diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-08-08 06:08:42 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-08-08 06:08:42 +0300 |
| commit | 5500dd34b9b489ee5c6609c8988bfe039f37e3e9 (patch) | |
| tree | bbb0df8272862f0622cc6886fa76fd2f44107ea1 /doc | |
| parent | 53e998950e2dfeed22bec2eff74c5c996fe76856 (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/administration/audit_events.md | 29 | ||||
| -rw-r--r-- | doc/api/audit_events.md | 39 | ||||
| -rw-r--r-- | doc/ci/runners/configure_runners.md | 42 | ||||
| -rw-r--r-- | doc/development/audit_event_guide/index.md | 16 | ||||
| -rw-r--r-- | doc/topics/build_your_application.md | 15 |
5 files changed, 95 insertions, 46 deletions
diff --git a/doc/administration/audit_events.md b/doc/administration/audit_events.md index fe623bf5a6e..bcb3713b6ea 100644 --- a/doc/administration/audit_events.md +++ b/doc/administration/audit_events.md @@ -77,6 +77,7 @@ To view instance audit events: > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/1449) in GitLab 13.4. > - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/285441) in GitLab 13.7. +> - Entity type `Gitlab::Audit::InstanceScope` for instance audit events [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/418185) in GitLab 16.2. You can export the current view (including filters) of your instance audit events as a CSV file. To export the instance audit events to CSV: @@ -100,20 +101,20 @@ Data is encoded with: The first row contains the headers, which are listed in the following table along with a description of the values: -| Column | Description | -|:---------------------|:---------------------------------------------------| -| **ID** | Audit event `id`. | -| **Author ID** | ID of the author. | -| **Author Name** | Full name of the author. | -| **Entity ID** | ID of the scope. | -| **Entity Type** | Type of the scope (`Project`, `Group`, or `User`). | -| **Entity Path** | Path of the scope. | -| **Target ID** | ID of the target. | -| **Target Type** | Type of the target. | -| **Target Details** | Details of the target. | -| **Action** | Description of the action. | -| **IP Address** | IP address of the author who performed the action. | -| **Created At (UTC)** | Formatted as `YYYY-MM-DD HH:MM:SS`. | +| Column | Description | +|:---------------------|:-------------------------------------------------------------------| +| **ID** | Audit event `id`. | +| **Author ID** | ID of the author. | +| **Author Name** | Full name of the author. | +| **Entity ID** | ID of the scope. | +| **Entity Type** | Type of the scope (`Project`, `Group`, `User`, or `Gitlab::Audit::InstanceScope`). | +| **Entity Path** | Path of the scope. | +| **Target ID** | ID of the target. | +| **Target Type** | Type of the target. | +| **Target Details** | Details of the target. | +| **Action** | Description of the action. | +| **IP Address** | IP address of the author who performed the action. | +| **Created At (UTC)** | Formatted as `YYYY-MM-DD HH:MM:SS`. | ## View sign-in events **(FREE)** diff --git a/doc/api/audit_events.md b/doc/api/audit_events.md index 89e89366de5..3f190d855fa 100644 --- a/doc/api/audit_events.md +++ b/doc/api/audit_events.md @@ -18,18 +18,19 @@ To retrieve audit events using the API, you must [authenticate yourself](rest/in ### Retrieve all instance audit events -> Support for keyset pagination [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/367528) in GitLab 15.11. +> - Support for keyset pagination [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/367528) in GitLab 15.11. +> - Entity type `Gitlab::Audit::InstanceScope` for instance audit events [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/418185) in GitLab 16.2. ```plaintext GET /audit_events ``` -| Attribute | Type | Required | Description | -| --------- | ---- | -------- | ----------- | -| `created_after` | string | no | Return audit events created on or after the given time. Format: ISO 8601 (`YYYY-MM-DDTHH:MM:SSZ`) | -| `created_before` | string | no | Return audit events created on or before the given time. Format: ISO 8601 (`YYYY-MM-DDTHH:MM:SSZ`) | -| `entity_type` | string | no | Return audit events for the given entity type. Valid values are: `User`, `Group`, or `Project`. | -| `entity_id` | integer | no | Return audit events for the given entity ID. Requires `entity_type` attribute to be present. | +| Attribute | Type | Required | Description | +| --------- | ---- | -------- |-----------------------------------------------------------------------------------------------------------------| +| `created_after` | string | no | Return audit events created on or after the given time. Format: ISO 8601 (`YYYY-MM-DDTHH:MM:SSZ`) | +| `created_before` | string | no | Return audit events created on or before the given time. Format: ISO 8601 (`YYYY-MM-DDTHH:MM:SSZ`) | +| `entity_type` | string | no | Return audit events for the given entity type. Valid values are: `User`, `Group`, `Project`, or `Gitlab::Audit::InstanceScope`. | +| `entity_id` | integer | no | Return audit events for the given entity ID. Requires `entity_type` attribute to be present. | This endpoint supports both offset-based and [keyset-based](rest/index.md#keyset-based-pagination) pagination. You should use keyset-based pagination when requesting consecutive pages of results. @@ -96,6 +97,30 @@ Example response: "entity_path": "Andreas" }, "created_at": "2019-08-22T16:34:25.639Z" + }, + { + "id": 4, + "author_id": 43, + "entity_id": 1, + "entity_type": "Gitlab::Audit::InstanceScope", + "details": { + "author_name": "Administrator", + "author_class": "User", + "target_id": 32, + "target_type": "AuditEvents::Streaming::InstanceHeader", + "target_details": "unknown", + "custom_message": "Created custom HTTP header with key X-arg.", + "ip_address": "127.0.0.1", + "entity_path": "gitlab_instance" + }, + "ip_address": "127.0.0.1", + "author_name": "Administrator", + "entity_path": "gitlab_instance", + "target_details": "unknown", + "created_at": "2023-08-01T11:29:44.764Z", + "target_type": "AuditEvents::Streaming::InstanceHeader", + "target_id": 32, + "event_type": "audit_events_streaming_instance_headers_create" } ] ``` diff --git a/doc/ci/runners/configure_runners.md b/doc/ci/runners/configure_runners.md index 7123dd715b8..7319edd67f4 100644 --- a/doc/ci/runners/configure_runners.md +++ b/doc/ci/runners/configure_runners.md @@ -98,7 +98,12 @@ To work around this issue, ensure that the shared runner settings are consistent - If shared runners are **enabled** on the forked project, then this should also be **enabled** on the new namespace. - If shared runners are **disabled** on the forked project, then this should also be **disabled** on the new namespace. -### Reset the runner registration token for a project +### Reset the runner registration token for a project (deprecated) + +WARNING: +The ability to pass a runner registration token, and support for certain configuration arguments was +[deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/380872) in GitLab 15.6 and will be removed in GitLab 17.0. Authentication tokens +should be used instead. For more information, see [Migrating to the new runner registration workflow](new_creation_workflow.md). If you think that a registration token for a project was revealed, you should reset it. A registration token can be used to register another runner for the project. @@ -106,27 +111,32 @@ That new runner may then be used to obtain the values of secret variables or to To reset the registration token: -1. Go to the project's **Settings > CI/CD**. -1. Expand the **General pipelines settings** section. -1. Find the **Runner token** form field and select **Reveal value**. -1. Delete the value and save the form. -1. After the page is refreshed, expand the **Runners settings** section - and check the registration token - it should be changed. +1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your project. +1. Select **Settings > CI/CD**. +1. Expand **Runners**. +1. To the right of **New project runner**, select the vertical ellipsis (**{ellipsis_v}**). +1. Select **Reset registration token**. +1. Select **Reset token**. -From now on the old token is no longer valid and does not register -any new runners to the project. If you are using any tools to provision and -register new runners, the tokens used in those tools should be updated to reflect the -value of the new token. +After you reset the registration token, it is no longer valid and does not register +any new runners to the project. You should also update the registration token in tools +you use to provision and register new values. ### Reset the runner authentication token -If you think that an authentication token for a runner was revealed, you should -reset it. An attacker could use the token to [clone a runner](https://docs.gitlab.com/runner/security/#cloning-a-runner). +If an authentication token is revealed, an attacker could use the token to [clone a runner](https://docs.gitlab.com/runner/security/#cloning-a-runner). -To reset the authentication token, [unregister the runner](https://docs.gitlab.com/runner/commands/#gitlab-runner-unregister) -and then [register](https://docs.gitlab.com/runner/commands/#gitlab-runner-register) it again. +To reset the authentication token: -To verify that the previous authentication token has been revoked, use the [Runners API](../../api/runners.md#verify-authentication-for-a-registered-runner). +1. Delete the runner: + - [Delete a shared runner](runners_scope.md#delete-shared-runners). + - [Delete a group runner](runners_scope.md#delete-a-group-runner). + - [Delete a project runner](runners_scope.md#delete-a-project-runner). +1. Create a new runner so that it is assigned a new authentication token: + - [Create a shared runner](runners_scope.md#create-a-shared-runner-with-an-authentication-token). + - [Create a group runner](runners_scope.md#create-a-group-runner-with-an-authentication-token). + - [Create a project runner](runners_scope.md#create-a-project-runner-with-an-authentication-token). +1. Optional. To verify that the previous authentication token has been revoked, use the [Runners API](../../api/runners.md#verify-authentication-for-a-registered-runner). ## Use tags to control which jobs a runner can run diff --git a/doc/development/audit_event_guide/index.md b/doc/development/audit_event_guide/index.md index c49d3a243c0..b8af1341919 100644 --- a/doc/development/audit_event_guide/index.md +++ b/doc/development/audit_event_guide/index.md @@ -29,14 +29,14 @@ If you have any questions, please reach out to `@gitlab-org/govern/compliance` t To instrument an audit event, the following attributes should be provided: -| Attribute | Type | Required? | Description | -|:-------------|:---------------------|:----------|:------------------------------------------------------------------| -| `name` | String | false | Action name to be audited. Represents the [type of the event](#event-type-definitions). Used for error tracking | -| `author` | User | true | User who authors the change. Can be an [internal user](../internal_users.md). For example, [inactive project deletion](../../administration/inactive_project_deletion.md) audit events are authored by `GitLab-Admin-Bot`. | -| `scope` | User, Project, Group | true | Scope which the audit event belongs to | -| `target` | Object | true | Target object being audited | -| `message` | String | true | Message describing the action ([not translated](#i18n-and-the-audit-event-message-attribute)) | -| `created_at` | DateTime | false | The time when the action occurred. Defaults to `DateTime.current` | +| Attribute | Type | Required? | Description | +|:-------------|:------------------------------------|:----------|:------------------------------------------------------------------| +| `name` | String | false | Action name to be audited. Represents the [type of the event](#event-type-definitions). Used for error tracking | +| `author` | User | true | User who authors the change. Can be an [internal user](../internal_users.md). For example, [inactive project deletion](../../administration/inactive_project_deletion.md) audit events are authored by `GitLab-Admin-Bot`. | +| `scope` | User, Project, Group, or InstanceScope | true | Scope which the audit event belongs to | +| `target` | Object | true | Target object being audited | +| `message` | String | true | Message describing the action ([not translated](#i18n-and-the-audit-event-message-attribute)) | +| `created_at` | DateTime | false | The time when the action occurred. Defaults to `DateTime.current` | ## How to instrument new Audit Events diff --git a/doc/topics/build_your_application.md b/doc/topics/build_your_application.md index 48e81e26b02..bee0e2a79bf 100644 --- a/doc/topics/build_your_application.md +++ b/doc/topics/build_your_application.md @@ -9,5 +9,18 @@ info: To determine the technical writer assigned to the Stage/Group associated w Add your source code to a repository, create merge requests to check in code, and use CI/CD to generate your application. Include packages in your app and output it to a variety of environments. -- [CI/CD](../ci/index.md) +- [Getting started](../ci/index.md) +- [`.gitlab-ci.yml reference`](../ci/yaml/index.md) - [Runners](https://docs.gitlab.com/runner/) +- [Pipelines](../ci/pipelines/index.md) +- [Jobs](../ci/jobs/index.md) +- [Variables](../ci/variables/index.md) +- [External secrets](../ci/secrets/index.md) +- [Services](../ci/services/index.md) +- [Auto DevOps](autodevops/index.md) +- [Testing](../ci/testing/index.md) +- [SSH keys](../ci/ssh_keys/index.md) +- [ChatOps](../ci/chatops/index.md) +- [Mobile DevOps](../ci/mobile_devops.md) +- [External repository integrations](../ci/ci_cd_for_external_repos/index.md) +- [Troubleshooting](../ci/troubleshooting.md) |