diff options
142 files changed, 650 insertions, 188 deletions
diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION index 65d7bf8485f..dc6779942cb 100644 --- a/GITALY_SERVER_VERSION +++ b/GITALY_SERVER_VERSION @@ -1 +1 @@ -a8520a1568f0c0515eef6931c01b3fa8e55e7985 +ff6a28eeb5c58185a178f7bbacc5617ac6b80ef4 diff --git a/app/assets/javascripts/merge_request_tabs.js b/app/assets/javascripts/merge_request_tabs.js index 1d1c0a23fab..14e5e96d7b0 100644 --- a/app/assets/javascripts/merge_request_tabs.js +++ b/app/assets/javascripts/merge_request_tabs.js @@ -82,9 +82,9 @@ export default class MergeRequestTabs { this.mergeRequestTabPanes && this.mergeRequestTabPanes.querySelectorAll ? this.mergeRequestTabPanes.querySelectorAll('.tab-pane') : null; - const navbar = document.querySelector('.navbar-gitlab'); - const peek = document.getElementById('js-peek'); - const paddingTop = 16; + this.navbar = document.querySelector('.navbar-gitlab'); + this.peek = document.getElementById('js-peek'); + this.paddingTop = 16; this.commitsTab = document.querySelector('.tab-content .commits.tab-pane'); @@ -99,15 +99,6 @@ export default class MergeRequestTabs { this.setCurrentAction = this.setCurrentAction.bind(this); this.tabShown = this.tabShown.bind(this); this.clickTab = this.clickTab.bind(this); - this.stickyTop = navbar ? navbar.offsetHeight - paddingTop : 0; - - if (peek) { - this.stickyTop += peek.offsetHeight; - } - - if (this.mergeRequestTabs) { - this.stickyTop += this.mergeRequestTabs.offsetHeight; - } if (stubLocation) { location = stubLocation; @@ -520,4 +511,18 @@ export default class MergeRequestTabs { } }, 0); } + + get stickyTop() { + let stickyTop = this.navbar ? this.navbar.offsetHeight : 0; + + if (this.peek) { + stickyTop += this.peek.offsetHeight; + } + + if (this.mergeRequestTabs) { + stickyTop += this.mergeRequestTabs.offsetHeight; + } + + return stickyTop; + } } diff --git a/app/assets/stylesheets/framework/diffs.scss b/app/assets/stylesheets/framework/diffs.scss index f8b1735207c..36bf9a98932 100644 --- a/app/assets/stylesheets/framework/diffs.scss +++ b/app/assets/stylesheets/framework/diffs.scss @@ -854,12 +854,12 @@ table.code { @include media-breakpoint-up(sm) { position: -webkit-sticky; position: sticky; - top: $header-height; + top: $header-height + $mr-tabs-height; background-color: $white; z-index: 200; .with-performance-bar & { - top: $header-height + $performance-bar-height; + top: $header-height + $mr-tabs-height + $performance-bar-height; } &.is-stuck { diff --git a/app/assets/stylesheets/pages/merge_requests.scss b/app/assets/stylesheets/pages/merge_requests.scss index 8807ab5e597..071a5be073f 100644 --- a/app/assets/stylesheets/pages/merge_requests.scss +++ b/app/assets/stylesheets/pages/merge_requests.scss @@ -1003,10 +1003,10 @@ $tabs-holder-z-index: 250; .mr-compare { .diff-file .file-title-flex-parent { - top: $header-height + 51px; + top: $header-height + $mr-tabs-height + 36px; .with-performance-bar & { - top: $performance-bar-height + $header-height + 51px; + top: $performance-bar-height + $header-height + $mr-tabs-height + 36px; } } } diff --git a/app/controllers/admin/sessions_controller.rb b/app/controllers/admin/sessions_controller.rb index 3a4f617b03f..9c378f4c883 100644 --- a/app/controllers/admin/sessions_controller.rb +++ b/app/controllers/admin/sessions_controller.rb @@ -71,7 +71,7 @@ class Admin::SessionsController < ApplicationController ::Users::ValidateOtpService.new(user).execute(user_params[:otp_attempt]) valid_otp_attempt = otp_validation_result[:status] == :success - return valid_otp_attempt if Gitlab::Database.main.read_only? + return valid_otp_attempt if Gitlab::Database.read_only? valid_otp_attempt || user.invalidate_otp_backup_code!(user_params[:otp_attempt]) end diff --git a/app/controllers/boards/issues_controller.rb b/app/controllers/boards/issues_controller.rb index 20c96f45298..f0f074792ed 100644 --- a/app/controllers/boards/issues_controller.rb +++ b/app/controllers/boards/issues_controller.rb @@ -27,7 +27,7 @@ module Boards list_service = Boards::Issues::ListService.new(board_parent, current_user, filter_params) issues = issues_from(list_service) - if Gitlab::Database.main.read_write? && !board.disabled_for?(current_user) + if Gitlab::Database.read_write? && !board.disabled_for?(current_user) Issue.move_nulls_to_end(issues) end diff --git a/app/controllers/concerns/authenticates_with_two_factor_for_admin_mode.rb b/app/controllers/concerns/authenticates_with_two_factor_for_admin_mode.rb index f00ac971573..574fc6c0f37 100644 --- a/app/controllers/concerns/authenticates_with_two_factor_for_admin_mode.rb +++ b/app/controllers/concerns/authenticates_with_two_factor_for_admin_mode.rb @@ -47,7 +47,7 @@ module AuthenticatesWithTwoFactorForAdminMode # Remove any lingering user data from login session.delete(:otp_user_id) - user.save! unless Gitlab::Database.main.read_only? + user.save! unless Gitlab::Database.read_only? # The admin user has successfully passed 2fa, enable admin mode ignoring password enable_admin_mode diff --git a/app/controllers/concerns/issuable_actions.rb b/app/controllers/concerns/issuable_actions.rb index b5d27de8fa0..2664a7b7151 100644 --- a/app/controllers/concerns/issuable_actions.rb +++ b/app/controllers/concerns/issuable_actions.rb @@ -148,7 +148,7 @@ module IssuableActions # on GET requests. # This is just a fail-safe in case notes_filter is sent via GET request in GitLab Geo. # In some cases, we also force the filter to not be persisted with the `persist_filter` param - if Gitlab::Database.main.read_only? || params[:persist_filter] == 'false' + if Gitlab::Database.read_only? || params[:persist_filter] == 'false' notes_filter_param || current_user&.notes_filter_for(issuable) else notes_filter = current_user&.set_notes_filter(notes_filter_param, issuable) || notes_filter_param diff --git a/app/controllers/concerns/record_user_last_activity.rb b/app/controllers/concerns/record_user_last_activity.rb index 0fcfff9b801..29164df4516 100644 --- a/app/controllers/concerns/record_user_last_activity.rb +++ b/app/controllers/concerns/record_user_last_activity.rb @@ -17,7 +17,7 @@ module RecordUserLastActivity def set_user_last_activity return unless request.get? - return if Gitlab::Database.main.read_only? + return if Gitlab::Database.read_only? if current_user && current_user.last_activity_on != Date.today Users::ActivityService.new(current_user).execute diff --git a/app/controllers/concerns/sorting_preference.rb b/app/controllers/concerns/sorting_preference.rb index d62ed15e6aa..8d8845e2f41 100644 --- a/app/controllers/concerns/sorting_preference.rb +++ b/app/controllers/concerns/sorting_preference.rb @@ -41,7 +41,7 @@ module SortingPreference sort_param = params[:sort] sort_param ||= user_preference[field] - return sort_param if Gitlab::Database.main.read_only? + return sort_param if Gitlab::Database.read_only? if user_preference[field] != sort_param user_preference.update(field => sort_param) diff --git a/app/controllers/repositories/git_http_controller.rb b/app/controllers/repositories/git_http_controller.rb index 8cbb20cad77..e51bfe6a37e 100644 --- a/app/controllers/repositories/git_http_controller.rb +++ b/app/controllers/repositories/git_http_controller.rb @@ -77,7 +77,7 @@ module Repositories def update_fetch_statistics return unless project - return if Gitlab::Database.main.read_only? + return if Gitlab::Database.read_only? return unless repo_type.project? OnboardingProgressService.async(project.namespace_id).execute(action: :git_pull) diff --git a/app/controllers/repositories/lfs_api_controller.rb b/app/controllers/repositories/lfs_api_controller.rb index 55c0d2b0ac8..4f2e02c78c3 100644 --- a/app/controllers/repositories/lfs_api_controller.rb +++ b/app/controllers/repositories/lfs_api_controller.rb @@ -126,7 +126,7 @@ module Repositories # Overridden in EE def batch_operation_disallowed? - upload_request? && Gitlab::Database.main.read_only? + upload_request? && Gitlab::Database.read_only? end # Overridden in EE diff --git a/app/graphql/mutations/base_mutation.rb b/app/graphql/mutations/base_mutation.rb index cafd4ca7c01..5de042f78d6 100644 --- a/app/graphql/mutations/base_mutation.rb +++ b/app/graphql/mutations/base_mutation.rb @@ -29,7 +29,7 @@ module Mutations end def ready?(**args) - raise_resource_not_available_error! ERROR_MESSAGE if Gitlab::Database.main.read_only? + raise_resource_not_available_error! ERROR_MESSAGE if Gitlab::Database.read_only? missing_args = self.class.arguments.values .reject { |arg| arg.accepts?(args.fetch(arg.keyword, :not_given)) } diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index 6ff9f713393..58f933a7fe0 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -344,7 +344,7 @@ module ApplicationHelper # Overridden in EE def read_only_message - return unless Gitlab::Database.main.read_only? + return unless Gitlab::Database.read_only? _('You are on a read-only GitLab instance.') end diff --git a/app/helpers/commits_helper.rb b/app/helpers/commits_helper.rb index d2ac1e8f985..53017beee85 100644 --- a/app/helpers/commits_helper.rb +++ b/app/helpers/commits_helper.rb @@ -215,7 +215,7 @@ module CommitsHelper path = project_blob_path(project, tree_join(commit_sha, diff_new_path)) title = replaced ? _('View replaced file @ ') : _('View file @ ') - link_to(path, class: 'btn gl-button btn-default') do + link_to(path, class: 'btn gl-button btn-default gl-ml-3') do raw(title) + content_tag(:span, truncate_sha(commit_sha), class: 'commit-sha') end end diff --git a/app/models/ci/build.rb b/app/models/ci/build.rb index b9901c2f729..76a533feebe 100644 --- a/app/models/ci/build.rb +++ b/app/models/ci/build.rb @@ -554,6 +554,7 @@ module Ci .concat(persisted_variables) .concat(dependency_proxy_variables) .concat(job_jwt_variables) + .concat(kubernetes_variables) .concat(scoped_variables) .concat(job_variables) .concat(persisted_environment_variables) @@ -1172,6 +1173,10 @@ module Ci end end + def kubernetes_variables + [] # Overridden in EE + end + def conditionally_allow_failure!(exit_code) return unless exit_code diff --git a/app/models/concerns/deprecated_assignee.rb b/app/models/concerns/deprecated_assignee.rb index 2454bd0c08c..3f557ee9b48 100644 --- a/app/models/concerns/deprecated_assignee.rb +++ b/app/models/concerns/deprecated_assignee.rb @@ -34,7 +34,7 @@ module DeprecatedAssignee end def assignee_ids - if Gitlab::Database.main.read_only? && pending_assignees_population? + if Gitlab::Database.read_only? && pending_assignees_population? return Array(deprecated_assignee_id) end @@ -43,7 +43,7 @@ module DeprecatedAssignee end def assignees - if Gitlab::Database.main.read_only? && pending_assignees_population? + if Gitlab::Database.read_only? && pending_assignees_population? return User.where(id: deprecated_assignee_id) end @@ -56,7 +56,7 @@ module DeprecatedAssignee # This will make the background migration process quicker (#26496) as it'll have less # assignee_id rows to look through. def nullify_deprecated_assignee - return unless persisted? && Gitlab::Database.main.read_only? + return unless persisted? && Gitlab::Database.read_only? update_column(:assignee_id, nil) end diff --git a/app/models/concerns/token_authenticatable_strategies/base.rb b/app/models/concerns/token_authenticatable_strategies/base.rb index cd0f15cf079..f72a41f06b1 100644 --- a/app/models/concerns/token_authenticatable_strategies/base.rb +++ b/app/models/concerns/token_authenticatable_strategies/base.rb @@ -41,7 +41,7 @@ module TokenAuthenticatableStrategies # Resets the token, but only saves when the database is in read & write mode def reset_token!(instance) write_new_token(instance) - instance.save! if Gitlab::Database.main.read_write? + instance.save! if Gitlab::Database.read_write? end def self.fabricate(model, field, options) diff --git a/app/models/project.rb b/app/models/project.rb index f2f47000c41..6d7e9ddbe9a 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -2818,11 +2818,11 @@ class Project < ApplicationRecord end def cache_has_external_wiki - update_column(:has_external_wiki, integrations.external_wikis.any?) if Gitlab::Database.main.read_write? + update_column(:has_external_wiki, integrations.external_wikis.any?) if Gitlab::Database.read_write? end def cache_has_external_issue_tracker - update_column(:has_external_issue_tracker, integrations.external_issue_trackers.any?) if Gitlab::Database.main.read_write? + update_column(:has_external_issue_tracker, integrations.external_issue_trackers.any?) if Gitlab::Database.read_write? end def active_runners_with_tags diff --git a/app/models/project_statistics.rb b/app/models/project_statistics.rb index 846049180b3..387732cf151 100644 --- a/app/models/project_statistics.rb +++ b/app/models/project_statistics.rb @@ -38,7 +38,7 @@ class ProjectStatistics < ApplicationRecord end def refresh!(only: []) - return if Gitlab::Database.main.read_only? + return if Gitlab::Database.read_only? COLUMNS_TO_REFRESH.each do |column, generator| if only.empty? || only.include?(column) diff --git a/app/models/snippet_statistics.rb b/app/models/snippet_statistics.rb index 31d2855b984..6fb6f0ef713 100644 --- a/app/models/snippet_statistics.rb +++ b/app/models/snippet_statistics.rb @@ -34,7 +34,7 @@ class SnippetStatistics < ApplicationRecord end def refresh! - return if Gitlab::Database.main.read_only? + return if Gitlab::Database.read_only? update_commit_count update_repository_size diff --git a/app/models/user.rb b/app/models/user.rb index bfb0c29a023..a2e9768eb94 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -80,7 +80,7 @@ class User < ApplicationRecord # to limit database writes to at most once every hour # rubocop: disable CodeReuse/ServiceClass def update_tracked_fields!(request) - return if Gitlab::Database.main.read_only? + return if Gitlab::Database.read_only? update_tracked_fields(request) @@ -363,7 +363,7 @@ class User < ApplicationRecord end before_transition do - !Gitlab::Database.main.read_only? + !Gitlab::Database.read_only? end # rubocop: disable CodeReuse/ServiceClass @@ -848,11 +848,11 @@ class User < ApplicationRecord end def remember_me! - super if ::Gitlab::Database.main.read_write? + super if ::Gitlab::Database.read_write? end def forget_me! - super if ::Gitlab::Database.main.read_write? + super if ::Gitlab::Database.read_write? end def disable_two_factor! @@ -1751,7 +1751,7 @@ class User < ApplicationRecord # # rubocop: disable CodeReuse/ServiceClass def increment_failed_attempts! - return if ::Gitlab::Database.main.read_only? + return if ::Gitlab::Database.read_only? increment_failed_attempts @@ -1995,7 +1995,7 @@ class User < ApplicationRecord def consume_otp! if self.consumed_timestep != current_otp_timestep self.consumed_timestep = current_otp_timestep - return Gitlab::Database.main.read_only? ? true : save(validate: false) + return Gitlab::Database.read_only? ? true : save(validate: false) end false diff --git a/app/services/audit_event_service.rb b/app/services/audit_event_service.rb index 2fc32c1ba85..558798c830d 100644 --- a/app/services/audit_event_service.rb +++ b/app/services/audit_event_service.rb @@ -111,7 +111,7 @@ class AuditEventService end def log_security_event_to_database - return if Gitlab::Database.main.read_only? + return if Gitlab::Database.read_only? event = AuditEvent.new(base_payload.merge(details: @details)) save_or_track event @@ -120,7 +120,7 @@ class AuditEventService end def log_authentication_event_to_database - return unless Gitlab::Database.main.read_write? && authentication_event? + return unless Gitlab::Database.read_write? && authentication_event? event = AuthenticationEvent.new(authentication_event_payload) save_or_track event diff --git a/app/services/boards/visits/create_service.rb b/app/services/boards/visits/create_service.rb index f096ca2597d..4d659596803 100644 --- a/app/services/boards/visits/create_service.rb +++ b/app/services/boards/visits/create_service.rb @@ -4,7 +4,7 @@ module Boards module Visits class CreateService < Boards::BaseService def execute(board) - return unless current_user && Gitlab::Database.main.read_write? + return unless current_user && Gitlab::Database.read_write? return unless board model.visited!(current_user, board) diff --git a/app/services/keys/last_used_service.rb b/app/services/keys/last_used_service.rb index e9139346df4..daef544bac0 100644 --- a/app/services/keys/last_used_service.rb +++ b/app/services/keys/last_used_service.rb @@ -18,7 +18,7 @@ module Keys end def update? - return false if ::Gitlab::Database.main.read_only? + return false if ::Gitlab::Database.read_only? last_used = key.last_used_at diff --git a/app/services/merge_requests/mergeability_check_service.rb b/app/services/merge_requests/mergeability_check_service.rb index 6c8a2f31d75..3e294aeaa07 100644 --- a/app/services/merge_requests/mergeability_check_service.rb +++ b/app/services/merge_requests/mergeability_check_service.rb @@ -166,7 +166,7 @@ module MergeRequests strong_memoize(:service_error) do if !merge_request ServiceResponse.error(message: 'Invalid argument') - elsif Gitlab::Database.main.read_only? + elsif Gitlab::Database.read_only? ServiceResponse.error(message: 'Unsupported operation') end end diff --git a/app/services/packages/create_event_service.rb b/app/services/packages/create_event_service.rb index cb38a2fea8f..8fed6e2def8 100644 --- a/app/services/packages/create_event_service.rb +++ b/app/services/packages/create_event_service.rb @@ -11,7 +11,7 @@ module Packages ::Gitlab::UsageDataCounters::PackageEventCounter.count(event_name) end - if Feature.enabled?(:collect_package_events) && Gitlab::Database.main.read_write? + if Feature.enabled?(:collect_package_events) && Gitlab::Database.read_write? ::Packages::Event.create!( event_type: event_name, originator: current_user&.id, diff --git a/app/services/personal_access_tokens/last_used_service.rb b/app/services/personal_access_tokens/last_used_service.rb index ed76236c5c7..9066fd1acdf 100644 --- a/app/services/personal_access_tokens/last_used_service.rb +++ b/app/services/personal_access_tokens/last_used_service.rb @@ -18,7 +18,7 @@ module PersonalAccessTokens private def update? - return false if ::Gitlab::Database.main.read_only? + return false if ::Gitlab::Database.read_only? last_used = @personal_access_token.last_used_at diff --git a/app/services/repositories/destroy_service.rb b/app/services/repositories/destroy_service.rb index c73c556d1da..1e34dfbe398 100644 --- a/app/services/repositories/destroy_service.rb +++ b/app/services/repositories/destroy_service.rb @@ -19,7 +19,7 @@ class Repositories::DestroyService < Repositories::BaseService # never be triggered on a read-only instance. # # Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/223272 - if Gitlab::Database.main.read_only? + if Gitlab::Database.read_only? Repositories::ShellDestroyService.new(current_repository).execute else container.run_after_commit do diff --git a/app/services/users/activity_service.rb b/app/services/users/activity_service.rb index a1ef412d7c8..20594bec28d 100644 --- a/app/services/users/activity_service.rb +++ b/app/services/users/activity_service.rb @@ -23,7 +23,7 @@ module Users private def record_activity - return if Gitlab::Database.main.read_only? + return if Gitlab::Database.read_only? today = Date.today diff --git a/app/views/projects/diffs/_file.html.haml b/app/views/projects/diffs/_file.html.haml index 35e2fe1b398..418a65118f5 100644 --- a/app/views/projects/diffs/_file.html.haml +++ b/app/views/projects/diffs/_file.html.haml @@ -16,7 +16,7 @@ - unless diff_file.submodule? .file-actions.gl-display-none.gl-sm-display-flex - if diff_file.blob&.readable_text? - %span.has-tooltip.gl-mr-3{ title: _("Toggle comments for this file") } + %span.has-tooltip{ title: _("Toggle comments for this file") } = link_to '#', class: 'js-toggle-diff-comments btn gl-button btn-default btn-icon selected', disabled: @diff_notes_disabled do = sprite_icon('comment') \ diff --git a/app/views/projects/merge_requests/creations/_new_submit.html.haml b/app/views/projects/merge_requests/creations/_new_submit.html.haml index 7e1ca19d9b6..4aca13ae74a 100644 --- a/app/views/projects/merge_requests/creations/_new_submit.html.haml +++ b/app/views/projects/merge_requests/creations/_new_submit.html.haml @@ -40,7 +40,7 @@ #diff-notes-app.tab-content #new.commits.tab-pane.active = render "projects/merge_requests/commits" - #diffs.diffs.tab-pane + #diffs.diffs.tab-pane{ class: "gl-m-0!" } -# This tab is always loaded via AJAX - if @pipelines.any? #pipelines.pipelines.tab-pane diff --git a/app/workers/all_queues.yml b/app/workers/all_queues.yml index 4c64ccb259c..583da304048 100644 --- a/app/workers/all_queues.yml +++ b/app/workers/all_queues.yml @@ -1077,7 +1077,7 @@ :feature_category: :incident_management :has_external_dependencies: :urgency: :low - :resource_boundary: :unknown + :resource_boundary: :cpu :weight: 2 :idempotent: :tags: @@ -1096,7 +1096,7 @@ :feature_category: :incident_management :has_external_dependencies: :urgency: :low - :resource_boundary: :unknown + :resource_boundary: :cpu :weight: 2 :idempotent: true :tags: [] @@ -2141,7 +2141,7 @@ :feature_category: :metrics :has_external_dependencies: :urgency: :low - :resource_boundary: :unknown + :resource_boundary: :cpu :weight: 1 :idempotent: true :tags: diff --git a/app/workers/concerns/git_garbage_collect_methods.rb b/app/workers/concerns/git_garbage_collect_methods.rb index c8eb8368762..c46deeb716f 100644 --- a/app/workers/concerns/git_garbage_collect_methods.rb +++ b/app/workers/concerns/git_garbage_collect_methods.rb @@ -124,7 +124,7 @@ module GitGarbageCollectMethods def update_repository_statistics(resource) resource.repository.expire_statistics_caches - return if Gitlab::Database.main.read_only? # GitGarbageCollectWorker may be run on a Geo secondary + return if Gitlab::Database.read_only? # GitGarbageCollectWorker may be run on a Geo secondary update_db_repository_statistics(resource) end diff --git a/app/workers/gitlab_performance_bar_stats_worker.rb b/app/workers/gitlab_performance_bar_stats_worker.rb index c4720c3400b..4e8bcb9af7b 100644 --- a/app/workers/gitlab_performance_bar_stats_worker.rb +++ b/app/workers/gitlab_performance_bar_stats_worker.rb @@ -4,6 +4,7 @@ class GitlabPerformanceBarStatsWorker include ApplicationWorker data_consistency :always + worker_resource_boundary :cpu sidekiq_options retry: 3 diff --git a/app/workers/incident_management/add_severity_system_note_worker.rb b/app/workers/incident_management/add_severity_system_note_worker.rb index a79a942de9c..31da7b0bcfe 100644 --- a/app/workers/incident_management/add_severity_system_note_worker.rb +++ b/app/workers/incident_management/add_severity_system_note_worker.rb @@ -5,6 +5,7 @@ module IncidentManagement include ApplicationWorker data_consistency :always + worker_resource_boundary :cpu sidekiq_options retry: 3 diff --git a/app/workers/incident_management/process_alert_worker_v2.rb b/app/workers/incident_management/process_alert_worker_v2.rb index 973d27c4396..f3049560bcd 100644 --- a/app/workers/incident_management/process_alert_worker_v2.rb +++ b/app/workers/incident_management/process_alert_worker_v2.rb @@ -5,6 +5,7 @@ module IncidentManagement include ApplicationWorker data_consistency :always + worker_resource_boundary :cpu queue_namespace :incident_management feature_category :incident_management diff --git a/app/workers/pages_domain_verification_cron_worker.rb b/app/workers/pages_domain_verification_cron_worker.rb index 5bbe890f0ee..56339d50a40 100644 --- a/app/workers/pages_domain_verification_cron_worker.rb +++ b/app/workers/pages_domain_verification_cron_worker.rb @@ -11,7 +11,7 @@ class PagesDomainVerificationCronWorker # rubocop:disable Scalability/Idempotent worker_resource_boundary :cpu def perform - return if Gitlab::Database.main.read_only? + return if Gitlab::Database.read_only? PagesDomain.needs_verification.with_logging_info.find_each do |domain| with_context(project: domain.project) do diff --git a/app/workers/pages_domain_verification_worker.rb b/app/workers/pages_domain_verification_worker.rb index ee21282222a..f9504a7c1d2 100644 --- a/app/workers/pages_domain_verification_worker.rb +++ b/app/workers/pages_domain_verification_worker.rb @@ -12,7 +12,7 @@ class PagesDomainVerificationWorker # rubocop:disable Scalability/IdempotentWork # rubocop: disable CodeReuse/ActiveRecord def perform(domain_id) - return if Gitlab::Database.main.read_only? + return if Gitlab::Database.read_only? domain = PagesDomain.find_by(id: domain_id) diff --git a/app/workers/project_cache_worker.rb b/app/workers/project_cache_worker.rb index 3618bc78d82..328fdc4717c 100644 --- a/app/workers/project_cache_worker.rb +++ b/app/workers/project_cache_worker.rb @@ -44,7 +44,7 @@ class ProjectCacheWorker # statistics to become accurate if they were already updated once in the # last 15 minutes. def update_statistics(project, statistics = []) - return if Gitlab::Database.main.read_only? + return if Gitlab::Database.read_only? return unless try_obtain_lease_for(project.id, statistics) Projects::UpdateStatisticsService.new(project, nil, statistics: statistics).execute diff --git a/app/workers/projects/git_garbage_collect_worker.rb b/app/workers/projects/git_garbage_collect_worker.rb index 97fb66aac1d..0d67a8ac30e 100644 --- a/app/workers/projects/git_garbage_collect_worker.rb +++ b/app/workers/projects/git_garbage_collect_worker.rb @@ -23,7 +23,7 @@ module Projects end def cleanup_orphan_lfs_file_references(resource) - return if Gitlab::Database.main.read_only? # GitGarbageCollectWorker may be run on a Geo secondary + return if Gitlab::Database.read_only? # GitGarbageCollectWorker may be run on a Geo secondary ::Gitlab::Cleanup::OrphanLfsFileReferences.new(resource, dry_run: false, logger: logger).run! rescue StandardError => err diff --git a/app/workers/schedule_merge_request_cleanup_refs_worker.rb b/app/workers/schedule_merge_request_cleanup_refs_worker.rb index e00b5efcb66..46a6e0ef01f 100644 --- a/app/workers/schedule_merge_request_cleanup_refs_worker.rb +++ b/app/workers/schedule_merge_request_cleanup_refs_worker.rb @@ -12,7 +12,7 @@ class ScheduleMergeRequestCleanupRefsWorker idempotent! def perform - return if Gitlab::Database.main.read_only? + return if Gitlab::Database.read_only? return unless Feature.enabled?(:merge_request_refs_cleanup, default_enabled: false) MergeRequestCleanupRefsWorker.perform_with_capacity diff --git a/config/feature_flags/development/agent_kubeconfig_ci_variable.yml b/config/feature_flags/development/agent_kubeconfig_ci_variable.yml new file mode 100644 index 00000000000..78a10a094c6 --- /dev/null +++ b/config/feature_flags/development/agent_kubeconfig_ci_variable.yml @@ -0,0 +1,8 @@ +--- +name: agent_kubeconfig_ci_variable +introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/67089 +rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/337164 +milestone: '14.2' +type: development +group: group::configure +default_enabled: false diff --git a/config/initializers/fill_shards.rb b/config/initializers/fill_shards.rb index dbfb1a3c501..e2889f59574 100644 --- a/config/initializers/fill_shards.rb +++ b/config/initializers/fill_shards.rb @@ -4,6 +4,6 @@ # `Shard.connected?` could be cached and return true even though the table doesn't exist return unless Shard.connected? return unless ActiveRecord::Migrator.current_version >= 20190402150158 -return if Gitlab::Database.main.read_only? +return if Gitlab::Database.read_only? Shard.populate! diff --git a/doc/api/members.md b/doc/api/members.md index b066421cf48..8a6d97343e3 100644 --- a/doc/api/members.md +++ b/doc/api/members.md @@ -292,7 +292,8 @@ Example response: "web_url": "http://192.168.1.8:3000/root", "last_activity_on": "2021-01-27", "membership_type": "group_member", - "removable": true + "removable": true, + "created_at": "2021-01-03T12:16:02.000Z" }, { "id": 2, @@ -304,7 +305,8 @@ Example response: "email": "john@example.com", "last_activity_on": "2021-01-25", "membership_type": "group_member", - "removable": true + "removable": true, + "created_at": "2021-01-04T18:46:42.000Z" }, { "id": 3, @@ -315,7 +317,8 @@ Example response: "web_url": "http://192.168.1.8:3000/root", "last_activity_on": "2021-01-20", "membership_type": "group_invite", - "removable": false + "removable": false, + "created_at": "2021-01-09T07:12:31.000Z" } ] ``` diff --git a/doc/ci/img/add_file_template_11_10.png b/doc/ci/img/add_file_template_11_10.png Binary files differdeleted file mode 100644 index ca04d72615b..00000000000 --- a/doc/ci/img/add_file_template_11_10.png +++ /dev/null diff --git a/doc/development/ee_features.md b/doc/development/ee_features.md index f19c2ad706e..42fb9fd42fc 100644 --- a/doc/development/ee_features.md +++ b/doc/development/ee_features.md @@ -445,7 +445,7 @@ module EE override :perform def perform(table_name = EVENT_TABLES.first) - return if ::Gitlab::Database.main.read_only? + return if ::Gitlab::Database.read_only? deleted_rows = prune_orphaned_rows(table_name) table_name = next_table(table_name) if deleted_rows.zero? diff --git a/doc/development/geo.md b/doc/development/geo.md index 91e3722d1d6..38245e5f4e5 100644 --- a/doc/development/geo.md +++ b/doc/development/geo.md @@ -368,12 +368,12 @@ All Geo **secondary** nodes are read-only. The general principle of a [read-only database](verifying_database_capabilities.md#read-only-database) applies to all Geo **secondary** nodes. So the -`Gitlab::Database.main.read_only?` method will always return `true` on a +`Gitlab::Database.read_only?` method will always return `true` on a **secondary** node. When some write actions are not allowed because the node is a -**secondary**, consider adding the `Gitlab::Database.main.read_only?` or -`Gitlab::Database.main.read_write?` guard, instead of `Gitlab::Geo.secondary?`. +**secondary**, consider adding the `Gitlab::Database.read_only?` or +`Gitlab::Database.read_write?` guard, instead of `Gitlab::Geo.secondary?`. The database itself will already be read-only in a replicated setup, so we don't need to take any extra step for that. diff --git a/doc/development/maintenance_mode.md b/doc/development/maintenance_mode.md index 4d29e6c6777..e308ab26c27 100644 --- a/doc/development/maintenance_mode.md +++ b/doc/development/maintenance_mode.md @@ -11,7 +11,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w GitLab Maintenance Mode **only** blocks writes from HTTP and SSH requests at the application level in a few key places within the rails application. [Search the codebase for `maintenance_mode?`.](https://gitlab.com/search?search=maintenance_mode%3F&group_id=9970&project_id=278964&scope=blobs&search_code=false&snippets=false&repository_ref=) -- [the read-only database method](https://gitlab.com/gitlab-org/gitlab/-/blob/2425e9de50c678413ceaad6ee3bf66f42b7e228c/ee/lib/ee/gitlab/database.rb#L13), which toggles special behavior when we are not allowed to write to the database. [Search the codebase for `Gitlab::Database.main.read_only?`.](https://gitlab.com/search?search=Gitlab%3A%3ADatabase.read_only%3F&group_id=9970&project_id=278964&scope=blobs&search_code=false&snippets=false&repository_ref=) +- [the read-only database method](https://gitlab.com/gitlab-org/gitlab/-/blob/2425e9de50c678413ceaad6ee3bf66f42b7e228c/ee/lib/ee/gitlab/database.rb#L13), which toggles special behavior when we are not allowed to write to the database. [Search the codebase for `Gitlab::Database.read_only?`.](https://gitlab.com/search?search=Gitlab%3A%3ADatabase.read_only%3F&group_id=9970&project_id=278964&scope=blobs&search_code=false&snippets=false&repository_ref=) - [the read-only middleware](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/ee/gitlab/middleware/read_only/controller.rb), where HTTP requests that cause database writes are blocked, unless explicitly allowed. - [Git push access via SSH is denied](https://gitlab.com/gitlab-org/gitlab/-/blob/2425e9de50c678413ceaad6ee3bf66f42b7e228c/ee/lib/ee/gitlab/git_access.rb#L13) by returning 401 when `gitlab-shell` POSTs to [`/internal/allowed`](internal_api.md) to [check if access is allowed](internal_api.md#git-authentication). - [Container registry authentication service](https://gitlab.com/gitlab-org/gitlab/-/blob/2425e9de50c678413ceaad6ee3bf66f42b7e228c/ee/app/services/ee/auth/container_registry_authentication_service.rb#L12), where updates to the container registry are blocked. diff --git a/doc/development/verifying_database_capabilities.md b/doc/development/verifying_database_capabilities.md index a6575dc79f8..c5e854701c2 100644 --- a/doc/development/verifying_database_capabilities.md +++ b/doc/development/verifying_database_capabilities.md @@ -30,7 +30,7 @@ end The database can be used in read-only mode. In this case we have to make sure all GET requests don't attempt any write operations to the database. If one of those requests wants to write to the database, it needs -to be wrapped in a `Gitlab::Database.main.read_only?` or `Gitlab::Database.main.read_write?` +to be wrapped in a `Gitlab::Database.read_only?` or `Gitlab::Database.read_write?` guard, to make sure it doesn't for read-only databases. We have a Rails Middleware that filters any potentially writing diff --git a/doc/operations/metrics/img/linked_runbooks_on_charts.png b/doc/operations/metrics/img/linked_runbooks_on_charts.png Binary files differdeleted file mode 100644 index 335ba5dc172..00000000000 --- a/doc/operations/metrics/img/linked_runbooks_on_charts.png +++ /dev/null diff --git a/doc/operations/metrics/img/prometheus_alert.png b/doc/operations/metrics/img/prometheus_alert.png Binary files differdeleted file mode 100644 index 08680c88b23..00000000000 --- a/doc/operations/metrics/img/prometheus_alert.png +++ /dev/null diff --git a/doc/topics/autodevops/img/guide_cluster_apps_v12_3.png b/doc/topics/autodevops/img/guide_cluster_apps_v12_3.png Binary files differdeleted file mode 100644 index 9be414434c7..00000000000 --- a/doc/topics/autodevops/img/guide_cluster_apps_v12_3.png +++ /dev/null diff --git a/doc/topics/autodevops/img/guide_first_pipeline_v12_3.png b/doc/topics/autodevops/img/guide_first_pipeline_v12_3.png Binary files differdeleted file mode 100644 index 9b51b5cfdd8..00000000000 --- a/doc/topics/autodevops/img/guide_first_pipeline_v12_3.png +++ /dev/null diff --git a/doc/topics/autodevops/img/guide_gitlab_gke_details_v12_3.png b/doc/topics/autodevops/img/guide_gitlab_gke_details_v12_3.png Binary files differdeleted file mode 100644 index 2f3f8259316..00000000000 --- a/doc/topics/autodevops/img/guide_gitlab_gke_details_v12_3.png +++ /dev/null diff --git a/doc/topics/autodevops/img/guide_google_auth_v12_3.png b/doc/topics/autodevops/img/guide_google_auth_v12_3.png Binary files differdeleted file mode 100644 index b97b2be9f15..00000000000 --- a/doc/topics/autodevops/img/guide_google_auth_v12_3.png +++ /dev/null diff --git a/doc/topics/autodevops/img/guide_google_signin_v12_3.png b/doc/topics/autodevops/img/guide_google_signin_v12_3.png Binary files differdeleted file mode 100644 index 58bcc5e67b6..00000000000 --- a/doc/topics/autodevops/img/guide_google_signin_v12_3.png +++ /dev/null diff --git a/doc/user/application_security/api_fuzzing/img/api_fuzzing_configuration_snippet_v13.10.png b/doc/user/application_security/api_fuzzing/img/api_fuzzing_configuration_snippet_v13.10.png Binary files differdeleted file mode 100644 index 80c550a3ae7..00000000000 --- a/doc/user/application_security/api_fuzzing/img/api_fuzzing_configuration_snippet_v13.10.png +++ /dev/null diff --git a/doc/user/application_security/img/vulnerability_page_merge_request_button_dropdown_v13_1.png b/doc/user/application_security/img/vulnerability_page_merge_request_button_dropdown_v13_1.png Binary files differdeleted file mode 100644 index 05ca74c3d5c..00000000000 --- a/doc/user/application_security/img/vulnerability_page_merge_request_button_dropdown_v13_1.png +++ /dev/null diff --git a/doc/user/application_security/sast/img/sast_v13_2.png b/doc/user/application_security/sast/img/sast_v13_2.png Binary files differdeleted file mode 100644 index 5697ed9beb0..00000000000 --- a/doc/user/application_security/sast/img/sast_v13_2.png +++ /dev/null diff --git a/doc/user/clusters/img/jupyter-git-extension.gif b/doc/user/clusters/img/jupyter-git-extension.gif Binary files differdeleted file mode 100644 index 14dc567af2a..00000000000 --- a/doc/user/clusters/img/jupyter-git-extension.gif +++ /dev/null diff --git a/doc/user/clusters/img/jupyter-gitclone.png b/doc/user/clusters/img/jupyter-gitclone.png Binary files differdeleted file mode 100644 index aff194dea43..00000000000 --- a/doc/user/clusters/img/jupyter-gitclone.png +++ /dev/null diff --git a/doc/user/clusters/img/threat_monitoring_v12_9.png b/doc/user/clusters/img/threat_monitoring_v12_9.png Binary files differdeleted file mode 100644 index 9097f9334a8..00000000000 --- a/doc/user/clusters/img/threat_monitoring_v12_9.png +++ /dev/null diff --git a/doc/user/discussions/img/only_allow_merge_if_all_threads_are_resolved.png b/doc/user/discussions/img/only_allow_merge_if_all_threads_are_resolved.png Binary files differdeleted file mode 100644 index bd0aaca79b2..00000000000 --- a/doc/user/discussions/img/only_allow_merge_if_all_threads_are_resolved.png +++ /dev/null diff --git a/doc/user/group/saml_sso/img/saml_group_links_v13_6.png b/doc/user/group/saml_sso/img/saml_group_links_v13_6.png Binary files differdeleted file mode 100644 index c78b77b8fcf..00000000000 --- a/doc/user/group/saml_sso/img/saml_group_links_v13_6.png +++ /dev/null diff --git a/doc/user/project/clusters/runbooks/img/ingress-install.png b/doc/user/project/clusters/runbooks/img/ingress-install.png Binary files differdeleted file mode 100644 index 08256a65138..00000000000 --- a/doc/user/project/clusters/runbooks/img/ingress-install.png +++ /dev/null diff --git a/doc/user/project/clusters/runbooks/img/jupyterhub-install.png b/doc/user/project/clusters/runbooks/img/jupyterhub-install.png Binary files differdeleted file mode 100644 index 784e508ff25..00000000000 --- a/doc/user/project/clusters/runbooks/img/jupyterhub-install.png +++ /dev/null diff --git a/doc/user/project/clusters/serverless/img/dns-entry.png b/doc/user/project/clusters/serverless/img/dns-entry.png Binary files differdeleted file mode 100644 index 7b5d6497f0e..00000000000 --- a/doc/user/project/clusters/serverless/img/dns-entry.png +++ /dev/null diff --git a/doc/user/project/clusters/serverless/img/install-knative.png b/doc/user/project/clusters/serverless/img/install-knative.png Binary files differdeleted file mode 100644 index 1dc830848f2..00000000000 --- a/doc/user/project/clusters/serverless/img/install-knative.png +++ /dev/null diff --git a/doc/user/project/img/protected_branches_devs_can_push_v12_3.png b/doc/user/project/img/protected_branches_devs_can_push_v12_3.png Binary files differdeleted file mode 100644 index adc03a41abb..00000000000 --- a/doc/user/project/img/protected_branches_devs_can_push_v12_3.png +++ /dev/null diff --git a/doc/user/project/integrations/img/prometheus_deploy.png b/doc/user/project/integrations/img/prometheus_deploy.png Binary files differdeleted file mode 100644 index 3f19f23b0cc..00000000000 --- a/doc/user/project/integrations/img/prometheus_deploy.png +++ /dev/null diff --git a/doc/user/project/integrations/img/services_templates_redmine_example.png b/doc/user/project/integrations/img/services_templates_redmine_example.png Binary files differdeleted file mode 100644 index 34594dfdd55..00000000000 --- a/doc/user/project/integrations/img/services_templates_redmine_example.png +++ /dev/null diff --git a/doc/user/project/merge_requests/img/checkout_button.png b/doc/user/project/merge_requests/img/checkout_button.png Binary files differdeleted file mode 100644 index 9850795c9b4..00000000000 --- a/doc/user/project/merge_requests/img/checkout_button.png +++ /dev/null diff --git a/doc/user/project/merge_requests/img/code_quality_mr_diff_report_v13_11.png b/doc/user/project/merge_requests/img/code_quality_mr_diff_report_v13_11.png Binary files differdeleted file mode 100644 index 0fcdc252735..00000000000 --- a/doc/user/project/merge_requests/img/code_quality_mr_diff_report_v13_11.png +++ /dev/null diff --git a/doc/user/project/merge_requests/reviews/img/pending_review_comment.png b/doc/user/project/merge_requests/reviews/img/pending_review_comment.png Binary files differdeleted file mode 100644 index 70a66b3f4f0..00000000000 --- a/doc/user/project/merge_requests/reviews/img/pending_review_comment.png +++ /dev/null diff --git a/lib/api/v3/github.rb b/lib/api/v3/github.rb index be5caa86510..29e4a79110f 100644 --- a/lib/api/v3/github.rb +++ b/lib/api/v3/github.rb @@ -42,7 +42,7 @@ module API def update_project_feature_usage_for(project) # Prevent errors on GitLab Geo not allowing # UPDATE statements to happen in GET requests. - return if Gitlab::Database.main.read_only? + return if Gitlab::Database.read_only? project.log_jira_dvcs_integration_usage(cloud: jira_cloud?) end diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb index 3967c0df9b3..0877a31e0f9 100644 --- a/lib/gitlab/auth.rb +++ b/lib/gitlab/auth.rb @@ -394,7 +394,7 @@ module Gitlab end def user_auth_attempt!(user, success:) - return unless user && Gitlab::Database.main.read_write? + return unless user && Gitlab::Database.read_write? return user.unlock_access! if success user.increment_failed_attempts! diff --git a/lib/gitlab/auth/ldap/access.rb b/lib/gitlab/auth/ldap/access.rb index 13bed3bf179..62a817d7c4d 100644 --- a/lib/gitlab/auth/ldap/access.rb +++ b/lib/gitlab/auth/ldap/access.rb @@ -21,7 +21,7 @@ module Gitlab # Whether user is allowed, or not, we should update # permissions to keep things clean if access.allowed? - unless Gitlab::Database.main.read_only? + unless Gitlab::Database.read_only? access.update_user Users::UpdateService.new(user, user: user, last_credential_check_at: Time.now).execute end diff --git a/lib/gitlab/ci/config.rb b/lib/gitlab/ci/config.rb index 24d84ac36bf..98f9f25330a 100644 --- a/lib/gitlab/ci/config.rb +++ b/lib/gitlab/ci/config.rb @@ -20,7 +20,7 @@ module Gitlab attr_reader :root, :context, :ref, :source def initialize(config, project: nil, sha: nil, user: nil, parent_pipeline: nil, ref: nil, source: nil) - @context = build_context(project: project, sha: sha, user: user, parent_pipeline: parent_pipeline) + @context = build_context(project: project, sha: sha, user: user, parent_pipeline: parent_pipeline, ref: ref) @context.set_deadline(TIMEOUT_SECONDS) @ref = ref @@ -108,13 +108,13 @@ module Gitlab end end - def build_context(project:, sha:, user:, parent_pipeline:) + def build_context(project:, sha:, user:, parent_pipeline:, ref:) Config::External::Context.new( project: project, sha: sha || find_sha(project), user: user, parent_pipeline: parent_pipeline, - variables: build_variables(project: project, ref: sha)) + variables: build_variables(project: project, ref: ref)) end def build_variables(project:, ref:) diff --git a/lib/gitlab/database.rb b/lib/gitlab/database.rb index 160a261c1df..8ae68e2a8a0 100644 --- a/lib/gitlab/database.rb +++ b/lib/gitlab/database.rb @@ -173,6 +173,14 @@ module Gitlab ActiveRecord::Base.prepend(ActiveRecordBaseTransactionMetrics) end + def self.read_only? + false + end + + def self.read_write? + !read_only? + end + # MonkeyPatch for ActiveRecord::Base for adding observability module ActiveRecordBaseTransactionMetrics extend ActiveSupport::Concern @@ -189,3 +197,5 @@ module Gitlab end end end + +Gitlab::Database.prepend_mod_with('Gitlab::Database') diff --git a/lib/gitlab/database/connection.rb b/lib/gitlab/database/connection.rb index 521512f5644..1b9d49fe376 100644 --- a/lib/gitlab/database/connection.rb +++ b/lib/gitlab/database/connection.rb @@ -80,14 +80,6 @@ module Gitlab scope.establish_connection(config.merge(prepared_statements: false)) end - def read_only? - false - end - - def read_write? - !read_only? - end - # Check whether the underlying database is in read-only mode def db_read_only? pg_is_in_recovery = diff --git a/lib/gitlab/git_access.rb b/lib/gitlab/git_access.rb index 6d8f630d999..759c6b93d9a 100644 --- a/lib/gitlab/git_access.rb +++ b/lib/gitlab/git_access.rb @@ -257,7 +257,7 @@ module Gitlab def check_db_accessibility! return unless receive_pack? - if Gitlab::Database.main.read_only? + if Gitlab::Database.read_only? raise ForbiddenError, push_to_read_only_message end end diff --git a/lib/gitlab/gpg/commit.rb b/lib/gitlab/gpg/commit.rb index d6c720f5ee2..1abbd6dc45b 100644 --- a/lib/gitlab/gpg/commit.rb +++ b/lib/gitlab/gpg/commit.rb @@ -71,7 +71,7 @@ module Gitlab def create_cached_signature! using_keychain do |gpg_key| attributes = attributes(gpg_key) - break GpgSignature.new(attributes) if Gitlab::Database.main.read_only? + break GpgSignature.new(attributes) if Gitlab::Database.read_only? GpgSignature.safe_create!(attributes) end diff --git a/lib/gitlab/kas.rb b/lib/gitlab/kas.rb index 86c0aa2b48d..06ab0e78d9b 100644 --- a/lib/gitlab/kas.rb +++ b/lib/gitlab/kas.rb @@ -5,6 +5,7 @@ module Gitlab INTERNAL_API_REQUEST_HEADER = 'Gitlab-Kas-Api-Request' VERSION_FILE = 'GITLAB_KAS_VERSION' JWT_ISSUER = 'gitlab-kas' + K8S_PROXY_PATH = 'k8s-proxy' include JwtAuthenticatable @@ -39,6 +40,10 @@ module Gitlab Gitlab.config.gitlab_kas.external_url end + def tunnel_url + URI.join(external_url, K8S_PROXY_PATH).to_s + end + # Return GitLab KAS internal_url # # @return [String] internal_url diff --git a/lib/gitlab/kubernetes/kubeconfig/entry/cluster.rb b/lib/gitlab/kubernetes/kubeconfig/entry/cluster.rb new file mode 100644 index 00000000000..836517d4e1f --- /dev/null +++ b/lib/gitlab/kubernetes/kubeconfig/entry/cluster.rb @@ -0,0 +1,43 @@ +# frozen_string_literal: true + +module Gitlab + module Kubernetes + module Kubeconfig + module Entry + class Cluster + attr_reader :name + + def initialize(name:, url:, ca_pem: nil) + @name = name + @url = url + @ca_pem = ca_pem + end + + def to_h + { + name: name, + cluster: cluster + } + end + + private + + attr_reader :url, :ca_pem + + def cluster + { + server: url, + 'certificate-authority-data': certificate_authority_data + }.compact + end + + def certificate_authority_data + return unless ca_pem.present? + + Base64.strict_encode64(ca_pem) + end + end + end + end + end +end diff --git a/lib/gitlab/kubernetes/kubeconfig/entry/context.rb b/lib/gitlab/kubernetes/kubeconfig/entry/context.rb new file mode 100644 index 00000000000..8ff17ab9cff --- /dev/null +++ b/lib/gitlab/kubernetes/kubeconfig/entry/context.rb @@ -0,0 +1,39 @@ +# frozen_string_literal: true + +module Gitlab + module Kubernetes + module Kubeconfig + module Entry + class Context + attr_reader :name + + def initialize(name:, cluster:, user:, namespace: nil) + @name = name + @cluster = cluster + @user = user + @namespace = namespace + end + + def to_h + { + name: name, + context: context + } + end + + private + + attr_reader :cluster, :user, :namespace + + def context + { + cluster: cluster, + namespace: namespace, + user: user + }.compact + end + end + end + end + end +end diff --git a/lib/gitlab/kubernetes/kubeconfig/entry/user.rb b/lib/gitlab/kubernetes/kubeconfig/entry/user.rb new file mode 100644 index 00000000000..784f6d67802 --- /dev/null +++ b/lib/gitlab/kubernetes/kubeconfig/entry/user.rb @@ -0,0 +1,29 @@ +# frozen_string_literal: true + +module Gitlab + module Kubernetes + module Kubeconfig + module Entry + class User + attr_reader :name + + def initialize(name:, token:) + @name = name + @token = token + end + + def to_h + { + name: name, + user: { token: token } + } + end + + private + + attr_reader :token + end + end + end + end +end diff --git a/lib/gitlab/kubernetes/kubeconfig/template.rb b/lib/gitlab/kubernetes/kubeconfig/template.rb new file mode 100644 index 00000000000..da0861ee86a --- /dev/null +++ b/lib/gitlab/kubernetes/kubeconfig/template.rb @@ -0,0 +1,59 @@ +# frozen_string_literal: true + +module Gitlab + module Kubernetes + module Kubeconfig + class Template + ENTRIES = { + cluster: Gitlab::Kubernetes::Kubeconfig::Entry::Cluster, + user: Gitlab::Kubernetes::Kubeconfig::Entry::User, + context: Gitlab::Kubernetes::Kubeconfig::Entry::Context + }.freeze + + def initialize + @clusters = [] + @users = [] + @contexts = [] + end + + def valid? + contexts.present? + end + + def add_cluster(**args) + clusters << new_entry(:cluster, **args) + end + + def add_user(**args) + users << new_entry(:user, **args) + end + + def add_context(**args) + contexts << new_entry(:context, **args) + end + + def to_h + { + apiVersion: 'v1', + kind: 'Config', + clusters: clusters.map(&:to_h), + users: users.map(&:to_h), + contexts: contexts.map(&:to_h) + } + end + + def to_yaml + YAML.dump(to_h.deep_stringify_keys) + end + + private + + attr_reader :clusters, :users, :contexts + + def new_entry(entry, **args) + ENTRIES.fetch(entry).new(**args) + end + end + end + end +end diff --git a/lib/gitlab/lets_encrypt/client.rb b/lib/gitlab/lets_encrypt/client.rb index aabf819e4a8..ad2921ed555 100644 --- a/lib/gitlab/lets_encrypt/client.rb +++ b/lib/gitlab/lets_encrypt/client.rb @@ -71,7 +71,7 @@ module Gitlab end def generate_private_key - return if Gitlab::Database.main.read_only? + return if Gitlab::Database.read_only? application_settings = Gitlab::CurrentSettings.current_application_settings application_settings.with_lock do diff --git a/lib/gitlab/markdown_cache/active_record/extension.rb b/lib/gitlab/markdown_cache/active_record/extension.rb index c2962d8d129..af94884f1a7 100644 --- a/lib/gitlab/markdown_cache/active_record/extension.rb +++ b/lib/gitlab/markdown_cache/active_record/extension.rb @@ -38,7 +38,7 @@ module Gitlab end def save_markdown(updates) - return unless persisted? && Gitlab::Database.main.read_write? + return unless persisted? && Gitlab::Database.read_write? update_columns(updates) end diff --git a/lib/gitlab/middleware/read_only/controller.rb b/lib/gitlab/middleware/read_only/controller.rb index fd95b59d8d8..65c08664a2b 100644 --- a/lib/gitlab/middleware/read_only/controller.rb +++ b/lib/gitlab/middleware/read_only/controller.rb @@ -59,7 +59,7 @@ module Gitlab # Overridden in EE module def read_only? - Gitlab::Database.main.read_only? + Gitlab::Database.read_only? end def json_request? diff --git a/lib/gitlab/x509/commit.rb b/lib/gitlab/x509/commit.rb index 5932170748a..91951a3e505 100644 --- a/lib/gitlab/x509/commit.rb +++ b/lib/gitlab/x509/commit.rb @@ -49,7 +49,7 @@ module Gitlab def create_cached_signature! return if attributes.nil? - return X509CommitSignature.new(attributes) if Gitlab::Database.main.read_only? + return X509CommitSignature.new(attributes) if Gitlab::Database.read_only? X509CommitSignature.safe_create!(attributes) end diff --git a/lib/tasks/gitlab/storage.rake b/lib/tasks/gitlab/storage.rake index e79d78f655a..fb9f9b9fe67 100644 --- a/lib/tasks/gitlab/storage.rake +++ b/lib/tasks/gitlab/storage.rake @@ -4,7 +4,7 @@ namespace :gitlab do namespace :storage do desc 'GitLab | Storage | Migrate existing projects to Hashed Storage' task migrate_to_hashed: :environment do - if Gitlab::Database.main.read_only? + if Gitlab::Database.read_only? abort 'This task requires database write access. Exiting.' end @@ -50,7 +50,7 @@ namespace :gitlab do desc 'GitLab | Storage | Rollback existing projects to Legacy Storage' task rollback_to_legacy: :environment do - if Gitlab::Database.main.read_only? + if Gitlab::Database.read_only? abort 'This task requires database write access. Exiting.' end diff --git a/spec/controllers/admin/sessions_controller_spec.rb b/spec/controllers/admin/sessions_controller_spec.rb index dc1bed63850..5fa7a7f278d 100644 --- a/spec/controllers/admin/sessions_controller_spec.rb +++ b/spec/controllers/admin/sessions_controller_spec.rb @@ -179,7 +179,7 @@ RSpec.describe Admin::SessionsController, :do_not_mock_admin_mode do context 'on a read-only instance' do before do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) end it 'does not attempt to write to the database with valid otp' do diff --git a/spec/controllers/repositories/git_http_controller_spec.rb b/spec/controllers/repositories/git_http_controller_spec.rb index f80f5956c43..04d5008cb34 100644 --- a/spec/controllers/repositories/git_http_controller_spec.rb +++ b/spec/controllers/repositories/git_http_controller_spec.rb @@ -24,7 +24,7 @@ RSpec.describe Repositories::GitHttpController do context 'on a read-only instance' do before do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) end it 'does not update project statistics' do diff --git a/spec/features/admin/admin_mode/logout_spec.rb b/spec/features/admin/admin_mode/logout_spec.rb index 5e0c43cdee2..58bea5c4b5f 100644 --- a/spec/features/admin/admin_mode/logout_spec.rb +++ b/spec/features/admin/admin_mode/logout_spec.rb @@ -37,7 +37,7 @@ RSpec.describe 'Admin Mode Logout', :js do context 'on a read-only instance' do before do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) end it 'disable removes admin mode and redirects to root page' do diff --git a/spec/features/admin/admin_mode_spec.rb b/spec/features/admin/admin_mode_spec.rb index e2653e6b3a8..24a10d3677d 100644 --- a/spec/features/admin/admin_mode_spec.rb +++ b/spec/features/admin/admin_mode_spec.rb @@ -57,7 +57,7 @@ RSpec.describe 'Admin mode', :js do context 'on a read-only instance' do before do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) end it 'can enter admin mode' do @@ -117,7 +117,7 @@ RSpec.describe 'Admin mode', :js do context 'on a read-only instance' do before do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) end it 'can leave admin mode' do diff --git a/spec/features/projects/branches_spec.rb b/spec/features/projects/branches_spec.rb index 37d76a0a8ed..0a79719f14a 100644 --- a/spec/features/projects/branches_spec.rb +++ b/spec/features/projects/branches_spec.rb @@ -315,7 +315,7 @@ RSpec.describe 'Branches' do context 'on a read-only instance' do before do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) end it_behaves_like 'compares branches' diff --git a/spec/features/projects/compare_spec.rb b/spec/features/projects/compare_spec.rb index 0c93f6284bb..bc3ef2af9b0 100644 --- a/spec/features/projects/compare_spec.rb +++ b/spec/features/projects/compare_spec.rb @@ -40,7 +40,7 @@ RSpec.describe "Compare", :js do context 'on a read-only instance' do before do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) end it_behaves_like 'compares branches' diff --git a/spec/features/projects/settings/registry_settings_spec.rb b/spec/features/projects/settings/registry_settings_spec.rb index 3f9f2dae453..509729d526d 100644 --- a/spec/features/projects/settings/registry_settings_spec.rb +++ b/spec/features/projects/settings/registry_settings_spec.rb @@ -9,12 +9,12 @@ RSpec.describe 'Project > Settings > CI/CD > Container registry tag expiration p let_it_be(:project, reload: true) { create(:project, namespace: user.namespace) } let(:container_registry_enabled) { true } - let(:container_registry_enabled_on_project) { true } + let(:container_registry_enabled_on_project) { ProjectFeature::ENABLED } subject { visit project_settings_packages_and_registries_path(project) } before do - project.update!(container_registry_enabled: container_registry_enabled_on_project) + project.project_feature.update!(container_registry_access_level: container_registry_enabled_on_project) project.container_expiration_policy.update!(enabled: true) sign_in(user) @@ -104,7 +104,7 @@ RSpec.describe 'Project > Settings > CI/CD > Container registry tag expiration p end context 'when container registry is disabled on project' do - let(:container_registry_enabled_on_project) { false } + let(:container_registry_enabled_on_project) { ProjectFeature::DISABLED } it 'does not exists' do subject diff --git a/spec/features/read_only_spec.rb b/spec/features/read_only_spec.rb index 95b8e14c07f..11686552062 100644 --- a/spec/features/read_only_spec.rb +++ b/spec/features/read_only_spec.rb @@ -11,7 +11,7 @@ RSpec.describe 'read-only message' do context 'when database is read-only' do before do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) end it_behaves_like 'Read-only instance', /You are on a read\-only GitLab instance./ @@ -19,7 +19,7 @@ RSpec.describe 'read-only message' do context 'when database is in read-write mode' do before do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(false) + allow(Gitlab::Database).to receive(:read_only?).and_return(false) end it_behaves_like 'Read-write instance', /You are on a read\-only GitLab instance./ diff --git a/spec/features/users/logout_spec.rb b/spec/features/users/logout_spec.rb index b23eeb9b30e..ffb8785b277 100644 --- a/spec/features/users/logout_spec.rb +++ b/spec/features/users/logout_spec.rb @@ -24,7 +24,7 @@ RSpec.describe 'Logout/Sign out', :js do context 'on a read-only instance' do before do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) end it 'sign out redirects to sign in page' do diff --git a/spec/lib/banzai/renderer_spec.rb b/spec/lib/banzai/renderer_spec.rb index 316f3248b8f..52bf3087875 100644 --- a/spec/lib/banzai/renderer_spec.rb +++ b/spec/lib/banzai/renderer_spec.rb @@ -65,7 +65,7 @@ RSpec.describe Banzai::Renderer do end it "skips database caching on a GitLab read-only instance" do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) expect(object).to receive(:refresh_markdown_cache!) is_expected.to eq('field_html') diff --git a/spec/lib/gitlab/auth/ldap/access_spec.rb b/spec/lib/gitlab/auth/ldap/access_spec.rb index 9d3c6855e9f..9e269f84b7e 100644 --- a/spec/lib/gitlab/auth/ldap/access_spec.rb +++ b/spec/lib/gitlab/auth/ldap/access_spec.rb @@ -22,7 +22,7 @@ RSpec.describe Gitlab::Auth::Ldap::Access do end it "does not update user's `last_credential_check_at` when in a read-only GitLab instance" do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) expect { described_class.allowed?(user) } .not_to change { user.last_credential_check_at } diff --git a/spec/lib/gitlab/auth_spec.rb b/spec/lib/gitlab/auth_spec.rb index 94f3710b8d2..2e3dce3f418 100644 --- a/spec/lib/gitlab/auth_spec.rb +++ b/spec/lib/gitlab/auth_spec.rb @@ -844,7 +844,7 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do context 'when the database is read-only' do before do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) end it 'does not increment failed_attempts when true and password is incorrect' do diff --git a/spec/lib/gitlab/ci/pipeline/chain/populate_spec.rb b/spec/lib/gitlab/ci/pipeline/chain/populate_spec.rb index e8c127f0444..62de4d2e96d 100644 --- a/spec/lib/gitlab/ci/pipeline/chain/populate_spec.rb +++ b/spec/lib/gitlab/ci/pipeline/chain/populate_spec.rb @@ -107,7 +107,6 @@ RSpec.describe Gitlab::Ci::Pipeline::Chain::Populate do context 'when ref is protected' do before do allow(project).to receive(:protected_for?).with('master').and_return(true) - allow(project).to receive(:protected_for?).with('b83d6e391c22777fca1ed3012fce84f633d7fed0').and_return(true) allow(project).to receive(:protected_for?).with('refs/heads/master').and_return(true) dependencies.map(&:perform!) diff --git a/spec/lib/gitlab/database/connection_spec.rb b/spec/lib/gitlab/database/connection_spec.rb index 4cbc94660c3..517d40deb1c 100644 --- a/spec/lib/gitlab/database/connection_spec.rb +++ b/spec/lib/gitlab/database/connection_spec.rb @@ -162,18 +162,6 @@ RSpec.describe Gitlab::Database::Connection do end end - describe '#read_only?' do - it 'returns false' do - expect(connection.read_only?).to eq(false) - end - end - - describe '#read_write' do - it 'returns true' do - expect(connection.read_write?).to eq(true) - end - end - describe '#db_read_only?' do it 'detects a read-only database' do allow(connection.scope.connection) diff --git a/spec/lib/gitlab/database_spec.rb b/spec/lib/gitlab/database_spec.rb index 7487fa0f022..c67b5af5e3c 100644 --- a/spec/lib/gitlab/database_spec.rb +++ b/spec/lib/gitlab/database_spec.rb @@ -190,6 +190,18 @@ RSpec.describe Gitlab::Database do end end + describe '.read_only?' do + it 'returns false' do + expect(described_class.read_only?).to eq(false) + end + end + + describe '.read_write' do + it 'returns true' do + expect(described_class.read_write?).to eq(true) + end + end + describe 'ActiveRecordBaseTransactionMetrics' do def subscribe_events events = [] diff --git a/spec/lib/gitlab/git_access_spec.rb b/spec/lib/gitlab/git_access_spec.rb index a562865cd16..bf682e4e4c6 100644 --- a/spec/lib/gitlab/git_access_spec.rb +++ b/spec/lib/gitlab/git_access_spec.rb @@ -392,7 +392,7 @@ RSpec.describe Gitlab::GitAccess do context 'when in a read-only GitLab instance' do before do create(:protected_branch, name: 'feature', project: project) - allow(Gitlab::Database.main).to receive(:read_only?) { true } + allow(Gitlab::Database).to receive(:read_only?) { true } end it { expect { push_access_check }.to raise_forbidden(described_class::ERROR_MESSAGES[:cannot_push_to_read_only]) } diff --git a/spec/lib/gitlab/git_access_wiki_spec.rb b/spec/lib/gitlab/git_access_wiki_spec.rb index c6e15e4f0cc..5ada8a6ef40 100644 --- a/spec/lib/gitlab/git_access_wiki_spec.rb +++ b/spec/lib/gitlab/git_access_wiki_spec.rb @@ -31,7 +31,7 @@ RSpec.describe Gitlab::GitAccessWiki do let(:message) { "You can't push code to a read-only GitLab instance." } before do - allow(Gitlab::Database.main).to receive(:read_only?) { true } + allow(Gitlab::Database).to receive(:read_only?) { true } end it_behaves_like 'forbidden git access' diff --git a/spec/lib/gitlab/gpg/commit_spec.rb b/spec/lib/gitlab/gpg/commit_spec.rb index 917cd5b5a83..55102554508 100644 --- a/spec/lib/gitlab/gpg/commit_spec.rb +++ b/spec/lib/gitlab/gpg/commit_spec.rb @@ -91,7 +91,7 @@ RSpec.describe Gitlab::Gpg::Commit do context 'read-only mode' do before do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) end it 'does not create a cached signature' do diff --git a/spec/lib/gitlab/kas_spec.rb b/spec/lib/gitlab/kas_spec.rb index 24d2b03fe2a..bf70b83fb73 100644 --- a/spec/lib/gitlab/kas_spec.rb +++ b/spec/lib/gitlab/kas_spec.rb @@ -65,6 +65,12 @@ RSpec.describe Gitlab::Kas do end end + describe '.tunnel_url' do + it 'returns gitlab_kas external_url with proxy path appended' do + expect(described_class.tunnel_url).to eq(Gitlab.config.gitlab_kas.external_url + '/k8s-proxy') + end + end + describe '.internal_url' do it 'returns gitlab_kas internal_url config' do expect(described_class.internal_url).to eq(Gitlab.config.gitlab_kas.internal_url) diff --git a/spec/lib/gitlab/kubernetes/kubeconfig/entry/cluster_spec.rb b/spec/lib/gitlab/kubernetes/kubeconfig/entry/cluster_spec.rb new file mode 100644 index 00000000000..508808be1be --- /dev/null +++ b/spec/lib/gitlab/kubernetes/kubeconfig/entry/cluster_spec.rb @@ -0,0 +1,23 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Gitlab::Kubernetes::Kubeconfig::Entry::Cluster do + describe '#to_h' do + let(:name) { 'name' } + let(:url) { 'url' } + + subject { described_class.new(name: name, url: url).to_h } + + it { is_expected.to eq({ name: name, cluster: { server: url } }) } + + context 'with a certificate' do + let(:cert) { 'certificate' } + let(:cert_encoded) { Base64.strict_encode64(cert) } + + subject { described_class.new(name: name, url: url, ca_pem: cert).to_h } + + it { is_expected.to eq({ name: name, cluster: { server: url, 'certificate-authority-data': cert_encoded } }) } + end + end +end diff --git a/spec/lib/gitlab/kubernetes/kubeconfig/entry/context_spec.rb b/spec/lib/gitlab/kubernetes/kubeconfig/entry/context_spec.rb new file mode 100644 index 00000000000..43d4c46fda1 --- /dev/null +++ b/spec/lib/gitlab/kubernetes/kubeconfig/entry/context_spec.rb @@ -0,0 +1,23 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Gitlab::Kubernetes::Kubeconfig::Entry::Context do + describe '#to_h' do + let(:name) { 'name' } + let(:user) { 'user' } + let(:cluster) { 'cluster' } + + subject { described_class.new(name: name, user: user, cluster: cluster).to_h } + + it { is_expected.to eq({ name: name, context: { cluster: cluster, user: user } }) } + + context 'with a namespace' do + let(:namespace) { 'namespace' } + + subject { described_class.new(name: name, user: user, cluster: cluster, namespace: namespace).to_h } + + it { is_expected.to eq({ name: name, context: { cluster: cluster, user: user, namespace: namespace } }) } + end + end +end diff --git a/spec/lib/gitlab/kubernetes/kubeconfig/entry/user_spec.rb b/spec/lib/gitlab/kubernetes/kubeconfig/entry/user_spec.rb new file mode 100644 index 00000000000..3d6acc80823 --- /dev/null +++ b/spec/lib/gitlab/kubernetes/kubeconfig/entry/user_spec.rb @@ -0,0 +1,14 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Gitlab::Kubernetes::Kubeconfig::Entry::User do + describe '#to_h' do + let(:name) { 'name' } + let(:token) { 'token' } + + subject { described_class.new(name: name, token: token).to_h } + + it { is_expected.to eq({ name: name, user: { token: token } }) } + end +end diff --git a/spec/lib/gitlab/kubernetes/kubeconfig/template_spec.rb b/spec/lib/gitlab/kubernetes/kubeconfig/template_spec.rb new file mode 100644 index 00000000000..057c4373329 --- /dev/null +++ b/spec/lib/gitlab/kubernetes/kubeconfig/template_spec.rb @@ -0,0 +1,84 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Gitlab::Kubernetes::Kubeconfig::Template do + let(:template) { described_class.new } + + describe '#valid?' do + subject { template.valid? } + + it { is_expected.to be_falsey } + + context 'with configuration added' do + before do + template.add_context(name: 'name', cluster: 'cluster', user: 'user') + end + + it { is_expected.to be_truthy } + end + end + + describe '#to_h' do + subject { described_class.new.to_h } + + it do + is_expected.to eq( + apiVersion: 'v1', + kind: 'Config', + clusters: [], + users: [], + contexts: [] + ) + end + end + + describe '#to_yaml' do + subject { template.to_yaml } + + it { is_expected.to eq(YAML.dump(template.to_h.deep_stringify_keys)) } + end + + describe 'adding entries' do + let(:entry) { instance_double(entry_class, to_h: attributes) } + let(:attributes) do + { name: 'name', other: 'other' } + end + + subject { template.to_h } + + before do + expect(entry_class).to receive(:new).with(attributes).and_return(entry) + end + + describe '#add_cluster' do + let(:entry_class) { Gitlab::Kubernetes::Kubeconfig::Entry::Cluster } + + before do + template.add_cluster(**attributes) + end + + it { is_expected.to include(clusters: [attributes]) } + end + + describe '#add_user' do + let(:entry_class) { Gitlab::Kubernetes::Kubeconfig::Entry::User } + + before do + template.add_user(**attributes) + end + + it { is_expected.to include(users: [attributes]) } + end + + describe '#add_context' do + let(:entry_class) { Gitlab::Kubernetes::Kubeconfig::Entry::Context } + + before do + template.add_context(**attributes) + end + + it { is_expected.to include(contexts: [attributes]) } + end + end +end diff --git a/spec/lib/gitlab/middleware/read_only_spec.rb b/spec/lib/gitlab/middleware/read_only_spec.rb index 00c2cee1ef0..642b47fe087 100644 --- a/spec/lib/gitlab/middleware/read_only_spec.rb +++ b/spec/lib/gitlab/middleware/read_only_spec.rb @@ -5,7 +5,7 @@ require 'spec_helper' RSpec.describe Gitlab::Middleware::ReadOnly do context 'when database is read-only' do before do - allow(Gitlab::Database.main).to receive(:read_only?) { true } + allow(Gitlab::Database).to receive(:read_only?) { true } end it_behaves_like 'write access for a read-only GitLab instance' diff --git a/spec/models/ci/build_spec.rb b/spec/models/ci/build_spec.rb index dca4a4ed0d7..33a88f7c16e 100644 --- a/spec/models/ci/build_spec.rb +++ b/spec/models/ci/build_spec.rb @@ -3151,6 +3151,17 @@ RSpec.describe Ci::Build do end context 'when container registry is enabled' do + let_it_be_with_reload(:project) { create(:project, :public, :repository, group: group) } + + let_it_be_with_reload(:pipeline) do + create(:ci_pipeline, project: project, + sha: project.commit.id, + ref: project.default_branch, + status: 'success') + end + + let_it_be_with_refind(:build) { create(:ci_build, pipeline: pipeline) } + let(:container_registry_enabled) { true } let(:ci_registry) do { key: 'CI_REGISTRY', value: 'registry.example.com', public: true, masked: false } @@ -3162,7 +3173,7 @@ RSpec.describe Ci::Build do context 'and is disabled for project' do before do - project.update!(container_registry_enabled: false) + project.project_feature.update_column(:container_registry_access_level, ProjectFeature::DISABLED) end it { is_expected.to include(ci_registry) } @@ -3171,7 +3182,16 @@ RSpec.describe Ci::Build do context 'and is enabled for project' do before do - project.update!(container_registry_enabled: true) + project.project_feature.update_column(:container_registry_access_level, ProjectFeature::ENABLED) + end + + it { is_expected.to include(ci_registry) } + it { is_expected.to include(ci_registry_image) } + end + + context 'and is private for project' do + before do + project.project_feature.update_column(:container_registry_access_level, ProjectFeature::PRIVATE) end it { is_expected.to include(ci_registry) } diff --git a/spec/models/concerns/deprecated_assignee_spec.rb b/spec/models/concerns/deprecated_assignee_spec.rb index 5ca741cdfdf..630d9ea601f 100644 --- a/spec/models/concerns/deprecated_assignee_spec.rb +++ b/spec/models/concerns/deprecated_assignee_spec.rb @@ -99,7 +99,7 @@ RSpec.describe DeprecatedAssignee do context 'when DB is read-only' do before do - allow(Gitlab::Database.main).to receive(:read_only?) { true } + allow(Gitlab::Database).to receive(:read_only?) { true } end it 'returns a users relation' do @@ -139,7 +139,7 @@ RSpec.describe DeprecatedAssignee do context 'when DB is read-only' do before do - allow(Gitlab::Database.main).to receive(:read_only?) { true } + allow(Gitlab::Database).to receive(:read_only?) { true } end it 'returns a list of user IDs' do diff --git a/spec/models/project_statistics_spec.rb b/spec/models/project_statistics_spec.rb index 48097bb3c94..cb1baa02e96 100644 --- a/spec/models/project_statistics_spec.rb +++ b/spec/models/project_statistics_spec.rb @@ -214,7 +214,7 @@ RSpec.describe ProjectStatistics do context 'when the database is read-only' do it 'does nothing' do - allow(Gitlab::Database.main).to receive(:read_only?) { true } + allow(Gitlab::Database).to receive(:read_only?) { true } expect(statistics).not_to receive(:update_commit_count) expect(statistics).not_to receive(:update_repository_size) diff --git a/spec/models/snippet_statistics_spec.rb b/spec/models/snippet_statistics_spec.rb index e703de453f1..1fb4ed47169 100644 --- a/spec/models/snippet_statistics_spec.rb +++ b/spec/models/snippet_statistics_spec.rb @@ -86,7 +86,7 @@ RSpec.describe SnippetStatistics do context 'when the database is read-only' do it 'does nothing' do - allow(Gitlab::Database.main).to receive(:read_only?) { true } + allow(Gitlab::Database).to receive(:read_only?) { true } expect(statistics).not_to receive(:update_commit_count) expect(statistics).not_to receive(:update_file_count) diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index 8361b523a13..87b3aea178c 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -1466,7 +1466,7 @@ RSpec.describe User do end it 'does not write if the DB is in read-only mode' do - expect(Gitlab::Database.main).to receive(:read_only?).and_return(true) + expect(Gitlab::Database).to receive(:read_only?).and_return(true) expect do user.update_tracked_fields!(request) @@ -2864,7 +2864,7 @@ RSpec.describe User do context 'on a read-only instance' do before do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) end it 'does not block user' do @@ -4968,7 +4968,7 @@ RSpec.describe User do end it 'does not log failed sign-in attempts when in a GitLab read-only instance' do - allow(Gitlab::Database.main).to receive(:read_only?) { true } + allow(Gitlab::Database).to receive(:read_only?) { true } expect { user.increment_failed_attempts! }.not_to change(user, :failed_attempts) end diff --git a/spec/requests/api/graphql/project/merge_requests_spec.rb b/spec/requests/api/graphql/project/merge_requests_spec.rb index 2b5e7b8128d..7fc1ef05fa7 100644 --- a/spec/requests/api/graphql/project/merge_requests_spec.rb +++ b/spec/requests/api/graphql/project/merge_requests_spec.rb @@ -331,7 +331,7 @@ RSpec.describe 'getting merge request listings nested in a project' do before do # Confounding factor: makes DB calls in EE - allow(Gitlab::Database.main).to receive(:read_only?).and_return(false) + allow(Gitlab::Database).to receive(:read_only?).and_return(false) end def query_context diff --git a/spec/requests/api/graphql/read_only_spec.rb b/spec/requests/api/graphql/read_only_spec.rb index 6dddc16d137..d2a45603886 100644 --- a/spec/requests/api/graphql/read_only_spec.rb +++ b/spec/requests/api/graphql/read_only_spec.rb @@ -5,7 +5,7 @@ require 'spec_helper' RSpec.describe 'Requests on a read-only node' do context 'when db is read-only' do before do - allow(Gitlab::Database.main).to receive(:read_only?) { true } + allow(Gitlab::Database).to receive(:read_only?) { true } end it_behaves_like 'graphql on a read-only GitLab instance' diff --git a/spec/requests/lfs_http_spec.rb b/spec/requests/lfs_http_spec.rb index c4d1841ffda..02eb4262690 100644 --- a/spec/requests/lfs_http_spec.rb +++ b/spec/requests/lfs_http_spec.rb @@ -625,7 +625,7 @@ RSpec.describe 'Git LFS API and storage' do subject { post_lfs_json(batch_url(project), body, headers) } before do - allow(Gitlab::Database.main).to receive(:read_only?) { true } + allow(Gitlab::Database).to receive(:read_only?) { true } project.add_maintainer(user) diff --git a/spec/services/ci/create_pipeline_service_spec.rb b/spec/services/ci/create_pipeline_service_spec.rb index 74e3b7cbca1..aec51751868 100644 --- a/spec/services/ci/create_pipeline_service_spec.rb +++ b/spec/services/ci/create_pipeline_service_spec.rb @@ -1328,7 +1328,7 @@ RSpec.describe Ci::CreatePipelineService do end context 'when ref is tag' do - let(:ref_name) { 'refs/tags/v1.1.0' } + let(:ref_name) { 'refs/tags/v1.0.0' } it 'does not create an extrnal pull request pipeline', :aggregate_failures do expect(response).to be_error @@ -1516,7 +1516,7 @@ RSpec.describe Ci::CreatePipelineService do end context 'when ref is tag' do - let(:ref_name) { 'refs/tags/v1.1.0' } + let(:ref_name) { 'refs/tags/v1.0.0' } it 'does not create a merge request pipeline', :aggregate_failures do expect(response).to be_error diff --git a/spec/services/merge_requests/mergeability_check_service_spec.rb b/spec/services/merge_requests/mergeability_check_service_spec.rb index 8300d0383c1..65599b7e046 100644 --- a/spec/services/merge_requests/mergeability_check_service_spec.rb +++ b/spec/services/merge_requests/mergeability_check_service_spec.rb @@ -89,7 +89,7 @@ RSpec.describe MergeRequests::MergeabilityCheckService, :clean_gitlab_redis_shar context 'when read-only DB' do before do - allow(Gitlab::Database.main).to receive(:read_only?) { true } + allow(Gitlab::Database).to receive(:read_only?) { true } end it_behaves_like 'no job is enqueued' @@ -260,7 +260,7 @@ RSpec.describe MergeRequests::MergeabilityCheckService, :clean_gitlab_redis_shar context 'when read-only DB' do it 'returns ServiceResponse.error' do - allow(Gitlab::Database.main).to receive(:read_only?) { true } + allow(Gitlab::Database).to receive(:read_only?) { true } result = subject diff --git a/spec/services/packages/create_event_service_spec.rb b/spec/services/packages/create_event_service_spec.rb index 6978cf3ec32..122f1e88ad0 100644 --- a/spec/services/packages/create_event_service_spec.rb +++ b/spec/services/packages/create_event_service_spec.rb @@ -46,7 +46,7 @@ RSpec.describe Packages::CreateEventService do context 'on a read-only instance' do before do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) end it 'does not create an event' do diff --git a/spec/services/personal_access_tokens/last_used_service_spec.rb b/spec/services/personal_access_tokens/last_used_service_spec.rb index 729b631b816..6fc74e27dd9 100644 --- a/spec/services/personal_access_tokens/last_used_service_spec.rb +++ b/spec/services/personal_access_tokens/last_used_service_spec.rb @@ -14,7 +14,7 @@ RSpec.describe PersonalAccessTokens::LastUsedService do end it 'does not run on read-only GitLab instances' do - allow(::Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(::Gitlab::Database).to receive(:read_only?).and_return(true) expect { subject }.not_to change { personal_access_token.last_used_at } end diff --git a/spec/services/repositories/destroy_service_spec.rb b/spec/services/repositories/destroy_service_spec.rb index cba1a5f54c3..240f837e973 100644 --- a/spec/services/repositories/destroy_service_spec.rb +++ b/spec/services/repositories/destroy_service_spec.rb @@ -37,7 +37,7 @@ RSpec.describe Repositories::DestroyService do context 'on a read-only instance' do before do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) end it 'schedules the repository deletion' do diff --git a/spec/services/users/activity_service_spec.rb b/spec/services/users/activity_service_spec.rb index 9af710e3e4f..cfafa9eff45 100644 --- a/spec/services/users/activity_service_spec.rb +++ b/spec/services/users/activity_service_spec.rb @@ -66,7 +66,7 @@ RSpec.describe Users::ActivityService do let(:last_activity_on) { nil } before do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) end it 'does not update last_activity_on' do diff --git a/spec/support/shared_examples/controllers/issuable_notes_filter_shared_examples.rb b/spec/support/shared_examples/controllers/issuable_notes_filter_shared_examples.rb index c377fa992d8..a4eb6a839c0 100644 --- a/spec/support/shared_examples/controllers/issuable_notes_filter_shared_examples.rb +++ b/spec/support/shared_examples/controllers/issuable_notes_filter_shared_examples.rb @@ -36,7 +36,7 @@ RSpec.shared_examples 'issuable notes filter' do end it 'does not set notes filter when database is in read-only mode' do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) notes_filter = UserPreference::NOTES_FILTERS[:only_comments] get :discussions, params: params.merge(notes_filter: notes_filter) diff --git a/spec/support/shared_examples/controllers/set_sort_order_from_user_preference_shared_examples.rb b/spec/support/shared_examples/controllers/set_sort_order_from_user_preference_shared_examples.rb index 421886d8da8..9b5f957d489 100644 --- a/spec/support/shared_examples/controllers/set_sort_order_from_user_preference_shared_examples.rb +++ b/spec/support/shared_examples/controllers/set_sort_order_from_user_preference_shared_examples.rb @@ -7,7 +7,7 @@ RSpec.shared_examples 'set sort order from user preference' do context 'when database is in read-only mode' do it 'does not update user preference' do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) expect_any_instance_of(UserPreference).not_to receive(:update).with({ controller.send(:sorting_field) => sorting_param }) @@ -17,7 +17,7 @@ RSpec.shared_examples 'set sort order from user preference' do context 'when database is not in read-only mode' do it 'updates user preference' do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(false) + allow(Gitlab::Database).to receive(:read_only?).and_return(false) expect_any_instance_of(UserPreference).to receive(:update).with({ controller.send(:sorting_field) => sorting_param }) diff --git a/spec/support/shared_examples/lib/gitlab/middleware/read_only_gitlab_instance_shared_examples.rb b/spec/support/shared_examples/lib/gitlab/middleware/read_only_gitlab_instance_shared_examples.rb index f27f907a240..0a07a56d417 100644 --- a/spec/support/shared_examples/lib/gitlab/middleware/read_only_gitlab_instance_shared_examples.rb +++ b/spec/support/shared_examples/lib/gitlab/middleware/read_only_gitlab_instance_shared_examples.rb @@ -212,7 +212,7 @@ RSpec.shared_examples 'write access for a read-only GitLab instance' do let(:content_json) { { 'CONTENT_TYPE' => 'application/json' } } before do - allow(Gitlab::Database.main).to receive(:read_only?) { true } + allow(Gitlab::Database).to receive(:read_only?) { true } end it 'expects PATCH requests to be disallowed' do diff --git a/spec/support/shared_examples/services/boards/create_service_shared_examples.rb b/spec/support/shared_examples/services/boards/create_service_shared_examples.rb index d899236d19a..63b5e3a5a84 100644 --- a/spec/support/shared_examples/services/boards/create_service_shared_examples.rb +++ b/spec/support/shared_examples/services/boards/create_service_shared_examples.rb @@ -12,7 +12,7 @@ RSpec.shared_examples 'boards recent visit create service' do end it 'returns nil when database is read only' do - allow(Gitlab::Database.main).to receive(:read_only?) { true } + allow(Gitlab::Database).to receive(:read_only?) { true } expect(service.execute(board)).to be_nil end diff --git a/spec/support/shared_examples/services/container_registry_auth_service_shared_examples.rb b/spec/support/shared_examples/services/container_registry_auth_service_shared_examples.rb index e514afee04f..04596319f38 100644 --- a/spec/support/shared_examples/services/container_registry_auth_service_shared_examples.rb +++ b/spec/support/shared_examples/services/container_registry_auth_service_shared_examples.rb @@ -203,9 +203,7 @@ RSpec.shared_examples 'a container registry auth service' do end end - context 'for private project' do - let_it_be(:project) { create(:project) } - + shared_examples 'private project' do context 'allow to use scope-less authentication' do it_behaves_like 'a valid token' end @@ -345,8 +343,20 @@ RSpec.shared_examples 'a container registry auth service' do end end - context 'for public project' do - let_it_be(:project) { create(:project, :public) } + context 'for private project' do + let_it_be_with_reload(:project) { create(:project) } + + it_behaves_like 'private project' + end + + context 'for public project with private container registry' do + let_it_be_with_reload(:project) { create(:project, :public, :container_registry_private) } + + it_behaves_like 'private project' + end + + context 'for public project with container_registry `enabled`' do + let_it_be(:project) { create(:project, :public, :container_registry_enabled) } context 'allow anyone to pull images' do let(:current_params) do @@ -394,8 +404,8 @@ RSpec.shared_examples 'a container registry auth service' do end end - context 'for internal project' do - let_it_be(:project) { create(:project, :internal) } + context 'for internal project with container_registry `enabled`' do + let_it_be(:project) { create(:project, :internal, :container_registry_enabled) } context 'for internal user' do context 'allow anyone to pull images' do @@ -470,6 +480,12 @@ RSpec.shared_examples 'a container registry auth service' do end end end + + context 'for internal project with private container registry' do + let_it_be_with_reload(:project) { create(:project, :internal, :container_registry_private) } + + it_behaves_like 'private project' + end end context 'delete authorized as maintainer' do @@ -630,12 +646,8 @@ RSpec.shared_examples 'a container registry auth service' do end end - context 'for project with private container registry' do - let_it_be(:project, reload: true) { create(:project, :public) } - - before do - project.project_feature.update!(container_registry_access_level: ProjectFeature::PRIVATE) - end + context 'for public project with private container registry' do + let_it_be_with_reload(:project) { create(:project, :public, :container_registry_private) } it_behaves_like 'pullable for being team member' @@ -675,11 +687,7 @@ RSpec.shared_examples 'a container registry auth service' do end context 'for project without container registry' do - let_it_be(:project) { create(:project, :public, container_registry_enabled: false) } - - before do - project.update!(container_registry_enabled: false) - end + let_it_be_with_reload(:project) { create(:project, :public, :container_registry_disabled) } context 'disallow when pulling' do let(:current_params) do @@ -719,12 +727,16 @@ RSpec.shared_examples 'a container registry auth service' do context 'support for multiple scopes' do let_it_be(:internal_project) { create(:project, :internal) } let_it_be(:private_project) { create(:project, :private) } + let_it_be(:public_project) { create(:project, :public) } + let_it_be(:public_project_private_container_registry) { create(:project, :public, :container_registry_private) } let(:current_params) do { scopes: [ "repository:#{internal_project.full_path}:pull", - "repository:#{private_project.full_path}:pull" + "repository:#{private_project.full_path}:pull", + "repository:#{public_project.full_path}:pull", + "repository:#{public_project_private_container_registry.full_path}:pull" ] } end @@ -744,13 +756,19 @@ RSpec.shared_examples 'a container registry auth service' do 'actions' => ['pull'] }, { 'type' => 'repository', 'name' => private_project.full_path, + 'actions' => ['pull'] }, + { 'type' => 'repository', + 'name' => public_project.full_path, + 'actions' => ['pull'] }, + { 'type' => 'repository', + 'name' => public_project_private_container_registry.full_path, 'actions' => ['pull'] } ] end end end - context 'user only has access to internal project' do + context 'user only has access to internal and public projects' do let_it_be(:current_user) { create(:user) } it_behaves_like 'a browsable' do @@ -758,16 +776,35 @@ RSpec.shared_examples 'a container registry auth service' do [ { 'type' => 'repository', 'name' => internal_project.full_path, + 'actions' => ['pull'] }, + { 'type' => 'repository', + 'name' => public_project.full_path, 'actions' => ['pull'] } ] end end end - context 'anonymous access is rejected' do + context 'anonymous user has access only to public project' do let(:current_user) { nil } - it_behaves_like 'a forbidden' + it_behaves_like 'a browsable' do + let(:access) do + [ + { 'type' => 'repository', + 'name' => public_project.full_path, + 'actions' => ['pull'] } + ] + end + end + + context 'with no public container registry' do + before do + public_project.project_feature.update_column(:container_registry_access_level, ProjectFeature::PRIVATE) + end + + it_behaves_like 'a forbidden' + end end end @@ -796,8 +833,8 @@ RSpec.shared_examples 'a container registry auth service' do it_behaves_like 'a forbidden' end - context 'for public project' do - let_it_be(:project) { create(:project, :public) } + context 'for public project with container registry `enabled`' do + let_it_be_with_reload(:project) { create(:project, :public, :container_registry_enabled) } context 'when pulling and pushing' do let(:current_params) do @@ -818,6 +855,19 @@ RSpec.shared_examples 'a container registry auth service' do end end + context 'for public project with container registry `private`' do + let_it_be_with_reload(:project) { create(:project, :public, :container_registry_private) } + + context 'when pulling and pushing' do + let(:current_params) do + { scopes: ["repository:#{project.full_path}:pull,push"] } + end + + it_behaves_like 'a forbidden' + it_behaves_like 'not a container repository factory' + end + end + context 'for registry catalog' do let(:current_params) do { scopes: ["registry:catalog:*"] } @@ -898,6 +948,24 @@ RSpec.shared_examples 'a container registry auth service' do it_behaves_like 'able to login' end + + context 'for public project with private container registry' do + let_it_be_with_reload(:project) { create(:project, :public, :container_registry_private) } + + context 'when pulling' do + it_behaves_like 'a pullable' + end + + context 'when pushing' do + let(:current_params) do + { scopes: ["repository:#{project.full_path}:push"], deploy_token: deploy_token } + end + + it_behaves_like 'a pushable' + end + + it_behaves_like 'able to login' + end end context 'when deploy token does not have read_registry scope' do @@ -919,8 +987,8 @@ RSpec.shared_examples 'a container registry auth service' do end end - context 'for public project' do - let_it_be(:project) { create(:project, :public) } + context 'for public project with container registry `enabled`' do + let_it_be_with_reload(:project) { create(:project, :public, :container_registry_enabled) } context 'when pulling' do it_behaves_like 'a pullable' @@ -929,6 +997,16 @@ RSpec.shared_examples 'a container registry auth service' do it_behaves_like 'unable to login' end + context 'for public project with container registry `private`' do + let_it_be_with_reload(:project) { create(:project, :public, :container_registry_private) } + + context 'when pulling' do + it_behaves_like 'an inaccessible' + end + + it_behaves_like 'unable to login' + end + context 'for internal project' do let_it_be(:project) { create(:project, :internal) } @@ -960,14 +1038,22 @@ RSpec.shared_examples 'a container registry auth service' do context 'when deploy token is not related to the project' do let_it_be(:deploy_token) { create(:deploy_token, read_registry: false) } - context 'for public project' do - let_it_be(:project) { create(:project, :public) } + context 'for public project with container registry `enabled`' do + let_it_be_with_reload(:project) { create(:project, :public, :container_registry_enabled) } context 'when pulling' do it_behaves_like 'a pullable' end end + context 'for public project with container registry `private`' do + let_it_be_with_reload(:project) { create(:project, :public, :container_registry_private) } + + context 'when pulling' do + it_behaves_like 'an inaccessible' + end + end + context 'for internal project' do let_it_be(:project) { create(:project, :internal) } @@ -988,12 +1074,18 @@ RSpec.shared_examples 'a container registry auth service' do context 'when deploy token has been revoked' do let(:deploy_token) { create(:deploy_token, :revoked, projects: [project]) } - context 'for public project' do - let_it_be(:project) { create(:project, :public) } + context 'for public project with container registry `enabled`' do + let_it_be(:project) { create(:project, :public, :container_registry_enabled) } it_behaves_like 'a pullable' end + context 'for public project with container registry `private`' do + let_it_be(:project) { create(:project, :public, :container_registry_private) } + + it_behaves_like 'an inaccessible' + end + context 'for internal project' do let_it_be(:project) { create(:project, :internal) } diff --git a/spec/support/shared_examples/workers/concerns/git_garbage_collect_methods_shared_examples.rb b/spec/support/shared_examples/workers/concerns/git_garbage_collect_methods_shared_examples.rb index 27ee1f799a4..f2314793cb4 100644 --- a/spec/support/shared_examples/workers/concerns/git_garbage_collect_methods_shared_examples.rb +++ b/spec/support/shared_examples/workers/concerns/git_garbage_collect_methods_shared_examples.rb @@ -39,7 +39,7 @@ RSpec.shared_examples 'can collect git garbage' do |update_statistics: true| end it 'does nothing if the database is read-only' do - allow(Gitlab::Database.main).to receive(:read_only?) { true } + allow(Gitlab::Database).to receive(:read_only?) { true } expect(statistics_service_klass).not_to receive(:new) diff --git a/spec/tasks/gitlab/storage_rake_spec.rb b/spec/tasks/gitlab/storage_rake_spec.rb index 0fd9071aa6b..570f67c8bb7 100644 --- a/spec/tasks/gitlab/storage_rake_spec.rb +++ b/spec/tasks/gitlab/storage_rake_spec.rb @@ -48,7 +48,7 @@ RSpec.describe 'rake gitlab:storage:*', :silence_stdout do shared_examples "make sure database is writable" do context 'read-only database' do it 'does nothing' do - expect(Gitlab::Database.main).to receive(:read_only?).and_return(true) + expect(Gitlab::Database).to receive(:read_only?).and_return(true) expect(Project).not_to receive(:with_unmigrated_storage) diff --git a/spec/workers/pages_domain_verification_cron_worker_spec.rb b/spec/workers/pages_domain_verification_cron_worker_spec.rb index a7e5d02a743..01eaf984c90 100644 --- a/spec/workers/pages_domain_verification_cron_worker_spec.rb +++ b/spec/workers/pages_domain_verification_cron_worker_spec.rb @@ -11,7 +11,7 @@ RSpec.describe PagesDomainVerificationCronWorker do let!(:disabled) { create(:pages_domain, :disabled) } it 'does nothing if the database is read-only' do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) expect(PagesDomainVerificationWorker).not_to receive(:perform_async).with(reverify.id) worker.perform diff --git a/spec/workers/pages_domain_verification_worker_spec.rb b/spec/workers/pages_domain_verification_worker_spec.rb index c9a4b7a97b4..6d2f9ee2f8d 100644 --- a/spec/workers/pages_domain_verification_worker_spec.rb +++ b/spec/workers/pages_domain_verification_worker_spec.rb @@ -9,7 +9,7 @@ RSpec.describe PagesDomainVerificationWorker do describe '#perform' do it 'does nothing if the database is read-only' do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) expect(PagesDomain).not_to receive(:find_by).with(id: domain.id) worker.perform(domain.id) diff --git a/spec/workers/projects/git_garbage_collect_worker_spec.rb b/spec/workers/projects/git_garbage_collect_worker_spec.rb index 10525cf217b..7b54d7df4b2 100644 --- a/spec/workers/projects/git_garbage_collect_worker_spec.rb +++ b/spec/workers/projects/git_garbage_collect_worker_spec.rb @@ -67,7 +67,7 @@ RSpec.describe Projects::GitGarbageCollectWorker do end it 'does nothing if the database is read-only' do - allow(Gitlab::Database.main).to receive(:read_only?) { true } + allow(Gitlab::Database).to receive(:read_only?) { true } expect(Gitlab::Cleanup::OrphanLfsFileReferences).not_to receive(:new) subject.perform(*params) diff --git a/spec/workers/schedule_merge_request_cleanup_refs_worker_spec.rb b/spec/workers/schedule_merge_request_cleanup_refs_worker_spec.rb index 345b3f31353..ef515e43474 100644 --- a/spec/workers/schedule_merge_request_cleanup_refs_worker_spec.rb +++ b/spec/workers/schedule_merge_request_cleanup_refs_worker_spec.rb @@ -7,7 +7,7 @@ RSpec.describe ScheduleMergeRequestCleanupRefsWorker do describe '#perform' do it 'does nothing if the database is read-only' do - allow(Gitlab::Database.main).to receive(:read_only?).and_return(true) + allow(Gitlab::Database).to receive(:read_only?).and_return(true) expect(MergeRequestCleanupRefsWorker).not_to receive(:perform_with_capacity) worker.perform |