diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-22 00:11:35 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-22 00:11:35 +0300 |
| commit | 0fba9a23d015b64690ed9e6405d7fba2efbd227d (patch) | |
| tree | 81fad49c3c108cfdef3be00995368bc571b54803 | |
| parent | 79f759cc144c7020942f09762154c6758ee1d275 (diff) | |
Add latest changes from gitlab-org/gitlab@master
22 files changed, 262 insertions, 126 deletions
diff --git a/GITLAB_ELASTICSEARCH_INDEXER_VERSION b/GITLAB_ELASTICSEARCH_INDEXER_VERSION index fb2c0766b7c..edcfe40d198 100644 --- a/GITLAB_ELASTICSEARCH_INDEXER_VERSION +++ b/GITLAB_ELASTICSEARCH_INDEXER_VERSION @@ -1 +1 @@ -2.13.0 +2.14.0 @@ -165,7 +165,7 @@ gem 'asciidoctor', '~> 2.0.10' gem 'asciidoctor-include-ext', '~> 0.3.1', require: false gem 'asciidoctor-plantuml', '~> 0.0.12' gem 'asciidoctor-kroki', '~> 0.5.0', require: false -gem 'rouge', '~> 3.26.0' +gem 'rouge', '~> 3.26.1' gem 'truncato', '~> 0.7.11' gem 'bootstrap_form', '~> 4.2.0' gem 'nokogiri', '~> 1.11.4' diff --git a/Gemfile.lock b/Gemfile.lock index f3d2860110e..88506372707 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1051,7 +1051,7 @@ GEM rexml (3.2.5) rinku (2.0.0) rotp (6.2.0) - rouge (3.26.0) + rouge (3.26.1) rqrcode (0.7.0) chunky_png rqrcode-rails3 (0.1.7) @@ -1592,7 +1592,7 @@ DEPENDENCIES responders (~> 3.0) retriable (~> 3.1.2) rexml (~> 3.2.5) - rouge (~> 3.26.0) + rouge (~> 3.26.1) rqrcode-rails3 (~> 0.1.7) rspec-parameterized rspec-rails (~> 5.0.1) diff --git a/app/assets/javascripts/packages_and_registries/dependency_proxy/app.vue b/app/assets/javascripts/packages_and_registries/dependency_proxy/app.vue index 7c2df91150b..e3c5aa53129 100644 --- a/app/assets/javascripts/packages_and_registries/dependency_proxy/app.vue +++ b/app/assets/javascripts/packages_and_registries/dependency_proxy/app.vue @@ -1,11 +1,12 @@ <script> -import { GlAlert, GlFormGroup, GlFormInputGroup, GlSprintf } from '@gitlab/ui'; +import { GlAlert, GlFormGroup, GlFormInputGroup, GlSkeletonLoader, GlSprintf } from '@gitlab/ui'; import { helpPagePath } from '~/helpers/help_page_helper'; -import { numberToHumanSize } from '~/lib/utils/number_utils'; import { __ } from '~/locale'; import ClipboardButton from '~/vue_shared/components/clipboard_button.vue'; import TitleArea from '~/vue_shared/components/registry/title_area.vue'; +import getDependencyProxyDetailsQuery from '~/packages_and_registries/dependency_proxy/graphql/queries/get_dependency_proxy_details.query.graphql'; + export default { components: { GlFormGroup, @@ -14,6 +15,7 @@ export default { GlSprintf, ClipboardButton, TitleArea, + GlSkeletonLoader, }, inject: ['groupPath', 'dependencyProxyAvailable'], i18n: { @@ -27,11 +29,20 @@ export default { }, data() { return { - dependencyProxyTotalSize: 0, - dependencyProxyImagePrefix: '', - dependencyProxyBlobCount: 0, + group: {}, }; }, + apollo: { + group: { + query: getDependencyProxyDetailsQuery, + skip() { + return !this.dependencyProxyAvailable; + }, + variables() { + return { fullPath: this.groupPath }; + }, + }, + }, computed: { infoMessages() { return [ @@ -41,9 +52,6 @@ export default { }, ]; }, - humanizedTotalSize() { - return numberToHumanSize(this.dependencyProxyTotalSize); - }, }, }; </script> @@ -55,16 +63,18 @@ export default { {{ $options.i18n.proxyNotAvailableText }} </gl-alert> + <gl-skeleton-loader v-else-if="$apollo.queries.group.loading" /> + <div v-else data-testid="main-area"> <gl-form-group :label="$options.i18n.proxyImagePrefix"> <gl-form-input-group readonly - :value="dependencyProxyImagePrefix" + :value="group.dependencyProxyImagePrefix" class="gl-layout-w-limited" > <template #append> <clipboard-button - :text="dependencyProxyImagePrefix" + :text="group.dependencyProxyImagePrefix" :title="$options.i18n.copyImagePrefixText" /> </template> @@ -72,8 +82,8 @@ export default { <template #description> <span data-qa-selector="dependency_proxy_count" data-testid="proxy-count"> <gl-sprintf :message="$options.i18n.blobCountAndSize"> - <template #count>{{ dependencyProxyBlobCount }}</template> - <template #size>{{ humanizedTotalSize }}</template> + <template #count>{{ group.dependencyProxyBlobCount }}</template> + <template #size>{{ group.dependencyProxyTotalSize }}</template> </gl-sprintf> </span> </template> diff --git a/app/assets/javascripts/packages_and_registries/dependency_proxy/graphql/index.js b/app/assets/javascripts/packages_and_registries/dependency_proxy/graphql/index.js new file mode 100644 index 00000000000..16152eb81f6 --- /dev/null +++ b/app/assets/javascripts/packages_and_registries/dependency_proxy/graphql/index.js @@ -0,0 +1,14 @@ +import Vue from 'vue'; +import VueApollo from 'vue-apollo'; +import createDefaultClient from '~/lib/graphql'; + +Vue.use(VueApollo); + +export const apolloProvider = new VueApollo({ + defaultClient: createDefaultClient( + {}, + { + assumeImmutableResults: true, + }, + ), +}); diff --git a/app/assets/javascripts/packages_and_registries/dependency_proxy/graphql/queries/get_dependency_proxy_details.query.graphql b/app/assets/javascripts/packages_and_registries/dependency_proxy/graphql/queries/get_dependency_proxy_details.query.graphql new file mode 100644 index 00000000000..b62ceb0f0bd --- /dev/null +++ b/app/assets/javascripts/packages_and_registries/dependency_proxy/graphql/queries/get_dependency_proxy_details.query.graphql @@ -0,0 +1,18 @@ +query getDependencyProxyDetails($fullPath: ID!) { + group(fullPath: $fullPath) { + name + dependencyProxyBlobCount + dependencyProxyTotalSize + dependencyProxyImagePrefix + dependencyProxyManifests { + nodes { + digest + } + } + dependencyProxyBlobs { + nodes { + fileName + } + } + } +} diff --git a/app/assets/javascripts/packages_and_registries/dependency_proxy/index.js b/app/assets/javascripts/packages_and_registries/dependency_proxy/index.js index 952953fb3b7..dc73470e07d 100644 --- a/app/assets/javascripts/packages_and_registries/dependency_proxy/index.js +++ b/app/assets/javascripts/packages_and_registries/dependency_proxy/index.js @@ -1,7 +1,7 @@ import Vue from 'vue'; import { parseBoolean } from '~/lib/utils/common_utils'; import app from '~/packages_and_registries/dependency_proxy/app.vue'; -import { apolloProvider } from '~/packages_and_registries/package_registry/graphql'; +import { apolloProvider } from '~/packages_and_registries/dependency_proxy/graphql'; import Translate from '~/vue_shared/translate'; Vue.use(Translate); diff --git a/doc/.vale/gitlab/UnclearAntecedent.yml b/doc/.vale/gitlab/UnclearAntecedent.yml index 863bbd4e109..5f238598d9f 100644 --- a/doc/.vale/gitlab/UnclearAntecedent.yml +++ b/doc/.vale/gitlab/UnclearAntecedent.yml @@ -1,13 +1,13 @@ --- -# Suggestion: gitlab.UnclearAntecedent +# Warning: gitlab.UnclearAntecedent # # Checks for words that need a noun for clarity. # -# For a list of all options, see https://errata-ai.gitbook.io/vale/getting-started/styles +# For a list of all options, see https://docs.errata.ai/vale/styles extends: existence message: "'%s' is not precise. Try rewriting with a specific subject and verb." link: https://docs.gitlab.com/ee/development/documentation/styleguide/word_list.html#this-these-that-those -level: suggestion +level: warning ignorecase: false tokens: - 'That is' diff --git a/doc/administration/auth/ldap/index.md b/doc/administration/auth/ldap/index.md index 1992b450338..8c52ffd0346 100644 --- a/doc/administration/auth/ldap/index.md +++ b/doc/administration/auth/ldap/index.md @@ -5,7 +5,7 @@ group: Access info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# General LDAP setup **(FREE SELF)** +# Integrate LDAP with GitLab **(FREE SELF)** GitLab integrates with [LDAP](https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol) to support user authentication. @@ -70,15 +70,15 @@ LDAP email address, and then sign into GitLab by using their LDAP credentials. LDAP service that can be configured with GitLab for authentication and group sync. See [Google Secure LDAP](google_secure_ldap.md) for detailed configuration instructions. -## Configuration +## Configure LDAP -To enable LDAP integration you must add your LDAP server settings in -`/etc/gitlab/gitlab.rb` or `/home/git/gitlab/config/gitlab.yml` for Omnibus -GitLab and installations from source respectively. +To configure LDAP integration, add your LDAP server settings in: -There is a Rake task to check LDAP configuration. After configuring LDAP -using the documentation below, see [LDAP check Rake task](../../raketasks/check.md#ldap-check) -for information on the LDAP check Rake task. +- `/etc/gitlab/gitlab.rb` for Omnibus GitLab instances. +- `/home/git/gitlab/config/gitlab.yml` for source install instances. + +After configuring LDAP, to test the configuration, use the +[LDAP check Rake task](../../raketasks/check.md#ldap-check). NOTE: The `encryption` value `simple_tls` corresponds to 'Simple TLS' in the LDAP @@ -90,9 +90,9 @@ with `start_tls` and `ssl` was replaced with `simple_tls`. LDAP users must have a set email address, regardless of whether or not it's used to sign in. -### Example Configurations +### Example Omnibus GitLab configuration -**Omnibus Configuration** +This example shows configuration for Omnibus GitLab instances: ```ruby gitlab_rails['ldap_enabled'] = true @@ -139,7 +139,9 @@ gitlab_rails['ldap_servers'] = { } ``` -**Source Configuration** +### Example source install configuration + +This example shows configuration for source install instances: ```yaml production: @@ -155,6 +157,8 @@ production: ### Basic configuration settings +These configuration settings are available: + | Setting | Description | Required | Examples | |--------------------|-------------|----------|----------| | `label` | A human-friendly name for your LDAP server. It is displayed on your sign-in page. | **{check-circle}** Yes | `'Paris'` or `'Acme, Ltd.'` | @@ -183,6 +187,8 @@ Some examples of the `user_filter` field syntax: ### SSL configuration settings +These SSL configuration settings are available: + | Setting | Description | Required | Examples | |---------------|-------------|----------|----------| | `ca_file` | Specifies the path to a file containing a PEM-format CA certificate, for example, if you need an internal CA. | **{dotted-circle}** No | `'/etc/ca.pem'` | @@ -193,69 +199,72 @@ Some examples of the `user_filter` field syntax: ### Attribute configuration settings -LDAP attributes that GitLab uses to create an account for the LDAP user. The specified -attribute can either be the attribute name as a string (for example, `'mail'`), or an -array of attribute names to try in order (for example, `['mail', 'email']`). -The user's LDAP sign-in is the attribute specified as `uid` above. +GitLab uses these LDAP attributes to create an account for the LDAP user. The specified +attribute can be either: + +- The attribute name as a string. For example, `'mail'`. +- An array of attribute names to try in order. For example, `['mail', 'email']`. + +The user's LDAP sign in is the LDAP attribute [specified as `uid`](#basic-configuration-settings). | Setting | Description | Required | Examples | |--------------|-------------|----------|----------| -| `username` | The username is used in paths for the user's own projects (like `gitlab.example.com/username/project`) and when mentioning them in issues, merge request and comments (like `@username`). If the attribute specified for `username` contains an email address, the GitLab username is part of the email address before the `@`. | **{dotted-circle}** No | `['uid', 'userid', 'sAMAccountName']` | +| `username` | Used in paths for the user's own projects (for example, `gitlab.example.com/username/project`) and when mentioning them in issues, merge request and comments (for example, `@username`). If the attribute specified for `username` contains an email address, the GitLab username is part of the email address before the `@`. | **{dotted-circle}** No | `['uid', 'userid', 'sAMAccountName']` | | `email` | LDAP attribute for user email. | **{dotted-circle}** No | `['mail', 'email', 'userPrincipalName']` | | `name` | LDAP attribute for user display name. If `name` is blank, the full name is taken from the `first_name` and `last_name`. | **{dotted-circle}** No | Attributes `'cn'`, or `'displayName'` commonly carry full names. Alternatively, you can force the use of `first_name` and `last_name` by specifying an absent attribute such as `'somethingNonExistent'`. | | `first_name` | LDAP attribute for user first name. Used when the attribute configured for `name` does not exist. | **{dotted-circle}** No | `'givenName'` | | `last_name` | LDAP attribute for user last name. Used when the attribute configured for `name` does not exist. | **{dotted-circle}** No | `'sn'` | -### LDAP Sync configuration settings **(PREMIUM SELF)** +### LDAP sync configuration settings **(PREMIUM SELF)** + +These LDAP sync configuration settings are available: | Setting | Description | Required | Examples | |-------------------|-------------|----------|----------| | `group_base` | Base used to search for groups. | **{dotted-circle}** No | `'ou=groups,dc=gitlab,dc=example'` | -| `admin_group` | The CN of a group containing GitLab administrators. Note: Not `cn=administrators` or the full DN. | **{dotted-circle}** No | `'administrators'` | -| `external_groups` | An array of CNs of groups containing users that should be considered external. Note: Not `cn=interns` or the full DN. | **{dotted-circle}** No | `['interns', 'contractors']` | +| `admin_group` | The CN of a group containing GitLab administrators. Not `cn=administrators` or the full DN. | **{dotted-circle}** No | `'administrators'` | +| `external_groups` | An array of CNs of groups containing users that should be considered external. Not `cn=interns` or the full DN. | **{dotted-circle}** No | `['interns', 'contractors']` | | `sync_ssh_keys` | The LDAP attribute containing a user's public SSH key. | **{dotted-circle}** No | `'sshPublicKey'` or false if not set | ### Set up LDAP user filter -If you want to limit all GitLab access to a subset of the LDAP users on your -LDAP server, the first step should be to narrow the configured `base`. However, -it's sometimes necessary to further filter users. In this case, you can set -up an LDAP user filter. The filter must comply with -[RFC 4515](https://tools.ietf.org/search/rfc4515). +To limit all GitLab access to a subset of the LDAP users on your LDAP server, first narrow the +configured `base`. However, to further filter users if +necessary, you can set up an LDAP user filter. The filter must comply with [RFC 4515](https://tools.ietf.org/search/rfc4515). -**Omnibus configuration** +- Example user filter for Omnibus GitLab instances: -```ruby -gitlab_rails['ldap_servers'] = { -'main' => { - # snip... - 'user_filter' => '(employeeType=developer)' + ```ruby + gitlab_rails['ldap_servers'] = { + 'main' => { + # snip... + 'user_filter' => '(employeeType=developer)' + } } -} -``` + ``` -**Source configuration** +- Example user filter for source install instances: -```yaml -production: - ldap: - servers: - main: - # snip... - user_filter: '(employeeType=developer)' -``` + ```yaml + production: + ldap: + servers: + main: + # snip... + user_filter: '(employeeType=developer)' + ``` -If you want to limit access to the nested members of an Active Directory -group, use the following syntax: +To limit access to the nested members of an Active Directory group, use the following syntax: ```plaintext (memberOf:1.2.840.113556.1.4.1941:=CN=My Group,DC=Example,DC=com) ``` -For more information about this "LDAP_MATCHING_RULE_IN_CHAIN" filter, see the following -[Microsoft Search Filter Syntax](https://docs.microsoft.com/en-us/windows/win32/adsi/search-filter-syntax) document. +For more information about `LDAP_MATCHING_RULE_IN_CHAIN` filters, see +[Search Filter Syntax](https://docs.microsoft.com/en-us/windows/win32/adsi/search-filter-syntax). + Support for nested members in the user filter shouldn't be confused with -[group sync nested groups support](#supported-ldap-group-typesattributes). **(PREMIUM SELF)** +[group sync nested groups](#supported-ldap-group-typesattributes) support. GitLab does not support the custom filter syntax used by OmniAuth LDAP. @@ -451,7 +460,7 @@ If initially your LDAP configuration looked like: ### TLS server authentication -There are two encryption methods, `simple_tls` and `start_tls`. +`simple_tls` and `start_tls` are the two available encryption methods. For either encryption method, if setting `verify_certificates: false`, TLS encryption is established with the LDAP server before any LDAP-protocol data is @@ -474,7 +483,7 @@ connects to. To add another LDAP server: -1. Duplicate the settings under [the main configuration](#configuration). +1. Duplicate the settings under [the main configuration](#configure-ldap). 1. Edit them to match the additional LDAP server. Be sure to choose a different provider ID made of letters a-z and numbers 0-9. @@ -526,7 +535,7 @@ The process executes the following access checks: - Ensure the user is still present in LDAP. - If the LDAP server is Active Directory, ensure the user is active (not - blocked/disabled state). This is checked only if + blocked/disabled state). This check is performed only if `active_directory: true` is set in the LDAP configuration. In Active Directory, a user is marked as disabled/blocked if the user @@ -702,7 +711,7 @@ When enabled, the following applies: To enable it, you must: -1. [Enable LDAP](#configuration) +1. [Configure LDAP](#configure-ldap). 1. On the top bar, select **Menu > Admin**. 1. On the left sidebar, select **Settings > General**. 1. Expand the **Visibility and access controls** section. @@ -716,7 +725,7 @@ The values shown are in cron format. If needed, you can use a WARNING: Do not start the sync process too frequently as this -could lead to multiple syncs running concurrently. This is primarily a concern +could lead to multiple syncs running concurrently. This concern is primarily for installations with a large number of LDAP users. Review the [LDAP group sync benchmark metrics](#benchmarks) to see how your installation compares before proceeding. @@ -850,7 +859,7 @@ LDAP group links each: - Subsequent syncs (checking membership, no writes) took 15 minutes These metrics are meant to provide a baseline and performance may vary based on -any number of factors. This was an extreme benchmark and most instances don't +any number of factors. This benchmark was extreme and most instances don't have near this many users or groups. Disk speed, database performance, network and LDAP server response time affects these metrics. diff --git a/doc/administration/auth/ldap/ldap-troubleshooting.md b/doc/administration/auth/ldap/ldap-troubleshooting.md index 1952e8afa97..223e48a5f4e 100644 --- a/doc/administration/auth/ldap/ldap-troubleshooting.md +++ b/doc/administration/auth/ldap/ldap-troubleshooting.md @@ -90,7 +90,7 @@ established but GitLab doesn't show you LDAP users in the output, one of the following is most likely true: - The `bind_dn` user doesn't have enough permissions to traverse the user tree. -- The user(s) don't fall under the [configured `base`](index.md#configuration). +- The user(s) don't fall under the [configured `base`](index.md#configure-ldap). - The [configured `user_filter`](index.md#set-up-ldap-user-filter) blocks access to the user(s). In this case, you con confirm which of the above is true using @@ -102,7 +102,7 @@ In this case, you con confirm which of the above is true using A user can have trouble signing in for any number of reasons. To get started, here are some questions to ask yourself: -- Does the user fall under the [configured `base`](index.md#configuration) in +- Does the user fall under the [configured `base`](index.md#configure-ldap) in LDAP? The user must fall under this `base` to sign in. - Does the user pass through the [configured `user_filter`](index.md#set-up-ldap-user-filter)? If one is not configured, this question can be ignored. If it is, then the diff --git a/doc/administration/maintenance_mode/index.md b/doc/administration/maintenance_mode/index.md index 39ee357cc2f..ad2bdba5b23 100644 --- a/doc/administration/maintenance_mode/index.md +++ b/doc/administration/maintenance_mode/index.md @@ -111,7 +111,7 @@ For most JSON requests, POST, PUT, PATCH, and DELETE are blocked, and the API re |HTTP request | Allowed routes | Notes | |:----:|:--------------------------------------:|:----:| -| POST | `/admin/application_settings/general` | To allow updating application settings in the admin UI | +| POST | `/admin/application_settings/general` | To allow updating application settings in the administrator UI | | PUT | `/api/v4/application/settings` | To allow updating application settings with the API | | POST | `/users/sign_in` | To allow users to log in. | | POST | `/users/sign_out`| To allow users to log out. | @@ -121,8 +121,8 @@ For most JSON requests, POST, PUT, PATCH, and DELETE are blocked, and the API re | POST | `.git/git-upload-pack` | To allow Git pull/clone. | | POST | `/api/v4/internal` | [internal API routes](../../development/internal_api.md) | | POST | `/admin/sidekiq` | To allow management of background jobs in the admin UI | -| POST | `/admin/geo` | To allow updating Geo Nodes in the admin UI | -| POST | `/api/v4/geo_replication`| To allow certain Geo-specific admin UI actions on secondary sites | +| POST | `/admin/geo` | To allow updating Geo Nodes in the administrator UI | +| POST | `/api/v4/geo_replication`| To allow certain Geo-specific administrator UI actions on secondary sites | ### GraphQL API diff --git a/doc/administration/troubleshooting/gitlab_rails_cheat_sheet.md b/doc/administration/troubleshooting/gitlab_rails_cheat_sheet.md index 4c7daf2b51a..cbe7f7de09b 100644 --- a/doc/administration/troubleshooting/gitlab_rails_cheat_sheet.md +++ b/doc/administration/troubleshooting/gitlab_rails_cheat_sheet.md @@ -1279,7 +1279,7 @@ cluster = Clusters::Cluster.find_by(name: 'cluster_name') Delete cluster without associated resources: ```ruby -# Find an admin user +# Find users with the Administrator role user = User.find_by(username: 'admin_user') # Find the cluster with the ID diff --git a/doc/administration/troubleshooting/linux_cheat_sheet.md b/doc/administration/troubleshooting/linux_cheat_sheet.md index 9eadbad171e..b66e88a8d60 100644 --- a/doc/administration/troubleshooting/linux_cheat_sheet.md +++ b/doc/administration/troubleshooting/linux_cheat_sheet.md @@ -14,7 +14,7 @@ having an issue with GitLab, you may want to check your [support options](https: first, before attempting to use this information. WARNING: -If you are administering GitLab you are expected to know these commands for your distribution +If you administer GitLab you are expected to know these commands for your distribution of choice. If you are a GitLab Support Engineer, consider this a cross-reference to translate `yum` -> `apt-get` and the like. diff --git a/doc/development/testing_guide/end_to_end/running_tests_that_require_special_setup.md b/doc/development/testing_guide/end_to_end/running_tests_that_require_special_setup.md index 46a3053c267..753004e6867 100644 --- a/doc/development/testing_guide/end_to_end/running_tests_that_require_special_setup.md +++ b/doc/development/testing_guide/end_to_end/running_tests_that_require_special_setup.md @@ -412,7 +412,7 @@ These tests spin up a Docker container [(`osixia/openldap`)](https://hub.docker. The container uses fixtures [checked into the GitLab-QA repository](https://gitlab.com/gitlab-org/gitlab-qa/-/tree/9ffb9ad3be847a9054967d792d6772a74220fb42/fixtures/ldap) to create base data such as users and groups including the admin group. The password for [all users](https://gitlab.com/gitlab-org/gitlab-qa/-/blob/9ffb9ad3be847a9054967d792d6772a74220fb42/fixtures/ldap/2_add_users.ldif) including [the `tanuki` user](https://gitlab.com/gitlab-org/gitlab-qa/-/blob/9ffb9ad3be847a9054967d792d6772a74220fb42/fixtures/ldap/tanuki.ldif) is `password`. -A GitLab instance is also created in a Docker container based on our [General LDAP setup](../../../administration/auth/ldap/index.md#general-ldap-setup) documentation. +A GitLab instance is also created in a Docker container based on our [LDAP setup](../../../administration/auth/ldap/index.md) documentation. Tests that are tagged `:ldap_tls` enable TLS on GitLab using the certificate [checked into the GitLab-QA repository](https://gitlab.com/gitlab-org/gitlab-qa/-/tree/9ffb9ad3be847a9054967d792d6772a74220fb42/tls_certificates/gitlab). diff --git a/doc/integration/kerberos.md b/doc/integration/kerberos.md index 48339144292..aab60a4e522 100644 --- a/doc/integration/kerberos.md +++ b/doc/integration/kerberos.md @@ -173,7 +173,7 @@ enabled, your users are linked to their LDAP accounts on their first sign-in. For this to work, some prerequisites must be met: The Kerberos username must match the LDAP user's UID. You can choose which LDAP -attribute is used as the UID in the GitLab [LDAP configuration](../administration/auth/ldap/index.md#configuration) +attribute is used as the UID in the GitLab [LDAP configuration](../administration/auth/ldap/index.md#configure-ldap) but for Active Directory, this should be `sAMAccountName`. The Kerberos realm must match the domain part of the LDAP user's Distinguished diff --git a/doc/integration/security_partners/index.md b/doc/integration/security_partners/index.md index 36099fdb2a6..b8c7a0163f5 100644 --- a/doc/integration/security_partners/index.md +++ b/doc/integration/security_partners/index.md @@ -1,6 +1,6 @@ --- -stage: Protect -group: Container Security +stage: Secure +group: Static Analysis info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers type: index --- diff --git a/doc/user/clusters/agent/repository.md b/doc/user/clusters/agent/repository.md index ea57ded3320..51efed4f567 100644 --- a/doc/user/clusters/agent/repository.md +++ b/doc/user/clusters/agent/repository.md @@ -152,6 +152,11 @@ gitops: > [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/5784) in GitLab 14.3. +FLAG: +On self-managed GitLab, by default this feature is not available. To make it available, +ask an administrator to [enable the `group_authorized_agents` flag](../../../administration/feature_flags.md). +On GitLab.com, this feature is available. + If you use the same cluster across multiple projects, you can set up the CI/CD Tunnel to grant the Agent access to one or more groups. This way, all the projects that belong to the authorized groups can access the same Agent. This enables you to save resources and diff --git a/doc/user/project/repository/repository_mirroring.md b/doc/user/project/repository/repository_mirroring.md index 5a02a35fce1..5acc4f8e748 100644 --- a/doc/user/project/repository/repository_mirroring.md +++ b/doc/user/project/repository/repository_mirroring.md @@ -29,7 +29,7 @@ Users with the [Maintainer role](../../permissions.md) for the project can also immediate update, unless: - The mirror is already being updated. -- The [limit for pull mirroring interval seconds](../../../administration/instance_limits.md#pull-mirroring-interval) has not elapsed since its last update. +- The [limit for pull mirroring interval seconds](../../../administration/instance_limits.md#pull-mirroring-interval) has not elapsed after its last update. For security reasons, the URL to the original repository is only displayed to users with the [Maintainer role](../../permissions.md) or the [Owner role](../../permissions.md) for the mirrored @@ -39,7 +39,7 @@ project. The following are some possible use cases for repository mirroring: -- You migrated to GitLab but still need to keep your project in another source. In that case, you +- You migrated to GitLab but still must keep your project in another source. In that case, you can set it up to mirror to GitLab (pull) and all the essential history of commits, tags, and branches are available in your GitLab instance. **(PREMIUM)** - You have old projects in another source that you don't use actively anymore, but don't want to @@ -110,7 +110,7 @@ After the mirror is created, this option can only be modified via the [API](../. ### Set up a push mirror from GitLab to GitHub -To set up a mirror from GitLab to GitHub, you need to follow these steps: +To set up a mirror from GitLab to GitHub, you must follow these steps: 1. Create a [GitHub personal access token](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) with the `public_repo` box checked. 1. Fill in the **Git repository URL** field using this format: `https://<your_github_username>@github.com/<your_github_group>/<your_github_project>.git`. @@ -360,7 +360,7 @@ If you select the: - **Detect host keys** button, GitLab fetches the host keys from the server and display the fingerprints. - **Input host keys manually** button, a field is displayed where you can paste in host keys. -Assuming you used the former, you now need to verify that the fingerprints are +Assuming you used the former, you now must verify that the fingerprints are those you expect. GitLab.com and other code hosting sites publish their fingerprints in the open for you to check: @@ -384,7 +384,7 @@ $ cat /etc/ssh/ssh_host*pub | ssh-keygen -E md5 -l -f - ``` NOTE: -You may need to exclude `-E md5` for some older versions of SSH. +You must exclude `-E md5` for some older versions of SSH. When mirroring the repository, GitLab checks that at least one of the stored host keys matches before connecting. This can prevent malicious code from @@ -398,15 +398,15 @@ GitLab generates a 4096-bit RSA key that can be copied by selecting the **Copy S  -You then need to add the public SSH key to the other repository's configuration: +You then must add the public SSH key to the other repository's configuration: - If the other repository is hosted on GitLab, you should add the public SSH key as a [deploy key](../../project/deploy_keys/index.md). -- If the other repository is hosted elsewhere, you may need to add the key to +- If the other repository is hosted elsewhere, you must add the key to your user's `authorized_keys` file. Paste the entire public SSH key into the file on its own line and save it. -If you need to change the key at any time, you can remove and re-add the mirror +If you must change the key at any time, you can remove and re-add the mirror to generate a new key. Update the other repository with the new key to keep the mirror running. @@ -591,7 +591,7 @@ set your email address on GitHub to be public, or disable the [Block command lin ### 4:Deadline Exceeded When upgrading to GitLab 11.11.8 or newer, a change in how usernames are represented means that you -may need to update your mirroring username and password to ensure that `%40` characters are replaced with `@`. +must update your mirroring username and password to ensure that `%40` characters are replaced with `@`. ### Connection blocked because server only allows public key authentication diff --git a/doc/user/project/web_ide/index.md b/doc/user/project/web_ide/index.md index 010a63b7957..71cf0c03549 100644 --- a/doc/user/project/web_ide/index.md +++ b/doc/user/project/web_ide/index.md @@ -26,7 +26,7 @@ and from merge requests: 1. Select **Edit in Web IDE** to open the editor. - *When viewing a merge request* - 1. Go to your merge request, and select the **Overview** tab. - 1. Scroll to the widgets area, after the merge request description. + 1. Scroll to the widgets section, after the merge request description. 1. Select **Edit in Web IDE** if it is visible. 1. If **Edit in Web IDE** is not visible: 1. Select the **(angle-down)** next to **Open in Gitpod**. @@ -231,7 +231,7 @@ left. > [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/19318) in [GitLab Free](https://about.gitlab.com/pricing/) 11.0. To switch between your authored and assigned merge requests, click the -dropdown in the top of the sidebar to open a list of merge requests. You need to commit or discard all your changes before switching to a different merge +dropdown in the top of the sidebar to open a list of merge requests. You must commit or discard all your changes before switching to a different merge request. ## Switching branches @@ -240,7 +240,7 @@ request. To switch between branches of the current project repository, click the dropdown in the top of the sidebar to open a list of branches. -You need to commit or discard all your changes before switching to a +You must commit or discard all your changes before switching to a different branch. ## Markdown editing @@ -324,7 +324,7 @@ An example `package.json`: WARNING: Interactive Web Terminals for the Web IDE is currently in **Beta**. GitLab.com shared runners [do not yet support Interactive Web Terminals](https://gitlab.com/gitlab-org/gitlab/-/issues/24674), -so you would need to use your own private runner to make use of this feature. +so you must use your own private runner to make use of this feature. [Interactive Web Terminals](../../../ci/interactive_web_terminal/index.md) give the project [Maintainers](../../permissions.md#project-members-permissions) @@ -333,14 +333,14 @@ GitLab, including through the Web IDE. ### Runner configuration -Some things need to be configured in the runner for the interactive web terminal +Some things must be configured in the runner for the interactive web terminal to work: - The runner needs to have [`[session_server]` configured properly](https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-session_server-section). This section requires at least a `session_timeout` value (which defaults to 1800 seconds) and a `listen_address` value. If `advertise_address` is not defined, `listen_address` is used. -- If you are using a reverse proxy with your GitLab instance, web terminals need to be +- If you are using a reverse proxy with your GitLab instance, web terminals must be [enabled](../../../administration/integration/terminal.md#enabling-and-disabling-terminal-support). **(ULTIMATE SELF)** If you have the terminal open and the job has finished with its tasks, the @@ -355,7 +355,7 @@ The [File Sync](#file-syncing-to-web-terminal) feature is supported on Kubernete ### Web IDE configuration file -In order to enable the Web IDE terminals you need to create the file +To enable the Web IDE terminals you must create the file `.gitlab/.gitlab-webide.yml` inside the repository's root. This file is fairly similar to the [CI configuration file](../../../ci/yaml/index.md) syntax but with some restrictions: @@ -456,7 +456,7 @@ terminal: ``` - The `webide-file-sync` executable must start **after** the project - directory is available. This is why we need to add `sleep 5` to the `command`. + directory is available. This is why we must add `sleep 5` to the `command`. See [this issue](https://gitlab.com/gitlab-org/webide-file-sync/-/issues/7) for more information. - `$CI_PROJECT_DIR` is a diff --git a/lib/gitlab/highlight.rb b/lib/gitlab/highlight.rb index f830af68e07..49712548960 100644 --- a/lib/gitlab/highlight.rb +++ b/lib/gitlab/highlight.rb @@ -70,7 +70,7 @@ module Gitlab end def highlight_plain(text) - @formatter.format(Rouge::Lexers::PlainText.lex(text), context).html_safe + @formatter.format(Rouge::Lexers::PlainText.lex(text), **context).html_safe end def highlight_rich(text, continue: true) @@ -78,7 +78,7 @@ module Gitlab tag = lexer.tag tokens = lexer.lex(text, continue: continue) - Timeout.timeout(timeout_time) { @formatter.format(tokens, context.merge(tag: tag)).html_safe } + Timeout.timeout(timeout_time) { @formatter.format(tokens, **context, tag: tag).html_safe } rescue Timeout::Error => e add_highlight_timeout_metric diff --git a/spec/frontend/packages_and_registries/dependency_proxy/app_spec.js b/spec/frontend/packages_and_registries/dependency_proxy/app_spec.js index 54bb91ef492..dd14351d4fb 100644 --- a/spec/frontend/packages_and_registries/dependency_proxy/app_spec.js +++ b/spec/frontend/packages_and_registries/dependency_proxy/app_spec.js @@ -1,19 +1,41 @@ -import { GlAlert, GlFormInputGroup, GlFormGroup, GlSprintf } from '@gitlab/ui'; +import { GlAlert, GlFormInputGroup, GlFormGroup, GlSkeletonLoader, GlSprintf } from '@gitlab/ui'; +import { createLocalVue } from '@vue/test-utils'; +import VueApollo from 'vue-apollo'; +import createMockApollo from 'helpers/mock_apollo_helper'; import { shallowMountExtended } from 'helpers/vue_test_utils_helper'; +import waitForPromises from 'helpers/wait_for_promises'; import DependencyProxyApp from '~/packages_and_registries/dependency_proxy/app.vue'; import ClipboardButton from '~/vue_shared/components/clipboard_button.vue'; +import getDependencyProxyDetailsQuery from '~/packages_and_registries/dependency_proxy/graphql/queries/get_dependency_proxy_details.query.graphql'; + +import { proxyDetailsQuery, proxyData } from './mock_data'; + +const localVue = createLocalVue(); + describe('DependencyProxyApp', () => { let wrapper; + let apolloProvider; const provideDefaults = { groupPath: 'gitlab-org', dependencyProxyAvailable: true, }; - function createComponent({ provide = provideDefaults } = {}) { + function createComponent({ + provide = provideDefaults, + resolver = jest.fn().mockResolvedValue(proxyDetailsQuery()), + } = {}) { + localVue.use(VueApollo); + + const requestHandlers = [[getDependencyProxyDetailsQuery, resolver]]; + + apolloProvider = createMockApollo(requestHandlers); + wrapper = shallowMountExtended(DependencyProxyApp, { + localVue, + apolloProvider, provide, stubs: { GlFormInputGroup, @@ -27,6 +49,7 @@ describe('DependencyProxyApp', () => { const findClipBoardButton = () => wrapper.findComponent(ClipboardButton); const findFormGroup = () => wrapper.findComponent(GlFormGroup); const findFormInputGroup = () => wrapper.findComponent(GlFormInputGroup); + const findSkeletonLoader = () => wrapper.findComponent(GlSkeletonLoader); const findMainArea = () => wrapper.findByTestId('main-area'); const findProxyCountText = () => wrapper.findByTestId('proxy-count'); @@ -35,48 +58,89 @@ describe('DependencyProxyApp', () => { }); describe('when the dependency proxy is not available', () => { - beforeEach(() => { - createComponent({ provide: { ...provideDefaults, dependencyProxyAvailable: false } }); - }); + const createComponentArguments = { + provide: { ...provideDefaults, dependencyProxyAvailable: false }, + }; it('renders an info alert', () => { + createComponent(createComponentArguments); + expect(findProxyNotAvailableAlert().text()).toBe( DependencyProxyApp.i18n.proxyNotAvailableText, ); }); it('does not render the main area', () => { + createComponent(createComponentArguments); + expect(findMainArea().exists()).toBe(false); }); + + it('does not call the graphql endpoint', async () => { + const resolver = jest.fn().mockResolvedValue(proxyDetailsQuery()); + createComponent({ ...createComponentArguments, resolver }); + + await waitForPromises(); + + expect(resolver).not.toHaveBeenCalled(); + }); }); describe('when the dependency proxy is available', () => { - beforeEach(() => { - createComponent(); - }); + describe('when is loading', () => { + it('renders the skeleton loader', () => { + createComponent(); - it('does not render the info alert', () => { - expect(findProxyNotAvailableAlert().exists()).toBe(false); - }); + expect(findSkeletonLoader().exists()).toBe(true); + }); - it('renders the main area', () => { - expect(findMainArea().exists()).toBe(true); - }); + it('does not show the main section', () => { + createComponent(); - it('renders a form group with a label', () => { - expect(findFormGroup().attributes('label')).toBe(DependencyProxyApp.i18n.proxyImagePrefix); - }); + expect(findMainArea().exists()).toBe(false); + }); - it('renders a form input group', () => { - expect(findFormInputGroup().exists()).toBe(true); - }); + it('does not render the info alert', () => { + createComponent(); - it('form input group has a clipboard button', () => { - expect(findClipBoardButton().exists()).toBe(true); + expect(findProxyNotAvailableAlert().exists()).toBe(false); + }); }); - it('from group has a description with proxy count', () => { - expect(findProxyCountText().text()).toBe('Contains 0 blobs of images (0 bytes)'); + describe('when the app is loaded', () => { + beforeEach(() => { + createComponent(); + return waitForPromises(); + }); + + it('does not render the info alert', () => { + expect(findProxyNotAvailableAlert().exists()).toBe(false); + }); + + it('renders the main area', () => { + expect(findMainArea().exists()).toBe(true); + }); + + it('renders a form group with a label', () => { + expect(findFormGroup().attributes('label')).toBe(DependencyProxyApp.i18n.proxyImagePrefix); + }); + + it('renders a form input group', () => { + expect(findFormInputGroup().exists()).toBe(true); + expect(findFormInputGroup().props('value')).toBe(proxyData().dependencyProxyImagePrefix); + }); + + it('form input group has a clipboard button', () => { + expect(findClipBoardButton().exists()).toBe(true); + expect(findClipBoardButton().props()).toMatchObject({ + text: proxyData().dependencyProxyImagePrefix, + title: DependencyProxyApp.i18n.copyImagePrefixText, + }); + }); + + it('from group has a description with proxy count', () => { + expect(findProxyCountText().text()).toBe('Contains 2 blobs of images (1024 Bytes)'); + }); }); }); }); diff --git a/spec/frontend/packages_and_registries/dependency_proxy/mock_data.js b/spec/frontend/packages_and_registries/dependency_proxy/mock_data.js new file mode 100644 index 00000000000..8ecb4d4d5d5 --- /dev/null +++ b/spec/frontend/packages_and_registries/dependency_proxy/mock_data.js @@ -0,0 +1,16 @@ +export const proxyData = () => ({ + name: 'Gitlab Org', + dependencyProxyBlobCount: 2, + dependencyProxyTotalSize: '1024 Bytes', + dependencyProxyImagePrefix: 'gdk.test:3000/groups/gitlab-org/dependency_proxy/containers', + dependencyProxyManifests: { nodes: [], __typename: 'DependencyProxyManifestConnection' }, + dependencyProxyBlobs: { nodes: [], __typename: 'DependencyProxyBlobConnection' }, +}); +export const proxyDetailsQuery = () => ({ + data: { + group: { + ...proxyData(), + __typename: 'Group', + }, + }, +}); |