diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-15 06:11:01 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-15 06:11:01 +0300 |
commit | 26c3184b621c4349997b1fade462c3fb480ad976 (patch) | |
tree | 4b8fe8ff0143ecab6c20179531332048abd1adc3 /doc | |
parent | b754c00a217814cdf3fdaaa51e695a44095c0197 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc')
-rw-r--r-- | doc/administration/gitaly/index.md | 2 | ||||
-rw-r--r-- | doc/administration/logs.md | 7 | ||||
-rw-r--r-- | doc/api/graphql/reference/index.md | 104 | ||||
-rw-r--r-- | doc/user/application_security/dast/index.md | 8 | ||||
-rw-r--r-- | doc/user/application_security/policies/img/container_policy_rule_mode_v14_3.png | bin | 40135 -> 39343 bytes | |||
-rw-r--r-- | doc/user/group/saml_sso/index.md | 4 |
6 files changed, 68 insertions, 57 deletions
diff --git a/doc/administration/gitaly/index.md b/doc/administration/gitaly/index.md index dec18495f1c..797e1bfdf79 100644 --- a/doc/administration/gitaly/index.md +++ b/doc/administration/gitaly/index.md @@ -449,6 +449,8 @@ To monitor [strong consistency](#strong-consistency), you can use the following - `gitaly_hook_transaction_voting_delay_seconds`, the client-side delay introduced by waiting for the transaction to be committed. +You can also monitor the [Praefect logs](../logs.md#praefect-logs). + ## Do not bypass Gitaly GitLab doesn't advise directly accessing Gitaly repositories stored on disk with a Git client, diff --git a/doc/administration/logs.md b/doc/administration/logs.md index 058437c168a..990287e3907 100644 --- a/doc/administration/logs.md +++ b/doc/administration/logs.md @@ -50,6 +50,7 @@ except those captured by `runit`. | [Mailroom](#mail_room_jsonlog-default) | **{check-circle}** Yes | **{check-circle}** Yes | | [NGINX](#nginx-logs) | **{check-circle}** Yes | **{check-circle}** Yes | | [PostgreSQL Logs](#postgresql-logs) | **{dotted-circle}** No | **{check-circle}** Yes | +| [Praefect Logs](#praefect-logs) | **{dotted-circle}** Yes| **{check-circle}** Yes | | [Prometheus Logs](#prometheus-logs) | **{dotted-circle}** No | **{check-circle}** Yes | | [Puma](#puma-logs) | **{check-circle}** Yes | **{check-circle}** Yes | | [Redis Logs](#redis-logs) | **{dotted-circle}** No | **{check-circle}** Yes | @@ -1062,6 +1063,12 @@ For Omnibus GitLab installations, GitLab Exporter logs are in `/var/log/gitlab/g For Omnibus GitLab installations, GitLab Kubernetes Agent Server logs are in `/var/log/gitlab/gitlab-kas/`. +## Praefect Logs + +For Omnibus GitLab installations, Praefect logs are in `/var/log/gitlab/praefect/`. + +GitLab also tracks [Prometheus metrics for Praefect](gitaly/#monitor-gitaly-cluster). + ## Performance bar stats > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/48149) in GitLab 13.7. diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md index dedb2ec4c0e..6a24eae6c35 100644 --- a/doc/api/graphql/reference/index.md +++ b/doc/api/graphql/reference/index.md @@ -15700,12 +15700,12 @@ State of a GitLab iteration. | Value | Description | | ----- | ----------- | -| <a id="iterationstateall"></a>`all` | | -| <a id="iterationstateclosed"></a>`closed` | | -| <a id="iterationstatecurrent"></a>`current` | | -| <a id="iterationstateopened"></a>`opened` | | +| <a id="iterationstateall"></a>`all` | Any iteration. | +| <a id="iterationstateclosed"></a>`closed` | Closed iteration. | +| <a id="iterationstatecurrent"></a>`current` | Current iteration. | +| <a id="iterationstateopened"></a>`opened` | Open iteration. | | <a id="iterationstatestarted"></a>`started` **{warning-solid}** | **Deprecated** in 14.1. Use current instead. | -| <a id="iterationstateupcoming"></a>`upcoming` | | +| <a id="iterationstateupcoming"></a>`upcoming` | Upcoming iteration. | ### `IterationWildcardId` @@ -16101,8 +16101,8 @@ State of a requirement. | Value | Description | | ----- | ----------- | -| <a id="requirementstatearchived"></a>`ARCHIVED` | | -| <a id="requirementstateopened"></a>`OPENED` | | +| <a id="requirementstatearchived"></a>`ARCHIVED` | Archived requirement. | +| <a id="requirementstateopened"></a>`OPENED` | Open requirement. | ### `RequirementStatusFilter` @@ -16110,9 +16110,9 @@ Status of a requirement based on last test report. | Value | Description | | ----- | ----------- | -| <a id="requirementstatusfilterfailed"></a>`FAILED` | | +| <a id="requirementstatusfilterfailed"></a>`FAILED` | Failed test report. | | <a id="requirementstatusfiltermissing"></a>`MISSING` | Requirements without any test report. | -| <a id="requirementstatusfilterpassed"></a>`PASSED` | | +| <a id="requirementstatusfilterpassed"></a>`PASSED` | Passed test report. | ### `RunnerMembershipFilter` @@ -16152,14 +16152,14 @@ The type of the security scanner. | Value | Description | | ----- | ----------- | -| <a id="securityscannertypeapi_fuzzing"></a>`API_FUZZING` | | -| <a id="securityscannertypecluster_image_scanning"></a>`CLUSTER_IMAGE_SCANNING` | | -| <a id="securityscannertypecontainer_scanning"></a>`CONTAINER_SCANNING` | | -| <a id="securityscannertypecoverage_fuzzing"></a>`COVERAGE_FUZZING` | | -| <a id="securityscannertypedast"></a>`DAST` | | -| <a id="securityscannertypedependency_scanning"></a>`DEPENDENCY_SCANNING` | | -| <a id="securityscannertypesast"></a>`SAST` | | -| <a id="securityscannertypesecret_detection"></a>`SECRET_DETECTION` | | +| <a id="securityscannertypeapi_fuzzing"></a>`API_FUZZING` | API Fuzzing scanner. | +| <a id="securityscannertypecluster_image_scanning"></a>`CLUSTER_IMAGE_SCANNING` | Cluster Image Scanning scanner. | +| <a id="securityscannertypecontainer_scanning"></a>`CONTAINER_SCANNING` | Container Scanning scanner. | +| <a id="securityscannertypecoverage_fuzzing"></a>`COVERAGE_FUZZING` | Coverage Fuzzing scanner. | +| <a id="securityscannertypedast"></a>`DAST` | DAST scanner. | +| <a id="securityscannertypedependency_scanning"></a>`DEPENDENCY_SCANNING` | Dependency Scanning scanner. | +| <a id="securityscannertypesast"></a>`SAST` | SAST scanner. | +| <a id="securityscannertypesecret_detection"></a>`SECRET_DETECTION` | Secret Detection scanner. | ### `SentryErrorStatus` @@ -16261,8 +16261,8 @@ State of a test report. | Value | Description | | ----- | ----------- | -| <a id="testreportstatefailed"></a>`FAILED` | | -| <a id="testreportstatepassed"></a>`PASSED` | | +| <a id="testreportstatefailed"></a>`FAILED` | Failed test report. | +| <a id="testreportstatepassed"></a>`PASSED` | Passed test report. | ### `TodoActionEnum` @@ -16375,13 +16375,13 @@ Confidence that a given vulnerability is present in the codebase. | Value | Description | | ----- | ----------- | -| <a id="vulnerabilityconfidenceconfirmed"></a>`CONFIRMED` | | -| <a id="vulnerabilityconfidenceexperimental"></a>`EXPERIMENTAL` | | -| <a id="vulnerabilityconfidencehigh"></a>`HIGH` | | -| <a id="vulnerabilityconfidenceignore"></a>`IGNORE` | | -| <a id="vulnerabilityconfidencelow"></a>`LOW` | | -| <a id="vulnerabilityconfidencemedium"></a>`MEDIUM` | | -| <a id="vulnerabilityconfidenceunknown"></a>`UNKNOWN` | | +| <a id="vulnerabilityconfidenceconfirmed"></a>`CONFIRMED` | Confirmed confidence. | +| <a id="vulnerabilityconfidenceexperimental"></a>`EXPERIMENTAL` | Experimental confidence. | +| <a id="vulnerabilityconfidencehigh"></a>`HIGH` | High confidence. | +| <a id="vulnerabilityconfidenceignore"></a>`IGNORE` | Ignore confidence. | +| <a id="vulnerabilityconfidencelow"></a>`LOW` | Low confidence. | +| <a id="vulnerabilityconfidencemedium"></a>`MEDIUM` | Medium confidence. | +| <a id="vulnerabilityconfidenceunknown"></a>`UNKNOWN` | Unknown confidence. | ### `VulnerabilityDismissalReason` @@ -16417,11 +16417,11 @@ The grade of the vulnerable project. | Value | Description | | ----- | ----------- | -| <a id="vulnerabilitygradea"></a>`A` | | -| <a id="vulnerabilitygradeb"></a>`B` | | -| <a id="vulnerabilitygradec"></a>`C` | | -| <a id="vulnerabilitygraded"></a>`D` | | -| <a id="vulnerabilitygradef"></a>`F` | | +| <a id="vulnerabilitygradea"></a>`A` | A grade. | +| <a id="vulnerabilitygradeb"></a>`B` | B grade. | +| <a id="vulnerabilitygradec"></a>`C` | C grade. | +| <a id="vulnerabilitygraded"></a>`D` | D grade. | +| <a id="vulnerabilitygradef"></a>`F` | F grade. | ### `VulnerabilityIssueLinkType` @@ -16429,8 +16429,8 @@ The type of the issue link related to a vulnerability. | Value | Description | | ----- | ----------- | -| <a id="vulnerabilityissuelinktypecreated"></a>`CREATED` | | -| <a id="vulnerabilityissuelinktyperelated"></a>`RELATED` | | +| <a id="vulnerabilityissuelinktypecreated"></a>`CREATED` | Issue is created for the vulnerability. | +| <a id="vulnerabilityissuelinktyperelated"></a>`RELATED` | Has a related issue. | ### `VulnerabilityReportType` @@ -16438,15 +16438,15 @@ The type of the security scan that found the vulnerability. | Value | Description | | ----- | ----------- | -| <a id="vulnerabilityreporttypeapi_fuzzing"></a>`API_FUZZING` | | -| <a id="vulnerabilityreporttypecluster_image_scanning"></a>`CLUSTER_IMAGE_SCANNING` | | -| <a id="vulnerabilityreporttypecontainer_scanning"></a>`CONTAINER_SCANNING` | | -| <a id="vulnerabilityreporttypecoverage_fuzzing"></a>`COVERAGE_FUZZING` | | -| <a id="vulnerabilityreporttypedast"></a>`DAST` | | -| <a id="vulnerabilityreporttypedependency_scanning"></a>`DEPENDENCY_SCANNING` | | -| <a id="vulnerabilityreporttypegeneric"></a>`GENERIC` | | -| <a id="vulnerabilityreporttypesast"></a>`SAST` | | -| <a id="vulnerabilityreporttypesecret_detection"></a>`SECRET_DETECTION` | | +| <a id="vulnerabilityreporttypeapi_fuzzing"></a>`API_FUZZING` | API Fuzzing report. | +| <a id="vulnerabilityreporttypecluster_image_scanning"></a>`CLUSTER_IMAGE_SCANNING` | Cluster Image Scanning report. | +| <a id="vulnerabilityreporttypecontainer_scanning"></a>`CONTAINER_SCANNING` | Container Scanning report. | +| <a id="vulnerabilityreporttypecoverage_fuzzing"></a>`COVERAGE_FUZZING` | Coverage Fuzzing report. | +| <a id="vulnerabilityreporttypedast"></a>`DAST` | DAST report. | +| <a id="vulnerabilityreporttypedependency_scanning"></a>`DEPENDENCY_SCANNING` | Dependency Scanning report. | +| <a id="vulnerabilityreporttypegeneric"></a>`GENERIC` | Generic report. | +| <a id="vulnerabilityreporttypesast"></a>`SAST` | SAST report. | +| <a id="vulnerabilityreporttypesecret_detection"></a>`SECRET_DETECTION` | Secret Detection report. | ### `VulnerabilitySeverity` @@ -16454,12 +16454,12 @@ The severity of the vulnerability. | Value | Description | | ----- | ----------- | -| <a id="vulnerabilityseveritycritical"></a>`CRITICAL` | | -| <a id="vulnerabilityseverityhigh"></a>`HIGH` | | -| <a id="vulnerabilityseverityinfo"></a>`INFO` | | -| <a id="vulnerabilityseveritylow"></a>`LOW` | | -| <a id="vulnerabilityseveritymedium"></a>`MEDIUM` | | -| <a id="vulnerabilityseverityunknown"></a>`UNKNOWN` | | +| <a id="vulnerabilityseveritycritical"></a>`CRITICAL` | Critical severity. | +| <a id="vulnerabilityseverityhigh"></a>`HIGH` | High severity. | +| <a id="vulnerabilityseverityinfo"></a>`INFO` | Info severity. | +| <a id="vulnerabilityseveritylow"></a>`LOW` | Low severity. | +| <a id="vulnerabilityseveritymedium"></a>`MEDIUM` | Medium severity. | +| <a id="vulnerabilityseverityunknown"></a>`UNKNOWN` | Unknown severity. | ### `VulnerabilitySort` @@ -16484,10 +16484,10 @@ The state of the vulnerability. | Value | Description | | ----- | ----------- | -| <a id="vulnerabilitystateconfirmed"></a>`CONFIRMED` | | -| <a id="vulnerabilitystatedetected"></a>`DETECTED` | | -| <a id="vulnerabilitystatedismissed"></a>`DISMISSED` | | -| <a id="vulnerabilitystateresolved"></a>`RESOLVED` | | +| <a id="vulnerabilitystateconfirmed"></a>`CONFIRMED` | Confirmed vulnerability. | +| <a id="vulnerabilitystatedetected"></a>`DETECTED` | Detected vulnerability. | +| <a id="vulnerabilitystatedismissed"></a>`DISMISSED` | Dismissed vulnerability. | +| <a id="vulnerabilitystateresolved"></a>`RESOLVED` | Resolved vulnerability. | ### `WeightWildcardId` diff --git a/doc/user/application_security/dast/index.md b/doc/user/application_security/dast/index.md index 37a19ec77a4..15cd6e4a75f 100644 --- a/doc/user/application_security/dast/index.md +++ b/doc/user/application_security/dast/index.md @@ -1094,7 +1094,7 @@ To edit an existing site profile: 1. Edit the fields then select **Save profile**. If a site profile is linked to a security policy, a user cannot edit the profile from this page. See -[Scan Policies](../policies/index.md) +[Scan Execution Policies](../policies/index.md#scan-execution-policy-editor) for more information. #### Delete a site profile @@ -1108,7 +1108,7 @@ To delete an existing site profile: 1. Select **Delete** to confirm the deletion. If a site profile is linked to a security policy, a user cannot delete the profile from this page. -See [Scan Policies](../policies/index.md) +See [Scan Execution Policies](../policies/index.md#scan-execution-policy-editor) for more information. #### Validate a site profile @@ -1238,7 +1238,7 @@ To edit a scanner profile: 1. Select **Save profile**. If a scanner profile is linked to a security policy, a user cannot edit the profile from this page. -See [Scan Policies](../policies/index.md) +See [Scan Execution Policies](../policies/index.md#scan-execution-policy-editor) for more information. #### Delete a scanner profile @@ -1252,7 +1252,7 @@ To delete a scanner profile: 1. Select **Delete**. If a scanner profile is linked to a security policy, a user cannot delete the profile from this -page. See [Scan Policies](../policies/index.md) +page. See [Scan Execution Policies](../policies/index.md#scan-execution-policy-editor) for more information. ### Auditing diff --git a/doc/user/application_security/policies/img/container_policy_rule_mode_v14_3.png b/doc/user/application_security/policies/img/container_policy_rule_mode_v14_3.png Binary files differindex 3efa344eb59..b21d0330b2f 100644 --- a/doc/user/application_security/policies/img/container_policy_rule_mode_v14_3.png +++ b/doc/user/application_security/policies/img/container_policy_rule_mode_v14_3.png diff --git a/doc/user/group/saml_sso/index.md b/doc/user/group/saml_sso/index.md index 6865378f333..b7b31e89f3b 100644 --- a/doc/user/group/saml_sso/index.md +++ b/doc/user/group/saml_sso/index.md @@ -57,6 +57,7 @@ Once users have signed into GitLab using the SSO SAML setup, changing the `NameI #### NameID Format We recommend setting the NameID format to `Persistent` unless using a field (such as email) that requires a different format. +Most NameID formats can be used, except `Transient` due to the temporary nature of this format. ### Assertions @@ -489,12 +490,13 @@ If you do not wish to use that GitLab user with the SAML login, you can [unlink ### Message: "SAML authentication failed: User has already been taken" -The user that you're signed in with already has SAML linked to a different identity. +The user that you're signed in with already has SAML linked to a different identity, or the NameID value has changed. Here are possible causes and solutions: | Cause | Solution | | ---------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | You've tried to link multiple SAML identities to the same user, for a given identity provider. | Change the identity that you sign in with. To do so, [unlink the previous SAML identity](#unlinking-accounts) from this GitLab account before attempting to sign in again. | +| The NameID changes everytime the user requests SSO identification | Check the NameID is not set with `Transient` format, or the NameID is not changing on subsequent requests.| ### Message: "SAML authentication failed: Email has already been taken" |