Merge remote-tracking branch 'ee/master' into ce-to-ee-2018-04-27

* ee/master:
  Don't run JS lint for QA either
  except is already handled, don't overwrite it
  We still want to run them in QA
  Introduce dedicated-no-docs-and-no-qa-pull-cache-job
  Remove comma from the time system notes
  Wait for page load so we're not getting stale elements
  Clear local storage after test so it's not interfering
  Select everything so we could hit protect
  Geo: Add pgbouncer and FDW documentation

.gitlab-ci.yml

@@ -140,7 +140,7 @@ stages:
 # Jobs that only need to pull cache
 .dedicated-no-docs-pull-cache-job: &dedicated-no-docs-pull-cache-job
   <<: *dedicated-runner
-  <<: *except-docs-and-qa
+  <<: *except-docs
   <<: *pull-cache
   dependencies:
     - setup-test-env
@@ -152,6 +152,10 @@ stages:
   variables:
     SETUP_DB: "false"
 
+.dedicated-no-docs-and-no-qa-pull-cache-job: &dedicated-no-docs-and-no-qa-pull-cache-job
+  <<: *dedicated-no-docs-pull-cache-job
+  <<: *except-docs-and-qa
+
 .rake-exec: &rake-exec
   <<: *dedicated-no-docs-no-db-pull-cache-job
   script:
@@ -310,7 +314,7 @@ stages:
     - master@gitlab/gitlab-ee
 
 .gitlab-setup: &gitlab-setup
-  <<: *dedicated-no-docs-pull-cache-job
+  <<: *dedicated-no-docs-and-no-qa-pull-cache-job
   <<: *use-pg
   variables:
     SETUP_DB: "false"
@@ -351,12 +355,12 @@ stages:
 
 # DB migration, rollback, and seed jobs
 .db-migrate-reset: &db-migrate-reset
-  <<: *dedicated-no-docs-pull-cache-job
+  <<: *dedicated-no-docs-and-no-qa-pull-cache-job
   script:
     - bundle exec rake db:migrate:reset
 
 .migration-paths: &migration-paths
-  <<: *dedicated-no-docs-pull-cache-job
+  <<: *dedicated-no-docs-and-no-qa-pull-cache-job
   variables:
     CREATE_DB_USER: "true"
   script:
@@ -768,7 +772,7 @@ migration:path-mysql:
   <<: *use-mysql
 
 .db-rollback: &db-rollback
-  <<: *dedicated-no-docs-pull-cache-job
+  <<: *dedicated-no-docs-and-no-qa-pull-cache-job
   script:
     - bundle exec rake db:migrate VERSION=20170523121229
     - bundle exec rake db:migrate
@@ -781,10 +785,9 @@ db:rollback-mysql:
   <<: *db-rollback
   <<: *use-mysql
 
-db:rollback-pg-geo: &db-rollback
+db:rollback-pg-geo:
   <<: *db-rollback
   <<: *use-pg
-  <<: *except-docs
   script:
     - bundle exec rake geo:db:migrate VERSION=20170627195211
     - bundle exec rake geo:db:migrate
@@ -799,7 +802,7 @@ gitlab:setup-mysql:
 
 # Frontend-related jobs
 gitlab:assets:compile:
-  <<: *dedicated-no-docs-no-db-pull-cache-job
+  <<: *dedicated-no-docs-and-no-qa-pull-cache-job
   dependencies: []
   variables:
     NODE_ENV: "production"
@@ -820,7 +823,7 @@ gitlab:assets:compile:
       - webpack-report/
 
 karma:
-  <<: *dedicated-no-docs-pull-cache-job
+  <<: *dedicated-no-docs-and-no-qa-pull-cache-job
   <<: *use-pg
   dependencies:
     - compile-assets
@@ -944,7 +947,7 @@ coverage:
     - coverage/assets/
 
 lint:javascript:report:
-  <<: *dedicated-no-docs-no-db-pull-cache-job
+  <<: *dedicated-no-docs-and-no-qa-pull-cache-job
   stage: post-test
   dependencies:
     - compile-assets

app/services/system_note_service.rb

@@ -159,7 +159,7 @@ module SystemNoteService
     body = if noteable.time_estimate == 0
              "removed time estimate"
            else
-             "changed time estimate to #{parsed_time},"
+             "changed time estimate to #{parsed_time}"
            end
 
     create_note(NoteSummary.new(noteable, project, author, body, action: 'time_tracking'))

app/views/projects/protected_branches/_create_protected_branch.html.haml

 - content_for :merge_access_levels do
   .merge_access_levels-container
     = dropdown_tag('Select',
-                    options: { toggle_class: 'js-allowed-to-merge wide',
-                    dropdown_class: 'dropdown-menu-selectable capitalize-header',
+                    options: { toggle_class: 'js-allowed-to-merge qa-allowed-to-merge-select wide',
+                    dropdown_class: 'dropdown-menu-selectable qa-allowed-to-merge-dropdown capitalize-header',
                     data: { field_name: 'protected_branch[merge_access_levels_attributes][0][access_level]', input_id: 'merge_access_levels_attributes' }})
 - content_for :push_access_levels do
   .push_access_levels-container

app/views/projects/protected_branches/_update_protected_branch.html.haml

 %td
   = hidden_field_tag "allowed_to_merge_#{protected_branch.id}", protected_branch.merge_access_levels.first.access_level
   = dropdown_tag( (protected_branch.merge_access_levels.first.humanize || 'Select') ,
-                 options: { toggle_class: 'js-allowed-to-merge', dropdown_class: 'dropdown-menu-selectable js-allowed-to-merge-container capitalize-header',
+                 options: { toggle_class: 'js-allowed-to-merge qa-allowed-to-merge', dropdown_class: 'dropdown-menu-selectable js-allowed-to-merge-container capitalize-header',
                  data: { field_name: "allowed_to_merge_#{protected_branch.id}", access_level_id: protected_branch.merge_access_levels.first.id }})
 %td
   = hidden_field_tag "allowed_to_push_#{protected_branch.id}", protected_branch.push_access_levels.first.access_level

doc/administration/geo/replication/database.md

@@ -201,7 +201,7 @@ The following guide assumes that:
     for more information.
 
 1. Save the file and reconfigure GitLab for the database listen changes and
-   the replication slot changes to be applied.
+   the replication slot changes to be applied:
 
     ```bash
     gitlab-ctl reconfigure
@@ -555,6 +555,55 @@ the instructions below:
     gitlab-ctl restart
     ```
 
+## PGBouncer support (optional)
+
+[PGBouncer](http://pgbouncer.github.io/) may be used with GitLab Geo to pool
+PostgreSQL connections. We recommend using PGBouncer if you use GitLab in a
+high-availability configuration with a cluster of nodes supporting a Geo
+primary and another cluster of nodes supporting a Geo secondary. For more
+information, see the [Omnibus HA](https://docs.gitlab.com/ee/administration/high_availability/database.html#configure-using-omnibus-for-high-availability)
+documentation.
+
+For a Geo secondary to work properly with PGBouncer in front of the database,
+it will need a separate read-only user to make [PostgreSQL FDW queries][FDW]
+work:
+
+1. On the primary Geo database, enter the PostgreSQL on the console as an
+admin user. If you are using an Omnibus-managed database, log onto the primary
+node that is running the PostgreSQL database:
+
+    ```bash
+     sudo -u gitlab-psql /opt/gitlab/embedded/bin/psql -h /var/opt/gitlab/postgresql gitlabhq_production
+    ```
+
+2. Then create the read-only user:
+
+    ```sql
+    -- NOTE: Use the password defined earlier
+    CREATE USER gitlab_geo_fdw WITH password 'mypassword';
+    GRANT CONNECT ON DATABASE gitlabhq_production to gitlab_geo_fdw;
+    GRANT USAGE ON SCHEMA public TO gitlab_geo_fdw;
+    GRANT SELECT ON ALL TABLES IN SCHEMA public TO gitlab_geo_fdw;
+    GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO gitlab_geo_fdw;
+
+    -- Tables created by "gitlab" should be made read-only for "gitlab_geo_fdw"
+    -- automatically.
+    ALTER DEFAULT PRIVILEGES FOR USER gitlab IN SCHEMA public GRANT SELECT ON TABLES TO gitlab_geo_fdw;
+    ALTER DEFAULT PRIVILEGES FOR USER gitlab IN SCHEMA public GRANT SELECT ON SEQUENCES TO gitlab_geo_fdw;
+    ```
+
+3. On the Geo secondary nodes, change `/etc/gitlab/gitlab.rb`:
+
+    ```
+    geo_postgresql['fdw_external_user'] = 'gitlab_geo_fdw'
+    ```
+
+4. Save the file and reconfigure GitLab for the changes to be applied:
+
+    ```bash
+    gitlab-ctl reconfigure
+    ```
+
 ## MySQL replication
 
 MySQL replication is not supported for Geo.

doc/administration/geo/replication/database_source.md

@@ -382,6 +382,32 @@ data before running `pg_basebackup`.
 
 The replication process is now over.
 
+## PGBouncer support (optional)
+
+1. First, enter the PostgreSQL console as an admin user.
+
+2. Then create the read-only user:
+
+    ```sql
+    -- NOTE: Use the password defined earlier
+    CREATE USER gitlab_geo_fdw WITH password 'mypassword';
+    GRANT CONNECT ON DATABASE gitlabhq_production to gitlab_geo_fdw;
+    GRANT USAGE ON SCHEMA public TO gitlab_geo_fdw;
+    GRANT SELECT ON ALL TABLES IN SCHEMA public TO gitlab_geo_fdw;
+    GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO gitlab_geo_fdw;
+
+    -- Tables created by "gitlab" should be made read-only for "gitlab_geo_fdw"
+    -- automatically.
+    ALTER DEFAULT PRIVILEGES FOR USER gitlab IN SCHEMA public GRANT SELECT ON TABLES TO gitlab_geo_fdw;
+    ALTER DEFAULT PRIVILEGES FOR USER gitlab IN SCHEMA public GRANT SELECT ON SEQUENCES TO gitlab_geo_fdw;
+    ```
+
+3. Enter the PostgreSQL console on the secondary tracking database and change the user mapping to this new user:
+
+    ```
+    ALTER USER MAPPING FOR gitlab_geo SERVER gitlab_secondary OPTIONS (SET user 'gitlab_geo_fdw')
+    ```
+
 ## MySQL replication
 
 MySQL replication is not supported for Geo.

ee/app/views/projects/protected_branches/ee/_create_protected_branch.html.haml

 - content_for :merge_access_levels do
   .merge_access_levels-container
     = dropdown_tag('Select',
-                   options: { toggle_class: 'js-allowed-to-merge js-multiselect wide',
-                   dropdown_class: 'dropdown-menu-user dropdown-menu-selectable  capitalize-header', filter: true,
+                   options: { toggle_class: 'js-allowed-to-merge qa-allowed-to-merge-select js-multiselect wide',
+                   dropdown_class: 'dropdown-menu-user dropdown-menu-selectable qa-allowed-to-merge-dropdown capitalize-header', filter: true,
                    data: { input_id: 'merge_access_levels_attributes', default_label: 'Select' } })
 - content_for :push_access_levels do
   .push_access_levels-container
     = dropdown_tag('Select',
-                   options: { toggle_class: 'js-allowed-to-push js-multiselect wide',
-                   dropdown_class: 'dropdown-menu-user dropdown-menu-selectable  capitalize-header', filter: true,
+                   options: { toggle_class: 'js-allowed-to-push qa-allowed-to-push-select js-multiselect wide',
+                   dropdown_class: 'dropdown-menu-user dropdown-menu-selectable qa-allowed-to-push-dropdown capitalize-header', filter: true,
                    data: { input_id: 'push_access_levels_attributes', default_label: 'Select' } })
   .help-block
     Only groups that

ee/app/views/projects/protected_branches/ee/_protected_branch_access_summary.html.haml

 %td
-  = render partial: 'projects/settings/ee/access_level_dropdown', locals: { protected_branch: protected_branch, access_levels: protected_branch.merge_access_levels, level_frequencies: access_level_frequencies(protected_branch.merge_access_levels), input_basic_name: 'merge_access_levels', toggle_class: 'js-allowed-to-merge' }
+  = render partial: 'projects/settings/ee/access_level_dropdown', locals: { protected_branch: protected_branch, access_levels: protected_branch.merge_access_levels, level_frequencies: access_level_frequencies(protected_branch.merge_access_levels), input_basic_name: 'merge_access_levels', toggle_class: 'js-allowed-to-merge qa-allowed-to-merge' }
 
 %td
-  = render partial: 'projects/settings/ee/access_level_dropdown', locals: { protected_branch: protected_branch, access_levels: protected_branch.push_access_levels, level_frequencies: access_level_frequencies(protected_branch.push_access_levels), input_basic_name: 'push_access_levels', toggle_class: 'js-allowed-to-push' }
+  = render partial: 'projects/settings/ee/access_level_dropdown', locals: { protected_branch: protected_branch, access_levels: protected_branch.push_access_levels, level_frequencies: access_level_frequencies(protected_branch.push_access_levels), input_basic_name: 'push_access_levels', toggle_class: 'js-allowed-to-push qa-allowed-to-push' }

qa/qa/ee.rb

@@ -19,6 +19,12 @@ module QA
         end
       end
 
+      module Project
+        module Settings
+          autoload :ProtectedBranches, 'qa/ee/page/project/settings/protected_branches'
+        end
+      end
+
       module MergeRequest
         autoload :Show, 'qa/ee/page/merge_request/show'
       end

qa/qa/ee/page/project/settings/protected_branches.rb

+module QA
+  module EE
+    module Page
+      module Project
+        module Settings
+          module ProtectedBranches
+            def self.prepended(page)
+              page.module_eval do
+                view 'ee/app/views/projects/protected_branches/ee/_create_protected_branch.html.haml' do
+                  element :allowed_to_push_select
+                  element :allowed_to_push_dropdown
+                  element :allowed_to_merge_select
+                  element :allowed_to_merge_dropdown
+                end
+
+                view 'ee/app/views/projects/protected_branches/ee/_protected_branch_access_summary.html.haml' do
+                  element :allowed_to_push
+                  element :allowed_to_merge
+                end
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

qa/qa/factory/resource/branch.rb

@@ -2,7 +2,8 @@ module QA
   module Factory
     module Resource
       class Branch < Factory::Base
-        attr_accessor :project, :branch_name, :allow_to_push, :protected
+        attr_accessor :project, :branch_name,
+                      :allow_to_push, :allow_to_merge, :protected
 
         dependency Factory::Resource::Project, as: :project do |project|
           project.name = 'protected-branch-project'
@@ -23,6 +24,7 @@ module QA
         def initialize
           @branch_name = 'test/branch'
           @allow_to_push = true
+          @allow_to_merge = true
           @protected = false
         end
 
@@ -65,7 +67,22 @@ module QA
                 page.allow_no_one_to_push
               end
 
+              if allow_to_merge
+                page.allow_devs_and_masters_to_merge
+              else
+                page.allow_no_one_to_merge
+              end
+
+              page.wait(reload: false) do
+                !page.first('.btn-create').disabled?
+              end
+
               page.protect_branch
+
+              # Wait for page load, which resets the expanded sections
+              page.wait(reload: false) do
+                !page.has_content?('Collapse')
+              end
             end
           end
         end

qa/qa/page/project/settings/protected_branches.rb

@@ -3,6 +3,8 @@ module QA
     module Project
       module Settings
         class ProtectedBranches < Page::Base
+          prepend EE::Page::Project::Settings::ProtectedBranches
+
           view 'app/views/projects/protected_branches/shared/_dropdown.html.haml' do
             element :protected_branch_select
             element :protected_branch_dropdown
@@ -11,6 +13,13 @@ module QA
           view 'app/views/projects/protected_branches/_create_protected_branch.html.haml' do
             element :allowed_to_push_select
             element :allowed_to_push_dropdown
+            element :allowed_to_merge_select
+            element :allowed_to_merge_dropdown
+          end
+
+          view 'app/views/projects/protected_branches/_update_protected_branch.html.haml' do
+            element :allowed_to_push
+            element :allowed_to_merge
           end
 
           view 'app/views/projects/protected_branches/shared/_branches_list.html.haml' do
@@ -30,11 +39,19 @@ module QA
           end
 
           def allow_no_one_to_push
-            allow_to_push('No one')
+            click_allow(:push, 'No one')
           end
 
           def allow_devs_and_masters_to_push
-            allow_to_push('Developers + Masters')
+            click_allow(:push, 'Developers + Masters')
+          end
+
+          def allow_no_one_to_merge
+            click_allow(:merge, 'No one')
+          end
+
+          def allow_devs_and_masters_to_merge
+            click_allow(:merge, 'Developers + Masters')
           end
 
           def protect_branch
@@ -55,11 +72,15 @@ module QA
 
           private
 
-          def allow_to_push(text)
-            click_element :allowed_to_push_select
+          def click_allow(action, text)
+            click_element :"allowed_to_#{action}_select"
 
-            within_element(:allowed_to_push_dropdown) do
+            within_element(:"allowed_to_#{action}_dropdown") do
               click_on text
+
+              wait(reload: false) do
+                has_css?('.is-active')
+              end
             end
           end
         end

qa/qa/specs/features/repository/protected_branches_spec.rb

@@ -19,6 +19,13 @@ module QA
       Page::Main::Login.act { sign_in_using_credentials }
     end
 
+    after do
+      # We need to clear localStorage because we're using it for the dropdown,
+      # and capybara doesn't do this for us.
+      # https://github.com/teamcapybara/capybara/issues/1702
+      Capybara.execute_script 'localStorage.clear()'
+    end
+
     scenario 'user is able to protect a branch' do
       protected_branch = Factory::Resource::Branch.fabricate! do |resource|
         resource.branch_name = branch_name

spec/services/system_note_service_spec.rb

@@ -947,7 +947,7 @@ describe SystemNoteService do
       it 'sets the note text' do
         noteable.update_attribute(:time_estimate, 277200)
 
-        expect(subject.note).to eq "changed time estimate to 1w 4d 5h,"
+        expect(subject.note).to eq "changed time estimate to 1w 4d 5h"
       end
     end