From c3bcd285f88d6444a043c0c4f653e3749ec60d75 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Tue, 14 Jan 2020 03:07:42 +0000
Subject: [PATCH] Add latest changes from gitlab-org/gitlab@master

---
 app/controllers/concerns/spammable_actions.rb       |  2 +-
 app/graphql/mutations/snippets/mark_as_spam.rb      |  2 +-
 app/models/user.rb                                  |  4 ++++
 app/services/concerns/spam_check_methods.rb         |  2 +-
 app/services/spam_service.rb                        |  2 +-
 .../Managed-Cluster-Applications.gitlab-ci.yml      |  1 +
 spec/models/user_spec.rb                            | 13 +++++++++++++
 spec/services/spam_service_spec.rb                  |  2 +-
 8 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/app/controllers/concerns/spammable_actions.rb b/app/controllers/concerns/spammable_actions.rb
index a8ffa33f1c7..36fdbfd6eff 100644
--- a/app/controllers/concerns/spammable_actions.rb
+++ b/app/controllers/concerns/spammable_actions.rb
@@ -11,7 +11,7 @@ module SpammableActions
   end
 
   def mark_as_spam
-    if SpamService.new(spammable).mark_as_spam!
+    if SpamService.new(spammable: spammable).mark_as_spam!
       redirect_to spammable_path, notice: _("%{spammable_titlecase} was submitted to Akismet successfully.") % { spammable_titlecase: spammable.spammable_entity_type.titlecase }
     else
       redirect_to spammable_path, alert: _('Error with Akismet. Please check the logs for more info.')
diff --git a/app/graphql/mutations/snippets/mark_as_spam.rb b/app/graphql/mutations/snippets/mark_as_spam.rb
index 260a9753f76..96cb208651f 100644
--- a/app/graphql/mutations/snippets/mark_as_spam.rb
+++ b/app/graphql/mutations/snippets/mark_as_spam.rb
@@ -24,7 +24,7 @@ module Mutations
       private
 
       def mark_as_spam(snippet)
-        SpamService.new(snippet).mark_as_spam!
+        SpamService.new(spammable: snippet).mark_as_spam!
       end
 
       def authorized_resource?(snippet)
diff --git a/app/models/user.rb b/app/models/user.rb
index 47c5b3e208a..b9efbcdf502 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -286,6 +286,10 @@ class User < ApplicationRecord
       end
     end
 
+    before_transition do
+      !Gitlab::Database.read_only?
+    end
+
     # rubocop: disable CodeReuse/ServiceClass
     # Ideally we should not call a service object here but user.block
     # is also bcalled by Users::MigrateToGhostUserService which references
diff --git a/app/services/concerns/spam_check_methods.rb b/app/services/concerns/spam_check_methods.rb
index a0945857f89..75d9759f1d1 100644
--- a/app/services/concerns/spam_check_methods.rb
+++ b/app/services/concerns/spam_check_methods.rb
@@ -24,7 +24,7 @@ module SpamCheckMethods
   # rubocop:disable Gitlab/ModuleWithInstanceVariables
   # rubocop: disable CodeReuse/ActiveRecord
   def spam_check(spammable, user)
-    spam_service = SpamService.new(spammable, @request)
+    spam_service = SpamService.new(spammable: spammable, request: @request)
 
     spam_service.when_recaptcha_verified(@recaptcha_verified, @api) do
       user.spam_logs.find_by(id: @spam_log_id)&.update!(recaptcha_verified: true)
diff --git a/app/services/spam_service.rb b/app/services/spam_service.rb
index 62ba8d8872e..a546c834603 100644
--- a/app/services/spam_service.rb
+++ b/app/services/spam_service.rb
@@ -4,7 +4,7 @@ class SpamService
   attr_accessor :spammable, :request, :options
   attr_reader :spam_log
 
-  def initialize(spammable, request = nil)
+  def initialize(spammable:, request: nil)
     @spammable = spammable
     @request = request
     @options = {}
diff --git a/lib/gitlab/ci/templates/Managed-Cluster-Applications.gitlab-ci.yml b/lib/gitlab/ci/templates/Managed-Cluster-Applications.gitlab-ci.yml
index 08085553c7b..16a950ddda1 100644
--- a/lib/gitlab/ci/templates/Managed-Cluster-Applications.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Managed-Cluster-Applications.gitlab-ci.yml
@@ -7,6 +7,7 @@ apply:
     TILLER_NAMESPACE: gitlab-managed-apps
     GITLAB_MANAGED_APPS_FILE: $CI_PROJECT_DIR/.gitlab/managed-apps/config.yaml
     INGRESS_VALUES_FILE: $CI_PROJECT_DIR/.gitlab/managed-apps/ingress/values.yaml
+    CERT_MANAGER_VALUES_FILE: $CI_PROJECT_DIR/.gitlab/managed-apps/cert-manager/values.yaml
     SENTRY_VALUES_FILE: $CI_PROJECT_DIR/.gitlab/managed-apps/sentry/values.yaml
   script:
     - gitlab-managed-apps /usr/local/share/gitlab-managed-apps/helmfile.yaml
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index b0f708bc0e7..8ca167934f4 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -1991,6 +1991,19 @@ describe User, :do_not_mock_admin_mode do
         expect(user.blocked?).to be_truthy
         expect(user.ldap_blocked?).to be_truthy
       end
+
+      context 'on a read-only instance' do
+        before do
+          allow(Gitlab::Database).to receive(:read_only?).and_return(true)
+        end
+
+        it 'does not block user' do
+          user.ldap_block
+
+          expect(user.blocked?).to be_falsey
+          expect(user.ldap_blocked?).to be_falsey
+        end
+      end
     end
   end
 
diff --git a/spec/services/spam_service_spec.rb b/spec/services/spam_service_spec.rb
index 094684296b8..c8ebe87e4d2 100644
--- a/spec/services/spam_service_spec.rb
+++ b/spec/services/spam_service_spec.rb
@@ -5,7 +5,7 @@ require 'spec_helper'
 describe SpamService do
   describe '#when_recaptcha_verified' do
     def check_spam(issue, request, recaptcha_verified)
-      described_class.new(issue, request).when_recaptcha_verified(recaptcha_verified) do
+      described_class.new(spammable: issue, request: request).when_recaptcha_verified(recaptcha_verified) do
         'yielded'
       end
     end