Add latest changes from gitlab-org/gitlab@14-2-stable-eev14.2.0-rc42

6 files changed, 39 insertions, 140 deletions

diff --git a/lib/api/helpers/groups_helpers.rb b/lib/api/helpers/groups_helpers.rb
index e38213532ba..72bdb32d38c 100644
--- a/lib/api/helpers/groups_helpers.rb
+++ b/lib/api/helpers/groups_helpers.rb
@@ -23,7 +23,7 @@ module API
         optional :mentions_disabled, type: Boolean, desc: 'Disable a group from getting mentioned'
         optional :lfs_enabled, type: Boolean, desc: 'Enable/disable LFS for the projects in this group'
         optional :request_access_enabled, type: Boolean, desc: 'Allow users to request member access'
-        optional :default_branch_protection, type: Integer, values: ::Gitlab::Access.protection_values, desc: 'Determine if developers can push to master'
+        optional :default_branch_protection, type: Integer, values: ::Gitlab::Access.protection_values, desc: 'Determine if developers can push to default branch'
         optional :shared_runners_setting, type: String, values: ::Namespace::SHARED_RUNNERS_SETTINGS, desc: 'Enable/disable shared runners for the group and its subgroups and projects'
       end
 
diff --git a/lib/api/helpers/members_helpers.rb b/lib/api/helpers/members_helpers.rb
index bd0c2501220..e72bbb931f0 100644
--- a/lib/api/helpers/members_helpers.rb
+++ b/lib/api/helpers/members_helpers.rb
@@ -54,6 +54,14 @@ module API
         source.add_user(user, params[:access_level], current_user: current_user, expires_at: params[:expires_at])
       end
 
+      def track_areas_of_focus(member, areas_of_focus)
+        return unless areas_of_focus
+
+        areas_of_focus.each do |area_of_focus|
+          Gitlab::Tracking.event(::Members::CreateService.name, 'area_of_focus', label: area_of_focus, property: member.id.to_s)
+        end
+      end
+
       def present_members(members)
         present members, with: Entities::Member, current_user: current_user, show_seat_info: params[:show_seat_info]
       end
diff --git a/lib/api/helpers/packages/dependency_proxy_helpers.rb b/lib/api/helpers/packages/dependency_proxy_helpers.rb
index 989c4e1761b..b8ae1dddd7e 100644
--- a/lib/api/helpers/packages/dependency_proxy_helpers.rb
+++ b/lib/api/helpers/packages/dependency_proxy_helpers.rb
@@ -5,11 +5,17 @@ module API
     module Packages
       module DependencyProxyHelpers
         REGISTRY_BASE_URLS = {
-          npm: 'https://registry.npmjs.org/'
+          npm: 'https://registry.npmjs.org/',
+          pypi: 'https://pypi.org/simple/'
+        }.freeze
+
+        APPLICATION_SETTING_NAMES = {
+          npm: 'npm_package_requests_forwarding',
+          pypi: 'pypi_package_requests_forwarding'
         }.freeze
 
         def redirect_registry_request(forward_to_registry, package_type, options)
-          if forward_to_registry && redirect_registry_request_available?
+          if forward_to_registry && redirect_registry_request_available?(package_type)
             ::Gitlab::Tracking.event(self.options[:for].name, "#{package_type}_request_forward")
             redirect(registry_url(package_type, options))
           else
@@ -25,11 +31,20 @@ module API
           case package_type
           when :npm
             "#{base_url}#{options[:package_name]}"
+          when :pypi
+            "#{base_url}#{options[:package_name]}/"
           end
         end
 
-        def redirect_registry_request_available?
-          ::Gitlab::CurrentSettings.current_application_settings.npm_package_requests_forwarding
+        def redirect_registry_request_available?(package_type)
+          application_setting_name = APPLICATION_SETTING_NAMES[package_type]
+
+          raise ArgumentError, "Can't find application setting for package_type #{package_type}" unless application_setting_name
+
+          ::Gitlab::CurrentSettings
+            .current_application_settings
+            .attributes
+            .fetch(application_setting_name, false)
         end
       end
     end
diff --git a/lib/api/helpers/packages/npm.rb b/lib/api/helpers/packages/npm.rb
index 2d556f889bf..ce5db52fdbc 100644
--- a/lib/api/helpers/packages/npm.rb
+++ b/lib/api/helpers/packages/npm.rb
@@ -49,28 +49,20 @@ module API
             when :project
               params[:id]
             when :instance
-              namespace_path = namespace_path_from_package_name
+              package_name = params[:package_name]
+              namespace_path = ::Packages::Npm.scope_of(package_name)
               next unless namespace_path
 
               namespace = Namespace.top_most
                                    .by_path(namespace_path)
               next unless namespace
 
-              finder = ::Packages::Npm::PackageFinder.new(params[:package_name], namespace: namespace)
+              finder = ::Packages::Npm::PackageFinder.new(package_name, namespace: namespace)
 
               finder.last&.project_id
             end
           end
         end
-
-        # from "@scope/package-name" return "scope" or nil
-        def namespace_path_from_package_name
-          package_name = params[:package_name]
-          return unless package_name.starts_with?('@')
-          return unless package_name.include?('/')
-
-          package_name.match(Gitlab::Regex.npm_package_name_regex)&.captures&.first
-        end
       end
     end
   end
diff --git a/lib/api/helpers/projects_helpers.rb b/lib/api/helpers/projects_helpers.rb
index 272452bd8db..becd25595a6 100644
--- a/lib/api/helpers/projects_helpers.rb
+++ b/lib/api/helpers/projects_helpers.rb
@@ -35,13 +35,14 @@ module API
         optional :pages_access_level, type: String, values: %w(disabled private enabled public), desc: 'Pages access level. One of `disabled`, `private`, `enabled` or `public`'
         optional :operations_access_level, type: String, values: %w(disabled private enabled), desc: 'Operations access level. One of `disabled`, `private` or `enabled`'
         optional :analytics_access_level, type: String, values: %w(disabled private enabled), desc: 'Analytics access level. One of `disabled`, `private` or `enabled`'
+        optional :container_registry_access_level, type: String, values: %w(disabled private enabled), desc: 'Controls visibility of the container registry. One of `disabled`, `private` or `enabled`. `private` will make the container registry accessible only to project members (reporter role and above). `enabled` will make the container registry accessible to everyone who has access to the project. `disabled` will disable the container registry'
 
         optional :emails_disabled, type: Boolean, desc: 'Disable email notifications'
         optional :show_default_award_emojis, type: Boolean, desc: 'Show default award emojis'
         optional :shared_runners_enabled, type: Boolean, desc: 'Flag indication if shared runners are enabled for that project'
         optional :resolve_outdated_diff_discussions, type: Boolean, desc: 'Automatically resolve merge request diffs discussions on lines changed with a push'
         optional :remove_source_branch_after_merge, type: Boolean, desc: 'Remove the source branch by default after merge'
-        optional :container_registry_enabled, type: Boolean, desc: 'Flag indication if the container registry is enabled for that project'
+        optional :container_registry_enabled, type: Boolean, desc: 'Deprecated: Use :container_registry_access_level instead. Flag indication if the container registry is enabled for that project'
         optional :container_expiration_policy_attributes, type: Hash do
           use :optional_container_expiration_policy_params
         end
@@ -124,7 +125,7 @@ module API
           :ci_config_path,
           :ci_default_git_depth,
           :ci_forward_deployment_enabled,
-          :container_registry_enabled,
+          :container_registry_access_level,
           :container_expiration_policy_attributes,
           :default_branch,
           :description,
@@ -132,7 +133,10 @@ module API
           :forking_access_level,
           :issues_access_level,
           :lfs_enabled,
+          :merge_pipelines_enabled,
           :merge_requests_access_level,
+          :merge_requests_template,
+          :merge_trains_enabled,
           :merge_method,
           :name,
           :only_allow_merge_if_all_discussions_are_resolved,
@@ -166,7 +170,8 @@ module API
           :jobs_enabled,
           :merge_requests_enabled,
           :wiki_enabled,
-          :snippets_enabled
+          :snippets_enabled,
+          :container_registry_enabled
         ]
       end
 
diff --git a/lib/api/helpers/runner.rb b/lib/api/helpers/runner.rb
deleted file mode 100644
index a022d1a56ac..00000000000
--- a/lib/api/helpers/runner.rb
+++ /dev/null
@@ -1,121 +0,0 @@
-# frozen_string_literal: true
-
-module API
-  module Helpers
-    module Runner
-      include Gitlab::Utils::StrongMemoize
-
-      prepend_mod_with('API::Helpers::Runner') # rubocop: disable Cop/InjectEnterpriseEditionModule
-
-      JOB_TOKEN_HEADER = 'HTTP_JOB_TOKEN'
-      JOB_TOKEN_PARAM = :token
-
-      def runner_registration_token_valid?
-        ActiveSupport::SecurityUtils.secure_compare(params[:token], Gitlab::CurrentSettings.runners_registration_token)
-      end
-
-      def runner_registrar_valid?(type)
-        Feature.disabled?(:runner_registration_control) || Gitlab::CurrentSettings.valid_runner_registrars.include?(type)
-      end
-
-      def authenticate_runner!
-        forbidden! unless current_runner
-
-        current_runner
-          .heartbeat(get_runner_details_from_request)
-      end
-
-      def get_runner_details_from_request
-        return get_runner_ip unless params['info'].present?
-
-        attributes_for_keys(%w(name version revision platform architecture), params['info'])
-          .merge(get_runner_config_from_request)
-          .merge(get_runner_ip)
-      end
-
-      def get_runner_ip
-        { ip_address: ip_address }
-      end
-
-      def current_runner
-        token = params[:token]
-
-        if token
-          ::Gitlab::Database::LoadBalancing::RackMiddleware
-            .stick_or_unstick(env, :runner, token)
-        end
-
-        strong_memoize(:current_runner) do
-          ::Ci::Runner.find_by_token(token.to_s)
-        end
-      end
-
-      # HTTP status codes to terminate the job on GitLab Runner:
-      # - 403
-      def authenticate_job!(require_running: true)
-        job = current_job
-
-        # 404 is not returned here because we want to terminate the job if it's
-        # running. A 404 can be returned from anywhere in the networking stack which is why
-        # we are explicit about a 403, we should improve this in
-        # https://gitlab.com/gitlab-org/gitlab/-/issues/327703
-        forbidden! unless job
-
-        forbidden! unless job_token_valid?(job)
-
-        forbidden!('Project has been deleted!') if job.project.nil? || job.project.pending_delete?
-        forbidden!('Job has been erased!') if job.erased?
-
-        if require_running
-          job_forbidden!(job, 'Job is not running') unless job.running?
-        end
-
-        job.runner&.heartbeat(get_runner_ip)
-
-        job
-      end
-
-      def current_job
-        id = params[:id]
-
-        if id
-          ::Gitlab::Database::LoadBalancing::RackMiddleware
-            .stick_or_unstick(env, :build, id)
-        end
-
-        strong_memoize(:current_job) do
-          ::Ci::Build.find_by_id(id)
-        end
-      end
-
-      def job_token_valid?(job)
-        token = (params[JOB_TOKEN_PARAM] || env[JOB_TOKEN_HEADER]).to_s
-        token && job.valid_token?(token)
-      end
-
-      def job_forbidden!(job, reason)
-        header 'Job-Status', job.status
-        forbidden!(reason)
-      end
-
-      def set_application_context
-        return unless current_job
-
-        Gitlab::ApplicationContext.push(
-          user: -> { current_job.user },
-          project: -> { current_job.project }
-        )
-      end
-
-      def track_ci_minutes_usage!(_build, _runner)
-        # noop: overridden in EE
-      end
-
-      private
-
-      def get_runner_config_from_request
-        { config: attributes_for_keys(%w(gpus), params.dig('info', 'config')) }
-      end
-    end
-  end
-end