18 files changed, 83 insertions, 110 deletions

diff --git a/config/initializers/00_active_record_gitlab_schema.rb b/config/initializers/00_active_record_gitlab_schema.rb
new file mode 100644
index 00000000000..f1ddd4d4eb1
--- /dev/null
+++ b/config/initializers/00_active_record_gitlab_schema.rb
@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+# This parameter describes a virtual context to indicate
+# table affinity to other tables.
+#
+# Table affinity limits cross-joins, cross-modifications,
+# foreign keys and validates relationship between tables
+#
+# By default it is undefined
+ActiveRecord::Base.class_attribute :gitlab_schema, default: nil
diff --git a/config/initializers/0_acts_as_taggable.rb b/config/initializers/0_acts_as_taggable.rb
index 9f66d970ffd..04619590e3c 100644
--- a/config/initializers/0_acts_as_taggable.rb
+++ b/config/initializers/0_acts_as_taggable.rb
@@ -13,3 +13,7 @@ raise "Counter cache is not disabled" if
 ActsAsTaggableOn::Tagging.include IgnorableColumns
 ActsAsTaggableOn::Tagging.ignore_column :id_convert_to_bigint, remove_with: '14.2', remove_after: '2021-08-22'
 ActsAsTaggableOn::Tagging.ignore_column :taggable_id_convert_to_bigint, remove_with: '14.2', remove_after: '2021-08-22'
+
+# The tags and taggings are supposed to be part of `gitlab_ci`
+ActsAsTaggableOn::Tag.gitlab_schema = :gitlab_ci
+ActsAsTaggableOn::Tagging.gitlab_schema = :gitlab_ci
diff --git a/config/initializers/0_inject_enterprise_edition_module.rb b/config/initializers/0_inject_enterprise_edition_module.rb
index a00075990eb..41d1043af38 100644
--- a/config/initializers/0_inject_enterprise_edition_module.rb
+++ b/config/initializers/0_inject_enterprise_edition_module.rb
@@ -58,39 +58,7 @@ module InjectEnterpriseEditionModule
   end
 
   def const_get_maybe_false(mod, name)
-    # We're still heavily relying on Rails autoloading instead of zeitwerk,
-    # therefore this check: `mod.const_defined?(name, false)`
-    # Is not reliable, which may return false while it's defined.
-    # After we moved everything over to zeitwerk we can avoid rescuing
-    # NameError and just check if const_defined?
-    # mod && mod.const_defined?(name, false) && mod.const_get(name, false)
-    result = mod && mod.const_get(name, false)
-
-    if result.name == "#{mod}::#{name}"
-      result
-    else
-      # This may hit into a Rails issue that when we try to load
-      # `EE::API::Appearance`, Rails might load `::Appearance` the first time
-      # when `mod.const_get(name, false)` is called if `::Appearance` is not
-      # loaded yet. This can be demonstrated as the following:
-      #
-      #     EE.const_get('API::Appearance', false) # => Appearance
-      #     EE.const_get('API::Appearance', false) # => raise NameError
-      #
-      # Getting a `NameError` is what we're expecting here, because
-      # `EE::API::Appearance` doesn't exist.
-      #
-      # This is because Rails will attempt to load constants from all the
-      # parent namespaces, and if it finds one it'll load it and return it.
-      # However, the second time when it's called, since the top-level class
-      # is already loaded, then Rails will skip this process. This weird
-      # behaviour can be worked around by calling this the second time.
-      # The particular line is at:
-      # https://github.com/rails/rails/blob/v6.1.3.2/activesupport/lib/active_support/dependencies.rb#L569-L570
-      mod.const_get(name, false)
-    end
-  rescue NameError
-    false
+    mod && mod.const_defined?(name, false) && mod.const_get(name, false)
   end
 end
 
diff --git a/config/initializers/0_marginalia.rb b/config/initializers/0_marginalia.rb
index 7e48c9d4fcd..f7a1f5f0469 100644
--- a/config/initializers/0_marginalia.rb
+++ b/config/initializers/0_marginalia.rb
@@ -13,7 +13,7 @@ require 'marginalia'
 # matching against the raw SQL, and prepending the comment prevents color
 # coding from working in the development log.
 Marginalia::Comment.prepend_comment = true if Rails.env.production?
-Marginalia::Comment.components = [:application, :correlation_id, :jid, :endpoint_id]
+Marginalia::Comment.components = [:application, :correlation_id, :jid, :endpoint_id, :db_config_name]
 
 # As mentioned in https://github.com/basecamp/marginalia/pull/93/files,
 # adding :line has some overhead because a regexp on the backtrace has
diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb
index e71f1e1b028..1c22216d442 100644
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -95,6 +95,7 @@ Settings.omniauth['block_auto_created_users'] = true if Settings.omniauth['block
 Settings.omniauth['auto_link_ldap_user'] = false if Settings.omniauth['auto_link_ldap_user'].nil?
 Settings.omniauth['auto_link_saml_user'] = false if Settings.omniauth['auto_link_saml_user'].nil?
 Settings.omniauth['auto_link_user'] = false if Settings.omniauth['auto_link_user'].nil?
+Settings.omniauth['saml_message_max_byte_size'] = 250000 if Settings.omniauth['saml_message_max_byte_size'].nil?
 
 Settings.omniauth['sync_profile_from_provider'] = false if Settings.omniauth['sync_profile_from_provider'].nil?
 Settings.omniauth['sync_profile_attributes'] = ['email'] if Settings.omniauth['sync_profile_attributes'].nil?
@@ -251,6 +252,7 @@ Settings.gitlab_ci['url']                 ||= Settings.__send__(:build_gitlab_ci
 #
 Settings['incoming_email'] ||= Settingslogic.new({})
 Settings.incoming_email['enabled'] = false if Settings.incoming_email['enabled'].nil?
+Settings.incoming_email['inbox_method'] ||= 'imap'
 
 #
 # Service desk email
diff --git a/config/initializers/action_cable.rb b/config/initializers/action_cable.rb
index 5530e7d64a2..16d29f5910f 100644
--- a/config/initializers/action_cable.rb
+++ b/config/initializers/action_cable.rb
@@ -17,3 +17,6 @@ ActionCable::SubscriptionAdapter::Redis.redis_connector = lambda do |config|
 
   ::Redis.new(args)
 end
+
+Gitlab::ActionCable::RequestStoreCallbacks.install
+Gitlab::Database::LoadBalancing::ActionCableCallbacks.install if Gitlab::Database::LoadBalancing.enable?
diff --git a/config/initializers/active_record_build_select.rb b/config/initializers/active_record_build_select.rb
deleted file mode 100644
index ab5a872cac6..00000000000
--- a/config/initializers/active_record_build_select.rb
+++ /dev/null
@@ -1,24 +0,0 @@
-# frozen_string_literal: true
-
-# rubocop:disable Gitlab/ModuleWithInstanceVariables
-
-# build_select only selects the required fields if the model has ignored_columns.
-# This is incompatible with some migrations or background migration specs because
-# rails keeps a statement cache in memory. So if a model with ignored_columns in a
-# migration is used, the query with select table.col1, table.col2 is stored in the
-# statement cache. If a different migration is then run and one of these columns is
-# removed in the meantime, the query is invalid.
-
-module ActiveRecord
-  module QueryMethods
-    private
-
-    def build_select(arel)
-      if select_values.any?
-        arel.project(*arel_columns(select_values.uniq))
-      else
-        arel.project(@klass.arel_table[Arel.star])
-      end
-    end
-  end
-end
diff --git a/config/initializers/active_record_migrations.rb b/config/initializers/active_record_migrations.rb
new file mode 100644
index 00000000000..d878a1b210b
--- /dev/null
+++ b/config/initializers/active_record_migrations.rb
@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+Gitlab::Database::Migrations::LockRetryMixin.patch!
diff --git a/config/initializers/database_config.rb b/config/initializers/database_config.rb
index 6bdd0e377da..e9f10abd0b9 100644
--- a/config/initializers/database_config.rb
+++ b/config/initializers/database_config.rb
@@ -24,7 +24,7 @@ ActiveRecord::Base.establish_connection(Gitlab::Database.main.db_config_with_def
 
 Gitlab.ee do
   if Gitlab::Runtime.sidekiq? && Gitlab::Geo.geo_database_configured?
-    Rails.configuration.geo_database['pool'] = Gitlab::Database.main.default_pool_size
+    Rails.configuration.geo_database['pool'] = Gitlab::Database.default_pool_size
     Geo::TrackingBase.establish_connection(Rails.configuration.geo_database)
   end
 end
diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb
index 4533779339a..477d419576a 100644
--- a/config/initializers/doorkeeper.rb
+++ b/config/initializers/doorkeeper.rb
@@ -38,8 +38,11 @@ Doorkeeper.configure do
   # authorization_code_expires_in 10.minutes
 
   # Access token expiration time (default 2 hours).
-  # If you want to disable expiration, set this to nil.
-  access_token_expires_in nil
+  # Until 15.0, applications can opt-out of expiring tokens.
+  # Removal issue: https://gitlab.com/gitlab-org/gitlab/-/issues/340848
+  custom_access_token_expires_in do |context|
+    context.client&.expire_access_tokens ? 2.hours : Float::INFINITY
+  end
 
   # Reuse access token for the same resource owner within an application (disabled by default)
   # Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/383
diff --git a/config/initializers/doorkeeper_openid_connect.rb b/config/initializers/doorkeeper_openid_connect.rb
index 12a963ce45d..476230d0f70 100644
--- a/config/initializers/doorkeeper_openid_connect.rb
+++ b/config/initializers/doorkeeper_openid_connect.rb
@@ -57,7 +57,8 @@ Doorkeeper::OpenidConnect.configure do
       o.claim(:website)        { |user| user.full_website_url if user.website_url? }
       o.claim(:profile)        { |user| Gitlab::Routing.url_helpers.user_url user }
       o.claim(:picture)        { |user| user.avatar_url(only_path: false) }
-      o.claim(:groups)         { |user| user.membership_groups.map(&:full_path) }
+      o.claim(:groups)         { |user| user.membership_groups.joins(:route).with_route.map(&:full_path) }
+      o.claim(:groups_direct, response: [:id_token]) { |user| user.groups.joins(:route).with_route.map(&:full_path) }
     end
   end
 end
diff --git a/config/initializers/kaminari_active_record_relation_methods_with_limit.rb b/config/initializers/kaminari_active_record_relation_methods_with_limit.rb
index 982cb69e532..9a5a95403ad 100644
--- a/config/initializers/kaminari_active_record_relation_methods_with_limit.rb
+++ b/config/initializers/kaminari_active_record_relation_methods_with_limit.rb
@@ -4,6 +4,7 @@ module Kaminari
   # Active Record specific page scope methods implementations
   module ActiveRecordRelationMethodsWithLimit
     MAX_COUNT_LIMIT = 10_000
+    MAX_COUNT_NEW_LOWER_LIMIT = 1_000
 
     # This is a modified version of
     # https://github.com/kaminari/kaminari/blob/c5186f5d9b7f23299d115408e62047447fd3189d/kaminari-activerecord/lib/kaminari/activerecord/active_record_relation_methods.rb#L17-L41
@@ -21,7 +22,8 @@ module Kaminari
         return @total_count = (current_page - 1) * limit_value + @records.length if @records.any? && (@records.length < limit_value)
       end
 
-      limit = options.fetch(:limit, MAX_COUNT_LIMIT).to_i
+      max_limit = Feature.enabled?(:lower_relation_max_count_limit, type: :ops) ? MAX_COUNT_NEW_LOWER_LIMIT : MAX_COUNT_LIMIT
+      limit = options.fetch(:limit, max_limit).to_i
       # #count overrides the #select which could include generated columns referenced in #order, so skip #order here, where it's irrelevant to the result anyway
       c = except(:offset, :limit, :order)
       # Remove includes only if they are irrelevant
diff --git a/config/initializers/peek.rb b/config/initializers/peek.rb
index 6fd92865731..9662039e3eb 100644
--- a/config/initializers/peek.rb
+++ b/config/initializers/peek.rb
@@ -24,7 +24,7 @@ Peek.into Peek::Views::Tracing if Labkit::Tracing.tracing_url_enabled?
 # See https://github.com/peek/peek/blob/master/lib/peek/views/view.rb
 Peek.views
 
-ActiveSupport::Notifications.subscribe('endpoint_run.grape') do |_name, _start, _finish, _id, payload|
+ActiveSupport::Notifications.subscribe('format_response.grape') do |_name, _start, _finish, _id, payload|
   if request_id = payload[:env]['action_dispatch.request_id']
     Peek.adapter.save(request_id)
   end
diff --git a/config/initializers/postgres_partitioning.rb b/config/initializers/postgres_partitioning.rb
index d4be1e7670d..f2e2fba1559 100644
--- a/config/initializers/postgres_partitioning.rb
+++ b/config/initializers/postgres_partitioning.rb
@@ -1,17 +1,20 @@
 # frozen_string_literal: true
 
-# Make sure we have loaded partitioned models here
-# (even with eager loading disabled).
-
-Gitlab::Database::Partitioning::PartitionManager.register(AuditEvent)
-Gitlab::Database::Partitioning::PartitionManager.register(WebHookLog)
+Gitlab::Database::Partitioning.register_models([
+  AuditEvent,
+  WebHookLog,
+  LooseForeignKeys::DeletedRecord
+])
 
 if Gitlab.ee?
-  Gitlab::Database::Partitioning::PartitionManager.register(IncidentManagement::PendingEscalations::Alert)
+  Gitlab::Database::Partitioning.register_models([
+    IncidentManagement::PendingEscalations::Alert,
+    IncidentManagement::PendingEscalations::Issue
+  ])
 end
 
 begin
-  Gitlab::Database::Partitioning::PartitionManager.new.sync_partitions unless ENV['DISABLE_POSTGRES_PARTITION_CREATION_ON_STARTUP']
+  Gitlab::Database::Partitioning.sync_partitions unless ENV['DISABLE_POSTGRES_PARTITION_CREATION_ON_STARTUP']
 rescue ActiveRecord::ActiveRecordError, PG::Error
   # ignore - happens when Rake tasks yet have to create a database, e.g. for testing
 end
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index 204d4d88f0a..02fc4912f94 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -13,6 +13,8 @@ end
 
 cookie_key = if Rails.env.development?
                "_gitlab_session_#{Digest::SHA256.hexdigest(Rails.root.to_s)}"
+             elsif ::Gitlab.ee? && ::Gitlab::Geo.connected? && ::Gitlab::Geo.secondary?
+               "_gitlab_session_geo_#{Digest::SHA256.hexdigest(GeoNode.current_node_name)}"
              else
                "_gitlab_session"
              end
diff --git a/config/initializers/static_files.rb b/config/initializers/static_files.rb
index 3cdb5a5abcf..2879d48387d 100644
--- a/config/initializers/static_files.rb
+++ b/config/initializers/static_files.rb
@@ -2,6 +2,10 @@
 
 app = Rails.application
 
+# Disable Sendfile for Sidekiq Web assets since Workhorse won't
+# always have access to these files.
+app.config.middleware.insert_before(Rack::Sendfile, Gitlab::Middleware::SidekiqWebStatic)
+
 if app.config.public_file_server.enabled
   # The `ActionDispatch::Static` middleware intercepts requests for static files
   # by checking if they exist in the `/public` directory.
diff --git a/config/initializers/validate_database_config.rb b/config/initializers/validate_database_config.rb
new file mode 100644
index 00000000000..a651db8b783
--- /dev/null
+++ b/config/initializers/validate_database_config.rb
@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+if Gitlab::Utils.to_boolean(ENV['SKIP_DATABASE_CONFIG_VALIDATION'], default: false)
+  return
+end
+
+if Rails.application.config.uses_legacy_database_config
+  warn "WARNING: This installation of GitLab uses a deprecated syntax for 'config/database.yml'. " \
+    "The support for this syntax will be removed in 15.0. " \
+    "More information can be found here: https://gitlab.com/gitlab-org/gitlab/-/issues/338182"
+end
+
+if configurations = ActiveRecord::Base.configurations.configurations
+  if configurations.first.name != Gitlab::Database::MAIN_DATABASE_NAME
+    raise "ERROR: This installation of GitLab uses unsupported 'config/database.yml'. " \
+      "The `main:` database needs to be defined as a first configuration item instead of `#{configurations.first.name}`."
+  end
+
+  rejected_config_names = configurations.map(&:name).to_set - Gitlab::Database::DATABASE_NAMES
+  if rejected_config_names.any?
+    raise "ERROR: This installation of GitLab uses unsupported database names " \
+      "in 'config/database.yml': #{rejected_config_names.to_a.join(", ")}. The only supported ones are " \
+      "#{Gitlab::Database::DATABASE_NAMES.join(", ")}."
+  end
+
+  replicas_config_names = configurations.select(&:replica?).map(&:name)
+  if replicas_config_names.any?
+    raise "ERROR: This installation of GitLab uses unsupported database configuration " \
+      "with 'replica: true' parameter in 'config/database.yml' for: #{replicas_config_names.join(", ")}"
+  end
+end
diff --git a/config/initializers/zz_metrics.rb b/config/initializers/zz_metrics.rb
index e352ff5090a..25e4ec0d483 100644
--- a/config/initializers/zz_metrics.rb
+++ b/config/initializers/zz_metrics.rb
@@ -162,45 +162,6 @@ if Gitlab::Metrics.enabled? && !Rails.env.test? && !(Rails.env.development? && d
     config.middleware.use(Gitlab::Metrics::ElasticsearchRackMiddleware)
   end
 
-  # This instruments all methods residing in app/models that (appear to) use any
-  # of the ActiveRecord methods. This has to take place _after_ initializing as
-  # for some unknown reason calling eager_load! earlier breaks Devise.
-  Gitlab::Application.config.after_initialize do
-    # We should move all the logic of this file to somewhere else
-    # and require it after `Rails.application.initialize!` in `environment.rb` file.
-    models_path = Rails.root.join('app', 'models').to_s
-
-    Dir.glob("**/*.rb", base: models_path).sort.each do |file|
-      require_dependency file
-    end
-
-    regex = Regexp.union(
-      ActiveRecord::Querying.public_instance_methods(false).map(&:to_s)
-    )
-
-    Gitlab::Metrics::Instrumentation
-      .instrument_class_hierarchy(ActiveRecord::Base) do |klass, method|
-        # Instrumenting the ApplicationSetting class can lead to an infinite
-        # loop. Since the data is cached any way we don't really need to
-        # instrument it.
-        if klass == ApplicationSetting
-          false
-        else
-          loc = method.source_location
-
-          loc && loc[0].start_with?(models_path) && method.source =~ regex
-        end
-      end
-
-    # Ability is in app/models, is not an ActiveRecord model, but should still
-    # be instrumented.
-    Gitlab::Metrics::Instrumentation.instrument_methods(Ability)
-  end
-
-  Gitlab::Metrics::Instrumentation.configure do |config|
-    instrument_classes(config)
-  end
-
   GC::Profiler.enable
 
   module TrackNewRedisConnections