Add latest changes from gitlab-org/gitlab@master

changelogs/unreleased/stein_ma-gitlab-patch-32.yml

----
-title: Fixed a typo in the "Keyboard Shortcuts" pop-up
-merge_request: 19217
-author: Manuel Stein
-type: fixed

changelogs/unreleased/tr-remove-grafana-ff.yml

----
-title: Allow Grafana charts to be embedded in Gitlab Flavored Markdown
-merge_request: 18486
-author:
-type: added

changelogs/unreleased/tracking-experimental-signup-flow.yml

----
-title: Track the starting and stopping of the current signup flow and the experimental signup flow
-merge_request: 17521
-author:
-type: other

changelogs/unreleased/update-gitlab-runner-helm-chart-to-0-10-0.yml

----
-title: Update GitLab Runner Helm Chart to 0.10.0
-merge_request: 18879
-author:
-type: other

changelogs/unreleased/update-gitlab-runner-helm-chart-to-0-10-1.yml

----
-title: Update GitLab Runner Helm Chart to 0.10.1
-merge_request: 19232
-author:
-type: other

changelogs/unreleased/update-pages-1-12.yml

----
-title: Upgrade pages to 1.12.0
-merge_request: 20217
-author:
-type: added

changelogs/unreleased/visual-review-api.yml

----
-title: New API endpoint for creating anonymous merge request discussions from Visual Review Tools
-merge_request: 18710
-author:
-type: added

changelogs/unreleased/zj-pg-connection-ff-gitaly.yml

----
-title: Remove required dependecy of Postgresql for Gitaly
-merge_request: 18659
-author:
-type: other

db/migrate/20191119023952_add_created_at_index_to_snippets.rb

+# frozen_string_literal: true
+
+class AddCreatedAtIndexToSnippets < ActiveRecord::Migration[5.2]
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  def up
+    add_concurrent_index :snippets, :created_at
+  end
+
+  def down
+    remove_concurrent_index :snippets, :created_at
+  end
+end

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema.define(version: 2019_11_18_182722) do
+ActiveRecord::Schema.define(version: 2019_11_19_023952) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "pg_trgm"
@@ -3628,6 +3628,7 @@ ActiveRecord::Schema.define(version: 2019_11_18_182722) do
     t.boolean "secret", default: false, null: false
     t.index ["author_id"], name: "index_snippets_on_author_id"
     t.index ["content"], name: "index_snippets_on_content_trigram", opclass: :gin_trgm_ops, using: :gin
+    t.index ["created_at"], name: "index_snippets_on_created_at"
     t.index ["file_name"], name: "index_snippets_on_file_name_trigram", opclass: :gin_trgm_ops, using: :gin
     t.index ["project_id", "visibility_level"], name: "index_snippets_on_project_id_and_visibility_level"
     t.index ["title"], name: "index_snippets_on_title_trigram", opclass: :gin_trgm_ops, using: :gin

doc/user/group/saml_sso/index.md

@@ -2,19 +2,23 @@
 type: reference, howto
 ---
-# SAML SSO for GitLab.com Groups **(SILVER ONLY)**
+# SAML SSO for GitLab.com groups **(SILVER ONLY)**
 > Introduced in [GitLab.com Silver](https://about.gitlab.com/pricing/) 11.0.
-NOTE: **Note:**
-This topic is for SAML on GitLab.com Silver tier and above. For SAML on self-managed GitLab instances, see [SAML OmniAuth Provider](../../../integration/saml.md).
-
 SAML on GitLab.com allows users to be automatically added to a group, and then allows those users to sign into GitLab.com. Users should already have an account on the GitLab instance, or can create one when logging in for the first time.
 User synchronization for GitLab.com is partially supported using [SCIM](scim_setup.md).
-NOTE: **Note:**
-SAML SSO for GitLab.com groups does not sync users between providers without using SCIM. If a group is not using SCIM, group Owners will still need to manage user accounts (for example, removing users when necessary).
+## Important notes
+
+Note the following:
+
+- This topic is for SAML on GitLab.com Silver tier and above. For SAML on self-managed GitLab
+  instances, see [SAML OmniAuth Provider](../../../integration/saml.md).
+- SAML SSO for GitLab.com groups requires SCIM to sync users between providers. If a
+  group is not using SCIM, group Owners will still need to manage user accounts (for example,
+  removing users when necessary).
 ## Configuring your Identity Provider
@@ -68,16 +72,17 @@ When this option is enabled:
 - All existing and new users in the group will be required to log in via the SSO URL associated with the group.
 - On successfully authenticating, GitLab will prompt the user to create a new, dedicated account using the email address received from the configured identity provider.
-- After the group managed account has been created, group activity will require the use of this user account.
-Since use of the group managed account requires the use of SSO, users of group managed accounts will lose access to these accounts when they are no longer able to authenticate with the connected identity provider. In the case of an offboarded employee who has been removed from your identity provider:
+- After the group-managed account has been created, group activity will require the use of this user account.
+Since use of the group-managed account requires the use of SSO, users of group-managed accounts will lose access to these accounts when they are no longer able to authenticate with the connected identity provider. In the case of an offboarded employee who has been removed from your identity provider:
 - The user will be unable to access the group (their credentials will no longer work on the identity provider when prompted to SSO).
 - Contributions in the group (e.g. issues, merge requests) will remain intact.
 #### Assertions
-When using Group Manged Accounts, the following user details need to be passed to GitLab as SAML Assertions in order for us to be able to create a user:
+When using group-managed accounts, the following user details need to be passed to GitLab as SAML
+assertions to be able to create a user.
 | Field           | Supported keys |
 |-----------------|----------------|
@@ -91,7 +96,7 @@ When using Group Manged Accounts, the following user details need to be passed t
 GitLab provides metadata XML that can be used to configure your Identity Provider.
 1. Navigate to the group and click **Settings > SAML SSO**.
-1. Copy the provided **GitLab metadata URL**
+1. Copy the provided **GitLab metadata URL**.
 1. Follow your Identity Provider's documentation and paste the metadata URL when it is requested.
 ## Configuring GitLab
@@ -212,6 +217,8 @@ For example, to unlink the `MyOrg` account, the following **Disconnect** button
 ## Troubleshooting
+This section contains possible solutions for problems you might encounter.
+
 ### SAML debugging tools
 SAML responses are base64 encoded, so we recommend the following browser plugins to decode them on the fly:

doc/user/group/saml_sso/scim_setup.md

@@ -2,7 +2,7 @@
 type: howto, reference
 ---
-# SCIM provisioning using SAML SSO for Groups **(SILVER ONLY)**
+# SCIM provisioning using SAML SSO for GitLab.com groups **(SILVER ONLY)**
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/merge_requests/9388) in [GitLab.com Silver](https://about.gitlab.com/pricing/) 11.10.
@@ -24,7 +24,7 @@ The following identity providers are supported:
 ## Requirements
-- [Group SSO](index.md) needs to be configured.
+- [Group SSO](index.md) must be configured.
 ## GitLab configuration
@@ -64,15 +64,25 @@ You can then test the connection by clicking on **Test Connection**. If the conn
 1. Click on `Synchronize Azure Active Directory Users to AppName`, to configure the attribute mapping.
 1. Click **Delete** next to the `mail` mapping.
-1. Map `userPrincipalName` to `emails[type eq "work"].value` and change it's **Matching precedence** to `2`.
+1. Map `userPrincipalName` to `emails[type eq "work"].value` and change its **Matching precedence** to `2`.
 1. Map `mailNickname` to `userName`.
 1. Determine how GitLab will uniquely identify users.
     - Use `objectId` unless users already have SAML linked for your group.
     - If you already have users with SAML linked then use the `Name ID` value from the [SAML configuration](#azure). Using a different value will likely cause duplicate users and prevent users from accessing the GitLab group.
-1. Create a new mapping by clicking **Add New Mapping** then set **Source attribute** to the unique identifier determined above, **Target attribute** to `id`, **Match objects using this attribute** to `Yes`, and **Matching precedence** to `1`.
-1. Create a new mapping by clicking **Add New Mapping** then set **Source attribute** to the unique identifier determined above, and **Target attribute** to `externalId`.
+1. Create a new mapping:
+   1. Click **Add New Mapping**.
+   1. Set:
+      - **Source attribute** to the unique identifier determined above.
+      - **Target attribute** to `id`.
+      - **Match objects using this attribute** to `Yes`.
+      - **Matching precedence** to `1`.
+1. Create another new mapping:
+   1. Click **Add New Mapping**.
+   1. Set:
+      - **Source attribute** to the unique identifier determined above.
+      - **Target attribute** to `externalId`.
 1. Click the `userPrincipalName` mapping and change **Match objects using this attribute** to `No`.
    Save your changes and you should have the following configuration:
@@ -109,6 +119,8 @@ Once synchronized, changing the field mapped to `id` and `externalId` will likel
 ## Troubleshooting
+This section contains possible solutions for problems you might encounter.
+
 ### Testing Azure connection: invalid credentials
 When testing the connection, you may encounter an error: **You appear to have entered invalid credentials. Please confirm you are using the correct information for an administrative account**. If `Tenant URL` and `secret token` are correct, check whether your group path contains characters that may be considered invalid JSON primitives (such as `.`). Removing such characters from the group path typically resolves the error.

lib/api/entities.rb

@@ -1838,6 +1838,7 @@ end
 ::API::Entities::Issue.prepend_if_ee('EE::API::Entities::Issue')
 ::API::Entities::List.prepend_if_ee('EE::API::Entities::List')
 ::API::Entities::MergeRequestBasic.prepend_if_ee('EE::API::Entities::MergeRequestBasic', with_descendants: true)
+::API::Entities::Member.prepend_if_ee('EE::API::Entities::Member', with_descendants: true)
 ::API::Entities::Namespace.prepend_if_ee('EE::API::Entities::Namespace')
 ::API::Entities::Project.prepend_if_ee('EE::API::Entities::Project', with_descendants: true)
 ::API::Entities::ProtectedRefAccess.prepend_if_ee('EE::API::Entities::ProtectedRefAccess')

lib/api/helpers/members_helpers.rb

@@ -13,10 +13,19 @@ module API
         authorize! :"admin_#{source_type}", source
       end
-      def find_all_members(source_type, source)
-        members = source_type == 'project' ? find_all_members_for_project(source) : find_all_members_for_group(source)
-        members.non_invite
-          .non_request
+      # rubocop: disable CodeReuse/ActiveRecord
+      def retrieve_members(source, params:, deep: false)
+        members = deep ? find_all_members(source) : source.members.where.not(user_id: nil)
+        members = members.includes(:user)
+        members = members.references(:user).merge(User.search(params[:query])) if params[:query].present?
+        members = members.where(user_id: params[:user_ids]) if params[:user_ids].present?
+        members
+      end
+      # rubocop: enable CodeReuse/ActiveRecord
+
+      def find_all_members(source)
+        members = source.is_a?(Project) ? find_all_members_for_project(source) : find_all_members_for_group(source)
+        members.non_invite.non_request
       end
       def find_all_members_for_project(project)
@@ -26,6 +35,10 @@ module API
       def find_all_members_for_group(group)
         GroupMembersFinder.new(group).execute
       end
+
+      def present_members(members)
+        present members, with: Entities::Member, current_user: current_user
+      end
     end
   end
 end

lib/api/members.rb

@@ -21,18 +21,14 @@ module API
           optional :user_ids, type: Array[Integer], desc: 'Array of user ids to look up for membership'
           use :pagination
         end
-        # rubocop: disable CodeReuse/ActiveRecord
+
         get ":id/members" do
           source = find_source(source_type, params[:id])
-          members = source.members.where.not(user_id: nil).includes(:user)
-          members = members.joins(:user).merge(User.search(params[:query])) if params[:query].present?
-          members = members.where(user_id: params[:user_ids]) if params[:user_ids].present?
-          members = paginate(members)
-          present members, with: Entities::Member
+          members = paginate(retrieve_members(source, params: params))
+          present_members members
         end
-        # rubocop: enable CodeReuse/ActiveRecord
         desc 'Gets a list of group or project members viewable by the authenticated user, including those who gained membership through ancestor group.' do
           success Entities::Member
@@ -42,18 +38,14 @@ module API
           optional :user_ids, type: Array[Integer], desc: 'Array of user ids to look up for membership'
           use :pagination
         end
-        # rubocop: disable CodeReuse/ActiveRecord
+
         get ":id/members/all" do
           source = find_source(source_type, params[:id])
-          members = find_all_members(source_type, source)
-          members = members.includes(:user).references(:user).merge(User.search(params[:query])) if params[:query].present?
-          members = members.where(user_id: params[:user_ids]) if params[:user_ids].present?
-          members = paginate(members)
-          present members, with: Entities::Member
+          members = paginate(retrieve_members(source, params: params, deep: true))
+          present_members members
         end
-        # rubocop: enable CodeReuse/ActiveRecord
         desc 'Gets a member of a group or project.' do
           success Entities::Member
@@ -68,7 +60,7 @@ module API
           members = source.members
           member = members.find_by!(user_id: params[:user_id])
-          present member, with: Entities::Member
+          present_members member
         end
         # rubocop: enable CodeReuse/ActiveRecord
@@ -82,10 +74,10 @@ module API
         get ":id/members/all/:user_id" do
           source = find_source(source_type, params[:id])
-          members = find_all_members(source_type, source)
+          members = find_all_members(source)
           member = members.find_by!(user_id: params[:user_id])
-          present member, with: Entities::Member
+          present_members member
         end
         # rubocop: enable CodeReuse/ActiveRecord
@@ -113,7 +105,7 @@ module API
           if !member
             not_allowed! # This currently can only be reached in EE
           elsif member.persisted? && member.valid?
-            present member, with: Entities::Member
+            present_members member
           else
             render_validation_error!(member)
           end
@@ -140,7 +132,7 @@ module API
               .execute(member)
           if updated_member.valid?
-            present updated_member, with: Entities::Member
+            present_members updated_member
           else
             render_validation_error!(updated_member)
           end
@@ -165,3 +157,5 @@ module API
     end
   end
 end
+
+API::Members.prepend_if_ee('EE::API::Members')

lib/api/snippets.rb

@@ -14,7 +14,7 @@ module API
         end
         def public_snippets
-          SnippetsFinder.new(current_user, scope: :are_public).execute
+          Snippet.only_personal_snippets.are_public.fresh
         end
         def snippets
@@ -33,7 +33,7 @@ module API
         present paginate(snippets_for_current_user), with: Entities::PersonalSnippet
       end
-      desc 'List all public snippets current_user has access to' do
+      desc 'List all public personal snippets current_user has access to' do
         detail 'This feature was introduced in GitLab 8.15.'
         success Entities::PersonalSnippet
       end

lib/gitlab/experimentation.rb

@@ -14,7 +14,7 @@ module Gitlab
       signup_flow: {
         feature_toggle: :experimental_separate_sign_up_flow,
         environment: ::Gitlab.dev_env_or_com?,
-        enabled_ratio: 0.1,
+        enabled_ratio: 0.5,
         tracking_category: 'Growth::Acquisition::Experiment::SignUpFlow'
       }
     }.freeze

spec/requests/api/snippets_spec.rb

@@ -66,6 +66,9 @@ describe API::Snippets do
     let!(:public_snippet_other) { create(:personal_snippet, :public, author: other_user) }
     let!(:private_snippet_other) { create(:personal_snippet, :private, author: other_user) }
     let!(:internal_snippet_other) { create(:personal_snippet, :internal, author: other_user) }
+    let!(:public_snippet_project) { create(:project_snippet, :public, author: user) }
+    let!(:private_snippet_project) { create(:project_snippet, :private, author: user) }
+    let!(:internal_snippet_project) { create(:project_snippet, :internal, author: user) }
     it 'returns all snippets with public visibility from all users' do
       get api("/snippets/public", user)
@@ -76,10 +79,10 @@ describe API::Snippets do
       expect(json_response.map { |snippet| snippet['id']} ).to contain_exactly(
         public_snippet.id,
         public_snippet_other.id)
-      expect(json_response.map { |snippet| snippet['web_url']} ).to include(
+      expect(json_response.map { |snippet| snippet['web_url']} ).to contain_exactly(
         "http://localhost/snippets/#{public_snippet.id}",
         "http://localhost/snippets/#{public_snippet_other.id}")
-      expect(json_response.map { |snippet| snippet['raw_url']} ).to include(
+      expect(json_response.map { |snippet| snippet['raw_url']} ).to contain_exactly(
         "http://localhost/snippets/#{public_snippet.id}/raw",
         "http://localhost/snippets/#{public_snippet_other.id}/raw")
     end