diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-07-08 21:09:05 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-07-08 21:09:05 +0300 |
| commit | 1d3086ebb41758289c1184dc5ad1462c81e1a1f9 (patch) | |
| tree | 17cbcc0d62d7b810d70e847dd3577f1535ef58ea | |
| parent | 833d57e60da633435d845a7867e46e6092c46520 (diff) | |
Add latest changes from gitlab-org/gitlab@master
22 files changed, 210 insertions, 139 deletions
diff --git a/app/helpers/jobs_helper.rb b/app/helpers/jobs_helper.rb index 780d945b353..a940dd68139 100644 --- a/app/helpers/jobs_helper.rb +++ b/app/helpers/jobs_helper.rb @@ -5,8 +5,8 @@ module JobsHelper { "endpoint" => project_job_path(@project, @build, format: :json), "project_path" => @project.full_path, - "deployment_help_url" => help_page_path('user/project/clusters/index.md', anchor: 'troubleshooting-failed-deployment-jobs'), - "runner_help_url" => help_page_path('ci/runners/README.md', anchor: 'setting-maximum-job-timeout-for-a-runner'), + "deployment_help_url" => help_page_path('user/project/clusters/index.md', anchor: 'troubleshooting'), + "runner_help_url" => help_page_path('ci/runners/README.md', anchor: 'set-maximum-job-timeout-for-a-runner'), "runner_settings_url" => project_runners_path(@build.project, anchor: 'js-runners-settings'), "variables_settings_url" => project_variables_path(@build.project, anchor: 'js-cicd-variables-settings'), "page_path" => project_job_path(@project, @build), diff --git a/app/helpers/projects_helper.rb b/app/helpers/projects_helper.rb index 2470312d8ac..49f15e03938 100644 --- a/app/helpers/projects_helper.rb +++ b/app/helpers/projects_helper.rb @@ -180,7 +180,7 @@ module ProjectsHelper end def link_to_autodeploy_doc - link_to _('About auto deploy'), help_page_path('autodevops/index.md#auto-deploy'), target: '_blank' + link_to _('About auto deploy'), help_page_path('topics/autodevops/stages.md', anchor: 'auto-deploy'), target: '_blank' end def autodeploy_flash_notice(branch_name) diff --git a/app/views/admin/application_settings/_usage.html.haml b/app/views/admin/application_settings/_usage.html.haml index 9421585b70c..d8a4c601b77 100644 --- a/app/views/admin/application_settings/_usage.html.haml +++ b/app/views/admin/application_settings/_usage.html.haml @@ -31,7 +31,7 @@ %pre.usage-data.js-usage-ping-payload.js-syntax-highlight.code.highlight.mt-2.d-none{ data: { endpoint: usage_data_admin_application_settings_path(format: :html) } } - else = _('The usage ping is disabled, and cannot be configured through this form.') - - deactivating_usage_ping_path = help_page_path('user/admin_area/settings/usage_statistics', anchor: 'deactivate-the-usage-ping') + - deactivating_usage_ping_path = help_page_path('development/telemetry/usage_ping', anchor: 'disable-usage-ping') - deactivating_usage_ping_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: deactivating_usage_ping_path } = s_('For more information, see the documentation on %{deactivating_usage_ping_link_start}deactivating the usage ping%{deactivating_usage_ping_link_end}.').html_safe % { deactivating_usage_ping_link_start: deactivating_usage_ping_link_start, deactivating_usage_ping_link_end: '</a>'.html_safe } .form-group.mt-3 diff --git a/app/views/admin/application_settings/ci_cd.html.haml b/app/views/admin/application_settings/ci_cd.html.haml index 2452ab794fc..cdb69d33b12 100644 --- a/app/views/admin/application_settings/ci_cd.html.haml +++ b/app/views/admin/application_settings/ci_cd.html.haml @@ -9,7 +9,7 @@ .settings-content - if ci_variable_protected_by_default? %p.settings-message.text-center - - link_start = '<a href="%{url}">'.html_safe % { url: help_page_path('ci/variables/README', anchor: 'protected-variables') } + - link_start = '<a href="%{url}">'.html_safe % { url: help_page_path('ci/variables/README', anchor: 'protect-a-custom-variable') } = s_('Environment variables on this GitLab instance are configured to be %{link_start}protected%{link_end} by default').html_safe % { link_start: link_start, link_end: '</a>'.html_safe } #js-instance-variables{ data: { endpoint: admin_ci_variables_path, group: 'true', maskable_regex: ci_variable_maskable_regex, protected_by_default: ci_variable_protected_by_default?.to_s} } diff --git a/app/views/ci/variables/_index.html.haml b/app/views/ci/variables/_index.html.haml index fa5f2c514ae..be766cd182d 100644 --- a/app/views/ci/variables/_index.html.haml +++ b/app/views/ci/variables/_index.html.haml @@ -2,7 +2,7 @@ - if ci_variable_protected_by_default? %p.settings-message.text-center - - link_start = '<a href="%{url}">'.html_safe % { url: help_page_path('ci/variables/README', anchor: 'protected-variables') } + - link_start = '<a href="%{url}">'.html_safe % { url: help_page_path('ci/variables/README', anchor: 'protect-a-custom-variable') } = s_('Environment variables are configured by your administrator to be %{link_start}protected%{link_end} by default').html_safe % { link_start: link_start, link_end: '</a>'.html_safe } - if Feature.enabled?(:new_variables_ui, @project || @group, default_enabled: true) diff --git a/app/views/clusters/clusters/aws/_new.html.haml b/app/views/clusters/clusters/aws/_new.html.haml index 5bbdadf83f3..ec604ca83e5 100644 --- a/app/views/clusters/clusters/aws/_new.html.haml +++ b/app/views/clusters/clusters/aws/_new.html.haml @@ -1,6 +1,6 @@ - if !Gitlab::CurrentSettings.eks_integration_enabled? - - documentation_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: help_page_path('user/project/clusters/add_remove_clusters.md', - anchor: 'additional-requirements-for-self-managed-instances') } + - documentation_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: help_page_path('user/project/clusters/add_eks_clusters.md', + anchor: 'additional-requirements-for-self-managed-instances-core-only') } = s_('Amazon authentication is not %{link_start}correctly configured%{link_end}. Ask your GitLab administrator if you want to use this service.').html_safe % { link_start: documentation_link_start, link_end: '<a/>'.html_safe } - else .js-create-eks-cluster-form-container{ data: { 'gitlab-managed-cluster-help-path' => help_page_path('user/project/clusters/index.md', anchor: 'gitlab-managed-clusters'), diff --git a/app/views/instance_statistics/cohorts/index.html.haml b/app/views/instance_statistics/cohorts/index.html.haml index 771e988e256..a038246bd53 100644 --- a/app/views/instance_statistics/cohorts/index.html.haml +++ b/app/views/instance_statistics/cohorts/index.html.haml @@ -6,7 +6,7 @@ - else .bs-callout.bs-callout-warning.clearfix %p - - usage_ping_path = help_page_path('user/admin_area/settings/usage_statistics', anchor: 'usage-ping') + - usage_ping_path = help_page_path('development/telemetry/usage_ping') - usage_ping_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: usage_ping_path } = s_('User Cohorts are only shown when the %{usage_ping_link_start}usage ping%{usage_ping_link_end} is enabled.').html_safe % { usage_ping_link_start: usage_ping_link_start, usage_ping_link_end: '</a>'.html_safe } - if current_user.admin? diff --git a/app/views/instance_statistics/dev_ops_score/_disabled.html.haml b/app/views/instance_statistics/dev_ops_score/_disabled.html.haml index da27ea17b61..bd808218f75 100644 --- a/app/views/instance_statistics/dev_ops_score/_disabled.html.haml +++ b/app/views/instance_statistics/dev_ops_score/_disabled.html.haml @@ -4,7 +4,7 @@ %h4= _('Usage ping is not enabled') - if !current_user.admin? %p - - usage_ping_path = help_page_path('user/admin_area/settings/usage_statistics', anchor: 'usage-ping') + - usage_ping_path = help_page_path('development/telemetry/usage_ping') - usage_ping_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: usage_ping_path } = s_('In order to enable instance-level analytics, please ask an admin to enable %{usage_ping_link_start}usage ping%{usage_ping_link_end}.').html_safe % { usage_ping_link_start: usage_ping_link_start, usage_ping_link_end: '</a>'.html_safe } - if current_user.admin? diff --git a/app/views/profiles/keys/index.html.haml b/app/views/profiles/keys/index.html.haml index dd6b0ddbd71..7b7c24f3ac8 100644 --- a/app/views/profiles/keys/index.html.haml +++ b/app/views/profiles/keys/index.html.haml @@ -12,7 +12,7 @@ = _('Add an SSH key') %p.profile-settings-content - generate_link_url = help_page_path("ssh/README", anchor: 'generating-a-new-ssh-key-pair') - - existing_link_url = help_page_path("ssh/README", anchor: 'locating-an-existing-ssh-key-pair') + - existing_link_url = help_page_path("ssh/README", anchor: 'review-existing-ssh-keys') - generate_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: generate_link_url } - existing_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: existing_link_url } = _('To add an SSH key you need to %{generate_link_start}generate one%{link_end} or use an %{existing_link_start}existing key%{link_end}.').html_safe % { generate_link_start: generate_link_start, existing_link_start: existing_link_start, link_end: '</a>'.html_safe } diff --git a/app/views/projects/tags/new.html.haml b/app/views/projects/tags/new.html.haml index c874a510e61..c32318df7cc 100644 --- a/app/views/projects/tags/new.html.haml +++ b/app/views/projects/tags/new.html.haml @@ -40,7 +40,7 @@ - link_start = '<a href="%{url}" rel="noopener noreferrer" target="_blank">'.html_safe - releases_page_path = project_releases_path(@project) - releases_page_link_start = link_start % { url: releases_page_path } - - docs_url = help_page_path('user/project/releases/index.md', anchor: 'creating-a-release') + - docs_url = help_page_path('user/project/releases/index.md', anchor: 'create-a-release') - docs_link_start = link_start % { url: docs_url } - link_end = '</a>'.html_safe - replacements = { releases_page_link_start: releases_page_link_start, docs_link_start: docs_link_start, link_end: link_end } diff --git a/changelogs/unreleased/docs-links-from-ui-2.yml b/changelogs/unreleased/docs-links-from-ui-2.yml new file mode 100644 index 00000000000..82e99d385e4 --- /dev/null +++ b/changelogs/unreleased/docs-links-from-ui-2.yml @@ -0,0 +1,5 @@ +--- +title: Update more UI links to docs in core features +merge_request: 36174 +author: +type: other diff --git a/doc/administration/auth/okta.md b/doc/administration/auth/okta.md index f7ab60ab56b..78b10aedb77 100644 --- a/doc/administration/auth/okta.md +++ b/doc/administration/auth/okta.md @@ -159,8 +159,7 @@ You might want to try this out on an incognito browser window. >**Note:** Make sure the groups exist and are assigned to the Okta app. -You can take a look of the [SAML documentation](../../integration/saml.md#marking-users-as-external-based-on-saml-groups) on external groups since -it works the same. +You can take a look of the [SAML documentation](../../integration/saml.md#saml-groups) on configuring groups. <!-- ## Troubleshooting diff --git a/doc/ci/chatops/README.md b/doc/ci/chatops/README.md index a8fea0836c1..ec0c41032ca 100644 --- a/doc/ci/chatops/README.md +++ b/doc/ci/chatops/README.md @@ -10,47 +10,75 @@ type: index, concepts, howto > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/4466) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 10.6. > - [Moved](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/24780) to [GitLab Core](https://about.gitlab.com/pricing/) in 11.9. -GitLab ChatOps provides a method to interact with CI/CD jobs through chat services like Slack. Many organizations' discussion, collaboration, and troubleshooting is taking place in chat services these days, and having a method to run CI/CD jobs with output posted back to the channel can significantly augment a team's workflow. +GitLab ChatOps provides a method to interact with CI/CD jobs through chat services +like Slack. Many organizations' discussion, collaboration, and troubleshooting takes +place in chat services. Having a method to run CI/CD jobs with output +posted back to the channel can significantly augment your team's workflow. -NOTE: **Note:** -ChatOps is currently in alpha with some important features missing, like access control. +## How GitLab ChatOps works -## How it works +GitLab ChatOps is built upon [GitLab CI/CD](../README.md) and +[Slack Slash Commands](../../user/project/integrations/slack_slash_commands.md). +ChatOps provides a `run` action for [slash commands](../../integration/slash_commands.md) +with the following arguments: -GitLab ChatOps is built upon two existing features: +- A `<job name>` to execute. +- The `<job arguments>`. -- [GitLab CI/CD](../README.md). -- [Slack Slash Commands](../../user/project/integrations/slack_slash_commands.md). +ChatOps passes the following [CI/CD variables](../variables/README.md#predefined-environment-variables) +to the job: -A new `run` action has been added to the [slash commands](../../integration/slash_commands.md), which takes two arguments: a `<job name>` to execute and the `<job arguments>`. When executed, ChatOps will look up the specified job name and attempt to match it to a corresponding job in [`.gitlab-ci.yml`](../yaml/README.md). If a matching job is found on `master`, a pipeline containing just that job is scheduled. Two additional [CI/CD variables](../variables/README.md#predefined-environment-variables) are passed to the job: `CHAT_INPUT` contains any additional arguments, and `CHAT_CHANNEL` is set to the name of channel the action was triggered in. +- `CHAT_INPUT` contains any additional arguments. +- `CHAT_CHANNEL` is set to the name of channel the action was triggered in. -After the job has finished, its output is sent back to Slack provided it has completed within 30 minutes. If a job takes more than 30 minutes to run it must use the Slack API to manually send data back to a channel. +When executed, ChatOps looks up the specified job name and attempts to match it +to a corresponding job in [`.gitlab-ci.yml`](../yaml/README.md). If a matching job +is found on `master`, a pipeline containing only that job is scheduled. After the +job completes: -[Developer access and above](../../user/permissions.md#project-members-permissions) is required to use the `run` command. If a job should not be able to be triggered from chat, it can be set to `except: [chat]`. +- If the job completes in *less than 30 minutes*, the ChatOps sends the job's output to Slack. +- If the job completes in *more than 30 minutes*, the job must use the + [Slack API](https://api.slack.com/) to send data to the channel. -## Creating a ChatOps CI job +To use the `run` command, you must have +[Developer access or above](../../user/permissions.md#project-members-permissions). +If a job shouldn't be able to be triggered from chat, you can set the job to `except: [chat]`. -Since ChatOps is built upon GitLab CI/CD, the job has all the same features and functions available. There a few best practices to consider however when creating ChatOps jobs: +## Best practices for ChatOps CI jobs -- It is strongly recommended to set `only: [chat]` so the job does not run as part of the standard CI pipeline. -- If the job is set to `when: manual`, the pipeline will be created however the job will wait to be started. -- It is important to keep in mind that there is limited support for access control. If the user who triggered the slash command is a developer in the project, the job will run. The job itself can utilize existing [CI/CD variables](../variables/README.md#predefined-environment-variables) like `GITLAB_USER_ID` to perform additional rights validation, however these variables can be [overridden](../variables/README.md#priority-of-environment-variables). +Since ChatOps is built upon GitLab CI/CD, the job has all the same features and +functions available. Consider these best practices when creating ChatOps jobs: + +- GitLab strongly recommends you set `only: [chat]` so the job does not run as part + of the standard CI pipeline. +- If the job is set to `when: manual`, ChatOps creates the pipeline, but the job waits to be started. +- ChatOps provides limited support for access control. If the user triggering the + slash command has [Developer access or above](../../user/permissions.md#project-members-permissions) + in the project, the job runs. The job itself can use existing + [CI/CD variables](../variables/README.md#predefined-environment-variables) like + `GITLAB_USER_ID` to perform additional rights validation, but + these variables can be [overridden](../variables/README.md#priority-of-environment-variables). ### Controlling the ChatOps reply -For jobs with a single command, its output is automatically sent back to the channel as a reply. For example the chat reply of the following job is simply `Hello World.` +The output for jobs with a single command is sent to the channel as a reply. For +example, the chat reply of the following job is `Hello World` in the channel: ```yaml hello-world: stage: chatops only: [chat] script: - - echo "Hello World." + - echo "Hello World" ``` -Jobs that contain multiple commands, or have a `before_script`, include additional content in the chat reply. In these cases both the commands and their output are included, with the commands wrapped in ANSI colors codes. +Jobs that contain multiple commands (or `before_script`) return additional +content in the chat reply. In these cases, both the commands and their output are +included, with the commands wrapped in ANSI color codes. -To selectively reply with the output of one command, its output must be bounded by the `chat_reply` section. For example, the following job will list the files in the current directory. +To selectively reply with the output of one command, its output must be bounded by +the `chat_reply` section. For example, the following job lists the files in the +current directory: ```yaml ls: @@ -61,20 +89,20 @@ ls: - echo -e "section_start:$( date +%s ):chat_reply\r\033[0K\n$( ls -la )\nsection_end:$( date +%s ):chat_reply\r\033[0K" ``` -## GitLab ChatOps Examples +## GitLab ChatOps examples -The GitLab.com team created a repository of [common ChatOps scripts they use to interact with our Production instance of GitLab](https://gitlab.com/gitlab-com/chatops). They are likely useful -to other administrators of GitLab instances and can serve as inspiration for ChatOps scripts you can write to interact with your own applications. +The GitLab.com team created a repository of [common ChatOps scripts](https://gitlab.com/gitlab-com/chatops) +they use to interact with our Production instance of GitLab. Administrators of +other GitLab instances may find them useful. They can serve as inspiration for ChatOps +scripts you can write to interact with your own applications. ## GitLab ChatOps icon -Say Hi to our ChatOps bot. +The [official GitLab ChatOps icon](img/gitlab-chatops-icon.png) is available for download. You can find and download the official GitLab ChatOps icon here.  -[Download bigger image](img/gitlab-chatops-icon.png) - <!-- ## Troubleshooting Include any troubleshooting steps that you can foresee. If you know beforehand what issues diff --git a/doc/integration/saml.md b/doc/integration/saml.md index 0c9a7790ff4..9dce7269c86 100644 --- a/doc/integration/saml.md +++ b/doc/integration/saml.md @@ -1,11 +1,29 @@ +--- +type: reference +stage: Manage +group: Access +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +--- + # SAML OmniAuth Provider **(CORE ONLY)** -Note that: +This page describes instance-wide SAML for self-managed GitLab instances. For SAML on GitLab.com, see [SAML SSO for GitLab.com groups](../user/group/saml_sso/index.md). + +You should also reference the [OmniAuth documentation](omniauth.md) for general settings that apply to all OmniAuth providers. -- SAML OmniAuth Provider is for SAML on self-managed GitLab instances. For SAML on - GitLab.com, see [SAML SSO for GitLab.com Groups](../user/group/saml_sso/index.md). -- Starting from GitLab 11.4, OmniAuth is enabled by default. If you're using an - earlier version, you'll need to explicitly enable it. +## Common SAML Terms + +| Term | Description | +|------|-------------| +| Identity Provider (IdP) | The service which manages your user identities such as ADFS, Okta, Onelogin, or Ping Identity. | +| Service Provider (SP) | SAML considers GitLab to be a service provider. | +| Assertion | A piece of information about a user's identity, such as their name or role. Also know as claims or attributes. | +| SSO | Single Sign-On. | +| Assertion consumer service URL | The callback on GitLab where users will be redirected after successfully authenticating with the identity provider. | +| Issuer | How GitLab identifies itself to the identity provider. Also known as a "Relying party trust identifier". | +| Certificate fingerprint | Used to confirm that communications over SAML are secure by checking that the server is signing communications with the correct certificate. Also known as a certificate thumbprint. | + +## General Setup GitLab can be configured to act as a SAML 2.0 Service Provider (SP). This allows GitLab to consume assertions from a SAML 2.0 Identity Provider (IdP) such as @@ -143,17 +161,10 @@ On the sign in page there should now be a SAML button below the regular sign in Click the icon to begin the authentication process. If everything goes well the user will be returned to GitLab and will be signed in. -## Marking Users as External based on SAML Groups - ->**Note:** -This setting is only available on GitLab 8.7 and above. +## SAML Groups -SAML login includes support for automatically identifying whether a user should -be considered an [external](../user/permissions.md) user based on the user's group -membership in the SAML identity provider. This feature **does not** allow you to -automatically add users to GitLab [Groups](../user/group/index.md), it simply -allows you to mark users as External if they are members of certain groups in the -Identity Provider. +You can require users to be members of a certain group, or assign users `external`, `admin` or `auditor` roles based on group membership. This feature **does not** allow you to +automatically add users to GitLab [Groups](../user/group/index.md). ### Requirements @@ -164,74 +175,73 @@ with the regular SAML response. Here is an example: ```xml <saml:AttributeStatement> <saml:Attribute Name="Groups"> - <saml:AttributeValue xsi:type="xs:string">SecurityGroup</saml:AttributeValue> <saml:AttributeValue xsi:type="xs:string">Developers</saml:AttributeValue> - <saml:AttributeValue xsi:type="xs:string">Designers</saml:AttributeValue> + <saml:AttributeValue xsi:type="xs:string">Freelancers</saml:AttributeValue> + <saml:AttributeValue xsi:type="xs:string">Admins</saml:AttributeValue> + <saml:AttributeValue xsi:type="xs:string">Auditors</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> ``` The name of the attribute can be anything you like, but it must contain the groups to which a user belongs. In order to tell GitLab where to find these groups, you need -to add a `groups_attribute:` element to your SAML settings. You will also need to -tell GitLab which groups are external via the `external_groups:` element: +to add a `groups_attribute:` element to your SAML settings. + +### Required groups **(STARTER ONLY)** + +Your IdP passes Group Information to the SP (GitLab) in the SAML Response. You need to configure GitLab to identify: + +- Where to look for the groups in the SAML response via the `groups_attribute` setting +- Which group membership is requisite to sign in via the `required_groups` setting + +When `required_groups` is not set or it is empty, anyone with proper authentication +will be able to use the service. + +Example: ```yaml { name: 'saml', label: 'Our SAML Provider', groups_attribute: 'Groups', - external_groups: ['Freelancers', 'Interns'], + required_groups: ['Developers', 'Freelancers', 'Admins', 'Auditors'], args: { assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback', idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8', idp_sso_target_url: 'https://login.example.com/idp', issuer: 'https://gitlab.example.com', - name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent' + name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient' } } ``` -## Required groups **(STARTER ONLY)** - ->**Note:** -This setting is only available on GitLab 10.2 EE and above. - -This setting works like `External Groups` setting. Just like there, your IdP has to -pass Group Information to GitLab, you have to tell GitLab where to look or the -groups SAML response, and which group membership should be requisite for logging in. -When `required_groups` is not set or it is empty, anyone with proper authentication -will be able to use the service. +### External Groups **(STARTER ONLY)** -Example: +SAML login supports automatic identification on whether a user should be considered an [external](../user/permissions.md) user. This is based on the user's group membership in the SAML identity provider. ```yaml { name: 'saml', label: 'Our SAML Provider', groups_attribute: 'Groups', - required_groups: ['Developers', 'Managers', 'Admins'], + external_groups: ['Freelancers'], args: { assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback', idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8', idp_sso_target_url: 'https://login.example.com/idp', issuer: 'https://gitlab.example.com', - name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient' + name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent' } } ``` -## Admin Groups **(STARTER ONLY)** - ->**Note:** -This setting is only available on GitLab 8.8 EE and above. +### Admin Groups **(STARTER ONLY)** -This setting works very similarly to the `External Groups` setting. The requirements -are the same, your IdP needs to pass Group information to GitLab, you need to tell -GitLab where to look for the groups in the SAML response, and which group should be -considered `admin groups`. +The requirements are the same as the previous settings, your IdP needs to pass Group information to GitLab, you need to tell +GitLab where to look for the groups in the SAML response, and which group(s) should be +considered admin users. ```yaml { name: 'saml', label: 'Our SAML Provider', groups_attribute: 'Groups', - admin_groups: ['Managers', 'Admins'], + admin_groups: ['Admins'], args: { assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback', idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8', @@ -241,18 +251,20 @@ considered `admin groups`. } } ``` -## Auditor Groups **(STARTER ONLY)** +### Auditor Groups **(STARTER ONLY)** >**Note:** This setting is only available on GitLab 11.4 EE and above. -This setting also follows the requirements documented for the `External Groups` setting. GitLab uses the Group information provided by your IdP to determine if a user should be assigned the `auditor` role. +The requirements are the same as the previous settings, your IdP needs to pass Group information to GitLab, you need to tell +GitLab where to look for the groups in the SAML response, and which group(s) should be +considered auditor users. ```yaml { name: 'saml', label: 'Our SAML Provider', groups_attribute: 'Groups', - auditor_groups: ['Auditors', 'Security'], + auditor_groups: ['Auditors'], args: { assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback', idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8', @@ -265,7 +277,18 @@ This setting also follows the requirements documented for the `External Groups` ## Bypass two factor authentication If you want some SAML authentication methods to count as 2FA on a per session basis, you can register them in the -`upstream_two_factor_authn_contexts` list: +`upstream_two_factor_authn_contexts` list. + +In addition to the changes in GitLab, make sure that your IdP is returning the +`AuthnContext`. For example: + +```xml +<saml:AuthnStatement> + <saml:AuthnContext> + <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:MediumStrongCertificateProtectedTransport</saml:AuthnContextClassRef> + </saml:AuthnContext> +</saml:AuthnStatement> +``` **For Omnibus installations:** @@ -324,18 +347,7 @@ If you want some SAML authentication methods to count as 2FA on a per session ba } ``` -1. Save the file and [restart GitLab](../administration/restart_gitlab.md#installations-from-source) for the changes ot take effect - -In addition to the changes in GitLab, make sure that your Idp is returning the -`AuthnContext`. For example: - -```xml -<saml:AuthnStatement> - <saml:AuthnContext> - <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:MediumStrongCertificateProtectedTransport</saml:AuthnContextClassRef> - </saml:AuthnContext> -</saml:AuthnStatement> -``` +1. Save the file and [restart GitLab](../administration/restart_gitlab.md#installations-from-source) for the changes to take effect ## Customization @@ -368,7 +380,6 @@ You may also bypass the auto signin feature by browsing to ### `attribute_statements` >**Note:** -This setting is only available on GitLab 8.6 and above. This setting should only be used to map attributes that are part of the OmniAuth `info` hash schema. @@ -396,6 +407,21 @@ args: { } ``` +#### Setting a username + +By default, the email in the SAML response will be used to automatically generate the user's GitLab username. If you'd like to set another attribute as the username, assign it to the `nickname` OmniAuth `info` hash attribute. For example, if you wanted to set the `username` attribute in your SAML Response to the username in GitLab, use the following setting: + +```yaml +args: { + assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback', + idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8', + idp_sso_target_url: 'https://login.example.com/idp', + issuer: 'https://gitlab.example.com', + name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent', + attribute_statements: { nickname: ['username'] } +} +``` + ### `allowed_clock_drift` The clock of the Identity Provider may drift slightly ahead of your system clocks. @@ -557,10 +583,12 @@ Avoid user control of the following attributes: These attributes define the SAML user. If users can change these attributes, they can impersonate others. -Refer to the documentation for your [SAML Identity Provider](../user/group/saml_sso/index.md#providers) for information on how to fix these attributes. +Refer to the documentation for your SAML Identity Provider for information on how to fix these attributes. ## Troubleshooting +You can find the base64-encoded SAML Response in the [`production_json.log`](../administration/logs.md#production_jsonlog). + ### GitLab+SAML Testing Environments If you need to troubleshoot, [a complete GitLab+SAML testing environment using Docker compose](https://gitlab.com/gitlab-com/support/toolbox/replication/tree/master/compose_files) is available. @@ -614,6 +642,8 @@ is not providing this information, all SAML requests will fail. Make sure this information is provided. +Another issue that can result in this error is when the correct information is being sent by the IdP, but the attributes don't match the names in the OmniAuth `info` hash. In this case, you'll need to set `attribute_statements` in the SAML configuration to [map the attribute names in your SAML Response to the corresponding OmniAuth `info` hash names](#attribute_statements). + ### Key validation error, Digest mismatch or Fingerprint mismatch These errors all come from a similar place, the SAML certificate. SAML requests diff --git a/doc/user/group/epics/img/epic_activity_sort_order_v13_2.png b/doc/user/group/epics/img/epic_activity_sort_order_v13_2.png Binary files differnew file mode 100644 index 00000000000..c7e1448fea9 --- /dev/null +++ b/doc/user/group/epics/img/epic_activity_sort_order_v13_2.png diff --git a/doc/user/group/epics/index.md b/doc/user/group/epics/index.md index 85164292265..fd7f090c211 100644 --- a/doc/user/group/epics/index.md +++ b/doc/user/group/epics/index.md @@ -165,6 +165,19 @@ Once you write your comment, you can either: - Click **Comment**, and your comment will be published. - Click **Start thread**, and you will start a thread within that epic's discussion. +### Activity sort order + +> [Introduced](https://https://gitlab.com/gitlab-org/gitlab/-/issues/214364) in [GitLab Premium](https://about.gitlab.com/pricing/) 13.2. + +You can reverse the default order and interact with the activity feed sorted by most recent items +at the top. Your preference is saved via local storage and automatically applied to every issue +you view. + +To change the activity sort order, click the **Oldest first** dropdown menu and select either oldest +or newest items to be shown first. + + + ## Award emoji You can [award an emoji](../../award_emojis.md) to that epic or its comments. diff --git a/doc/user/group/roadmap/img/roadmap_view_v13_0.png b/doc/user/group/roadmap/img/roadmap_view_v13_0.png Binary files differdeleted file mode 100644 index a5b76b84418..00000000000 --- a/doc/user/group/roadmap/img/roadmap_view_v13_0.png +++ /dev/null diff --git a/doc/user/group/roadmap/img/roadmap_view_v13_2.png b/doc/user/group/roadmap/img/roadmap_view_v13_2.png Binary files differnew file mode 100644 index 00000000000..b4f889afaa4 --- /dev/null +++ b/doc/user/group/roadmap/img/roadmap_view_v13_2.png diff --git a/doc/user/group/roadmap/index.md b/doc/user/group/roadmap/index.md index 950721503ae..c185055f6b2 100644 --- a/doc/user/group/roadmap/index.md +++ b/doc/user/group/roadmap/index.md @@ -13,6 +13,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w > - Milestones appear in roadmaps in [GitLab 12.10](https://gitlab.com/gitlab-org/gitlab/-/issues/6802), and later. > - Feature flag for milestones visible in roadmaps removed in [GitLab 13.0](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/29641). > - In [GitLab 13.2](https://gitlab.com/gitlab-org/gitlab/-/issues/214375) and later, the Roadmap also shows milestones in projects in a group. +> - In [GitLab 13.2](https://gitlab.com/gitlab-org/gitlab/-/issues/212494) and later, milestone bars can be collapsed and expanded. Epics and milestones within a group containing a start date or due date can be visualized in a form of a timeline (that is, a Gantt chart). The Roadmap page shows the epics and milestones in a @@ -23,11 +24,12 @@ When you hover over an epic bar, a popover appears with the epic's title, start weight completed. You can expand epics that contain child epics to show their child epics in the roadmap. -You can click the chevron **{chevron-down}** next to the epic title to expand and collapse the child epics. +You can click the chevron (**{chevron-down}**) next to the epic title to expand and collapse the child epics. On top of the milestone bars, you can see their title. When you hover a milestone bar or title, a popover appears with its title, start date and due date. +You can also click the chevron (**{chevron-down}**) next to the **Milestones** heading to toggle the list of the milestone bars. - + A dropdown menu allows you to show only open or closed epics. By default, all epics are shown. diff --git a/lib/gitlab/git/diff.rb b/lib/gitlab/git/diff.rb index bb845f11181..09a49b6c1ca 100644 --- a/lib/gitlab/git/diff.rb +++ b/lib/gitlab/git/diff.rb @@ -224,18 +224,18 @@ module Gitlab end end - def init_from_gitaly(diff) - @diff = diff.respond_to?(:patch) ? encode!(diff.patch) : '' - @new_path = encode!(diff.to_path.dup) - @old_path = encode!(diff.from_path.dup) - @a_mode = diff.old_mode.to_s(8) - @b_mode = diff.new_mode.to_s(8) - @new_file = diff.from_id == BLANK_SHA - @renamed_file = diff.from_path != diff.to_path - @deleted_file = diff.to_id == BLANK_SHA - @too_large = diff.too_large if diff.respond_to?(:too_large) - - collapse! if diff.respond_to?(:collapsed) && diff.collapsed + def init_from_gitaly(gitaly_diff) + @diff = gitaly_diff.respond_to?(:patch) ? encode!(gitaly_diff.patch) : '' + @new_path = encode!(gitaly_diff.to_path.dup) + @old_path = encode!(gitaly_diff.from_path.dup) + @a_mode = gitaly_diff.old_mode.to_s(8) + @b_mode = gitaly_diff.new_mode.to_s(8) + @new_file = gitaly_diff.from_id == BLANK_SHA + @renamed_file = gitaly_diff.from_path != gitaly_diff.to_path + @deleted_file = gitaly_diff.to_id == BLANK_SHA + @too_large = gitaly_diff.too_large if gitaly_diff.respond_to?(:too_large) + + collapse! if gitaly_diff.respond_to?(:collapsed) && gitaly_diff.collapsed end def prune_diff_if_eligible diff --git a/qa/qa/specs/features/browser_ui/7_configure/kubernetes/kubernetes_integration_spec.rb b/qa/qa/specs/features/browser_ui/7_configure/kubernetes/kubernetes_integration_spec.rb index 27b31215cb6..5073b715341 100644 --- a/qa/qa/specs/features/browser_ui/7_configure/kubernetes/kubernetes_integration_spec.rb +++ b/qa/qa/specs/features/browser_ui/7_configure/kubernetes/kubernetes_integration_spec.rb @@ -2,7 +2,7 @@ module QA RSpec.describe 'Configure' do - describe 'Kubernetes Cluster Integration', :orchestrated, :kubernetes, :requires_admin, :skip_live_env do + describe 'Kubernetes Cluster Integration', :orchestrated, :kubernetes, :requires_admin, :skip_live_env, quarantine: { issue: 'https://gitlab.com/gitlab-org/gitlab/-/issues/225315', type: :flaky } do context 'Project Clusters' do let!(:cluster) { Service::KubernetesCluster.new(provider_class: Service::ClusterProvider::K3s).create! } let(:project) do diff --git a/spec/features/projects/issues/design_management/user_uploads_designs_spec.rb b/spec/features/projects/issues/design_management/user_uploads_designs_spec.rb index b72aae146f4..2381e00972f 100644 --- a/spec/features/projects/issues/design_management/user_uploads_designs_spec.rb +++ b/spec/features/projects/issues/design_management/user_uploads_designs_spec.rb @@ -14,17 +14,18 @@ RSpec.describe 'User uploads new design', :js do end context 'design_management_moved flag disabled' do - context "when the feature is available" do - before do - enable_design_management - stub_feature_flags(design_management_moved: false) + before do + enable_design_management(feature_enabled) + stub_feature_flags(design_management_moved: false) + visit project_issue_path(project, issue) - visit project_issue_path(project, issue) + click_link 'Designs' - click_link 'Designs' + wait_for_requests + end - wait_for_requests - end + context "when the feature is available" do + let(:feature_enabled) { true } it 'uploads designs' do attach_file(:design_file, logo_fixture, make_visible: true) @@ -42,14 +43,7 @@ RSpec.describe 'User uploads new design', :js do end context 'when the feature is not available' do - before do - stub_feature_flags(design_management_moved: false) - visit project_issue_path(project, issue) - - click_link 'Designs' - - wait_for_requests - end + let(:feature_enabled) { false } it 'shows the message about requirements' do expect(page).to have_content("To enable design management, you'll need to meet the requirements.") @@ -58,12 +52,14 @@ RSpec.describe 'User uploads new design', :js do end context 'design_management_moved flag enabled' do - context "when the feature is available" do - before do - enable_design_management + before do + enable_design_management(feature_enabled) + stub_feature_flags(design_management_moved: true) + visit project_issue_path(project, issue) + end - visit project_issue_path(project, issue) - end + context "when the feature is available" do + let(:feature_enabled) { true } it 'uploads designs', quarantine: 'https://gitlab.com/gitlab-org/gitlab/-/issues/225616' do attach_file(:design_file, logo_fixture, make_visible: true) @@ -81,9 +77,7 @@ RSpec.describe 'User uploads new design', :js do end context 'when the feature is not available' do - before do - visit project_issue_path(project, issue) - end + let(:feature_enabled) { false } it 'shows the message about requirements' do expect(page).to have_content("To enable design management, you'll need to meet the requirements.") |
