diff --git a/.eslintrc.yml b/.eslintrc.yml index 7ede62ec979..a55e65c2678 100644 --- a/.eslintrc.yml +++ b/.eslintrc.yml @@ -46,6 +46,7 @@ rules: vue/no-v-html: off vue/use-v-on-exact: off no-jquery/no-animate: off + # all offenses of no-jquery/no-animate-toggle are false positives ( $toast.show() ) no-jquery/no-animate-toggle: off no-jquery/no-fade: off no-jquery/no-serialize: error diff --git a/Gemfile.lock b/Gemfile.lock index 8d8fa9cbffd..812b21a836d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -930,7 +930,7 @@ GEM rubyntlm (0.6.2) rubypants (0.2.0) rubyzip (1.3.0) - rugged (0.28.3.1) + rugged (0.28.4.1) safe_yaml (1.0.4) sanitize (4.6.6) crass (~> 1.0.2) diff --git a/app/services/git/base_hooks_service.rb b/app/services/git/base_hooks_service.rb index a49983a84fc..d935d9e8cdc 100644 --- a/app/services/git/base_hooks_service.rb +++ b/app/services/git/base_hooks_service.rb @@ -163,7 +163,7 @@ module Git end def logger - if Gitlab::Runtime.sidekiq? + if Sidekiq.server? Sidekiq.logger else # This service runs in Sidekiq, so this shouldn't ever be diff --git a/changelogs/unreleased/22465-rack-attack-authenticate-runner-requests-with-job-token-basic-auth.yml b/changelogs/unreleased/22465-rack-attack-authenticate-runner-requests-with-job-token-basic-auth.yml new file mode 100644 index 00000000000..06f618bd29b --- /dev/null +++ b/changelogs/unreleased/22465-rack-attack-authenticate-runner-requests-with-job-token-basic-auth.yml @@ -0,0 +1,5 @@ +--- +title: Authenticate requests with job token as basic auth header for request limiting +merge_request: 21562 +author: +type: fixed diff --git a/changelogs/unreleased/ak-logs-timestamp.yml b/changelogs/unreleased/ak-logs-timestamp.yml new file mode 100644 index 00000000000..40dca009d23 --- /dev/null +++ b/changelogs/unreleased/ak-logs-timestamp.yml @@ -0,0 +1,5 @@ +--- +title: Add timestamps to pod logs +merge_request: 21663 +author: +type: added diff --git a/changelogs/unreleased/sh-upgrade-rugged.yml b/changelogs/unreleased/sh-upgrade-rugged.yml new file mode 100644 index 00000000000..b43cde6bc36 --- /dev/null +++ b/changelogs/unreleased/sh-upgrade-rugged.yml @@ -0,0 +1,5 @@ +--- +title: Update Rugged to v0.28.4.1 +merge_request: 21869 +author: +type: security diff --git a/config/application.rb b/config/application.rb index 28c1eba920b..cad5c8bbe76 100644 --- a/config/application.rb +++ b/config/application.rb @@ -22,7 +22,6 @@ module Gitlab require_dependency Rails.root.join('lib/gitlab/current_settings') require_dependency Rails.root.join('lib/gitlab/middleware/read_only') require_dependency Rails.root.join('lib/gitlab/middleware/basic_health_check') - require_dependency Rails.root.join('lib/gitlab/runtime') # Settings in config/environments/* take precedence over those specified here. # Application configuration should go into files in config/initializers @@ -256,7 +255,7 @@ module Gitlab caching_config_hash[:compress] = false caching_config_hash[:namespace] = Gitlab::Redis::Cache::CACHE_NAMESPACE caching_config_hash[:expires_in] = 2.weeks # Cache should not grow forever - if Gitlab::Runtime.multi_threaded? + if Sidekiq.server? || defined?(::Puma) # threaded context caching_config_hash[:pool_size] = Gitlab::Redis::Cache.pool_size caching_config_hash[:pool_timeout] = 1 end diff --git a/config/environments/development.rb b/config/environments/development.rb index dc804197fef..2939e13ef94 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -46,7 +46,7 @@ Rails.application.configure do # Do not log asset requests config.assets.quiet = true - config.allow_concurrency = Gitlab::Runtime.multi_threaded? + config.allow_concurrency = defined?(::Puma) # BetterErrors live shell (REPL) on every stack frame BetterErrors::Middleware.allow_ip!("127.0.0.1/0") diff --git a/config/environments/production.rb b/config/environments/production.rb index 7ec18547b2f..09bcf49a9a5 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -75,5 +75,5 @@ Rails.application.configure do config.eager_load = true - config.allow_concurrency = Gitlab::Runtime.multi_threaded? + config.allow_concurrency = defined?(::Puma) end diff --git a/config/initializers/0_runtime_identify.rb b/config/initializers/0_runtime_identify.rb deleted file mode 100644 index 2b5d08102eb..00000000000 --- a/config/initializers/0_runtime_identify.rb +++ /dev/null @@ -1,13 +0,0 @@ -# frozen_string_literal: true - -begin - Gitlab::AppLogger.info("Runtime: #{Gitlab::Runtime.name}") -rescue => e - message = <<-NOTICE - \n!! RUNTIME IDENTIFICATION FAILED: #{e} - Runtime based configuration settings may not work properly. - If you continue to see this error, please file an issue via - https://gitlab.com/gitlab-org/gitlab/issues/new - NOTICE - Gitlab::AppLogger.error(message) -end diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb index bb0c4696eff..8e4aa5701b4 100644 --- a/config/initializers/1_settings.rb +++ b/config/initializers/1_settings.rb @@ -364,7 +364,7 @@ Gitlab.ee do # To ensure acceptable performance we only allow feature to be used with # multithreaded web-server Puma. This will be removed once download logic is moved # to GitLab workhorse - Settings.dependency_proxy['enabled'] = false unless Gitlab::Runtime.puma? + Settings.dependency_proxy['enabled'] = false unless defined?(::Puma) end # diff --git a/config/initializers/7_prometheus_metrics.rb b/config/initializers/7_prometheus_metrics.rb index d14dc071b7b..c14ee1458bc 100644 --- a/config/initializers/7_prometheus_metrics.rb +++ b/config/initializers/7_prometheus_metrics.rb @@ -4,11 +4,11 @@ require 'prometheus/client' def prometheus_default_multiproc_dir return unless Rails.env.development? || Rails.env.test? - if Gitlab::Runtime.sidekiq? + if Sidekiq.server? Rails.root.join('tmp/prometheus_multiproc_dir/sidekiq') - elsif Gitlab::Runtime.unicorn? + elsif defined?(Unicorn::Worker) Rails.root.join('tmp/prometheus_multiproc_dir/unicorn') - elsif Gitlab::Runtime.puma? + elsif defined?(::Puma) Rails.root.join('tmp/prometheus_multiproc_dir/puma') else Rails.root.join('tmp/prometheus_multiproc_dir') @@ -48,9 +48,9 @@ if !Rails.env.test? && Gitlab::Metrics.prometheus_metrics_enabled? Gitlab::Cluster::LifecycleEvents.on_master_start do ::Prometheus::Client.reinitialize_on_pid_change(force: true) - if Gitlab::Runtime.unicorn? + if defined?(::Unicorn) Gitlab::Metrics::Samplers::UnicornSampler.instance(Settings.monitoring.unicorn_sampler_interval).start - elsif Gitlab::Runtime.puma? + elsif defined?(::Puma) Gitlab::Metrics::Samplers::PumaSampler.instance(Settings.monitoring.puma_sampler_interval).start end @@ -58,7 +58,7 @@ if !Rails.env.test? && Gitlab::Metrics.prometheus_metrics_enabled? end end -if Gitlab::Runtime.app_server? +if defined?(::Unicorn) || defined?(::Puma) Gitlab::Cluster::LifecycleEvents.on_master_start do Gitlab::Metrics::Exporter::WebExporter.instance.start end diff --git a/config/initializers/active_record_lifecycle.rb b/config/initializers/active_record_lifecycle.rb index 2cf0f0439a9..61f1d299960 100644 --- a/config/initializers/active_record_lifecycle.rb +++ b/config/initializers/active_record_lifecycle.rb @@ -2,7 +2,7 @@ # Don't handle sidekiq configuration as it # has its own special active record configuration here -if defined?(ActiveRecord::Base) && !Gitlab::Runtime.sidekiq? +if defined?(ActiveRecord::Base) && !Sidekiq.server? Gitlab::Cluster::LifecycleEvents.on_worker_start do ActiveSupport.on_load(:active_record) do ActiveRecord::Base.establish_connection diff --git a/config/initializers/cluster_events_before_phased_restart.rb b/config/initializers/cluster_events_before_phased_restart.rb index aae5470d6ae..cbb1dd1a53a 100644 --- a/config/initializers/cluster_events_before_phased_restart.rb +++ b/config/initializers/cluster_events_before_phased_restart.rb @@ -5,8 +5,10 @@ # # Follow-up the issue: https://gitlab.com/gitlab-org/gitlab/issues/34107 -if Gitlab::Runtime.puma? +if defined?(::Puma) Puma::Cluster.prepend(::Gitlab::Cluster::Mixins::PumaCluster) -elsif Gitlab::Runtime.unicorn? +end + +if defined?(::Unicorn::HttpServer) Unicorn::HttpServer.prepend(::Gitlab::Cluster::Mixins::UnicornHttpServer) end diff --git a/config/initializers/database_config.rb b/config/initializers/database_config.rb index 509f04c9b02..d8c2821066b 100644 --- a/config/initializers/database_config.rb +++ b/config/initializers/database_config.rb @@ -2,7 +2,7 @@ # when running on puma, scale connection pool size with the number # of threads per worker process -if Gitlab::Runtime.puma? +if defined?(::Puma) db_config = Gitlab::Database.config || Rails.application.config.database_configuration[Rails.env] puma_options = Puma.cli_config.options diff --git a/config/initializers/lograge.rb b/config/initializers/lograge.rb index 0acbe6a9258..a8207862739 100644 --- a/config/initializers/lograge.rb +++ b/config/initializers/lograge.rb @@ -1,5 +1,5 @@ # Only use Lograge for Rails -unless Gitlab::Runtime.sidekiq? +unless Sidekiq.server? filename = File.join(Rails.root, 'log', "#{Rails.env}_json.log") Rails.application.configure do diff --git a/config/initializers/rack_timeout.rb b/config/initializers/rack_timeout.rb index 1f1264de208..246cf3482a4 100644 --- a/config/initializers/rack_timeout.rb +++ b/config/initializers/rack_timeout.rb @@ -9,7 +9,7 @@ # and it's used only as the last resort. In such case this termination is # logged and we should fix the potential timeout issue in the code itself. -if Gitlab::Runtime.puma? && !Rails.env.test? +if defined?(::Puma) && !Rails.env.test? require 'rack/timeout/base' Gitlab::Application.configure do |config| diff --git a/config/initializers/tracing.rb b/config/initializers/tracing.rb index 0ae57021fcf..5b55a06692e 100644 --- a/config/initializers/tracing.rb +++ b/config/initializers/tracing.rb @@ -13,7 +13,7 @@ if Labkit::Tracing.enabled? end # Instrument Sidekiq server calls when running Sidekiq server - if Gitlab::Runtime.sidekiq? + if Sidekiq.server? Sidekiq.configure_server do |config| config.server_middleware do |chain| chain.add Labkit::Tracing::Sidekiq::ServerMiddleware diff --git a/config/initializers/validate_puma.rb b/config/initializers/validate_puma.rb index 5abcfbfe6be..64bd6e7bbc1 100644 --- a/config/initializers/validate_puma.rb +++ b/config/initializers/validate_puma.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true -if Gitlab::Runtime.puma? && ::Puma.cli_config.options[:workers].to_i.zero? +if defined?(::Puma) && ::Puma.cli_config.options[:workers].to_i.zero? raise 'Puma is only supported in Cluster-mode: workers > 0' end diff --git a/lib/gitlab.rb b/lib/gitlab.rb index f2bff51df38..0e6db54eb46 100644 --- a/lib/gitlab.rb +++ b/lib/gitlab.rb @@ -100,8 +100,8 @@ module Gitlab end def self.process_name - return 'sidekiq' if Gitlab::Runtime.sidekiq? - return 'console' if Gitlab::Runtime.console? + return 'sidekiq' if Sidekiq.server? + return 'console' if defined?(Rails::Console) return 'test' if Rails.env.test? 'web' diff --git a/lib/gitlab/auth/auth_finders.rb b/lib/gitlab/auth/auth_finders.rb index 6210aca739a..33cbb070c2f 100644 --- a/lib/gitlab/auth/auth_finders.rb +++ b/lib/gitlab/auth/auth_finders.rb @@ -21,6 +21,7 @@ module Gitlab prepend_if_ee('::EE::Gitlab::Auth::AuthFinders') # rubocop: disable Cop/InjectEnterpriseEditionModule include Gitlab::Utils::StrongMemoize + include ActionController::HttpAuthentication::Basic PRIVATE_TOKEN_HEADER = 'HTTP_PRIVATE_TOKEN' PRIVATE_TOKEN_PARAM = :private_token @@ -67,6 +68,19 @@ module Gitlab job.user end + def find_user_from_basic_auth_job + return unless has_basic_credentials?(current_request) + + login, password = user_name_and_password(current_request) + return unless login.present? && password.present? + return unless ::Ci::Build::CI_REGISTRY_USER == login + + job = ::Ci::Build.find_by_token(password) + raise UnauthorizedError unless job + + job.user + end + # We only allow Private Access Tokens with `api` scope to be used by web # requests on RSS feeds or ICS files for backwards compatibility. # It is also used by GraphQL/API requests. diff --git a/lib/gitlab/auth/request_authenticator.rb b/lib/gitlab/auth/request_authenticator.rb index 9b1b7b8e879..34ccff588f4 100644 --- a/lib/gitlab/auth/request_authenticator.rb +++ b/lib/gitlab/auth/request_authenticator.rb @@ -32,7 +32,8 @@ module Gitlab def find_sessionless_user(request_format) find_user_from_web_access_token(request_format) || find_user_from_feed_token(request_format) || - find_user_from_static_object_token(request_format) + find_user_from_static_object_token(request_format) || + find_user_from_basic_auth_job rescue Gitlab::Auth::AuthenticationError nil end diff --git a/lib/gitlab/cluster/lifecycle_events.rb b/lib/gitlab/cluster/lifecycle_events.rb index 4ae75e0db0a..2b3dc94fc5e 100644 --- a/lib/gitlab/cluster/lifecycle_events.rb +++ b/lib/gitlab/cluster/lifecycle_events.rb @@ -149,10 +149,10 @@ module Gitlab def in_clustered_environment? # Sidekiq doesn't fork - return false if Gitlab::Runtime.sidekiq? + return false if Sidekiq.server? # Unicorn always forks - return true if Gitlab::Runtime.unicorn? + return true if defined?(::Unicorn) # Puma sometimes forks return true if in_clustered_puma? @@ -162,7 +162,7 @@ module Gitlab end def in_clustered_puma? - return false unless Gitlab::Runtime.puma? + return false unless defined?(::Puma) @puma_options && @puma_options[:workers] && @puma_options[:workers] > 0 end diff --git a/lib/gitlab/gitaly_client.rb b/lib/gitlab/gitaly_client.rb index 1ce30176644..9e033c705bd 100644 --- a/lib/gitlab/gitaly_client.rb +++ b/lib/gitlab/gitaly_client.rb @@ -29,7 +29,7 @@ module Gitlab PEM_REGEX = /\-+BEGIN CERTIFICATE\-+.+?\-+END CERTIFICATE\-+/m.freeze SERVER_VERSION_FILE = 'GITALY_SERVER_VERSION' MAXIMUM_GITALY_CALLS = 30 - CLIENT_NAME = (Gitlab::Runtime.sidekiq? ? 'gitlab-sidekiq' : 'gitlab-web').freeze + CLIENT_NAME = (Sidekiq.server? ? 'gitlab-sidekiq' : 'gitlab-web').freeze GITALY_METADATA_FILENAME = '.gitaly-metadata' MUTEX = Mutex.new @@ -382,13 +382,17 @@ module Gitlab end def self.long_timeout - if Gitlab::Runtime.app_server? + if web_app_server? default_timeout else 6.hours end end + def self.web_app_server? + defined?(::Unicorn) || defined?(::Puma) + end + def self.storage_metadata_file_path(storage) Gitlab::GitalyClient::StorageSettings.allow_disk_access do File.join( diff --git a/lib/gitlab/gpg.rb b/lib/gitlab/gpg.rb index 7e6f6a519a6..e3c474bc0fe 100644 --- a/lib/gitlab/gpg.rb +++ b/lib/gitlab/gpg.rb @@ -135,7 +135,7 @@ module Gitlab end def cleanup_time - Gitlab::Runtime.sidekiq? ? BG_CLEANUP_RUNTIME_S : FG_CLEANUP_RUNTIME_S + Sidekiq.server? ? BG_CLEANUP_RUNTIME_S : FG_CLEANUP_RUNTIME_S end def tmp_keychains_created diff --git a/lib/gitlab/health_checks/puma_check.rb b/lib/gitlab/health_checks/puma_check.rb index 9f09070a57d..7aafe29fbae 100644 --- a/lib/gitlab/health_checks/puma_check.rb +++ b/lib/gitlab/health_checks/puma_check.rb @@ -18,7 +18,7 @@ module Gitlab end def check - return unless Gitlab::Runtime.puma? + return unless defined?(::Puma) stats = Puma.stats stats = JSON.parse(stats) diff --git a/lib/gitlab/health_checks/unicorn_check.rb b/lib/gitlab/health_checks/unicorn_check.rb index cdc6d2a7519..a30ae015257 100644 --- a/lib/gitlab/health_checks/unicorn_check.rb +++ b/lib/gitlab/health_checks/unicorn_check.rb @@ -30,7 +30,7 @@ module Gitlab # to change so we can cache the list of servers. def http_servers strong_memoize(:http_servers) do - next unless Gitlab::Runtime.unicorn? + next unless defined?(::Unicorn::HttpServer) ObjectSpace.each_object(::Unicorn::HttpServer).to_a end diff --git a/lib/gitlab/highlight.rb b/lib/gitlab/highlight.rb index 22b9a038768..2c243a0d0ae 100644 --- a/lib/gitlab/highlight.rb +++ b/lib/gitlab/highlight.rb @@ -68,7 +68,7 @@ module Gitlab end def timeout_time - Gitlab::Runtime.sidekiq? ? TIMEOUT_BACKGROUND : TIMEOUT_FOREGROUND + Sidekiq.server? ? TIMEOUT_BACKGROUND : TIMEOUT_FOREGROUND end def link_dependencies(text, highlighted_text) diff --git a/lib/gitlab/metrics/influx_db.rb b/lib/gitlab/metrics/influx_db.rb index 1f252572461..269d90fa971 100644 --- a/lib/gitlab/metrics/influx_db.rb +++ b/lib/gitlab/metrics/influx_db.rb @@ -150,7 +150,7 @@ module Gitlab # Returns the prefix to use for the name of a series. def series_prefix - @series_prefix ||= Gitlab::Runtime.sidekiq? ? 'sidekiq_' : 'rails_' + @series_prefix ||= Sidekiq.server? ? 'sidekiq_' : 'rails_' end # Allow access from other metrics related middlewares diff --git a/lib/gitlab/metrics/samplers/influx_sampler.rb b/lib/gitlab/metrics/samplers/influx_sampler.rb index 4e16e335bee..1eae0a7bf45 100644 --- a/lib/gitlab/metrics/samplers/influx_sampler.rb +++ b/lib/gitlab/metrics/samplers/influx_sampler.rb @@ -39,10 +39,14 @@ module Gitlab end def add_metric(series, values, tags = {}) - prefix = Gitlab::Runtime.sidekiq? ? 'sidekiq_' : 'rails_' + prefix = sidekiq? ? 'sidekiq_' : 'rails_' @metrics << Metric.new("#{prefix}#{series}", values, tags) end + + def sidekiq? + Sidekiq.server? + end end end end diff --git a/lib/gitlab/metrics/samplers/unicorn_sampler.rb b/lib/gitlab/metrics/samplers/unicorn_sampler.rb index 8c4d150adad..355f938704e 100644 --- a/lib/gitlab/metrics/samplers/unicorn_sampler.rb +++ b/lib/gitlab/metrics/samplers/unicorn_sampler.rb @@ -61,7 +61,7 @@ module Gitlab # it takes around 80ms. The instances of HttpServers are not a subject # to change so we can cache the list of servers. def http_servers - return [] unless Gitlab::Runtime.unicorn? + return [] unless defined?(::Unicorn::HttpServer) @http_servers ||= ObjectSpace.each_object(::Unicorn::HttpServer).to_a end diff --git a/lib/gitlab/redis/wrapper.rb b/lib/gitlab/redis/wrapper.rb index beceed3fa75..412d00c6939 100644 --- a/lib/gitlab/redis/wrapper.rb +++ b/lib/gitlab/redis/wrapper.rb @@ -22,10 +22,10 @@ module Gitlab def pool_size # heuristic constant 5 should be a config setting somewhere -- related to CPU count? size = 5 - if Gitlab::Runtime.sidekiq? + if Sidekiq.server? # the pool will be used in a multi-threaded context size += Sidekiq.options[:concurrency] - elsif Gitlab::Runtime.puma? + elsif defined?(::Puma) size += Puma.cli_config.options[:max_threads] end diff --git a/lib/gitlab/runtime.rb b/lib/gitlab/runtime.rb deleted file mode 100644 index 07a3afb8834..00000000000 --- a/lib/gitlab/runtime.rb +++ /dev/null @@ -1,62 +0,0 @@ -# frozen_string_literal: true - -module Gitlab - # Provides routines to identify the current runtime as which the application - # executes, such as whether it is an application server and which one. - module Runtime - class << self - def name - matches = [] - matches << :puma if puma? - matches << :unicorn if unicorn? - matches << :console if console? - matches << :sidekiq if sidekiq? - - raise "Ambiguous process match: #{matches}" if matches.size > 1 - - matches.first || :unknown - end - - def puma? - !!(defined?(::Puma) && bin == 'puma') - end - - # For unicorn, we need to check for actual server instances to avoid false positives. - def unicorn? - !!(defined?(::Unicorn) && defined?(::Unicorn::HttpServer)) - end - - def sidekiq? - !!(defined?(::Sidekiq) && Sidekiq.server? && bin == 'sidekiq') - end - - def console? - !!defined?(::Rails::Console) - end - - def app_server? - puma? || unicorn? - end - - def multi_threaded? - puma? || sidekiq? - end - - private - - # Some example values from my system: - # puma: /data/cache/bundle-2.5/bin/puma - # unicorn: unicorn_rails master -E development -c /tmp/unicorn.rb -l 0.0.0.0:8080 - # sidekiq: /data/cache/bundle-2.5/bin/sidekiq - # thin: bin/rails - # console: bin/rails - def script_name - $0 - end - - def bin - File.basename(script_name) - end - end - end -end diff --git a/lib/prometheus/pid_provider.rb b/lib/prometheus/pid_provider.rb index 32beeb0d31e..228639357ac 100644 --- a/lib/prometheus/pid_provider.rb +++ b/lib/prometheus/pid_provider.rb @@ -5,11 +5,11 @@ module Prometheus extend self def worker_id - if Gitlab::Runtime.sidekiq? + if Sidekiq.server? sidekiq_worker_id - elsif Gitlab::Runtime.unicorn? + elsif defined?(Unicorn::Worker) unicorn_worker_id - elsif Gitlab::Runtime.puma? + elsif defined?(::Puma) puma_worker_id else unknown_process_id diff --git a/spec/initializers/database_config_spec.rb b/spec/initializers/database_config_spec.rb index 9200a625b38..a5a074f5884 100644 --- a/spec/initializers/database_config_spec.rb +++ b/spec/initializers/database_config_spec.rb @@ -16,7 +16,6 @@ describe 'Database config initializer' do let(:puma_options) { { max_threads: 8 } } before do - allow(Gitlab::Runtime).to receive(:puma?).and_return(true) stub_const("Puma", puma) allow(puma).to receive_message_chain(:cli_config, :options).and_return(puma_options) end diff --git a/spec/lib/gitlab/auth/auth_finders_spec.rb b/spec/lib/gitlab/auth/auth_finders_spec.rb index 3d10f411310..82ff8e7f76c 100644 --- a/spec/lib/gitlab/auth/auth_finders_spec.rb +++ b/spec/lib/gitlab/auth/auth_finders_spec.rb @@ -335,6 +335,72 @@ describe Gitlab::Auth::AuthFinders do end end + describe '#find_user_from_basic_auth_job' do + def basic_http_auth(username, password) + ActionController::HttpAuthentication::Basic.encode_credentials(username, password) + end + + def set_auth(username, password) + env['HTTP_AUTHORIZATION'] = basic_http_auth(username, password) + end + + subject { find_user_from_basic_auth_job } + + context 'when the request does not have AUTHORIZATION header' do + it { is_expected.to be_nil } + end + + context 'with wrong credentials' do + it 'returns nil without user and password' do + set_auth(nil, nil) + + is_expected.to be_nil + end + + it 'returns nil without password' do + set_auth('some-user', nil) + + is_expected.to be_nil + end + + it 'returns nil without user' do + set_auth(nil, 'password') + + is_expected.to be_nil + end + + it 'returns nil without CI username' do + set_auth('user', 'password') + + is_expected.to be_nil + end + end + + context 'with CI username' do + let(:username) { ::Ci::Build::CI_REGISTRY_USER } + let(:user) { create(:user) } + let(:build) { create(:ci_build, user: user) } + + it 'returns nil without password' do + set_auth(username, nil) + + is_expected.to be_nil + end + + it 'returns user with valid token' do + set_auth(username, build.token) + + is_expected.to eq user + end + + it 'raises error with invalid token' do + set_auth(username, 'token') + + expect { subject }.to raise_error(Gitlab::Auth::UnauthorizedError) + end + end + end + describe '#validate_access_token!' do let(:personal_access_token) { create(:personal_access_token, user: user) } diff --git a/spec/lib/gitlab/database/obsolete_ignored_columns_spec.rb b/spec/lib/gitlab/database/obsolete_ignored_columns_spec.rb index b3826666b18..0f68201a153 100644 --- a/spec/lib/gitlab/database/obsolete_ignored_columns_spec.rb +++ b/spec/lib/gitlab/database/obsolete_ignored_columns_spec.rb @@ -4,6 +4,9 @@ require 'spec_helper' describe Gitlab::Database::ObsoleteIgnoredColumns do module Testing + # Used a fixed date to prevent tests failing across date boundaries + REMOVE_DATE = Date.new(2019, 12, 16) + class MyBase < ApplicationRecord end @@ -23,12 +26,12 @@ describe Gitlab::Database::ObsoleteIgnoredColumns do self.table_name = 'issues' ignore_column :id, :other, remove_after: '2019-01-01', remove_with: '12.0' - ignore_column :not_used_but_still_ignored, remove_after: Date.today.to_s, remove_with: '12.1' + ignore_column :not_used_but_still_ignored, remove_after: REMOVE_DATE.to_s, remove_with: '12.1' end class A < SomeAbstract ignore_column :also_unused, remove_after: '2019-02-01', remove_with: '12.1' - ignore_column :not_used_but_still_ignored, remove_after: Date.today.to_s, remove_with: '12.1' + ignore_column :not_used_but_still_ignored, remove_after: REMOVE_DATE.to_s, remove_with: '12.1' end class C < MyBase @@ -40,15 +43,17 @@ describe Gitlab::Database::ObsoleteIgnoredColumns do describe '#execute' do it 'returns a list of class names and columns pairs' do - expect(subject.execute).to eq([ - ['Testing::A', { - 'unused' => IgnorableColumns::ColumnIgnore.new(Date.parse('2019-01-01'), '12.0'), - 'also_unused' => IgnorableColumns::ColumnIgnore.new(Date.parse('2019-02-01'), '12.1') - }], - ['Testing::B', { - 'other' => IgnorableColumns::ColumnIgnore.new(Date.parse('2019-01-01'), '12.0') - }] - ]) + Timecop.freeze(Testing::REMOVE_DATE) do + expect(subject.execute).to eq([ + ['Testing::A', { + 'unused' => IgnorableColumns::ColumnIgnore.new(Date.parse('2019-01-01'), '12.0'), + 'also_unused' => IgnorableColumns::ColumnIgnore.new(Date.parse('2019-02-01'), '12.1') + }], + ['Testing::B', { + 'other' => IgnorableColumns::ColumnIgnore.new(Date.parse('2019-01-01'), '12.0') + }] + ]) + end end end end diff --git a/spec/lib/gitlab/gitaly_client_spec.rb b/spec/lib/gitlab/gitaly_client_spec.rb index 0d9719a5663..4b69b4734f1 100644 --- a/spec/lib/gitlab/gitaly_client_spec.rb +++ b/spec/lib/gitlab/gitaly_client_spec.rb @@ -26,7 +26,7 @@ describe Gitlab::GitalyClient do context 'running in Unicorn' do before do - allow(Gitlab::Runtime).to receive(:unicorn?).and_return(true) + stub_const('Unicorn', 1) end it { expect(subject.long_timeout).to eq(55) } @@ -34,7 +34,7 @@ describe Gitlab::GitalyClient do context 'running in Puma' do before do - allow(Gitlab::Runtime).to receive(:puma?).and_return(true) + stub_const('Puma', 1) end it { expect(subject.long_timeout).to eq(55) } diff --git a/spec/lib/gitlab/gpg_spec.rb b/spec/lib/gitlab/gpg_spec.rb index 27a3010eeed..8600ef223c6 100644 --- a/spec/lib/gitlab/gpg_spec.rb +++ b/spec/lib/gitlab/gpg_spec.rb @@ -236,7 +236,7 @@ describe Gitlab::Gpg do context 'when running in Sidekiq' do before do - allow(Gitlab::Runtime).to receive(:sidekiq?).and_return(true) + allow(Sidekiq).to receive(:server?).and_return(true) end it_behaves_like 'multiple deletion attempts of the tmp-dir', described_class::BG_CLEANUP_RUNTIME_S diff --git a/spec/lib/gitlab/health_checks/puma_check_spec.rb b/spec/lib/gitlab/health_checks/puma_check_spec.rb index 93ef81978a8..dd052a4dd2c 100644 --- a/spec/lib/gitlab/health_checks/puma_check_spec.rb +++ b/spec/lib/gitlab/health_checks/puma_check_spec.rb @@ -22,7 +22,6 @@ describe Gitlab::HealthChecks::PumaCheck do context 'when Puma is not loaded' do before do - allow(Gitlab::Runtime).to receive(:puma?).and_return(false) hide_const('Puma') end @@ -34,7 +33,6 @@ describe Gitlab::HealthChecks::PumaCheck do context 'when Puma is loaded' do before do - allow(Gitlab::Runtime).to receive(:puma?).and_return(true) stub_const('Puma', Module.new) end diff --git a/spec/lib/gitlab/health_checks/unicorn_check_spec.rb b/spec/lib/gitlab/health_checks/unicorn_check_spec.rb index 7c57b6f1ca5..931b61cb168 100644 --- a/spec/lib/gitlab/health_checks/unicorn_check_spec.rb +++ b/spec/lib/gitlab/health_checks/unicorn_check_spec.rb @@ -26,7 +26,6 @@ describe Gitlab::HealthChecks::UnicornCheck do context 'when Unicorn is not loaded' do before do - allow(Gitlab::Runtime).to receive(:unicorn?).and_return(false) hide_const('Unicorn') end @@ -40,7 +39,6 @@ describe Gitlab::HealthChecks::UnicornCheck do let(:http_server_class) { Struct.new(:worker_processes) } before do - allow(Gitlab::Runtime).to receive(:unicorn?).and_return(true) stub_const('Unicorn::HttpServer', http_server_class) end diff --git a/spec/lib/gitlab/highlight_spec.rb b/spec/lib/gitlab/highlight_spec.rb index 2140cbae488..5a45d724b83 100644 --- a/spec/lib/gitlab/highlight_spec.rb +++ b/spec/lib/gitlab/highlight_spec.rb @@ -111,7 +111,7 @@ describe Gitlab::Highlight do end it 'utilizes longer timeout for sidekiq' do - allow(Gitlab::Runtime).to receive(:sidekiq?).and_return(true) + allow(Sidekiq).to receive(:server?).and_return(true) expect(Timeout).to receive(:timeout).with(described_class::TIMEOUT_BACKGROUND).and_call_original subject.highlight("Content") diff --git a/spec/lib/gitlab/metrics/samplers/influx_sampler_spec.rb b/spec/lib/gitlab/metrics/samplers/influx_sampler_spec.rb index 939c057c342..2d4b27a6ac1 100644 --- a/spec/lib/gitlab/metrics/samplers/influx_sampler_spec.rb +++ b/spec/lib/gitlab/metrics/samplers/influx_sampler_spec.rb @@ -63,7 +63,7 @@ describe Gitlab::Metrics::Samplers::InfluxSampler do describe '#add_metric' do it 'prefixes the series name for a Rails process' do - expect(Gitlab::Runtime).to receive(:sidekiq?).and_return(false) + expect(sampler).to receive(:sidekiq?).and_return(false) expect(Gitlab::Metrics::Metric).to receive(:new) .with('rails_cats', { value: 10 }, {}) @@ -73,7 +73,7 @@ describe Gitlab::Metrics::Samplers::InfluxSampler do end it 'prefixes the series name for a Sidekiq process' do - expect(Gitlab::Runtime).to receive(:sidekiq?).and_return(true) + expect(sampler).to receive(:sidekiq?).and_return(true) expect(Gitlab::Metrics::Metric).to receive(:new) .with('sidekiq_cats', { value: 10 }, {}) diff --git a/spec/lib/gitlab/runtime_spec.rb b/spec/lib/gitlab/runtime_spec.rb deleted file mode 100644 index 914c0fe2be7..00000000000 --- a/spec/lib/gitlab/runtime_spec.rb +++ /dev/null @@ -1,112 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' - -describe Gitlab::Runtime do - REAL_PATH = $0 - - after(:all) do - $0 = REAL_PATH - end - - context "when unknown" do - it "identifies as :unknown" do - expect(subject.name).to eq(:unknown) - end - end - - context "on multiple matches" do - before do - $0 = '/data/cache/bundle-2.5/bin/puma' - stub_const('::Puma', double) - stub_const('::Rails::Console', double) - end - - it "raises an exception when trying to identify" do - expect { subject.name }.to raise_error(RuntimeError, "Ambiguous process match: [:puma, :console]") - end - end - - context "puma" do - let(:puma_type) { double('::Puma') } - - before do - $0 = '/data/cache/bundle-2.5/bin/puma' - stub_const('::Puma', puma_type) - end - - it "identifies itself" do - expect(subject.name).to eq(:puma) - expect(subject.puma?).to be(true) - end - - it "does not identify as others" do - expect(subject.unicorn?).to be(false) - expect(subject.sidekiq?).to be(false) - expect(subject.console?).to be(false) - end - end - - context "unicorn" do - let(:unicorn_type) { Module.new } - let(:unicorn_server_type) { Class.new } - - before do - $0 = 'unicorn_rails master -E development -c /tmp/unicorn.rb -l 0.0.0.0:8080' - stub_const('::Unicorn', unicorn_type) - stub_const('::Unicorn::HttpServer', unicorn_server_type) - end - - it "identifies itself" do - expect(subject.name).to eq(:unicorn) - expect(subject.unicorn?).to be(true) - end - - it "does not identify as others" do - expect(subject.puma?).to be(false) - expect(subject.sidekiq?).to be(false) - expect(subject.console?).to be(false) - end - end - - context "sidekiq" do - let(:sidekiq_type) { double('::Sidekiq') } - - before do - $0 = '/data/cache/bundle-2.5/bin/sidekiq' - stub_const('::Sidekiq', sidekiq_type) - allow(sidekiq_type).to receive(:server?).and_return(true) - end - - it "identifies itself" do - expect(subject.name).to eq(:sidekiq) - expect(subject.sidekiq?).to be(true) - end - - it "does not identify as others" do - expect(subject.unicorn?).to be(false) - expect(subject.puma?).to be(false) - expect(subject.console?).to be(false) - end - end - - context "console" do - let(:console_type) { double('::Rails::Console') } - - before do - $0 = 'bin/rails' - stub_const('::Rails::Console', console_type) - end - - it "identifies itself" do - expect(subject.name).to eq(:console) - expect(subject.console?).to be(true) - end - - it "does not identify as others" do - expect(subject.unicorn?).to be(false) - expect(subject.sidekiq?).to be(false) - expect(subject.puma?).to be(false) - end - end -end diff --git a/spec/lib/prometheus/pid_provider_spec.rb b/spec/lib/prometheus/pid_provider_spec.rb index 5a17f25f144..6fdc11b14c4 100644 --- a/spec/lib/prometheus/pid_provider_spec.rb +++ b/spec/lib/prometheus/pid_provider_spec.rb @@ -6,13 +6,16 @@ describe Prometheus::PidProvider do describe '.worker_id' do subject { described_class.worker_id } + let(:sidekiq_module) { Module.new } + before do - allow(Gitlab::Runtime).to receive(:sidekiq?).and_return(false) + allow(sidekiq_module).to receive(:server?).and_return(false) + stub_const('Sidekiq', sidekiq_module) end context 'when running in Sidekiq server mode' do before do - allow(Gitlab::Runtime).to receive(:sidekiq?).and_return(true) + expect(Sidekiq).to receive(:server?).and_return(true) end context 'in a clustered setup' do @@ -30,7 +33,8 @@ describe Prometheus::PidProvider do context 'when running in Unicorn mode' do before do - allow(Gitlab::Runtime).to receive(:unicorn?).and_return(true) + stub_const('Unicorn::Worker', Class.new) + hide_const('Puma') expect(described_class).to receive(:process_name) .at_least(:once) @@ -90,7 +94,8 @@ describe Prometheus::PidProvider do context 'when running in Puma mode' do before do - allow(Gitlab::Runtime).to receive(:puma?).and_return(true) + stub_const('Puma', Module.new) + hide_const('Unicorn::Worker') expect(described_class).to receive(:process_name) .at_least(:once) @@ -111,6 +116,11 @@ describe Prometheus::PidProvider do end context 'when running in unknown mode' do + before do + hide_const('Puma') + hide_const('Unicorn::Worker') + end + it { is_expected.to eq "process_#{Process.pid}" } end end diff --git a/spec/services/git/branch_push_service_spec.rb b/spec/services/git/branch_push_service_spec.rb index e7f005cff0b..19d7b84a3ce 100644 --- a/spec/services/git/branch_push_service_spec.rb +++ b/spec/services/git/branch_push_service_spec.rb @@ -108,7 +108,7 @@ describe Git::BranchPushService, services: true do end it 'reports an error' do - allow(Gitlab::Runtime).to receive(:sidekiq?).and_return(true) + allow(Sidekiq).to receive(:server?).and_return(true) expect(Sidekiq.logger).to receive(:warn) expect { subject }.not_to change { Ci::Pipeline.count } diff --git a/spec/support/helpers/kubernetes_helpers.rb b/spec/support/helpers/kubernetes_helpers.rb index cac43e94a92..a3b527e0ffe 100644 --- a/spec/support/helpers/kubernetes_helpers.rb +++ b/spec/support/helpers/kubernetes_helpers.rb @@ -84,7 +84,7 @@ module KubernetesHelpers end logs_url = service.api_url + "/api/v1/namespaces/#{namespace}/pods/#{pod_name}" \ - "/log?#{container_query_param}tailLines=#{Clusters::Platforms::Kubernetes::LOGS_LIMIT}" + "/log?#{container_query_param}tailLines=#{Clusters::Platforms::Kubernetes::LOGS_LIMIT}×tamps=true" if status response = { status: status } @@ -331,7 +331,7 @@ module KubernetesHelpers end def kube_logs_body - "Log 1\nLog 2\nLog 3" + "2019-12-13T14:04:22.123456Z Log 1\n2019-12-13T14:04:23.123456Z Log 2\n2019-12-13T14:04:24.123456Z Log 3" end def kube_deployments_body diff --git a/spec/support/redis/redis_shared_examples.rb b/spec/support/redis/redis_shared_examples.rb index e079c32d6ae..97a23f02b3e 100644 --- a/spec/support/redis/redis_shared_examples.rb +++ b/spec/support/redis/redis_shared_examples.rb @@ -118,7 +118,7 @@ RSpec.shared_examples "redis_shared_examples" do context 'when running not on sidekiq workers' do before do - allow(Gitlab::Runtime).to receive(:sidekiq?).and_return(false) + allow(Sidekiq).to receive(:server?).and_return(false) end it 'instantiates a connection pool with size 5' do @@ -130,7 +130,7 @@ RSpec.shared_examples "redis_shared_examples" do context 'when running on sidekiq workers' do before do - allow(Gitlab::Runtime).to receive(:sidekiq?).and_return(true) + allow(Sidekiq).to receive(:server?).and_return(true) allow(Sidekiq).to receive(:options).and_return({ concurrency: 18 }) end