Add latest changes from gitlab-org/gitlab@master

8078bd18 · GitLab Bot · 8f210aeb · 8078bd18 · 8078bd18 · 8078bd18
Commit 8078bd18 authored 5 years ago by GitLab Bot
--- a/app/assets/javascripts/monitoring/components/charts/heatmap.vue
+++ b/app/assets/javascripts/monitoring/components/charts/heatmap.vue
+<script>
+import { GlHeatmap } from '@gitlab/ui/dist/charts';
+import dateformat from 'dateformat';
+import PrometheusHeader from '../shared/prometheus_header.vue';
+import ResizableChartContainer from '~/vue_shared/components/resizable_chart/resizable_chart_container.vue';
+import { graphDataValidatorForValues } from '../../utils';
+
+export default {
+  components: {
+    GlHeatmap,
+    ResizableChartContainer,
+    PrometheusHeader,
+  },
+  props: {
+    graphData: {
+      type: Object,
+      required: true,
+      validator: graphDataValidatorForValues.bind(null, false),
+    },
+    containerWidth: {
+      type: Number,
+      required: true,
+    },
+  },
+  computed: {
+    chartData() {
+      return this.queries.result.reduce(
+        (acc, result, i) => [...acc, ...result.values.map((value, j) => [i, j, value[1]])],
+        [],
+      );
+    },
+    xAxisName() {
+      return this.graphData.x_label || '';
+    },
+    yAxisName() {
+      return this.graphData.y_label || '';
+    },
+    xAxisLabels() {
+      return this.queries.result.map(res => Object.values(res.metric)[0]);
+    },
+    yAxisLabels() {
+      return this.result.values.map(val => {
+        const [yLabel] = val;
+
+        return dateformat(new Date(yLabel), 'HH:MM:ss');
+      });
+    },
+    result() {
+      return this.queries.result[0];
+    },
+    queries() {
+      return this.graphData.queries[0];
+    },
+  },
+};
+</script>
+<template>
+  <div class="prometheus-graph col-12 col-lg-6">
+    <prometheus-header :graph-title="graphData.title" />
+    <resizable-chart-container>
+      <gl-heatmap
+        ref="heatmapChart"
+        v-bind="$attrs"
+        :data-series="chartData"
+        :x-axis-name="xAxisName"
+        :y-axis-name="yAxisName"
+        :x-axis-labels="xAxisLabels"
+        :y-axis-labels="yAxisLabels"
+        :width="containerWidth"
+      />
+    </resizable-chart-container>
+  </div>
+</template>
--- a/app/assets/javascripts/monitoring/components/panel_type.vue
+++ b/app/assets/javascripts/monitoring/components/panel_type.vue
@@ -13,6 +13,7 @@ import Icon from '~/vue_shared/components/icon.vue';
 import MonitorTimeSeriesChart from './charts/time_series.vue';
 import MonitorAnomalyChart from './charts/anomaly.vue';
 import MonitorSingleStatChart from './charts/single_stat.vue';
+import MonitorHeatmapChart from './charts/heatmap.vue';
 import MonitorEmptyChart from './charts/empty_chart.vue';
 import TrackEventDirective from '~/vue_shared/directives/track_event';
 import { downloadCSVOptions, generateLinkToChartOptions } from '../utils';
@@ -20,6 +21,7 @@ import { downloadCSVOptions, generateLinkToChartOptions } from '../utils';
 export default {
  components: {
    MonitorSingleStatChart,
+    MonitorHeatmapChart,
    MonitorEmptyChart,
    Icon,
    GlDropdown,
@@ -99,6 +101,11 @@ export default {
    v-if="isPanelType('single-stat') && graphDataHasMetrics"
    :graph-data="graphData"
  />
+  <monitor-heatmap-chart
+    v-else-if="isPanelType('heatmap') && graphDataHasMetrics"
+    :graph-data="graphData"
+    :container-width="dashboardWidth"
+  />
  <component
    :is="monitorChartComponent"
    v-else-if="graphDataHasMetrics"

--- a/app/assets/javascripts/monitoring/components/shared/prometheus_header.vue
+++ b/app/assets/javascripts/monitoring/components/shared/prometheus_header.vue
+<script>
+export default {
+  props: {
+    graphTitle: {
+      type: String,
+      required: true,
+    },
+  },
+};
+</script>
+<template>
+  <div class="prometheus-graph-header">
+    <h5 class="prometheus-graph-title js-graph-title">{{ graphTitle }}</h5>
+  </div>
+</template>
--- a/app/controllers/ldap/omniauth_callbacks_controller.rb
+++ b/app/controllers/ldap/omniauth_callbacks_controller.rb
@@ -4,7 +4,7 @@ class Ldap::OmniauthCallbacksController < OmniauthCallbacksController
  extend ::Gitlab::Utils::Override
  
  def self.define_providers!
-    return unless Gitlab::Auth::LDAP::Config.enabled?
+    return unless Gitlab::Auth::LDAP::Config.sign_in_enabled?
  
    Gitlab::Auth::LDAP::Config.available_servers.each do |server|
      alias_method server['provider_name'], :ldap
@@ -14,6 +14,8 @@ class Ldap::OmniauthCallbacksController < OmniauthCallbacksController
  # We only find ourselves here
  # if the authentication to LDAP was successful.
  def ldap
+    return unless Gitlab::Auth::LDAP::Config.sign_in_enabled?
+
    sign_in_user_flow(Gitlab::Auth::LDAP::User)
  end
  

--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -270,7 +270,13 @@ class SessionsController < Devise::SessionsController
  end
  
  def ldap_servers
-    @ldap_servers ||= Gitlab::Auth::LDAP::Config.available_servers
+    @ldap_servers ||= begin
+      if Gitlab::Auth::LDAP::Config.sign_in_enabled?
+        Gitlab::Auth::LDAP::Config.available_servers
+      else
+        []
+      end
+    end
  end
  
  def unverified_anonymous_user?

--- a/app/helpers/auth_helper.rb
+++ b/app/helpers/auth_helper.rb
@@ -8,6 +8,10 @@ module AuthHelper
    Gitlab::Auth::LDAP::Config.enabled?
  end
  
+  def ldap_sign_in_enabled?
+    Gitlab::Auth::LDAP::Config.sign_in_enabled?
+  end
+
  def omniauth_enabled?
    Gitlab::Auth.omniauth_enabled?
  end
@@ -56,6 +60,16 @@ module AuthHelper
    auth_providers.select { |provider| form_based_provider?(provider) }
  end
  
+  def any_form_based_providers_enabled?
+    form_based_providers.any? { |provider| form_enabled_for_sign_in?(provider) }
+  end
+
+  def form_enabled_for_sign_in?(provider)
+    return true unless provider.to_s.match?(LDAP_PROVIDER)
+
+    ldap_sign_in_enabled?
+  end
+
  def crowd_enabled?
    auth_providers.include? :crowd
  end

--- a/app/views/admin/sessions/_signin_box.html.haml
+++ b/app/views/admin/sessions/_signin_box.html.haml
- if form_based_providers.any?
+- if any_form_based_providers_enabled?
  
  - if password_authentication_enabled_for_web?
    .login-box.tab-pane{ id: 'login-pane', role: 'tabpanel' }

--- a/app/views/devise/sessions/new.html.haml
+++ b/app/views/devise/sessions/new.html.haml
 - page_title "Sign in"
  
 #signin-container
-  - if form_based_providers.any?
+  - if any_form_based_providers_enabled?
    = render 'devise/shared/tabs_ldap'
  - else
    - unless experiment_enabled?(:signup_flow)
      = render 'devise/shared/tabs_normal'
  .tab-content
-    - if password_authentication_enabled_for_web? || ldap_enabled? || crowd_enabled?
+    - if password_authentication_enabled_for_web? || ldap_sign_in_enabled? || crowd_enabled?
      = render 'devise/shared/signin_box'
  
    -# Signup only makes sense if you can also sign-in
@@ -15,7 +15,7 @@
      = render 'devise/shared/signup_box'
  
  -# Show a message if none of the mechanisms above are enabled
-  - if !password_authentication_enabled_for_web? && !ldap_enabled? && !(omniauth_enabled? && devise_mapping.omniauthable?)
+  - if !password_authentication_enabled_for_web? && !ldap_sign_in_enabled? && !(omniauth_enabled? && devise_mapping.omniauthable?)
    %div
      No authentication methods configured.
  

--- a/app/views/devise/shared/_signin_box.html.haml
+++ b/app/views/devise/shared/_signin_box.html.haml
- if form_based_providers.any?
+- if any_form_based_providers_enabled?
  - if crowd_enabled?
    .login-box.tab-pane{ id: "crowd", role: 'tabpanel', class: active_when(form_based_auth_provider_has_active_class?(:crowd)) }
      .login-body

--- a/app/views/devise/shared/_tabs_ldap.html.haml
+++ b/app/views/devise/shared/_tabs_ldap.html.haml
-%ul.nav-links.new-session-tabs.nav-tabs.nav{ class: ('custom-provider-tabs' if form_based_providers.any?) }
+%ul.nav-links.new-session-tabs.nav-tabs.nav{ class: ('custom-provider-tabs' if any_form_based_providers_enabled?) }
  - if crowd_enabled?
    %li.nav-item
      = link_to "Crowd", "#crowd", class: "nav-link #{active_when(form_based_auth_provider_has_active_class?(:crowd))}", 'data-toggle' => 'tab'

--- a/app/workers/stuck_ci_jobs_worker.rb
+++ b/app/workers/stuck_ci_jobs_worker.rb
@@ -73,5 +73,19 @@ class StuckCiJobsWorker
    Gitlab::OptimisticLocking.retry_lock(build, 3) do |b|
      b.drop(reason)
    end
+  rescue => ex
+    build.doom!
+
+    track_exception_for_build(ex, build)
+  end
+
+  def track_exception_for_build(ex, build)
+    Gitlab::Sentry.track_acceptable_exception(ex, extra: {
+        build_id: build.id,
+        build_name: build.name,
+        build_stage: build.stage,
+        pipeline_id: build.pipeline_id,
+        project_id: build.project_id
+    })
  end
 end
--- a/changelogs/unreleased/19054-upgrade-helm.yml
+++ b/changelogs/unreleased/19054-upgrade-helm.yml
+---
+title: 'Updated Auto-DevOps to kubectl v1.13.12 and helm v2.15.1'
+merge_request: 19054
+author: Leo Antunes
+type: changed
--- a/changelogs/unreleased/fix-stuck-ci-jobs-worker.yml
+++ b/changelogs/unreleased/fix-stuck-ci-jobs-worker.yml
+---
+title: Properly handle exceptions in StuckCiJobsWorker
+merge_request: 19465
+author:
+type: fixed
--- a/changelogs/unreleased/jej-prevent-ldap-sign-in.yml
+++ b/changelogs/unreleased/jej-prevent-ldap-sign-in.yml
+---
+title: Add prevent_ldap_sign_in option so LDAP can be used exclusively for sync
+merge_request: 18749
+author:
+type: added
--- a/changelogs/unreleased/jivanvl-add-support-heatmap-charts.yml
+++ b/changelogs/unreleased/jivanvl-add-support-heatmap-charts.yml
+---
+title: Add heatmap chart support
+merge_request: 32424
+author:
+type: added
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -494,6 +494,7 @@ production: &base
  #   bundle exec rake gitlab:ldap:check RAILS_ENV=production
  ldap:
    enabled: false
+    prevent_ldap_sign_in: false
  
    # This setting controls the number of seconds between LDAP permission checks
    # for each user. After this time has expired for a given user, their next

--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -5,6 +5,7 @@ require_relative '../smime_signature_settings'
 # Default settings
 Settings['ldap'] ||= Settingslogic.new({})
 Settings.ldap['enabled'] = false if Settings.ldap['enabled'].nil?
+Settings.ldap['prevent_ldap_sign_in'] = false if Settings.ldap['prevent_ldap_sign_in'].blank?
  
 Gitlab.ee do
  Settings.ldap['sync_time'] = 3600 if Settings.ldap['sync_time'].nil?

--- a/config/routes/user.rb
+++ b/config/routes/user.rb
@@ -13,7 +13,7 @@ def override_omniauth(provider, controller, path_prefix = '/users/auth')
 end
  
 # Use custom controller for LDAP omniauth callback
-if Gitlab::Auth::LDAP::Config.enabled?
+if Gitlab::Auth::LDAP::Config.sign_in_enabled?
  devise_scope :user do
    Gitlab::Auth::LDAP::Config.available_servers.each do |server|
      override_omniauth(server['provider_name'], 'ldap/omniauth_callbacks')

--- a/doc/administration/auth/ldap.md
+++ b/doc/administration/auth/ldap.md
@@ -118,6 +118,7 @@ LDAP users must have an email address set, regardless of whether it is used to l
  
 ```ruby
 gitlab_rails['ldap_enabled'] = true
+gitlab_rails['prevent_ldap_sign_in'] = false
 gitlab_rails['ldap_servers'] = YAML.load <<-EOS # remember to close this block with 'EOS' below
 ##
 ## 'main' is the GitLab 'provider ID' of this LDAP server
@@ -357,6 +358,7 @@ production:
  # snip...
  ldap:
    enabled: false
+    prevent_ldap_sign_in: false
    servers:
      ##
      ## 'main' is the GitLab 'provider ID' of this LDAP server
@@ -493,6 +495,38 @@ the configuration option `lowercase_usernames`. By default, this configuration o
  
 1. [Restart GitLab](../restart_gitlab.md#installations-from-source) for the changes to take effect.
  
+## Disable LDAP web sign in
+
+It can be be useful to prevent using LDAP credentials through the web UI when
+an alternative such as SAML is preferred. This allows LDAP to be used for group
+sync, while also allowing your SAML identity provider to handle additional
+checks like custom 2FA.
+
+When LDAP web sign in is disabled, users will not see a **LDAP** tab on the sign in page.
+This does not disable [using LDAP credentials for Git access](#git-password-authentication).
+
+**Omnibus configuration**
+
+1. Edit `/etc/gitlab/gitlab.rb`:
+
+   ```ruby
+   gitlab_rails['prevent_ldap_sign_in'] = true
+   ```
+
+1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) for the changes to take effect.
+
+**Source configuration**
+
+1. Edit `config/gitlab.yaml`:
+
+   ```yaml
+   production:
+     ldap:
+       prevent_ldap_sign_in: true
+   ```
+
+1. [Restart GitLab](../restart_gitlab.md#installations-from-source) for the changes to take effect.
+
 ## Encryption
  
 ### TLS Server Authentication

--- a/doc/development/geo.md
+++ b/doc/development/geo.md
@@ -101,15 +101,16 @@ it's successful, we replace the main repo with the newly cloned one.
 ### Uploads replication
  
 File uploads are also being replicated to the **secondary** node. To
-track the state of syncing, the `Geo::FileRegistry` model is used.
+track the state of syncing, the `Geo::UploadRegistry` model is used.
  
-#### File Registry
+#### Upload Registry
  
 Similar to the [Project Registry](#project-registry), there is a
-`Geo::FileRegistry` model that tracks the synced uploads.
+`Geo::UploadRegistry` model that tracks the synced uploads.
  
-CI Job Artifacts are synced in a similar way as uploads or LFS
-objects, but they are tracked by `Geo::JobArtifactRegistry` model.
+CI Job Artifacts and LFS objects are synced in a similar way as uploads,
+but they are tracked by `Geo::JobArtifactRegistry`, and `Geo::LfsObjectRegistry`
+models respectively.
  
 #### File Download Dispatch worker