Add latest changes from gitlab-org/gitlab@13-7-stable-eev13.7.0-rc42

2 files changed, 41 insertions, 23 deletions

diff --git a/spec/initializers/lograge_spec.rb b/spec/initializers/lograge_spec.rb
index de722764bf4..d5f9ef569c7 100644
--- a/spec/initializers/lograge_spec.rb
+++ b/spec/initializers/lograge_spec.rb
@@ -153,32 +153,22 @@ RSpec.describe 'lograge', type: :request do
       end
     end
 
-    context 'with transaction' do
-      let(:transaction) { Gitlab::Metrics::WebTransaction.new({}) }
-
-      before do
-        allow(Gitlab::Metrics::Transaction).to receive(:current).and_return(transaction)
-      end
-
+    context 'with db payload' do
       context 'when RequestStore is enabled', :request_store do
-        context 'with db payload' do
-          it 'includes db counters', :request_store do
-            ActiveRecord::Base.connection.execute('SELECT pg_sleep(0.1);')
-            subscriber.process_action(event)
+        it 'includes db counters' do
+          ActiveRecord::Base.connection.execute('SELECT pg_sleep(0.1);')
+          subscriber.process_action(event)
 
-            expect(log_data).to include("db_count" => 1, "db_write_count" => 0, "db_cached_count" => 0)
-          end
+          expect(log_data).to include("db_count" => a_value >= 1, "db_write_count" => 0, "db_cached_count" => 0)
         end
       end
 
       context 'when RequestStore is disabled' do
-        context 'with db payload' do
-          it 'does not include db counters' do
-            ActiveRecord::Base.connection.execute('SELECT pg_sleep(0.1);')
-            subscriber.process_action(event)
+        it 'does not include db counters' do
+          ActiveRecord::Base.connection.execute('SELECT pg_sleep(0.1);')
+          subscriber.process_action(event)
 
-            expect(log_data).not_to include("db_count" => 1, "db_write_count" => 0, "db_cached_count" => 0)
-          end
+          expect(log_data).not_to include("db_count", "db_write_count", "db_cached_count")
         end
       end
     end
diff --git a/spec/initializers/secret_token_spec.rb b/spec/initializers/secret_token_spec.rb
index 362371e0962..ab16dbad3fc 100644
--- a/spec/initializers/secret_token_spec.rb
+++ b/spec/initializers/secret_token_spec.rb
@@ -11,17 +11,20 @@ RSpec.describe 'create_tokens' do
   let(:rsa_key) { /\A-----BEGIN RSA PRIVATE KEY-----\n.+\n-----END RSA PRIVATE KEY-----\n\Z/m.freeze }
 
   before do
-    allow(File).to receive(:write)
-    allow(File).to receive(:delete)
     allow(Rails).to receive_message_chain(:application, :secrets).and_return(secrets)
     allow(Rails).to receive_message_chain(:root, :join) { |string| string }
+
+    allow(File).to receive(:write).and_call_original
+    allow(File).to receive(:write).with(Rails.root.join('config/secrets.yml'))
+    allow(File).to receive(:delete).and_call_original
+    allow(File).to receive(:delete).with(Rails.root.join('.secret'))
     allow(self).to receive(:warn)
     allow(self).to receive(:exit)
   end
 
   describe 'ensure acknowledged secrets in any installations' do
     let(:acknowledged_secrets) do
-      %w[secret_key_base otp_key_base db_key_base openid_connect_signing_key]
+      %w[secret_key_base otp_key_base db_key_base openid_connect_signing_key encrypted_settings_key_base rotated_encrypted_settings_key_base]
     end
 
     it 'does not allow to add a new secret without a proper handling' do
@@ -87,6 +90,7 @@ RSpec.describe 'create_tokens' do
           expect(new_secrets['otp_key_base']).to eq(secrets.otp_key_base)
           expect(new_secrets['db_key_base']).to eq(secrets.db_key_base)
           expect(new_secrets['openid_connect_signing_key']).to eq(secrets.openid_connect_signing_key)
+          expect(new_secrets['encrypted_settings_key_base']).to eq(secrets.encrypted_settings_key_base)
         end
 
         create_tokens
@@ -103,9 +107,10 @@ RSpec.describe 'create_tokens' do
       before do
         secrets.db_key_base = 'db_key_base'
         secrets.openid_connect_signing_key = 'openid_connect_signing_key'
+        secrets.encrypted_settings_key_base = 'encrypted_settings_key_base'
 
         allow(File).to receive(:exist?).with('.secret').and_return(true)
-        allow(File).to receive(:read).with('.secret').and_return('file_key')
+        stub_file_read('.secret', content: 'file_key')
       end
 
       context 'when secret_key_base exists in the environment and secrets.yml' do
@@ -155,6 +160,7 @@ RSpec.describe 'create_tokens' do
           expect(secrets.otp_key_base).to eq('otp_key_base')
           expect(secrets.db_key_base).to eq('db_key_base')
           expect(secrets.openid_connect_signing_key).to eq('openid_connect_signing_key')
+          expect(secrets.encrypted_settings_key_base).to eq('encrypted_settings_key_base')
         end
 
         it 'deletes the .secret file' do
@@ -205,12 +211,34 @@ RSpec.describe 'create_tokens' do
           create_tokens
         end
       end
+
+      context 'when rotated_encrypted_settings_key_base does not exist' do
+        before do
+          secrets.secret_key_base = 'secret_key_base'
+          secrets.otp_key_base = 'otp_key_base'
+          secrets.openid_connect_signing_key = 'openid_connect_signing_key'
+          secrets.encrypted_settings_key_base = 'encrypted_settings_key_base'
+        end
+
+        it 'does not warn about the missing secrets' do
+          expect(self).not_to receive(:warn_missing_secret).with('rotated_encrypted_settings_key_base')
+
+          create_tokens
+        end
+
+        it 'does not update secrets.yml' do
+          expect(File).not_to receive(:write)
+
+          create_tokens
+        end
+      end
     end
 
     context 'when db_key_base is blank but exists in secrets.yml' do
       before do
         secrets.otp_key_base = 'otp_key_base'
         secrets.secret_key_base = 'secret_key_base'
+        secrets.encrypted_settings_key_base = 'encrypted_settings_key_base'
         yaml_secrets = secrets.to_h.stringify_keys.merge('db_key_base' => '<%= an_erb_expression %>')
 
         allow(File).to receive(:exist?).with('.secret').and_return(false)