Merge branch '14-9-stable-ee-patch-1' into '14-9-stable-ee'

Prepare 14.9.1-ee release See merge request gitlab-org/gitlab!83388

Merge branch '14-9-stable-ee-patch-1' into '14-9-stable-ee'
d7ba92b3 · Reuben Pereira · 1fdefb34 · 96b3bd61 · d7ba92b3 · d7ba92b3
Commit d7ba92b3 authored 2 years ago by Reuben Pereira
--- a/app/controllers/admin/application_settings_controller.rb
+++ b/app/controllers/admin/application_settings_controller.rb
@@ -202,7 +202,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
    Gitlab::QueryLimiting.disable!('https://gitlab.com/gitlab-org/gitlab/-/issues/29418')
  end
  
-  def application_setting_params
+  def application_setting_params # rubocop:disable Metrics/AbcSize
    params[:application_setting] ||= {}
  
    if params[:application_setting].key?(:enabled_oauth_sign_in_sources)
@@ -229,6 +229,10 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
    params.delete(:domain_denylist_raw) if params[:domain_denylist]
    params.delete(:domain_allowlist_raw) if params[:domain_allowlist]
  
+    if params[:application_setting].key?(:user_email_lookup_limit)
+      params[:application_setting][:search_rate_limit] ||= params[:application_setting][:user_email_lookup_limit]
+    end
+
    params[:application_setting].permit(visible_application_setting_attributes)
  end
  

--- a/data/deprecations/14-9-background-upload.yml
+++ b/data/deprecations/14-9-background-upload.yml
+- name: "Background upload for object storage"
+  announcement_milestone: "14.9"
+  announcement_date: "2022-03-22"
+  removal_milestone: "15.0"
+  removal_date: "2022-05-22"
+  breaking_change: true
+  reporter: fzimmer
+  body: |  # Do not modify this line, instead modify the lines below.
+    To reduce the overall complexity and maintenance burden of GitLab's [object storage feature](https://docs.gitlab.com/ee/administration/object_storage.html), support for using `background_upload` to upload files is deprecated and will be fully removed in GitLab 15.0.
+
+    This impacts a small subset of object storage providers:
+
+    - **OpenStack** Customers using OpenStack need to change their configuration to use the S3 API instead of Swift.
+    - **RackSpace** Customers using RackSpace-based object storage need to migrate data to a different provider.
+
+    GitLab will publish additional guidance to assist affected customers in migrating.
+  stage: Enablement
+  tiers: [Core, Premium, Ultimate]
+  issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/26600
+  documentation_url: https://docs.gitlab.com/ee/administration/object_storage.html
--- a/data/deprecations/14-9-deprecate-debian-9.yml
+++ b/data/deprecations/14-9-deprecate-debian-9.yml
+- name: "Deprecate support for Debian 9"
+  announcement_milestone: "14.9"
+  announcement_date: "2022-03-22"
+  removal_milestone: "15.1"
+  removal_date: "2022-06-22"
+  body: |
+    Long term service and support (LTSS) for [Debian 9 Stretch ends in July 2022](https://wiki.debian.org/LTS). Therefore, we will longer support the Debian 9 distribution for the GitLab package. Users can upgrade to Debian 10 or Debian 11.
--- a/data/deprecations/14-9-global-search-deprecate-user-email-lookup-limit.yml
+++ b/data/deprecations/14-9-global-search-deprecate-user-email-lookup-limit.yml
+- name: "user_email_lookup_limit API field"
+  announcement_milestone: "14.9"
+  announcement_date: "2022-03-22"
+  removal_milestone: "15.0"
+  removal_date: "2022-05-22"
+  breaking_change: true
+  reporter: fzimmer
+  body: |  # Do not modify this line, instead modify the lines below.
+    The `user_email_lookup_limit` [API field](https://docs.gitlab.com/ee/api/settings.html) is deprecated and will be removed in GitLab 15.0. Until GitLab 15.0, `user_email_lookup_limit` is aliased to `search_rate_limit` and existing workflows will continue to work.
+
+    Any API calls attempting to change the rate limits for `user_email_lookup_limit` should use `search_rate_limit` instead.
--- a/doc/administration/geo/replication/version_specific_updates.md
+++ b/doc/administration/geo/replication/version_specific_updates.md
@@ -10,6 +10,14 @@ Review this page for update instructions for your version. These steps
 accompany the [general steps](updating_the_geo_sites.md#general-update-steps)
 for updating Geo sites.
  
+## Updating to 14.9
+
+**DO NOT** update to GitLab 14.9.0. 
+
+We've discovered an issue with Geo's CI verification feature that may [cause job traces to be lost](https://gitlab.com/gitlab-com/gl-infra/production/-/issues/6664). This issue will be fixed in the next patch release.
+
+If you have already updated to GitLab 14.9.0, you can disable the feature causing the issue by [disabling the `geo_job_artifact_replication` feature flag](../../feature_flags.md#how-to-enable-and-disable-features-behind-flags).
+
 ## Updating to 14.2 through 14.7
  
 There is [an issue in GitLab 14.2 through 14.7](https://gitlab.com/gitlab-org/gitlab/-/issues/299819#note_822629467)

--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -11024,7 +11024,7 @@ four standard [pagination arguments](#connection-pagination-arguments):
  
 ##### `GeoNode.jobArtifactRegistries`
  
-Find Job Artifact registries on this Geo node.
+Find Job Artifact registries on this Geo node Available only when feature flag `geo_job_artifact_replication` is enabled. This flag is disabled by default, because the feature is experimental and is subject to change without notice.
  
 Returns [`JobArtifactRegistryConnection`](#jobartifactregistryconnection).
  
--- a/doc/api/settings.md
+++ b/doc/api/settings.md
@@ -390,7 +390,7 @@ listed in the descriptions of the relevant settings.
 | `push_event_hooks_limit`                 | integer          | no                                   | Number of changes (branches or tags) in a single push to determine whether webhooks and services fire or not. Webhooks and services aren't submitted if it surpasses that value. |
 | `rate_limiting_response_text`            | string           | no                                   | When rate limiting is enabled via the `throttle_*` settings, send this plain text response when a rate limit is exceeded. 'Retry later' is sent if this is blank. |
 | `raw_blob_request_limit`                 | integer          | no                                   | Max number of requests per minute for each raw path. Default: 300. To disable throttling set to 0.|
-| `user_email_lookup_limit`                | integer          | no                                   | **{warning}** **[Removed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/80631/)** in GitLab 14.9. Replaced by `search_rate_limit`. Max number of requests per minute for email lookup. Default: 60. To disable throttling set to 0.|
+| `user_email_lookup_limit`                | integer          | no                                   | **{warning}** **[Deprecated](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/80631/)** in GitLab 14.9 will be removed in 15.0. Replaced by `search_rate_limit`. Max number of requests per minute for email lookup. Default: 60. To disable throttling set to 0.|
 | `search_rate_limit`                      | integer          | no                                   | Max number of requests per minute for performing a search while authenticated. Default: 30. To disable throttling set to 0.|
 | `search_rate_limit_unauthenticated`      | integer          | no                                   | Max number of requests per minute for performing a search while unauthenticated. Default: 10. To disable throttling set to 0.|
 | `recaptcha_enabled`                      | boolean          | no                                   | (**If enabled, requires:** `recaptcha_private_key` and `recaptcha_site_key`) Enable reCAPTCHA. |

--- a/doc/update/deprecations.md
+++ b/doc/update/deprecations.md
@@ -38,6 +38,31 @@ For deprecation reviewers (Technical Writers only):
  
 ## 14.9
  
+### Background upload for object storage
+
+WARNING:
+This feature will be changed or removed in 15.0
+as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
+Before updating GitLab, review the details carefully to determine if you need to make any
+changes to your code, settings, or workflow.
+
+To reduce the overall complexity and maintenance burden of GitLab's [object storage feature](https://docs.gitlab.com/ee/administration/object_storage.html), support for using `background_upload` to upload files is deprecated and will be fully removed in GitLab 15.0.
+
+This impacts a small subset of object storage providers:
+
+- **OpenStack** Customers using OpenStack need to change their configuration to use the S3 API instead of Swift.
+- **RackSpace** Customers using RackSpace-based object storage need to migrate data to a different provider.
+
+GitLab will publish additional guidance to assist affected customers in migrating.
+
+**Planned removal milestone: 15.0 (2022-05-22)**
+
+### Deprecate support for Debian 9
+
+Long term service and support (LTSS) for [Debian 9 Stretch ends in July 2022](https://wiki.debian.org/LTS). Therefore, we will longer support the Debian 9 distribution for the GitLab package. Users can upgrade to Debian 10 or Debian 11.
+
+**Planned removal milestone: 15.1 (2022-06-22)**
+
 ### GitLab Pages running as daemon
  
 In 15.0, support for daemon mode for GitLab Pages will be removed.
@@ -109,6 +134,20 @@ Since it isn't used in the context of GitLab (the product), `htpasswd` authentic
  
 **Planned removal milestone: 15.0 (2022-05-22)**
  
+### user_email_lookup_limit API field
+
+WARNING:
+This feature will be changed or removed in 15.0
+as a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes).
+Before updating GitLab, review the details carefully to determine if you need to make any
+changes to your code, settings, or workflow.
+
+The `user_email_lookup_limit` [API field](https://docs.gitlab.com/ee/api/settings.html) is deprecated and will be removed in GitLab 15.0. Until GitLab 15.0, `user_email_lookup_limit` is aliased to `search_rate_limit` and existing workflows will continue to work.
+
+Any API calls attempting to change the rate limits for `user_email_lookup_limit` should use `search_rate_limit` instead.
+
+**Planned removal milestone: 15.0 (2022-05-22)**
+
 ## 14.8
  
 ### Changes to the `CI_JOB_JWT`

--- a/ee/app/graphql/types/geo/geo_node_type.rb
+++ b/ee/app/graphql/types/geo/geo_node_type.rb
@@ -19,7 +19,8 @@ module Types
      field :job_artifact_registries, ::Types::Geo::JobArtifactRegistryType.connection_type,
            null: true,
            resolver: ::Resolvers::Geo::JobArtifactRegistriesResolver,
-            description: 'Find Job Artifact registries on this Geo node'
+            description: 'Find Job Artifact registries on this Geo node',
+            feature_flag: :geo_job_artifact_replication
      field :lfs_object_registries, ::Types::Geo::LfsObjectRegistryType.connection_type,
            null: true,
            resolver: ::Resolvers::Geo::LfsObjectRegistriesResolver,

--- a/ee/app/replicators/geo/job_artifact_replicator.rb
+++ b/ee/app/replicators/geo/job_artifact_replicator.rb
@@ -13,6 +13,12 @@ module Geo
      model_record.file
    end
  
+    # The feature flag follows the format `geo_#{replicable_name}_replication`,
+    # so here it would be `geo_job_artifact_replication`
+    def self.replication_enabled_by_default?
+      false
+    end
+
    override :verification_feature_flag_enabled?
    def self.verification_feature_flag_enabled?
      # We are adding verification at the same time as replication, so we

--- a/ee/config/feature_flags/development/geo_job_artifact_replication.yml
+++ b/ee/config/feature_flags/development/geo_job_artifact_replication.yml
 ---
 name: geo_job_artifact_replication
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/issues/327400
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/353995
+rollout_issue_url:
 milestone: '14.8'
 type: development
 group: group::geo
-default_enabled: true
+default_enabled: false
--- a/lib/backup/manager.rb
+++ b/lib/backup/manager.rb
@@ -144,7 +144,6 @@ module Backup
    def run_restore_task(task_name)
      definition = @definitions[task_name]
  
-      read_backup_information
      puts_time "Restoring #{definition.task.human_name} ... ".color(:blue)
  
      unless definition.task.enabled
@@ -483,7 +482,7 @@ module Backup
    end
  
    def repository_backup_strategy(incremental)
-      if Feature.enabled?(:gitaly_backup, default_enabled: :yaml)
+      if !Feature.feature_flags_available? || Feature.enabled?(:gitaly_backup, default_enabled: :yaml)
        max_concurrency = ENV['GITLAB_BACKUP_MAX_CONCURRENCY'].presence
        max_storage_concurrency = ENV['GITLAB_BACKUP_MAX_STORAGE_CONCURRENCY'].presence
        Backup::GitalyBackup.new(progress, incremental: incremental, max_parallelism: max_concurrency, storage_parallelism: max_storage_concurrency)

--- a/spec/controllers/admin/application_settings_controller_spec.rb
+++ b/spec/controllers/admin/application_settings_controller_spec.rb
@@ -291,6 +291,46 @@ RSpec.describe Admin::ApplicationSettingsController, :do_not_mock_admin_mode_set
        end
      end
    end
+
+    describe 'user_email_lookup_limit aliasing' do
+      let(:application_setting) { ApplicationSetting.current }
+      let(:user_email_lookup_limit) { 8675 }
+      let(:search_rate_limit) { 309 }
+
+      context 'when search_rate_limit is specified' do
+        let(:settings_params) do
+          {
+            user_email_lookup_limit: user_email_lookup_limit,
+            search_rate_limit: search_rate_limit
+          }
+        end
+
+        it 'updates search_rate_limit with correct value' do
+          expect(application_setting.search_rate_limit).not_to eq user_email_lookup_limit
+          expect(application_setting.search_rate_limit).not_to eq search_rate_limit
+
+          put :update, params: { application_setting: settings_params }
+
+          expect(application_setting.reload.search_rate_limit).to eq search_rate_limit
+        end
+      end
+
+      context 'when search_rate_limit is not specified' do
+        let(:settings_params) do
+          {
+            user_email_lookup_limit: search_rate_limit
+          }
+        end
+
+        it 'applies user_email_lookup_limit value to search_rate_limit' do
+          expect(application_setting.search_rate_limit).not_to eq search_rate_limit
+
+          put :update, params: { application_setting: settings_params }
+
+          expect(application_setting.reload.search_rate_limit).to eq search_rate_limit
+        end
+      end
+    end
  end
  
  describe 'PUT #reset_registration_token' do

--- a/spec/factories/ci/job_artifacts.rb
+++ b/spec/factories/ci/job_artifacts.rb
@@ -7,7 +7,7 @@ FactoryBot.define do
    file_format { :zip }
  
    trait :expired do
-      expire_at { Date.yesterday }
+      expire_at { Time.current.yesterday.change(minute: 9) }
    end
  
    trait :locked do

--- a/spec/models/ci/deleted_object_spec.rb
+++ b/spec/models/ci/deleted_object_spec.rb
@@ -22,7 +22,7 @@ RSpec.describe Ci::DeletedObject, :aggregate_failures do
        expect(deleted_artifact.file_store).to eq(artifact.file_store)
        expect(deleted_artifact.store_dir).to eq(artifact.file.store_dir.to_s)
        expect(deleted_artifact.file_identifier).to eq(artifact.file_identifier)
-        expect(deleted_artifact.pick_up_at).to eq(artifact.expire_at)
+        expect(deleted_artifact.pick_up_at).to be_like_time(artifact.expire_at)
      end
    end