Add latest changes from gitlab-org/gitlab@master

7 files changed, 59 insertions, 14 deletions

diff --git a/app/assets/javascripts/snippets/components/snippet_title.vue b/app/assets/javascripts/snippets/components/snippet_title.vue
index 6646e70f5db..1fc0423a06c 100644
--- a/app/assets/javascripts/snippets/components/snippet_title.vue
+++ b/app/assets/javascripts/snippets/components/snippet_title.vue
@@ -21,7 +21,7 @@ export default {
       {{ snippet.title }}
     </h2>
     <div v-if="snippet.description" class="description" data-qa-selector="snippet_description">
-      <div class="md">{{ snippet.description }}</div>
+      <div class="md js-snippet-description" v-html="snippet.descriptionHtml"></div>
     </div>
 
     <small v-if="snippet.updatedAt !== snippet.createdAt" class="edited-text">
diff --git a/app/assets/javascripts/snippets/fragments/snippetBase.fragment.graphql b/app/assets/javascripts/snippets/fragments/snippetBase.fragment.graphql
index 57348a422ec..e0cc6cc2dda 100644
--- a/app/assets/javascripts/snippets/fragments/snippetBase.fragment.graphql
+++ b/app/assets/javascripts/snippets/fragments/snippetBase.fragment.graphql
@@ -2,6 +2,7 @@ fragment SnippetBase on Snippet {
   id
   title
   description
+  descriptionHtml
   createdAt
   updatedAt
   visibilityLevel
diff --git a/app/models/key.rb b/app/models/key.rb
index e729ef67346..afa0d489ef6 100644
--- a/app/models/key.rb
+++ b/app/models/key.rb
@@ -30,10 +30,10 @@ class Key < ApplicationRecord
 
   delegate :name, :email, to: :user, prefix: true
 
-  after_commit :add_to_shell, on: :create
+  after_commit :add_to_authorized_keys, on: :create
   after_create :post_create_hook
   after_create :refresh_user_cache
-  after_commit :remove_from_shell, on: :destroy
+  after_commit :remove_from_authorized_keys, on: :destroy
   after_destroy :post_destroy_hook
   after_destroy :refresh_user_cache
 
@@ -79,12 +79,10 @@ class Key < ApplicationRecord
   end
   # rubocop: enable CodeReuse/ServiceClass
 
-  def add_to_shell
-    GitlabShellWorker.perform_async(
-      :add_key,
-      shell_id,
-      key
-    )
+  def add_to_authorized_keys
+    return unless Gitlab::CurrentSettings.authorized_keys_enabled?
+
+    AuthorizedKeysWorker.perform_async(:add_key, shell_id, key)
   end
 
   # rubocop: disable CodeReuse/ServiceClass
@@ -93,11 +91,10 @@ class Key < ApplicationRecord
   end
   # rubocop: enable CodeReuse/ServiceClass
 
-  def remove_from_shell
-    GitlabShellWorker.perform_async(
-      :remove_key,
-      shell_id
-    )
+  def remove_from_authorized_keys
+    return unless Gitlab::CurrentSettings.authorized_keys_enabled?
+
+    AuthorizedKeysWorker.perform_async(:remove_key, shell_id)
   end
 
   # rubocop: disable CodeReuse/ServiceClass
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb
index 95b92d4c108..aecefcc89ab 100644
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -315,6 +315,7 @@ class ProjectPolicy < BasePolicy
     enable :read_deploy_token
     enable :create_deploy_token
     enable :read_pod_logs
+    enable :destroy_deploy_token
   end
 
   rule { (mirror_available & can?(:admin_project)) | admin }.enable :admin_remote_mirror
diff --git a/app/workers/all_queues.yml b/app/workers/all_queues.yml
index 71f7c1bac3c..81c09a77730 100644
--- a/app/workers/all_queues.yml
+++ b/app/workers/all_queues.yml
@@ -843,6 +843,13 @@
   :resource_boundary: :unknown
   :weight: 1
   :idempotent: 
+- :name: authorized_keys
+  :feature_category: :source_code_management
+  :has_external_dependencies: 
+  :urgency: :high
+  :resource_boundary: :unknown
+  :weight: 2
+  :idempotent: true
 - :name: authorized_projects
   :feature_category: :authentication_and_authorization
   :has_external_dependencies: 
diff --git a/app/workers/authorized_keys_worker.rb b/app/workers/authorized_keys_worker.rb
new file mode 100644
index 00000000000..b2333033e56
--- /dev/null
+++ b/app/workers/authorized_keys_worker.rb
@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+class AuthorizedKeysWorker
+  include ApplicationWorker
+
+  PERMITTED_ACTIONS = [:add_key, :remove_key].freeze
+
+  feature_category :source_code_management
+  urgency :high
+  weight 2
+  idempotent!
+
+  def perform(action, *args)
+    return unless Gitlab::CurrentSettings.authorized_keys_enabled?
+
+    case action
+    when :add_key
+      authorized_keys.add_key(*args)
+    when :remove_key
+      authorized_keys.remove_key(*args)
+    end
+  end
+
+  private
+
+  def authorized_keys
+    @authorized_keys ||= Gitlab::AuthorizedKeys.new
+  end
+end
diff --git a/app/workers/gitlab_shell_worker.rb b/app/workers/gitlab_shell_worker.rb
index ed08069d2bc..0db794793d4 100644
--- a/app/workers/gitlab_shell_worker.rb
+++ b/app/workers/gitlab_shell_worker.rb
@@ -9,6 +9,16 @@ class GitlabShellWorker # rubocop:disable Scalability/IdempotentWorker
   weight 2
 
   def perform(action, *arg)
+    # Gitlab::Shell is being removed but we need to continue to process jobs
+    # enqueued in the previous release, so handle them here.
+    #
+    # See https://gitlab.com/gitlab-org/gitlab/-/issues/25095 for more details
+    if AuthorizedKeysWorker::PERMITTED_ACTIONS.include?(action)
+      AuthorizedKeysWorker.new.perform(action, *arg)
+
+      return
+    end
+
     Gitlab::GitalyClient::NamespaceService.allow do
       gitlab_shell.__send__(action, *arg) # rubocop:disable GitlabSecurity/PublicSend
     end