Merge branch 'master' into feature/sm/35954-create-kubernetes-cluster-on-gke-from-k8s-service

12 files changed, 216 insertions, 6 deletions

diff --git a/lib/banzai/filter/sanitization_filter.rb b/lib/banzai/filter/sanitization_filter.rb
index 88b17e12576..d8c8deea628 100644
--- a/lib/banzai/filter/sanitization_filter.rb
+++ b/lib/banzai/filter/sanitization_filter.rb
@@ -73,8 +73,9 @@ module Banzai
             return unless node.has_attribute?('href')
 
             begin
+              node['href'] = node['href'].strip
               uri = Addressable::URI.parse(node['href'])
-              uri.scheme = uri.scheme.strip.downcase if uri.scheme
+              uri.scheme = uri.scheme.downcase if uri.scheme
 
               node.remove_attribute('href') if UNSAFE_PROTOCOLS.include?(uri.scheme)
             rescue Addressable::URI::InvalidURIError
diff --git a/lib/gitlab/git/user.rb b/lib/gitlab/git/user.rb
index cb1af5f3b7c..da74719ae87 100644
--- a/lib/gitlab/git/user.rb
+++ b/lib/gitlab/git/user.rb
@@ -7,6 +7,11 @@ module Gitlab
         new(gitlab_user.username, gitlab_user.name, gitlab_user.email, Gitlab::GlId.gl_id(gitlab_user))
       end
 
+      # TODO support the username field in Gitaly https://gitlab.com/gitlab-org/gitaly/issues/628
+      def self.from_gitaly(gitaly_user)
+        new('', gitaly_user.name, gitaly_user.email, gitaly_user.gl_id)
+      end
+
       def initialize(username, name, email, gl_id)
         @username = username
         @name = name
diff --git a/lib/gitlab/git/wiki.rb b/lib/gitlab/git/wiki.rb
new file mode 100644
index 00000000000..d651c931a38
--- /dev/null
+++ b/lib/gitlab/git/wiki.rb
@@ -0,0 +1,115 @@
+module Gitlab
+  module Git
+    class Wiki
+      DuplicatePageError = Class.new(StandardError)
+
+      CommitDetails = Struct.new(:name, :email, :message) do
+        def to_h
+          { name: name, email: email, message: message }
+        end
+      end
+
+      def self.default_ref
+        'master'
+      end
+
+      # Initialize with a Gitlab::Git::Repository instance
+      def initialize(repository)
+        @repository = repository
+      end
+
+      def repository_exists?
+        @repository.exists?
+      end
+
+      def write_page(name, format, content, commit_details)
+        assert_type!(format, Symbol)
+        assert_type!(commit_details, CommitDetails)
+
+        gollum_wiki.write_page(name, format, content, commit_details.to_h)
+
+        nil
+      rescue Gollum::DuplicatePageError => e
+        raise Gitlab::Git::Wiki::DuplicatePageError, e.message
+      end
+
+      def delete_page(page_path, commit_details)
+        assert_type!(commit_details, CommitDetails)
+
+        gollum_wiki.delete_page(gollum_page_by_path(page_path), commit_details.to_h)
+        nil
+      end
+
+      def update_page(page_path, title, format, content, commit_details)
+        assert_type!(format, Symbol)
+        assert_type!(commit_details, CommitDetails)
+
+        gollum_wiki.update_page(gollum_page_by_path(page_path), title, format, content, commit_details.to_h)
+        nil
+      end
+
+      def pages
+        gollum_wiki.pages.map { |gollum_page| new_page(gollum_page) }
+      end
+
+      def page(title:, version: nil, dir: nil)
+        if version
+          version = Gitlab::Git::Commit.find(@repository, version).id
+        end
+
+        gollum_page = gollum_wiki.page(title, version, dir)
+        return unless gollum_page
+
+        new_page(gollum_page)
+      end
+
+      def file(name, version)
+        version ||= self.class.default_ref
+        gollum_file = gollum_wiki.file(name, version)
+        return unless gollum_file
+
+        Gitlab::Git::WikiFile.new(gollum_file)
+      end
+
+      def page_versions(page_path)
+        current_page = gollum_page_by_path(page_path)
+        current_page.versions.map do |gollum_git_commit|
+          gollum_page = gollum_wiki.page(current_page.title, gollum_git_commit.id)
+          new_version(gollum_page, gollum_git_commit.id)
+        end
+      end
+
+      def preview_slug(title, format)
+        gollum_wiki.preview_page(title, '', format).url_path
+      end
+
+      private
+
+      def gollum_wiki
+        @gollum_wiki ||= Gollum::Wiki.new(@repository.path)
+      end
+
+      def gollum_page_by_path(page_path)
+        page_name = Gollum::Page.canonicalize_filename(page_path)
+        page_dir = File.split(page_path).first
+
+        gollum_wiki.paged(page_name, page_dir)
+      end
+
+      def new_page(gollum_page)
+        Gitlab::Git::WikiPage.new(gollum_page, new_version(gollum_page, gollum_page.version.id))
+      end
+
+      def new_version(gollum_page, commit_id)
+        commit = Gitlab::Git::Commit.find(@repository, commit_id)
+        Gitlab::Git::WikiPageVersion.new(commit, gollum_page&.format)
+      end
+
+      def assert_type!(object, klass)
+        unless object.is_a?(klass)
+          raise ArgumentError, "expected a #{klass}, got #{object.inspect}"
+        end
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/git/wiki_file.rb b/lib/gitlab/git/wiki_file.rb
new file mode 100644
index 00000000000..527f2a44dea
--- /dev/null
+++ b/lib/gitlab/git/wiki_file.rb
@@ -0,0 +1,19 @@
+module Gitlab
+  module Git
+    class WikiFile
+      attr_reader :mime_type, :raw_data, :name
+
+      # This class is meant to be serializable so that it can be constructed
+      # by Gitaly and sent over the network to GitLab.
+      #
+      # Because Gollum::File is not serializable we must get all the data from
+      # 'gollum_file' during initialization, and NOT store it in an instance
+      # variable.
+      def initialize(gollum_file)
+        @mime_type = gollum_file.mime_type
+        @raw_data = gollum_file.raw_data
+        @name = gollum_file.name
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/git/wiki_page.rb b/lib/gitlab/git/wiki_page.rb
new file mode 100644
index 00000000000..a06bac4414f
--- /dev/null
+++ b/lib/gitlab/git/wiki_page.rb
@@ -0,0 +1,39 @@
+module Gitlab
+  module Git
+    class WikiPage
+      attr_reader :url_path, :title, :format, :path, :version, :raw_data, :name, :text_data, :historical
+
+      # This class is meant to be serializable so that it can be constructed
+      # by Gitaly and sent over the network to GitLab.
+      #
+      # Because Gollum::Page is not serializable we must get all the data from
+      # 'gollum_page' during initialization, and NOT store it in an instance
+      # variable.
+      #
+      # Note that 'version' is a WikiPageVersion instance which it itself
+      # serializable. That means it's OK to store 'version' in an instance
+      # variable.
+      def initialize(gollum_page, version)
+        @url_path = gollum_page.url_path
+        @title = gollum_page.title
+        @format = gollum_page.format
+        @path = gollum_page.path
+        @raw_data = gollum_page.raw_data
+        @name = gollum_page.name
+        @historical = gollum_page.historical?
+
+        @version = version
+      end
+
+      def historical?
+        @historical
+      end
+
+      def text_data
+        return @text_data if defined?(@text_data)
+
+        @text_data = @raw_data && Gitlab::EncodingHelper.encode!(@raw_data.dup)
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/git/wiki_page_version.rb b/lib/gitlab/git/wiki_page_version.rb
new file mode 100644
index 00000000000..55f1afedcab
--- /dev/null
+++ b/lib/gitlab/git/wiki_page_version.rb
@@ -0,0 +1,19 @@
+module Gitlab
+  module Git
+    class WikiPageVersion
+      attr_reader :commit, :format
+
+      # This class is meant to be serializable so that it can be constructed
+      # by Gitaly and sent over the network to GitLab.
+      #
+      # Both 'commit' (a Gitlab::Git::Commit) and 'format' (a string) are
+      # serializable.
+      def initialize(commit, format)
+        @commit = commit
+        @format = format
+      end
+
+      delegate :message, :sha, :id, :author_name, :authored_date, to: :commit
+    end
+  end
+end
diff --git a/lib/gitlab/gitaly_client.rb b/lib/gitlab/gitaly_client.rb
index e75e0500ed8..87b300dcf7e 100644
--- a/lib/gitlab/gitaly_client.rb
+++ b/lib/gitlab/gitaly_client.rb
@@ -233,6 +233,8 @@ module Gitlab
     end
 
     def self.encode(s)
+      return "" if s.nil?
+
       s.dup.force_encoding(Encoding::ASCII_8BIT)
     end
 
diff --git a/lib/gitlab/gitaly_client/commit_service.rb b/lib/gitlab/gitaly_client/commit_service.rb
index 36da63fd586..a2b50f2507e 100644
--- a/lib/gitlab/gitaly_client/commit_service.rb
+++ b/lib/gitlab/gitaly_client/commit_service.rb
@@ -274,7 +274,7 @@ module Gitlab
           repository: @gitaly_repo,
           left_commit_id: from_id,
           right_commit_id: to_id,
-          paths: options.fetch(:paths, []).map { |path| GitalyClient.encode(path) }
+          paths: options.fetch(:paths, []).compact.map { |path| GitalyClient.encode(path) }
         }
       end
 
diff --git a/lib/gitlab/kubernetes.rb b/lib/gitlab/kubernetes.rb
index cdbdfa10d0e..da43bd0af4b 100644
--- a/lib/gitlab/kubernetes.rb
+++ b/lib/gitlab/kubernetes.rb
@@ -113,7 +113,7 @@ module Gitlab
 
     def kubeconfig_embed_ca_pem(config, ca_pem)
       cluster = config.dig(:clusters, 0, :cluster)
-      cluster[:'certificate-authority-data'] = Base64.encode64(ca_pem)
+      cluster[:'certificate-authority-data'] = Base64.strict_encode64(ca_pem)
     end
   end
 end
diff --git a/lib/gitlab/url_sanitizer.rb b/lib/gitlab/url_sanitizer.rb
index 4e1ec1402ea..1caa791c1be 100644
--- a/lib/gitlab/url_sanitizer.rb
+++ b/lib/gitlab/url_sanitizer.rb
@@ -1,7 +1,9 @@
 module Gitlab
   class UrlSanitizer
+    ALLOWED_SCHEMES = %w[http https ssh git].freeze
+
     def self.sanitize(content)
-      regexp = URI::Parser.new.make_regexp(%w(http https ssh git))
+      regexp = URI::Parser.new.make_regexp(ALLOWED_SCHEMES)
 
       content.gsub(regexp) { |url| new(url).masked_url }
     rescue Addressable::URI::InvalidURIError
@@ -11,9 +13,9 @@ module Gitlab
     def self.valid?(url)
       return false unless url.present?
 
-      Addressable::URI.parse(url.strip)
+      uri = Addressable::URI.parse(url.strip)
 
-      true
+      ALLOWED_SCHEMES.include?(uri.scheme)
     rescue Addressable::URI::InvalidURIError
       false
     end
diff --git a/lib/gitlab/workhorse.rb b/lib/gitlab/workhorse.rb
index 45f246242f1..f200c694562 100644
--- a/lib/gitlab/workhorse.rb
+++ b/lib/gitlab/workhorse.rb
@@ -89,6 +89,13 @@ module Gitlab
         params = repository.archive_metadata(ref, Gitlab.config.gitlab.repository_downloads_path, format)
         raise "Repository or ref not found" if params.empty?
 
+        if Gitlab::GitalyClient.feature_enabled?(:workhorse_archive)
+          params.merge!(
+            'GitalyServer' => gitaly_server_hash(repository),
+            'GitalyRepository' => repository.gitaly_repository.to_h
+          )
+        end
+
         [
           SEND_DATA_HEADER,
           "git-archive:#{encode(params)}"
diff --git a/lib/system_check/app/git_user_default_ssh_config_check.rb b/lib/system_check/app/git_user_default_ssh_config_check.rb
index 7b486d78cf0..dfa8b8b3f5b 100644
--- a/lib/system_check/app/git_user_default_ssh_config_check.rb
+++ b/lib/system_check/app/git_user_default_ssh_config_check.rb
@@ -5,6 +5,7 @@ module SystemCheck
       # whitelisted as it may change the SSH client's behaviour dramatically.
       WHITELIST = %w[
         authorized_keys
+        authorized_keys.lock
         authorized_keys2
         known_hosts
       ].freeze