Add latest changes from gitlab-org/gitlab@14-4-stable-eev14.4.0-rc42

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-10-20 08:43:02 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-10-20 08:43:02 +0000
commit: d9ab72d6080f594d0b3cae15f14b3ef2c6c638cb (patch)
tree: 2341ef426af70ad1e289c38036737e04b0aa5007 /app/controllers/groups
parent: d6e514dd13db8947884cd58fe2a9c2a063400a9b (diff)
download: gitlab-ce-d9ab72d6080f594d0b3cae15f14b3ef2c6c638cb.tar.gz
8 files changed, 88 insertions, 37 deletions
diff --git a/app/controllers/groups/boards_controller.rb b/app/controllers/groups/boards_controller.rb
index 60708c13b85..e8e6a7e5c1a 100644
--- a/app/controllers/groups/boards_controller.rb
+++ b/app/controllers/groups/boards_controller.rb
@@ -11,6 +11,7 @@ class Groups::BoardsController < Groups::ApplicationController
     push_frontend_feature_flag(:board_multi_select, group, default_enabled: :yaml)
     push_frontend_feature_flag(:swimlanes_buffered_rendering, group, default_enabled: :yaml)
     push_frontend_feature_flag(:iteration_cadences, group, default_enabled: :yaml)
+    push_frontend_feature_flag(:labels_widget, group, default_enabled: :yaml)
   end
 
   feature_category :boards
diff --git a/app/controllers/groups/dependency_proxy/application_controller.rb b/app/controllers/groups/dependency_proxy/application_controller.rb
index fd9db41f748..18a6ff93e15 100644
--- a/app/controllers/groups/dependency_proxy/application_controller.rb
+++ b/app/controllers/groups/dependency_proxy/application_controller.rb
@@ -21,8 +21,14 @@ module Groups
         authenticate_with_http_token do |token, _|
           @authentication_result = EMPTY_AUTH_RESULT
 
-          found_user = user_from_token(token)
-          sign_in(found_user) if found_user.is_a?(User)
+          user_or_deploy_token = ::DependencyProxy::AuthTokenService.user_or_deploy_token_from_jwt(token)
+
+          if user_or_deploy_token.is_a?(User)
+            @authentication_result = Gitlab::Auth::Result.new(user_or_deploy_token, nil, :user, [])
+            sign_in(user_or_deploy_token)
+          elsif user_or_deploy_token.is_a?(DeployToken)
+            @authentication_result = Gitlab::Auth::Result.new(user_or_deploy_token, nil, :deploy_token, [])
+          end
         end
 
         request_bearer_token! unless authenticated_user
@@ -39,28 +45,6 @@ module Groups
         response.headers['WWW-Authenticate'] = ::DependencyProxy::Registry.authenticate_header
         render plain: '', status: :unauthorized
       end
-
-      def user_from_token(token)
-        token_payload = ::DependencyProxy::AuthTokenService.decoded_token_payload(token)
-
-        if token_payload['user_id']
-          token_user = User.find(token_payload['user_id'])
-          return unless token_user
-
-          @authentication_result = Gitlab::Auth::Result.new(token_user, nil, :user, [])
-          return token_user
-        elsif token_payload['deploy_token']
-          deploy_token = DeployToken.active.find_by_token(token_payload['deploy_token'])
-          return unless deploy_token
-
-          @authentication_result = Gitlab::Auth::Result.new(deploy_token, nil, :deploy_token, [])
-          return deploy_token
-        end
-
-        nil
-      rescue JWT::DecodeError, JWT::ExpiredSignature, JWT::ImmatureSignature
-        nil
-      end
     end
   end
 end
diff --git a/app/controllers/groups/dependency_proxy_for_containers_controller.rb b/app/controllers/groups/dependency_proxy_for_containers_controller.rb
index f7dc552bd3e..e19b8ae35f8 100644
--- a/app/controllers/groups/dependency_proxy_for_containers_controller.rb
+++ b/app/controllers/groups/dependency_proxy_for_containers_controller.rb
@@ -5,11 +5,15 @@ class Groups::DependencyProxyForContainersController < ::Groups::DependencyProxy
   include DependencyProxy::GroupAccess
   include SendFileUpload
   include ::PackagesHelper # for event tracking
+  include WorkhorseRequest
 
   before_action :ensure_group
-  before_action :ensure_token_granted!
+  before_action :ensure_token_granted!, only: [:blob, :manifest]
   before_action :ensure_feature_enabled!
 
+  before_action :verify_workhorse_api!, only: [:authorize_upload_blob, :upload_blob]
+  skip_before_action :verify_authenticity_token, only: [:authorize_upload_blob, :upload_blob]
+
   attr_reader :token
 
   feature_category :dependency_proxy
@@ -38,6 +42,8 @@ class Groups::DependencyProxyForContainersController < ::Groups::DependencyProxy
   end
 
   def blob
+    return blob_via_workhorse if Feature.enabled?(:dependency_proxy_workhorse, group, default_enabled: :yaml)
+
     result = DependencyProxy::FindOrCreateBlobService
       .new(group, image, token, params[:sha]).execute
 
@@ -50,11 +56,47 @@ class Groups::DependencyProxyForContainersController < ::Groups::DependencyProxy
     end
   end
 
+  def authorize_upload_blob
+    set_workhorse_internal_api_content_type
+
+    render json: DependencyProxy::FileUploader.workhorse_authorize(has_length: false)
+  end
+
+  def upload_blob
+    @group.dependency_proxy_blobs.create!(
+      file_name: blob_file_name,
+      file: params[:file],
+      size: params[:file].size
+    )
+
+    event_name = tracking_event_name(object_type: :blob, from_cache: false)
+    track_package_event(event_name, :dependency_proxy, namespace: group, user: auth_user)
+
+    head :ok
+  end
+
   private
 
+  def blob_via_workhorse
+    blob = @group.dependency_proxy_blobs.find_by_file_name(blob_file_name)
+
+    if blob.present?
+      event_name = tracking_event_name(object_type: :blob, from_cache: true)
+      track_package_event(event_name, :dependency_proxy, namespace: group, user: auth_user)
+
+      send_upload(blob.file)
+    else
+      send_dependency(token, DependencyProxy::Registry.blob_url(image, params[:sha]), blob_file_name)
+    end
+  end
+
+  def blob_file_name
+    @blob_file_name ||= params[:sha].sub('sha256:', '') + '.gz'
+  end
+
   def group
     strong_memoize(:group) do
-      Group.find_by_full_path(params[:group_id], follow_redirects: request.get?)
+      Group.find_by_full_path(params[:group_id], follow_redirects: true)
     end
   end
 
diff --git a/app/controllers/groups/group_members_controller.rb b/app/controllers/groups/group_members_controller.rb
index 9b8d5cfe476..6e59f159636 100644
--- a/app/controllers/groups/group_members_controller.rb
+++ b/app/controllers/groups/group_members_controller.rb
@@ -25,19 +25,15 @@ class Groups::GroupMembersController < Groups::ApplicationController
   def index
     @sort = params[:sort].presence || sort_value_name
 
-    @members = GroupMembersFinder
-      .new(@group, current_user, params: filter_params)
-      .execute(include_relations: requested_relations)
-
     if can?(current_user, :admin_group_member, @group)
       @skip_groups = @group.related_group_ids
 
-      @invited_members = @members.invite
+      @invited_members = invited_members
       @invited_members = @invited_members.search_invite_email(params[:search_invited]) if params[:search_invited].present?
       @invited_members = present_invited_members(@invited_members)
     end
 
-    @members = present_group_members(@members.non_invite)
+    @members = present_group_members(non_invited_members)
 
     @requesters = present_members(
       AccessRequestsFinder.new(@group).execute(current_user)
@@ -51,6 +47,20 @@ class Groups::GroupMembersController < Groups::ApplicationController
 
   private
 
+  def group_members
+    @group_members ||= GroupMembersFinder
+      .new(@group, current_user, params: filter_params)
+      .execute(include_relations: requested_relations)
+  end
+
+  def invited_members
+    group_members.invite.with_invited_user_state
+  end
+
+  def non_invited_members
+    group_members.non_invite
+  end
+
   def present_invited_members(invited_members)
     present_members(invited_members
       .page(params[:invited_members_page])
diff --git a/app/controllers/groups/packages_controller.rb b/app/controllers/groups/packages_controller.rb
index 47f1816cc4c..d02a8262948 100644
--- a/app/controllers/groups/packages_controller.rb
+++ b/app/controllers/groups/packages_controller.rb
@@ -6,6 +6,10 @@ module Groups
 
     feature_category :package_registry
 
+    before_action do
+      push_frontend_feature_flag(:package_list_apollo, default_enabled: :yaml)
+    end
+
     private
 
     def verify_packages_enabled!
diff --git a/app/controllers/groups/registry/repositories_controller.rb b/app/controllers/groups/registry/repositories_controller.rb
index 3aaaf6ade6b..549a148bfb8 100644
--- a/app/controllers/groups/registry/repositories_controller.rb
+++ b/app/controllers/groups/registry/repositories_controller.rb
@@ -3,6 +3,7 @@ module Groups
   module Registry
     class RepositoriesController < Groups::ApplicationController
       include PackagesHelper
+      include ::Registry::ConnectionErrorsHandler
 
       before_action :verify_container_registry_enabled!
       before_action :authorize_read_container_image!
diff --git a/app/controllers/groups/runners_controller.rb b/app/controllers/groups/runners_controller.rb
index f37c08da22a..5c21c7b023c 100644
--- a/app/controllers/groups/runners_controller.rb
+++ b/app/controllers/groups/runners_controller.rb
@@ -10,8 +10,10 @@ class Groups::RunnersController < Groups::ApplicationController
   feature_category :runner
 
   def index
-    finder = Ci::RunnersFinder.new(current_user: current_user, params: { group: @group })
-    @group_runners_limited_count = finder.execute.except(:limit, :offset).page.total_count_with_limit(:all, limit: 1000)
+    ::Gitlab::Database.allow_cross_joins_across_databases(url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/336433') do
+      finder = Ci::RunnersFinder.new(current_user: current_user, params: { group: @group })
+      @group_runners_limited_count = finder.execute.except(:limit, :offset).page.total_count_with_limit(:all, limit: 1000)
+    end
   end
 
   def runner_list_group_view_vue_ui_enabled
@@ -61,9 +63,11 @@ class Groups::RunnersController < Groups::ApplicationController
   private
 
   def runner
-    @runner ||= Ci::RunnersFinder.new(current_user: current_user, params: { group: @group }).execute
-                                                                                            .except(:limit, :offset)
-                                                                                            .find(params[:id])
+    ::Gitlab::Database.allow_cross_joins_across_databases(url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/336433') do
+      @runner ||= Ci::RunnersFinder.new(current_user: current_user, params: { group: @group }).execute
+        .except(:limit, :offset)
+        .find(params[:id])
+    end
   end
 
   def runner_params
diff --git a/app/controllers/groups/settings/ci_cd_controller.rb b/app/controllers/groups/settings/ci_cd_controller.rb
index a290ef9b5e7..e125385f841 100644
--- a/app/controllers/groups/settings/ci_cd_controller.rb
+++ b/app/controllers/groups/settings/ci_cd_controller.rb
@@ -23,6 +23,11 @@ module Groups
         @group_runners = runners_finder.execute.page(params[:page]).per(NUMBER_OF_RUNNERS_PER_PAGE)
 
         @sort = runners_finder.sort_key
+
+        # Allow sql generated by the two relations above, @all_group_runners and @group_runners
+        ::Gitlab::Database.allow_cross_joins_across_databases(url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/336433') do
+          render
+        end
       end
 
       def update
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-10-20 08:43:02 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-10-20 08:43:02 +0000
commit	d9ab72d6080f594d0b3cae15f14b3ef2c6c638cb (patch)
tree	2341ef426af70ad1e289c38036737e04b0aa5007 /app/controllers/groups
parent	d6e514dd13db8947884cd58fe2a9c2a063400a9b (diff)
download	gitlab-ce-d9ab72d6080f594d0b3cae15f14b3ef2c6c638cb.tar.gz