Add latest changes from gitlab-org/gitlab@master

app/assets/javascripts/clusters/components/applications.vue

@@ -129,9 +129,6 @@ export default {
     crossplaneInstalled() {
       return this.applications.crossplane.status === APPLICATION_STATUS.INSTALLED;
     },
-    enableClusterApplicationCrossplane() {
-      return gon.features && gon.features.enableClusterApplicationCrossplane;
-    },
     enableClusterApplicationElasticStack() {
       return gon.features && gon.features.enableClusterApplicationElasticStack;
     },
@@ -519,7 +516,6 @@ Crossplane runs inside your Kubernetes cluster and supports secure connectivity
         </div>
       </application-row>
       <application-row
-        v-if="enableClusterApplicationCrossplane"
         id="crossplane"
         :logo-url="crossplaneLogo"
         :title="applications.crossplane.title"

app/assets/javascripts/pages/projects/shared/permissions/components/settings_panel.vue

@@ -82,6 +82,11 @@ export default {
       required: false,
       default: false,
     },
+    pagesAccessControlForced: {
+      type: Boolean,
+      required: false,
+      default: false,
+    },
     pagesHelpPath: {
       type: String,
       required: false,
@@ -130,10 +135,22 @@ export default {
     },
     pagesFeatureAccessLevelOptions() {
-      if (this.visibilityLevel !== visibilityOptions.PUBLIC) {
-        return this.featureAccessLevelOptions.concat([[30, PAGE_FEATURE_ACCESS_LEVEL]]);
+      const options = [featureAccessLevelMembers];
+
+      if (this.pagesAccessControlForced) {
+        if (this.visibilityLevel === visibilityOptions.INTERNAL) {
+          options.push(featureAccessLevelEveryone);
+        }
+      } else {
+        if (this.visibilityLevel !== visibilityOptions.PRIVATE) {
+          options.push(featureAccessLevelEveryone);
+        }
+
+        if (this.visibilityLevel !== visibilityOptions.PUBLIC) {
+          options.push([30, PAGE_FEATURE_ACCESS_LEVEL]);
+        }
       }
-      return this.featureAccessLevelOptions;
+      return options;
     },
     repositoryEnabled() {

app/assets/javascripts/registry/list/components/collapsible_container.vue

@@ -14,7 +14,7 @@ import ClipboardButton from '~/vue_shared/components/clipboard_button.vue';
 import Icon from '~/vue_shared/components/icon.vue';
 import TableRegistry from './table_registry.vue';
 import { DELETE_REPO_ERROR_MESSAGE } from '../constants';
-import { __ } from '~/locale';
+import { __, sprintf } from '~/locale';
 export default {
   name: 'CollapsibeContainerRegisty',
@@ -55,6 +55,11 @@ export default {
     canDeleteRepo() {
       return this.repo.canDelete && !this.isDeleteDisabled;
     },
+    deleteImageConfirmationMessage() {
+      return sprintf(__('Image %{imageName} was scheduled for deletion from the registry.'), {
+        imageName: this.repo.name,
+      });
+    },
   },
   methods: {
     ...mapActions(['fetchRepos', 'fetchList', 'deleteItem']),
@@ -69,7 +74,7 @@ export default {
       this.track('confirm_delete');
       return this.deleteItem(this.repo)
         .then(() => {
-          createFlash(__('This container registry has been scheduled for deletion.'), 'notice');
+          createFlash(this.deleteImageConfirmationMessage, 'notice');
           this.fetchRepos();
         })
         .catch(() => createFlash(DELETE_REPO_ERROR_MESSAGE));

app/controllers/clusters/clusters_controller.rb

@@ -14,7 +14,6 @@ class Clusters::ClustersController < Clusters::BaseController
   before_action :update_applications_status, only: [:cluster_status]
   before_action only: [:show] do
     push_frontend_feature_flag(:enable_cluster_application_elastic_stack)
-    push_frontend_feature_flag(:enable_cluster_application_crossplane)
   end
   helper_method :token_in_session

app/controllers/search_controller.rb

@@ -5,9 +5,6 @@ class SearchController < ApplicationController
   include SearchHelper
   include RendersCommits
-  NON_ES_SEARCH_TERM_LIMIT = 64
-  NON_ES_SEARCH_CHAR_LIMIT = 4096
-
   around_action :allow_gitaly_ref_name_caching
   skip_before_action :authenticate_user!
@@ -68,19 +65,13 @@ class SearchController < ApplicationController
   private
   def search_term_valid?
-    return true if Gitlab::CurrentSettings.elasticsearch_search?
-
-    chars_count = params[:search].length
-    if chars_count > NON_ES_SEARCH_CHAR_LIMIT
-      flash[:alert] = t('errors.messages.search_chars_too_long', count: NON_ES_SEARCH_CHAR_LIMIT)
-
+    unless search_service.valid_query_length?
+      flash[:alert] = t('errors.messages.search_chars_too_long', count: SearchService::SEARCH_CHAR_LIMIT)
       return false
     end
-    search_terms_count = params[:search].split.count { |word| word.length >= 3 }
-    if search_terms_count > NON_ES_SEARCH_TERM_LIMIT
-      flash[:alert] = t('errors.messages.search_terms_too_long', count: NON_ES_SEARCH_TERM_LIMIT)
-
+    unless search_service.valid_terms_count?
+      flash[:alert] = t('errors.messages.search_terms_too_long', count: SearchService::SEARCH_TERM_LIMIT)
       return false
     end

app/helpers/application_settings_helper.rb

@@ -202,6 +202,7 @@ module ApplicationSettingsHelper
       :enabled_git_access_protocol,
       :enforce_terms,
       :first_day_of_week,
+      :force_pages_access_control,
       :gitaly_timeout_default,
       :gitaly_timeout_medium,
       :gitaly_timeout_fast,

app/helpers/projects_helper.rb

@@ -587,6 +587,7 @@ module ProjectsHelper
       lfsHelpPath: help_page_path('workflow/lfs/manage_large_binaries_with_git_lfs'),
       pagesAvailable: Gitlab.config.pages.enabled,
       pagesAccessControlEnabled: Gitlab.config.pages.access_control,
+      pagesAccessControlForced: ::Gitlab::Pages.access_control_is_forced?,
       pagesHelpPath: help_page_path('user/project/pages/introduction', anchor: 'gitlab-pages-access-control-core')
     }
   end

app/models/project_feature.rb

@@ -97,7 +97,13 @@ class ProjectFeature < ApplicationRecord
   default_value_for :wiki_access_level,           value: ENABLED, allows_nil: false
   default_value_for :repository_access_level,     value: ENABLED, allows_nil: false
-  default_value_for(:pages_access_level, allows_nil: false) { |feature| feature.project&.public? ? ENABLED : PRIVATE }
+  default_value_for(:pages_access_level, allows_nil: false) do |feature|
+    if ::Gitlab::Pages.access_control_is_forced?
+      PRIVATE
+    else
+      feature.project&.public? ? ENABLED : PRIVATE
+    end
+  end
   def feature_available?(feature, user)
     # This feature might not be behind a feature flag at all, so default to true
@@ -137,6 +143,8 @@ class ProjectFeature < ApplicationRecord
   def public_pages?
     return true unless Gitlab.config.pages.access_control
+    return false if ::Gitlab::Pages.access_control_is_forced?
+
     pages_access_level == PUBLIC || pages_access_level == ENABLED && project.public?
   end

app/services/clusters/applications/base_service.rb

@@ -68,7 +68,7 @@ module Clusters
       end
       def invalid_application?
-        unknown_application? || (application_name == Applications::ElasticStack.application_name && !Feature.enabled?(:enable_cluster_application_elastic_stack)) || (application_name == Applications::Crossplane.application_name && !Feature.enabled?(:enable_cluster_application_crossplane))
+        unknown_application? || (application_name == Applications::ElasticStack.application_name && !Feature.enabled?(:enable_cluster_application_elastic_stack))
       end
       def unknown_application?

app/services/search_service.rb

@@ -3,6 +3,9 @@
 class SearchService
   include Gitlab::Allowable
+  SEARCH_TERM_LIMIT = 64
+  SEARCH_CHAR_LIMIT = 4096
+
   def initialize(current_user, params = {})
     @current_user = current_user
     @params = params.dup
@@ -42,6 +45,14 @@ class SearchService
     @show_snippets = params[:snippets] == 'true'
   end
+  def valid_query_length?
+    params[:search].length <= SEARCH_CHAR_LIMIT
+  end
+
+  def valid_terms_count?
+    params[:search].split.count { |word| word.length >= 3 } <= SEARCH_TERM_LIMIT
+  end
+
   delegate :scope, to: :search_service
   def search_results

app/views/admin/application_settings/_pages.html.haml

@@ -15,6 +15,15 @@
       .form-text.text-muted
         = _("Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled")
         = link_to icon('question-circle'), help_page_path('user/project/pages/custom_domains_ssl_tls_certification/index.md', anchor: '4-verify-the-domains-ownership')
+    - if Gitlab.config.pages.access_control
+      .form-group
+        .form-check
+          = f.check_box :force_pages_access_control, class: 'form-check-input'
+          = f.label :force_pages_access_control, class: 'form-check-label' do
+            = _("Disable public access to Pages sites")
+        .form-text.text-muted
+          = _("Access to Pages websites are controlled based on the user's membership to a given project. By checking this box, users will be required to be logged in to have access to all Pages websites in your instance.")
+          = link_to icon('question-circle'), help_page_path('administration/pages/index.md', anchor: 'disabling-public-access-to-all-pages-websites')
     %h5
       = _("Configure Let's Encrypt")
     %p

changelogs/unreleased/32095-allow-administrators-to-disable-gitlab-pages-access.yml

+---
+title: Allow administrators to enforce access control for all pages web-sites
+merge_request: 22003
+author:
+type: added

changelogs/unreleased/ak-bubble-up-log-source.yml

+---
+title: Pass log source to the frontend
+merge_request: 22694
+author:
+type: changed

changelogs/unreleased/remove_enable_cluster_application_crossplane_flag.yml

+---
+title: Enable ability to install Crossplane app by default
+merge_request: 22141
+author:
+type: changed

changelogs/unreleased/update_dast_default_branch.yml

+---
+title: Update auto-deploy-image to v0.8.3 for DAST default branch deploy
+merge_request: 22227
+author:
+type: changed

db/migrate/20191218122457_add_force_pages_access_control_to_application_settings.rb

+# frozen_string_literal: true
+
+# See http://doc.gitlab.com/ce/development/migration_style_guide.html
+# for more information on how to write migrations for GitLab.
+
+class AddForcePagesAccessControlToApplicationSettings < ActiveRecord::Migration[5.2]
+  DOWNTIME = false
+
+  def change
+    add_column :application_settings, :force_pages_access_control, :boolean, null: false, default: false
+  end
+end

db/schema.rb

@@ -364,6 +364,7 @@ ActiveRecord::Schema.define(version: 2020_01_08_233040) do
     t.string "encrypted_slack_app_secret_iv", limit: 255
     t.text "encrypted_slack_app_verification_token"
     t.string "encrypted_slack_app_verification_token_iv", limit: 255
+    t.boolean "force_pages_access_control", default: false, null: false
     t.boolean "updating_name_disabled_for_users", default: false, null: false
     t.integer "instance_administrators_group_id"
     t.index ["custom_project_templates_group_id"], name: "index_application_settings_on_custom_project_templates_group_id"

doc/administration/instance_limits.md

@@ -34,3 +34,11 @@ Read more in the [CI documentation](../ci/yaml/README.md#processing-git-pushes).
 > [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/issues/21164) in GitLab 8.12.
 Activity history for projects and individuals' profiles was limited to one year until [GitLab 11.4](https://gitlab.com/gitlab-org/gitlab-foss/issues/52246) when it was extended to two years, and in [GitLab 12.4](https://gitlab.com/gitlab-org/gitlab/issues/33840) to three years.
+
+## Number of project webhooks
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/merge_requests/20730) in GitLab 12.6.
+
+A maximum number of project webhooks applies to each GitLab.com tier. Check the
+[Maximum number of webhooks (per tier)](../user/project/integrations/webhooks.md#maximum-number-of-webhooks-per-tier)
+section in the Webhooks page.

doc/administration/pages/index.md

@@ -307,6 +307,27 @@ Pages access control is disabled by default. To enable it:
 1. [Reconfigure GitLab][reconfigure].
 1. Users can now configure it in their [projects' settings](../../user/project/pages/pages_access_control.md).
+#### Disabling public access to all Pages websites
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/32095) in GitLab 12.7.
+
+You can enforce [Access Control](#access-control) for all GitLab Pages websites hosted
+on your GitLab instance. By doing so, only logged-in users will have access to them.
+This setting overrides Access Control set by users in individual projects.
+
+This can be useful to preserve information published with Pages websites to the users
+of your instance only.
+To do that:
+
+1. Navigate to your instance's **Admin Area > Settings > Preferences** and expand **Pages** settings.
+1. Check the **Disable public access to Pages sites** checkbox.
+1. Click **Save changes**.
+
+CAUTION: **Warning:**
+This action will not make all currently public web-sites private until they redeployed.
+This issue among others will be resolved by
+[changing GitLab Pages configuration mechanism](https://gitlab.com/gitlab-org/gitlab-pages/issues/282).
+
 ### Running behind a proxy
 Like the rest of GitLab, Pages can be used in those environments where external

doc/development/README.md

@@ -72,6 +72,7 @@ description: 'Learn how to contribute to GitLab.'
 - [Mass Inserting Models](mass_insert.md)
 - [Cycle Analytics development guide](cycle_analytics.md)
 - [Issue types vs first-class types](issue_types.md)
+- [Application limits](application_limits.md)
 ## Performance guides