Basic `/internal/pages` endpoint that will be used for Pages virtual
domains internal API. The endpoint is currently behind feature flag and
provides authetication similar to how Workhorse is authenticating with
the GitLab.

This is the same as gitlab-shell's default. This is to ensure
that it's always set.

It needs to be the same as gitlab-shell's default because we
don't set a default value in omnibus-gitlab. If users don't
set the value of that config in their install and they upgraded,
we must ensure that it's still going to point to the same
authorized keys file.

allow_bypass_two_factor configration dose not work with saml provider

- Add mail interceptor the signs outgoing email with SMIME
- Add lib and helpers to work with SMIME data
- New configuration params for setting up SMIME key and cert files

Stan Hu authored 5 years ago and Ash McKenzie committed 5 years ago

A nonce-based Content-Security-Policy thwarts XSS attacks by allowing
inline JavaScript to execute if the script nonce matches the header
value. Rails 5.2 supports nonce-based Content-Security-Policy headers,
so provide configuration to enable this and make it work.

To support this, we need to change all `:javascript` HAML filters to the
following form:

```
= javascript_tag nonce: true do
  :plain
    ...
```

We use `%script` throughout our HAML to store JSON and other text, but
since this doesn't execute, browsers don't appear to block this content
from being used and require the nonce value to be present.

Introducing Docker Registry replication

This is the first part of Docker Registry replication
    for secondary Geo node.

Suggests to use a JSON structured log instead

Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/54102

- Add two new ActiveRecord models:
  - RootNamespaceStoragestatistics will persist root namespace statistics
  - NamespaceAggregationSchedule will save information when a new update
to the namespace statistics needs to be scheduled
- Inject into UpdateProjectStatistics concern a new callback that will
call an async job to insert a new row onto NamespaceAggregationSchedule
table
- When a new row is inserted a new job is scheduled. This job will
update call an specific service to update the statistics and after that
it will delete thee aggregated scheduled row
- The RefresherServices makes heavy use of arel to build composable
queries to update Namespace::RootStorageStatistics attributes.
- Add an extra worker to traverse pending rows on
NAmespace::AggregationSchedule table and schedule a worker for each one
of this rows.
- Add an extra worker to traverse pending rows on
NAmespace::AggregationSchedule table and schedule a worker for each one
of this rows

This brings parity between the two versions.

vshushlin authored 5 years ago and Nick Thomas committed 5 years ago

Add index for pages domain ssl auto renewal
Add PagesDomain.needs_ssl_renewal scope
Add cron worker for ssl renewal
Add worker for ssl renewal
Add pages ssl renewal worker queues settings

To make this happen, we need to conditionally add the group_saml
strategy when running tests, but only on EE. This requires some changes
to Gitlab.ee? so that it can be used before/without loading the Rails
environment. We also have to change how we require a few files, so this
can run outside of Rails.

This sampler gathers Puma-specific metrics which can be used by
Prometheus then.