Add latest changes from gitlab-org/gitlab@14-9-stable-ee

12 files changed, 135 insertions, 7 deletions

diff --git a/app/controllers/admin/application_settings_controller.rb b/app/controllers/admin/application_settings_controller.rb
index 0dd85376050..a680c1f4517 100644
--- a/app/controllers/admin/application_settings_controller.rb
+++ b/app/controllers/admin/application_settings_controller.rb
@@ -202,7 +202,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
     Gitlab::QueryLimiting.disable!('https://gitlab.com/gitlab-org/gitlab/-/issues/29418')
   end
 
-  def application_setting_params
+  def application_setting_params # rubocop:disable Metrics/AbcSize
     params[:application_setting] ||= {}
 
     if params[:application_setting].key?(:enabled_oauth_sign_in_sources)
@@ -229,6 +229,10 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
     params.delete(:domain_denylist_raw) if params[:domain_denylist]
     params.delete(:domain_allowlist_raw) if params[:domain_allowlist]
 
+    if params[:application_setting].key?(:user_email_lookup_limit)
+      params[:application_setting][:search_rate_limit] ||= params[:application_setting][:user_email_lookup_limit]
+    end
+
     params[:application_setting].permit(visible_application_setting_attributes)
   end
 
diff --git a/data/deprecations/14-9-background-upload.yml b/data/deprecations/14-9-background-upload.yml
new file mode 100644
index 00000000000..337d5f89c77
--- /dev/null
+++ b/data/deprecations/14-9-background-upload.yml
@@ -0,0 +1,20 @@
+- name: "Background upload for object storage"
+  announcement_milestone: "14.9"
+  announcement_date: "2022-03-22"
+  removal_milestone: "15.0"
+  removal_date: "2022-05-22"
+  breaking_change: true
+  reporter: fzimmer
+  body: |  # Do not modify this line, instead modify the lines below.
+    To reduce the overall complexity and maintenance burden of GitLab's [object storage feature](https://docs.gitlab.com/ee/administration/object_storage.html), support for using `background_upload` to upload files is deprecated and will be fully removed in GitLab 15.0.
+
+    This impacts a small subset of object storage providers:
+
+    - **OpenStack** Customers using OpenStack need to change their configuration to use the S3 API instead of Swift.
+    - **RackSpace** Customers using RackSpace-based object storage need to migrate data to a different provider.
+
+    GitLab will publish additional guidance to assist affected customers in migrating.
+  stage: Enablement
+  tiers: [Core, Premium, Ultimate]
+  issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/26600
+  documentation_url: https://docs.gitlab.com/ee/administration/object_storage.html
diff --git a/data/deprecations/14-9-deprecate-debian-9.yml b/data/deprecations/14-9-deprecate-debian-9.yml
new file mode 100644
index 00000000000..8f512393aa4
--- /dev/null
+++ b/data/deprecations/14-9-deprecate-debian-9.yml
@@ -0,0 +1,7 @@
+- name: "Deprecate support for Debian 9"
+  announcement_milestone: "14.9"
+  announcement_date: "2022-03-22"
+  removal_milestone: "15.1"
+  removal_date: "2022-06-22"
+  body: |
+    Long term service and support (LTSS) for [Debian 9 Stretch ends in July 2022](https://wiki.debian.org/LTS). Therefore, we will longer support the Debian 9 distribution for the GitLab package. Users can upgrade to Debian 10 or Debian 11.
diff --git a/data/deprecations/14-9-global-search-deprecate-user-email-lookup-limit.yml b/data/deprecations/14-9-global-search-deprecate-user-email-lookup-limit.yml
new file mode 100644
index 00000000000..2b986a11d47
--- /dev/null
+++ b/data/deprecations/14-9-global-search-deprecate-user-email-lookup-limit.yml
@@ -0,0 +1,11 @@
+- name: "user_email_lookup_limit API field"
+  announcement_milestone: "14.9"
+  announcement_date: "2022-03-22"
+  removal_milestone: "15.0"
+  removal_date: "2022-05-22"
+  breaking_change: true
+  reporter: fzimmer
+  body: |  # Do not modify this line, instead modify the lines below.
+    The `user_email_lookup_limit` [API field](https://docs.gitlab.com/ee/api/settings.html) is deprecated and will be removed in GitLab 15.0. Until GitLab 15.0, `user_email_lookup_limit` is aliased to `search_rate_limit` and existing workflows will continue to work.
+
+    Any API calls attempting to change the rate limits for `user_email_lookup_limit` should use `search_rate_limit` instead.
diff --git a/doc/administration/geo/replication/version_specific_updates.md b/doc/administration/geo/replication/version_specific_updates.md
index 95833a290dd..d3bc54775f4 100644
--- a/doc/administration/geo/replication/version_specific_updates.md
+++ b/doc/administration/geo/replication/version_specific_updates.md
@@ -10,6 +10,14 @@ Review this page for update instructions for your version. These steps
 accompany the [general steps](updating_the_geo_sites.md#general-update-steps)
 for updating Geo sites.
 
+## Updating to 14.9
+
+**DO NOT** update to GitLab 14.9.0. 
+
+We've discovered an issue with Geo's CI verification feature that may [cause job traces to be lost](https://gitlab.com/gitlab-com/gl-infra/production/-/issues/6664). This issue will be fixed in the next patch release.
+
+If you have already updated to GitLab 14.9.0, you can disable the feature causing the issue by [disabling the `geo_job_artifact_replication` feature flag](../../feature_flags.md#how-to-enable-and-disable-features-behind-flags).
+
 ## Updating to 14.2 through 14.7
 
 There is [an issue in GitLab 14.2 through 14.7](https://gitlab.com/gitlab-org/gitlab/-/issues/299819#note_822629467)
diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md
index f6a6504df70..f86ad985b5e 100644
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -11024,7 +11024,7 @@ four standard [pagination arguments](#connection-pagination-arguments):
 
 ##### `GeoNode.jobArtifactRegistries`
 
-Find Job Artifact registries on this Geo node.
+Find Job Artifact registries on this Geo node Available only when feature flag `geo_job_artifact_replication` is enabled. This flag is disabled by default, because the feature is experimental and is subject to change without notice.
 
 Returns [`JobArtifactRegistryConnection`](#jobartifactregistryconnection).
 
diff --git a/doc/api/settings.md b/doc/api/settings.md
index b9c52ff01fd..16e281af916 100644
--- a/doc/api/settings.md
+++ b/doc/api/settings.md
@@ -390,7 +390,7 @@ listed in the descriptions of the relevant settings.
 | `push_event_hooks_limit`                 | integer          | no                                   | Number of changes (branches or tags) in a single push to determine whether webhooks and services fire or not. Webhooks and services aren't submitted if it surpasses that value. |
 | `rate_limiting_response_text`            | string           | no                                   | When rate limiting is enabled via the `throttle_*` settings, send this plain text response when a rate limit is exceeded. 'Retry later' is sent if this is blank. |
 | `raw_blob_request_limit`                 | integer          | no                                   | Max number of requests per minute for each raw path. Default: 300. To disable throttling set to 0.|
-| `user_email_lookup_limit`                | integer          | no                                   | **{warning}** **[Removed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/80631/)** in GitLab 14.9. Replaced by `search_rate_limit`. Max number of requests per minute for email lookup. Default: 60. To disable throttling set to 0.|
+| `user_email_lookup_limit`                | integer          | no                                   | **{warning}** **[Deprecated](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/80631/)** in GitLab 14.9 will be removed in 15.0. Replaced by `search_rate_limit`. Max number of requests per minute for email lookup. Default: 60. To disable throttling set to 0.|
 | `search_rate_limit`                      | integer          | no                                   | Max number of requests per minute for performing a search while authenticated. Default: 30. To disable throttling set to 0.|
 | `search_rate_limit_unauthenticated`      | integer          | no                                   | Max number of requests per minute for performing a search while unauthenticated. Default: 10. To disable throttling set to 0.|
 | `recaptcha_enabled`                      | boolean          | no                                   | (**If enabled, requires:** `recaptcha_private_key` and `recaptcha_site_key`) Enable reCAPTCHA. |
diff --git a/doc/update/deprecations.md b/doc/update/deprecations.md
index e89c45c522c..9453482cc67 100644
--- a/doc/update/deprecations.md
+++ b/doc/update/deprecations.md
@@ -38,6 +38,31 @@ For deprecation reviewers (Technical Writers only):
 
 ## 14.9
 
+### Background upload for object storage
+
+WARNING:
+This feature will be changed or removed in 15.0
+as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
+Before updating GitLab, review the details carefully to determine if you need to make any
+changes to your code, settings, or workflow.
+
+To reduce the overall complexity and maintenance burden of GitLab's [object storage feature](https://docs.gitlab.com/ee/administration/object_storage.html), support for using `background_upload` to upload files is deprecated and will be fully removed in GitLab 15.0.
+
+This impacts a small subset of object storage providers:
+
+- **OpenStack** Customers using OpenStack need to change their configuration to use the S3 API instead of Swift.
+- **RackSpace** Customers using RackSpace-based object storage need to migrate data to a different provider.
+
+GitLab will publish additional guidance to assist affected customers in migrating.
+
+**Planned removal milestone: 15.0 (2022-05-22)**
+
+### Deprecate support for Debian 9
+
+Long term service and support (LTSS) for [Debian 9 Stretch ends in July 2022](https://wiki.debian.org/LTS). Therefore, we will longer support the Debian 9 distribution for the GitLab package. Users can upgrade to Debian 10 or Debian 11.
+
+**Planned removal milestone: 15.1 (2022-06-22)**
+
 ### GitLab Pages running as daemon
 
 In 15.0, support for daemon mode for GitLab Pages will be removed.
@@ -109,6 +134,20 @@ Since it isn't used in the context of GitLab (the product), `htpasswd` authentic
 
 **Planned removal milestone: 15.0 (2022-05-22)**
 
+### user_email_lookup_limit API field
+
+WARNING:
+This feature will be changed or removed in 15.0
+as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
+Before updating GitLab, review the details carefully to determine if you need to make any
+changes to your code, settings, or workflow.
+
+The `user_email_lookup_limit` [API field](https://docs.gitlab.com/ee/api/settings.html) is deprecated and will be removed in GitLab 15.0. Until GitLab 15.0, `user_email_lookup_limit` is aliased to `search_rate_limit` and existing workflows will continue to work.
+
+Any API calls attempting to change the rate limits for `user_email_lookup_limit` should use `search_rate_limit` instead.
+
+**Planned removal milestone: 15.0 (2022-05-22)**
+
 ## 14.8
 
 ### Changes to the `CI_JOB_JWT`
diff --git a/lib/backup/manager.rb b/lib/backup/manager.rb
index 6e90824fce2..cb5fd959bc9 100644
--- a/lib/backup/manager.rb
+++ b/lib/backup/manager.rb
@@ -144,7 +144,6 @@ module Backup
     def run_restore_task(task_name)
       definition = @definitions[task_name]
 
-      read_backup_information
       puts_time "Restoring #{definition.task.human_name} ... ".color(:blue)
 
       unless definition.task.enabled
@@ -483,7 +482,7 @@ module Backup
     end
 
     def repository_backup_strategy(incremental)
-      if Feature.enabled?(:gitaly_backup, default_enabled: :yaml)
+      if !Feature.feature_flags_available? || Feature.enabled?(:gitaly_backup, default_enabled: :yaml)
         max_concurrency = ENV['GITLAB_BACKUP_MAX_CONCURRENCY'].presence
         max_storage_concurrency = ENV['GITLAB_BACKUP_MAX_STORAGE_CONCURRENCY'].presence
         Backup::GitalyBackup.new(progress, incremental: incremental, max_parallelism: max_concurrency, storage_parallelism: max_storage_concurrency)
diff --git a/spec/controllers/admin/application_settings_controller_spec.rb b/spec/controllers/admin/application_settings_controller_spec.rb
index f7b2bab3615..a18ebe9c9a0 100644
--- a/spec/controllers/admin/application_settings_controller_spec.rb
+++ b/spec/controllers/admin/application_settings_controller_spec.rb
@@ -291,6 +291,46 @@ RSpec.describe Admin::ApplicationSettingsController, :do_not_mock_admin_mode_set
         end
       end
     end
+
+    describe 'user_email_lookup_limit aliasing' do
+      let(:application_setting) { ApplicationSetting.current }
+      let(:user_email_lookup_limit) { 8675 }
+      let(:search_rate_limit) { 309 }
+
+      context 'when search_rate_limit is specified' do
+        let(:settings_params) do
+          {
+            user_email_lookup_limit: user_email_lookup_limit,
+            search_rate_limit: search_rate_limit
+          }
+        end
+
+        it 'updates search_rate_limit with correct value' do
+          expect(application_setting.search_rate_limit).not_to eq user_email_lookup_limit
+          expect(application_setting.search_rate_limit).not_to eq search_rate_limit
+
+          put :update, params: { application_setting: settings_params }
+
+          expect(application_setting.reload.search_rate_limit).to eq search_rate_limit
+        end
+      end
+
+      context 'when search_rate_limit is not specified' do
+        let(:settings_params) do
+          {
+            user_email_lookup_limit: search_rate_limit
+          }
+        end
+
+        it 'applies user_email_lookup_limit value to search_rate_limit' do
+          expect(application_setting.search_rate_limit).not_to eq search_rate_limit
+
+          put :update, params: { application_setting: settings_params }
+
+          expect(application_setting.reload.search_rate_limit).to eq search_rate_limit
+        end
+      end
+    end
   end
 
   describe 'PUT #reset_registration_token' do
diff --git a/spec/factories/ci/job_artifacts.rb b/spec/factories/ci/job_artifacts.rb
index e6eec280ed0..77b07c4a404 100644
--- a/spec/factories/ci/job_artifacts.rb
+++ b/spec/factories/ci/job_artifacts.rb
@@ -7,7 +7,7 @@ FactoryBot.define do
     file_format { :zip }
 
     trait :expired do
-      expire_at { Date.yesterday }
+      expire_at { Time.current.yesterday.change(minute: 9) }
     end
 
     trait :locked do
diff --git a/spec/models/ci/deleted_object_spec.rb b/spec/models/ci/deleted_object_spec.rb
index cb8911d5027..a19c1b76708 100644
--- a/spec/models/ci/deleted_object_spec.rb
+++ b/spec/models/ci/deleted_object_spec.rb
@@ -22,7 +22,7 @@ RSpec.describe Ci::DeletedObject, :aggregate_failures do
         expect(deleted_artifact.file_store).to eq(artifact.file_store)
         expect(deleted_artifact.store_dir).to eq(artifact.file.store_dir.to_s)
         expect(deleted_artifact.file_identifier).to eq(artifact.file_identifier)
-        expect(deleted_artifact.pick_up_at).to eq(artifact.expire_at)
+        expect(deleted_artifact.pick_up_at).to be_like_time(artifact.expire_at)
       end
     end