kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2021-03-22 12:09:02 +00:00
parent b014ff26b4
commit cea25900b7
11 changed files with 165 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
GITALY_SERVER_VERSION
View File

@ -1 +1 @@
6314c40a2e0ae9d43eb4c01026d0aef57c10d91c
cc879cfb5db4ed342c4f0ea744dbbfdc9649b35f

4
app/models/concerns/safe_url.rb
View File

@ -3,12 +3,12 @@
module SafeUrl
extend ActiveSupport::Concern
def safe_url(usernames_whitelist: [])
def safe_url(allowed_usernames: [])
return if url.nil?
uri = URI.parse(url)
uri.password = '*****' if uri.password
uri.user = '*****' if uri.user && !usernames_whitelist.include?(uri.user)
uri.user = '*****' if uri.user && allowed_usernames.exclude?(uri.user)
uri.to_s
rescue URI::Error
end

2
app/models/remote_mirror.rb
View File

@ -207,7 +207,7 @@ class RemoteMirror < ApplicationRecord
end
def safe_url
super(usernames_whitelist: %w[git])
super(allowed_usernames: %w[git])
end
def bare_url

4
app/views/users/terms/index.html.haml
View File

@ -6,11 +6,11 @@
.card-footer.footer-block.clearfix
- if can?(current_user, :accept_terms, @term)
.float-right
= button_to accept_term_path(@term, redirect_params), class: 'gl-button btn btn-success gl-ml-3', data: { qa_selector: 'accept_terms_button' } do
= button_to accept_term_path(@term, redirect_params), class: 'gl-button btn btn-confirm gl-ml-3', data: { qa_selector: 'accept_terms_button' } do
= _('Accept terms')
- else
.float-right
= link_to root_path, class: 'gl-button btn btn-success gl-ml-3' do
= link_to root_path, class: 'gl-button btn btn-confirm gl-ml-3' do
= _('Continue')
- if can?(current_user, :decline_terms, @term)
.float-right

5
changelogs/unreleased/btn-confirm-users.yml Normal file
View File

@ -0,0 +1,5 @@
---
title: Move from btn-success to btn-confirm in users directory
merge_request: 56945
author: Yogi (@yo)
type: changed

5
changelogs/unreleased/qmnguyen0711-expand-a-histogram-bucket.yml Normal file
View File

@ -0,0 +1,5 @@
---
title: Adjust gitlab_database_transaction_seconds histogram bucket
merge_request: 56952
author:
type: changed

5
doc/administration/pages/index.md
View File

@ -600,8 +600,9 @@ the below steps to do a no downtime transfer to a new storage location.
## Configure listener for reverse proxy requests
Follow the steps below to configure the proxy listener of GitLab Pages. [Introduced](https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/2533) in
Omnibus GitLab 11.1.
> [Introduced](https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/2533) in Omnibus GitLab 11.1.
Follow the steps below to configure the proxy listener of GitLab Pages.
1. By default the listener is configured to listen for requests on `localhost:8090`.

7
doc/development/licensing.md
View File

@ -18,9 +18,6 @@ Some gems may not include their license information in their `gemspec` file, and
### License Finder commands
NOTE:
License Finder currently uses GitLab misused terms of `whitelist` and `blacklist`. As a result, the commands below reference those terms. We've created an [issue on their project](https://github.com/pivotal/LicenseFinder/issues/745) to propose that they rename their commands.
There are a few basic commands License Finder provides that you need in order to manage license detection.
To verify that the checks are passing, and/or to see what dependencies are causing the checks to fail:
@ -32,13 +29,13 @@ bundle exec license_finder
To allowlist a new license:
```shell
license_finder whitelist add MIT
license_finder permitted_licenses add MIT
```
To denylist a new license:
```shell
license_finder blacklist add Unlicense
license_finder restricted_licenses add Unlicense
```
To tell License Finder about a dependency's license if it isn't auto-detected:

17
lib/gitlab/metrics/subscribers/active_record.rb
View File

@ -11,13 +11,16 @@ module Gitlab
DB_COUNTERS = %i{db_count db_write_count db_cached_count}.freeze
SQL_COMMANDS_WITH_COMMENTS_REGEX = /\A(\/\*.*\*\/\s)?((?!(.*[^\w'"](DELETE|UPDATE|INSERT INTO)[^\w'"])))(WITH.*)?(SELECT)((?!(FOR UPDATE|FOR SHARE)).)*$/i.freeze
DURATION_BUCKET = [0.05, 0.1, 0.25].freeze
SQL_DURATION_BUCKET = [0.05, 0.1, 0.25].freeze
TRANSACTION_DURATION_BUCKET = [0.1, 0.25, 1].freeze
# This event is published from ActiveRecordBaseTransactionMetrics and
# used to record a database transaction duration when calling
# ActiveRecord::Base.transaction {} block.
def transaction(event)
observe(:gitlab_database_transaction_seconds, event)
observe(:gitlab_database_transaction_seconds, event) do
buckets TRANSACTION_DURATION_BUCKET
end
end
def sql(event)
@ -33,7 +36,9 @@ module Gitlab
increment(:db_cached_count) if cached_query?(payload)
increment(:db_write_count) unless select_sql_command?(payload)
observe(:gitlab_sql_duration_seconds, event)
observe(:gitlab_sql_duration_seconds, event) do
buckets SQL_DURATION_BUCKET
end
end
def self.db_counter_payload
@ -66,10 +71,8 @@ module Gitlab
Gitlab::SafeRequestStore[counter] = Gitlab::SafeRequestStore[counter].to_i + 1
end
def observe(histogram, event)
current_transaction&.observe(histogram, event.duration / 1000.0) do
buckets DURATION_BUCKET
end
def observe(histogram, event, &block)
current_transaction&.observe(histogram, event.duration / 1000.0, &block)
end
def current_transaction

174
spec/lib/gitlab/metrics/subscribers/active_record_spec.rb
View File

@ -8,65 +8,145 @@ RSpec.describe Gitlab::Metrics::Subscribers::ActiveRecord do
let(:env) { {} }
let(:subscriber) { described_class.new }
let(:connection) { double(:connection) }
let(:payload) { { sql: 'SELECT * FROM users WHERE id = 10', connection: connection } }
let(:event) do
double(
:event,
name: 'sql.active_record',
duration: 2,
payload: payload
)
end
describe '#transaction' do
let(:web_transaction) { double('Gitlab::Metrics::WebTransaction') }
let(:background_transaction) { double('Gitlab::Metrics::WebTransaction') }
# Emulate Marginalia pre-pending comments
def sql(query, comments: true)
if comments && !%w[BEGIN COMMIT].include?(query)
"/*application:web,controller:badges,action:pipeline,correlation_id:01EYN39K9VMJC56Z7808N7RSRH*/ #{query}"
else
query
end
end
shared_examples 'track generic sql events' do
where(:name, :sql_query, :record_query, :record_write_query, :record_cached_query) do
'SQL' | 'SELECT * FROM users WHERE id = 10' | true | false | false
'SQL' | 'WITH active_milestones AS (SELECT COUNT(*), state FROM milestones GROUP BY state) SELECT * FROM active_milestones' | true | false | false
'SQL' | 'SELECT * FROM users WHERE id = 10 FOR UPDATE' | true | true | false
'SQL' | 'WITH archived_rows AS (SELECT * FROM users WHERE archived = true) INSERT INTO products_log SELECT * FROM archived_rows' | true | true | false
'SQL' | 'DELETE FROM users where id = 10' | true | true | false
'SQL' | 'INSERT INTO project_ci_cd_settings (project_id) SELECT id FROM projects' | true | true | false
'SQL' | 'UPDATE users SET admin = true WHERE id = 10' | true | true | false
'CACHE' | 'SELECT * FROM users WHERE id = 10' | true | false | true
'SCHEMA' | "SELECT attr.attname FROM pg_attribute attr INNER JOIN pg_constraint cons ON attr.attrelid = cons.conrelid AND attr.attnum = any(cons.conkey) WHERE cons.contype = 'p' AND cons.conrelid = '\"projects\"'::regclass" | false | false | false
nil | 'BEGIN' | false | false | false
nil | 'COMMIT' | false | false | false
let(:event) do
double(
:event,
name: 'transaction.active_record',
duration: 230,
payload: { connection: connection }
)
end
with_them do
let(:payload) { { name: name, sql: sql(sql_query, comments: comments), connection: connection } }
before do
allow(background_transaction).to receive(:observe)
allow(web_transaction).to receive(:observe)
end
it 'marks the current thread as using the database' do
# since it would already have been toggled by other specs
Thread.current[:uses_db_connection] = nil
expect { subscriber.sql(event) }.to change { Thread.current[:uses_db_connection] }.from(nil).to(true)
context 'when both web and background transaction are available' do
before do
allow(::Gitlab::Metrics::WebTransaction).to receive(:current)
.and_return(web_transaction)
allow(::Gitlab::Metrics::BackgroundTransaction).to receive(:current)
.and_return(background_transaction)
end
it_behaves_like 'record ActiveRecord metrics'
it_behaves_like 'store ActiveRecord info in RequestStore'
it 'captures the metrics for web only' do
expect(web_transaction).to receive(:observe).with(:gitlab_database_transaction_seconds, 0.23)
expect(background_transaction).not_to receive(:observe)
expect(background_transaction).not_to receive(:increment)
subscriber.transaction(event)
end
end
context 'when web transaction is available' do
let(:web_transaction) { double('Gitlab::Metrics::WebTransaction') }
before do
allow(::Gitlab::Metrics::WebTransaction).to receive(:current)
.and_return(web_transaction)
allow(::Gitlab::Metrics::BackgroundTransaction).to receive(:current)
.and_return(nil)
end
it 'captures the metrics for web only' do
expect(web_transaction).to receive(:observe).with(:gitlab_database_transaction_seconds, 0.23)
expect(background_transaction).not_to receive(:observe)
expect(background_transaction).not_to receive(:increment)
subscriber.transaction(event)
end
end
context 'when background transaction is available' do
let(:background_transaction) { double('Gitlab::Metrics::BackgroundTransaction') }
before do
allow(::Gitlab::Metrics::WebTransaction).to receive(:current)
.and_return(nil)
allow(::Gitlab::Metrics::BackgroundTransaction).to receive(:current)
.and_return(background_transaction)
end
it 'captures the metrics for web only' do
expect(background_transaction).to receive(:observe).with(:gitlab_database_transaction_seconds, 0.23)
expect(web_transaction).not_to receive(:observe)
expect(web_transaction).not_to receive(:increment)
subscriber.transaction(event)
end
end
end
context 'without Marginalia comments' do
let(:comments) { false }
describe '#sql' do
let(:payload) { { sql: 'SELECT * FROM users WHERE id = 10', connection: connection } }
it_behaves_like 'track generic sql events'
end
let(:event) do
double(
:event,
name: 'sql.active_record',
duration: 2,
payload: payload
)
end
context 'with Marginalia comments' do
let(:comments) { true }
# Emulate Marginalia pre-pending comments
def sql(query, comments: true)
if comments && !%w[BEGIN COMMIT].include?(query)
"/*application:web,controller:badges,action:pipeline,correlation_id:01EYN39K9VMJC56Z7808N7RSRH*/ #{query}"
else
query
end
end
it_behaves_like 'track generic sql events'
shared_examples 'track generic sql events' do
where(:name, :sql_query, :record_query, :record_write_query, :record_cached_query) do
'SQL' | 'SELECT * FROM users WHERE id = 10' | true | false | false
'SQL' | 'WITH active_milestones AS (SELECT COUNT(*), state FROM milestones GROUP BY state) SELECT * FROM active_milestones' | true | false | false
'SQL' | 'SELECT * FROM users WHERE id = 10 FOR UPDATE' | true | true | false
'SQL' | 'WITH archived_rows AS (SELECT * FROM users WHERE archived = true) INSERT INTO products_log SELECT * FROM archived_rows' | true | true | false
'SQL' | 'DELETE FROM users where id = 10' | true | true | false
'SQL' | 'INSERT INTO project_ci_cd_settings (project_id) SELECT id FROM projects' | true | true | false
'SQL' | 'UPDATE users SET admin = true WHERE id = 10' | true | true | false
'CACHE' | 'SELECT * FROM users WHERE id = 10' | true | false | true
'SCHEMA' | "SELECT attr.attname FROM pg_attribute attr INNER JOIN pg_constraint cons ON attr.attrelid = cons.conrelid AND attr.attnum = any(cons.conkey) WHERE cons.contype = 'p' AND cons.conrelid = '\"projects\"'::regclass" | false | false | false
nil | 'BEGIN' | false | false | false
nil | 'COMMIT' | false | false | false
end
with_them do
let(:payload) { { name: name, sql: sql(sql_query, comments: comments), connection: connection } }
it 'marks the current thread as using the database' do
# since it would already have been toggled by other specs
Thread.current[:uses_db_connection] = nil
expect { subscriber.sql(event) }.to change { Thread.current[:uses_db_connection] }.from(nil).to(true)
end
it_behaves_like 'record ActiveRecord metrics'
it_behaves_like 'store ActiveRecord info in RequestStore'
end
end
context 'without Marginalia comments' do
let(:comments) { false }
it_behaves_like 'track generic sql events'
end
context 'with Marginalia comments' do
let(:comments) { true }
it_behaves_like 'track generic sql events'
end
end
end

12
spec/models/concerns/safe_url_spec.rb
View File

@ -26,14 +26,16 @@ RSpec.describe SafeUrl do
context 'when URL contains credentials' do
let(:url) { 'http://foo:bar@example.com' }
it { is_expected.to eq('http://*****:*****@example.com')}
it 'masks username and password' do
is_expected.to eq('http://*****:*****@example.com')
end
context 'when username is whitelisted' do
subject { test_class.safe_url(usernames_whitelist: usernames_whitelist) }
context 'when username is allowed' do
subject { test_class.safe_url(allowed_usernames: usernames) }
let(:usernames_whitelist) { %w[foo] }
let(:usernames) { %w[foo] }
it 'does expect the whitelisted username not to be masked' do
it 'masks the password, but not the username' do
is_expected.to eq('http://foo:*****@example.com')
end
end