diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-06-20 06:09:11 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-06-20 06:09:11 +0300 |
commit | 82013498a3be9fb17ed05c7dcf67df84fa83fb2f (patch) | |
tree | 18396f4053d3254e4034db18b5841a6c90b34661 /doc | |
parent | c72cf9fe6a4c390e8a7323ea9a950808ee4f09fd (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc')
-rw-r--r-- | doc/administration/troubleshooting/group_saml_scim.md | 4 | ||||
-rw-r--r-- | doc/user/application_security/api_fuzzing/index.md | 27 | ||||
-rw-r--r-- | doc/user/application_security/dast_api/index.md | 26 | ||||
-rw-r--r-- | doc/user/group/saml_sso/index.md | 4 |
4 files changed, 40 insertions, 21 deletions
diff --git a/doc/administration/troubleshooting/group_saml_scim.md b/doc/administration/troubleshooting/group_saml_scim.md index c6a102e87ee..94923a8984b 100644 --- a/doc/administration/troubleshooting/group_saml_scim.md +++ b/doc/administration/troubleshooting/group_saml_scim.md @@ -60,6 +60,10 @@ User claims and attributes: IdP links and certificate: +NOTE: +Google Workspace displays a SHA256 fingerprint. To retrieve the SHA1 fingerprint required by GitLab for configuring SAML, download the certificate and calculate the SHA1 certificate +fingerprint. + ![Google Workspace Links and Certificate](img/GoogleWorkspace-linkscert_v14_10.png) ## Okta diff --git a/doc/user/application_security/api_fuzzing/index.md b/doc/user/application_security/api_fuzzing/index.md index cbe20ecde30..82254a0bf32 100644 --- a/doc/user/application_security/api_fuzzing/index.md +++ b/doc/user/application_security/api_fuzzing/index.md @@ -854,6 +854,9 @@ Optionally: - `FUZZAPI_PRE_SCRIPT`: Script to install runtimes or dependencies before the analyzer starts. +WARNING: +To execute scripts in Alpine Linux you must first use the command [`chmod`](https://www.gnu.org/software/coreutils/manual/html_node/chmod-invocation.html) to set the [execution permission](https://www.gnu.org/software/coreutils/manual/html_node/Setting-Permissions.html). For example, to set the execution permission of `script.py` for everyone, use the command: `chmod a+x script.py`. If needed, you can version your `script.py` with the execution permission already set. + ```yaml stages: - fuzz @@ -902,7 +905,9 @@ import requests import backoff # [1] Store log file in directory indicated by env var CI_PROJECT_DIR -working_directory = os.environ['CI_PROJECT_DIR'] +working_directory = os.environ.get( 'CI_PROJECT_DIR') +overrides_file_name = os.environ.get('FUZZAPI_OVERRIDES_FILE', 'api-fuzzing-overrides.json') +overrides_file_path = os.path.join(working_directory, overrides_file_name) # [2] File name should match the pattern: gl-*.log log_file_path = os.path.join(working_directory, 'gl-user-overrides.log') @@ -916,8 +921,11 @@ logging.basicConfig(filename=log_file_path, level=logging.DEBUG) requests.exceptions.ConnectionError), max_time=30) def get_auth_response(): - return requests.get('https://authorization.service/api/get_api_token', auth=(os.environ['AUTH_USER'], os.environ['AUTH_PWD'])) - + authorization_url = 'https://authorization.service/api/get_api_token' + return requests.get( + f'{authorization_url}', + auth=(os.environ.get('AUTH_USER'), os.environ.get('AUTH_PWD')) + ) # In our example, access token is retrieved from a given endpoint try: @@ -939,14 +947,14 @@ try: # requests.ReadTimeout : The server did not send any data in the allotted amount of time. # requests.TooManyRedirects : The request exceeds the configured number of maximum redirections # requests.exceptions.RequestException : All exceptions that related to Requests +except json.JSONDecodeError as json_decode_error: + # logs errors related decoding JSON response + logging.error(f'Error, failed while decoding JSON response. Error message: {json_decode_error}') + raise except requests.exceptions.RequestException as requests_error: # logs exceptions related to `Requests` logging.error(f'Error, failed while performing HTTP request. Error message: {requests_error}') raise -except requests.exceptions.JSONDecodeError as json_decode_error: - # logs errors related decoding JSON response - logging.error(f'Error, failed while decoding JSON response. Error message: {json_decode_error}') - raise except Exception as e: # logs any other error logging.error(f'Error, unknown error while retrieving access token. Error message: {e}') @@ -961,8 +969,6 @@ overrides_data = { } # log entry informing about the file override computation -overrides_file_path = os.path.join( - working_directory, "api-fuzzing-overrides.json") logging.info("Creating overrides file: %s" % overrides_file_path) # attempts to overwrite the file @@ -975,7 +981,7 @@ try: fd.write(json.dumps(overrides_data).encode('utf-8')) except Exception as e: # logs any other error - logging.error(f'Error, unkown error when overwritng file {overrides_file_path}. Error message: {e}') + logging.error(f'Error, unknown error when overwriting file {overrides_file_path}. Error message: {e}') raise # logs informing override has finished successfully @@ -998,6 +1004,7 @@ echo "**** install python dependencies ****" python3 -m ensurepip pip3 install --no-cache --upgrade \ pip \ + requests \ backoff echo "**** python dependencies installed ****" diff --git a/doc/user/application_security/dast_api/index.md b/doc/user/application_security/dast_api/index.md index 9128576bf29..c20625fd1de 100644 --- a/doc/user/application_security/dast_api/index.md +++ b/doc/user/application_security/dast_api/index.md @@ -808,6 +808,9 @@ Optionally: - `DAST_API_PRE_SCRIPT`: Script to install runtimes or dependencies before the scan starts. +WARNING: +To execute scripts in Alpine Linux you must first use the command [`chmod`](https://www.gnu.org/software/coreutils/manual/html_node/chmod-invocation.html) to set the [execution permission](https://www.gnu.org/software/coreutils/manual/html_node/Setting-Permissions.html). For example, to set the execution permission of `script.py` for everyone, use the command: `chmod a+x script.py`. If needed, you can version your `script.py` with the execution permission already set. + ```yaml stages: - dast @@ -856,7 +859,9 @@ import requests import backoff # [1] Store log file in directory indicated by env var CI_PROJECT_DIR -working_directory = os.environ['CI_PROJECT_DIR'] +working_directory = os.environ.get( 'CI_PROJECT_DIR') +overrides_file_name = os.environ.get('DAST_API_OVERRIDES_FILE', 'dast-api-overrides.json') +overrides_file_path = os.path.join(working_directory, overrides_file_name) # [2] File name should match the pattern: gl-*.log log_file_path = os.path.join(working_directory, 'gl-user-overrides.log') @@ -870,7 +875,11 @@ logging.basicConfig(filename=log_file_path, level=logging.DEBUG) requests.exceptions.ConnectionError), max_time=30) def get_auth_response(): - return requests.get('https://authorization.service/api/get_api_token', auth=(os.environ['AUTH_USER'], os.environ['AUTH_PWD'])) + authorization_url = 'https://authorization.service/api/get_api_token' + return requests.get( + f'{authorization_url}', + auth=(os.environ.get('AUTH_USER'), os.environ.get('AUTH_PWD')) + ) # In our example, access token is retrieved from a given endpoint try: @@ -892,14 +901,14 @@ try: # requests.ReadTimeout : The server did not send any data in the allotted amount of time. # requests.TooManyRedirects : The request exceeds the configured number of maximum redirections # requests.exceptions.RequestException : All exceptions that related to Requests +except json.JSONDecodeError as json_decode_error: + # logs errors related decoding JSON response + logging.error(f'Error, failed while decoding JSON response. Error message: {json_decode_error}') + raise except requests.exceptions.RequestException as requests_error: # logs exceptions related to `Requests` logging.error(f'Error, failed while performing HTTP request. Error message: {requests_error}') raise -except requests.exceptions.JSONDecodeError as json_decode_error: - # logs errors related decoding JSON response - logging.error(f'Error, failed while decoding JSON response. Error message: {json_decode_error}') - raise except Exception as e: # logs any other error logging.error(f'Error, unknown error while retrieving access token. Error message: {e}') @@ -914,9 +923,6 @@ overrides_data = { } # log entry informing about the file override computation -# the location of the overrides json file is also CI_PROJECT_DIR -overrides_file_path = os.path.join( - working_directory, "dast-api-overrides.json") logging.info("Creating overrides file: %s" % overrides_file_path) # attempts to overwrite the file @@ -929,7 +935,7 @@ try: fd.write(json.dumps(overrides_data).encode('utf-8')) except Exception as e: # logs any other error - logging.error(f'Error, unkown error when overwritng file {overrides_file_path}. Error message: {e}') + logging.error(f'Error, unknown error when overwriting file {overrides_file_path}. Error message: {e}') raise # logs informing override has finished successfully diff --git a/doc/user/group/saml_sso/index.md b/doc/user/group/saml_sso/index.md index c05e847e2c9..5a568603623 100644 --- a/doc/user/group/saml_sso/index.md +++ b/doc/user/group/saml_sso/index.md @@ -189,7 +189,9 @@ with the notes below for consideration. | GitLab single sign-on URL | Start URL | | Identity provider single sign-on URL | SSO URL | -You must download the certificate to get the SHA1 certificate fingerprint. +NOTE: +Google Workspace displays a SHA256 fingerprint. To retrieve the SHA1 fingerprint required by GitLab for [configuring SAML](#configure-gitlab), download the certificate and calculate +the SHA1 certificate fingerprint. The recommended attributes and claims settings are: |