From 8015f09545c35b833f4955fc2e0b8f1a3214cbcb Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Tue, 24 May 2022 18:09:18 +0000 Subject: [PATCH] Add latest changes from gitlab-org/gitlab@master --- GITALY_SERVER_VERSION | 2 +- .../account/components/update_username.vue | 5 +- app/assets/stylesheets/framework/forms.scss | 1 + .../stylesheets/framework/timeline.scss | 2 +- .../stylesheets/page_bundles/issues_show.scss | 25 ++- app/assets/stylesheets/pages/note_form.scss | 8 + app/assets/stylesheets/pages/notes.scss | 4 +- .../force_no_sharing_primary_model.yml | 8 - config/mail_room.yml | 1 + data/deprecations/14-9-background-upload.yml | 2 +- ...expirable_unknown_artifacts_for_removal.rb | 17 ++ ...3171107_drop_deploy_tokens_token_column.rb | 20 +++ db/schema_migrations/20220510192117 | 1 + db/schema_migrations/20220523171107 | 1 + db/structure.sql | 5 - doc/administration/pages/index.md | 89 ---------- .../reference_architectures/10k_users.md | 12 +- .../reference_architectures/25k_users.md | 12 +- .../reference_architectures/2k_users.md | 4 +- .../reference_architectures/3k_users.md | 12 +- .../reference_architectures/50k_users.md | 12 +- .../reference_architectures/5k_users.md | 12 +- doc/update/deprecations.md | 2 +- lib/api/internal/mail_room.rb | 4 + lib/gitlab/database.rb | 5 +- .../database/load_balancing/configuration.rb | 59 +------ .../database/load_balancing/load_balancer.rb | 8 +- .../query_analyzers/gitlab_schemas_metrics.rb | 8 +- .../metrics/samplers/database_sampler.rb | 2 +- package.json | 4 +- spec/factories/merge_requests.rb | 4 - spec/factories/sequences.rb | 1 - .../gl-secret-detection-report.json | 2 +- .../master/gl-sast-missing-scanner.json | 2 +- .../master/gl-secret-detection-report.json | 2 +- .../toolbar_link_button_spec.js.snap | 16 +- .../components/app_spec.js | 2 +- .../components/update_username_spec.js | 2 +- .../new_project_push_tip_popover_spec.js | 2 +- .../__snapshots__/clone_dropdown_spec.js.snap | 118 +++++++------- .../parsers/security/secret_detection_spec.rb | 2 +- .../load_balancing/configuration_spec.rb | 61 +------ .../load_balancing/load_balancer_spec.rb | 40 ----- .../database/load_balancing/setup_spec.rb | 153 ++++++------------ .../gitlab_schemas_metrics_spec.rb | 73 +-------- spec/lib/gitlab/database_spec.rb | 17 +- spec/lib/gitlab/mail_room/mail_room_spec.rb | 2 + .../metrics/samplers/database_sampler_spec.rb | 4 +- spec/lib/marginalia_spec.rb | 2 +- ...07_drop_deploy_tokens_token_column_spec.rb | 22 +++ spec/models/merge_request_spec.rb | 105 ++++++------ spec/requests/api/internal/mail_room_spec.rb | 24 +++ spec/spec_helper.rb | 10 -- workhorse/go.mod | 2 +- workhorse/go.sum | 4 +- .../destination/objectstore/s3_session.go | 7 +- yarn.lock | 16 +- 57 files changed, 361 insertions(+), 681 deletions(-) delete mode 100644 config/feature_flags/development/force_no_sharing_primary_model.yml create mode 100644 db/post_migrate/20220510192117_index_expirable_unknown_artifacts_for_removal.rb create mode 100644 db/post_migrate/20220523171107_drop_deploy_tokens_token_column.rb create mode 100644 db/schema_migrations/20220510192117 create mode 100644 db/schema_migrations/20220523171107 create mode 100644 spec/migrations/20220523171107_drop_deploy_tokens_token_column_spec.rb diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION index 92794927e8c..4e5792f82a5 100644 --- a/GITALY_SERVER_VERSION +++ b/GITALY_SERVER_VERSION @@ -1 +1 @@ -b2c8eaa672c9f2dc4b55477a3876f957e2c9a768 +5aa9d4d29c49ebe427a4a895158e195725cda2da diff --git a/app/assets/javascripts/profile/account/components/update_username.vue b/app/assets/javascripts/profile/account/components/update_username.vue index 45a6130826d..c99133fd251 100644 --- a/app/assets/javascripts/profile/account/components/update_username.vue +++ b/app/assets/javascripts/profile/account/components/update_username.vue @@ -60,7 +60,7 @@ Please update your Git repository remotes as soon as possible.`), return { text: __('Update username'), attributes: [ - { variant: 'warning' }, + { variant: 'confirm' }, { category: 'primary' }, { disabled: this.isRequestPending }, ], @@ -127,8 +127,7 @@ Please update your Git repository remotes as soon as possible.`), v-gl-modal-directive="$options.modalId" :disabled="newUsername === username" :loading="isRequestPending" - category="primary" - variant="warning" + variant="confirm" data-testid="username-change-confirmation-modal" >{{ $options.buttonText }} diff --git a/app/assets/stylesheets/framework/forms.scss b/app/assets/stylesheets/framework/forms.scss index fd20dfa3539..bba995a6de3 100644 --- a/app/assets/stylesheets/framework/forms.scss +++ b/app/assets/stylesheets/framework/forms.scss @@ -110,6 +110,7 @@ label { } &:focus { + border-color: $gray-400; @include gl-focus; } } diff --git a/app/assets/stylesheets/framework/timeline.scss b/app/assets/stylesheets/framework/timeline.scss index 9b38e842635..086b83b13e0 100644 --- a/app/assets/stylesheets/framework/timeline.scss +++ b/app/assets/stylesheets/framework/timeline.scss @@ -49,7 +49,7 @@ } img.avatar { - margin-right: $gl-padding; + margin-right: $gl-padding-12; @include media-breakpoint-down(sm) { width: $gl-spacing-scale-6; diff --git a/app/assets/stylesheets/page_bundles/issues_show.scss b/app/assets/stylesheets/page_bundles/issues_show.scss index 63b0bcc0c7f..ade649faaae 100644 --- a/app/assets/stylesheets/page_bundles/issues_show.scss +++ b/app/assets/stylesheets/page_bundles/issues_show.scss @@ -22,9 +22,10 @@ inset-inline-start: 1rem; } - /* The inside bullet aligns itself to the bottom, which we see when text to its right wraps. - * We fix this by aligning it to the top. Targeting ::marker doesn't seem to work. */ - > * { + /* The inside bullet aligns itself to the bottom, which we see when text to the right of + * a multi-line list item wraps. We fix this by aligning it to the top, and excluding + * other elements adversely affected by this. Targeting ::marker doesn't seem to work. */ + > *:not(code):not(input):not(.gl-label) { vertical-align: top; } @@ -38,7 +39,23 @@ /* We fix the other paragraphs not indenting to the * right of the bullet due to the inside bullet. */ - > :not(p:first-of-type):not(.drag-icon):not(.task-list-item-checkbox):not(.gfm-issue):not(.js-add-task) { + p ~ a, + p ~ blockquote, + p ~ code, + p ~ details, + p ~ dl, + p ~ h1, + p ~ h2, + p ~ h3, + p ~ h4, + p ~ h5, + p ~ h6, + p ~ hr, + p ~ ol, + p ~ p, + p ~ table:not(.code), /* We need :not(.code) to override typography.scss */ + p ~ ul, + p ~ .markdown-code-block { margin-inline-start: 1rem; } } diff --git a/app/assets/stylesheets/pages/note_form.scss b/app/assets/stylesheets/pages/note_form.scss index 4736d441a4b..645f145328b 100644 --- a/app/assets/stylesheets/pages/note_form.scss +++ b/app/assets/stylesheets/pages/note_form.scss @@ -77,6 +77,10 @@ } } +.md-area:focus-within { + @include gl-focus; +} + .md-header .nav-links { display: flex; flex-flow: row wrap; @@ -427,7 +431,11 @@ table { } .comment-warning-wrapper { + transition: border-color ease-in-out 0.15s, + box-shadow ease-in-out 0.15s; + .md-area { border: 0; + box-shadow: none; } } diff --git a/app/assets/stylesheets/pages/notes.scss b/app/assets/stylesheets/pages/notes.scss index 18a878214e7..34da1cdc86b 100644 --- a/app/assets/stylesheets/pages/notes.scss +++ b/app/assets/stylesheets/pages/notes.scss @@ -199,6 +199,7 @@ $system-note-svg-size: 16px; } .note-body { + padding: $gl-padding-4; overflow-x: auto; overflow-y: hidden; @@ -615,6 +616,7 @@ $system-note-svg-size: 16px; .note-header-info { min-width: 0; + padding-left: $gl-padding-4; &.discussion { padding-bottom: 0; @@ -623,7 +625,7 @@ $system-note-svg-size: 16px; .note-header-info, .note-actions { - padding-bottom: $gl-padding-8; + padding-bottom: $gl-padding-4; } .system-note .note-header-info { diff --git a/config/feature_flags/development/force_no_sharing_primary_model.yml b/config/feature_flags/development/force_no_sharing_primary_model.yml deleted file mode 100644 index 5732f39fdee..00000000000 --- a/config/feature_flags/development/force_no_sharing_primary_model.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -name: force_no_sharing_primary_model -introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/76188 -rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/347286 -milestone: '14.8' -type: development -group: group::sharding -default_enabled: false diff --git a/config/mail_room.yml b/config/mail_room.yml index 49cb765ebe6..1e76f5e9875 100644 --- a/config/mail_room.yml +++ b/config/mail_room.yml @@ -46,6 +46,7 @@ :delivery_method: postback :delivery_options: :delivery_url: <%= config[:gitlab_url] %>/api/v4/internal/mail_room/<%= key %> + :content_type: text/plain :jwt_auth_header: <%= Gitlab::MailRoom::INTERNAL_API_REQUEST_HEADER %> :jwt_issuer: <%= Gitlab::MailRoom::INTERNAL_API_REQUEST_JWT_ISSUER %> :jwt_algorithm: "HS256" diff --git a/data/deprecations/14-9-background-upload.yml b/data/deprecations/14-9-background-upload.yml index 337d5f89c77..ae9b1bd9a4a 100644 --- a/data/deprecations/14-9-background-upload.yml +++ b/data/deprecations/14-9-background-upload.yml @@ -6,7 +6,7 @@ breaking_change: true reporter: fzimmer body: | # Do not modify this line, instead modify the lines below. - To reduce the overall complexity and maintenance burden of GitLab's [object storage feature](https://docs.gitlab.com/ee/administration/object_storage.html), support for using `background_upload` to upload files is deprecated and will be fully removed in GitLab 15.0. + To reduce the overall complexity and maintenance burden of GitLab's [object storage feature](https://docs.gitlab.com/ee/administration/object_storage.html), support for using `background_upload` to upload files is deprecated and will be fully removed in GitLab 15.0. Review the [15.0 specific changes](https://docs.gitlab.com/omnibus/update/gitlab_15_changes.html) for the [removed background uploads settings for object storage](https://docs.gitlab.com/omnibus/update/gitlab_15_changes.html#removed-background-uploads-settings-for-object-storage). This impacts a small subset of object storage providers: diff --git a/db/post_migrate/20220510192117_index_expirable_unknown_artifacts_for_removal.rb b/db/post_migrate/20220510192117_index_expirable_unknown_artifacts_for_removal.rb new file mode 100644 index 00000000000..3e25ca6c7b9 --- /dev/null +++ b/db/post_migrate/20220510192117_index_expirable_unknown_artifacts_for_removal.rb @@ -0,0 +1,17 @@ +# frozen_string_literal: true + +class IndexExpirableUnknownArtifactsForRemoval < Gitlab::Database::Migration[2.0] + disable_ddl_transaction! + + TABLE_NAME = 'ci_job_artifacts' + INDEX_NAME = 'tmp_index_ci_job_artifacts_on_expire_at_where_locked_unknown' + CONDITIONS = 'locked = 2 AND expire_at IS NOT NULL' + + def up + prepare_async_index TABLE_NAME, [:expire_at, :job_id], name: INDEX_NAME, where: CONDITIONS + end + + def down + unprepare_async_index_by_name TABLE_NAME, INDEX_NAME + end +end diff --git a/db/post_migrate/20220523171107_drop_deploy_tokens_token_column.rb b/db/post_migrate/20220523171107_drop_deploy_tokens_token_column.rb new file mode 100644 index 00000000000..79a145bc466 --- /dev/null +++ b/db/post_migrate/20220523171107_drop_deploy_tokens_token_column.rb @@ -0,0 +1,20 @@ +# frozen_string_literal: true + +class DropDeployTokensTokenColumn < Gitlab::Database::Migration[2.0] + disable_ddl_transaction! + + COMPOSITE_INDEX_NAME = 'index_deploy_tokens_on_token_and_expires_at_and_id' + + def up + remove_column :deploy_tokens, :token + end + + def down + unless column_exists?(:deploy_tokens, :token) + add_column :deploy_tokens, :token, :string + end + + add_concurrent_index(:deploy_tokens, :token, unique: true) + add_concurrent_index(:deploy_tokens, %i[token expires_at id], where: 'revoked IS FALSE', name: COMPOSITE_INDEX_NAME) + end +end diff --git a/db/schema_migrations/20220510192117 b/db/schema_migrations/20220510192117 new file mode 100644 index 00000000000..949b14b83e5 --- /dev/null +++ b/db/schema_migrations/20220510192117 @@ -0,0 +1 @@ +bb3c52967d818984d1f5350c8fefa6e83e38f2c105e89ebd7ceb39f59587f2b2 \ No newline at end of file diff --git a/db/schema_migrations/20220523171107 b/db/schema_migrations/20220523171107 new file mode 100644 index 00000000000..470edcb4633 --- /dev/null +++ b/db/schema_migrations/20220523171107 @@ -0,0 +1 @@ +5b21dda35554a77388dae289e24df405852ae60bb5947edd061bc3dc595b000d \ No newline at end of file diff --git a/db/structure.sql b/db/structure.sql index 81b3a555ab9..91b8149e38c 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -14350,7 +14350,6 @@ CREATE TABLE deploy_tokens ( expires_at timestamp with time zone NOT NULL, created_at timestamp with time zone NOT NULL, name character varying NOT NULL, - token character varying, username character varying, token_encrypted character varying(255), deploy_token_type smallint DEFAULT 2 NOT NULL, @@ -27634,10 +27633,6 @@ CREATE INDEX index_deploy_keys_projects_on_project_id ON deploy_keys_projects US CREATE INDEX index_deploy_tokens_on_creator_id ON deploy_tokens USING btree (creator_id); -CREATE UNIQUE INDEX index_deploy_tokens_on_token ON deploy_tokens USING btree (token); - -CREATE INDEX index_deploy_tokens_on_token_and_expires_at_and_id ON deploy_tokens USING btree (token, expires_at, id) WHERE (revoked IS FALSE); - CREATE UNIQUE INDEX index_deploy_tokens_on_token_encrypted ON deploy_tokens USING btree (token_encrypted); CREATE INDEX index_deployment_approvals_on_approval_rule_id ON deployment_approvals USING btree (approval_rule_id); diff --git a/doc/administration/pages/index.md b/doc/administration/pages/index.md index 375bf00389d..8734775dffc 100644 --- a/doc/administration/pages/index.md +++ b/doc/administration/pages/index.md @@ -257,7 +257,6 @@ control over how the Pages daemon runs and serves content in your environment. | `auth_scope` | The OAuth application scope to use for authentication. Must match GitLab Pages OAuth application settings. Leave blank to use `api` scope by default. | | `gitlab_server` | Server to use for authentication when access control is enabled; defaults to GitLab `external_url`. | | `headers` | Specify any additional http headers that should be sent to the client with each response. Multiple headers can be given as an array, header and value as one string, for example `['my-header: myvalue', 'my-other-header: my-other-value']` | -| `inplace_chroot` | [REMOVED in GitLab 14.3.](https://gitlab.com/gitlab-org/gitlab-pages/-/issues/561) On [systems that don't support bind-mounts](index.md#gitlab-pages-fails-to-start-in-docker-container), this instructs GitLab Pages to `chroot` into its `pages_path` directory. Some caveats exist when using in-place `chroot`; refer to the GitLab Pages [README](https://gitlab.com/gitlab-org/gitlab-pages/blob/master/README.md#caveats) for more information. | | `enable_disk` | Allows the GitLab Pages daemon to serve content from disk. Shall be disabled if shared disk storage isn't available. | | `insecure_ciphers` | Use default list of cipher suites, may contain insecure ones like 3DES and RC4. | | `internal_gitlab_server` | Internal GitLab server address used exclusively for API requests. Useful if you want to send that traffic over an internal load balancer. Defaults to GitLab `external_url`. | @@ -1208,72 +1207,6 @@ sudo gitlab-ctl tail gitlab-pages You can also find the log file in `/var/log/gitlab/gitlab-pages/current`. -### `open /etc/ssl/ca-bundle.pem: permission denied` - -WARNING: -This issue is fixed in GitLab 14.3 and above, try upgrading GitLab first. - -GitLab Pages runs inside a `chroot` jail, usually in a uniquely numbered directory like -`/tmp/gitlab-pages-*`. - -In the jail, a bundle of trusted certificates is -provided at `/etc/ssl/ca-bundle.pem`. It's -[copied there](https://gitlab.com/gitlab-org/gitlab-pages/-/merge_requests/51) -from `/opt/gitlab/embedded/ssl/certs/cacert.pem` -as part of starting up Pages. - -If the permissions on the source file are incorrect (they should be `0644`), then -the file inside the `chroot` jail is also wrong. - -Pages logs errors in `/var/log/gitlab/gitlab-pages/current` like: - -```plaintext -x509: failed to load system roots and no roots provided -open /etc/ssl/ca-bundle.pem: permission denied -``` - -The use of a `chroot` jail makes this error misleading, as it is not -referring to `/etc/ssl` on the root file system. - -The fix is to correct the source file permissions and restart Pages: - -```shell -sudo chmod 644 /opt/gitlab/embedded/ssl/certs/cacert.pem -sudo gitlab-ctl restart gitlab-pages -``` - -### `dial tcp: lookup gitlab.example.com` and `x509: certificate signed by unknown authority` - -WARNING: -This issue is fixed in GitLab 14.3 and above, try upgrading GitLab first. - -When setting both `inplace_chroot` and `access_control` to `true`, you might encounter errors like: - -```plaintext -dial tcp: lookup gitlab.example.com on [::1]:53: dial udp [::1]:53: connect: cannot assign requested address -``` - -Or: - -```plaintext -open /opt/gitlab/embedded/ssl/certs/cacert.pem: no such file or directory -x509: certificate signed by unknown authority -``` - -The reason for those errors is that the files `resolv.conf`, `/etc/hosts/`, `/etc/nsswitch.conf` and `ca-bundle.pem` are missing inside the `chroot`. -The fix is to copy these files inside the `chroot`: - -```shell -sudo mkdir -p /var/opt/gitlab/gitlab-rails/shared/pages/etc/ssl -sudo mkdir -p /var/opt/gitlab/gitlab-rails/shared/pages/opt/gitlab/embedded/ssl/certs/ - -sudo cp /etc/resolv.conf /var/opt/gitlab/gitlab-rails/shared/pages/etc/ -sudo cp /etc/hosts /var/opt/gitlab/gitlab-rails/shared/pages/etc/ -sudo cp /etc/nsswitch.conf /var/opt/gitlab/gitlab-rails/shared/pages/etc/ -sudo cp /opt/gitlab/embedded/ssl/certs/cacert.pem /var/opt/gitlab/gitlab-rails/shared/pages/opt/gitlab/embedded/ssl/certs/ -sudo cp /opt/gitlab/embedded/ssl/certs/cacert.pem /var/opt/gitlab/gitlab-rails/shared/pages/etc/ssl/ca-bundle.pem -``` - ### `unsupported protocol scheme \"\""` If you see the following error: @@ -1552,28 +1485,6 @@ To do that: 1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure). -### GitLab Pages fails to start in Docker container - -WARNING: -This issue is fixed in GitLab 14.3 and above, try upgrading GitLab first. - -The GitLab Pages daemon doesn't have permissions to bind mounts when it runs -in a Docker container. To overcome this issue, you must change the `chroot` -behavior: - -1. Edit `/etc/gitlab/gitlab.rb`. -1. Set the `inplace_chroot` to `true` for GitLab Pages: - - ```ruby - gitlab_pages['inplace_chroot'] = true - ``` - -1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure). - -NOTE: -`inplace_chroot` option might not work with the other features, such as [Pages Access Control](#access-control). -The [GitLab Pages README](https://gitlab.com/gitlab-org/gitlab-pages#caveats) has more information about caveats and workarounds. - ### GitLab Pages deploy job fails with error "is not a recognized provider" If the **pages** job succeeds but the **deploy** job gives the error "is not a recognized provider": diff --git a/doc/administration/reference_architectures/10k_users.md b/doc/administration/reference_architectures/10k_users.md index c9efee718a6..1b733488b12 100644 --- a/doc/administration/reference_architectures/10k_users.md +++ b/doc/administration/reference_architectures/10k_users.md @@ -1620,18 +1620,12 @@ and on all Praefect clients that communicate with it following the procedure des Note the following: -- The certificate must specify the address you use to access the Praefect server. If - addressing the Praefect server by: - - - Hostname, you can either use the Common Name field for this, or add it as a Subject - Alternative Name. - - IP address, you must add it as a Subject Alternative Name to the certificate. - +- The certificate must specify the address you use to access the Praefect server. You must add the hostname or IP + address as a Subject Alternative Name to the certificate. - You can configure Praefect servers with both an unencrypted listening address `listen_addr` and an encrypted listening address `tls_listen_addr` at the same time. This allows you to do a gradual transition from unencrypted to encrypted traffic, if - necessary. - + necessary. To disable the unencrypted listener, set `praefect['listen_addr'] = nil`. - The Internal Load Balancer will also access to the certificates and need to be configured to allow for TLS pass-through. Refer to the load balancers documentation on how to configure this. diff --git a/doc/administration/reference_architectures/25k_users.md b/doc/administration/reference_architectures/25k_users.md index 31fc227638f..1660b16432c 100644 --- a/doc/administration/reference_architectures/25k_users.md +++ b/doc/administration/reference_architectures/25k_users.md @@ -1624,18 +1624,12 @@ and on all Praefect clients that communicate with it following the procedure des Note the following: -- The certificate must specify the address you use to access the Praefect server. If - addressing the Praefect server by: - - - Hostname, you can either use the Common Name field for this, or add it as a Subject - Alternative Name. - - IP address, you must add it as a Subject Alternative Name to the certificate. - +- The certificate must specify the address you use to access the Praefect server. You must add the hostname or IP + address as a Subject Alternative Name to the certificate. - You can configure Praefect servers with both an unencrypted listening address `listen_addr` and an encrypted listening address `tls_listen_addr` at the same time. This allows you to do a gradual transition from unencrypted to encrypted traffic, if - necessary. - + necessary. To disable the unencrypted listener, set `praefect['listen_addr'] = nil`. - The Internal Load Balancer will also access to the certificates and need to be configured to allow for TLS passthrough. Refer to the load balancers documentation on how to configure this. diff --git a/doc/administration/reference_architectures/2k_users.md b/doc/administration/reference_architectures/2k_users.md index 4bc530dbf0e..b377e575617 100644 --- a/doc/administration/reference_architectures/2k_users.md +++ b/doc/administration/reference_architectures/2k_users.md @@ -527,11 +527,9 @@ that communicate with it following the procedure described in NOTE: The self-signed certificate must specify the address you use to access the -Gitaly server. If you are addressing the Gitaly server by a hostname, you can -either use the Common Name field for this, or add it as a Subject Alternative +Gitaly server. If you are addressing the Gitaly server by a hostname, add it as a Subject Alternative Name. If you are addressing the Gitaly server by its IP address, you must add it as a Subject Alternative Name to the certificate. -[gRPC does not support using an IP address as Common Name in a certificate](https://github.com/grpc/grpc/issues/2691). It's possible to configure Gitaly servers with both an unencrypted listening address (`listen_addr`) and an encrypted listening address (`tls_listen_addr`) diff --git a/doc/administration/reference_architectures/3k_users.md b/doc/administration/reference_architectures/3k_users.md index 2198c176461..092c0a23be1 100644 --- a/doc/administration/reference_architectures/3k_users.md +++ b/doc/administration/reference_architectures/3k_users.md @@ -1564,18 +1564,12 @@ and on all Praefect clients that communicate with it following the procedure des Note the following: -- The certificate must specify the address you use to access the Praefect server. If - addressing the Praefect server by: - - - Hostname, you can either use the Common Name field for this, or add it as a Subject - Alternative Name. - - IP address, you must add it as a Subject Alternative Name to the certificate. - +- The certificate must specify the address you use to access the Praefect server. You must add the hostname or IP + address as a Subject Alternative Name to the certificate. - You can configure Praefect servers with both an unencrypted listening address `listen_addr` and an encrypted listening address `tls_listen_addr` at the same time. This allows you to do a gradual transition from unencrypted to encrypted traffic, if - necessary. - + necessary. To disable the unencrypted listener, set `praefect['listen_addr'] = nil`. - The Internal Load Balancer will also access to the certificates and need to be configured to allow for TLS passthrough. Refer to the load balancers documentation on how to configure this. diff --git a/doc/administration/reference_architectures/50k_users.md b/doc/administration/reference_architectures/50k_users.md index 5d1f00c9bdc..edd82e5634c 100644 --- a/doc/administration/reference_architectures/50k_users.md +++ b/doc/administration/reference_architectures/50k_users.md @@ -1633,18 +1633,12 @@ and on all Praefect clients that communicate with it following the procedure des Note the following: -- The certificate must specify the address you use to access the Praefect server. If - addressing the Praefect server by: - - - Hostname, you can either use the Common Name field for this, or add it as a Subject - Alternative Name. - - IP address, you must add it as a Subject Alternative Name to the certificate. - +- The certificate must specify the address you use to access the Praefect server. You must add the hostname or IP + address as a Subject Alternative Name to the certificate. - You can configure Praefect servers with both an unencrypted listening address `listen_addr` and an encrypted listening address `tls_listen_addr` at the same time. This allows you to do a gradual transition from unencrypted to encrypted traffic, if - necessary. - + necessary. To disable the unencrypted listener, set `praefect['listen_addr'] = nil`. - The Internal Load Balancer will also access to the certificates and need to be configured to allow for TLS passthrough. Refer to the load balancers documentation on how to configure this. diff --git a/doc/administration/reference_architectures/5k_users.md b/doc/administration/reference_architectures/5k_users.md index 2bb2d763b01..6e783a05983 100644 --- a/doc/administration/reference_architectures/5k_users.md +++ b/doc/administration/reference_architectures/5k_users.md @@ -1562,18 +1562,12 @@ and on all Praefect clients that communicate with it following the procedure des Note the following: -- The certificate must specify the address you use to access the Praefect server. If - addressing the Praefect server by: - - - Hostname, you can either use the Common Name field for this, or add it as a Subject - Alternative Name. - - IP address, you must add it as a Subject Alternative Name to the certificate. - +- The certificate must specify the address you use to access the Praefect server. You must add the hostname or IP + address as a Subject Alternative Name to the certificate. - You can configure Praefect servers with both an unencrypted listening address `listen_addr` and an encrypted listening address `tls_listen_addr` at the same time. This allows you to do a gradual transition from unencrypted to encrypted traffic, if - necessary. - + necessary. To disable the unencrypted listener, set `praefect['listen_addr'] = nil`. - The Internal Load Balancer will also access to the certificates and need to be configured to allow for TLS passthrough. Refer to the load balancers documentation on how to configure this. diff --git a/doc/update/deprecations.md b/doc/update/deprecations.md index d38d2a62f7a..3e04018e647 100644 --- a/doc/update/deprecations.md +++ b/doc/update/deprecations.md @@ -239,7 +239,7 @@ as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#brea Before updating GitLab, review the details carefully to determine if you need to make any changes to your code, settings, or workflow. -To reduce the overall complexity and maintenance burden of GitLab's [object storage feature](https://docs.gitlab.com/ee/administration/object_storage.html), support for using `background_upload` to upload files is deprecated and will be fully removed in GitLab 15.0. +To reduce the overall complexity and maintenance burden of GitLab's [object storage feature](https://docs.gitlab.com/ee/administration/object_storage.html), support for using `background_upload` to upload files is deprecated and will be fully removed in GitLab 15.0. Review the [15.0 specific changes](https://docs.gitlab.com/omnibus/update/gitlab_15_changes.html) for the [removed background uploads settings for object storage](https://docs.gitlab.com/omnibus/update/gitlab_15_changes.html#removed-background-uploads-settings-for-object-storage). This impacts a small subset of object storage providers: diff --git a/lib/api/internal/mail_room.rb b/lib/api/internal/mail_room.rb index 238a83670d6..1e5e8c4c4e2 100644 --- a/lib/api/internal/mail_room.rb +++ b/lib/api/internal/mail_room.rb @@ -12,6 +12,10 @@ module API class MailRoom < ::API::Base feature_category :service_desk + format :json + content_type :txt, 'text/plain' + default_format :txt + before do authenticate_gitlab_mailroom_request! end diff --git a/lib/gitlab/database.rb b/lib/gitlab/database.rb index 909dfc4f92d..87ff2a53ac3 100644 --- a/lib/gitlab/database.rb +++ b/lib/gitlab/database.rb @@ -223,8 +223,11 @@ module Gitlab def self.db_config_for_connection(connection) return unless connection + # For a ConnectionProxy we want to avoid ambiguous db_config as it may + # sometimes default to replica so we always return the primary config + # instead. if connection.is_a?(::Gitlab::Database::LoadBalancing::ConnectionProxy) - return connection.load_balancer.configuration.primary_db_config + return connection.load_balancer.configuration.db_config end # During application init we might receive `NullPool` diff --git a/lib/gitlab/database/load_balancing/configuration.rb b/lib/gitlab/database/load_balancing/configuration.rb index 0ddc745ebae..59b08fac7e9 100644 --- a/lib/gitlab/database/load_balancing/configuration.rb +++ b/lib/gitlab/database/load_balancing/configuration.rb @@ -41,8 +41,6 @@ module Gitlab end end - config.reuse_primary_connection! - config end @@ -61,44 +59,17 @@ module Gitlab disconnect_timeout: 120, use_tcp: false } - - # Temporary model for GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ - # To be removed with FF - @primary_model = nil end def db_config_name @model.connection_db_config.name.to_sym end - # With connection re-use the primary connection can be overwritten - # to be used from different model - def primary_connection_specification_name - primary_model_or_model_if_enabled.connection_specification_name + def connection_specification_name + @model.connection_specification_name end - def primary_model_or_model_if_enabled - if use_dedicated_connection? - @model - else - @primary_model || @model - end - end - - def use_dedicated_connection? - return true unless @primary_model # We can only use dedicated connection, if re-use of connections is disabled - return false unless ::Gitlab::SafeRequestStore.active? - - ::Gitlab::SafeRequestStore.fetch(:force_no_sharing_primary_model) do - ::Feature::FlipperFeature.table_exists? && ::Feature.enabled?(:force_no_sharing_primary_model) - end - end - - def primary_db_config - primary_model_or_model_if_enabled.connection_db_config - end - - def replica_db_config + def db_config @model.connection_db_config end @@ -131,30 +102,6 @@ module Gitlab service_discovery[:record].present? end - - # TODO: This is temporary code to allow re-use of primary connection - # if the two connections are pointing to the same host. This is needed - # to properly support transaction visibility. - # - # This behavior is required to support [Phase 3](https://gitlab.com/groups/gitlab-org/-/epics/6160#progress). - # This method is meant to be removed as soon as it is finished. - # - # The remapping is done as-is: - # export GITLAB_LOAD_BALANCING_REUSE_PRIMARY_= - # - # Ex.: - # export GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci=main - # - def reuse_primary_connection! - new_connection = ENV["GITLAB_LOAD_BALANCING_REUSE_PRIMARY_#{db_config_name}"] - return unless new_connection.present? - - @primary_model = Gitlab::Database.database_base_models[new_connection.to_sym] - - unless @primary_model - raise "Invalid value for 'GITLAB_LOAD_BALANCING_REUSE_PRIMARY_#{db_config_name}=#{new_connection}'" - end - end end end end diff --git a/lib/gitlab/database/load_balancing/load_balancer.rb b/lib/gitlab/database/load_balancing/load_balancer.rb index 191ebe18b8a..d369376a6c4 100644 --- a/lib/gitlab/database/load_balancing/load_balancer.rb +++ b/lib/gitlab/database/load_balancing/load_balancer.rb @@ -232,14 +232,14 @@ module Gitlab # host - An optional host name to use instead of the default one. # port - An optional port to connect to. def create_replica_connection_pool(pool_size, host = nil, port = nil) - db_config = @configuration.replica_db_config + db_config = @configuration.db_config env_config = db_config.configuration_hash.dup env_config[:pool] = pool_size env_config[:host] = host if host env_config[:port] = port if port - replica_db_config = ActiveRecord::DatabaseConfigurations::HashConfig.new( + db_config = ActiveRecord::DatabaseConfigurations::HashConfig.new( db_config.env_name, db_config.name + REPLICA_SUFFIX, env_config @@ -249,7 +249,7 @@ module Gitlab # as it will rewrite ActiveRecord::Base.connection ActiveRecord::ConnectionAdapters::ConnectionHandler .new - .establish_connection(replica_db_config) + .establish_connection(db_config) end # ActiveRecord::ConnectionAdapters::ConnectionHandler handles fetching, @@ -258,7 +258,7 @@ module Gitlab # rubocop:disable Database/MultipleDatabases def pool ActiveRecord::Base.connection_handler.retrieve_connection_pool( - @configuration.primary_connection_specification_name, + @configuration.connection_specification_name, role: ActiveRecord::Base.writing_role, shard: ActiveRecord::Base.default_shard ) || raise(::ActiveRecord::ConnectionNotEstablished) diff --git a/lib/gitlab/database/query_analyzers/gitlab_schemas_metrics.rb b/lib/gitlab/database/query_analyzers/gitlab_schemas_metrics.rb index 391375d472f..06e2b114c91 100644 --- a/lib/gitlab/database/query_analyzers/gitlab_schemas_metrics.rb +++ b/lib/gitlab/database/query_analyzers/gitlab_schemas_metrics.rb @@ -27,15 +27,9 @@ module Gitlab # to reduce amount of labels sort schemas used gitlab_schemas = gitlab_schemas.to_a.sort.join(",") - # Temporary feature to observe relation of `gitlab_schemas` to `db_config_name` - # depending on primary model - ci_dedicated_primary_connection = ::Ci::ApplicationRecord.connection_class? && - ::Ci::ApplicationRecord.load_balancer.configuration.use_dedicated_connection? - schemas_metrics.increment({ gitlab_schemas: gitlab_schemas, - db_config_name: db_config_name, - ci_dedicated_primary_connection: ci_dedicated_primary_connection + db_config_name: db_config_name }) end diff --git a/lib/gitlab/metrics/samplers/database_sampler.rb b/lib/gitlab/metrics/samplers/database_sampler.rb index 965d85e20e5..86372973c82 100644 --- a/lib/gitlab/metrics/samplers/database_sampler.rb +++ b/lib/gitlab/metrics/samplers/database_sampler.rb @@ -72,7 +72,7 @@ module Gitlab { host: host.host, port: host.port, - class: load_balancer.configuration.primary_connection_specification_name, + class: load_balancer.configuration.connection_specification_name, db_config_name: Gitlab::Database.db_config_name(host.connection) } end diff --git a/package.json b/package.json index de3cf34926f..54a55259942 100644 --- a/package.json +++ b/package.json @@ -57,7 +57,7 @@ "@gitlab/at.js": "1.5.7", "@gitlab/favicon-overlay": "2.0.0", "@gitlab/svgs": "2.14.0", - "@gitlab/ui": "40.6.2", + "@gitlab/ui": "40.6.3", "@gitlab/visual-review-tools": "1.7.3", "@rails/actioncable": "6.1.4-7", "@rails/ujs": "6.1.4-7", @@ -109,7 +109,7 @@ "codesandbox-api": "0.0.23", "compression-webpack-plugin": "^5.0.2", "copy-webpack-plugin": "^6.4.1", - "core-js": "^3.22.6", + "core-js": "^3.22.7", "cron-validator": "^1.1.1", "cronstrue": "^1.122.0", "cropper": "^2.3.0", diff --git a/spec/factories/merge_requests.rb b/spec/factories/merge_requests.rb index e897a5e022a..cba66b5d414 100644 --- a/spec/factories/merge_requests.rb +++ b/spec/factories/merge_requests.rb @@ -25,10 +25,6 @@ FactoryBot.define do title { generate(:draft_title) } end - trait :wip_merge_request do - title { generate(:wip_title) } - end - trait :jira_title do title { generate(:jira_title) } end diff --git a/spec/factories/sequences.rb b/spec/factories/sequences.rb index 6b86154aa91..c10fab8588d 100644 --- a/spec/factories/sequences.rb +++ b/spec/factories/sequences.rb @@ -16,7 +16,6 @@ FactoryBot.define do sequence(:oid) { |n| Digest::SHA2.hexdigest("oid-like-#{n}") } sequence(:variable) { |n| "var#{n}" } sequence(:draft_title) { |n| "Draft: #{n}" } - sequence(:wip_title) { |n| "WIP: #{n}" } sequence(:jira_title) { |n| "[PROJ-#{n}]: fix bug" } sequence(:jira_description) { |n| "This is a description\n here is the description\n Related to: PROJ-#{n}" } sequence(:jira_branch) { |n| "feature/PROJ-#{n}" } diff --git a/spec/fixtures/security_reports/feature-branch/gl-secret-detection-report.json b/spec/fixtures/security_reports/feature-branch/gl-secret-detection-report.json index 57a4dee3ddd..538364f84a2 100644 --- a/spec/fixtures/security_reports/feature-branch/gl-secret-detection-report.json +++ b/spec/fixtures/security_reports/feature-branch/gl-secret-detection-report.json @@ -1,5 +1,5 @@ { - "version": "3.0", + "version": "14.1.2", "vulnerabilities": [], "remediations": [] } diff --git a/spec/fixtures/security_reports/master/gl-sast-missing-scanner.json b/spec/fixtures/security_reports/master/gl-sast-missing-scanner.json index f65580145b4..ab3ee348263 100644 --- a/spec/fixtures/security_reports/master/gl-sast-missing-scanner.json +++ b/spec/fixtures/security_reports/master/gl-sast-missing-scanner.json @@ -1,5 +1,5 @@ { - "version": "1.2", + "version": "14.1.2", "vulnerabilities": [ { "category": "sast", diff --git a/spec/fixtures/security_reports/master/gl-secret-detection-report.json b/spec/fixtures/security_reports/master/gl-secret-detection-report.json index f0250ec9145..9b0b2a19beb 100644 --- a/spec/fixtures/security_reports/master/gl-secret-detection-report.json +++ b/spec/fixtures/security_reports/master/gl-secret-detection-report.json @@ -1,5 +1,5 @@ { - "version": "3.0", + "version": "14.1.2", "vulnerabilities": [ { "id": "27d2322d519c94f803ffed1cf6d14e455df97e5a0668e229eb853fdb0d277d2c", diff --git a/spec/frontend/content_editor/components/__snapshots__/toolbar_link_button_spec.js.snap b/spec/frontend/content_editor/components/__snapshots__/toolbar_link_button_spec.js.snap index 7abd6b422ad..b54f7cf17c8 100644 --- a/spec/frontend/content_editor/components/__snapshots__/toolbar_link_button_spec.js.snap +++ b/spec/frontend/content_editor/components/__snapshots__/toolbar_link_button_spec.js.snap @@ -16,15 +16,13 @@ exports[`content_editor/components/toolbar_link_button renders dropdown componen
  • -
    -
    - - -
    - -
    +
    + + +
    +
    • diff --git a/spec/frontend/error_tracking_settings/components/app_spec.js b/spec/frontend/error_tracking_settings/components/app_spec.js index 4a0bbb1acbe..c660c9c4a99 100644 --- a/spec/frontend/error_tracking_settings/components/app_spec.js +++ b/spec/frontend/error_tracking_settings/components/app_spec.js @@ -177,7 +177,7 @@ describe('error tracking settings app', () => { const clipBoardButton = findDsnSettings().findComponent(ClipboardButton); expect(clipBoardInput.props('value')).toBe(TEST_GITLAB_DSN); - expect(clipBoardInput.attributes('readonly')).toBeTruthy(); + expect(clipBoardInput.attributes('readonly')).toBe(''); expect(clipBoardButton.props('text')).toBe(TEST_GITLAB_DSN); }); }); diff --git a/spec/frontend/profile/account/components/update_username_spec.js b/spec/frontend/profile/account/components/update_username_spec.js index e342b7c4ba1..0e56bccf27e 100644 --- a/spec/frontend/profile/account/components/update_username_spec.js +++ b/spec/frontend/profile/account/components/update_username_spec.js @@ -52,7 +52,7 @@ describe('UpdateUsername component', () => { openModalBtn: wrapper.find('[data-testid="username-change-confirmation-modal"]'), modalBody: modal.find('.modal-body'), modalHeader: modal.find('.modal-title'), - confirmModalBtn: wrapper.find('.btn-warning'), + confirmModalBtn: wrapper.find('.btn-confirm'), }; }; diff --git a/spec/frontend/projects/new/components/new_project_push_tip_popover_spec.js b/spec/frontend/projects/new/components/new_project_push_tip_popover_spec.js index 42259a5c392..f50dd393174 100644 --- a/spec/frontend/projects/new/components/new_project_push_tip_popover_spec.js +++ b/spec/frontend/projects/new/components/new_project_push_tip_popover_spec.js @@ -57,7 +57,7 @@ describe('New project push tip popover', () => { }); expect(findFormInput().attributes()).toMatchObject({ 'aria-label': 'Push project from command line', - readonly: 'readonly', + readonly: '', }); }); diff --git a/spec/frontend/vue_shared/components/__snapshots__/clone_dropdown_spec.js.snap b/spec/frontend/vue_shared/components/__snapshots__/clone_dropdown_spec.js.snap index 44b4c0398cd..cf2ed3331b7 100644 --- a/spec/frontend/vue_shared/components/__snapshots__/clone_dropdown_spec.js.snap +++ b/spec/frontend/vue_shared/components/__snapshots__/clone_dropdown_spec.js.snap @@ -24,41 +24,38 @@ exports[`Clone Dropdown Button rendering matches the snapshot 1`] = `
    -
    - + + + + - - - - - - - - -
    + +
    @@ -68,41 +65,38 @@ exports[`Clone Dropdown Button rendering matches the snapshot 1`] = `
    -
    - + + + + - - - - - - - - -
    + +
    diff --git a/spec/lib/gitlab/ci/parsers/security/secret_detection_spec.rb b/spec/lib/gitlab/ci/parsers/security/secret_detection_spec.rb index 1d361e16aad..e8f1d617cb7 100644 --- a/spec/lib/gitlab/ci/parsers/security/secret_detection_spec.rb +++ b/spec/lib/gitlab/ci/parsers/security/secret_detection_spec.rb @@ -39,7 +39,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::SecretDetection do end it "generates expected metadata_version" do - expect(report.findings.first.metadata_version).to eq('3.0') + expect(report.findings.first.metadata_version).to eq('14.1.2') end end end diff --git a/spec/lib/gitlab/database/load_balancing/configuration_spec.rb b/spec/lib/gitlab/database/load_balancing/configuration_spec.rb index 77284b4d128..34370c9a21f 100644 --- a/spec/lib/gitlab/database/load_balancing/configuration_spec.rb +++ b/spec/lib/gitlab/database/load_balancing/configuration_spec.rb @@ -100,14 +100,6 @@ RSpec.describe Gitlab::Database::LoadBalancing::Configuration, :request_store do expect(config.pool_size).to eq(4) end end - - it 'calls reuse_primary_connection!' do - expect_next_instance_of(described_class) do |subject| - expect(subject).to receive(:reuse_primary_connection!).and_call_original - end - - described_class.for_model(model) - end end describe '#load_balancing_enabled?' do @@ -203,61 +195,12 @@ RSpec.describe Gitlab::Database::LoadBalancing::Configuration, :request_store do end end - describe '#replica_db_config' do + describe '#db_config' do let(:model) { double(:model, connection_db_config: db_config, connection_specification_name: 'Ci::ApplicationRecord') } let(:config) { described_class.for_model(model) } it 'returns exactly db_config' do - expect(config.replica_db_config).to eq(db_config) - end - - context 'when GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci=main' do - it 'does not change replica_db_config' do - stub_env('GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci', 'main') - - expect(config.replica_db_config).to eq(db_config) - end - end - end - - describe 'reuse_primary_connection!' do - let(:model) { double(:model, connection_db_config: db_config, connection_specification_name: 'Ci::ApplicationRecord') } - let(:config) { described_class.for_model(model) } - - context 'when GITLAB_LOAD_BALANCING_REUSE_PRIMARY_* not configured' do - it 'the primary connection uses default specification' do - stub_env('GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci', nil) - - expect(config.primary_connection_specification_name).to eq('Ci::ApplicationRecord') - end - end - - context 'when GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci=main' do - before do - stub_env('GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci', 'main') - end - - it 'the primary connection uses main connection' do - expect(config.primary_connection_specification_name).to eq('ActiveRecord::Base') - end - - context 'when force_no_sharing_primary_model feature flag is enabled' do - before do - stub_feature_flags(force_no_sharing_primary_model: true) - end - - it 'the primary connection uses ci connection' do - expect(config.primary_connection_specification_name).to eq('Ci::ApplicationRecord') - end - end - end - - context 'when GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci=unknown' do - it 'raises exception' do - stub_env('GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci', 'unknown') - - expect { config.reuse_primary_connection! }.to raise_error /Invalid value for/ - end + expect(config.db_config).to eq(db_config) end end end diff --git a/spec/lib/gitlab/database/load_balancing/load_balancer_spec.rb b/spec/lib/gitlab/database/load_balancing/load_balancer_spec.rb index 3c7819c04b6..34eb64997c1 100644 --- a/spec/lib/gitlab/database/load_balancing/load_balancer_spec.rb +++ b/spec/lib/gitlab/database/load_balancing/load_balancer_spec.rb @@ -487,46 +487,6 @@ RSpec.describe Gitlab::Database::LoadBalancing::LoadBalancer, :request_store do end end - describe 'primary connection re-use', :reestablished_active_record_base, :add_ci_connection do - let(:model) { Ci::ApplicationRecord } - - describe '#read' do - it 'returns ci replica connection' do - expect { |b| lb.read(&b) }.to yield_with_args do |args| - expect(args.pool.db_config.name).to eq('ci_replica') - end - end - - context 'when GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci=main' do - it 'returns ci replica connection' do - stub_env('GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci', 'main') - - expect { |b| lb.read(&b) }.to yield_with_args do |args| - expect(args.pool.db_config.name).to eq('ci_replica') - end - end - end - end - - describe '#read_write' do - it 'returns Ci::ApplicationRecord connection' do - expect { |b| lb.read_write(&b) }.to yield_with_args do |args| - expect(args.pool.db_config.name).to eq('ci') - end - end - - context 'when GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci=main' do - it 'returns ActiveRecord::Base connection' do - stub_env('GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci', 'main') - - expect { |b| lb.read_write(&b) }.to yield_with_args do |args| - expect(args.pool.db_config.name).to eq('main') - end - end - end - end - end - describe '#wal_diff' do it 'returns the diff between two write locations' do loc1 = lb.send(:get_write_location, lb.pool.connection) diff --git a/spec/lib/gitlab/database/load_balancing/setup_spec.rb b/spec/lib/gitlab/database/load_balancing/setup_spec.rb index c44637b8d06..fa6d71bca7f 100644 --- a/spec/lib/gitlab/database/load_balancing/setup_spec.rb +++ b/spec/lib/gitlab/database/load_balancing/setup_spec.rb @@ -122,123 +122,68 @@ RSpec.describe Gitlab::Database::LoadBalancing::Setup do context 'uses correct base models', :reestablished_active_record_base do using RSpec::Parameterized::TableSyntax - where do + let(:ci_class) do + Class.new(ActiveRecord::Base) do + def self.name + 'Ci::ApplicationRecordTemporary' + end + + establish_connection ActiveRecord::DatabaseConfigurations::HashConfig.new( + Rails.env, + 'ci', + ActiveRecord::Base.connection_db_config.configuration_hash + ) + end + end + + let(:models) do { - "it picks a dedicated CI connection" => { - env_GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci: nil, - request_store_active: false, - ff_force_no_sharing_primary_model: false, - expectations: { - main: { read: 'main_replica', write: 'main' }, - ci: { read: 'ci_replica', write: 'ci' } - } - }, - "with re-use of primary connection it uses CI connection for reads" => { - env_GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci: 'main', - request_store_active: false, - ff_force_no_sharing_primary_model: false, - expectations: { - main: { read: 'main_replica', write: 'main' }, - ci: { read: 'ci_replica', write: 'main' } - } - }, - "with re-use and FF force_no_sharing_primary_model enabled with RequestStore it sticks FF and uses CI connection for reads and writes" => { - env_GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci: 'main', - request_store_active: true, - ff_force_no_sharing_primary_model: true, - expectations: { - main: { read: 'main_replica', write: 'main' }, - ci: { read: 'ci_replica', write: 'ci' } - } - }, - "with re-use and FF force_no_sharing_primary_model enabled without RequestStore it doesn't use FF and uses CI connection for reads only" => { - env_GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci: 'main', - request_store_active: true, - ff_force_no_sharing_primary_model: false, - expectations: { - main: { read: 'main_replica', write: 'main' }, - ci: { read: 'ci_replica', write: 'main' } - } - } + main: ActiveRecord::Base, + ci: ci_class } end - with_them do - let(:ci_class) do - Class.new(ActiveRecord::Base) do - def self.name - 'Ci::ApplicationRecordTemporary' - end + before do + allow(Gitlab).to receive(:dev_or_test_env?).and_return(false) - establish_connection ActiveRecord::DatabaseConfigurations::HashConfig.new( - Rails.env, - 'ci', - ActiveRecord::Base.connection_db_config.configuration_hash - ) + # Rewrite `class_attribute` to use rspec mocking and prevent modifying the objects + allow_next_instance_of(described_class) do |setup| + allow(setup).to receive(:configure_connection) + + allow(setup).to receive(:setup_class_attribute) do |attribute, value| + allow(setup.model).to receive(attribute) { value } end end - let(:models) do + # Make load balancer to force init with a dedicated replicas connections + models.each do |_, model| + described_class.new(model).tap do |subject| + subject.configuration.hosts = [subject.configuration.db_config.host] + subject.setup + end + end + end + + it 'results match expectations' do + result = models.transform_values do |model| + load_balancer = model.connection.instance_variable_get(:@load_balancer) + { - main: ActiveRecord::Base, - ci: ci_class + read: load_balancer.read { |connection| connection.pool.db_config.name }, + write: load_balancer.read_write { |connection| connection.pool.db_config.name } } end - around do |example| - if request_store_active - Gitlab::WithRequestStore.with_request_store do - stub_feature_flags(force_no_sharing_primary_model: ff_force_no_sharing_primary_model) - RequestStore.clear! + expect(result).to eq({ + main: { read: 'main_replica', write: 'main' }, + ci: { read: 'ci_replica', write: 'ci' } + }) + end - example.run - end - else - example.run - end - end - - before do - allow(Gitlab).to receive(:dev_or_test_env?).and_return(false) - - # Rewrite `class_attribute` to use rspec mocking and prevent modifying the objects - allow_next_instance_of(described_class) do |setup| - allow(setup).to receive(:configure_connection) - - allow(setup).to receive(:setup_class_attribute) do |attribute, value| - allow(setup.model).to receive(attribute) { value } - end - end - - stub_env('GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci', env_GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci) - - # Make load balancer to force init with a dedicated replicas connections - models.each do |_, model| - described_class.new(model).tap do |subject| - subject.configuration.hosts = [subject.configuration.replica_db_config.host] - subject.setup - end - end - end - - it 'results match expectations' do - result = models.transform_values do |model| - load_balancer = model.connection.instance_variable_get(:@load_balancer) - - { - read: load_balancer.read { |connection| connection.pool.db_config.name }, - write: load_balancer.read_write { |connection| connection.pool.db_config.name } - } - end - - expect(result).to eq(expectations) - end - - it 'does return load_balancer assigned to a given connection' do - models.each do |name, model| - expect(model.load_balancer.name).to eq(name) - expect(model.sticking.instance_variable_get(:@load_balancer)).to eq(model.load_balancer) - end + it 'does return load_balancer assigned to a given connection' do + models.each do |name, model| + expect(model.load_balancer.name).to eq(name) + expect(model.sticking.instance_variable_get(:@load_balancer)).to eq(model.load_balancer) end end end diff --git a/spec/lib/gitlab/database/query_analyzers/gitlab_schemas_metrics_spec.rb b/spec/lib/gitlab/database/query_analyzers/gitlab_schemas_metrics_spec.rb index 0d687db0f96..62c5ead855a 100644 --- a/spec/lib/gitlab/database/query_analyzers/gitlab_schemas_metrics_spec.rb +++ b/spec/lib/gitlab/database/query_analyzers/gitlab_schemas_metrics_spec.rb @@ -17,7 +17,7 @@ RSpec.describe Gitlab::Database::QueryAnalyzers::GitlabSchemasMetrics, query_ana process_sql(ActiveRecord::Base, "SELECT 1 FROM projects") end - context 'properly observes all queries', :add_ci_connection, :request_store do + context 'properly observes all queries', :add_ci_connection do using RSpec::Parameterized::TableSyntax where do @@ -28,8 +28,7 @@ RSpec.describe Gitlab::Database::QueryAnalyzers::GitlabSchemasMetrics, query_ana expectations: { gitlab_schemas: "gitlab_main", db_config_name: "main" - }, - setup: nil + } }, "for query accessing gitlab_ci and gitlab_main" => { model: ApplicationRecord, @@ -37,8 +36,7 @@ RSpec.describe Gitlab::Database::QueryAnalyzers::GitlabSchemasMetrics, query_ana expectations: { gitlab_schemas: "gitlab_ci,gitlab_main", db_config_name: "main" - }, - setup: nil + } }, "for query accessing gitlab_ci and gitlab_main the gitlab_schemas is always ordered" => { model: ApplicationRecord, @@ -46,8 +44,7 @@ RSpec.describe Gitlab::Database::QueryAnalyzers::GitlabSchemasMetrics, query_ana expectations: { gitlab_schemas: "gitlab_ci,gitlab_main", db_config_name: "main" - }, - setup: nil + } }, "for query accessing CI database" => { model: Ci::ApplicationRecord, @@ -56,62 +53,6 @@ RSpec.describe Gitlab::Database::QueryAnalyzers::GitlabSchemasMetrics, query_ana gitlab_schemas: "gitlab_ci", db_config_name: "ci" } - }, - "for query accessing CI database with re-use and disabled sharing" => { - model: Ci::ApplicationRecord, - sql: "SELECT 1 FROM ci_builds", - expectations: { - gitlab_schemas: "gitlab_ci", - db_config_name: "ci", - ci_dedicated_primary_connection: true - }, - setup: ->(_) do - skip_if_multiple_databases_not_setup - stub_env('GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci', 'main') - stub_feature_flags(force_no_sharing_primary_model: true) - end - }, - "for query accessing CI database with re-use and enabled sharing" => { - model: Ci::ApplicationRecord, - sql: "SELECT 1 FROM ci_builds", - expectations: { - gitlab_schemas: "gitlab_ci", - db_config_name: "ci", - ci_dedicated_primary_connection: false - }, - setup: ->(_) do - skip_if_multiple_databases_not_setup - stub_env('GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci', 'main') - stub_feature_flags(force_no_sharing_primary_model: false) - end - }, - "for query accessing CI database without re-use and disabled sharing" => { - model: Ci::ApplicationRecord, - sql: "SELECT 1 FROM ci_builds", - expectations: { - gitlab_schemas: "gitlab_ci", - db_config_name: "ci", - ci_dedicated_primary_connection: true - }, - setup: ->(_) do - skip_if_multiple_databases_not_setup - stub_env('GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci', nil) - stub_feature_flags(force_no_sharing_primary_model: true) - end - }, - "for query accessing CI database without re-use and enabled sharing" => { - model: Ci::ApplicationRecord, - sql: "SELECT 1 FROM ci_builds", - expectations: { - gitlab_schemas: "gitlab_ci", - db_config_name: "ci", - ci_dedicated_primary_connection: true - }, - setup: ->(_) do - skip_if_multiple_databases_not_setup - stub_env('GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci', nil) - stub_feature_flags(force_no_sharing_primary_model: false) - end } } end @@ -122,15 +63,11 @@ RSpec.describe Gitlab::Database::QueryAnalyzers::GitlabSchemasMetrics, query_ana end it do - stub_env('GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci', nil) - - instance_eval(&setup) if setup - allow(::Ci::ApplicationRecord.load_balancer).to receive(:configuration) .and_return(Gitlab::Database::LoadBalancing::Configuration.for_model(::Ci::ApplicationRecord)) expect(described_class.schemas_metrics).to receive(:increment) - .with({ ci_dedicated_primary_connection: anything }.merge(expectations)).and_call_original + .with(expectations).and_call_original process_sql(model, sql) end diff --git a/spec/lib/gitlab/database_spec.rb b/spec/lib/gitlab/database_spec.rb index 025cf05424e..064613074cd 100644 --- a/spec/lib/gitlab/database_spec.rb +++ b/spec/lib/gitlab/database_spec.rb @@ -160,13 +160,15 @@ RSpec.describe Gitlab::Database do end end - context 'when the connection is LoadBalancing::ConnectionProxy' do - it 'returns primary_db_config' do - lb_config = ::Gitlab::Database::LoadBalancing::Configuration.new(ActiveRecord::Base) - lb = ::Gitlab::Database::LoadBalancing::LoadBalancer.new(lb_config) - proxy = ::Gitlab::Database::LoadBalancing::ConnectionProxy.new(lb) + context 'when the connection is LoadBalancing::ConnectionProxy', :database_replica do + it 'returns primary db config even if ambiguous queries default to replica' do + Gitlab::Database::LoadBalancing::Session.current.use_primary! + primary_config = described_class.db_config_for_connection(ActiveRecord::Base.connection) - expect(described_class.db_config_for_connection(proxy)).to eq(lb_config.primary_db_config) + Gitlab::Database::LoadBalancing::Session.clear_session + Gitlab::Database::LoadBalancing::Session.current.fallback_to_replicas_for_ambiguous_queries do + expect(described_class.db_config_for_connection(ActiveRecord::Base.connection)).to eq(primary_config) + end end end @@ -223,9 +225,6 @@ RSpec.describe Gitlab::Database do describe '.gitlab_schemas_for_connection' do it 'does return a valid schema depending on a base model used', :request_store do - # FF due to lib/gitlab/database/load_balancing/configuration.rb:92 - stub_feature_flags(force_no_sharing_primary_model: true) - expect(described_class.gitlab_schemas_for_connection(Project.connection)).to include(:gitlab_main, :gitlab_shared) expect(described_class.gitlab_schemas_for_connection(Ci::Build.connection)).to include(:gitlab_ci, :gitlab_shared) end diff --git a/spec/lib/gitlab/mail_room/mail_room_spec.rb b/spec/lib/gitlab/mail_room/mail_room_spec.rb index 12fb12ebd87..06a25be757e 100644 --- a/spec/lib/gitlab/mail_room/mail_room_spec.rb +++ b/spec/lib/gitlab/mail_room/mail_room_spec.rb @@ -303,6 +303,7 @@ RSpec.describe Gitlab::MailRoom do delivery_method: 'postback', delivery_options: { delivery_url: "http://gitlab.example/api/v4/internal/mail_room/incoming_email", + content_type: "text/plain", jwt_auth_header: Gitlab::MailRoom::INTERNAL_API_REQUEST_HEADER, jwt_issuer: Gitlab::MailRoom::INTERNAL_API_REQUEST_JWT_ISSUER, jwt_algorithm: 'HS256', @@ -316,6 +317,7 @@ RSpec.describe Gitlab::MailRoom do delivery_method: 'postback', delivery_options: { delivery_url: "http://gitlab.example/api/v4/internal/mail_room/service_desk_email", + content_type: "text/plain", jwt_auth_header: Gitlab::MailRoom::INTERNAL_API_REQUEST_HEADER, jwt_issuer: Gitlab::MailRoom::INTERNAL_API_REQUEST_JWT_ISSUER, jwt_algorithm: 'HS256', diff --git a/spec/lib/gitlab/metrics/samplers/database_sampler_spec.rb b/spec/lib/gitlab/metrics/samplers/database_sampler_spec.rb index c88d8c17eac..57790ad78a8 100644 --- a/spec/lib/gitlab/metrics/samplers/database_sampler_spec.rb +++ b/spec/lib/gitlab/metrics/samplers/database_sampler_spec.rb @@ -66,7 +66,7 @@ RSpec.describe Gitlab::Metrics::Samplers::DatabaseSampler do let(:main_replica_host) { main_load_balancer.host } let(:ci_load_balancer) { double(:load_balancer, host_list: ci_host_list, configuration: configuration) } - let(:configuration) { double(:configuration, primary_connection_specification_name: 'Ci::ApplicationRecord') } + let(:configuration) { double(:configuration, connection_specification_name: 'Ci::ApplicationRecord') } let(:ci_host_list) { double(:host_list, hosts: [ci_replica_host]) } let(:ci_replica_host) { double(:host, connection: ci_connection) } let(:ci_connection) { double(:connection, pool: Ci::ApplicationRecord.connection_pool) } @@ -121,7 +121,7 @@ RSpec.describe Gitlab::Metrics::Samplers::DatabaseSampler do let(:main_replica_host) { main_load_balancer.host } let(:ci_load_balancer) { double(:load_balancer, host_list: ci_host_list, configuration: configuration) } - let(:configuration) { double(:configuration, primary_connection_specification_name: 'Ci::ApplicationRecord') } + let(:configuration) { double(:configuration, connection_specification_name: 'Ci::ApplicationRecord') } let(:ci_host_list) { double(:host_list, hosts: [ci_replica_host]) } let(:ci_replica_host) { double(:host, connection: ci_connection) } let(:ci_connection) { double(:connection, pool: Ci::ApplicationRecord.connection_pool) } diff --git a/spec/lib/marginalia_spec.rb b/spec/lib/marginalia_spec.rb index 53048ae2e6b..693b7bd45c9 100644 --- a/spec/lib/marginalia_spec.rb +++ b/spec/lib/marginalia_spec.rb @@ -59,7 +59,7 @@ RSpec.describe 'Marginalia spec' do "application" => "test", "endpoint_id" => "MarginaliaTestController#first_user", "correlation_id" => correlation_id, - "db_config_name" => ENV['GITLAB_LOAD_BALANCING_REUSE_PRIMARY_ci'] == 'main' ? 'main' : 'ci' + "db_config_name" => 'ci' } end diff --git a/spec/migrations/20220523171107_drop_deploy_tokens_token_column_spec.rb b/spec/migrations/20220523171107_drop_deploy_tokens_token_column_spec.rb new file mode 100644 index 00000000000..78df6f5fc35 --- /dev/null +++ b/spec/migrations/20220523171107_drop_deploy_tokens_token_column_spec.rb @@ -0,0 +1,22 @@ +# frozen_string_literal: true + +require 'spec_helper' +require_migration! + +RSpec.describe DropDeployTokensTokenColumn do + let(:deploy_tokens) { table(:deploy_tokens) } + + it 'correctly migrates up and down' do + reversible_migration do |migration| + migration.before -> { + expect(deploy_tokens.column_names).to include('token') + } + + migration.after -> { + deploy_tokens.reset_column_information + + expect(deploy_tokens.column_names).not_to include('token') + } + end + end +end diff --git a/spec/models/merge_request_spec.rb b/spec/models/merge_request_spec.rb index f252c4e2e96..4136e98780b 100644 --- a/spec/models/merge_request_spec.rb +++ b/spec/models/merge_request_spec.rb @@ -1394,81 +1394,68 @@ RSpec.describe MergeRequest, factory_default: :keep do end end - [ - 'WIP:', 'WIP: ', '[WIP]', '[WIP] ', ' [WIP] WIP: [WIP] WIP:', - "WIP ", "(WIP)", - "draft", "Draft", "Draft -", "draft - ", "Draft ", "draft " - ].each do |draft_prefix| - it "doesn't detect '#{draft_prefix}' at the start of the title as a draft" do - subject.title = "#{draft_prefix}#{subject.title}" + context "returns false" do + # We have removed support for variations of "WIP", and additionally need + # to test unsupported variations of "Draft" that we have seen users + # attempt. + # + [ + 'WIP:', 'WIP: ', '[WIP]', '[WIP] ', ' [WIP] WIP: [WIP] WIP:', + "WIP ", "(WIP)", + "draft", "Draft", "Draft -", "draft - ", "Draft ", "draft " + ].each do |trigger| + it "when '#{trigger}' prefixes the title" do + subject.title = "#{trigger}#{subject.title}" - expect(subject.work_in_progress?).to eq false + expect(subject.draft?).to eq false + end end - end - it "doesn't detect merge request title just saying 'wip'" do - subject.title = "wip" + ["WIP", "Draft"].each do |trigger| # rubocop:disable Style/WordArray + it "when merge request title is simply '#{trigger}'" do + subject.title = trigger - expect(subject.work_in_progress?).to eq false - end + expect(subject.draft?).to eq false + end - it "does not detect merge request title just saying 'draft'" do - subject.title = "draft" + it "when #{trigger} is in the middle of the title" do + subject.title = "Something with #{trigger} in the middle" - expect(subject.work_in_progress?).to eq false - end + expect(subject.draft?).to eq false + end - it 'does not detect WIP in the middle of the title' do - subject.title = 'Something with WIP in the middle' + it "when #{trigger} is at the end of the title" do + subject.title = "Something ends with #{trigger}" - expect(subject.work_in_progress?).to eq false - end + expect(subject.draft?).to eq false + end - it 'does not detect Draft in the middle of the title' do - subject.title = 'Something with Draft in the middle' + it "when title contains words starting with #{trigger}" do + subject.title = "#{trigger}foo #{subject.title}" - expect(subject.work_in_progress?).to eq false - end + expect(subject.draft?).to eq false + end - it 'does not detect Draft: in the middle of the title' do - subject.title = 'Something with Draft: in the middle' + it "when title contains words containing with #{trigger}" do + subject.title = "Foo#{trigger}Bar #{subject.title}" - expect(subject.work_in_progress?).to eq false - end + expect(subject.draft?).to eq false + end + end - it 'does not detect WIP at the end of the title' do - subject.title = 'Something ends with WIP' + it 'when Draft: in the middle of the title' do + subject.title = 'Something with Draft: in the middle' - expect(subject.work_in_progress?).to eq false - end + expect(subject.draft?).to eq false + end - it 'does not detect Draft at the end of the title' do - subject.title = 'Something ends with Draft' + it "when the title does not contain draft" do + expect(subject.draft?).to eq false + end - expect(subject.work_in_progress?).to eq false - end - - it "doesn't detect WIP for words starting with WIP" do - subject.title = "Wipwap #{subject.title}" - expect(subject.work_in_progress?).to eq false - end - - it "doesn't detect WIP for words containing with WIP" do - subject.title = "WupWipwap #{subject.title}" - expect(subject.work_in_progress?).to eq false - end - - it "doesn't detect draft for words containing with draft" do - subject.title = "Drafting #{subject.title}" - expect(subject.work_in_progress?).to eq false - end - - it "doesn't detect WIP by default" do - expect(subject.work_in_progress?).to eq false - end - - it "is aliased to #draft?" do - expect(subject.method(:work_in_progress?)).to eq(subject.method(:draft?)) + it "is aliased to #draft?" do + expect(subject.method(:work_in_progress?)).to eq(subject.method(:draft?)) + end end end diff --git a/spec/requests/api/internal/mail_room_spec.rb b/spec/requests/api/internal/mail_room_spec.rb index 2a056f21bc8..a0a9c1f9cb3 100644 --- a/spec/requests/api/internal/mail_room_spec.rb +++ b/spec/requests/api/internal/mail_room_spec.rb @@ -215,5 +215,29 @@ RSpec.describe API::Internal::MailRoom do expect(job).to match a_hash_including('args' => [encoded_email_content]) end end + + context 'handle text/plain request content type' do + let(:auth_headers) do + jwt_token = JWT.encode(auth_payload, incoming_email_secret, 'HS256') + { + Gitlab::MailRoom::INTERNAL_API_REQUEST_HEADER => jwt_token, + 'Content-Type' => 'text/plain' + } + end + + it 'schedules a EmailReceiverWorker job with email content encoded to utf-8 forcefully' do + Sidekiq::Testing.fake! do + expect do + post api("/internal/mail_room/incoming_email"), headers: auth_headers, params: email_content + end.to change { EmailReceiverWorker.jobs.size }.by(1) + end + + expect(response).to have_gitlab_http_status(:ok) + expect(response.content_type).to eql('application/json') + + job = EmailReceiverWorker.jobs.last + expect(job).to match a_hash_including('args' => [email_content]) + end + end end end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index a8b5908c57e..6c9a11587d3 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -256,16 +256,6 @@ RSpec.configure do |config| end config.around do |example| - if example.metadata.fetch(:stub_feature_flags, true) - # It doesn't make sense for this to default to enabled as we only plan to - # use this temporarily to override an environment variable but eventually - # we'll just use the environment variable value when we've completed the - # gradual rollout. This stub must happen in around block as there are other - # around blocks in tests that will run before this and get the wrong - # database connection. - stub_feature_flags(force_no_sharing_primary_model: false) - end - example.run end diff --git a/workhorse/go.mod b/workhorse/go.mod index 01dc6e468bc..43107a5dc77 100644 --- a/workhorse/go.mod +++ b/workhorse/go.mod @@ -29,7 +29,7 @@ require ( github.com/stretchr/testify v1.7.0 gitlab.com/gitlab-org/gitaly/v14 v14.10.0-rc1.0.20220426135705-ccfab390f7c3 gitlab.com/gitlab-org/golang-archive-zip v0.1.1 - gitlab.com/gitlab-org/labkit v1.14.0 + gitlab.com/gitlab-org/labkit v1.15.0 gocloud.dev v0.23.0 golang.org/x/image v0.0.0-20191009234506-e7c1f5e7dbb8 golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 diff --git a/workhorse/go.sum b/workhorse/go.sum index ed959f44889..fbc735e77c1 100644 --- a/workhorse/go.sum +++ b/workhorse/go.sum @@ -956,8 +956,8 @@ gitlab.com/gitlab-org/labkit v0.0.0-20200908084045-45895e129029/go.mod h1:SNfxkf gitlab.com/gitlab-org/labkit v1.0.0/go.mod h1:nohrYTSLDnZix0ebXZrbZJjymRar8HeV2roWL5/jw2U= gitlab.com/gitlab-org/labkit v1.4.1/go.mod h1:x5JO5uvdX4t6e/TZXLXZnFL5AcKz2uLLd3uKXZcuO4k= gitlab.com/gitlab-org/labkit v1.5.0/go.mod h1:1ZuVZpjSpCKUgjLx8P6jzkkQFxJI1thUKr6yKV3p0vY= -gitlab.com/gitlab-org/labkit v1.14.0 h1:LSrvHgybidPyH8fHnsy1GBghrLR4kFObFrtZwUfCgAI= -gitlab.com/gitlab-org/labkit v1.14.0/go.mod h1:bcxc4ZpAC+WyACgyKl7FcvT2XXAbl8CrzN6UY+w8cMc= +gitlab.com/gitlab-org/labkit v1.15.0 h1:rMdhIdONc7bcd5qGRtWav6iInpeDmavDmP9A1tai92k= +gitlab.com/gitlab-org/labkit v1.15.0/go.mod h1:bcxc4ZpAC+WyACgyKl7FcvT2XXAbl8CrzN6UY+w8cMc= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= go.opencensus.io v0.15.0/go.mod h1:UffZAU+4sDEINUGP/B7UfBBkq4fqLu9zXAX7ke6CHW0= diff --git a/workhorse/internal/upload/destination/objectstore/s3_session.go b/workhorse/internal/upload/destination/objectstore/s3_session.go index aa38f18ed7a..d71b38eb22e 100644 --- a/workhorse/internal/upload/destination/objectstore/s3_session.go +++ b/workhorse/internal/upload/destination/objectstore/s3_session.go @@ -10,6 +10,8 @@ import ( "github.com/aws/aws-sdk-go/aws/session" "gitlab.com/gitlab-org/gitlab/workhorse/internal/config" + + "gitlab.com/gitlab-org/labkit/fips" ) type s3Session struct { @@ -61,8 +63,9 @@ func setupS3Session(s3Credentials config.S3Credentials, s3Config config.S3Config } cfg := &aws.Config{ - Region: aws.String(s3Config.Region), - S3ForcePathStyle: aws.Bool(s3Config.PathStyle), + Region: aws.String(s3Config.Region), + S3ForcePathStyle: aws.Bool(s3Config.PathStyle), + S3DisableContentMD5Validation: aws.Bool(fips.Enabled()), } // In case IAM profiles aren't being used, use the static credentials diff --git a/yarn.lock b/yarn.lock index 0cbcf5f51e7..e70ceaa00d3 100644 --- a/yarn.lock +++ b/yarn.lock @@ -968,10 +968,10 @@ resolved "https://registry.yarnpkg.com/@gitlab/svgs/-/svgs-2.14.0.tgz#92b36bc98ccbed49a4dbca310862146275091cb2" integrity sha512-U9EYmEIiTMl7R3X5DmCrw6fz7gz8c1kjvQtaF6HfJ15xDtR7trRAyCNbn3z7YGk1QJ8Cv/Ifw2/T5SxXwYd7dw== -"@gitlab/ui@40.6.2": - version "40.6.2" - resolved "https://registry.yarnpkg.com/@gitlab/ui/-/ui-40.6.2.tgz#196529ed0fcf372402d74042fc828b0b469aeaf2" - integrity sha512-mOalOdFxjdtCMGUEmzeH1nSN0SCaqIkJQYbtX2x7PI2pyjHAA+8urUeCGC5JlpqDy8a4OmBmZtXTuhvweoOIew== +"@gitlab/ui@40.6.3": + version "40.6.3" + resolved "https://registry.yarnpkg.com/@gitlab/ui/-/ui-40.6.3.tgz#94f3a46054f3b4d8eb40116b20d23827d9473039" + integrity sha512-BWmal3iaBjI16BT9aMWRdYYhuRBAfzvG4/0EbKMS3smlo9yKFd81OdSEfhgFRiJENohk+tEMgR6YqB6V5DOGpw== dependencies: "@popperjs/core" "^2.11.2" bootstrap-vue "2.20.1" @@ -3876,10 +3876,10 @@ core-js-pure@^3.0.0: resolved "https://registry.yarnpkg.com/core-js-pure/-/core-js-pure-3.6.5.tgz#c79e75f5e38dbc85a662d91eea52b8256d53b813" integrity sha512-lacdXOimsiD0QyNf9BC/mxivNJ/ybBGJXQFKzRekp1WTHoVUWsUHEn+2T8GJAzzIhyOuXA+gOxCVN3l+5PLPUA== -core-js@^3.22.6: - version "3.22.6" - resolved "https://registry.yarnpkg.com/core-js/-/core-js-3.22.6.tgz#294dd824b4cae2c24725a36baa4a791ed00bb0de" - integrity sha512-2IGcGH00z9I4twgNWU4uGCNEsBFG1s2JudVQrgSCoVhOfwoTwQjxC8aMo9exrpTMOxvobggEpaHnGMmQY4cfBQ== +core-js@^3.22.7: + version "3.22.7" + resolved "https://registry.yarnpkg.com/core-js/-/core-js-3.22.7.tgz#8d6c37f630f6139b8732d10f2c114c3f1d00024f" + integrity sha512-Jt8SReuDKVNZnZEzyEQT5eK6T2RRCXkfTq7Lo09kpm+fHjgGewSbNjV+Wt4yZMhPDdzz2x1ulI5z/w4nxpBseg== core-js@~2.3.0: version "2.3.0"