Originally branch 'mk-toggle-writing-to-auth-keys-1631'
See merge request !2004
Squashed commits:
Add authorized_keys_enabled to Application Settings
Ensure default settings are exposed in UI
Without this change, `authorized_keys_enabled` is unchecked when it is nil, even if it should be checked by default.
Add “Speed up SSH operations” documentation
Clarify the reasons for disabling writes
Add "How to go back" section
Tweak copy
Update Application Setting screenshot
Moving the check out of the general requests, makes sure we don't have
any slowdown in the regular requests.
To keep the process performing this checks small, the check is still
performed inside a unicorn. But that is called from a process running
on the same server.
Because the checks are now done outside normal request, we can have a
simpler failure strategy:
The check is now performed in the background every
`circuitbreaker_check_interval`. Failures are logged in redis. The
failures are reset when the check succeeds. Per check we will try
`circuitbreaker_access_retries` times within
`circuitbreaker_storage_timeout` seconds.
When the number of failures exceeds
`circuitbreaker_failure_count_threshold`, we will block access to the
storage.
After `failure_reset_time` of no checks, we will clear the stored
failures. This could happen when the process that performs the checks
is not running.
Behind an application setting, which defaults to false, this commit
implements the implied CI/CD config. Which means that in the case we
can't find the `.gitlab-ci.yml` on the commit we want to start a
pipeline for, we fall back to an implied configuration.
For now the Bash template has been copied to
`Auto-Devops.gitlab-ci.yml` so the tests actually work.
Fixes#34777
The initializers including this were doing so at the top level, so every object
loaded after them had a `current_application_settings` method. However, if
someone had rack-attack enabled (which was loaded before these initializers), it
would try to load the API, and fail, because `Gitlab::CurrentSettings` didn't
have that method.
To fix this:
1. Don't include `Gitlab::CurrentSettings` at the top level. We do not need
`Object.new.current_application_settings` to work.
2. Make `Gitlab::CurrentSettings` explicitly `extend self`, as we already use it
like that in several places.
3. Change the initializers to use that new form.
`allowed_key_types` is removed and the `minimum_<type>_bits` fields are
renamed to `<tech>_key_restriction`. A special sentinel value (`-1`) signifies
that the key type is disabled.
This also feeds through to the UI - checkboxes per key type are out, inline
selection of "forbidden" and "allowed" (i.e., no restrictions) are in.
As with the previous model, unknown key types are disallowed, even if the
underlying ssh daemon happens to support them. The defaults have also been
changed from the lowest known bit size to "no restriction". So if someone
does happen to have a 768-bit RSA key, it will continue to work on upgrade, at
least until the administrator restricts them.
This is an amalgamation of:
* Cory Hinshaw: Initial implementation !5552
* Rémy Coutable: Updates !9350
* Nick Thomas: Resolve conflicts and add ED25519 support !13712
When sign-in is disabled:
- skip password expiration checks
- prevent password reset requests
- don’t show Password tab in User Settings
- don’t allow login with username/password for Git over HTTP requests
- render 404 on requests to Profiles::PasswordsController
This will be necessary when adding gitaly settings. This version
doesn't make any functional changes, but allows us to include this
breaking change in 9.0 and add the needed extra settings in the future
with backwards compatibility
This commit alters views for the following models to use the markdown cache if
present:
* AbuseReport
* Appearance
* ApplicationSetting
* BroadcastMessage
* Group
* Issue
* Label
* MergeRequest
* Milestone
* Project
At the same time, calls to `escape_once` have been moved into the `single_line`
Banzai pipeline, so they can't be missed out by accident and the work is done
at save, rather than render, time.
Koding: #index: landing page for Koding integration
If enabled it will provide a link to open remote Koding instance url
for now we are also providing the sneak preview video for how
integration works in detail.
Repository: check whether .koding.yml file exists on repository
Projects: landing page: show Run in IDE (Koding) button if repo has stack file
Projects: MR: show Run in IDE Koding button if repo has stack file on active branch
ProjectHelpers: add_koding_stack: stack generator for provided project
With this helper we will auto-generate the required stack template
for a given project. For the feature we can request this base template
from the running Koding instance on integration.
Currently this will provide users to create a t2.nano instance on aws
and it'll automatically configures the instance for basic requirements.
Projects: empty state and landing page provide shortcuts to create stack
projects_helper: use branch on checkout and provide an entry point
This ${var.koding_queryString_branch} will be replaced with the branch
provided in query string which will allow us to use same stack template
for different branches of the same repository.
ref: b8c0e43c4c
projects_helper: provide sha info in query string to use existing vms
With this change we'll be able to query existing vms on Koding side
based on the commit id that they've created.
ref: 1d630fadf3
Integration: Docs: Koding documentation added
Disable /koding route if integration is disabled
Use application settings to enable Koding
Projects_helper: better indentation with strip_heredoc usage
Projects_helper: return koding_url as is if there is no project provided
current_settings: set koding_enabled: false by default
Koding_Controller: to render not_found once integration is disabled
Dashboard_specs: update spec for Koding enabled case
Projects_Helper: make repo dynamic
ref: 4d615242f4
Updated documentation to have right format
Add a new application setting, after_sign_up_text. This is text to be
rendered as Markdown and shown on the 'almost there' page after a user
signs up, but before they've confirmed their account.
Tweak the styles for that page so that centered lists look reasonable.
Douwe Maan
Horatiu Eugen Vlad
Nick Thomas
Matija Čupić
Mario de la Ossa
Mark Fletcher
Michael Kozono
Bob Van Landuyt
Tim Zallmann
Andrew Newdigate
Jose Ivan Vargas
Markus Koller
Zeger-Jan van de Weg
Robert Speicher
Sean McGivern
Gabriel Mazetto
Robin Bobbitt
Sean McGivern
Ruben Davila
Tiago Botelho
Alejandro Rodríguez
Douwe Maan
Fatih Acet
Luke "Jared" Bennett
Patricio Cano
Gokmen Goksel
Andrei Gliga