diff options
22 files changed, 376 insertions, 388 deletions
diff --git a/.eslintrc.yml b/.eslintrc.yml index 956758255cb..f65875f5ef5 100644 --- a/.eslintrc.yml +++ b/.eslintrc.yml @@ -119,11 +119,17 @@ rules: message: 'Use directive at ~/vue_shared/directives/safe_html.js instead.' - selector: Literal[value=/docs.gitlab.+\u002Fee/] message: 'No hard coded url, use `DOCS_URL_IN_EE_DIR` in `jh_else_ce/lib/utils/url_utility`' - - selector: Literal[value=/(?=.*docs.gitlab.*)(?=^(?!.*\u002Fee\b).*$)/] + - selector: TemplateElement[value.cooked=/docs.gitlab.+\u002Fee/] + message: 'No hard coded url, use `DOCS_URL_IN_EE_DIR` in `jh_else_ce/lib/utils/url_utility`' + - selector: Literal[value=/(?=.*docs.gitlab.*)(?!.*\u002Fee\b.*)/] + message: 'No hard coded url, use `DOCS_URL` in `jh_else_ce/lib/utils/url_utility`' + - selector: TemplateElement[value.cooked=/(?=.*docs.gitlab.*)(?!.*\u002Fee\b.*)/] message: 'No hard coded url, use `DOCS_URL` in `jh_else_ce/lib/utils/url_utility`' - - selector: Literal[value=/(?=.*about.gitlab.*)(?=^(?!.*\u002Fblog\b).*$)/] + - selector: Literal[value=/(?=.*about.gitlab.*)(?!.*\u002Fblog\b.*)/] + message: 'No hard coded url, use `PROMO_URL` in `jh_else_ce/lib/utils/url_utility`' + - selector: TemplateElement[value.cooked=/(?=.*about.gitlab.*)(?!.*\u002Fblog\b.*)/] message: 'No hard coded url, use `PROMO_URL` in `jh_else_ce/lib/utils/url_utility`' - - selector: TemplateLiteral[expressions.0.name=DOCS_URL] > TemplateElement[value.cooked=/\u002Fjh/] + - selector: TemplateLiteral[expressions.0.name=DOCS_URL] > TemplateElement[value.cooked=/\u002Fjh|\u002Fee/] message: '`/ee` or `/jh` path found in docs url, use `DOCS_URL_IN_EE_DIR` in `jh_else_ce/lib/utils/url_utility`' no-restricted-imports: - error @@ -165,6 +171,20 @@ overrides: message: Avoid asserting disabled attribute exact value, because Vue.js 2 and Vue.js 3 renders it differently. Use toBeDefined / toBeUndefined instead - selector: MemberExpression[object.object.name='Vue'][object.property.name='config'][property.name='errorHandler'] message: 'Use setErrorHandler/resetVueErrorHandler from helpers/set_vue_error_handler.js instead.' + - selector: Literal[value=/docs.gitlab.+\u002Fee/] + message: 'No hard coded url, use `DOCS_URL_IN_EE_DIR` in `jh_else_ce/lib/utils/url_utility`' + - selector: TemplateElement[value.cooked=/docs.gitlab.+\u002Fee/] + message: 'No hard coded url, use `DOCS_URL_IN_EE_DIR` in `jh_else_ce/lib/utils/url_utility`' + - selector: Literal[value=/(?=.*docs.gitlab.*)(?!.*\u002Fee\b.*)/] + message: 'No hard coded url, use `DOCS_URL` in `jh_else_ce/lib/utils/url_utility`' + - selector: TemplateElement[value.cooked=/(?=.*docs.gitlab.*)(?!.*\u002Fee\b.*)/] + message: 'No hard coded url, use `DOCS_URL` in `jh_else_ce/lib/utils/url_utility`' + - selector: Literal[value=/(?=.*about.gitlab.*)(?!.*\u002Fblog\b.*)/] + message: 'No hard coded url, use `PROMO_URL` in `jh_else_ce/lib/utils/url_utility`' + - selector: TemplateElement[value.cooked=/(?=.*about.gitlab.*)(?!.*\u002Fblog\b.*)/] + message: 'No hard coded url, use `PROMO_URL` in `jh_else_ce/lib/utils/url_utility`' + - selector: TemplateLiteral[expressions.0.name=DOCS_URL] > TemplateElement[value.cooked=/\u002Fjh|\u002Fee/] + message: '`/ee` or `/jh` path found in docs url, use `DOCS_URL_IN_EE_DIR` in `jh_else_ce/lib/utils/url_utility`' no-unsanitized/method: off no-unsanitized/property: off - files: diff --git a/GITLAB_KAS_VERSION b/GITLAB_KAS_VERSION index e27f7a8bf60..c07a0b69110 100644 --- a/GITLAB_KAS_VERSION +++ b/GITLAB_KAS_VERSION @@ -1 +1 @@ -v16.2.0 +v16.3.0-rc3 @@ -205,7 +205,7 @@ gem 'asciidoctor-plantuml', '~> 0.0.16' gem 'asciidoctor-kroki', '~> 0.8.0', require: false gem 'rouge', '~> 4.1.2' gem 'truncato', '~> 0.7.12' -gem 'nokogiri', '~> 1.15', '>= 1.15.2' +gem 'nokogiri', '~> 1.15', '>= 1.15.3' # Calendar rendering gem 'icalendar' diff --git a/Gemfile.checksum b/Gemfile.checksum index 4de6c3c7092..54a2b80b5a3 100644 --- a/Gemfile.checksum +++ b/Gemfile.checksum @@ -392,17 +392,17 @@ {"name":"nio4r","version":"2.5.8","platform":"java","checksum":"b2b1800f6bf7ce4b797ca8b639ad278a99c9c904fb087a91d944f38e4bd71401"}, {"name":"nio4r","version":"2.5.8","platform":"ruby","checksum":"3becb4ad95ab8ac0a9bd2e1b16466869402be62848082bf6329ae9091f276676"}, {"name":"no_proxy_fix","version":"0.1.2","platform":"ruby","checksum":"4e9b4c31bb146de7fcf347dc1087bb13ac2039b56d50aa019e61036256abcd00"}, -{"name":"nokogiri","version":"1.15.2","platform":"aarch64-linux","checksum":"497c698f0cc0f283934c9c93064249d113408e97e5f3677b0b5111af24a67c29"}, -{"name":"nokogiri","version":"1.15.2","platform":"arm-linux","checksum":"505ad4b80cedd12bc3c53065079cc825e7f3d4094ca7b54176ae6f3734dbe2cc"}, -{"name":"nokogiri","version":"1.15.2","platform":"arm64-darwin","checksum":"bbedeaf45ce1494f51806e5fab0d31816fc4584f8e2ec757dd516b9b30847ee4"}, -{"name":"nokogiri","version":"1.15.2","platform":"java","checksum":"b15ba3c1aa5b3726d7aceb44f635250653467c5b0d04248fa0f6a6afc6515fb0"}, -{"name":"nokogiri","version":"1.15.2","platform":"ruby","checksum":"20dc800b8fbe4c4f4b5b164e6aa3ab82a371bcb27eb685c166961c34dd8a22d7"}, -{"name":"nokogiri","version":"1.15.2","platform":"x64-mingw-ucrt","checksum":"bc3cc9631c9dd7a74a59554215474da657f956ccb126391d082a2a8c45d3ee14"}, -{"name":"nokogiri","version":"1.15.2","platform":"x64-mingw32","checksum":"1fd27732b161a497275798e502b31e97dfe1ab58aac02c0d6ace9cbe1fd6a38c"}, -{"name":"nokogiri","version":"1.15.2","platform":"x86-linux","checksum":"931383c6351d79903149b5c6a988e88daada59d7069f3a01b4dcf6730d411cc6"}, -{"name":"nokogiri","version":"1.15.2","platform":"x86-mingw32","checksum":"3f4a6350ca1d87d185f4bf509d953820c7191d1cf4213cc3bac9c492b9b4a720"}, -{"name":"nokogiri","version":"1.15.2","platform":"x86_64-darwin","checksum":"b57eeec09ee1c4010e317f50d2897fb9c1133d02598260db229e81127b337930"}, -{"name":"nokogiri","version":"1.15.2","platform":"x86_64-linux","checksum":"5bca696b9283ad7ce97b9c0dfdf029a62c26e92f39f440a65795e377d44f119a"}, +{"name":"nokogiri","version":"1.15.3","platform":"aarch64-linux","checksum":"70dadf636ae026f475f07c16b12c685544d4f8a764777df629abf1f7af0f2fb5"}, +{"name":"nokogiri","version":"1.15.3","platform":"arm-linux","checksum":"83871fa3f544dc601e27abbdef87315a77fe1270fe4904986bd3a7df9ca3d56f"}, +{"name":"nokogiri","version":"1.15.3","platform":"arm64-darwin","checksum":"fa4a027478df9004a2ce91389af7b7b5a4fc790c23492dca43b210a0f8770596"}, +{"name":"nokogiri","version":"1.15.3","platform":"java","checksum":"95d410f995364d9780c4147d8fca6974447a1ccd3a1e1b092f0408836a36cc9c"}, +{"name":"nokogiri","version":"1.15.3","platform":"ruby","checksum":"876631295a85315dac37e7a71386d62d9eb452a891083cfe7505cca4805088cb"}, +{"name":"nokogiri","version":"1.15.3","platform":"x64-mingw-ucrt","checksum":"599a46b6e4f5a34dd21da06bdbd69611728304af5ef42bb183e4b4ca073fd7a3"}, +{"name":"nokogiri","version":"1.15.3","platform":"x64-mingw32","checksum":"92ebfb637c9b7ba92a221b49ea3328c7e5ee79a28307d75ef55bfe4b5807face"}, +{"name":"nokogiri","version":"1.15.3","platform":"x86-linux","checksum":"ee314666eca832fa71b5bb4c090be46a80aded857aa26121b3b51f3ed658a646"}, +{"name":"nokogiri","version":"1.15.3","platform":"x86-mingw32","checksum":"44b7f18817894a5b697bab3d757b12bb7857a0218c1b2e0000929456a2178b34"}, +{"name":"nokogiri","version":"1.15.3","platform":"x86_64-darwin","checksum":"1f0bc0343f9dd1db8dd42e4c9110dd24fc11a7f923b9fa0f866e7f90739e4e7a"}, +{"name":"nokogiri","version":"1.15.3","platform":"x86_64-linux","checksum":"ca244ed58568d7265088f83c568d2947102fb00bac14b5bc0e63f678dcd6323d"}, {"name":"notiffany","version":"0.1.3","platform":"ruby","checksum":"d37669605b7f8dcb04e004e6373e2a780b98c776f8eb503ac9578557d7808738"}, {"name":"numerizer","version":"0.2.0","platform":"ruby","checksum":"e58076d5ee5370417b7e52d9cb25836d62acd1b8d9a194c308707986c1705d7b"}, {"name":"oauth","version":"0.5.6","platform":"ruby","checksum":"4085fe28e0c5e2434135e00a6555294fd2a4ff96a98d1bdecdcd619fc6368dff"}, diff --git a/Gemfile.lock b/Gemfile.lock index 7dfd585e939..a5c6a44172c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1059,7 +1059,7 @@ GEM netrc (0.11.0) nio4r (2.5.8) no_proxy_fix (0.1.2) - nokogiri (1.15.2) + nokogiri (1.15.3) mini_portile2 (~> 2.8.2) racc (~> 1.4) notiffany (0.1.3) @@ -1902,7 +1902,7 @@ DEPENDENCIES net-ldap (~> 0.17.1) net-ntp net-protocol (~> 0.1.3) - nokogiri (~> 1.15, >= 1.15.2) + nokogiri (~> 1.15, >= 1.15.3) oauth2 (~> 2.0) octokit (~> 4.15) ohai (~> 17.9) diff --git a/app/assets/javascripts/lib/utils/url_utility.js b/app/assets/javascripts/lib/utils/url_utility.js index 2d24a467598..f80f7896790 100644 --- a/app/assets/javascripts/lib/utils/url_utility.js +++ b/app/assets/javascripts/lib/utils/url_utility.js @@ -20,6 +20,7 @@ export const PROMO_HOST = `about.${DOMAIN}`; // about.gitlab.com // About Gitlab default url export const PROMO_URL = `https://${PROMO_HOST}`; +// eslint-disable-next-line no-restricted-syntax export const DOCS_URL_IN_EE_DIR = `${DOCS_URL}/ee`; // Reset the cursor in a Regex so that multiple uses before a recompile don't fail diff --git a/app/models/user_detail.rb b/app/models/user_detail.rb index 5c9a73571c0..293a20fcc5a 100644 --- a/app/models/user_detail.rb +++ b/app/models/user_detail.rb @@ -5,7 +5,6 @@ class UserDetail < ApplicationRecord extend ::Gitlab::Utils::Override ignore_column :requires_credit_card_verification, remove_with: '16.1', remove_after: '2023-06-22' - ignore_column :provisioned_by_group_at, remove_with: '16.3', remove_after: '2023-07-22' REGISTRATION_OBJECTIVE_PAIRS = { basics: 0, move_repository: 1, code_storage: 2, exploring: 3, ci: 4, other: 5, joining_team: 6 }.freeze diff --git a/app/views/shared/_no_password.html.haml b/app/views/shared/_no_password.html.haml index e0d385024cd..1f6f41187fc 100644 --- a/app/views/shared/_no_password.html.haml +++ b/app/views/shared/_no_password.html.haml @@ -5,5 +5,5 @@ - c.with_body do = no_password_message - c.with_actions do - = link_to _('Remind later'), '#', class: 'js-hide-no-password-message gl-alert-action btn btn-confirm btn-md gl-button' - = link_to _("Don't show again"), profile_path(user: { hide_no_password: true }), method: :put, role: 'button', class: 'gl-alert-action btn btn-default btn-md gl-button' + = link_button_to _('Remind later'), '#', class: 'js-hide-no-password-message gl-alert-action', variant: :confirm + = link_button_to _("Don't show again"), profile_path(user: { hide_no_password: true }), method: :put, role: 'button', class: 'gl-alert-action' diff --git a/doc/administration/audit_event_streaming/graphql_api.md b/doc/administration/audit_event_streaming/graphql_api.md index 9f8fef0e3ca..2bfb8353710 100644 --- a/doc/administration/audit_event_streaming/graphql_api.md +++ b/doc/administration/audit_event_streaming/graphql_api.md @@ -19,15 +19,21 @@ info: To determine the technical writer assigned to the Stage/Group associated w Audit event streaming destinations can be maintained using a GraphQL API. -## Add a new streaming destination +## Top-level group streaming destinations -Add a new streaming destination to top-level groups or an entire instance. +Manage streaming destinations for top-level groups. + +### HTTP destinations + +Manage HTTP streaming destinations for top-level groups. + +#### Add a new streaming destination + +Add a new streaming destination to top-level groups. WARNING: Streaming destinations receive **all** audit event data, which could include sensitive information. Make sure you trust the streaming destination. -### Top-level group streaming destinations - Prerequisites: - Owner role for a top-level group. @@ -113,197 +119,232 @@ mutation { The header is created if the returned `errors` object is empty. -### Instance streaming destinations +#### List streaming destinations -> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/335175) in GitLab 16.0 [with a flag](../feature_flags.md) named `ff_external_audit_events`. Disabled by default. -> - [Feature flag `ff_external_audit_events`](https://gitlab.com/gitlab-org/gitlab/-/issues/393772) enabled by default in GitLab 16.2. - -FLAG: -On self-managed GitLab, by default this feature is enabled. To disable it, an administrator can [disable the feature flag](../feature_flags.md) named -`ff_external_audit_events`. On GitLab.com, this feature is available but can be configured by GitLab.com administrators only. The feature is ready for production use. +List streaming destinations for a top-level groups. Prerequisites: -- Administrator access on the instance. +- Owner role for a top-level group. -To enable streaming and add a destination, use the -`instanceExternalAuditEventDestinationCreate` mutation in the GraphQL API. +You can view a list of streaming destinations for a top-level group using the `externalAuditEventDestinations` query +type. ```graphql -mutation { - instanceExternalAuditEventDestinationCreate(input: { destinationUrl: "https://mydomain.io/endpoint/ingest"}) { - errors - instanceExternalAuditEventDestination { - destinationUrl - id - name - verificationToken +query { + group(fullPath: "my-group") { + id + externalAuditEventDestinations { + nodes { + destinationUrl + verificationToken + id + name + headers { + nodes { + key + value + id + } + } + eventTypeFilters + } } } } ``` -Event streaming is enabled if: +If the resulting list is empty, then audit streaming is not enabled for that group. -- The returned `errors` object is empty. -- The API responds with `200 OK`. +#### Update streaming destinations -You can optionally specify your own destination name (instead of the default GitLab-generated one) using the GraphQL -`instanceExternalAuditEventDestinationCreate` -mutation. Name length must not exceed 72 characters and trailing whitespace are not trimmed. This value should be unique. For example: +Update streaming destinations for a top-level group. + +Prerequisites: + +- Owner role for a top-level group. + +Users with the Owner role for a group can update streaming destinations' custom HTTP headers using the +`auditEventsStreamingHeadersUpdate` mutation type. You can retrieve the custom HTTP headers ID +by [listing all the custom HTTP headers](#list-streaming-destinations) for the group. ```graphql mutation { - instanceExternalAuditEventDestinationCreate(input: { destinationUrl: "https://mydomain.io/endpoint/ingest", name: "destination-name-here"}) { + externalAuditEventDestinationUpdate(input: { + id:"gid://gitlab/AuditEvents::ExternalAuditEventDestination/1", + destinationUrl: "https://www.new-domain.com/webhook", + name: "destination-name"} ) { errors - instanceExternalAuditEventDestination { - destinationUrl + externalAuditEventDestination { id name + destinationUrl verificationToken + group { + name + } } } } ``` -Instance administrators can add an HTTP header using the GraphQL `auditEventsStreamingInstanceHeadersCreate` mutation. You can retrieve the destination ID -by [listing all the streaming destinations](#list-streaming-destinations) for the instance or from the mutation above. +Streaming destination is updated if: + +- The returned `errors` object is empty. +- The API responds with `200 OK`. + +Group owners can remove an HTTP header using the GraphQL `auditEventsStreamingHeadersDestroy` mutation. You can retrieve the header ID +by [listing all the custom HTTP headers](#list-streaming-destinations) for the group. ```graphql mutation { - auditEventsStreamingInstanceHeadersCreate(input: - { - destinationId: "gid://gitlab/AuditEvents::InstanceExternalAuditEventDestination/42", - key: "foo", - value: "bar" - }) { + auditEventsStreamingHeadersDestroy(input: { headerId: "gid://gitlab/AuditEvents::Streaming::Header/1" }) { errors - header { - id - key - value - } } } ``` -The header is created if the returned `errors` object is empty. +The header is deleted if the returned `errors` object is empty. -### Google Cloud Logging streaming +#### Delete streaming destinations -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/409422) in GitLab 16.1. +Delete streaming destinations for a top-level group. + +When the last destination is successfully deleted, streaming is disabled for the group. Prerequisites: - Owner role for a top-level group. -- A Google Cloud project with the necessary permissions to create service accounts and enable Google Cloud Logging. -To enable streaming and add a configuration, use the -`googleCloudLoggingConfigurationCreate` mutation in the GraphQL API. +Users with the Owner role for a group can delete streaming destinations using the +`externalAuditEventDestinationDestroy` mutation type. You can retrieve the destinations ID +by [listing all the streaming destinations](#list-streaming-destinations) for the group. ```graphql mutation { - googleCloudLoggingConfigurationCreate(input: { groupPath: "my-group", googleProjectIdName: "my-google-project", clientEmail: "my-email@my-google-project.iam.gservice.account.com", privateKey: "YOUR_PRIVATE_KEY", logIdName: "audit-events" } ) { - errors - googleCloudLoggingConfiguration { - id - googleProjectIdName - logIdName - privateKey - clientEmail - } + externalAuditEventDestinationDestroy(input: { id: destination }) { errors } } ``` -Event streaming is enabled if: +Streaming destination is deleted if: - The returned `errors` object is empty. - The API responds with `200 OK`. -## List streaming destinations +Group owners can remove an HTTP header using the GraphQL `auditEventsStreamingHeadersDestroy` mutation. You can retrieve the header ID +by [listing all the custom HTTP headers](#list-streaming-destinations) for the group. + +```graphql +mutation { + auditEventsStreamingHeadersDestroy(input: { headerId: "gid://gitlab/AuditEvents::Streaming::Header/1" }) { + errors + } +} +``` + +The header is deleted if the returned `errors` object is empty. -List new streaming destinations for top-level groups or an entire instance. +#### Event type filters -### Top-level group streaming destinations +> Event type filters API [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/344845) in GitLab 15.7. + +When this feature is enabled for a group, you can use an API to permit users to filter streamed audit events per destination. +If the feature is enabled with no filters, the destination receives all audit events. + +A streaming destination that has an event type filter set has a **filtered** (**{filter}**) label. + +##### Use the API to add an event type filter Prerequisites: -- Owner role for a top-level group. +- You must have the Owner role for the group. -You can view a list of streaming destinations for a top-level group using the `externalAuditEventDestinations` query -type. +You can add a list of event type filters using the `auditEventsStreamingDestinationEventsAdd` query type: ```graphql -query { - group(fullPath: "my-group") { - id - externalAuditEventDestinations { - nodes { - destinationUrl - verificationToken - id - name - headers { - nodes { - key - value - id - } - } +mutation { + auditEventsStreamingDestinationEventsAdd(input: { + destinationId: "gid://gitlab/AuditEvents::ExternalAuditEventDestination/1", + eventTypeFilters: ["list of event type filters"]}){ + errors eventTypeFilters - } } +} +``` + +Event type filters are added if: + +- The returned `errors` object is empty. +- The API responds with `200 OK`. + +##### Use the API to remove an event type filter + +Prerequisites: + +- You must have the Owner role for the group. + +You can remove a list of event type filters using the `auditEventsStreamingDestinationEventsRemove` query type: + +```graphql +mutation { + auditEventsStreamingDestinationEventsRemove(input: { + destinationId: "gid://gitlab/AuditEvents::ExternalAuditEventDestination/1", + eventTypeFilters: ["list of event type filters"] + }){ + errors } } ``` -If the resulting list is empty, then audit streaming is not enabled for that group. +Event type filters are removed if: -### Instance streaming destinations +- The returned `errors` object is empty. +- The API responds with `200 OK`. -> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/335175) in GitLab 16.0 [with a flag](../feature_flags.md) named `ff_external_audit_events`. Disabled by default. -> - [Feature flag `ff_external_audit_events`](https://gitlab.com/gitlab-org/gitlab/-/issues/393772) enabled by default in GitLab 16.2. +### Google Cloud Logging destinations -FLAG: -On self-managed GitLab, by default this feature is enabled. To disable it, an administrator can [disable the feature flag](../feature_flags.md) named -`ff_external_audit_events`. On GitLab.com, this feature is available but can be configured by GitLab.com administrators only. The feature is ready for production use. +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/409422) in GitLab 16.1. + +Manage Google Cloud Logging destinations for top-level groups. + +#### Add a new Google Cloud Logging destination + +Add a new Google Cloud Logging configuration destination to a top-level group. Prerequisites: -- Administrator access on the instance. +- Owner role for a top-level group. +- A Google Cloud project with the necessary permissions to create service accounts and enable Google Cloud Logging. -To view a list of streaming destinations for an instance, use the -`instanceExternalAuditEventDestinations` query type. +To enable streaming and add a configuration, use the +`googleCloudLoggingConfigurationCreate` mutation in the GraphQL API. ```graphql -query { - instanceExternalAuditEventDestinations { - nodes { +mutation { + googleCloudLoggingConfigurationCreate(input: { groupPath: "my-group", googleProjectIdName: "my-google-project", clientEmail: "my-email@my-google-project.iam.gservice.account.com", privateKey: "YOUR_PRIVATE_KEY", logIdName: "audit-events" } ) { + errors + googleCloudLoggingConfiguration { id - name - destinationUrl - verificationToken - headers { - nodes { - id - key - value - } - } + googleProjectIdName + logIdName + privateKey + clientEmail } + errors } } ``` -If the resulting list is empty, then audit streaming is not enabled for the instance. +Event streaming is enabled if: -You need the ID values returned by this query for the update and delete mutations. +- The returned `errors` object is empty. +- The API responds with `200 OK`. -### Google Cloud Logging configurations +#### List Google Cloud Logging configurations -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/409422) in GitLab 16.1. +List all Google Cloud Logging configuration destinations for a top-level group. Prerequisite: @@ -333,59 +374,68 @@ If the resulting list is empty, then audit streaming is not enabled for the grou You need the ID values returned by this query for the update and delete mutations. -## Update streaming destinations +#### Update Google Cloud Logging configurations -Update streaming destinations for a top-level group or an entire instance. +Update a Google Cloud Logging configuration destinations for a top-level group. -### Top-level group streaming destinations - -Prerequisites: +Prerequisite: - Owner role for a top-level group. -Users with the Owner role for a group can update streaming destinations' custom HTTP headers using the -`auditEventsStreamingHeadersUpdate` mutation type. You can retrieve the custom HTTP headers ID -by [listing all the custom HTTP headers](#list-streaming-destinations) for the group. +To update streaming configuration for a top-level group, use the +`googleCloudLoggingConfigurationUpdate` mutation type. You can retrieve the configuration ID +by [listing all the external destinations](#list-streaming-destinations). ```graphql mutation { - externalAuditEventDestinationUpdate(input: { - id:"gid://gitlab/AuditEvents::ExternalAuditEventDestination/1", - destinationUrl: "https://www.new-domain.com/webhook", - name: "destination-name"} ) { + googleCloudLoggingConfigurationUpdate( + input: {id: "gid://gitlab/AuditEvents::GoogleCloudLoggingConfiguration/1", googleProjectIdName: "my-google-project", clientEmail: "my-email@my-google-project.iam.gservice.account.com", privateKey: "YOUR_PRIVATE_KEY", logIdName: "audit-events"} + ) { errors - externalAuditEventDestination { + googleCloudLoggingConfiguration { id - name - destinationUrl - verificationToken - group { - name - } + logIdName + privateKey + googleProjectIdName + clientEmail } } } ``` -Streaming destination is updated if: +Streaming configuration is updated if: - The returned `errors` object is empty. - The API responds with `200 OK`. -Group owners can remove an HTTP header using the GraphQL `auditEventsStreamingHeadersDestroy` mutation. You can retrieve the header ID -by [listing all the custom HTTP headers](#list-streaming-destinations) for the group. +#### Delete Google Cloud Logging configurations + +Delete streaming destinations for a top-level group. + +When the last destination is successfully deleted, streaming is disabled for the group. + +Prerequisite: + +- Owner role for a top-level group. + +Users with the Owner role for a group can delete streaming configurations using the +`googleCloudLoggingConfigurationDestroy` mutation type. You can retrieve the configurations ID +by [listing all the streaming destinations](#list-streaming-destinations) for the group. ```graphql mutation { - auditEventsStreamingHeadersDestroy(input: { headerId: "gid://gitlab/AuditEvents::Streaming::Header/1" }) { + googleCloudLoggingConfigurationDestroy(input: { id: "gid://gitlab/AuditEvents::GoogleCloudLoggingConfiguration/1" }) { errors } } ``` -The header is deleted if the returned `errors` object is empty. +Streaming configuration is deleted if: + +- The returned `errors` object is empty. +- The API responds with `200 OK`. -### Instance streaming destinations +## Instance streaming destinations **(ULTIMATE SELF)** > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/335175) in GitLab 16.0 [with a flag](../feature_flags.md) named `ff_external_audit_events`. Disabled by default. > - [Feature flag `ff_external_audit_events`](https://gitlab.com/gitlab-org/gitlab/-/issues/393772) enabled by default in GitLab 16.2. @@ -394,20 +444,22 @@ FLAG: On self-managed GitLab, by default this feature is enabled. To disable it, an administrator can [disable the feature flag](../feature_flags.md) named `ff_external_audit_events`. On GitLab.com, this feature is available but can be configured by GitLab.com administrators only. The feature is ready for production use. +Manage HTTP streaming destinations for an entire instance. + +### Add a new HTTP destination + +Add a new HTTP streaming destination to an instance. + Prerequisites: - Administrator access on the instance. -To update streaming destinations for an instance, use the -`instanceExternalAuditEventDestinationUpdate` mutation type. You can retrieve the destination ID -by [listing all the external destinations](#list-streaming-destinations) for the instance. +To enable streaming and add a destination, use the +`instanceExternalAuditEventDestinationCreate` mutation in the GraphQL API. ```graphql mutation { - instanceExternalAuditEventDestinationUpdate(input: { - id: "gid://gitlab/AuditEvents::InstanceExternalAuditEventDestination/1", - destinationUrl: "https://www.new-domain.com/webhook", - name: "destination-name"}) { + instanceExternalAuditEventDestinationCreate(input: { destinationUrl: "https://mydomain.io/endpoint/ingest"}) { errors instanceExternalAuditEventDestination { destinationUrl @@ -419,18 +471,40 @@ mutation { } ``` -Streaming destination is updated if: +Event streaming is enabled if: - The returned `errors` object is empty. - The API responds with `200 OK`. -Instance administrators can update streaming destinations custom HTTP headers using the -`auditEventsStreamingInstanceHeadersUpdate` mutation type. You can retrieve the custom HTTP headers ID -by [listing all the custom HTTP headers](#list-streaming-destinations) for the instance. +You can optionally specify your own destination name (instead of the default GitLab-generated one) using the GraphQL +`instanceExternalAuditEventDestinationCreate` +mutation. Name length must not exceed 72 characters and trailing whitespace are not trimmed. This value should be unique. For example: ```graphql mutation { - auditEventsStreamingInstanceHeadersUpdate(input: { headerId: "gid://gitlab/AuditEvents::Streaming::InstanceHeader/2", key: "new-key", value: "new-value" }) { + instanceExternalAuditEventDestinationCreate(input: { destinationUrl: "https://mydomain.io/endpoint/ingest", name: "destination-name-here"}) { + errors + instanceExternalAuditEventDestination { + destinationUrl + id + name + verificationToken + } + } +} +``` + +Instance administrators can add an HTTP header using the GraphQL `auditEventsStreamingInstanceHeadersCreate` mutation. You can retrieve the destination ID +by [listing all the streaming destinations](#list-streaming-destinations) for the instance or from the mutation above. + +```graphql +mutation { + auditEventsStreamingInstanceHeadersCreate(input: + { + destinationId: "gid://gitlab/AuditEvents::InstanceExternalAuditEventDestination/42", + key: "foo", + value: "bar" + }) { errors header { id @@ -441,92 +515,101 @@ mutation { } ``` -The header is updated if the returned `errors` object is empty. +The header is created if the returned `errors` object is empty. -### Google Cloud Logging configurations +### List streaming destinations -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/409422) in GitLab 16.1. +List all HTTP streaming destinations for an instance. -Prerequisite: +Prerequisites: -- Owner role for a top-level group. +- Administrator access on the instance. -To update streaming configuration for a top-level group, use the -`googleCloudLoggingConfigurationUpdate` mutation type. You can retrieve the configuration ID -by [listing all the external destinations](#list-streaming-destinations). +To view a list of streaming destinations for an instance, use the +`instanceExternalAuditEventDestinations` query type. ```graphql -mutation { - googleCloudLoggingConfigurationUpdate( - input: {id: "gid://gitlab/AuditEvents::GoogleCloudLoggingConfiguration/1", googleProjectIdName: "my-google-project", clientEmail: "my-email@my-google-project.iam.gservice.account.com", privateKey: "YOUR_PRIVATE_KEY", logIdName: "audit-events"} - ) { - errors - googleCloudLoggingConfiguration { +query { + instanceExternalAuditEventDestinations { + nodes { id - logIdName - privateKey - googleProjectIdName - clientEmail + name + destinationUrl + verificationToken + headers { + nodes { + id + key + value + } + } } } } ``` -Streaming configuration is updated if: - -- The returned `errors` object is empty. -- The API responds with `200 OK`. - -## Delete streaming destinations +If the resulting list is empty, then audit streaming is not enabled for the instance. -Delete streaming destinations for a top-level group or an entire instance. +You need the ID values returned by this query for the update and delete mutations. -When the last destination is successfully deleted, streaming is disabled for the group or the instance. +### Update streaming destinations -### Top-level group streaming destinations +Update a HTTP streaming destination for an instance. Prerequisites: -- Owner role for a top-level group. +- Administrator access on the instance. -Users with the Owner role for a group can delete streaming destinations using the -`externalAuditEventDestinationDestroy` mutation type. You can retrieve the destinations ID -by [listing all the streaming destinations](#list-streaming-destinations) for the group. +To update streaming destinations for an instance, use the +`instanceExternalAuditEventDestinationUpdate` mutation type. You can retrieve the destination ID +by [listing all the external destinations](#list-streaming-destinations-1) for the instance. ```graphql mutation { - externalAuditEventDestinationDestroy(input: { id: destination }) { + instanceExternalAuditEventDestinationUpdate(input: { + id: "gid://gitlab/AuditEvents::InstanceExternalAuditEventDestination/1", + destinationUrl: "https://www.new-domain.com/webhook", + name: "destination-name"}) { errors + instanceExternalAuditEventDestination { + destinationUrl + id + name + verificationToken + } } } ``` -Streaming destination is deleted if: +Streaming destination is updated if: - The returned `errors` object is empty. - The API responds with `200 OK`. -Group owners can remove an HTTP header using the GraphQL `auditEventsStreamingHeadersDestroy` mutation. You can retrieve the header ID -by [listing all the custom HTTP headers](#list-streaming-destinations) for the group. +Instance administrators can update streaming destinations custom HTTP headers using the +`auditEventsStreamingInstanceHeadersUpdate` mutation type. You can retrieve the custom HTTP headers ID +by [listing all the custom HTTP headers](#list-streaming-destinations-1) for the instance. ```graphql mutation { - auditEventsStreamingHeadersDestroy(input: { headerId: "gid://gitlab/AuditEvents::Streaming::Header/1" }) { + auditEventsStreamingInstanceHeadersUpdate(input: { headerId: "gid://gitlab/AuditEvents::Streaming::InstanceHeader/2", key: "new-key", value: "new-value" }) { errors + header { + id + key + value + } } } ``` -The header is deleted if the returned `errors` object is empty. +The header is updated if the returned `errors` object is empty. -### Instance streaming destinations +### Delete streaming destinations -> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/335175) in GitLab 16.0 [with a flag](../feature_flags.md) named `ff_external_audit_events`. Disabled by default. -> - [Feature flag `ff_external_audit_events`](https://gitlab.com/gitlab-org/gitlab/-/issues/393772) enabled by default in GitLab 16.2. +Delete streaming destinations for an entire instance. -FLAG: -On self-managed GitLab, by default this feature is enabled. To disable it, an administrator can [disable the feature flag](../feature_flags.md) named -`ff_external_audit_events`. On GitLab.com, this feature is available but can be configured by GitLab.com administrators only. The feature is ready for production use. +When the last destination is successfully deleted, streaming is disabled for the instance. Prerequisites: @@ -534,7 +617,7 @@ Prerequisites: To delete streaming destinations, use the `instanceExternalAuditEventDestinationDestroy` mutation type. You can retrieve the destinations ID -by [listing all the streaming destinations](#list-streaming-destinations) for the instance. +by [listing all the streaming destinations](#list-streaming-destinations-1) for the instance. ```graphql mutation { @@ -562,85 +645,3 @@ mutation { ``` The header is deleted if the returned `errors` object is empty. - -### Google Cloud Logging configurations - -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/409422) in GitLab 16.1. - -Prerequisite: - -- Owner role for a top-level group. - -Users with the Owner role for a group can delete streaming configurations using the -`googleCloudLoggingConfigurationDestroy` mutation type. You can retrieve the configurations ID -by [listing all the streaming destinations](#list-streaming-destinations) for the group. - -```graphql -mutation { - googleCloudLoggingConfigurationDestroy(input: { id: "gid://gitlab/AuditEvents::GoogleCloudLoggingConfiguration/1" }) { - errors - } -} -``` - -Streaming configuration is deleted if: - -- The returned `errors` object is empty. -- The API responds with `200 OK`. - -## Event type filters - -> Event type filters API [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/344845) in GitLab 15.7. - -When this feature is enabled for a group, you can use an API to permit users to filter streamed audit events per destination. -If the feature is enabled with no filters, the destination receives all audit events. - -A streaming destination that has an event type filter set has a **filtered** (**{filter}**) label. - -### Use the API to add an event type filter - -Prerequisites: - -- You must have the Owner role for the group. - -You can add a list of event type filters using the `auditEventsStreamingDestinationEventsAdd` query type: - -```graphql -mutation { - auditEventsStreamingDestinationEventsAdd(input: { - destinationId: "gid://gitlab/AuditEvents::ExternalAuditEventDestination/1", - eventTypeFilters: ["list of event type filters"]}){ - errors - eventTypeFilters - } -} -``` - -Event type filters are added if: - -- The returned `errors` object is empty. -- The API responds with `200 OK`. - -### Use the API to remove an event type filter - -Prerequisites: - -- You must have the Owner role for the group. - -You can remove a list of event type filters using the `auditEventsStreamingDestinationEventsRemove` query type: - -```graphql -mutation { - auditEventsStreamingDestinationEventsRemove(input: { - destinationId: "gid://gitlab/AuditEvents::ExternalAuditEventDestination/1", - eventTypeFilters: ["list of event type filters"] - }){ - errors - } -} -``` - -Event type filters are removed if: - -- The returned `errors` object is empty. -- The API responds with `200 OK`. diff --git a/doc/ci/runners/configure_runners.md b/doc/ci/runners/configure_runners.md index 9424f8ea846..7123dd715b8 100644 --- a/doc/ci/runners/configure_runners.md +++ b/doc/ci/runners/configure_runners.md @@ -57,59 +57,47 @@ How this feature works: 1. You start a job 1. The job, if running longer, times out after **30 minutes** -## Be careful with sensitive information +## Protecting sensitive information -With some [runner executors](https://docs.gitlab.com/runner/executors/), -if you can run a job on the runner, you can get full access to the file system, -and thus any code it runs as well as the token of the runner. With shared runners, this means that anyone -that runs jobs on the runner, can access another user's code that runs on the -runner. +To avoid exposing sensitive information, you can restrict the usage +of shared runners on large GitLab instances. This ensures that you +control access to your GitLab instances and secure [runner executors](https://docs.gitlab.com/runner/executors/). -In addition, because you can get access to the runner token, it is possible -to create a clone of a runner and submit false jobs, for example. - -The above is easily avoided by restricting the usage of shared runners -on large public GitLab instances, controlling access to your GitLab instance, -and using more secure [runner executors](https://docs.gitlab.com/runner/executors/). +If certain executors run a job, the file system, the code the runner executes, +and the runner token may be exposed. This means that anyone that runs jobs +on a _shared runner_ can access another user's code that runs on the runner. +Users with access to the runner token can use it to create a clone of +a runner and submit false jobs in a vector attack. For more information, see [Security Considerations](https://docs.gitlab.com/runner/security/). ### Prevent runners from revealing sensitive information -> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/13194) in GitLab 10.0. - -You can protect runners so they don't reveal sensitive information. -When a runner is protected, the runner picks jobs created on -[protected branches](../../user/project/protected_branches.md) or [protected tags](../../user/project/protected_tags.md) only, -and ignores other jobs. +To ensure runners don't reveal sensitive information, you can configure them to only run jobs +on [protected branches](../../user/project/protected_branches.md), or jobs that have [protected tags](../../user/project/protected_tags.md). -To protect or unprotect a runner: +To prevent runners from revealing sensitive information: -1. Go to the project's **Settings > CI/CD** and expand the **Runners** section. -1. Find the runner you want to protect or unprotect. Make sure it's enabled. -1. Select the pencil button. -1. Check the **Protected** option. +1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your project. +1. Select **Settings > CI/CD**. +1. Expand **Runners**. +1. Find the runner you want to protect or unprotect. Make sure the runner is enabled. +1. Select **Edit** (**{pencil}**). +1. Select the **Protected** checkbox. 1. Select **Save changes**. -![Protect project runners checkbox](img/protected_runners_check_box_v14_1.png) - -### Forks +### Using shared runners in forked projects -Whenever a project is forked, it copies the settings of the jobs that relate -to it. This means that if you have shared runners set up for a project and -someone forks that project, the shared runners serve jobs of this project. +When a project is forked, the job settings related to jobs are copied. If you have shared runners +configured for a project and a user forks that project, the shared runners serve jobs of this project. -Because of a [known issue](https://gitlab.com/gitlab-org/gitlab/-/issues/364303), you might encounter the message `An error occurred while forking the project. Please try again.` if the runner settings of the project you are forking does not match the new project namespace. +Due to a [known issue](https://gitlab.com/gitlab-org/gitlab/-/issues/364303), if the runner settings +of the forked project does not match the new project namespace, the following message displays: +`An error occurred while forking the project. Please try again.`. -To work around this issue, you should make sure that the shared runner settings are consistent in the forked project and the new namespace. +To work around this issue, ensure that the shared runner settings are consistent in the forked project and the new namespace. - If shared runners are **enabled** on the forked project, then this should also be **enabled** on the new namespace. - If shared runners are **disabled** on the forked project, then this should also be **disabled** on the new namespace. -### Attack vectors in runners - -Mentioned briefly earlier, but the following things of runners can be exploited. -We're always looking for contributions that can mitigate these -[Security Considerations](https://docs.gitlab.com/runner/security/). - ### Reset the runner registration token for a project If you think that a registration token for a project was revealed, you should @@ -142,19 +130,13 @@ To verify that the previous authentication token has been revoked, use the [Runn ## Use tags to control which jobs a runner can run -You must set up a runner to be able to run all the different types of jobs -that it may encounter on the projects it's shared over. This would be -problematic for large amounts of projects, if it weren't for tags. +You can use [tags](../yaml/index.md#tags) to ensure that runners only run the jobs they are equipped +to run. For example, you can specify the `rails` tag for runners that have the dependencies to run +Rails test suites. -GitLab CI/CD tags are not the same as Git tags. GitLab CI/CD tags are associated with runners. +GitLab CI/CD tags are different to Git tags. GitLab CI/CD tags are associated with runners. Git tags are associated with commits. -By tagging a runner for the types of jobs it can handle, you can make sure -shared runners will [only run the jobs they are equipped to run](../yaml/index.md#tags). - -For instance, at GitLab we have runners tagged with `rails` if they contain -the appropriate dependencies to run Rails test suites. - ### Set a runner to run untagged jobs When you [register a runner](https://docs.gitlab.com/runner/register/), its default behavior is to **only pick** @@ -302,9 +284,6 @@ When using the Kubernetes executor, you can use variables to ### Git strategy -> - Introduced in GitLab 8.9 as an experimental feature. -> - `GIT_STRATEGY=none` requires GitLab Runner v1.7+. - You can set the `GIT_STRATEGY` used to fetch the repository content, either globally or per-job in the [`variables`](../yaml/index.md#variables) section: @@ -341,8 +320,6 @@ rely on files brought into the local working copy from cache or artifacts. ### Git submodule strategy -> Requires GitLab Runner v1.10+. - The `GIT_SUBMODULE_STRATEGY` variable is used to control if / how Git submodules are included when fetching the code before a build. You can set them globally or per-job in the [`variables`](../yaml/index.md#variables) section. @@ -381,8 +358,6 @@ You can provide additional flags to control advanced behavior using [`GIT_SUBMOD ### Git checkout -> Introduced in GitLab Runner 9.3. - The `GIT_CHECKOUT` variable can be used when the `GIT_STRATEGY` is set to either `clone` or `fetch` to specify whether a `git checkout` should be run. If not specified, it defaults to true. You can set them globally or per-job in the @@ -410,8 +385,6 @@ script: ### Git clean flags -> Introduced in GitLab Runner 11.10 - The `GIT_CLEAN_FLAGS` variable is used to control the default behavior of `git clean` after checking out the sources. You can set it globally or per-job in the [`variables`](../yaml/index.md#variables) section. @@ -437,8 +410,6 @@ script: ### Git fetch extra flags -> [Introduced](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/4142) in GitLab Runner 13.1. - Use the `GIT_FETCH_EXTRA_FLAGS` variable to control the behavior of `git fetch`. You can set it globally or per-job in the [`variables`](../yaml/index.md#variables) section. @@ -503,8 +474,6 @@ to wrap the string in single quotes so the YAML can be parsed successfully. ### Git submodule update flags -> [Introduced](https://gitlab.com/gitlab-org/gitlab-runner/-/merge_requests/3192) in GitLab Runner 14.8. - Use the `GIT_SUBMODULE_UPDATE_FLAGS` variable to control the behavior of `git submodule update` when [`GIT_SUBMODULE_STRATEGY`](#git-submodule-strategy) is set to either `normal` or `recursive`. You can set it globally or per-job in the [`variables`](../yaml/index.md#variables) section. @@ -561,8 +530,6 @@ the permissions of the user executing the job, and does not require SSH credenti ### Shallow cloning -> Introduced in GitLab 8.9 as an experimental feature. - You can specify the depth of fetching and cloning using `GIT_DEPTH`. `GIT_DEPTH` does a shallow clone of the repository and can significantly speed up cloning. It can be helpful for repositories with a large number of commits or old, large binaries. The value is @@ -613,8 +580,6 @@ variables: ### Custom build directories -> [Introduced](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/2211) in GitLab Runner 11.10. - By default, GitLab Runner clones the repository in a unique subpath of the `$CI_BUILDS_DIR` directory. However, your project might require the code in a specific directory (Go projects, for example). In that case, you can specify @@ -696,8 +661,6 @@ because `$CI_BUILDS_DIR` is not expanded. ### Job stages attempts -> Introduced in GitLab, it requires GitLab Runner v1.9+. - You can set the number of attempts that the running job tries to execute the following stages: @@ -725,8 +688,6 @@ GitLab.com shared runners run on CoreOS. This means that you cannot use some sys ## Artifact and cache settings -> Introduced in GitLab Runner 13.9. - Artifact and cache settings control the compression ratio of artifacts and caches. Use these settings to specify the size of the archive produced by a job. diff --git a/doc/ci/runners/img/protected_runners_check_box_v14_1.png b/doc/ci/runners/img/protected_runners_check_box_v14_1.png Binary files differdeleted file mode 100644 index d67085d83f9..00000000000 --- a/doc/ci/runners/img/protected_runners_check_box_v14_1.png +++ /dev/null diff --git a/doc/user/project/repository/forking_workflow.md b/doc/user/project/repository/forking_workflow.md index 819d91f9d0c..b5f59f14a5b 100644 --- a/doc/user/project/repository/forking_workflow.md +++ b/doc/user/project/repository/forking_workflow.md @@ -202,7 +202,7 @@ to share objects with another repository: ### Error: `An error occurred while forking the project. Please try again` This error can be due to a mismatch in shared runner settings between the forked project -and the new namespace. See [Forks](../../../ci/runners/configure_runners.md#forks) +and the new namespace. See [Forks](../../../ci/runners/configure_runners.md#using-shared-runners-in-forked-projects) in the Runner documentation for more information. ### Removing fork relationship fails diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 0448c36d5bd..b344ef112eb 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -40827,12 +40827,24 @@ msgstr "" msgid "ScanExecutionPolicy|Conditions" msgstr "" +msgid "ScanExecutionPolicy|Create new scan profile" +msgstr "" + +msgid "ScanExecutionPolicy|Create new site profile" +msgstr "" + msgid "ScanExecutionPolicy|Customized CI variables:" msgstr "" msgid "ScanExecutionPolicy|Customized variables will overwrite ones defined in the project CI/CD file and settings" msgstr "" +msgid "ScanExecutionPolicy|DAST scan profiles" +msgstr "" + +msgid "ScanExecutionPolicy|DAST site profiles" +msgstr "" + msgid "ScanExecutionPolicy|Key" msgstr "" @@ -40848,9 +40860,6 @@ msgstr "" msgid "ScanExecutionPolicy|Only one variable can be added at a time." msgstr "" -msgid "ScanExecutionPolicy|Run a %{scan} scan with %{dastProfiles} with the following options:" -msgstr "" - msgid "ScanExecutionPolicy|Run a %{scan} scan with the following options:" msgstr "" @@ -40860,9 +40869,6 @@ msgstr "" msgid "ScanExecutionPolicy|Runner tags:" msgstr "" -msgid "ScanExecutionPolicy|Scanner profile" -msgstr "" - msgid "ScanExecutionPolicy|Schedule rule component" msgstr "" @@ -40893,9 +40899,6 @@ msgstr "" msgid "ScanExecutionPolicy|Select timezone" msgstr "" -msgid "ScanExecutionPolicy|Site profile" -msgstr "" - msgid "ScanExecutionPolicy|Tags" msgstr "" @@ -40926,9 +40929,6 @@ msgstr "" msgid "ScanExecutionPolicy|on the Kubernetes agent pod" msgstr "" -msgid "ScanExecutionPolicy|scanner profile %{scannerProfile} and site profile %{siteProfile}" -msgstr "" - msgid "ScanExecutionPolicy|selected automatically" msgstr "" diff --git a/qa/qa/specs/features/browser_ui/5_package/container_registry/saas/pull_container_registry_image_spec.rb b/qa/qa/specs/features/browser_ui/5_package/container_registry/saas/pull_container_registry_image_spec.rb index 85a88b54cc2..c2db5062962 100644 --- a/qa/qa/specs/features/browser_ui/5_package/container_registry/saas/pull_container_registry_image_spec.rb +++ b/qa/qa/specs/features/browser_ui/5_package/container_registry/saas/pull_container_registry_image_spec.rb @@ -2,7 +2,7 @@ module QA RSpec.describe 'Package' do - describe 'SaaS Container Registry', only: { subdomain: %i[staging] }, product_group: :container_registry do + describe 'SaaS Container Registry', :smoke, only: { subdomain: %i[staging] }, product_group: :container_registry do let(:project) do Resource::Project.init do |project| project.path_with_namespace = 'gitlab-qa/container-registry-sanity' diff --git a/spec/frontend/ci/pipeline_editor/mock_data.js b/spec/frontend/ci/pipeline_editor/mock_data.js index 54bbaa15ecf..007abde939f 100644 --- a/spec/frontend/ci/pipeline_editor/mock_data.js +++ b/spec/frontend/ci/pipeline_editor/mock_data.js @@ -1,5 +1,6 @@ import { CI_CONFIG_STATUS_INVALID, CI_CONFIG_STATUS_VALID } from '~/ci/pipeline_editor/constants'; import { unwrapStagesWithNeeds } from '~/pipelines/components/unwrapping_utils'; +import { DOCS_URL_IN_EE_DIR } from 'jh_else_ce/lib/utils/url_utility'; export const commonOptions = { ciConfigPath: '/ci/config', @@ -601,7 +602,7 @@ export const mockErrors = [ ]; export const mockWarnings = [ - '"jobs:multi_project_job may allow multiple pipelines to run for a single action due to `rules:when` clause with no `workflow:rules` - read more: https://docs.gitlab.com/ee/ci/troubleshooting.html#pipeline-warnings"', + `"jobs:multi_project_job may allow multiple pipelines to run for a single action due to \`rules:when\` clause with no \`workflow:rules\` - read more: ${DOCS_URL_IN_EE_DIR}/ci/troubleshooting.html#pipeline-warnings"`, ]; export const mockCommitCreateResponse = { diff --git a/spec/frontend/ci/pipeline_new/mock_data.js b/spec/frontend/ci/pipeline_new/mock_data.js index 76a88f63298..72a491bb946 100644 --- a/spec/frontend/ci/pipeline_new/mock_data.js +++ b/spec/frontend/ci/pipeline_new/mock_data.js @@ -1,3 +1,5 @@ +import { DOCS_URL_IN_EE_DIR } from 'jh_else_ce/lib/utils/url_utility'; + export const mockFilteredRefs = { Branches: ['branch-1'], Tags: ['1.0.0', '1.1.0'], @@ -28,9 +30,9 @@ export const mockError = { 'test job: chosen stage does not exist; available stages are .pre, build, test, deploy, .post', ], warnings: [ - 'jobs:build1 may allow multiple pipelines to run for a single action due to `rules:when` clause with no `workflow:rules` - read more: https://docs.gitlab.com/ee/ci/troubleshooting.html#pipeline-warnings', - 'jobs:build2 may allow multiple pipelines to run for a single action due to `rules:when` clause with no `workflow:rules` - read more: https://docs.gitlab.com/ee/ci/troubleshooting.html#pipeline-warnings', - 'jobs:build3 may allow multiple pipelines to run for a single action due to `rules:when` clause with no `workflow:rules` - read more: https://docs.gitlab.com/ee/ci/troubleshooting.html#pipeline-warnings', + `jobs:build1 may allow multiple pipelines to run for a single action due to \`rules:when\` clause with no \`workflow:rules\` - read more: ${DOCS_URL_IN_EE_DIR}/ci/troubleshooting.html#pipeline-warnings`, + `jobs:build2 may allow multiple pipelines to run for a single action due to \`rules:when\` clause with no \`workflow:rules\` - read more: ${DOCS_URL_IN_EE_DIR}/ci/troubleshooting.html#pipeline-warnings`, + `jobs:build3 may allow multiple pipelines to run for a single action due to \`rules:when\` clause with no \`workflow:rules\` - read more: ${DOCS_URL_IN_EE_DIR}/ci/troubleshooting.html#pipeline-warnings`, ], total_warnings: 7, }; diff --git a/spec/frontend/jobs/components/job/sidebar_detail_row_spec.js b/spec/frontend/jobs/components/job/sidebar_detail_row_spec.js index fd27004816a..546f5392caf 100644 --- a/spec/frontend/jobs/components/job/sidebar_detail_row_spec.js +++ b/spec/frontend/jobs/components/job/sidebar_detail_row_spec.js @@ -1,12 +1,13 @@ import { shallowMountExtended } from 'helpers/vue_test_utils_helper'; import SidebarDetailRow from '~/jobs/components/job/sidebar/sidebar_detail_row.vue'; +import { DOCS_URL } from 'jh_else_ce/lib/utils/url_utility'; describe('Sidebar detail row', () => { let wrapper; const title = 'this is the title'; const value = 'this is the value'; - const helpUrl = 'https://docs.gitlab.com/runner/register/index.html'; + const helpUrl = `${DOCS_URL}/runner/register/index.html`; const path = 'path/to/value'; const findHelpLink = () => wrapper.findByTestId('job-sidebar-help-link'); diff --git a/spec/frontend/lib/utils/url_utility_spec.js b/spec/frontend/lib/utils/url_utility_spec.js index e54ad674a36..f35b25fdf04 100644 --- a/spec/frontend/lib/utils/url_utility_spec.js +++ b/spec/frontend/lib/utils/url_utility_spec.js @@ -1107,6 +1107,7 @@ describe('URL utility', () => { describe('defaultPromoUrl', () => { it('Gitlab about page url', () => { + // eslint-disable-next-line no-restricted-syntax const url = 'https://about.gitlab.com'; expect(urlUtils.PROMO_URL).toBe(url); diff --git a/spec/frontend/vue_shared/components/markdown/toolbar_spec.js b/spec/frontend/vue_shared/components/markdown/toolbar_spec.js index 5bf11ff2b26..90d8ce3b500 100644 --- a/spec/frontend/vue_shared/components/markdown/toolbar_spec.js +++ b/spec/frontend/vue_shared/components/markdown/toolbar_spec.js @@ -3,6 +3,7 @@ import Toolbar from '~/vue_shared/components/markdown/toolbar.vue'; import EditorModeSwitcher from '~/vue_shared/components/markdown/editor_mode_switcher.vue'; import { updateText } from '~/lib/utils/text_markdown'; import { setHTMLFixture, resetHTMLFixture } from 'helpers/fixtures'; +import { PROMO_URL } from 'jh_else_ce/lib/utils/url_utility'; jest.mock('~/lib/utils/text_markdown'); @@ -98,7 +99,7 @@ describe('toolbar', () => { expect.objectContaining({ tag: `### Rich text editor -Try out **styling** _your_ content right here or read the [direction](https://about.gitlab.com/direction/plan/knowledge/content_editor/).`, +Try out **styling** _your_ content right here or read the [direction](${PROMO_URL}/direction/plan/knowledge/content_editor/).`, textArea: document.querySelector('textarea'), cursorOffset: 0, wrap: false, diff --git a/spec/frontend/whats_new/components/feature_spec.js b/spec/frontend/whats_new/components/feature_spec.js index d69ac2803df..0898e85003e 100644 --- a/spec/frontend/whats_new/components/feature_spec.js +++ b/spec/frontend/whats_new/components/feature_spec.js @@ -1,5 +1,6 @@ import { shallowMount } from '@vue/test-utils'; import Feature from '~/whats_new/components/feature.vue'; +import { DOCS_URL_IN_EE_DIR } from 'jh_else_ce/lib/utils/url_utility'; describe("What's new single feature", () => { /** @type {import("@vue/test-utils").Wrapper} */ @@ -13,8 +14,7 @@ describe("What's new single feature", () => { 'self-managed': true, 'gitlab-com': true, available_in: ['Ultimate'], - documentation_link: - 'https://docs.gitlab.com/ee/user/project/settings/#compliance-pipeline-configuration', + documentation_link: `${DOCS_URL_IN_EE_DIR}/user/project/settings/#compliance-pipeline-configuration`, image_url: 'https://img.youtube.com/vi/upLJ_equomw/hqdefault.jpg', published_at: '2021-04-22T00:00:00.000Z', release: '13.11', diff --git a/spec/helpers/markup_helper_spec.rb b/spec/helpers/markup_helper_spec.rb index 562d6683d97..22d1113ee8c 100644 --- a/spec/helpers/markup_helper_spec.rb +++ b/spec/helpers/markup_helper_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe MarkupHelper do +RSpec.describe MarkupHelper, feature_category: :team_planning do let_it_be(:project) { create(:project, :repository) } let_it_be(:user) do user = create(:user, username: 'gfm') @@ -461,7 +461,7 @@ RSpec.describe MarkupHelper do it 'displays the first line of a code block' do object = create_object("```\nCode block\nwith two lines\n```") - expected = %r{<pre.+><code><span class="line">Code block\.\.\.</span>\n</code></pre>} + expected = %r{<pre.+><code><span class="line">Code block\.\.\.</span></code></pre>} expect(helper.first_line_in_markdown(object, attribute, 100, is_todo: true, project: project)).to match(expected) end @@ -477,7 +477,7 @@ RSpec.describe MarkupHelper do it 'preserves code color scheme' do object = create_object("```ruby\ndef test\n 'hello world'\nend\n```") expected = "\n<pre class=\"code highlight js-syntax-highlight language-ruby\">" \ - "<code><span class=\"line\"><span class=\"k\">def</span> <span class=\"nf\">test</span>...</span>\n" \ + "<code><span class=\"line\"><span class=\"k\">def</span> <span class=\"nf\">test</span>...</span>" \ "</code></pre>\n" expect(helper.first_line_in_markdown(object, attribute, 150, is_todo: true, project: project)).to eq(expected) diff --git a/spec/lib/banzai/filter/truncate_visible_filter_spec.rb b/spec/lib/banzai/filter/truncate_visible_filter_spec.rb index 0d352850682..d55d54f766d 100644 --- a/spec/lib/banzai/filter/truncate_visible_filter_spec.rb +++ b/spec/lib/banzai/filter/truncate_visible_filter_spec.rb @@ -44,7 +44,7 @@ RSpec.describe Banzai::Filter::TruncateVisibleFilter, feature_category: :team_pl describe 'truncates the first line of a code block' do let(:markdown) { "```\nCode block\nwith two lines\n```" } - let(:expected) { "Code block...</span>\n</code>" } + let(:expected) { "Code block...</span></code>" } it_behaves_like 'truncates text' end |