Merge branch 'master' into 'dm-gitlab-shell-7-1-4'

# Conflicts:
#   GITLAB_SHELL_VERSION

app/assets/javascripts/ide/components/commit_sidebar/message_field.vue

@@ -54,7 +54,7 @@ export default {
     placement: 'top',
     content: sprintf(
       __(`
-        The character highligher helps you keep the subject line to %{titleLength} characters
+        The character highlighter helps you keep the subject line to %{titleLength} characters
         and wrap the body at %{bodyLength} so they are readable in git.
       `),
       { titleLength: MAX_TITLE_LENGTH, bodyLength: MAX_BODY_LENGTH },

app/models/clusters/platforms/kubernetes.rb

@@ -11,12 +11,12 @@ module Clusters
 
       attr_encrypted :password,
         mode: :per_attribute_iv,
-        key: Settings.attr_encrypted_db_key_base,
+        key: Settings.attr_encrypted_db_key_base_truncated,
         algorithm: 'aes-256-cbc'
 
       attr_encrypted :token,
         mode: :per_attribute_iv,
-        key: Settings.attr_encrypted_db_key_base,
+        key: Settings.attr_encrypted_db_key_base_truncated,
         algorithm: 'aes-256-cbc'
 
       before_validation :enforce_namespace_to_lower_case

app/models/clusters/providers/gcp.rb

@@ -11,7 +11,7 @@ module Clusters
 
       attr_encrypted :access_token,
         mode: :per_attribute_iv,
-        key: Settings.attr_encrypted_db_key_base,
+        key: Settings.attr_encrypted_db_key_base_truncated,
         algorithm: 'aes-256-cbc'
 
       validates :gcp_project_id,

changelogs/unreleased/bvl-bump-gitlab-shell-7-1-3.yml

+---
+title: Include username in output when testing SSH to GitLab
+merge_request: 19358
+author:
+type: other

changelogs/unreleased/sh-fix-secrets-not-working.yml

+---
+title: Fix attr_encryption key settings
+merge_request:
+author:
+type: fixed

changelogs/unreleased/sh-fix-source-project-nplus-one.yml

+---
+title: Fix N+1 with source_projects in merge requests API
+merge_request:
+author:
+type: performance

config/settings.rb

@@ -85,17 +85,24 @@ class Settings < Settingslogic
       File.expand_path(path, Rails.root)
     end
 
-    # Returns a 256-bit key for attr_encrypted
-    def attr_encrypted_db_key_base
-      # Ruby 2.4+ requires passing in the exact required length for OpenSSL keys
-      # (https://github.com/ruby/ruby/commit/ce635262f53b760284d56bb1027baebaaec175d1).
-      # Previous versions quietly truncated the input.
-      #
-      # The default mode for the attr_encrypted gem is to use a 256-bit key.
-      # We truncate the 128-byte string to 32 bytes.
+    # Ruby 2.4+ requires passing in the exact required length for OpenSSL keys
+    # (https://github.com/ruby/ruby/commit/ce635262f53b760284d56bb1027baebaaec175d1).
+    # Previous versions quietly truncated the input.
+    #
+    # Use this when using :per_attribute_iv mode for attr_encrypted.
+    # We have to truncate the string to 32 bytes for a 256-bit cipher.
+    def attr_encrypted_db_key_base_truncated
       Gitlab::Application.secrets.db_key_base[0..31]
     end
 
+    # This should be used for :per_attribute_salt_and_iv mode. There is no
+    # need to truncate the key because the encryptor will use the salt to
+    # generate a hash of the password:
+    # https://github.com/attr-encrypted/encryptor/blob/c3a62c4a9e74686dd95e0548f9dc2a361fdc95d1/lib/encryptor.rb#L77
+    def attr_encrypted_db_key_base
+      Gitlab::Application.secrets.db_key_base
+    end
+
     private
 
     def base_url(config)

db/post_migrate/20171124104327_migrate_kubernetes_service_to_new_clusters_architectures.rb

@@ -48,7 +48,7 @@ class MigrateKubernetesServiceToNewClustersArchitectures < ActiveRecord::Migrati
 
     attr_encrypted :token,
       mode: :per_attribute_iv,
-      key: Settings.attr_encrypted_db_key_base,
+      key: Settings.attr_encrypted_db_key_base_truncated,
       algorithm: 'aes-256-cbc'
   end
 

lib/api/merge_requests.rb

@@ -38,7 +38,7 @@ module API
         merge_requests = MergeRequestsFinder.new(current_user, args).execute
                            .reorder(args[:order_by] => args[:sort])
         merge_requests = paginate(merge_requests)
-                           .preload(:target_project)
+                           .preload(:source_project, :target_project)
 
         return merge_requests if args[:view] == 'simple'
 

spec/lib/gitlab/cycle_analytics/usage_data_spec.rb

@@ -3,7 +3,12 @@ require 'spec_helper'
 describe Gitlab::CycleAnalytics::UsageData do
   describe '#to_json' do
     before do
-      Timecop.freeze do
+      # Since git commits only have second precision, round up to the
+      # nearest second to ensure we have accurate median and standard
+      # deviation calculations.
+      current_time = Time.at(Time.now.to_i)
+
+      Timecop.freeze(current_time) do
         user = create(:user, :admin)
         projects = create_list(:project, 2, :repository)
 
@@ -37,13 +42,7 @@ describe Gitlab::CycleAnalytics::UsageData do
 
           expected_values.each_pair do |op, value|
             expect(stage_values).to have_key(op)
-
-            if op == :missing
-              expect(stage_values[op]).to eq(value)
-            else
-              # delta is used because of git timings that Timecop does not stub
-              expect(stage_values[op].to_i).to be_within(5).of(value.to_i)
-            end
+            expect(stage_values[op]).to eq(value)
           end
         end
       end
@@ -58,8 +57,8 @@ describe Gitlab::CycleAnalytics::UsageData do
             missing: 0
           },
           plan: {
-            average: 2,
-            sd: 2,
+            average: 1,
+            sd: 0,
             missing: 0
           },
           code: {

spec/support/helpers/cycle_analytics_helpers.rb

@@ -4,12 +4,12 @@ module CycleAnalyticsHelpers
     create_commit("Commit for ##{issue.iid}", issue.project, user, branch_name)
   end
 
-  def create_commit(message, project, user, branch_name, count: 1)
+  def create_commit(message, project, user, branch_name, count: 1, commit_time: nil, skip_push_handler: false)
     repository = project.repository
-    oldrev = repository.commit(branch_name).sha
+    oldrev = repository.commit(branch_name)&.sha || Gitlab::Git::BLANK_SHA
 
     if Timecop.frozen? && Gitlab::GitalyClient.feature_enabled?(:operation_user_commit_files)
-      mock_gitaly_multi_action_dates(repository.raw)
+      mock_gitaly_multi_action_dates(repository.raw, commit_time)
     end
 
     commit_shas = Array.new(count) do |index|
@@ -19,6 +19,8 @@ module CycleAnalyticsHelpers
       commit_sha
     end
 
+    return if skip_push_handler
+
     GitPushService.new(project,
                        user,
                        oldrev: oldrev,
@@ -44,13 +46,11 @@ module CycleAnalyticsHelpers
       project.repository.add_branch(user, source_branch, 'master')
     end
 
-    sha = project.repository.create_file(
-      user,
-      generate(:branch),
-      'content',
-      message: commit_message,
-      branch_name: source_branch)
-    project.repository.commit(sha)
+    # Cycle analytic specs often test with frozen times, which causes metrics to be
+    # pinned to the current time. For example, in the plan stage, we assume that an issue
+    # milestone has been created before any code has been written. We add a second
+    # to ensure that the plan time is positive.
+    create_commit(commit_message, project, user, source_branch, commit_time: Time.now + 1.second, skip_push_handler: true)
 
     opts = {
       title: 'Awesome merge_request',
@@ -116,9 +116,9 @@ module CycleAnalyticsHelpers
       protected: false)
   end
 
-  def mock_gitaly_multi_action_dates(raw_repository)
+  def mock_gitaly_multi_action_dates(raw_repository, commit_time)
     allow(raw_repository).to receive(:multi_action).and_wrap_original do |m, *args|
-      new_date = Time.now
+      new_date = commit_time || Time.now
       branch_update = m.call(*args)
 
       if branch_update.newrev