Signed-off-by: Takuya Noguchi <takninnovationresearch@gmail.com>

This is the same as gitlab-shell's default. This is to ensure
that it's always set.

It needs to be the same as gitlab-shell's default because we
don't set a default value in omnibus-gitlab. If users don't
set the value of that config in their install and they upgraded,
we must ensure that it's still going to point to the same
authorized keys file.

This key is useful to reduce the amount of logic needed on the frontend:
if `has_warnings` is true, then the frontend knows that the request in
question has warnings for some metric.

(cherry picked from commit 897a9d308db46b620b738b98f2b0e5630ac7d2dd)

allow_bypass_two_factor configration dose not work with saml provider

User images and videos will get proxied through
the Camo server in order to keep malicious
sites from collecting the IP address of users.

Remove the visual review toolbar code
in favor of using the NPM package.

Andrew Newdigate authored 5 years ago and Nick Thomas committed 5 years ago

This change adds Distributed Tracing support for two new types of events

1. Redis Calls
1. ActiveSupport (Rails) Caching Operations

The intention is to help application developers and infrastructure
SREs to understand the pressure that caching operations can have on
the application when running at scale.

The Redis and Caching spans can be viewed in the Jaeger UI by clicking
the "Trace" link in the performance bar when running on GDK.

`ActiveSupport::Cache::RedisCacheStore` is not compatible with the
version of Rack Attack we are using (v4.4.1) per
https://github.com/kickstarter/rack-attack/issues/281. Users that had
rate limits enabled might see `Redis::CommandError: ERR value is not an
integer or out of range` because the `raw` parameter wasn't passed along
properly. As a result, the Rack Attack entry would be stored as an
`ActiveSupport::Cache::Entry` instead of a raw string holding an integer
value.

Let's partially revert the change in
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/30966 to use the
original cache store until we can update to Rack Attack v5.2.3 that has
support for `ActiveSupport::Cache::RedisCacheStore` via
https://github.com/kickstarter/rack-attack/pull/350.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/66449

This enables CSP in dev and CI

Adds a time series component for line and area charts.
Displays new charts in the dashboard.

- Use dynamic components for line/area swapping
- Add new line charts to dashboard in 2 panels

Transform `CancelledError` into `JobRetry::Skip`

This makes:
- very shallow `Middleware::Monitor` to only request tracking
  of sidekiq jobs,
- `SidekiqStatus::Monitor` to be responsible to maintain persistent
  connection to receive messages,
- `SidekiqStatus::Monitor` to always use structured logging
  and instance variables

Kamil Trzcińśki authored 5 years ago and Qingyu Zhao committed 5 years ago

This adds a middleware to track all threads
for running jobs.

This makes sidekiq to watch for redis-delivered notifications.

This makes be able to send notification to interrupt
running sidekiq jobs.

This does not take into account any native code,
as `Thread.raise` generates exception once the control gets
back to Ruby.

The separate measure should be taken to interrupt gRPC, shellouts,
or anything else that escapes Ruby.

Doc for multi-indices archtecture

Kubeclient uses rest-client. We hack into to access the net/http object
so that we can patch to connect to the resolved IP + set
hostname_override.

Add specs for discord. The discord integration also uses rest-client, so
since we patched rest-client, spec that the DNS rebinding protection
works

Previously we asked a user to enter a new slug before taking them to
the Create Page page.

As a UX improvement, we now take them to a randomly generated URI so
they can begin creating their new page.

https://gitlab.com/gitlab-org/gitlab-ce/issues/46299

Stan Hu authored 5 years ago and Mayra Cabrera committed 5 years ago

Current `auth.log` uses `fullpath` and `ip`, while `api_json.log` uses
`remote_ip` and `path` for the same fields. Let's standardize these
namings to make it easier for people working with the data.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/66167

- Add mail interceptor the signs outgoing email with SMIME
- Add lib and helpers to work with SMIME data
- New configuration params for setting up SMIME key and cert files

After moving the multiproc dir cleanup into `config.ru`:`warmup`, we
stopped cleaning Sidekiq metrics dir which is not correct.
This MR intended to fix that. More details:
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/31668

For the QA tests to use the new injection methods, we must require the
initializer and ensure that the "constantize" method is available.

CE-specific changes for:
https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/15129



Co-Authored-By: Alex Kalderimis <akalderimis@gitlab.com>
Co-Authored-By: Luke Duncalfe <lduncalfe@eml.cc>

Old cookies are still valid and are automatically
upgraded by Rails

Querying all counts for the different search results in the same request
led to timeouts, so we now only calculate the count for the *current*
search results, and request the others in separate asynchronous calls.

When we hit our app with the initial request, in `warmup`,
some metrics already being created as well as corresponding files.
If we do `multiproc_file_dir` cleanup after that, we delete the files
from the dir while keeping them in memory which leads to the incorrect
behavior: the metric is being updated in in-memory, while is not present
in the db, not sent to Prometheus as the result.