANBt8JY2LIGQF8o89qwUpRL5vbnKQ4IzZ5+TOl4RLR7O
-AQpJ81tGuINghO7aunctb6rrcKJrxmEH1whzComybrMCQQDKV49nOBudRBAIgG4K
-EnLzsRKISUHMZSJiYTYnablof8cKw1JaQduw7zgrUlLwnroSaAGX88+Jw1f5n2Lh
-Vlg5AkBDdUGnrDLtYBCDEQYZHblrkc7ZAeCllDOWjxUV+uMqlCv8A4Ey6omvY57C
-m6I8DkWVAQx8VPtozhvHjUw80rZHAkB55HWHAM3h13axKG0htCt7klhPsZHpx6MH
-EPjGlXIT+aW2XiPmK3ZlCDcWIenE+lmtbOpI159Wpk8BGXs/s/xBAkEAlAY3ymgx
-63BDJEwvOb2IaP8lDDxNsXx9XJNVvQbv5n15vNsLHbjslHfAhAbxnLQ1fLhUPqSi
-nNp/xedE1YxutQ==
------END PRIVATE KEY-----'
+      File.read(Rails.root.join('spec/fixtures/', 'ssl_key.pem'))
     end
 
     trait :disabled do
diff --git a/spec/factories/serverless/domain_cluster.rb b/spec/factories/serverless/domain_cluster.rb
index bc32552d4c7..40e0ecad5ad 100644
--- a/spec/factories/serverless/domain_cluster.rb
+++ b/spec/factories/serverless/domain_cluster.rb
@@ -7,39 +7,11 @@ FactoryBot.define do
     creator { create(:user) }
 
     certificate do
-      '-----BEGIN CERTIFICATE-----
-MIICGzCCAYSgAwIBAgIBATANBgkqhkiG9w0BAQUFADAbMRkwFwYDVQQDExB0ZXN0
-LWNlcnRpZmljYXRlMB4XDTE2MDIxMjE0MzIwMFoXDTIwMDQxMjE0MzIwMFowGzEZ
-MBcGA1UEAxMQdGVzdC1jZXJ0aWZpY2F0ZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEApL4J9L0ZxFJ1hI1LPIflAlAGvm6ZEvoT4qKU5Xf2JgU7/2geNR1qlNFa
-SvCc08Knupp5yTgmvyK/Xi09U0N82vvp4Zvr/diSc4A/RA6Mta6egLySNT438kdT
-nY2tR5feoTLwQpX0t4IMlwGQGT5h6Of2fKmDxzuwuyffcIHqLdsCAwEAAaNvMG0w
-DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUxl9WSxBprB0z0ibJs3rXEk0+95AwCwYD
-VR0PBAQDAgXgMBEGCWCGSAGG+EIBAQQEAwIGQDAeBglghkgBhvhCAQ0EERYPeGNh
-IGNlcnRpZmljYXRlMA0GCSqGSIb3DQEBBQUAA4GBAGC4T8SlFHK0yPSa+idGLQFQ
-joZp2JHYvNlTPkRJ/J4TcXxBTJmArcQgTIuNoBtC+0A/SwdK4MfTCUY4vNWNdese
-5A4K65Nb7Oh1AdQieTBHNXXCdyFsva9/ScfQGEl7p55a52jOPs0StPd7g64uvjlg
-YHi2yesCrOvVXt+lgPTd
------END CERTIFICATE-----'
+      File.read(Rails.root.join('spec/fixtures/', 'ssl_certificate.pem'))
     end
 
     key do
-      '-----BEGIN PRIVATE KEY-----
-MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKS+CfS9GcRSdYSN
-SzyH5QJQBr5umRL6E+KilOV39iYFO/9oHjUdapTRWkrwnNPCp7qaeck4Jr8iv14t
-PVNDfNr76eGb6/3YknOAP0QOjLWunoC8kjU+N/JHU52NrUeX3qEy8EKV9LeCDJcB
-kBk+Yejn9nypg8c7sLsn33CB6i3bAgMBAAECgYA2D26w80T7WZvazYr86BNMePpd
-j2mIAqx32KZHzt/lhh40J/SRtX9+Kl0Y7nBoRR5Ja9u/HkAIxNxLiUjwg9r6cpg/
-uITEF5nMt7lAk391BuI+7VOZZGbJDsq2ulPd6lO+C8Kq/PI/e4kXcIjeH6KwQsuR
-5vrXfBZ3sQfflaiN4QJBANBt8JY2LIGQF8o89qwUpRL5vbnKQ4IzZ5+TOl4RLR7O
-AQpJ81tGuINghO7aunctb6rrcKJrxmEH1whzComybrMCQQDKV49nOBudRBAIgG4K
-EnLzsRKISUHMZSJiYTYnablof8cKw1JaQduw7zgrUlLwnroSaAGX88+Jw1f5n2Lh
-Vlg5AkBDdUGnrDLtYBCDEQYZHblrkc7ZAeCllDOWjxUV+uMqlCv8A4Ey6omvY57C
-m6I8DkWVAQx8VPtozhvHjUw80rZHAkB55HWHAM3h13axKG0htCt7klhPsZHpx6MH
-EPjGlXIT+aW2XiPmK3ZlCDcWIenE+lmtbOpI159Wpk8BGXs/s/xBAkEAlAY3ymgx
-63BDJEwvOb2IaP8lDDxNsXx9XJNVvQbv5n15vNsLHbjslHfAhAbxnLQ1fLhUPqSi
-nNp/xedE1YxutQ==
------END PRIVATE KEY-----'
+      File.read(Rails.root.join('spec/fixtures/', 'ssl_key.pem'))
     end
   end
 end
diff --git a/spec/factories/snippets.rb b/spec/factories/snippets.rb
index 8ab5c7f1fa5..3d99a04ea1a 100644
--- a/spec/factories/snippets.rb
+++ b/spec/factories/snippets.rb
@@ -48,6 +48,7 @@ FactoryBot.define do
     trait :secret do
       visibility_level { Snippet::PUBLIC }
       secret { true }
+      project { nil }
     end
   end
 end
diff --git a/spec/features/projects/pages_spec.rb b/spec/features/projects/pages_spec.rb
index c8da87041f9..f4f70e7efbc 100644
--- a/spec/features/projects/pages_spec.rb
+++ b/spec/features/projects/pages_spec.rb
@@ -135,43 +135,11 @@ shared_examples 'pages settings editing' do
 
       context 'when pages are exposed on external HTTPS address', :https_pages_enabled, :js do
         let(:certificate_pem) do
-          <<~PEM
-          -----BEGIN CERTIFICATE-----
-          MIICGzCCAYSgAwIBAgIBATANBgkqhkiG9w0BAQUFADAbMRkwFwYDVQQDExB0ZXN0
-          LWNlcnRpZmljYXRlMB4XDTE2MDIxMjE0MzIwMFoXDTIwMDQxMjE0MzIwMFowGzEZ
-          MBcGA1UEAxMQdGVzdC1jZXJ0aWZpY2F0ZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-          gYkCgYEApL4J9L0ZxFJ1hI1LPIflAlAGvm6ZEvoT4qKU5Xf2JgU7/2geNR1qlNFa
-          SvCc08Knupp5yTgmvyK/Xi09U0N82vvp4Zvr/diSc4A/RA6Mta6egLySNT438kdT
-          nY2tR5feoTLwQpX0t4IMlwGQGT5h6Of2fKmDxzuwuyffcIHqLdsCAwEAAaNvMG0w
-          DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUxl9WSxBprB0z0ibJs3rXEk0+95AwCwYD
-          VR0PBAQDAgXgMBEGCWCGSAGG+EIBAQQEAwIGQDAeBglghkgBhvhCAQ0EERYPeGNh
-          IGNlcnRpZmljYXRlMA0GCSqGSIb3DQEBBQUAA4GBAGC4T8SlFHK0yPSa+idGLQFQ
-          joZp2JHYvNlTPkRJ/J4TcXxBTJmArcQgTIuNoBtC+0A/SwdK4MfTCUY4vNWNdese
-          5A4K65Nb7Oh1AdQieTBHNXXCdyFsva9/ScfQGEl7p55a52jOPs0StPd7g64uvjlg
-          YHi2yesCrOvVXt+lgPTd
-          -----END CERTIFICATE-----
-          PEM
+          attributes_for(:pages_domain)[:certificate]
         end
 
         let(:certificate_key) do
-          <<~KEY
-          -----BEGIN PRIVATE KEY-----
-          MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKS+CfS9GcRSdYSN
-          SzyH5QJQBr5umRL6E+KilOV39iYFO/9oHjUdapTRWkrwnNPCp7qaeck4Jr8iv14t
-          PVNDfNr76eGb6/3YknOAP0QOjLWunoC8kjU+N/JHU52NrUeX3qEy8EKV9LeCDJcB
-          kBk+Yejn9nypg8c7sLsn33CB6i3bAgMBAAECgYA2D26w80T7WZvazYr86BNMePpd
-          j2mIAqx32KZHzt/lhh40J/SRtX9+Kl0Y7nBoRR5Ja9u/HkAIxNxLiUjwg9r6cpg/
-          uITEF5nMt7lAk391BuI+7VOZZGbJDsq2ulPd6lO+C8Kq/PI/e4kXcIjeH6KwQsuR
-          5vrXfBZ3sQfflaiN4QJBANBt8JY2LIGQF8o89qwUpRL5vbnKQ4IzZ5+TOl4RLR7O
-          AQpJ81tGuINghO7aunctb6rrcKJrxmEH1whzComybrMCQQDKV49nOBudRBAIgG4K
-          EnLzsRKISUHMZSJiYTYnablof8cKw1JaQduw7zgrUlLwnroSaAGX88+Jw1f5n2Lh
-          Vlg5AkBDdUGnrDLtYBCDEQYZHblrkc7ZAeCllDOWjxUV+uMqlCv8A4Ey6omvY57C
-          m6I8DkWVAQx8VPtozhvHjUw80rZHAkB55HWHAM3h13axKG0htCt7klhPsZHpx6MH
-          EPjGlXIT+aW2XiPmK3ZlCDcWIenE+lmtbOpI159Wpk8BGXs/s/xBAkEAlAY3ymgx
-          63BDJEwvOb2IaP8lDDxNsXx9XJNVvQbv5n15vNsLHbjslHfAhAbxnLQ1fLhUPqSi
-          nNp/xedE1YxutQ==
-          -----END PRIVATE KEY-----
-          KEY
+          attributes_for(:pages_domain)[:key]
         end
 
         it 'adds new domain with certificate' do
diff --git a/spec/finders/award_emojis_finder_spec.rb b/spec/finders/award_emojis_finder_spec.rb
index bdfd2a9a3f4..975722e780b 100644
--- a/spec/finders/award_emojis_finder_spec.rb
+++ b/spec/finders/award_emojis_finder_spec.rb
@@ -20,6 +20,11 @@ describe AwardEmojisFinder do
       )
     end
 
+    it 'does not raise an error if `name` is numeric' do
+      subject = described_class.new(issue_1, { name: 100 })
+      expect { subject.execute }.not_to raise_error
+    end
+
     it 'raises an error if `awarded_by` is invalid' do
       expectation = [ArgumentError, 'Invalid awarded_by param']
 
diff --git a/spec/fixtures/ssl_certificate.pem b/spec/fixtures/ssl_certificate.pem
new file mode 100644
index 00000000000..6c9a8dd42c6
--- /dev/null
+++ b/spec/fixtures/ssl_certificate.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBrzCCARgCCQDbfQx2zdkNYTANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDDBB0
+ZXN0LWNlcnRpZmljYXRlMCAXDTIwMDMxNjE0MjAzNFoYDzIyMjAwMTI4MTQyMDM0
+WjAbMRkwFwYDVQQDDBB0ZXN0LWNlcnRpZmljYXRlMIGfMA0GCSqGSIb3DQEBAQUA
+A4GNADCBiQKBgQCkvgn0vRnEUnWEjUs8h+UCUAa+bpkS+hPiopTld/YmBTv/aB41
+HWqU0VpK8JzTwqe6mnnJOCa/Ir9eLT1TQ3za++nhm+v92JJzgD9EDoy1rp6AvJI1
+PjfyR1Odja1Hl96hMvBClfS3ggyXAZAZPmHo5/Z8qYPHO7C7J99wgeot2wIDAQAB
+MA0GCSqGSIb3DQEBCwUAA4GBACc+chrTAuvnMBTedc4/dy16pEesK6oGjywYUd/0
+/FBr8Vry7QUXMSgfraza9S0V+JvFvZFqkkOyJKW+m30kThWzyc/2e+BRxTh/QrxP
+0j84QXtmnVtW4jsAwfBBfg78ST27eyp/WhruI6F/kZlXhfAed0RcPbRnbi3yvUPL
+Lo4T
+-----END CERTIFICATE-----
diff --git a/spec/fixtures/ssl_key.pem b/spec/fixtures/ssl_key.pem
new file mode 100644
index 00000000000..1b53126536e
--- /dev/null
+++ b/spec/fixtures/ssl_key.pem
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKS+CfS9GcRSdYSN
+SzyH5QJQBr5umRL6E+KilOV39iYFO/9oHjUdapTRWkrwnNPCp7qaeck4Jr8iv14t
+PVNDfNr76eGb6/3YknOAP0QOjLWunoC8kjU+N/JHU52NrUeX3qEy8EKV9LeCDJcB
+kBk+Yejn9nypg8c7sLsn33CB6i3bAgMBAAECgYA2D26w80T7WZvazYr86BNMePpd
+j2mIAqx32KZHzt/lhh40J/SRtX9+Kl0Y7nBoRR5Ja9u/HkAIxNxLiUjwg9r6cpg/
+uITEF5nMt7lAk391BuI+7VOZZGbJDsq2ulPd6lO+C8Kq/PI/e4kXcIjeH6KwQsuR
+5vrXfBZ3sQfflaiN4QJBANBt8JY2LIGQF8o89qwUpRL5vbnKQ4IzZ5+TOl4RLR7O
+AQpJ81tGuINghO7aunctb6rrcKJrxmEH1whzComybrMCQQDKV49nOBudRBAIgG4K
+EnLzsRKISUHMZSJiYTYnablof8cKw1JaQduw7zgrUlLwnroSaAGX88+Jw1f5n2Lh
+Vlg5AkBDdUGnrDLtYBCDEQYZHblrkc7ZAeCllDOWjxUV+uMqlCv8A4Ey6omvY57C
+m6I8DkWVAQx8VPtozhvHjUw80rZHAkB55HWHAM3h13axKG0htCt7klhPsZHpx6MH
+EPjGlXIT+aW2XiPmK3ZlCDcWIenE+lmtbOpI159Wpk8BGXs/s/xBAkEAlAY3ymgx
+63BDJEwvOb2IaP8lDDxNsXx9XJNVvQbv5n15vNsLHbjslHfAhAbxnLQ1fLhUPqSi
+nNp/xedE1YxutQ==
+-----END PRIVATE KEY-----
diff --git a/spec/lib/gitlab/sidekiq_middleware/server_metrics_spec.rb b/spec/lib/gitlab/sidekiq_middleware/server_metrics_spec.rb
index 23c5b59922b..3343587beff 100644
--- a/spec/lib/gitlab/sidekiq_middleware/server_metrics_spec.rb
+++ b/spec/lib/gitlab/sidekiq_middleware/server_metrics_spec.rb
@@ -67,7 +67,7 @@ describe Gitlab::SidekiqMiddleware::ServerMetrics do
             allow(Gitlab::Metrics::System).to receive(:monotonic_time).and_return(monotonic_time_before, monotonic_time_after)
             allow(Gitlab::InstrumentationHelper).to receive(:queue_duration_for_job).with(job).and_return(queue_duration_for_job)
             allow(ActiveRecord::LogSubscriber).to receive(:runtime).and_return(db_duration * 1000)
-            allow(Gitlab::GitalyClient).to receive(:query_time).and_return(gitaly_duration)
+            allow(subject).to receive(:get_gitaly_time).and_return(gitaly_duration)
 
             expect(running_jobs_metric).to receive(:increment).with(labels, 1)
             expect(running_jobs_metric).to receive(:increment).with(labels, -1)
diff --git a/spec/lib/gitlab/sidekiq_middleware_spec.rb b/spec/lib/gitlab/sidekiq_middleware_spec.rb
index 2f325fd5052..88f83ebc2ac 100644
--- a/spec/lib/gitlab/sidekiq_middleware_spec.rb
+++ b/spec/lib/gitlab/sidekiq_middleware_spec.rb
@@ -8,6 +8,8 @@ describe Gitlab::SidekiqMiddleware do
     include Sidekiq::Worker
 
     def perform(_arg)
+      Gitlab::SafeRequestStore['gitaly_call_actual'] = 1
+      Gitlab::GitalyClient.query_time = 5
     end
   end
 
@@ -99,6 +101,24 @@ describe Gitlab::SidekiqMiddleware do
       it "passes through server middlewares" do
         worker_class.perform_async(*job_args)
       end
+
+      context "server metrics" do
+        let(:gitaly_histogram) { double(:gitaly_histogram) }
+
+        before do
+          allow(Gitlab::Metrics).to receive(:histogram).and_call_original
+
+          allow(Gitlab::Metrics).to receive(:histogram)
+                                      .with(:sidekiq_jobs_gitaly_seconds, anything, anything, anything)
+                                      .and_return(gitaly_histogram)
+        end
+
+        it "records correct Gitaly duration" do
+          expect(gitaly_histogram).to receive(:observe).with(anything, 5.0)
+
+          worker_class.perform_async(*job_args)
+        end
+      end
     end
   end
 
diff --git a/spec/lib/gitlab/usage_data_spec.rb b/spec/lib/gitlab/usage_data_spec.rb
index 113cb4ba6bf..21117f11f63 100644
--- a/spec/lib/gitlab/usage_data_spec.rb
+++ b/spec/lib/gitlab/usage_data_spec.rb
@@ -387,6 +387,22 @@ describe Gitlab::UsageData do
           expect(described_class.count(relation, fallback: 15, batch: false)).to eq(15)
         end
       end
+
+      describe '#distinct_count' do
+        let(:relation) { double(:relation) }
+
+        it 'returns the count when counting succeeds' do
+          allow(relation).to receive(:distinct_count_by).and_return(1)
+
+          expect(described_class.distinct_count(relation, batch: false)).to eq(1)
+        end
+
+        it 'returns the fallback value when counting fails' do
+          allow(relation).to receive(:distinct_count_by).and_raise(ActiveRecord::StatementInvalid.new(''))
+
+          expect(described_class.distinct_count(relation, fallback: 15, batch: false)).to eq(15)
+        end
+      end
     end
   end
 end
diff --git a/spec/models/concerns/usage_statistics_spec.rb b/spec/models/concerns/usage_statistics_spec.rb
new file mode 100644
index 00000000000..f99f0a13317
--- /dev/null
+++ b/spec/models/concerns/usage_statistics_spec.rb
@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe UsageStatistics do
+  describe '.distinct_count_by' do
+    let_it_be(:issue_1) { create(:issue) }
+    let_it_be(:issue_2) { create(:issue) }
+
+    context 'two records created by the same issue' do
+      let!(:models_created_by_issue) do
+        create(:zoom_meeting, :added_to_issue, issue: issue_1)
+        create(:zoom_meeting, :removed_from_issue, issue: issue_1)
+      end
+
+      it 'returns a count of 1' do
+        expect(::ZoomMeeting.distinct_count_by(:issue_id)).to eq(1)
+      end
+
+      context 'when given no column to count' do
+        it 'counts by :id and returns a count of 2' do
+          expect(::ZoomMeeting.distinct_count_by).to eq(2)
+        end
+      end
+    end
+
+    context 'one record created by each issue' do
+      let!(:model_created_by_issue_1) { create(:zoom_meeting, issue: issue_1) }
+      let!(:model_created_by_issue_2) { create(:zoom_meeting, issue: issue_2) }
+
+      it 'returns a count of 2' do
+        expect(::ZoomMeeting.distinct_count_by(:issue_id)).to eq(2)
+      end
+    end
+
+    context 'the count query times out' do
+      before do
+        allow_next_instance_of(ActiveRecord::Relation) do |instance|
+          allow(instance).to receive(:count).and_raise(ActiveRecord::StatementInvalid.new(''))
+        end
+      end
+
+      it 'does not raise an error' do
+        expect { ::ZoomMeeting.distinct_count_by(:issue_id) }.not_to raise_error
+      end
+
+      it 'returns -1' do
+        expect(::ZoomMeeting.distinct_count_by(:issue_id)).to eq(-1)
+      end
+    end
+  end
+end
diff --git a/spec/models/note_spec.rb b/spec/models/note_spec.rb
index 4da23c79944..74ec74e0def 100644
--- a/spec/models/note_spec.rb
+++ b/spec/models/note_spec.rb
@@ -270,18 +270,35 @@ describe Note do
     end
   end
 
-  describe "confidential?" do
-    it "delegates to noteable" do
-      issue_note = build(:note, :on_issue)
-      confidential_note = build(:note, noteable: create(:issue, confidential: true))
+  describe '#confidential?' do
+    context 'when note is not confidential' do
+      it 'is true when a noteable is confidential' do
+        issue = create(:issue, :confidential)
+        note = build(:note, noteable: issue, project: issue.project)
 
-      expect(issue_note.confidential?).to be_falsy
-      expect(confidential_note.confidential?).to be_truthy
+        expect(note.confidential?).to be_truthy
+      end
+
+      it 'is false when a noteable is not confidential' do
+        issue = create(:issue, confidential: false)
+        note = build(:note, noteable: issue, project: issue.project)
+
+        expect(note.confidential?).to be_falsy
+      end
+
+      it "is falsey when noteable can't be confidential" do
+        commit_note = build(:note_on_commit)
+
+        expect(commit_note.confidential?).to be_falsy
+      end
     end
+    context 'when note is confidential' do
+      it 'is true even when a noteable is not confidential' do
+        issue = create(:issue, confidential: false)
+        note = build(:note, :confidential, noteable: issue, project: issue.project)
 
-    it "is falsey when noteable can't be confidential" do
-      commit_note = build(:note_on_commit)
-      expect(commit_note.confidential?).to be_falsy
+        expect(note.confidential?).to be_truthy
+      end
     end
   end
 
@@ -1230,5 +1247,69 @@ describe Note do
         expect(notes.second.id).to eq(note2.id)
       end
     end
+
+    describe '#noteable_assignee_or_author' do
+      let(:user) { create(:user) }
+      let(:noteable) { create(:issue) }
+      let(:note) { create(:note, project: noteable.project, noteable: noteable) }
+
+      subject { note.noteable_assignee_or_author?(user) }
+
+      shared_examples 'assignee check' do
+        context 'when the provided user is one of the assignees' do
+          before do
+            note.noteable.update(assignees: [user, create(:user)])
+          end
+
+          it 'returns true' do
+            expect(subject).to be_truthy
+          end
+        end
+      end
+
+      shared_examples 'author check' do
+        context 'when the provided user is the author' do
+          before do
+            note.noteable.update(author: user)
+          end
+
+          it 'returns true' do
+            expect(subject).to be_truthy
+          end
+        end
+
+        context 'when the provided user is neither author nor assignee' do
+          it 'returns true' do
+            expect(subject).to be_falsey
+          end
+        end
+      end
+
+      context 'when user is nil' do
+        let(:user) { nil }
+
+        it 'returns false' do
+          expect(subject).to be_falsey
+        end
+      end
+
+      context 'when noteable is an issue' do
+        it_behaves_like 'author check'
+        it_behaves_like 'assignee check'
+      end
+
+      context 'when noteable is a merge request' do
+        let(:noteable) { create(:merge_request) }
+
+        it_behaves_like 'author check'
+        it_behaves_like 'assignee check'
+      end
+
+      context 'when noteable is a snippet' do
+        let(:noteable) { create(:personal_snippet) }
+
+        it_behaves_like 'author check'
+      end
+    end
   end
 end
diff --git a/spec/models/pages_domain_spec.rb b/spec/models/pages_domain_spec.rb
index a4ed02c3254..4bf56e7b28b 100644
--- a/spec/models/pages_domain_spec.rb
+++ b/spec/models/pages_domain_spec.rb
@@ -7,11 +7,6 @@ describe PagesDomain do
 
   subject(:pages_domain) { described_class.new }
 
-  # Locking in date due to cert expiration date https://gitlab.com/gitlab-org/gitlab/-/issues/210557#note_304749257
-  around do |example|
-    Timecop.travel(Time.new(2020, 3, 12)) { example.run }
-  end
-
   describe 'associations' do
     it { is_expected.to belong_to(:project) }
     it { is_expected.to have_many(:serverless_domain_clusters) }
@@ -102,8 +97,8 @@ describe PagesDomain do
     it 'saves validity time' do
       domain.save
 
-      expect(domain.certificate_valid_not_before).to be_like_time(Time.parse("2016-02-12 14:32:00 UTC"))
-      expect(domain.certificate_valid_not_after).to be_like_time(Time.parse("2020-04-12 14:32:00 UTC"))
+      expect(domain.certificate_valid_not_before).to be_like_time(Time.parse("2020-03-16 14:20:34 UTC"))
+      expect(domain.certificate_valid_not_after).to be_like_time(Time.parse("2220-01-28 14:20:34 UTC"))
     end
   end
 
diff --git a/spec/models/zoom_meeting_spec.rb b/spec/models/zoom_meeting_spec.rb
index d496b968f1e..3dad957a1ce 100644
--- a/spec/models/zoom_meeting_spec.rb
+++ b/spec/models/zoom_meeting_spec.rb
@@ -151,51 +151,4 @@ describe ZoomMeeting do
       it_behaves_like 'can remove meetings'
     end
   end
-
-  describe '.distinct_count_by' do
-    let(:issue_1) { create(:issue) }
-    let(:issue_2) { create(:issue) }
-
-    context 'two meetings for the same issue' do
-      before do
-        create(:zoom_meeting, issue: issue_1)
-        create(:zoom_meeting, :removed_from_issue, issue: issue_1)
-      end
-
-      it 'returns a count of 1' do
-        expect(described_class.distinct_count_by(:issue_id)).to eq(1)
-      end
-
-      context 'when given no colum to count' do
-        it 'counts by :id and returns a count of 2' do
-          expect(described_class.distinct_count_by).to eq(2)
-        end
-      end
-    end
-
-    context 'one meeting for each issue' do
-      it 'returns a count of 2' do
-        create(:zoom_meeting, issue: issue_1)
-        create(:zoom_meeting, issue: issue_2)
-
-        expect(described_class.distinct_count_by(:issue_id)).to eq(2)
-      end
-    end
-
-    context 'the count query times out' do
-      before do
-        allow_next_instance_of(ActiveRecord::Relation) do |instance|
-          allow(instance).to receive(:count).and_raise(ActiveRecord::StatementInvalid.new(''))
-        end
-      end
-
-      it 'does not raise an error' do
-        expect { described_class.distinct_count_by(:issue_id) }.not_to raise_error
-      end
-
-      it 'returns -1' do
-        expect(described_class.distinct_count_by(:issue_id)).to eq(-1)
-      end
-    end
-  end
 end
diff --git a/spec/policies/note_policy_spec.rb b/spec/policies/note_policy_spec.rb
index 2619bb2fe3c..e480fc2a642 100644
--- a/spec/policies/note_policy_spec.rb
+++ b/spec/policies/note_policy_spec.rb
@@ -238,6 +238,101 @@ describe NotePolicy do
           end
         end
       end
+
+      context 'with confidential notes' do
+        def permissions(user, note)
+          described_class.new(user, note)
+        end
+
+        let(:reporter) { create(:user) }
+        let(:developer) { create(:user) }
+        let(:maintainer) { create(:user) }
+        let(:guest) { create(:user) }
+        let(:non_member) { create(:user) }
+        let(:author) { create(:user) }
+        let(:assignee) { create(:user) }
+
+        before do
+          project.add_reporter(reporter)
+          project.add_developer(developer)
+          project.add_maintainer(maintainer)
+          project.add_guest(guest)
+        end
+
+        shared_examples_for 'confidential notes permissions' do
+          it 'does not allow non members to read confidential notes and replies' do
+            expect(permissions(non_member, confidential_note)).to be_disallowed(:read_note, :admin_note, :resolve_note, :award_emoji)
+          end
+
+          it 'does not allow guests to read confidential notes and replies' do
+            expect(permissions(guest, confidential_note)).to be_disallowed(:read_note, :admin_note, :resolve_note, :award_emoji)
+          end
+
+          it 'allows reporter to read all notes but not resolve and admin them' do
+            expect(permissions(reporter, confidential_note)).to be_allowed(:read_note, :award_emoji)
+            expect(permissions(reporter, confidential_note)).to be_disallowed(:admin_note, :resolve_note)
+          end
+
+          it 'allows developer to read and resolve all notes' do
+            expect(permissions(developer, confidential_note)).to be_allowed(:read_note, :award_emoji, :resolve_note)
+            expect(permissions(developer, confidential_note)).to be_disallowed(:admin_note)
+          end
+
+          it 'allows maintainers to read all notes and admin them' do
+            expect(permissions(maintainer, confidential_note)).to be_allowed(:read_note, :admin_note, :resolve_note, :award_emoji)
+          end
+
+          it 'allows noteable author to read and resolve all notes' do
+            expect(permissions(author, confidential_note)).to be_allowed(:read_note, :resolve_note, :award_emoji)
+            expect(permissions(author, confidential_note)).to be_disallowed(:admin_note)
+          end
+        end
+
+        context 'for issues' do
+          let(:issue) { create(:issue, project: project, author: author, assignees: [assignee]) }
+          let(:confidential_note) { create(:note, :confidential, project: project, noteable: issue) }
+
+          it_behaves_like 'confidential notes permissions'
+
+          it 'allows noteable assignees to read all notes' do
+            expect(permissions(assignee, confidential_note)).to be_allowed(:read_note, :award_emoji)
+            expect(permissions(assignee, confidential_note)).to be_disallowed(:admin_note, :resolve_note)
+          end
+        end
+
+        context 'for merge requests' do
+          let(:merge_request) { create(:merge_request, source_project: project, author: author, assignees: [assignee]) }
+          let(:confidential_note) { create(:note, :confidential, project: project, noteable: merge_request) }
+
+          it_behaves_like 'confidential notes permissions'
+
+          it 'allows noteable assignees to read all notes' do
+            expect(permissions(assignee, confidential_note)).to be_allowed(:read_note, :award_emoji)
+            expect(permissions(assignee, confidential_note)).to be_disallowed(:admin_note, :resolve_note)
+          end
+        end
+
+        context 'for project snippets' do
+          let(:project_snippet) { create(:project_snippet, project: project, author: author) }
+          let(:confidential_note) { create(:note, :confidential, project: project, noteable: project_snippet) }
+
+          it_behaves_like 'confidential notes permissions'
+        end
+
+        context 'for personal snippets' do
+          let(:personal_snippet) { create(:personal_snippet, author: author) }
+          let(:confidential_note) { create(:note, :confidential, project: nil, noteable: personal_snippet) }
+
+          it 'allows snippet author to read and resolve all notes' do
+            expect(permissions(author, confidential_note)).to be_allowed(:read_note, :resolve_note, :award_emoji)
+            expect(permissions(author, confidential_note)).to be_disallowed(:admin_note)
+          end
+
+          it 'does not allow maintainers to read confidential notes and replies' do
+            expect(permissions(maintainer, confidential_note)).to be_disallowed(:read_note, :admin_note, :resolve_note, :award_emoji)
+          end
+        end
+      end
     end
   end
 end
diff --git a/spec/workers/pages_domain_ssl_renewal_cron_worker_spec.rb b/spec/workers/pages_domain_ssl_renewal_cron_worker_spec.rb
index ae66122b4de..736acc40371 100644
--- a/spec/workers/pages_domain_ssl_renewal_cron_worker_spec.rb
+++ b/spec/workers/pages_domain_ssl_renewal_cron_worker_spec.rb
@@ -7,11 +7,6 @@ describe PagesDomainSslRenewalCronWorker do
 
   subject(:worker) { described_class.new }
 
-  # Locking in date due to cert expiration date https://gitlab.com/gitlab-org/gitlab/-/issues/210557#note_304749257
-  around do |example|
-    Timecop.travel(Time.new(2020, 3, 12)) { example.run }
-  end
-
   before do
     stub_lets_encrypt_settings
   end