Move all EE configuration differences to separate modules
EE specific code that resides in config/
should be moved into ee/config
where possible. In certain instances we may need to instead somehow inject the settings, similar to injecting modules as done in the Ruby backend code.
Differences
config/gitlab.yml.example
diff --git a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/gitlab.yml.example b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/gitlab.yml.example
index be23166cb7b..cec06ada1d6 100644
--- a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/gitlab.yml.example
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/gitlab.yml.example
@@ -229,7 +229,24 @@ production: &base
## Packages (maven repository so far)
packages:
- enabled: false
+ enabled: true
+ # The location where build packages are stored (default: shared/packages).
+ # storage_path: shared/packages
+ object_store:
+ enabled: false
+ remote_directory: packages # The bucket name
+ # direct_upload: false # Use Object Storage directly for uploads instead of background uploads if enabled (Default: false)
+ # background_upload: false # Temporary option to limit automatic upload (Default: true)
+ # proxy_download: false # Passthrough all downloads via GitLab instead of using Redirects to Object Storage
+ connection:
+ provider: AWS
+ aws_access_key_id: AWS_ACCESS_KEY_ID
+ aws_secret_access_key: AWS_SECRET_ACCESS_KEY
+ region: us-east-1
+ # host: 'localhost' # default: s3.amazonaws.com
+ # endpoint: 'http://127.0.0.1:9000' # default: nil
+ # aws_signature_version: 4 # For creation of signed URLs. Set to 2 if provider does not support v4.
+ # path_style: true # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
## GitLab Pages
pages:
@@ -301,6 +318,53 @@ production: &base
pages_domain_verification_cron_worker:
cron: "*/15 * * * *"
+ ##
+ # GitLab EE only jobs:
+
+ # Snapshot active users statistics
+ historical_data_worker:
+ cron: "0 12 * * *"
+
+ # In addition to refreshing users when they log in,
+ # periodically refresh LDAP users membership.
+ # NOTE: This will only take effect if LDAP is enabled
+ ldap_sync_worker:
+ cron: "30 1 * * *"
+
+ # Periodically refresh LDAP groups membership.
+ # NOTE: This will only take effect if LDAP is enabled
+ ldap_group_sync_worker:
+ cron: "0 * * * *"
+
+ # GitLab Geo metrics update worker
+ # NOTE: This will only take effect if Geo is enabled
+ geo_metrics_update_worker:
+ cron: "*/1 * * * *"
+
+ # GitLab Geo prune event log worker
+ # NOTE: This will only take effect if Geo is enabled (primary node only)
+ geo_prune_event_log_worker:
+ cron: "*/5 * * * *"
+
+ # GitLab Geo repository sync worker
+ # NOTE: This will only take effect if Geo is enabled (secondary nodes only)
+ geo_repository_sync_worker:
+ cron: "*/1 * * * *"
+
+ # GitLab Geo file download dispatch worker
+ # NOTE: This will only take effect if Geo is enabled (secondary nodes only)
+ geo_file_download_dispatch_worker:
+ cron: "*/1 * * * *"
+
+ # GitLab Geo migrated local files clean up worker
+ # NOTE: This will only take effect if Geo is enabled (secondary nodes only)
+ geo_migrated_local_files_clean_up_worker:
+ cron: "15 */6 * * *"
+
+ # Export pseudonymized data in CSV format for analysis
+ pseudonymizer_worker:
+ cron: "0 * * * *"
+
registry:
# enabled: true
# host: registry.example.com
@@ -336,6 +400,19 @@ production: &base
# bundle exec rake gitlab:ldap:check RAILS_ENV=production
ldap:
enabled: false
+
+ # This setting controls the number of seconds between LDAP permission checks
+ # for each user. After this time has expired for a given user, their next
+ # interaction with GitLab (a click in the web UI, a git pull, etc.) will be
+ # slower because the LDAP permission check is being performed. How much
+ # slower depends on your LDAP setup, but it is not uncommon for this check
+ # to add seconds of waiting time. The default value is to have a "slow
+ # click" once every 3600 seconds (i.e., once per hour).
+ #
+ # Warning: if you set this value too low, every click in GitLab will be a
+ # "slow click" for all of your LDAP users.
+ # sync_time: 3600
+
servers:
##########################################################################
#
@@ -398,6 +475,10 @@ production: &base
# A value of 0 means there is no timeout.
timeout: 10
+ # Enable smartcard authentication against the LDAP server. Valid values
+ # are "false", "optional", and "required".
+ smartcard_auth: false
+
# This setting specifies if LDAP server is Active Directory LDAP server.
# For non AD servers it skips the AD specific queries.
# If your LDAP server is not AD, set this to false.
@@ -437,6 +518,31 @@ production: &base
#
user_filter: ''
+ # Base where we can search for groups
+ #
+ # Ex. ou=Groups,dc=gitlab,dc=example
+ #
+ group_base: ''
+
+ # LDAP group of users who should be admins in GitLab
+ #
+ # Ex. GLAdmins
+ #
+ admin_group: ''
+
+ # LDAP group of users who should be marked as external users in GitLab
+ #
+ # Ex. ['Contractors', 'Interns']
+ #
+ external_groups: []
+
+ # Name of attribute which holds a ssh public key of the user object.
+ # If false or nil, SSH key syncronisation will be disabled.
+ #
+ # Ex. sshpublickey
+ #
+ sync_ssh_keys: false
+
# LDAP attributes that GitLab will use to create an account for the LDAP user.
# The specified attribute can either be the attribute name as a string (e.g. 'mail'),
# or an array of attribute names to try in order (e.g. ['mail', 'email']).
@@ -468,6 +574,38 @@ production: &base
# host:
# ....
+ ## Smartcard authentication settings
+ smartcard:
+ # Allow smartcard authentication
+ enabled: false
+
+ # Path to a file containing a CA certificate
+ ca_file: '/etc/ssl/certs/CA.pem'
+
+ # Port where the client side certificate is requested by the webserver (NGINX/Apache)
+ # client_certificate_required_port: 3444
+
+ ## Kerberos settings
+ kerberos:
+ # Allow the HTTP Negotiate authentication method for Git clients
+ enabled: false
+
+ # Kerberos 5 keytab file. The keytab file must be readable by the GitLab user,
+ # and should be different from other keytabs in the system.
+ # (default: use default keytab from Krb5 config)
+ # keytab: /etc/http.keytab
+
+ # The Kerberos service name to be used by GitLab.
+ # (default: accept any service name in keytab file)
+ # service_principal_name: HTTP/gitlab.example.com@EXAMPLE.COM
+
+ # Dedicated port: Git before 2.4 does not fall back to Basic authentication if Negotiate fails.
+ # To support both Basic and Negotiate methods with older versions of Git, configure
+ # nginx to proxy GitLab on an extra port (e.g. 8443) and uncomment the following lines
+ # to dedicate this port to Kerberos authentication. (default: false)
+ # use_dedicated_port: true
+ # port: 8443
+ # https: true
## OmniAuth settings
omniauth:
@@ -587,6 +725,8 @@ production: &base
# name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
# } }
#
+ # - { name: 'group_saml' }
+ #
# - { name: 'crowd',
# args: {
# crowd_server_url: 'CROWD SERVER URL',
@@ -659,6 +799,20 @@ production: &base
# # Specifies Amazon S3 storage class to use for backups, this is optional
# # storage_class: 'STANDARD'
+ ## Pseudonymizer exporter
+ pseudonymizer:
+ # Tables manifest that specifies the fields to extract and pseudonymize.
+ manifest: config/pseudonymizer.yml
+ upload:
+ remote_directory: 'gitlab-elt'
+ # Fog storage connection settings, see http://fog.io/storage/ .
+ connection:
+ # provider: AWS
+ # region: eu-west-1
+ # aws_access_key_id: AKIAKIAKI
+ # aws_secret_access_key: 'secret123'
+ # # The remote 'directory' to store the CSV files. For S3, this would be the bucket name.
+
## GitLab Shell settings
gitlab_shell:
path: /home/git/gitlab-shell/
@@ -818,6 +972,17 @@ test:
token: secret
backup:
path: tmp/tests/backups
+ pseudonymizer:
+ manifest: config/pseudonymizer.yml
+ upload:
+ # The remote 'directory' to store the CSV files. For S3, this would be the bucket name.
+ remote_directory: gitlab-elt.test
+ # Fog storage connection settings, see http://fog.io/storage/
+ connection:
+ provider: AWS # Only AWS supported at the moment
+ aws_access_key_id: AWS_ACCESS_KEY_ID
+ aws_secret_access_key: AWS_SECRET_ACCESS_KEY
+ region: us-east-1
gitlab_shell:
path: tmp/tests/gitlab-shell/
hooks_path: tmp/tests/gitlab-shell/hooks/
@@ -838,6 +1003,7 @@ test:
external_providers: []
providers:
+ - { name: 'group_saml' }
- { name: 'cas3',
label: 'cas3',
args: { url: 'https://sso.example.com',
config/prometheus/common_metrics.yml
diff --git a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/prometheus/common_metrics.yml b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/prometheus/common_metrics.yml
index 9bdaf1575e9..b9a1d169d0c 100644
--- a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/prometheus/common_metrics.yml
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/prometheus/common_metrics.yml
@@ -217,14 +217,14 @@
query_range: 'avg(sum(rate(container_cpu_usage_seconds_total{container_name!="POD",pod_name=~"^%{ci_environment_slug}-(.*)",namespace="%{kube_namespace}"}[15m])) by (job)) without (job)'
label: Total
unit: "cores"
- - title: "Memory Usage (Pod average)"
+ - title: "Memory Usage (Pod Average)"
y_label: "Memory Used per Pod"
required_metrics:
- container_memory_usage_bytes
weight: 2
queries:
- id: system_metrics_kubernetes_container_memory_average
- query_range: 'avg(sum(container_memory_usage_bytes{container_name!="POD",pod_name=~"^%{ci_environment_slug}-(.*)",namespace="%{kube_namespace}"}) by (job)) without (job) / count(avg(container_memory_usage_bytes{container_name!="POD",pod_name=~"^%{ci_environment_slug}-(.*)",namespace="%{kube_namespace}"}) without (job)) /1024/1024'
+ query_range: 'avg(sum(container_memory_usage_bytes{container_name!="POD",pod_name=~"^%{ci_environment_slug}-([^c].*|c([^a]|a([^n]|n([^a]|a([^r]|r[^y])))).*|)-(.*)",namespace="%{kube_namespace}"}) by (job)) without (job) / count(avg(container_memory_usage_bytes{container_name!="POD",pod_name=~"^%{ci_environment_slug}-([^c].*|c([^a]|a([^n]|n([^a]|a([^r]|r[^y])))).*|)-(.*)",namespace="%{kube_namespace}"}) without (job)) /1024/1024'
label: Pod average
unit: MB
- title: "Canary: Memory Usage (Pod Average)"
@@ -245,7 +245,7 @@
weight: 1
queries:
- id: system_metrics_kubernetes_container_core_usage
- query_range: 'avg(sum(rate(container_cpu_usage_seconds_total{container_name!="POD",pod_name=~"^%{ci_environment_slug}-(.*)",namespace="%{kube_namespace}"}[15m])) by (job)) without (job) / count(sum(rate(container_cpu_usage_seconds_total{container_name!="POD",pod_name=~"^%{ci_environment_slug}-(.*)",namespace="%{kube_namespace}"}[15m])) by (pod_name))'
+ query_range: 'avg(sum(rate(container_cpu_usage_seconds_total{container_name!="POD",pod_name=~"^%{ci_environment_slug}-([^c].*|c([^a]|a([^n]|n([^a]|a([^r]|r[^y])))).*|)-(.*)",namespace="%{kube_namespace}"}[15m])) by (job)) without (job) / count(sum(rate(container_cpu_usage_seconds_total{container_name!="POD",pod_name=~"^%{ci_environment_slug}-([^c].*|c([^a]|a([^n]|n([^a]|a([^r]|r[^y])))).*|)-(.*)",namespace="%{kube_namespace}"}[15m])) by (pod_name))'
label: Pod average
unit: "cores"
- title: "Canary: Core Usage (Pod Average)"
config/database.yml.postgresql
diff --git a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/database.yml.postgresql b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/database.yml.postgresql
index baded682e46..5b3b35c9226 100644
--- a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/database.yml.postgresql
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/database.yml.postgresql
@@ -9,6 +9,15 @@ production:
username: git
password: "secure password"
host: localhost
+ # load_balancing:
+ # hosts:
+ # - host1.example.com
+ # - host2.example.com
+ # discover:
+ # nameserver: 1.2.3.4
+ # port: 8600
+ # record: secondary.postgresql.service.consul
+ # interval: 300
#
# Development specific
config/webpack.config.js
diff --git a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/webpack.config.js b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/webpack.config.js
index fdf179b007a..08328ea8b74 100644
--- a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/webpack.config.js
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/webpack.config.js
@@ -44,6 +44,13 @@ function generateEntries() {
pageEntries.forEach(path => generateAutoEntries(path));
+ // EE-specific auto entries
+ const eePageEntries = glob.sync('pages/**/index.js', {
+ cwd: path.join(ROOT_PATH, 'ee/app/assets/javascripts'),
+ });
+ eePageEntries.forEach(path => generateAutoEntries(path, 'ee'));
+ watchAutoEntries.push(path.join(ROOT_PATH, 'ee/app/assets/javascripts/pages/'));
+
const autoEntryKeys = Object.keys(autoEntriesMap);
autoEntriesCount = autoEntryKeys.length;
@@ -95,8 +102,16 @@ module.exports = {
vue$: 'vue/dist/vue.esm.js',
spec: path.join(ROOT_PATH, 'spec/javascripts'),
+ // EE-only start
+ ee: path.join(ROOT_PATH, 'ee/app/assets/javascripts'),
+ ee_empty_states: path.join(ROOT_PATH, 'ee/app/views/shared/empty_states'),
+ ee_icons: path.join(ROOT_PATH, 'ee/app/views/shared/icons'),
+ ee_images: path.join(ROOT_PATH, 'ee/app/assets/images'),
+ ee_spec: path.join(ROOT_PATH, 'ee/spec/javascripts'),
+ // EE-only end
+
// the following resolves files which are different between CE and EE
- ee_else_ce: path.join(ROOT_PATH, 'app/assets/javascripts'),
+ ee_else_ce: path.join(ROOT_PATH, 'ee/app/assets/javascripts'),
},
},
config/routes.rb
diff --git a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/routes.rb b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/routes.rb
index 484e05114be..7f49cb570f1 100644
--- a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/routes.rb
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/routes.rb
@@ -27,10 +27,13 @@ Rails.application.routes.draw do
authorizations: 'oauth/authorizations'
end
- # This is here so we can "reserve" the path for the Jira integration in GitLab EE
- # Having a non-existent controller here does not affect the scope in any way since all possible routes
- # get a 404 proc returned. It is written in this way to minimize merge conflicts with EE
+ # This prefixless path is required because Jira gets confused if we set it up with a path
+ # More information: https://gitlab.com/gitlab-org/gitlab-ee/issues/6752
scope path: '/login/oauth', controller: 'oauth/jira/authorizations', as: :oauth_jira do
+ get :authorize, action: :new
+ get :callback
+ post :access_token
+ # This helps minimize merge conflicts with CE for this scope block
match '*all', via: [:get, :post], to: proc { [404, {}, ['']] }
end
@@ -43,6 +46,7 @@ Rails.application.routes.draw do
get '/autocomplete/users/:id' => 'autocomplete#user'
get '/autocomplete/projects' => 'autocomplete#projects'
get '/autocomplete/award_emojis' => 'autocomplete#award_emojis'
+ get '/autocomplete/project_groups' => 'autocomplete#project_groups'
# Search
get 'search' => 'search#show'
@@ -72,6 +76,9 @@ Rails.application.routes.draw do
end
resources :issues, module: :boards, only: [:index, :update]
+
+ resources :users, module: :boards, only: [:index]
+ resources :milestones, module: :boards, only: [:index]
end
# UserCallouts
@@ -82,6 +89,7 @@ Rails.application.routes.draw do
draw :operations
draw :instance_statistics
+ draw :smartcard
if ENV['GITLAB_ENABLE_CHAOS_ENDPOINTS']
get '/chaos/leakmem' => 'chaos#leakmem'
@@ -99,6 +107,9 @@ Rails.application.routes.draw do
end
member do
+ # EE specific
+ get :metrics, format: :json
+
scope :applications do
post '/:application', to: 'clusters/applications#create', as: :install_applications
end
config/settings.rb
diff --git a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/settings.rb b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/settings.rb
index 1b94df785a7..3f3ea16c0fb 100644
--- a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/settings.rb
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/settings.rb
@@ -56,6 +56,31 @@ class Settings < Settingslogic
(base_url(gitlab) + [gitlab.relative_url_root]).join('')
end
+ def kerberos_protocol
+ kerberos.https ? "https" : "http"
+ end
+
+ def kerberos_port
+ kerberos.use_dedicated_port ? kerberos.port : gitlab.port
+ end
+
+ # Curl expects username/password for authentication. However when using GSS-Negotiate not credentials should be needed.
+ # By inserting in the Kerberos dedicated URL ":@", we give to curl an empty username and password and GSS auth goes ahead
+ # Known bug reported in http://sourceforge.net/p/curl/bugs/440/ and http://curl.haxx.se/docs/knownbugs.html
+ def build_gitlab_kerberos_url
+ [
+ kerberos_protocol,
+ "://:@",
+ gitlab.host,
+ ":#{kerberos_port}",
+ gitlab.relative_url_root
+ ].join('')
+ end
+
+ def alternative_gitlab_kerberos_url?
+ kerberos.enabled && (build_gitlab_kerberos_url != build_gitlab_url)
+ end
+
# check that values in `current` (string or integer) is a contant in `modul`.
def verify_constant_array(modul, current, default)
values = default || []
config/initializers/sidekiq.rb
diff --git a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/initializers/sidekiq.rb b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/initializers/sidekiq.rb
index be4183f39be..d2b95a91014 100644
--- a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/initializers/sidekiq.rb
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/initializers/sidekiq.rb
@@ -62,6 +62,10 @@ Sidekiq.configure_server do |config|
end
Sidekiq::Cron::Job.load_from_hash! cron_jobs
+ Gitlab::Mirror.configure_cron_job!
+
+ Gitlab::Geo.configure_cron_jobs!
+
Gitlab::SidekiqVersioning.install!
db_config = Gitlab::Database.config ||
@@ -70,6 +74,14 @@ Sidekiq.configure_server do |config|
ActiveRecord::Base.establish_connection(db_config)
Rails.logger.debug("Connection Pool size for Sidekiq Server is now: #{ActiveRecord::Base.connection.pool.instance_variable_get('@size')}")
+ # EE only
+ if Gitlab::Geo.geo_database_configured?
+ Rails.configuration.geo_database['pool'] = Sidekiq.options[:concurrency]
+ Geo::TrackingBase.establish_connection(Rails.configuration.geo_database)
+
+ Rails.logger.debug("Connection Pool size for Sidekiq Server is now: #{Geo::TrackingBase.connection_pool.size} (Geo tracking database)")
+ end
+
# Avoid autoload issue such as 'Mail::Parsers::AddressStruct'
# https://github.com/mikel/mail/issues/912#issuecomment-214850355
Mail.eager_autoload!
config/initializers/0_inflections.rb
diff --git a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/initializers/0_inflections.rb b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/initializers/0_inflections.rb
index 1ad9ddca877..fe2b857799b 100644
--- a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/initializers/0_inflections.rb
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/initializers/0_inflections.rb
@@ -14,6 +14,13 @@ ActiveSupport::Inflector.inflections do |inflect|
award_emoji
project_statistics
system_note_metadata
+ event_log
project_auto_devops
+ project_registry
+ file_registry
+ job_artifact_registry
+ vulnerability_feedback
+ vulnerabilities_feedback
)
+ inflect.acronym 'EE'
end
config/initializers/console_message.rb
diff --git a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/initializers/console_message.rb b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/initializers/console_message.rb
index f7c26732e6d..55d8e39dc9b 100644
--- a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/initializers/console_message.rb
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/initializers/console_message.rb
@@ -6,5 +6,14 @@ if defined?(Rails::Console)
puts " GitLab:".ljust(justify) + "#{Gitlab::VERSION} (#{Gitlab.revision})"
puts " GitLab Shell:".ljust(justify) + "#{Gitlab::VersionInfo.parse(Gitlab::Shell.new.version)}"
puts " #{Gitlab::Database.adapter_name}:".ljust(justify) + Gitlab::Database.version
+
+ # EE-specific start
+ if Gitlab::Geo.enabled?
+ puts " Geo enabled:".ljust(justify) + 'yes'
+ puts " Geo server:".ljust(justify) + EE::GeoHelper.current_node_human_status
+ end
+
+ # EE specific end
+
puts "-------------------------------------------------------------------------------------"
end
config/initializers/zz_metrics.rb
diff --git a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/initializers/zz_metrics.rb b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/initializers/zz_metrics.rb
index 151cad3ef9a..16509264913 100644
--- a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/initializers/zz_metrics.rb
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/initializers/zz_metrics.rb
@@ -6,6 +6,7 @@
# that we can stub it for testing, as it is only called when metrics are
# enabled.
#
+# rubocop:disable Metrics/AbcSize
def instrument_classes(instrumentation)
instrumentation.instrument_instance_methods(Gitlab::Shell)
@@ -87,12 +88,40 @@ def instrument_classes(instrumentation)
instrumentation.instrument_methods(Gitlab::Highlight)
instrumentation.instrument_instance_methods(Gitlab::Highlight)
+ instrumentation.instrument_methods(Elasticsearch::Git::Repository)
+ instrumentation.instrument_instance_methods(Elasticsearch::Git::Repository)
+
+ instrumentation.instrument_instance_methods(Search::GlobalService)
+ instrumentation.instrument_instance_methods(Search::ProjectService)
+
+ instrumentation.instrument_instance_methods(Gitlab::Elastic::SearchResults)
+ instrumentation.instrument_instance_methods(Gitlab::Elastic::ProjectSearchResults)
+ instrumentation.instrument_instance_methods(Gitlab::Elastic::Indexer)
+ instrumentation.instrument_instance_methods(Gitlab::Elastic::SnippetSearchResults)
+ instrumentation.instrument_methods(Gitlab::Elastic::Helper)
+
+ instrumentation.instrument_instance_methods(Elastic::ApplicationSearch)
+ instrumentation.instrument_instance_methods(Elastic::IssuesSearch)
+ instrumentation.instrument_instance_methods(Elastic::MergeRequestsSearch)
+ instrumentation.instrument_instance_methods(Elastic::MilestonesSearch)
+ instrumentation.instrument_instance_methods(Elastic::NotesSearch)
+ instrumentation.instrument_instance_methods(Elastic::ProjectsSearch)
+ instrumentation.instrument_instance_methods(Elastic::RepositoriesSearch)
+ instrumentation.instrument_instance_methods(Elastic::SnippetsSearch)
+ instrumentation.instrument_instance_methods(Elastic::WikiRepositoriesSearch)
+
+ instrumentation.instrument_instance_methods(Gitlab::BitbucketImport::Importer)
+ instrumentation.instrument_instance_methods(Bitbucket::Connection)
+
+ instrumentation.instrument_instance_methods(Geo::RepositorySyncWorker)
+
# This is a Rails scope so we have to instrument it manually.
instrumentation.instrument_method(Project, :visible_to_user)
# Needed for https://gitlab.com/gitlab-org/gitlab-ce/issues/30224#note_32306159
instrumentation.instrument_instance_method(MergeRequestDiff, :load_commits)
end
+# rubocop:enable Metrics/AbcSize
# With prometheus enabled by default this breaks all specs
# that stubs methods using `any_instance_of` for the models reloaded here.
config/initializers/1_settings.rb
diff --git a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/initializers/1_settings.rb b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/initializers/1_settings.rb
index dfcf1e648b4..02cd2f849a8 100644
--- a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/initializers/1_settings.rb
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/initializers/1_settings.rb
@@ -4,6 +4,10 @@ require_relative '../object_store_settings'
# Default settings
Settings['ldap'] ||= Settingslogic.new({})
Settings.ldap['enabled'] = false if Settings.ldap['enabled'].nil?
+Settings.ldap['sync_time'] = 3600 if Settings.ldap['sync_time'].nil?
+Settings.ldap['schedule_sync_daily'] = 1 if Settings.ldap['schedule_sync_daily'].nil?
+Settings.ldap['schedule_sync_hour'] = 1 if Settings.ldap['schedule_sync_hour'].nil?
+Settings.ldap['schedule_sync_minute'] = 30 if Settings.ldap['schedule_sync_minute'].nil?
# backwards compatibility, we only have one host
if Settings.ldap['enabled'] || Rails.env.test?
@@ -23,11 +27,14 @@ if Settings.ldap['enabled'] || Rails.env.test?
server['timeout'] ||= 10.seconds
server['block_auto_created_users'] = false if server['block_auto_created_users'].nil?
server['allow_username_or_email_login'] = false if server['allow_username_or_email_login'].nil?
+ server['smartcard_auth'] = false unless %w[optional required].include?(server['smartcard_auth'])
server['active_directory'] = true if server['active_directory'].nil?
server['attributes'] = {} if server['attributes'].nil?
server['lowercase_usernames'] = false if server['lowercase_usernames'].nil?
server['provider_name'] ||= "ldap#{key}".downcase
server['provider_class'] = OmniAuth::Utils.camelize(server['provider_name'])
+ server['external_groups'] = [] if server['external_groups'].nil?
+ server['sync_ssh_keys'] = 'sshPublicKey' if server['sync_ssh_keys'].to_s == 'true'
# For backwards compatibility
server['encryption'] ||= server['method']
@@ -44,6 +51,10 @@ if Settings.ldap['enabled'] || Rails.env.test?
end
end
+Settings['smartcard'] ||= Settingslogic.new({})
+Settings.smartcard['enabled'] = false if Settings.smartcard['enabled'].nil?
+Settings.smartcard['client_certificate_required_port'] = 3444 if Settings.smartcard['client_certificate_required_port'].nil?
+
Settings['omniauth'] ||= Settingslogic.new({})
Settings.omniauth['enabled'] = true if Settings.omniauth['enabled'].nil?
Settings.omniauth['auto_sign_in_with_provider'] = false if Settings.omniauth['auto_sign_in_with_provider'].nil?
@@ -108,6 +119,7 @@ Settings['issues_tracker'] ||= {}
# GitLab
#
Settings['gitlab'] ||= Settingslogic.new({})
+Settings.gitlab['default_project_creation'] ||= ::EE::Gitlab::Access::DEVELOPER_MAINTAINER_PROJECT_ACCESS
Settings.gitlab['default_projects_limit'] ||= 100000
Settings.gitlab['default_branch_protection'] ||= 2
Settings.gitlab['default_can_create_group'] = true if Settings.gitlab['default_can_create_group'].nil?
@@ -142,6 +154,9 @@ Settings.gitlab['webhook_timeout'] ||= 10
Settings.gitlab['max_attachment_size'] ||= 10
Settings.gitlab['session_expire_delay'] ||= 10080
Settings.gitlab['unauthenticated_session_expire_delay'] ||= 2.hours.to_i
+Settings.gitlab['mirror_max_delay'] ||= 300
+Settings.gitlab['mirror_max_capacity'] ||= 30
+Settings.gitlab['mirror_capacity_threshold'] ||= 15
Settings.gitlab.default_projects_features['issues'] = true if Settings.gitlab.default_projects_features['issues'].nil?
Settings.gitlab.default_projects_features['merge_requests'] = true if Settings.gitlab.default_projects_features['merge_requests'].nil?
Settings.gitlab.default_projects_features['wiki'] = true if Settings.gitlab.default_projects_features['wiki'].nil?
@@ -156,6 +171,13 @@ Settings.gitlab['no_todos_messages'] ||= YAML.load_file(Rails.root.join('config'
Settings.gitlab['impersonation_enabled'] ||= true if Settings.gitlab['impersonation_enabled'].nil?
Settings.gitlab['usage_ping_enabled'] = true if Settings.gitlab['usage_ping_enabled'].nil?
+#
+# Elasticseacrh
+#
+Settings['elasticsearch'] ||= Settingslogic.new({})
+Settings.elasticsearch['enabled'] = false if Settings.elasticsearch['enabled'].nil?
+Settings.elasticsearch['url'] = ENV['ELASTIC_URL'] || "http://localhost:9200"
+
#
# CI
#
@@ -215,6 +237,11 @@ Settings.pages['artifacts_server'] ||= Settings.pages['enabled'] if Settings.pa
Settings.pages['admin'] ||= Settingslogic.new({})
Settings.pages.admin['certificate'] ||= ''
+#
+# Geo
+#
+Settings.gitlab['geo_status_timeout'] ||= 10
+
#
# External merge request diffs
#
@@ -240,6 +267,14 @@ Settings.uploads['base_dir'] = Settings.uploads['base_dir'] || 'uploads/-/system
Settings.uploads['object_store'] = ObjectStoreSettings.parse(Settings.uploads['object_store'])
Settings.uploads['object_store']['remote_directory'] ||= 'uploads'
+#
+# Packages
+#
+Settings['packages'] ||= Settingslogic.new({})
+Settings.packages['enabled'] = true if Settings.packages['enabled'].nil?
+Settings.packages['storage_path'] = Settings.absolute(Settings.packages['storage_path'] || File.join(Settings.shared['path'], "packages"))
+Settings.packages['object_store'] = ObjectStoreSettings.parse(Settings.packages['object_store'])
+
#
# Mattermost
#
@@ -278,6 +313,36 @@ Settings.cron_jobs['admin_email_worker']['job_class'] = 'AdminEmailWorker'
Settings.cron_jobs['repository_archive_cache_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['repository_archive_cache_worker']['cron'] ||= '0 * * * *'
Settings.cron_jobs['repository_archive_cache_worker']['job_class'] = 'RepositoryArchiveCacheWorker'
+Settings.cron_jobs['historical_data_worker'] ||= Settingslogic.new({})
+Settings.cron_jobs['historical_data_worker']['cron'] ||= '0 12 * * *'
+Settings.cron_jobs['historical_data_worker']['job_class'] = 'HistoricalDataWorker'
+Settings.cron_jobs['ldap_sync_worker'] ||= Settingslogic.new({})
+Settings.cron_jobs['ldap_sync_worker']['cron'] ||= '30 1 * * *'
+Settings.cron_jobs['ldap_sync_worker']['job_class'] = 'LdapSyncWorker'
+Settings.cron_jobs['ldap_group_sync_worker'] ||= Settingslogic.new({})
+Settings.cron_jobs['ldap_group_sync_worker']['cron'] ||= '0 * * * *'
+Settings.cron_jobs['ldap_group_sync_worker']['job_class'] = 'LdapAllGroupsSyncWorker'
+Settings.cron_jobs['geo_metrics_update_worker'] ||= Settingslogic.new({})
+Settings.cron_jobs['geo_metrics_update_worker']['cron'] ||= '*/1 * * * *'
+Settings.cron_jobs['geo_metrics_update_worker']['job_class'] ||= 'Geo::MetricsUpdateWorker'
+Settings.cron_jobs['geo_repository_sync_worker'] ||= Settingslogic.new({})
+Settings.cron_jobs['geo_repository_sync_worker']['cron'] ||= '*/1 * * * *'
+Settings.cron_jobs['geo_repository_sync_worker']['job_class'] ||= 'Geo::RepositorySyncWorker'
+Settings.cron_jobs['geo_file_download_dispatch_worker'] ||= Settingslogic.new({})
+Settings.cron_jobs['geo_file_download_dispatch_worker']['cron'] ||= '*/1 * * * *'
+Settings.cron_jobs['geo_file_download_dispatch_worker']['job_class'] ||= 'Geo::FileDownloadDispatchWorker'
+Settings.cron_jobs['geo_prune_event_log_worker'] ||= Settingslogic.new({})
+Settings.cron_jobs['geo_prune_event_log_worker']['cron'] ||= '*/5 * * * *'
+Settings.cron_jobs['geo_prune_event_log_worker']['job_class'] ||= 'Geo::PruneEventLogWorker'
+Settings.cron_jobs['geo_repository_verification_primary_batch_worker'] ||= Settingslogic.new({})
+Settings.cron_jobs['geo_repository_verification_primary_batch_worker']['cron'] ||= '*/1 * * * *'
+Settings.cron_jobs['geo_repository_verification_primary_batch_worker']['job_class'] ||= 'Geo::RepositoryVerification::Primary::BatchWorker'
+Settings.cron_jobs['geo_repository_verification_secondary_scheduler_worker'] ||= Settingslogic.new({})
+Settings.cron_jobs['geo_repository_verification_secondary_scheduler_worker']['cron'] ||= '*/1 * * * *'
+Settings.cron_jobs['geo_repository_verification_secondary_scheduler_worker']['job_class'] ||= 'Geo::RepositoryVerification::Secondary::SchedulerWorker'
+Settings.cron_jobs['geo_migrated_local_files_clean_up_worker'] ||= Settingslogic.new({})
+Settings.cron_jobs['geo_migrated_local_files_clean_up_worker']['cron'] ||= '15 */6 * * *'
+Settings.cron_jobs['geo_migrated_local_files_clean_up_worker']['job_class'] ||= 'Geo::MigratedLocalFilesCleanUpWorker'
Settings.cron_jobs['import_export_project_cleanup_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['import_export_project_cleanup_worker']['cron'] ||= '0 * * * *'
Settings.cron_jobs['import_export_project_cleanup_worker']['job_class'] = 'ImportExportProjectCleanupWorker'
@@ -310,6 +375,14 @@ Settings.cron_jobs['gitlab_usage_ping_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['gitlab_usage_ping_worker']['cron'] ||= Settings.__send__(:cron_for_usage_ping)
Settings.cron_jobs['gitlab_usage_ping_worker']['job_class'] = 'GitlabUsagePingWorker'
+Settings.cron_jobs['pseudonymizer_worker'] ||= Settingslogic.new({})
+Settings.cron_jobs['pseudonymizer_worker']['cron'] ||= '0 23 * * *'
+Settings.cron_jobs['pseudonymizer_worker']['job_class'] ||= 'PseudonymizerWorker'
+
+Settings.cron_jobs['clear_shared_runners_minutes_worker'] ||= Settingslogic.new({})
+Settings.cron_jobs['clear_shared_runners_minutes_worker']['cron'] ||= '0 0 1 * *'
+Settings.cron_jobs['clear_shared_runners_minutes_worker']['job_class'] = 'ClearSharedRunnersMinutesWorker'
+
Settings.cron_jobs['stuck_merge_jobs_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['stuck_merge_jobs_worker']['cron'] ||= '0 */2 * * *'
Settings.cron_jobs['stuck_merge_jobs_worker']['job_class'] = 'StuckMergeJobsWorker'
@@ -326,6 +399,10 @@ Settings.cron_jobs['prune_web_hook_logs_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['prune_web_hook_logs_worker']['cron'] ||= '0 */1 * * *'
Settings.cron_jobs['prune_web_hook_logs_worker']['job_class'] = 'PruneWebHookLogsWorker'
+Settings.cron_jobs['update_max_seats_used_for_gitlab_com_subscriptions_worker'] ||= Settingslogic.new({})
+Settings.cron_jobs['update_max_seats_used_for_gitlab_com_subscriptions_worker']['cron'] ||= '0 12 * * *'
+Settings.cron_jobs['update_max_seats_used_for_gitlab_com_subscriptions_worker']['job_class'] = 'UpdateMaxSeatsUsedForGitlabComSubscriptionsWorker'
+
#
# Sidekiq
#
@@ -403,6 +480,14 @@ Settings.backup['upload']['encryption'] ||= nil
Settings.backup['upload']['encryption_key'] ||= ENV['GITLAB_BACKUP_ENCRYPTION_KEY']
Settings.backup['upload']['storage_class'] ||= nil
+#
+# Pseudonymizer
+#
+Settings['pseudonymizer'] ||= Settingslogic.new({})
+Settings.pseudonymizer['manifest'] = Settings.absolute(Settings.pseudonymizer['manifest'] || Rails.root.join("config/pseudonymizer.yml"))
+Settings.pseudonymizer['upload'] ||= Settingslogic.new({ 'remote_directory' => nil, 'connection' => nil })
+# Settings.pseudonymizer['upload']['multipart_chunk_size'] ||= 104857600
+
#
# Git
#
@@ -415,6 +500,21 @@ Settings.git['bin_path'] ||= '/usr/bin/git'
Settings['satellites'] ||= Settingslogic.new({})
Settings.satellites['path'] = Settings.absolute(Settings.satellites['path'] || "tmp/repo_satellites/")
+#
+# Kerberos
+#
+Settings['kerberos'] ||= Settingslogic.new({})
+Settings.kerberos['enabled'] = false if Settings.kerberos['enabled'].nil?
+Settings.kerberos['keytab'] = nil if Settings.kerberos['keytab'].blank? # nil means use default keytab
+Settings.kerberos['service_principal_name'] = nil if Settings.kerberos['service_principal_name'].blank? # nil means any SPN in keytab
+Settings.kerberos['use_dedicated_port'] = false if Settings.kerberos['use_dedicated_port'].nil?
+Settings.kerberos['https'] = Settings.gitlab.https if Settings.kerberos['https'].nil?
+Settings.kerberos['port'] ||= Settings.kerberos.https ? 8443 : 8088
+
+if Settings.kerberos['enabled'] && !Settings.omniauth.providers.map(&:name).include?('kerberos_spnego')
+ Settings.omniauth.providers << Settingslogic.new({ 'name' => 'kerberos_spnego' })
+end
+
#
# Extra customization
#
config/initializers/health_check.rb
diff --git a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/initializers/health_check.rb b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/initializers/health_check.rb
index 959daa93f78..c8e2a9c8e9d 100644
--- a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/initializers/health_check.rb
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/initializers/health_check.rb
@@ -1,4 +1,8 @@
HealthCheck.setup do |config|
config.standard_checks = %w(database migrations cache)
config.full_checks = %w(database migrations cache)
+
+ config.add_custom_check('geo') do
+ Gitlab::Geo::HealthCheck.perform_checks
+ end
end
config/initializers/ar_speed_up_migration_checking.rb
diff --git a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/initializers/ar_speed_up_migration_checking.rb b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/initializers/ar_speed_up_migration_checking.rb
index aae774daa35..f98b246db0b 100644
--- a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/initializers/ar_speed_up_migration_checking.rb
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/initializers/ar_speed_up_migration_checking.rb
@@ -10,7 +10,8 @@ if Rails.env.test?
# it reads + parses `db/migrate/*` each time. Memoizing it can save 0.5
# seconds per spec.
def migrations(paths)
- (@migrations ||= migrations_unmemoized(paths)).dup
+ @migrations ||= {}
+ (@migrations[paths] ||= migrations_unmemoized(paths)).dup
end
end
end
config/routes/project.rb
diff --git a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/routes/project.rb b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/routes/project.rb
index b4ebc7df4fe..f9e4a46b2f4 100644
--- a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/routes/project.rb
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/routes/project.rb
@@ -79,9 +79,16 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
resource :mattermost, only: [:new, :create]
namespace :prometheus do
- resources :metrics, constraints: { id: %r{[^\/]+} }, only: [] do
+ resources :metrics, constraints: { id: %r{[^\/]+} }, only: [:index, :new, :create, :edit, :update, :destroy] do
+ post :validate_query, on: :collection
get :active_common, on: :collection
end
+
+ # EE-specific
+ resources :alerts, constraints: { id: /\d+/ }, only: [:index, :create, :show, :update, :destroy] do
+ post :notify, on: :collection
+ end
+ # EE-specific
end
resources :deploy_keys, constraints: { id: /\d+/ }, only: [:index, :new, :create, :edit, :update] do
@@ -109,6 +116,15 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
get :pipeline_status
get :ci_environments_status
post :toggle_subscription
+
+ ## EE-specific
+ get :approvals
+ post :approvals, action: :approve
+ delete :approvals, action: :unapprove
+
+ post :rebase
+ ## EE-specific
+
post :remove_wip
post :assign_related_issues
get :discussions, format: :json
@@ -141,6 +157,23 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
post :bulk_update
end
+ ## EE-specific
+ resources :approvers, only: :destroy
+ delete 'approvers', to: 'approvers#destroy_via_user_id', as: :approver_via_user_id
+ resources :approver_groups, only: :destroy
+ ## EE-specific
+
+ ## EE-specific
+ scope module: :merge_requests do
+ resources :drafts, only: [:index, :update, :create, :destroy] do
+ collection do
+ post :publish
+ delete :discard
+ end
+ end
+ end
+ ## EE-specific
+
resources :discussions, only: [:show], constraints: { id: /\h{40}/ } do
member do
post :resolve
@@ -171,6 +204,17 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
end
end
+ ## EE-specific
+ resources :path_locks, only: [:index, :destroy] do
+ collection do
+ post :toggle
+ end
+ end
+
+ ## EE-specific
+ get '/service_desk' => 'service_desk#show', as: :service_desk
+ put '/service_desk' => 'service_desk#update', as: :service_desk_refresh
+
resource :variables, only: [:show, :update]
resources :triggers, only: [:index, :create, :edit, :update, :destroy] do
@@ -186,6 +230,10 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
end
end
+ ## EE-specific
+ resources :push_rules, constraints: { id: /\d+/ }, only: [:update]
+ ## EE-specific
+
resources :pipelines, only: [:index, :new, :create, :show] do
collection do
resource :pipelines_settings, path: 'settings', only: [:show, :update]
@@ -200,6 +248,8 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
get :builds
get :failures
get :status
+ get :security
+ get :licenses
end
end
@@ -219,6 +269,9 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
get :metrics
get :additional_metrics
get '/terminal.ws/authorize', to: 'environments#terminal_websocket_authorize', constraints: { format: nil }
+
+ # EE
+ get :logs
end
collection do
@@ -235,6 +288,14 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
end
end
+ ## EE-specific
+ resources :protected_environments, only: [:create, :update, :destroy], constraints: { id: /\d+/ } do
+ collection do
+ get 'search'
+ end
+ end
+ ## EE-specific
+
resource :cycle_analytics, only: [:show]
namespace :cycle_analytics do
@@ -293,6 +354,10 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
namespace :ci do
resource :lint, only: [:show, :create]
end
+
+ ## EE-specific
+ resources :feature_flags
+ ## EE-specific
end
draw :legacy_builds
@@ -324,6 +389,12 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
end
end
+ # EE-specific start
+ namespace :security do
+ resource :dashboard, only: [:show], controller: :dashboard
+ end
+ # EE-specific end
+
resources :milestones, constraints: { id: /\d+/ } do
member do
post :promote
@@ -348,6 +419,9 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
end
end
+ ## EE-specific
+ resources :vulnerability_feedback, only: [:index, :create, :destroy], constraints: { id: /\d+/ }
+
get :issues, to: 'issues#calendar', constraints: lambda { |req| req.format == :ics }
resources :issues, concerns: :awardable, constraints: { id: /\d+/ } do
member do
@@ -364,7 +438,14 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
collection do
post :bulk_update
post :import_csv
+
+ ## EE-specific START
+ post :export_csv
+ get :service_desk
+ ## EE-specific END
end
+
+ resources :issue_links, only: [:index, :create, :destroy], as: 'links', path: 'links'
end
resources :project_members, except: [:show, :new, :edit], constraints: { id: %r{[a-zA-Z./0-9_\-#%+]+} }, concerns: :access_requestable do
@@ -395,7 +476,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
get 'noteable/:target_type/:target_id/notes' => 'notes#index', as: 'noteable_notes'
# On CE only index and show are needed
- resources :boards, only: [:index, :show]
+ resources :boards, only: [:index, :show, :create, :update, :destroy]
resources :todos, only: [:create]
@@ -418,6 +499,11 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
end
end
+ ## EE-specific
+ resources :approvers, only: :destroy
+ resources :approver_groups, only: :destroy
+ ## EE-specific
+
resources :runner_projects, only: [:create, :destroy]
resources :badges, only: [:index] do
collection do
@@ -431,6 +517,11 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
end
end
end
+
+ ## EE-specific
+ resources :audit_events, only: [:index]
+ ## EE-specific
+
namespace :settings do
get :members, to: redirect("%{namespace_id}/%{project_id}/project_members")
resource :ci_cd, only: [:show, :update], controller: 'ci_cd' do
@@ -438,6 +529,11 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
put :reset_registration_token
end
resource :integrations, only: [:show]
+
+ resource :slack, only: [:destroy, :edit, :update] do
+ get :slack_auth
+ end
+
resource :repository, only: [:show], controller: :repository do
post :create_deploy_token, path: 'deploy_token/create'
post :cleanup
@@ -455,6 +551,10 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
draw :wiki
draw :repository
+ ## EE-specific
+ resources :managed_licenses, only: [:index, :show, :new, :create, :edit, :update, :destroy]
+ ## EE-specific
+
namespace :settings do
resource :operations, only: [:show, :update]
end
config/routes/profile.rb
diff --git a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/routes/profile.rb b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/routes/profile.rb
index c1cac3905f1..6f2b8664e3b 100644
--- a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/routes/profile.rb
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/routes/profile.rb
@@ -36,6 +36,14 @@ resource :profile, only: [:show, :update] do
put :resend_confirmation_instructions
end
end
+
+ ## EE-specific
+ resource :slack, only: [:edit] do
+ member do
+ get :slack_link
+ end
+ end
+
resources :chat_names, only: [:index, :new, :create, :destroy] do
collection do
delete :deny
@@ -59,5 +67,10 @@ resource :profile, only: [:show, :update] do
end
resources :u2f_registrations, only: [:destroy]
+
+ ## EE-specific
+ resources :pipeline_quota, only: [:index]
+ resources :billings, only: [:index]
+ ## EE-specific
end
end
config/routes/user.rb
diff --git a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/routes/user.rb b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/routes/user.rb
index e0ae264e2c0..a6a697416af 100644
--- a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/routes/user.rb
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/routes/user.rb
@@ -1,3 +1,8 @@
+## EE-specific
+get 'unsubscribes/:email', to: 'unsubscribes#show', as: :unsubscribe
+post 'unsubscribes/:email', to: 'unsubscribes#create'
+## EE-specific
+
# Allows individual providers to be directed to a chosen controller
# Call from inside devise_scope
def override_omniauth(provider, controller, path_prefix = '/users/auth')
@@ -25,6 +30,17 @@ devise_for :users, controllers: { omniauth_callbacks: :omniauth_callbacks,
devise_scope :user do
get '/users/auth/:provider/omniauth_error' => 'omniauth_callbacks#omniauth_error', as: :omniauth_error
get '/users/almost_there' => 'confirmations#almost_there'
+
+ ## EE-specific
+ get '/users/auth/kerberos_spnego/negotiate' => 'omniauth_kerberos_spnego#negotiate'
+ ## EE-specific
+end
+
+scope '-/users', module: :users do
+ resources :terms, only: [:index] do
+ post :accept, on: :member
+ post :decline, on: :member
+ end
end
scope '-/users', module: :users do
config/routes/repository.rb
diff --git a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/routes/repository.rb b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/routes/repository.rb
index f5201b9ddbb..fb48ec394b3 100644
--- a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/routes/repository.rb
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/routes/repository.rb
@@ -58,7 +58,7 @@ scope format: false do
resource :release, controller: 'tags/releases', only: [:edit, :update]
end
- resources :protected_branches, only: [:index, :show, :create, :update, :destroy]
+ resources :protected_branches, only: [:index, :show, :create, :update, :destroy, :patch], constraints: { id: Gitlab::PathRegex.git_reference_regex }
resources :protected_tags, only: [:index, :show, :create, :update, :destroy]
end
config/application.rb
diff --git a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/application.rb b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/application.rb
index 92a3d031c63..57fa3d46dd2 100644
--- a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/application.rb
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/application.rb
@@ -4,6 +4,8 @@ require 'rails/all'
Bundler.require(:default, Rails.env)
+require 'elasticsearch/rails/instrumentation'
+
module Gitlab
class Application < Rails::Application
require_dependency Rails.root.join('lib/gitlab/redis/wrapper')
@@ -47,6 +49,18 @@ module Gitlab
config.generators.templates.push("#{config.root}/generator_templates")
+ ## EE-specific paths config START
+ ee_paths = config.eager_load_paths.each_with_object([]) do |path, memo|
+ ee_path = config.root.join('ee', Pathname.new(path).relative_path_from(config.root))
+ memo << ee_path.to_s if ee_path.exist?
+ end
+ config.eager_load_paths.unshift(*ee_paths)
+
+ config.paths['lib/tasks'].unshift "#{config.root}/ee/lib/tasks"
+ config.paths['app/views'].unshift "#{config.root}/ee/app/views"
+ config.helpers_paths.unshift "#{config.root}/ee/app/helpers"
+ ## EE-specific paths config END
+
# Rake tasks ignore the eager loading settings, so we need to set the
# autoload paths explicitly
config.autoload_paths = config.eager_load_paths.dup
@@ -157,6 +171,23 @@ module Gitlab
config.assets.paths << "#{config.root}/node_modules/xterm/src/"
config.assets.precompile << "xterm.css"
+ ## EE-specific assets config START
+ %w[images javascripts stylesheets].each do |path|
+ config.assets.paths << "#{config.root}/ee/app/assets/#{path}"
+ end
+
+ config.assets.paths << "#{config.root}/vendor/assets/javascripts/"
+ config.assets.precompile << "snowplow/sp.js"
+
+ # Compile non-JS/CSS assets in the ee/app/assets folder by default
+ # Mimic sprockets-rails default: https://github.com/rails/sprockets-rails/blob/v3.2.1/lib/sprockets/railtie.rb#L84-L87
+ LOOSE_EE_APP_ASSETS = lambda do |logical_path, filename|
+ filename.start_with?(config.root.join("ee/app/assets").to_s) &&
+ !['.js', '.css', ''].include?(File.extname(logical_path))
+ end
+ config.assets.precompile << LOOSE_EE_APP_ASSETS
+ ## EE-specific assets config END
+
# Version of your assets, change this if you want to expire all your assets
config.assets.version = '1.0'
config/unicorn.rb
diff --git a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/unicorn.rb b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/unicorn.rb
index e5002b9fc34..bfe2ae2801d 100644
--- a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/unicorn.rb
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/unicorn.rb
@@ -1,3 +1,22 @@
worker_processes 1
-timeout 600
-listen '/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab.socket'
+preload_app false
+timeout 60
+listen '/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab.socket'
+
+before_fork do |server, worker|
+ # the following is highly recommended for Rails + "preload_app true"
+ # as there's no need for the master process to hold a connection
+ defined?(ActiveRecord::Base) &&
+ ActiveRecord::Base.connection.disconnect!
+end
+
+after_fork do |server, worker|
+ defined?(ActiveRecord::Base) &&
+ ActiveRecord::Base.establish_connection
+
+ defined?(::Prometheus::Client.reinitialize_on_pid_change) &&
+ Prometheus::Client.reinitialize_on_pid_change
+
+ defined?(Gitlab::Database::LoadBalancing) &&
+ Gitlab::Database::LoadBalancing.start_service_discovery
+end
config/sidekiq_queues.yml
diff --git a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/sidekiq_queues.yml b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/sidekiq_queues.yml
index 1e094c03171..6e1343a0675 100644
--- a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/sidekiq_queues.yml
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/sidekiq_queues.yml
@@ -86,3 +86,24 @@
- [delete_stored_files, 1]
- [remote_mirror_notification, 2]
- [import_issues_csv, 2]
+
+ # EE-specific queues
+ - [ldap_group_sync, 2]
+ - [create_github_webhook, 2]
+ - [chat_notification, 2]
+ - [geo, 1]
+ - [repository_update_mirror, 1]
+ - [new_epic, 2]
+ - [project_import_schedule, 1]
+ - [project_update_repository_storage, 1]
+ - [admin_emails, 1]
+ - [elastic_batch_project_indexer, 1]
+ - [elastic_indexer, 1]
+ - [elastic_commit_indexer, 1]
+ - [export_csv, 1]
+
+ # Deprecated queues: Remove after 10.7
+ - geo_base_scheduler
+ - geo_file_download
+ - geo_project_sync
+ - geo_repository_shard_sync
config/karma.config.js
diff --git a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/karma.config.js b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/karma.config.js
index e1d7c30b1c2..4c75eb1077e 100644
--- a/home/yorickpeterse/Projects/gitlab/gdk-ce/gitlab/config/karma.config.js
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/config/karma.config.js
@@ -6,6 +6,7 @@ const argumentsParser = require('commander');
const webpackConfig = require('./webpack.config.js');
const ROOT_PATH = path.resolve(__dirname, '..');
+const SPECS_PATH = /^(?:\.[\\\/])?(ee[\\\/])?spec[\\\/]javascripts[\\\/]/;
function fatalError(message) {
console.error(chalk.red(`\nError: ${message}\n`));
@@ -41,9 +42,19 @@ const specFilters = argumentsParser
)
.parse(process.argv).filterSpec;
-if (specFilters.length) {
- const specsPath = /^(?:\.[\\\/])?spec[\\\/]javascripts[\\\/]/;
+const createContext = (specFiles, regex, suffix) => {
+ const newContext = specFiles.reduce((context, file) => {
+ const relativePath = file.replace(SPECS_PATH, '');
+ context[file] = `./${relativePath}`;
+ return context;
+ }, {});
+
+ webpackConfig.plugins.push(
+ new webpack.ContextReplacementPlugin(regex, path.join(ROOT_PATH, suffix), newContext)
+ );
+};
+if (specFilters.length) {
// resolve filters
let filteredSpecFiles = specFilters.map(filter =>
glob
@@ -64,23 +75,15 @@ if (specFilters.length) {
fatalError('Your filter did not match any test files.');
}
- if (!filteredSpecFiles.every(file => specsPath.test(file))) {
+ if (!filteredSpecFiles.every(file => SPECS_PATH.test(file))) {
fatalError('Test files must be located within /spec/javascripts.');
}
- const newContext = filteredSpecFiles.reduce((context, file) => {
- const relativePath = file.replace(specsPath, '');
- context[file] = `./${relativePath}`;
- return context;
- }, {});
+ const CE_FILES = filteredSpecFiles.filter(file => !file.startsWith('ee'));
+ createContext(CE_FILES, /[^e]{2}[\\\/]spec[\\\/]javascripts$/, 'spec/javascripts');
- webpackConfig.plugins.push(
- new webpack.ContextReplacementPlugin(
- /spec[\\\/]javascripts$/,
- path.join(ROOT_PATH, 'spec/javascripts'),
- newContext
- )
- );
+ const EE_FILES = filteredSpecFiles.filter(file => file.startsWith('ee'));
+ createContext(EE_FILES, /ee[\\\/]spec[\\\/]javascripts$/, 'ee/spec/javascripts');
}
// Karma configuration
@@ -111,6 +114,7 @@ module.exports = function(config) {
],
preprocessors: {
'spec/javascripts/**/*.js': ['webpack', 'sourcemap'],
+ 'ee/spec/javascripts/**/*.js': ['webpack', 'sourcemap'],
},
reporters: ['progress'],
webpack: webpackConfig,
Edited by Yorick Peterse