Add latest changes from gitlab-org/gitlab@master

8 files changed, 25 insertions, 178 deletions

diff --git a/app/controllers/projects/google_cloud_controller.rb b/app/controllers/projects/google_cloud_controller.rb
index d185457aeb3..c62b80fe7ac 100644
--- a/app/controllers/projects/google_cloud_controller.rb
+++ b/app/controllers/projects/google_cloud_controller.rb
@@ -1,16 +1,29 @@
 # frozen_string_literal: true
 
 class Projects::GoogleCloudController < Projects::ApplicationController
-  before_action :authorize_can_manage_google_cloud_deployments!
+  feature_category :google_cloud
 
-  feature_category :release_orchestration
+  before_action :admin_project_google_cloud?
+  before_action :google_oauth2_enabled?
+  before_action :feature_flag_enabled?
 
   def index
   end
 
   private
 
-  def authorize_can_manage_google_cloud_deployments!
-    access_denied! unless can?(current_user, :manage_project_google_cloud, project)
+  def admin_project_google_cloud?
+    access_denied! unless can?(current_user, :admin_project_google_cloud, project)
+  end
+
+  def google_oauth2_enabled?
+    config = Gitlab::Auth::OAuth::Provider.config_for('google_oauth2')
+    if config.app_id.blank? || config.app_secret.blank?
+      access_denied! 'This GitLab instance not configured for Google Oauth2.'
+    end
+  end
+
+  def feature_flag_enabled?
+    access_denied! unless Feature.enabled?(:incubation_5mp_google_cloud)
   end
 end
diff --git a/app/models/namespaces/traversal/linear.rb b/app/models/namespaces/traversal/linear.rb
index d7130322ed1..1736fe82ca5 100644
--- a/app/models/namespaces/traversal/linear.rb
+++ b/app/models/namespaces/traversal/linear.rb
@@ -161,7 +161,7 @@ module Namespaces
       def lineage(top: nil, bottom: nil, hierarchy_order: nil)
         raise UnboundedSearch, 'Must bound search by either top or bottom' unless top || bottom
 
-        skope = self.class.without_sti_condition
+        skope = self.class
 
         if top
           skope = skope.where("traversal_ids @> ('{?}')", top.id)
@@ -181,7 +181,6 @@ module Namespaces
           # standard SELECT to avoid mismatched attribute errors when trying to
           # chain future ActiveRelation commands, and retain the ordering.
           skope = self.class
-            .without_sti_condition
             .from(skope, self.class.table_name)
             .select(skope.arel_table[Arel.star])
             .order(depth: hierarchy_order)
diff --git a/app/models/namespaces/traversal/linear_scopes.rb b/app/models/namespaces/traversal/linear_scopes.rb
index 67c67fc53ed..0a4216e043a 100644
--- a/app/models/namespaces/traversal/linear_scopes.rb
+++ b/app/models/namespaces/traversal/linear_scopes.rb
@@ -19,8 +19,7 @@ module Namespaces
           return super unless use_traversal_ids_for_ancestor_scopes?
 
           records = unscoped
-            .without_sti_condition
-            .where(id: without_sti_condition.select('unnest(traversal_ids)'))
+            .where(id: select('unnest(traversal_ids)'))
             .order_by_depth(hierarchy_order)
             .normal_select
 
@@ -60,16 +59,6 @@ module Namespaces
           end
         end
 
-        # Make sure we drop the STI `type = 'Group'` condition for better performance.
-        # Logically equivalent so long as hierarchies remain homogeneous.
-        def without_sti_condition
-          if Feature.enabled?(:include_sti_condition, default_enabled: :yaml)
-            all
-          else
-            unscope(where: :type)
-          end
-        end
-
         def order_by_depth(hierarchy_order)
           return all unless hierarchy_order
 
@@ -85,7 +74,7 @@ module Namespaces
         # When we have queries that break this SELECT * format we can run in to errors.
         # For example `SELECT DISTINCT on(...)` will fail when we chain a `.count` c
         def normal_select
-          unscoped.without_sti_condition.from(all, :namespaces)
+          unscoped.from(all, :namespaces)
         end
 
         private
@@ -108,7 +97,6 @@ module Namespaces
 
           namespaces = Arel::Table.new(:namespaces)
           records = unscoped
-            .without_sti_condition
             .with(cte.to_arel)
             .from([cte.table, namespaces])
 
@@ -136,7 +124,6 @@ module Namespaces
           base_ids = select(:id)
 
           records = unscoped
-            .without_sti_condition
             .from("namespaces, (#{base_ids.to_sql}) base")
             .where('namespaces.traversal_ids @> ARRAY[base.id]')
 
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb
index 87573c9ad13..2f86915ac9d 100644
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -439,7 +439,7 @@ class ProjectPolicy < BasePolicy
     enable :destroy_freeze_period
     enable :admin_feature_flags_client
     enable :update_runners_registration_token
-    enable :manage_project_google_cloud
+    enable :admin_project_google_cloud
   end
 
   rule { public_project & metrics_dashboard_allowed }.policy do
diff --git a/app/services/ci/external_pull_requests/create_pipeline_service.rb b/app/services/ci/external_pull_requests/create_pipeline_service.rb
index dd93ca4708e..66127c94d35 100644
--- a/app/services/ci/external_pull_requests/create_pipeline_service.rb
+++ b/app/services/ci/external_pull_requests/create_pipeline_service.rb
@@ -16,14 +16,9 @@ module Ci
       private
 
       def create_pipeline_for(pull_request)
-        if ::Feature.enabled?(:ci_create_external_pr_pipeline_async, project, default_enabled: :yaml)
-          Ci::ExternalPullRequests::CreatePipelineWorker.perform_async(
-            project.id, current_user.id, pull_request.id
-          )
-        else
-          Ci::CreatePipelineService.new(project, current_user, create_params(pull_request))
-            .execute(:external_pull_request_event, external_pull_request: pull_request)
-        end
+        Ci::ExternalPullRequests::CreatePipelineWorker.perform_async(
+          project.id, current_user.id, pull_request.id
+        )
       end
 
       def create_params(pull_request)
diff --git a/app/services/projects/container_repository/cache_tags_created_at_service.rb b/app/services/projects/container_repository/cache_tags_created_at_service.rb
deleted file mode 100644
index 3a5346d7a23..00000000000
--- a/app/services/projects/container_repository/cache_tags_created_at_service.rb
+++ /dev/null
@@ -1,70 +0,0 @@
-# frozen_string_literal: true
-
-module Projects
-  module ContainerRepository
-    class CacheTagsCreatedAtService
-      def initialize(container_repository)
-        @container_repository = container_repository
-        @cached_tag_names = Set.new
-      end
-
-      def populate(tags)
-        return if tags.empty?
-
-        # This will load all tags in one Redis roundtrip
-        # the maximum number of tags is configurable and is set to 200 by default.
-        # https://gitlab.com/gitlab-org/gitlab/blob/master/doc/user/packages/container_registry/index.md#set-cleanup-limits-to-conserve-resources
-        keys = tags.map(&method(:cache_key))
-        cached_tags_count = 0
-
-        ::Gitlab::Redis::Cache.with do |redis|
-          tags.zip(redis.mget(keys)).each do |tag, created_at|
-            next unless created_at
-
-            tag.created_at = DateTime.rfc3339(created_at)
-            @cached_tag_names << tag.name
-            cached_tags_count += 1
-          end
-        end
-
-        cached_tags_count
-      end
-
-      def insert(tags, max_ttl_in_seconds)
-        return unless max_ttl_in_seconds
-        return if tags.empty?
-
-        # tags with nil created_at are not cacheable
-        # tags already cached don't need to be cached again
-        cacheable_tags = tags.select do |tag|
-          tag.created_at.present? && !tag.name.in?(@cached_tag_names)
-        end
-
-        return if cacheable_tags.empty?
-
-        now = Time.zone.now
-
-        ::Gitlab::Redis::Cache.with do |redis|
-          # we use a pipeline instead of a MSET because each tag has
-          # a specific ttl
-          redis.pipelined do
-            cacheable_tags.each do |tag|
-              created_at = tag.created_at
-              # ttl is the max_ttl_in_seconds reduced by the number
-              # of seconds that the tag has already existed
-              ttl = max_ttl_in_seconds - (now - created_at).seconds
-              ttl = ttl.to_i
-              redis.set(cache_key(tag), created_at.rfc3339, ex: ttl) if ttl > 0
-            end
-          end
-        end
-      end
-
-      private
-
-      def cache_key(tag)
-        "container_repository:{#{@container_repository.id}}:tag:#{tag.name}:created_at"
-      end
-    end
-  end
-end
diff --git a/app/services/projects/container_repository/cleanup_tags_service.rb b/app/services/projects/container_repository/cleanup_tags_service.rb
index 3a60de0f1ee..b25205d2894 100644
--- a/app/services/projects/container_repository/cleanup_tags_service.rb
+++ b/app/services/projects/container_repository/cleanup_tags_service.rb
@@ -140,7 +140,7 @@ module Projects
 
       def cache
         strong_memoize(:cache) do
-          ::Projects::ContainerRepository::CacheTagsCreatedAtService.new(@container_repository)
+          ::Gitlab::ContainerRepository::Tags::Cache.new(@container_repository)
         end
       end
 
diff --git a/app/views/projects/google_cloud/index.html.haml b/app/views/projects/google_cloud/index.html.haml
index 4fc66e17810..72736327988 100644
--- a/app/views/projects/google_cloud/index.html.haml
+++ b/app/views/projects/google_cloud/index.html.haml
@@ -4,80 +4,3 @@
 - @content_class = "limit-container-width" unless fluid_layout
 
 #js-google-cloud
-
-  %h1.gl-font-size-h1 Google Cloud
-
-  %section#js-section-google-cloud-service-accounts
-
-    %h2.gl-font-size-h2 Service Accounts
-
-    %p= _('Service Accounts keys are required to authorize GitLab to deploy your Google Cloud project.')
-
-    %table.table.b-table.gl-table
-
-      %thead
-        %tr
-          %th Environment
-          %th GCP Project ID
-          %th Service Account Key
-
-      %tbody
-
-        %tr
-          %td *
-          %td serving-salutes-453
-          %td .....
-
-        %tr
-          %td production
-          %td crimson-corey-234
-          %td .....
-
-        %tr
-          %td review/*
-          %td roving-river-379
-          %td .....
-
-    %a.gl-button.btn.btn-primary= _('Add new service account')
-
-  %br
-
-  %section#js-section-google-cloud-deployments
-
-    .row.row-fluid
-
-      .col-lg-4
-        %h2.gl-font-size-h2 Deployments
-        %p= _('Google Cloud offers several deployment targets. Select the one most suitable for your project.')
-        %p
-          = _('Deployments to Google Kubernetes Engine can be ')
-          %a{ href: '#' }= _('managed')
-          = _('in Infrastructure :: Kubernetes clusters')
-
-      .col-lg-8
-
-        %br
-
-        .gl-card.gl-mb-6
-          .gl-card-body
-            .gl-display-flex.gl-align-items-baseline
-              %strong.gl-font-lg App Engine
-              .gl-ml-auto.gl-text-gray-500 Disabled
-            %p= _('App Engine description and apps that are suitable for this deployment target')
-            %button.gl-button.btn.btn-default= _('Configure via Merge Request')
-
-        .gl-card.gl-mb-6
-          .gl-card-body
-            .gl-display-flex.gl-align-items-baseline
-              %strong.gl-font-lg Cloud Functions
-              .gl-ml-auto.gl-text-gray-500 Disabled
-            %p= _('Cloud Functions description and apps that are suitable for this deployment target')
-            %button.gl-button.btn.btn-default= _('Configure via Merge Request')
-
-        .gl-card.gl-mb-6
-          .gl-card-body
-            .gl-display-flex.gl-align-items-baseline
-              %strong.gl-font-lg Cloud Run
-              .gl-ml-auto.gl-text-gray-500 Disabled
-            %p= _('Cloud Run description and apps that are suitable for this deployment target')
-            %button.gl-button.btn.btn-default= _('Configure via Merge Request')