Add latest changes from gitlab-org/gitlab@master

changelogs/unreleased/cluster-info-tabs.yml

+---
+title: Split cluster info page into tabs
+merge_request: 25940
+author:
+type: changed

changelogs/unreleased/fj-fix-snippet-update-error-message.yml

+---
+title: Fix bug displaying snippet update error
+merge_request: 27082
+author:
+type: fixed

changelogs/unreleased/nfriend-enable-issues-summary.yml

+---
+title: Add issue summary to Release blocks on the Releases page
+merge_request: 27032
+author:
+type: added

config/initializers/8_devise.rb

@@ -226,9 +226,9 @@ Devise.setup do |config|
     manager.failure_app = Gitlab::DeviseFailure
   end
-  if Gitlab::Auth::LDAP::Config.enabled?
-    Gitlab::Auth::LDAP::Config.providers.each do |provider|
-      ldap_config = Gitlab::Auth::LDAP::Config.new(provider)
+  if Gitlab::Auth::Ldap::Config.enabled?
+    Gitlab::Auth::Ldap::Config.providers.each do |provider|
+      ldap_config = Gitlab::Auth::Ldap::Config.new(provider)
       config.omniauth(provider, ldap_config.omniauth_options)
     end
   end

config/initializers/omniauth.rb

-if Gitlab::Auth::LDAP::Config.enabled?
+if Gitlab::Auth::Ldap::Config.enabled?
   module OmniAuth::Strategies
-    Gitlab::Auth::LDAP::Config.available_servers.each do |server|
+    Gitlab::Auth::Ldap::Config.available_servers.each do |server|
       # do not redeclare LDAP
       next if server['provider_name'] == 'ldap'

config/routes/user.rb

@@ -10,9 +10,9 @@ def override_omniauth(provider, controller, path_prefix = '/users/auth')
 end
 # Use custom controller for LDAP omniauth callback
-if Gitlab::Auth::LDAP::Config.sign_in_enabled?
+if Gitlab::Auth::Ldap::Config.sign_in_enabled?
   devise_scope :user do
-    Gitlab::Auth::LDAP::Config.available_servers.each do |server|
+    Gitlab::Auth::Ldap::Config.available_servers.each do |server|
       override_omniauth(server['provider_name'], 'ldap/omniauth_callbacks')
     end
   end

doc/administration/auth/ldap-ee.md

@@ -493,7 +493,7 @@ step of the sync.
 1. Run a group sync for this particular group.
    ```ruby
-   EE::Gitlab::Auth::LDAP::Sync::Group.execute_all_providers(group)
+   EE::Gitlab::Auth::Ldap::Sync::Group.execute_all_providers(group)
    ```
 1. Look through the output of the sync. See [example log output](#example-log-output)
@@ -503,11 +503,11 @@ step of the sync.
    run the following query:
    ```ruby
-   adapter = Gitlab::Auth::LDAP::Adapter.new('ldapmain') # If `main` is the LDAP provider
-   ldap_group = EE::Gitlab::Auth::LDAP::Group.find_by_cn('group_cn_here', adapter)
+   adapter = Gitlab::Auth::Ldap::Adapter.new('ldapmain') # If `main` is the LDAP provider
+   ldap_group = EE::Gitlab::Auth::Ldap::Group.find_by_cn('group_cn_here', adapter)
    # Output
-   => #<EE::Gitlab::Auth::LDAP::Group:0x007fcbdd0bb6d8
+   => #<EE::Gitlab::Auth::Ldap::Group:0x007fcbdd0bb6d8
    ```
 1. Query the LDAP group's member DNs and see if the user's DN is in the list.

doc/administration/high_availability/README.md

@@ -9,8 +9,8 @@ ensure that they are scalable and highly available. While these needs can be tac
 individually, they typically go hand in hand: a performant scalable environment
 will have availability by default, as its components are separated and pooled.
-On this page, we present recommendations for setups based on the number
-of users you expect. For larger setups we give several recommended
+On this page, we present a maturity model for a progression from simple to complex
+GitLab installations as your GitLab usage evolves. For larger setups we give several recommended
 architectures based on experience with GitLab.com and internal scale
 testing that aim to achieve the right balance between both scalability
 and availability.
@@ -20,9 +20,60 @@ watch [this 1 hour Q&A](https://www.youtube.com/watch?v=uCU8jdYzpac)
 with [John Northrup](https://gitlab.com/northrup), and live questions coming
 in from some of our customers.
+## Maturity levels
+
+### Level 1: Single-node Omnibus installation
+
+This solution is appropriate for many teams that have a single server at their disposal. With automatic backup of the GitLab repositories, configuration, and the database, this can be an optimal solution if you don't have strict availability requirements.
+
+This configuration is supported in [GitLab Starter, Premium and Ultimate](https://about.gitlab.com/pricing/).
+
+References:
+
+- [Installation Docs](../../install/README.html)
+- [Backup/Restore Docs](https://docs.gitlab.com/omnibus/settings/backups.html#backup-and-restore-omnibus-gitlab-configuration)
+
+### Level 2: Multiple application servers
+
+By separating components you can see a number of advantages compared to a single-node setup. Namely, you can:
+
+- Increase the number of users
+- Enable zero-downtime upgrades
+- Increase availability
+
+Additional application nodes will handle frontend traffic, with a load balancer in front to distribute traffic across those nodes. Meanwhile, each application node connects to a shared file server and database systems on the back end. This way, if one of the application servers fails, the workflow is not interrupted.
+
+This configuration is supported in [GitLab Starter, Premium and Ultimate](https://about.gitlab.com/pricing/).
+
+References:
+
+- [High Availability Reference Architectures](#reference-architectures), without HA components
+
+### Level 3: Highly Available
+
+By adding automatic failover for database systems, we can enable higher uptime with an additional layer of complexity.
+
+This configuration is supported in [GitLab Premium and Ultimate](https://about.gitlab.com/pricing/).
+
+References:
+
+- [High Availability Reference Architectures](#reference-architectures)
+
+### Level 4: GitLab Geo
+
+GitLab Geo allows you to replicate your GitLab instance to other geographical locations as a read-only fully operational instance that can also be promoted in case of disaster.
+
+This configuration is supported in [GitLab Premium and Ultimate](https://about.gitlab.com/pricing/).
+
+References:
+
+- [Geo Documentation](../../gitlab-geo/README.html)
+- [GitLab Geo with a highly available configuration](../geo/replication/high_availability.html)
+
 ## Recommended setups based on number of users
 - 1 - 1000 Users: A single-node [Omnibus](https://docs.gitlab.com/omnibus/) setup with frequent backups. Refer to the [requirements page](../../install/requirements.md) for further details of the specs you will require.
+- 1000 - 10000 Users: A scaled environment based on one of our [Reference Architectures](#reference-architectures), without the HA components applied. This can be a reasonable step towards a fully HA environment.
 - 2000 - 50000+ Users: A scaled HA environment based on one of our [Reference Architectures](#reference-architectures) below.
 ## GitLab components and configuration instructions

doc/administration/troubleshooting/gitlab_rails_cheat_sheet.md

@@ -626,7 +626,7 @@ EE::Gitlab::LDAP::Sync::Group.execute_all_providers(group)
 # Run a GroupSync for a single group (10.6+)
 group = Group.find_by(name: 'my_gitlab_group')
-EE::Gitlab::Auth::LDAP::Sync::Group.execute_all_providers(group)
+EE::Gitlab::Auth::Ldap::Sync::Group.execute_all_providers(group)
 # Query an LDAP group directly (10.6-)
 adapter = Gitlab::LDAP::Adapter.new('ldapmain') # If `main` is the LDAP provider
@@ -635,20 +635,20 @@ ldap_group.member_dns
 ldap_group.member_uids
 # Query an LDAP group directly (10.6+)
-adapter = Gitlab::Auth::LDAP::Adapter.new('ldapmain') # If `main` is the LDAP provider
-ldap_group = EE::Gitlab::Auth::LDAP::Group.find_by_cn('group_cn_here', adapter)
+adapter = Gitlab::Auth::Ldap::Adapter.new('ldapmain') # If `main` is the LDAP provider
+ldap_group = EE::Gitlab::Auth::Ldap::Group.find_by_cn('group_cn_here', adapter)
 ldap_group.member_dns
 ldap_group.member_uids
 # Lookup a particular user (10.6+)
 # This could expose potential errors connecting to and/or querying LDAP that may seem to
 # fail silently in the GitLab UI
-adapter = Gitlab::Auth::LDAP::Adapter.new('ldapmain') # If `main` is the LDAP provider
-user = Gitlab::Auth::LDAP::Person.find_by_uid('<username>',adapter)
+adapter = Gitlab::Auth::Ldap::Adapter.new('ldapmain') # If `main` is the LDAP provider
+user = Gitlab::Auth::Ldap::Person.find_by_uid('<username>',adapter)
 # Query the LDAP server directly (10.6+)
 ## For an example, see https://gitlab.com/gitlab-org/gitlab/blob/master/ee/lib/ee/gitlab/auth/ldap/adapter.rb
-adapter = Gitlab::Auth::LDAP::Adapter.new('ldapmain')
+adapter = Gitlab::Auth::Ldap::Adapter.new('ldapmain')
 options = {
     # the :base is required
     # use adapter.config.base for the base or .group_base for the group_base

doc/ci/merge_request_pipelines/index.md

@@ -188,7 +188,7 @@ External users could steal secret variables from the parent project by modifying
 We're discussing a secure solution of running pipelines for merge requests
 that are submitted from forked projects,
-see [the issue about the permission extension](https://gitlab.com/gitlab-org/gitlab-foss/issues/23902).
+see [the issue about the permission extension](https://gitlab.com/gitlab-org/gitlab/-/issues/11934).
 ## Additional predefined variables

lib/gitlab/auth.rb

@@ -88,7 +88,7 @@ module Gitlab
           else
             # If no user is provided, try LDAP.
             #   LDAP users are only authenticated via LDAP
-            authenticators << Gitlab::Auth::LDAP::Authentication
+            authenticators << Gitlab::Auth::Ldap::Authentication
           end
           authenticators.compact!
@@ -134,7 +134,7 @@ module Gitlab
       end
       def authenticate_using_internal_or_ldap_password?
-        Gitlab::CurrentSettings.password_authentication_enabled_for_git? || Gitlab::Auth::LDAP::Config.enabled?
+        Gitlab::CurrentSettings.password_authentication_enabled_for_git? || Gitlab::Auth::Ldap::Config.enabled?
       end
       def service_request_check(login, password, project)

lib/gitlab/auth/ldap/access.rb

@@ -6,14 +6,14 @@
 #
 module Gitlab
   module Auth
-    module LDAP
+    module Ldap
       class Access
-        prepend_if_ee('::EE::Gitlab::Auth::LDAP::Access') # rubocop: disable Cop/InjectEnterpriseEditionModule
+        prepend_if_ee('::EE::Gitlab::Auth::Ldap::Access') # rubocop: disable Cop/InjectEnterpriseEditionModule
         attr_reader :provider, :user, :ldap_identity
         def self.open(user, &block)
-          Gitlab::Auth::LDAP::Adapter.open(user.ldap_identity.provider) do |adapter|
+          Gitlab::Auth::Ldap::Adapter.open(user.ldap_identity.provider) do |adapter|
             block.call(self.new(user, adapter))
           end
         end
@@ -50,7 +50,7 @@ module Gitlab
             end
             # Block user in GitLab if they were blocked in AD
-            if Gitlab::Auth::LDAP::Person.disabled_via_active_directory?(ldap_identity.extern_uid, adapter)
+            if Gitlab::Auth::Ldap::Person.disabled_via_active_directory?(ldap_identity.extern_uid, adapter)
               block_user(user, 'is disabled in Active Directory')
               false
             else
@@ -62,7 +62,7 @@ module Gitlab
             block_user(user, 'does not exist anymore')
             false
           end
-        rescue LDAPConnectionError
+        rescue LdapConnectionError
           false
         end
@@ -73,11 +73,11 @@ module Gitlab
         private
         def adapter
-          @adapter ||= Gitlab::Auth::LDAP::Adapter.new(provider)
+          @adapter ||= Gitlab::Auth::Ldap::Adapter.new(provider)
         end
         def ldap_config
-          Gitlab::Auth::LDAP::Config.new(provider)
+          Gitlab::Auth::Ldap::Config.new(provider)
         end
         def ldap_user
@@ -87,7 +87,7 @@ module Gitlab
         end
         def find_ldap_user
-          Gitlab::Auth::LDAP::Person.find_by_dn(ldap_identity.extern_uid, adapter)
+          Gitlab::Auth::Ldap::Person.find_by_dn(ldap_identity.extern_uid, adapter)
         end
         def block_user(user, reason)

lib/gitlab/auth/ldap/adapter.rb

@@ -2,9 +2,9 @@
 module Gitlab
   module Auth
-    module LDAP
+    module Ldap
       class Adapter
-        prepend_if_ee('::EE::Gitlab::Auth::LDAP::Adapter') # rubocop: disable Cop/InjectEnterpriseEditionModule
+        prepend_if_ee('::EE::Gitlab::Auth::Ldap::Adapter') # rubocop: disable Cop/InjectEnterpriseEditionModule
         SEARCH_RETRY_FACTOR = [1, 1, 2, 3].freeze
         MAX_SEARCH_RETRIES = Rails.env.test? ? 1 : SEARCH_RETRY_FACTOR.size.freeze
@@ -18,7 +18,7 @@ module Gitlab
         end
         def self.config(provider)
-          Gitlab::Auth::LDAP::Config.new(provider)
+          Gitlab::Auth::Ldap::Config.new(provider)
         end
         def initialize(provider, ldap = nil)
@@ -27,7 +27,7 @@ module Gitlab
         end
         def config
-          Gitlab::Auth::LDAP::Config.new(provider)
+          Gitlab::Auth::Ldap::Config.new(provider)
         end
         def users(fields, value, limit = nil)
@@ -75,7 +75,7 @@ module Gitlab
             renew_connection_adapter
             retry
           else
-            raise LDAPConnectionError, error_message
+            raise LdapConnectionError, error_message
           end
         end
@@ -91,13 +91,13 @@ module Gitlab
           end
           entries.map do |entry|
-            Gitlab::Auth::LDAP::Person.new(entry, provider)
+            Gitlab::Auth::Ldap::Person.new(entry, provider)
           end
         end
         def user_options(fields, value, limit)
           options = {
-            attributes: Gitlab::Auth::LDAP::Person.ldap_attributes(config),
+            attributes: Gitlab::Auth::Ldap::Person.ldap_attributes(config),
             base: config.base
           }

lib/gitlab/auth/ldap/auth_hash.rb

@@ -4,10 +4,10 @@
 #
 module Gitlab
   module Auth
-    module LDAP
+    module Ldap
       class AuthHash < Gitlab::Auth::OAuth::AuthHash
         def uid
-          @uid ||= Gitlab::Auth::LDAP::Person.normalize_dn(super)
+          @uid ||= Gitlab::Auth::Ldap::Person.normalize_dn(super)
         end
         def username
@@ -42,7 +42,7 @@ module Gitlab
         end
         def ldap_config
-          @ldap_config ||= Gitlab::Auth::LDAP::Config.new(self.provider)
+          @ldap_config ||= Gitlab::Auth::Ldap::Config.new(self.provider)
         end
       end
     end

lib/gitlab/auth/ldap/authentication.rb

@@ -8,10 +8,10 @@
 module Gitlab
   module Auth
-    module LDAP
+    module Ldap
       class Authentication < Gitlab::Auth::OAuth::Authentication
         def self.login(login, password)
-          return unless Gitlab::Auth::LDAP::Config.enabled?
+          return unless Gitlab::Auth::Ldap::Config.enabled?
           return unless login.present? && password.present?
           # return found user that was authenticated by first provider for given login credentials
@@ -22,7 +22,7 @@ module Gitlab
         end
         def self.providers
-          Gitlab::Auth::LDAP::Config.providers
+          Gitlab::Auth::Ldap::Config.providers
         end
         def login(login, password)
@@ -33,7 +33,7 @@ module Gitlab
           )
           return unless result
-          @user = Gitlab::Auth::LDAP::User.find_by_uid_and_provider(result.dn, provider)
+          @user = Gitlab::Auth::Ldap::User.find_by_uid_and_provider(result.dn, provider)
         end
         def adapter
@@ -41,7 +41,7 @@ module Gitlab
         end
         def config
-          Gitlab::Auth::LDAP::Config.new(provider)
+          Gitlab::Auth::Ldap::Config.new(provider)
         end
         def user_filter(login)

lib/gitlab/auth/ldap/config.rb

@@ -3,9 +3,9 @@
 # Load a specific server configuration
 module Gitlab
   module Auth
-    module LDAP
+    module Ldap
       class Config
-        prepend_if_ee('::EE::Gitlab::Auth::LDAP::Config') # rubocop: disable Cop/InjectEnterpriseEditionModule
+        prepend_if_ee('::EE::Gitlab::Auth::Ldap::Config') # rubocop: disable Cop/InjectEnterpriseEditionModule
         NET_LDAP_ENCRYPTION_METHOD = {
           simple_tls: :simple_tls,

lib/gitlab/auth/ldap/dn.rb

@@ -21,7 +21,7 @@
 # class also helps take care of that.
 module Gitlab
   module Auth
-    module LDAP
+    module Ldap
       class DN
         FormatError = Class.new(StandardError)
         MalformedError = Class.new(FormatError)

lib/gitlab/auth/ldap/ldap_connection_error.rb

@@ -2,8 +2,8 @@
 module Gitlab
   module Auth
-    module LDAP
-      LDAPConnectionError = Class.new(StandardError)
+    module Ldap
+      LdapConnectionError = Class.new(StandardError)
     end
   end
 end

lib/gitlab/auth/ldap/person.rb

@@ -2,9 +2,9 @@
 module Gitlab
   module Auth
-    module LDAP
+    module Ldap
       class Person
-        prepend_if_ee('::EE::Gitlab::Auth::LDAP::Person') # rubocop: disable Cop/InjectEnterpriseEditionModule
+        prepend_if_ee('::EE::Gitlab::Auth::Ldap::Person') # rubocop: disable Cop/InjectEnterpriseEditionModule
         # Active Directory-specific LDAP filter that checks if bit 2 of the
         # userAccountControl attribute is set.
@@ -45,8 +45,8 @@ module Gitlab
         end
         def self.normalize_dn(dn)
-          ::Gitlab::Auth::LDAP::DN.new(dn).to_normalized_s
-        rescue ::Gitlab::Auth::LDAP::DN::FormatError => e
+          ::Gitlab::Auth::Ldap::DN.new(dn).to_normalized_s
+        rescue ::Gitlab::Auth::Ldap::DN::FormatError => e
           Rails.logger.info("Returning original DN \"#{dn}\" due to error during normalization attempt: #{e.message}") # rubocop:disable Gitlab/RailsLogger
           dn
@@ -57,8 +57,8 @@ module Gitlab
         # 1. Excess spaces are stripped
         # 2. The string is downcased (for case-insensitivity)
         def self.normalize_uid(uid)
-          ::Gitlab::Auth::LDAP::DN.normalize_value(uid)
-        rescue ::Gitlab::Auth::LDAP::DN::FormatError => e
+          ::Gitlab::Auth::Ldap::DN.normalize_value(uid)
+        rescue ::Gitlab::Auth::Ldap::DN::FormatError => e
           Rails.logger.info("Returning original UID \"#{uid}\" due to error during normalization attempt: #{e.message}") # rubocop:disable Gitlab/RailsLogger
           uid
@@ -103,7 +103,7 @@ module Gitlab
         attr_reader :entry
         def config
-          @config ||= Gitlab::Auth::LDAP::Config.new(provider)
+          @config ||= Gitlab::Auth::Ldap::Config.new(provider)
         end
         # Using the LDAP attributes configuration, find and return the first

lib/gitlab/auth/ldap/user.rb

@@ -8,10 +8,10 @@
 #
 module Gitlab
   module Auth
-    module LDAP
+    module Ldap
       class User < Gitlab::Auth::OAuth::User
         extend ::Gitlab::Utils::Override
-        prepend_if_ee('::EE::Gitlab::Auth::LDAP::User') # rubocop: disable Cop/InjectEnterpriseEditionModule
+        prepend_if_ee('::EE::Gitlab::Auth::Ldap::User') # rubocop: disable Cop/InjectEnterpriseEditionModule
         class << self
           # rubocop: disable CodeReuse/ActiveRecord
@@ -46,7 +46,7 @@ module Gitlab
         end
         def allowed?
-          Gitlab::Auth::LDAP::Access.allowed?(gl_user)
+          Gitlab::Auth::Ldap::Access.allowed?(gl_user)
         end
         def valid_sign_in?
@@ -54,11 +54,11 @@ module Gitlab
         end
         def ldap_config
-          Gitlab::Auth::LDAP::Config.new(auth_hash.provider)
+          Gitlab::Auth::Ldap::Config.new(auth_hash.provider)
         end
         def auth_hash=(auth_hash)
-          @auth_hash = Gitlab::Auth::LDAP::AuthHash.new(auth_hash)
+          @auth_hash = Gitlab::Auth::Ldap::AuthHash.new(auth_hash)
         end
       end
     end