diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2024-01-15 06:08:18 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2024-01-15 06:08:18 +0300 |
commit | d0830d520a7eb2be16338f7f36158b522deb68ec (patch) | |
tree | 696c2ce12ea90c0a058ef858b0c9a2bc719fc7a8 | |
parent | c128583804dcb38f67d6e2f1fcd628c0739675b2 (diff) |
Add latest changes from gitlab-org/gitlab@master
-rw-r--r-- | GITALY_SERVER_VERSION | 2 | ||||
-rw-r--r-- | app/assets/javascripts/groups/settings/api/access_dropdown_api.js | 7 | ||||
-rw-r--r-- | app/assets/javascripts/groups/settings/components/access_dropdown.vue | 6 | ||||
-rw-r--r-- | db/docs/agent_user_access_group_authorizations.yml | 13 | ||||
-rw-r--r-- | doc/administration/reference_architectures/5k_users.md | 2 | ||||
-rw-r--r-- | doc/api/graphql/getting_started.md | 8 | ||||
-rw-r--r-- | doc/api/graphql/index.md | 71 |
7 files changed, 98 insertions, 11 deletions
diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION index e6960b59d9d..76fdacd6b09 100644 --- a/GITALY_SERVER_VERSION +++ b/GITALY_SERVER_VERSION @@ -1 +1 @@ -7a5df4f668644c2fefd7fda1ff6050eb8b68933b +a22e2401ee6aa35ae70ca67013264b72fc29b6f5 diff --git a/app/assets/javascripts/groups/settings/api/access_dropdown_api.js b/app/assets/javascripts/groups/settings/api/access_dropdown_api.js index 5560d10d179..37f95a7ab30 100644 --- a/app/assets/javascripts/groups/settings/api/access_dropdown_api.js +++ b/app/assets/javascripts/groups/settings/api/access_dropdown_api.js @@ -7,10 +7,15 @@ const buildUrl = (urlRoot, url) => { return joinPaths(urlRoot, url); }; -export const getSubGroups = () => { +const defaultOptions = { includeParentDescendants: false }; + +export const getSubGroups = (options = defaultOptions) => { + const { includeParentDescendants } = options; + return axios.get(buildUrl(gon.relative_url_root || '', GROUP_SUBGROUPS_PATH), { params: { group_id: gon.current_group_id, + include_parent_descendants: includeParentDescendants, }, }); }; diff --git a/app/assets/javascripts/groups/settings/components/access_dropdown.vue b/app/assets/javascripts/groups/settings/components/access_dropdown.vue index 457a2db174c..fee1383c8e2 100644 --- a/app/assets/javascripts/groups/settings/components/access_dropdown.vue +++ b/app/assets/javascripts/groups/settings/components/access_dropdown.vue @@ -93,7 +93,11 @@ export default { this.loading = true; if (this.hasLicense) { - Promise.all([this.groups.length ? Promise.resolve({ data: this.groups }) : getSubGroups()]) + Promise.all([ + this.groups.length + ? Promise.resolve({ data: this.groups }) + : getSubGroups({ includeParentDescendants: true }), + ]) .then(([groupsResponse]) => { this.consolidateData(groupsResponse.data); this.setSelected({ initial }); diff --git a/db/docs/agent_user_access_group_authorizations.yml b/db/docs/agent_user_access_group_authorizations.yml index cd4df56d5a0..d6982789cff 100644 --- a/db/docs/agent_user_access_group_authorizations.yml +++ b/db/docs/agent_user_access_group_authorizations.yml @@ -4,7 +4,16 @@ classes: - Clusters::Agents::Authorizations::UserAccess::GroupAuthorization feature_categories: - deployment_management -description: Configuration for a group that is authorized to use a particular cluster agent through user_access keyword +description: Configuration for a group that is authorized to use a particular cluster + agent through user_access keyword introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/116901 milestone: '15.11' -gitlab_schema: gitlab_main +gitlab_schema: gitlab_main_cell +allow_cross_joins: +- gitlab_main_clusterwide +allow_cross_transactions: +- gitlab_main_clusterwide +allow_cross_foreign_keys: +- gitlab_main_clusterwide +sharding_key: + group_id: namespaces diff --git a/doc/administration/reference_architectures/5k_users.md b/doc/administration/reference_architectures/5k_users.md index 796ff3f2952..65b46474f7a 100644 --- a/doc/administration/reference_architectures/5k_users.md +++ b/doc/administration/reference_architectures/5k_users.md @@ -1699,7 +1699,7 @@ examples include the Object storage configuration. - `10.6.0.71`: Sidekiq 1 - `10.6.0.72`: Sidekiq 2 -To configure the Sidekiq nodes, one each one: +To configure the Sidekiq nodes, on each one: 1. SSH in to the Sidekiq server. 1. [Download and install](https://about.gitlab.com/install/) the Linux package diff --git a/doc/api/graphql/getting_started.md b/doc/api/graphql/getting_started.md index 5dea829b91a..868059fb979 100644 --- a/doc/api/graphql/getting_started.md +++ b/doc/api/graphql/getting_started.md @@ -42,8 +42,7 @@ You can run GraphQL queries in a `curl` request on the command line on your local computer. The requests `POST` to `/api/graphql` with the query as the payload. You can authorize your request by generating a [personal access token](../../user/profile/personal_access_tokens.md) to use as -a bearer token. -This token requires at least the `read_api` scope. +a bearer token. Read more about [GraphQL Authentication](index.md#authentication). Example: @@ -162,10 +161,9 @@ More about queries: ### Authorization -Authorization uses the same engine as the GitLab application (and GitLab.com). If you've signed in to GitLab and use [GraphiQL](#graphiql), all queries are performed as -you, the authenticated user. For more information, read the -[GitLab API documentation](../rest/index.md#authentication). +you, the authenticated user. For more information, read about +[GraphQL Authentication](index.md#authentication). ### Mutations diff --git a/doc/api/graphql/index.md b/doc/api/graphql/index.md index e50e511bbac..349b667f595 100644 --- a/doc/api/graphql/index.md +++ b/doc/api/graphql/index.md @@ -44,6 +44,77 @@ You can work with sample queries that pull data from public projects on GitLab.c The [get started](getting_started.md) page includes different methods to customize GraphQL queries. +### Authentication + +Some queries can be accessed anonymously without the request needing to be authenticated, +but others require it. Mutations always require authentication. + +Authentication can happen by: + +- [Token](#token-authentication) +- [Session cookie](#session-cookie-authentication) + +If the authentication information is not valid, GitLab returns an error message with a status code of 401: + +{"errors":[{"message":"Invalid token"}]} + +#### Token authentication + +Use any of the following tokens to authenticate with the GraphQL API: + +- [OAuth 2.0 tokens](../../api/oauth2.md) +- [Personal access tokens](../../user/profile/personal_access_tokens.md) +- [Project access tokens](../../user/project/settings/project_access_tokens.md) +- [Group access tokens](../../user/group/settings/group_access_tokens.md) + +Authenticate with a token by passing it through in a [request header](#header-authentication) or as a [parameter](#parameter-authentication). + +Tokens require the correct [scope](#token-scopes). + +##### Header authentication + +Example of token authentication using an `Authorization: Bearer <token>` request header: + +```shell +curl "https://gitlab.com/api/graphql" --header "Authorization: Bearer <token>" \ + --header "Content-Type: application/json" --request POST \ + --data "{\"query\": \"query {currentUser {name}}\"}" +``` + +##### Parameter authentication + +Alternatively, OAuth 2.0 tokens can be passed in using the `access_token` parameter: + +```shell +curl "https://gitlab.com/api/graphql?access_token=<oauth_token>" \ + --header "Content-Type: application/json" --request POST \ + --data "{\"query\": \"query {currentUser {name}}\"}" +``` + +Personal, project, or group access tokens can be passed in using the `private_token` parameter: + +```shell +curl "https://gitlab.com/api/graphql?private_token=<access_token>" \ + --header "Content-Type: application/json" --request POST \ + --data "{\"query\": \"query {currentUser {name}}\"}" +``` + +##### Token scopes + +Tokens must have the correct scope to access the GraphQL API, either: + +| Scope | Access | +|------------|---------| +| `read_api` | Grants read access to the API. Sufficient for queries. | +| `api` | Grants read and write access to the API. Required by mutations. | + +#### Session cookie authentication + +Signing in to the main GitLab application sets a `_gitlab_session` session cookie. + +The [interactive GraphQL explorer](#interactive-graphql-explorer) and the web frontend of +GitLab itself use this method of authentication. + ### Global IDs In the GitLab GraphQL API, an `id` field is nearly always a [Global ID](https://graphql.org/learn/global-object-identification/) |