Add latest changes from gitlab-org/gitlab@13-3-stable-ee

11 files changed, 98 insertions, 28 deletions

diff --git a/lib/api/helpers/internal_helpers.rb b/lib/api/helpers/internal_helpers.rb
index b69930b447c..b7ce1eba3f9 100644
--- a/lib/api/helpers/internal_helpers.rb
+++ b/lib/api/helpers/internal_helpers.rb
@@ -117,7 +117,7 @@ module API
         return unless %w[git-receive-pack git-upload-pack git-upload-archive].include?(action)
 
         {
-          repository: repository.gitaly_repository,
+          repository: repository.gitaly_repository.to_h,
           address: Gitlab::GitalyClient.address(repository.shard),
           token: Gitlab::GitalyClient.token(repository.shard),
           features: Feature::Gitaly.server_feature_flags
diff --git a/lib/api/helpers/merge_requests_helpers.rb b/lib/api/helpers/merge_requests_helpers.rb
index 4d5350498a7..e4163c63575 100644
--- a/lib/api/helpers/merge_requests_helpers.rb
+++ b/lib/api/helpers/merge_requests_helpers.rb
@@ -4,6 +4,9 @@ module API
   module Helpers
     module MergeRequestsHelpers
       extend Grape::API::Helpers
+      extend ActiveSupport::Concern
+
+      UNPROCESSABLE_ERROR_KEYS = [:project_access, :branch_conflict, :validate_fork, :base].freeze
 
       params :merge_requests_negatable_params do
         optional :author_id, type: Integer, desc: 'Return merge requests which are authored by the user with the given ID'
@@ -79,6 +82,20 @@ module API
                  default: 'created_by_me',
                  desc: 'Return merge requests for the given scope: `created_by_me`, `assigned_to_me` or `all`'
       end
+
+      def handle_merge_request_errors!(merge_request)
+        return if merge_request.valid?
+
+        errors = merge_request.errors
+
+        UNPROCESSABLE_ERROR_KEYS.each do |error|
+          unprocessable_entity!(errors[error]) if errors.has_key?(error)
+        end
+
+        conflict!(errors[:validate_branches]) if errors.has_key?(:validate_branches)
+
+        render_validation_error!(merge_request)
+      end
     end
   end
 end
diff --git a/lib/api/helpers/notes_helpers.rb b/lib/api/helpers/notes_helpers.rb
index f88624ed63e..f61bcfe963e 100644
--- a/lib/api/helpers/notes_helpers.rb
+++ b/lib/api/helpers/notes_helpers.rb
@@ -17,8 +17,9 @@ module API
         authorize! :admin_note, note
 
         opts = {
-          note: params[:body]
-        }
+          note: params[:body],
+          confidential: params[:confidential]
+        }.compact
         parent = noteable_parent(noteable)
         project = parent if parent.is_a?(Project)
 
diff --git a/lib/api/helpers/packages/basic_auth_helpers.rb b/lib/api/helpers/packages/basic_auth_helpers.rb
index 835b5f4614c..e35a8712131 100644
--- a/lib/api/helpers/packages/basic_auth_helpers.rb
+++ b/lib/api/helpers/packages/basic_auth_helpers.rb
@@ -4,6 +4,8 @@ module API
   module Helpers
     module Packages
       module BasicAuthHelpers
+        extend ::Gitlab::Utils::Override
+
         module Constants
           AUTHENTICATE_REALM_HEADER = 'Www-Authenticate: Basic realm'
           AUTHENTICATE_REALM_NAME = 'GitLab Packages Registry'
@@ -11,10 +13,6 @@ module API
 
         include Constants
 
-        def find_personal_access_token
-          find_personal_access_token_from_http_basic_auth
-        end
-
         def unauthorized_user_project
           @unauthorized_user_project ||= find_project(params[:id])
         end
@@ -44,12 +42,13 @@ module API
         end
 
         def unauthorized_or!
-          current_user ? yield : unauthorized_with_header!
+          current_user ? yield : unauthorized!
         end
 
-        def unauthorized_with_header!
+        override :unauthorized!
+        def unauthorized!
           header(AUTHENTICATE_REALM_HEADER, AUTHENTICATE_REALM_NAME)
-          unauthorized!
+          super
         end
       end
     end
diff --git a/lib/api/helpers/packages/conan/api_helpers.rb b/lib/api/helpers/packages/conan/api_helpers.rb
index 30e690a5a1d..a5fde1af41e 100644
--- a/lib/api/helpers/packages/conan/api_helpers.rb
+++ b/lib/api/helpers/packages/conan/api_helpers.rb
@@ -28,22 +28,30 @@ module API
             present_download_urls(::API::Entities::ConanPackage::ConanRecipeManifest, &:recipe_urls)
           end
 
-          def recipe_upload_urls(file_names)
+          def recipe_upload_urls
             { upload_urls: Hash[
-              file_names.collect do |file_name|
+              file_names.select(&method(:recipe_file?)).map do |file_name|
                 [file_name, recipe_file_upload_url(file_name)]
               end
             ] }
           end
 
-          def package_upload_urls(file_names)
+          def package_upload_urls
             { upload_urls: Hash[
-              file_names.collect do |file_name|
+              file_names.select(&method(:package_file?)).map do |file_name|
                 [file_name, package_file_upload_url(file_name)]
               end
             ] }
           end
 
+          def recipe_file?(file_name)
+            file_name.in?(::Packages::Conan::FileMetadatum::RECIPE_FILES)
+          end
+
+          def package_file?(file_name)
+            file_name.in?(::Packages::Conan::FileMetadatum::PACKAGE_FILES)
+          end
+
           def package_file_upload_url(file_name)
             expose_url(
               api_v4_packages_conan_v1_files_package_path(
@@ -130,6 +138,14 @@ module API
             end
           end
 
+          def file_names
+            json_payload = Gitlab::Json.parse(request.body.string)
+
+            bad_request!(nil) unless json_payload.is_a?(Hash)
+
+            json_payload.keys
+          end
+
           def create_package_file_with_type(file_type, current_package)
             unless params['file.size'] == 0
               # conan sends two upload requests, the first has no file, so we skip record creation if file.size == 0
diff --git a/lib/api/helpers/packages_manager_clients_helpers.rb b/lib/api/helpers/packages_manager_clients_helpers.rb
index 7b5d0dd708d..ae16b65aaa8 100644
--- a/lib/api/helpers/packages_manager_clients_helpers.rb
+++ b/lib/api/helpers/packages_manager_clients_helpers.rb
@@ -16,16 +16,6 @@ module API
         optional 'file.sha256', type: String, desc: 'SHA256 checksum of the file (generated by Workhorse)'
       end
 
-      def find_personal_access_token_from_http_basic_auth
-        return unless headers
-
-        token = decode_token
-
-        return unless token
-
-        PersonalAccessToken.find_by_token(token)
-      end
-
       def find_job_from_http_basic_auth
         return unless headers
 
diff --git a/lib/api/helpers/pagination_strategies.rb b/lib/api/helpers/pagination_strategies.rb
index 823891d6fe7..61cff37e4ab 100644
--- a/lib/api/helpers/pagination_strategies.rb
+++ b/lib/api/helpers/pagination_strategies.rb
@@ -48,7 +48,7 @@ module API
       end
 
       def offset_limit_exceeded?(offset_limit)
-        offset_limit.positive? && params[:page] * params[:per_page] > offset_limit
+        offset_limit > 0 && params[:page] * params[:per_page] > offset_limit
       end
     end
   end
diff --git a/lib/api/helpers/performance_bar_helpers.rb b/lib/api/helpers/performance_bar_helpers.rb
new file mode 100644
index 00000000000..8430e889dff
--- /dev/null
+++ b/lib/api/helpers/performance_bar_helpers.rb
@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module API
+  module Helpers
+    module PerformanceBarHelpers
+      def set_peek_enabled_for_current_request
+        Gitlab::SafeRequestStore.fetch(:peek_enabled) { perf_bar_cookie_enabled? && perf_bar_enabled_for_user? }
+      end
+
+      def perf_bar_cookie_enabled?
+        cookies[:perf_bar_enabled] == 'true'
+      end
+
+      def perf_bar_enabled_for_user?
+        # We cannot use `current_user` here because that method raises an exception when the user
+        # is unauthorized and some API endpoints require that `current_user` is not called.
+        Gitlab::PerformanceBar.enabled_for_user?(find_user_from_sources)
+      end
+    end
+  end
+end
diff --git a/lib/api/helpers/projects_helpers.rb b/lib/api/helpers/projects_helpers.rb
index 76e5bb95c4d..8c20f5b8fc2 100644
--- a/lib/api/helpers/projects_helpers.rb
+++ b/lib/api/helpers/projects_helpers.rb
@@ -61,6 +61,7 @@ module API
         optional :auto_devops_deploy_strategy, type: String, values: %w(continuous manual timed_incremental), desc: 'Auto Deploy strategy'
         optional :autoclose_referenced_issues, type: Boolean, desc: 'Flag indication if referenced issues auto-closing is enabled'
         optional :repository_storage, type: String, desc: 'Which storage shard the repository is on. Available only to admins'
+        optional :packages_enabled, type: Boolean, desc: 'Enable project packages feature'
       end
 
       params :optional_project_params_ee do
@@ -137,6 +138,7 @@ module API
           :suggestion_commit_message,
           :repository_storage,
           :compliance_framework_setting,
+          :packages_enabled,
           :service_desk_enabled,
 
           # TODO: remove in API v5, replaced by *_access_level
diff --git a/lib/api/helpers/services_helpers.rb b/lib/api/helpers/services_helpers.rb
index d4870b96575..ff938358439 100644
--- a/lib/api/helpers/services_helpers.rb
+++ b/lib/api/helpers/services_helpers.rb
@@ -247,15 +247,15 @@ module API
               required: true,
               name: :project_url,
               type: String,
-              desc: 'The buildkite project URL'
+              desc: 'The Buildkite pipeline URL'
             },
             {
               required: false,
               name: :enable_ssl_verification,
               type: Boolean,
-              desc: 'Enable SSL verification for communication'
+              desc: 'DEPRECATED: This parameter has no effect since SSL verification will always be enabled'
             }
-          ],
+        ],
           'campfire' => [
             {
               required: true,
diff --git a/lib/api/helpers/snippets_helpers.rb b/lib/api/helpers/snippets_helpers.rb
index f95d066bd7c..79367da8d1f 100644
--- a/lib/api/helpers/snippets_helpers.rb
+++ b/lib/api/helpers/snippets_helpers.rb
@@ -10,6 +10,23 @@ module API
         requires :ref, type: String, desc: 'The name of branch, tag or commit'
       end
 
+      params :create_file_params do
+        optional :files, type: Array, desc: 'An array of files' do
+          requires :file_path, type: String, file_path: true, allow_blank: false, desc: 'The path of a snippet file'
+          requires :content, type: String, allow_blank: false, desc: 'The content of a snippet file'
+        end
+
+        optional :content, type: String, allow_blank: false, desc: 'The content of a snippet'
+
+        given :content do
+          requires :file_name, type: String, desc: 'The name of a snippet file'
+        end
+
+        mutually_exclusive :files, :content
+
+        exactly_one_of :files, :content
+      end
+
       def content_for(snippet)
         if snippet.empty_repo?
           env['api.format'] = :txt
@@ -35,5 +52,12 @@ module API
         send_git_blob(repo, blob)
       end
     end
+
+    def process_file_args(args)
+      args[:snippet_actions] = args.delete(:files)&.map do |file|
+        file[:action] = :create
+        file.symbolize_keys
+      end
+    end
   end
 end