diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-07-01 15:08:08 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-07-01 15:08:08 +0300 |
commit | 2828f81d2a41f46b89e13dc057b982f27aeee547 (patch) | |
tree | 742120cc334d018efe38a3974fd59a67869acc6d /doc | |
parent | 4def415fbf45e0693b17ea418d378d62ab03a146 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc')
-rw-r--r-- | doc/administration/audit_event_streaming.md | 57 | ||||
-rw-r--r-- | doc/administration/object_storage.md | 9 | ||||
-rw-r--r-- | doc/api/packages/conan.md | 4 | ||||
-rw-r--r-- | doc/development/database/batched_background_migrations.md | 2 | ||||
-rw-r--r-- | doc/user/application_security/policies/scan-execution-policies.md | 2 | ||||
-rw-r--r-- | doc/user/application_security/policies/scan-result-policies.md | 2 | ||||
-rw-r--r-- | doc/user/packages/conan_repository/index.md | 3 |
7 files changed, 65 insertions, 14 deletions
diff --git a/doc/administration/audit_event_streaming.md b/doc/administration/audit_event_streaming.md index 4e44a3a3e79..dfdb5c5e169 100644 --- a/doc/administration/audit_event_streaming.md +++ b/doc/administration/audit_event_streaming.md @@ -31,9 +31,9 @@ Users with at least the Owner role for a group can add event streaming destinati 1. On the top bar, select **Menu > Groups** and find your group. 1. On the left sidebar, select **Security & Compliance > Audit events** 1. On the main area, select **Streams** tab. - - When the destination list is empty, select **Add stream** activate edit mode and add a new destination. - - When the destination list is not empty, select **{plus}** under the **Streams** tab to activate edit mode. -1. Enter the endpoint you wish to add and select **Add**. + - When the destination list is empty, select **Add stream** to show the section for adding destinations. + - When the destination list is not empty, select **{plus}** to show the section for adding destinations. +1. Enter the destination URL to add and select **Add**. Event streaming is enabled if: @@ -143,18 +143,23 @@ Destination is deleted if: - The returned `errors` object is empty. - The API responds with `200 OK`. -## Custom HTTP header values +## Custom HTTP headers -> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/361216) in GitLab 15.1 [with a flag](feature_flags.md) named `streaming_audit_event_headers`. Disabled by default. -> - [Enabled on GitLab.com and self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/362941) in GitLab 15.2. +> - API [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/361216) in GitLab 15.1 [with a flag](feature_flags.md) named `streaming_audit_event_headers`. Disabled by default. +> - API [enabled on GitLab.com and self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/362941) in GitLab 15.2. +> - UI [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/361630) in GitLab 15.2 [with a flag](feature_flags.md) named `custom_headers_streaming_audit_events_ui`. Disabled by default. FLAG: -On self-managed GitLab, by default this feature is available. To hide the feature, ask an administrator to [disable the feature flag](../administration/feature_flags.md) named `streaming_audit_event_headers`. -On GitLab.com, this feature is available. +On self-managed GitLab, by default the API for this feature is available. To hide the feature, ask an administrator to [disable the feature flag](../administration/feature_flags.md) named `streaming_audit_event_headers`. +On GitLab.com, the API for this feature is available. Each streaming destination can have up to 20 custom HTTP headers included with each streamed event. -### Add with the API +### Adding custom HTTP headers + +Add customer HTTP headers with the API or GitLab UI. + +#### Use the API Group owners can add a HTTP header using the GraphQL `auditEventsStreamingHeadersCreate` mutation. You can retrieve the destination ID by [listing the external audit destinations](#list-streaming-destinations) on the group. @@ -169,7 +174,37 @@ mutation { The header is created if the returned `errors` object is empty. -### Update with the API +#### Use the GitLab UI + +FLAG: +On self-managed GitLab, by default the UI for this feature is not available. To make it available per group, ask an administrator to +[enable the feature flag](../administration/feature_flags.md) named `custom_headers_streaming_audit_events_ui`. On GitLab.com, the UI for this feature is +not available. The UI for this feature is not ready for production use. Custom header values are not saved by the GitLab UI. To track progress on saving +custom header values in the GitLab UI, [see the relevant issue](https://gitlab.com/gitlab-org/gitlab/-/issues/361631). + +Users with at least the Owner role for a group can add event streaming destinations and custom HTTP headers for it: + +1. On the top bar, select **Menu > Groups** and find your group. +1. On the left sidebar, select **Security & Compliance > Audit events** +1. On the main area, select **Streams** tab. + - When the destination list is empty, select **Add stream** to show the section for adding destinations. + - When the destination list is not empty, select **{plus}** to show the section for adding destinations. +1. Enter the destination URL to add. +1. Locate the **Custom HTTP headers** table. +1. In the **Header** column, add the header's name. +1. In the **Value** column, add the header's value. +1. Ignore the **Active** checkbox because it isn't functional. To track progress on adding functionality to the **Active** checkbox, see the + [relevant issue](https://gitlab.com/gitlab-org/gitlab/-/issues/361925). +1. Enter as many name and value pairs as required. When you enter a unique name and a value for a header, a new row in the table automatically appears. You can add up to + 20 headers per endpoint. +1. After all headers have been filled out, select **Add** to add the new endpoint. + +Event streaming is enabled if: + +- No warning is shown. +- The added endpoint is displayed in the UI. + +### Updating custom HTTP headers > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/361964) in GitLab 15.2. @@ -183,7 +218,7 @@ mutation { } ``` -### Delete with the API +### Deleting custom HTTP headers Group owners can remove a HTTP header using the GraphQL `auditEventsStreamingHeadersDestroy` mutation. You can retrieve the header ID by [listing all the custom headers](#list-all-custom-headers-with-the-api) on the group. diff --git a/doc/administration/object_storage.md b/doc/administration/object_storage.md index 47d01d92da5..5e54835c670 100644 --- a/doc/administration/object_storage.md +++ b/doc/administration/object_storage.md @@ -573,6 +573,15 @@ This ensures there are no collisions across the various types of data GitLab sto There are plans to [enable the use of a single bucket](https://gitlab.com/gitlab-org/gitlab/-/issues/292958) in the future. +With Omnibus and source installations it is possible to split a single +real bucket into multiple virtual buckets. If your object storage +bucket is called `my-gitlab-objects` you can configure uploads to go +into `my-gitlab-objects/uploads`, artifacts into +`my-gitlab-objects/artifacts`, etc. The application will act as if +these are separate buckets. Note that use of bucket prefixes [may not +work correctly with Helm +backups](https://gitlab.com/gitlab-org/charts/gitlab/-/issues/3376). + Helm-based installs require separate buckets to [handle backup restorations](https://docs.gitlab.com/charts/advanced/external-object-storage/#lfs-artifacts-uploads-packages-external-diffs-terraform-state-dependency-proxy). diff --git a/doc/api/packages/conan.md b/doc/api/packages/conan.md index 546a472ea53..1590893d006 100644 --- a/doc/api/packages/conan.md +++ b/doc/api/packages/conan.md @@ -19,6 +19,10 @@ NOTE: These endpoints do not adhere to the standard API authentication methods. See each route for details on how credentials are expected to be passed. +NOTE: +The Conan registry is not FIPS compliant and is disabled when [FIPS mode](../../development/fips_compliance.md) is enabled. +These endpoints will all return 404 Not Found. + ## Route prefix There are two sets of identical routes that each make requests in different scopes: diff --git a/doc/development/database/batched_background_migrations.md b/doc/development/database/batched_background_migrations.md index 01c03909d93..ece3b7b4614 100644 --- a/doc/development/database/batched_background_migrations.md +++ b/doc/development/database/batched_background_migrations.md @@ -355,7 +355,7 @@ You can view failures in two ways: - Via GitLab logs: 1. After running a batched background migration, if any jobs fail, - view the logs in [Kibana](https://log.gprd.gitlab.net/goto/5f06a57f768c6025e1c65aefb4075694). + view the logs in [Kibana](https://log.gprd.gitlab.net/goto/4cb43f40-f861-11ec-b86b-d963a1a6788e). View the production Sidekiq log and filter for: - `json.new_state: failed` diff --git a/doc/user/application_security/policies/scan-execution-policies.md b/doc/user/application_security/policies/scan-execution-policies.md index 50bb36a6a32..d9bbe9d21e9 100644 --- a/doc/user/application_security/policies/scan-execution-policies.md +++ b/doc/user/application_security/policies/scan-execution-policies.md @@ -65,7 +65,7 @@ the following sections and tables provide an alternative. | Field | Type | Possible values | Description | |-------|------|-----------------|-------------| -| `name` | `string` | | Name of the policy. | +| `name` | `string` | | Name of the policy. Maximum of 255 characters.| | `description` (optional) | `string` | | Description of the policy. | | `enabled` | `boolean` | `true`, `false` | Flag to enable (`true`) or disable (`false`) the policy. | | `rules` | `array` of rules | | List of rules that the policy applies. | diff --git a/doc/user/application_security/policies/scan-result-policies.md b/doc/user/application_security/policies/scan-result-policies.md index aad425b4104..d6f9465327b 100644 --- a/doc/user/application_security/policies/scan-result-policies.md +++ b/doc/user/application_security/policies/scan-result-policies.md @@ -56,7 +56,7 @@ the following sections and tables provide an alternative. | Field | Type | Possible values | Description | |-------|------|-----------------|-------------| -| `name` | `string` | | Name of the policy. | +| `name` | `string` | | Name of the policy. Maximum of 255 characters.| | `description` (optional) | `string` | | Description of the policy. | | `enabled` | `boolean` | `true`, `false` | Flag to enable (`true`) or disable (`false`) the policy. | | `rules` | `array` of rules | | List of rules that the policy applies. | diff --git a/doc/user/packages/conan_repository/index.md b/doc/user/packages/conan_repository/index.md index b3eadc13772..264335cefea 100644 --- a/doc/user/packages/conan_repository/index.md +++ b/doc/user/packages/conan_repository/index.md @@ -14,6 +14,9 @@ The Conan package registry for GitLab is under development and isn't ready for p limited functionality. This [epic](https://gitlab.com/groups/gitlab-org/-/epics/6816) details the remaining work and timelines to make it production ready. +NOTE: +The Conan registry is not FIPS compliant and is disabled when [FIPS mode](../../../development/fips_compliance.md) is enabled. + Publish Conan packages in your project's Package Registry. Then install the packages whenever you need to use them as a dependency. |