9 files changed, 14 insertions, 90 deletions

diff --git a/app/assets/stylesheets/framework/common.scss b/app/assets/stylesheets/framework/common.scss
index 4b7dda3a2ff..7f0d10ae4ac 100644
--- a/app/assets/stylesheets/framework/common.scss
+++ b/app/assets/stylesheets/framework/common.scss
@@ -573,6 +573,7 @@ img.emoji {
 .gl-font-size-large { font-size: $gl-font-size-large; }
 
 .gl-line-height-24 { line-height: $gl-line-height-24; }
+.gl-line-height-14 { line-height: $gl-line-height-14; }
 
 .gl-font-size-12 { font-size: $gl-font-size-12; }
 .gl-font-size-14 { font-size: $gl-font-size-14; }
diff --git a/app/controllers/concerns/sourcegraph_gon.rb b/app/controllers/concerns/sourcegraph_decorator.rb
index 01925cf9d4d..5ef09b9221f 100644
--- a/app/controllers/concerns/sourcegraph_gon.rb
+++ b/app/controllers/concerns/sourcegraph_decorator.rb
@@ -1,10 +1,19 @@
 # frozen_string_literal: true
 
-module SourcegraphGon
+module SourcegraphDecorator
   extend ActiveSupport::Concern
 
   included do
     before_action :push_sourcegraph_gon, if: :html_request?
+
+    content_security_policy do |p|
+      next if p.directives.blank?
+      next unless Gitlab::CurrentSettings.sourcegraph_enabled
+
+      default_connect_src = p.directives['connect-src'] || p.directives['default-src']
+      connect_src_values = Array.wrap(default_connect_src) | [Gitlab::CurrentSettings.sourcegraph_url]
+      p.connect_src(*connect_src_values)
+    end
   end
 
   private
diff --git a/app/controllers/projects/blob_controller.rb b/app/controllers/projects/blob_controller.rb
index acd3ddf2d05..3cd14cf845f 100644
--- a/app/controllers/projects/blob_controller.rb
+++ b/app/controllers/projects/blob_controller.rb
@@ -8,7 +8,7 @@ class Projects::BlobController < Projects::ApplicationController
   include NotesHelper
   include ActionView::Helpers::SanitizeHelper
   include RedirectsForMissingPathOnTree
-  include SourcegraphGon
+  include SourcegraphDecorator
 
   prepend_before_action :authenticate_user!, only: [:edit]
 
diff --git a/app/controllers/projects/commit_controller.rb b/app/controllers/projects/commit_controller.rb
index 5c5bdb867bd..3f2dc9b09fa 100644
--- a/app/controllers/projects/commit_controller.rb
+++ b/app/controllers/projects/commit_controller.rb
@@ -8,7 +8,7 @@ class Projects::CommitController < Projects::ApplicationController
   include CreatesCommit
   include DiffForPath
   include DiffHelper
-  include SourcegraphGon
+  include SourcegraphDecorator
 
   # Authorize
   before_action :require_non_empty_project
diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb
index 94b5f29eff7..5af0c835385 100644
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -9,7 +9,7 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
   include ToggleAwardEmoji
   include IssuableCollections
   include RecordUserLastActivity
-  include SourcegraphGon
+  include SourcegraphDecorator
 
   skip_before_action :merge_request, only: [:index, :bulk_update]
   before_action :whitelist_query_limiting, only: [:assign_related_issues, :update]
diff --git a/app/finders/clusters/knative_serving_namespace_finder.rb b/app/finders/clusters/knative_serving_namespace_finder.rb
deleted file mode 100644
index b6cf84beb79..00000000000
--- a/app/finders/clusters/knative_serving_namespace_finder.rb
+++ /dev/null
@@ -1,25 +0,0 @@
-# frozen_string_literal: true
-
-module Clusters
-  class KnativeServingNamespaceFinder
-    attr_reader :cluster
-
-    def initialize(cluster)
-      @cluster = cluster
-    end
-
-    def execute
-      cluster.kubeclient&.get_namespace(Clusters::Kubernetes::KNATIVE_SERVING_NAMESPACE)
-    rescue Kubeclient::ResourceNotFoundError
-      nil
-    rescue Kubeclient::HttpError => e
-      # If the kubernetes auth engine is enabled, it will return 403
-      if e.error_code == 403
-        Gitlab::ErrorTracking.track_exception(e)
-        nil
-      else
-        raise
-      end
-    end
-  end
-end
diff --git a/app/finders/clusters/knative_version_role_binding_finder.rb b/app/finders/clusters/knative_version_role_binding_finder.rb
deleted file mode 100644
index 26f5492840a..00000000000
--- a/app/finders/clusters/knative_version_role_binding_finder.rb
+++ /dev/null
@@ -1,17 +0,0 @@
-# frozen_string_literal: true
-
-module Clusters
-  class KnativeVersionRoleBindingFinder
-    attr_reader :cluster
-
-    def initialize(cluster)
-      @cluster = cluster
-    end
-
-    def execute
-      cluster.kubeclient&.get_cluster_role_binding(Clusters::Kubernetes::GITLAB_KNATIVE_VERSION_ROLE_BINDING_NAME)
-    rescue Kubeclient::ResourceNotFoundError
-      nil
-    end
-  end
-end
diff --git a/app/services/clusters/kubernetes.rb b/app/services/clusters/kubernetes.rb
index 59cb1c4b3a9..d29519999b2 100644
--- a/app/services/clusters/kubernetes.rb
+++ b/app/services/clusters/kubernetes.rb
@@ -12,8 +12,5 @@ module Clusters
     GITLAB_KNATIVE_SERVING_ROLE_BINDING_NAME = 'gitlab-knative-serving-rolebinding'
     GITLAB_CROSSPLANE_DATABASE_ROLE_NAME = 'gitlab-crossplane-database-role'
     GITLAB_CROSSPLANE_DATABASE_ROLE_BINDING_NAME = 'gitlab-crossplane-database-rolebinding'
-    GITLAB_KNATIVE_VERSION_ROLE_NAME = 'gitlab-knative-version-role'
-    GITLAB_KNATIVE_VERSION_ROLE_BINDING_NAME = 'gitlab-knative-version-rolebinding'
-    KNATIVE_SERVING_NAMESPACE = 'knative-serving'
   end
 end
diff --git a/app/services/clusters/kubernetes/create_or_update_service_account_service.rb b/app/services/clusters/kubernetes/create_or_update_service_account_service.rb
index 046046bf5a3..d798dcdcfd3 100644
--- a/app/services/clusters/kubernetes/create_or_update_service_account_service.rb
+++ b/app/services/clusters/kubernetes/create_or_update_service_account_service.rb
@@ -49,14 +49,8 @@ module Clusters
 
         create_or_update_knative_serving_role
         create_or_update_knative_serving_role_binding
-
         create_or_update_crossplane_database_role
         create_or_update_crossplane_database_role_binding
-
-        return unless knative_serving_namespace
-
-        create_or_update_knative_version_role
-        create_or_update_knative_version_role_binding
       end
 
       private
@@ -70,12 +64,6 @@ module Clusters
         ).ensure_exists!
       end
 
-      def knative_serving_namespace
-        kubeclient.get_namespace(Clusters::Kubernetes::KNATIVE_SERVING_NAMESPACE)
-      rescue Kubeclient::ResourceNotFoundError
-        nil
-      end
-
       def create_role_or_cluster_role_binding
         if namespace_creator
           kubeclient.create_or_update_role_binding(role_binding_resource)
@@ -100,14 +88,6 @@ module Clusters
         kubeclient.update_role_binding(crossplane_database_role_binding_resource)
       end
 
-      def create_or_update_knative_version_role
-        kubeclient.update_cluster_role(knative_version_role_resource)
-      end
-
-      def create_or_update_knative_version_role_binding
-        kubeclient.update_cluster_role_binding(knative_version_role_binding_resource)
-      end
-
       def service_account_resource
         Gitlab::Kubernetes::ServiceAccount.new(
           service_account_name,
@@ -186,27 +166,6 @@ module Clusters
           service_account_name: service_account_name
         ).generate
       end
-
-      def knative_version_role_resource
-        Gitlab::Kubernetes::ClusterRole.new(
-          name: Clusters::Kubernetes::GITLAB_KNATIVE_VERSION_ROLE_NAME,
-          rules: [{
-            apiGroups: %w(apps),
-            resources: %w(deployments),
-            verbs: %w(list get)
-          }]
-        ).generate
-      end
-
-      def knative_version_role_binding_resource
-        subjects = [{ kind: 'ServiceAccount', name: service_account_name, namespace: service_account_namespace }]
-
-        Gitlab::Kubernetes::ClusterRoleBinding.new(
-          Clusters::Kubernetes::GITLAB_KNATIVE_VERSION_ROLE_BINDING_NAME,
-          Clusters::Kubernetes::GITLAB_KNATIVE_VERSION_ROLE_NAME,
-          subjects
-        ).generate
-      end
     end
   end
 end