Commit 7b4d7401 authored by GitLab Bot's avatar GitLab Bot

Automatic merge of gitlab-org/gitlab master

parents 4d7e489e 2d7b448d
...@@ -124,9 +124,9 @@ class ObjectStoreSettings ...@@ -124,9 +124,9 @@ class ObjectStoreSettings
target_config = common_config.merge(overrides.slice(*ALLOWED_OBJECT_STORE_OVERRIDES)) target_config = common_config.merge(overrides.slice(*ALLOWED_OBJECT_STORE_OVERRIDES))
section = settings.try(store_type) section = settings.try(store_type)
next unless section next unless uses_object_storage?(section)
if section['enabled'] && target_config['bucket'].blank? if target_config['bucket'].blank?
missing_bucket_for(store_type) missing_bucket_for(store_type)
next next
end end
...@@ -140,10 +140,26 @@ class ObjectStoreSettings ...@@ -140,10 +140,26 @@ class ObjectStoreSettings
target_config['consolidated_settings'] = true target_config['consolidated_settings'] = true
section['object_store'] = target_config section['object_store'] = target_config
end end
settings
end end
private private
# Admins can selectively disable object storage for a specific type. If
# this hasn't been set, we assume that the consolidated settings
# should be used.
def uses_object_storage?(section)
# Use to_h to avoid https://gitlab.com/gitlab-org/gitlab/-/issues/286873
section = section.to_h
enabled_globally = section.fetch('enabled', false)
object_store_settings = section.fetch('object_store', {})
os_enabled = object_store_settings.fetch('enabled', true)
enabled_globally && os_enabled
end
# We only can use the common object storage settings if: # We only can use the common object storage settings if:
# 1. The common settings are defined # 1. The common settings are defined
# 2. The legacy settings are not defined # 2. The legacy settings are not defined
...@@ -152,8 +168,9 @@ class ObjectStoreSettings ...@@ -152,8 +168,9 @@ class ObjectStoreSettings
return false unless settings.dig('object_store', 'connection').present? return false unless settings.dig('object_store', 'connection').present?
WORKHORSE_ACCELERATED_TYPES.each do |store| WORKHORSE_ACCELERATED_TYPES.each do |store|
# to_h is needed because something strange happens to # to_h is needed because we define `default` as a Gitaly storage name
# Settingslogic#dig when stub_storage_settings is run in tests: # in stub_storage_settings. This causes Settingslogic to redefine Hash#default,
# which causes Hash#dig to fail when the key doesn't exist: https://gitlab.com/gitlab-org/gitlab/-/issues/286873
# #
# (byebug) section.dig # (byebug) section.dig
# *** ArgumentError Exception: wrong number of arguments (given 0, expected 1+) # *** ArgumentError Exception: wrong number of arguments (given 0, expected 1+)
......
...@@ -2,6 +2,7 @@ Akismet ...@@ -2,6 +2,7 @@ Akismet
Alertmanager Alertmanager
Algolia Algolia
Alibaba Alibaba
Aliyun
allowlist allowlist
allowlisted allowlisted
allowlisting allowlisting
...@@ -34,6 +35,7 @@ autoscaler ...@@ -34,6 +35,7 @@ autoscaler
autoscales autoscales
autoscaling autoscaling
awardable awardable
awardables
Axios Axios
Azure Azure
B-tree B-tree
...@@ -111,6 +113,7 @@ Dangerfile ...@@ -111,6 +113,7 @@ Dangerfile
datetime datetime
Debian Debian
Decompressor Decompressor
decryptable
deduplicate deduplicate
deduplicated deduplicated
deduplicates deduplicates
...@@ -168,6 +171,7 @@ Figma ...@@ -168,6 +171,7 @@ Figma
Filebeat Filebeat
Fio Fio
firewalled firewalled
firewalling
Flawfinder Flawfinder
Flowdock Flowdock
Fluentd Fluentd
...@@ -272,6 +276,7 @@ libFuzzer ...@@ -272,6 +276,7 @@ libFuzzer
Libravatar Libravatar
liveness liveness
Lograge Lograge
logrotate
Logstash Logstash
lookahead lookahead
lookaheads lookaheads
...@@ -282,6 +287,7 @@ loopback ...@@ -282,6 +287,7 @@ loopback
Lucene Lucene
Maildir Maildir
Mailgun Mailgun
Mailroom
Makefile Makefile
Makefiles Makefiles
Markdown Markdown
...@@ -505,6 +511,8 @@ spidering ...@@ -505,6 +511,8 @@ spidering
Splunk Splunk
SpotBugs SpotBugs
Stackdriver Stackdriver
starrer
starrers
storable storable
storages storages
strace strace
...@@ -525,6 +533,8 @@ subnet ...@@ -525,6 +533,8 @@ subnet
subnets subnets
subnetting subnetting
subpath subpath
subproject
subprojects
subqueried subqueried
subqueries subqueries
subquery subquery
...@@ -534,9 +544,12 @@ substrings ...@@ -534,9 +544,12 @@ substrings
subtree subtree
subtrees subtrees
sudo sudo
supercookie
supercookies
swappiness swappiness
swimlane swimlane
swimlanes swimlanes
syncable
Sysbench Sysbench
syslog syslog
tanuki tanuki
...@@ -633,6 +646,9 @@ unresolved ...@@ -633,6 +646,9 @@ unresolved
unresolving unresolving
unschedule unschedule
unscoped unscoped
unshare
unshared
unshares
unstage unstage
unstaged unstaged
unstages unstages
......
...@@ -530,7 +530,12 @@ The process executes the following access checks: ...@@ -530,7 +530,12 @@ The process executes the following access checks:
In Active Directory, a user is marked as disabled/blocked if the user In Active Directory, a user is marked as disabled/blocked if the user
account control attribute (`userAccountControl:1.2.840.113556.1.4.803`) account control attribute (`userAccountControl:1.2.840.113556.1.4.803`)
has bit 2 set. has bit 2 set.
For more information, see <https://ctovswild.com/2009/09/03/bitmask-searches-in-ldap/>
<!-- vale gitlab.Spelling = NO -->
For more information, see [Bitmask Searches in LDAP](https://ctovswild.com/2009/09/03/bitmask-searches-in-ldap/).
<!-- vale gitlab.Spelling = YES -->
The user is set to an `ldap_blocked` state in GitLab if the previous conditions The user is set to an `ldap_blocked` state in GitLab if the previous conditions
fail. This means the user is not able to sign in or push/pull code. fail. This means the user is not able to sign in or push/pull code.
......
...@@ -175,6 +175,6 @@ If you're having trouble, here are some tips: ...@@ -175,6 +175,6 @@ If you're having trouble, here are some tips:
OAuth2 access token if `client_auth_method` is not defined or if set to `basic`. OAuth2 access token if `client_auth_method` is not defined or if set to `basic`.
If you are seeing 401 errors upon retrieving the `userinfo` endpoint, you may If you are seeing 401 errors upon retrieving the `userinfo` endpoint, you may
want to check your OpenID Web server configuration. For example, for want to check your OpenID Web server configuration. For example, for
[oauth2-server-php](https://github.com/bshaffer/oauth2-server-php), you [`oauth2-server-php`](https://github.com/bshaffer/oauth2-server-php), you
may need to [add a configuration parameter to may need to [add a configuration parameter to
Apache](https://github.com/bshaffer/oauth2-server-php/issues/926#issuecomment-387502778). Apache](https://github.com/bshaffer/oauth2-server-php/issues/926#issuecomment-387502778).
...@@ -53,7 +53,7 @@ The following are GitLab upgrade validation tests we performed. ...@@ -53,7 +53,7 @@ The following are GitLab upgrade validation tests we performed.
- Outcome: Partial success because we did not run the looping pipeline during the demo to validate - Outcome: Partial success because we did not run the looping pipeline during the demo to validate
zero-downtime. zero-downtime.
- Follow up issues: - Follow up issues:
- [Clarify hup Puma/Unicorn should include deploy node](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/5460) - [Clarify how Puma/Unicorn should include deploy node](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/5460)
- [Investigate MR creation failure after upgrade to 12.9.10](https://gitlab.com/gitlab-org/gitlab/-/issues/223282) Closed as false positive. - [Investigate MR creation failure after upgrade to 12.9.10](https://gitlab.com/gitlab-org/gitlab/-/issues/223282) Closed as false positive.
### February 2020 ### February 2020
...@@ -128,7 +128,7 @@ The following are PostgreSQL upgrade validation tests we performed. ...@@ -128,7 +128,7 @@ The following are PostgreSQL upgrade validation tests we performed.
PostgreSQL 12 with a database cluster on the primary is not recommended until the issues are resolved. PostgreSQL 12 with a database cluster on the primary is not recommended until the issues are resolved.
- Known issues for PostgreSQL clusters: - Known issues for PostgreSQL clusters:
- [Ensure Patroni detects PostgreSQL update](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/5423) - [Ensure Patroni detects PostgreSQL update](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/5423)
- [Allow configuring permanent replication slots in patroni](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/5628) - [Allow configuring permanent replication slots in Patroni](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/5628)
### August 2020 ### August 2020
......
...@@ -489,7 +489,7 @@ This experimental implementation has the following limitations: ...@@ -489,7 +489,7 @@ This experimental implementation has the following limitations:
- Whenever `gitlab-ctl reconfigure` runs on a Patroni Leader instance, there's a - Whenever `gitlab-ctl reconfigure` runs on a Patroni Leader instance, there's a
chance the node will be demoted due to the required short-time restart. To chance the node will be demoted due to the required short-time restart. To
avoid this, you can pause auto-failover by running `gitlab-ctl patroni pause`. avoid this, you can pause auto-failover by running `gitlab-ctl patroni pause`.
After a reconfigure, it unpauses on its own. After a reconfigure, it resumes on its own.
For instructions about how to set up Patroni on the primary node, see the For instructions about how to set up Patroni on the primary node, see the
[PostgreSQL replication and failover with Omnibus GitLab](../../postgresql/replication_and_failover.md#patroni) page. [PostgreSQL replication and failover with Omnibus GitLab](../../postgresql/replication_and_failover.md#patroni) page.
...@@ -645,7 +645,7 @@ With Patroni it's now possible to support that. In order to migrate the existing ...@@ -645,7 +645,7 @@ With Patroni it's now possible to support that. In order to migrate the existing
1. [Configure a Standby Cluster](#step-2-configure-a-standby-cluster-on-the-secondary-site) 1. [Configure a Standby Cluster](#step-2-configure-a-standby-cluster-on-the-secondary-site)
on that single node machine. on that single node machine.
You will end up with a "Standby Cluster" with a single node. That allows you to later on add additional patroni nodes You will end up with a "Standby Cluster" with a single node. That allows you to later on add additional Patroni nodes
by following the same instructions above. by following the same instructions above.
## Troubleshooting ## Troubleshooting
......
...@@ -121,7 +121,7 @@ The following list depicts the network architecture of Gitaly: ...@@ -121,7 +121,7 @@ The following list depicts the network architecture of Gitaly:
- GitLab Shell. - GitLab Shell.
- Elasticsearch indexer. - Elasticsearch indexer.
- Gitaly itself. - Gitaly itself.
- A Gitaly server must be able to make RPC calls **to itself** by uing its own - A Gitaly server must be able to make RPC calls **to itself** by using its own
`(Gitaly address, Gitaly token)` pair as specified in `/config/gitlab.yml`. `(Gitaly address, Gitaly token)` pair as specified in `/config/gitlab.yml`.
- Authentication is done through a static token which is shared among the Gitaly and GitLab Rails - Authentication is done through a static token which is shared among the Gitaly and GitLab Rails
nodes. nodes.
......
...@@ -65,7 +65,7 @@ Gitaly Cluster and [Geo](../geo/index.md) both provide redundancy. However the r ...@@ -65,7 +65,7 @@ Gitaly Cluster and [Geo](../geo/index.md) both provide redundancy. However the r
not aware when Gitaly Cluster is used. not aware when Gitaly Cluster is used.
- Geo provides [replication](../geo/index.md) and [disaster recovery](../geo/disaster_recovery/index.md) for - Geo provides [replication](../geo/index.md) and [disaster recovery](../geo/disaster_recovery/index.md) for
an entire instance of GitLab. Users know when they are using Geo for an entire instance of GitLab. Users know when they are using Geo for
[replication](../geo/index.md). Geo [replicates multiple datatypes](../geo/replication/datatypes.md#limitations-on-replicationverification), [replication](../geo/index.md). Geo [replicates multiple data types](../geo/replication/datatypes.md#limitations-on-replicationverification),
including Git data. including Git data.
The following table outlines the major differences between Gitaly Cluster and Geo: The following table outlines the major differences between Gitaly Cluster and Geo:
......
...@@ -24,6 +24,8 @@ The **Kroki URL** is the hostname of the server running the container. ...@@ -24,6 +24,8 @@ The **Kroki URL** is the hostname of the server running the container.
The [`yuzutech/kroki`](https://hub.docker.com/r/yuzutech/kroki) image contains the following diagrams libraries out-of-the-box: The [`yuzutech/kroki`](https://hub.docker.com/r/yuzutech/kroki) image contains the following diagrams libraries out-of-the-box:
<!-- vale gitlab.Spelling = NO -->
- [Bytefield](https://bytefield-svg.deepsymmetry.org/) - [Bytefield](https://bytefield-svg.deepsymmetry.org/)
- [Ditaa](http://ditaa.sourceforge.net) - [Ditaa](http://ditaa.sourceforge.net)
- [Erd](https://github.com/BurntSushi/erd) - [Erd](https://github.com/BurntSushi/erd)
...@@ -37,6 +39,8 @@ The [`yuzutech/kroki`](https://hub.docker.com/r/yuzutech/kroki) image contains t ...@@ -37,6 +39,8 @@ The [`yuzutech/kroki`](https://hub.docker.com/r/yuzutech/kroki) image contains t
- [Vega-Lite](https://github.com/vega/vega-lite) - [Vega-Lite](https://github.com/vega/vega-lite)
- [WaveDrom](https://wavedrom.com/) - [WaveDrom](https://wavedrom.com/)
<!-- vale gitlab.Spelling = YES -->
If you want to use additional diagram libraries, If you want to use additional diagram libraries,
read the [Kroki installation](https://docs.kroki.io/kroki/setup/install/#_images) to learn how to start Kroki companion containers. read the [Kroki installation](https://docs.kroki.io/kroki/setup/install/#_images) to learn how to start Kroki companion containers.
...@@ -138,8 +142,12 @@ Rel(banking_system, mainframe, "Uses") ...@@ -138,8 +142,12 @@ Rel(banking_system, mainframe, "Uses")
![C4 PlantUML diagram](../img/kroki_c4_diagram.png) ![C4 PlantUML diagram](../img/kroki_c4_diagram.png)
<!-- vale gitlab.Spelling = NO -->
**Nomnoml** **Nomnoml**
<!-- vale gitlab.Spelling = YES -->
```plaintext ```plaintext
[nomnoml] [nomnoml]
.... ....
...@@ -159,4 +167,4 @@ Rel(banking_system, mainframe, "Uses") ...@@ -159,4 +167,4 @@ Rel(banking_system, mainframe, "Uses")
.... ....
``` ```
![Nomnoml diagram](../img/kroki_nomnoml_diagram.png) ![Diagram](../img/kroki_nomnoml_diagram.png)
...@@ -73,7 +73,7 @@ these steps to move the logs to a new location without losing any data. ...@@ -73,7 +73,7 @@ these steps to move the logs to a new location without losing any data.
``` ```
Use `--ignore-existing` so you don't override new job logs with older versions of the same log. Use `--ignore-existing` so you don't override new job logs with older versions of the same log.
1. Unpause continuous integration data processing by editing `/etc/gitlab/gitlab.rb` and removing the `sidekiq` setting you updated earlier. 1. Resume continuous integration data processing by editing `/etc/gitlab/gitlab.rb` and removing the `sidekiq` setting you updated earlier.
1. Save the file and [reconfigure GitLab](restart_gitlab.md#omnibus-gitlab-reconfigure) for the 1. Save the file and [reconfigure GitLab](restart_gitlab.md#omnibus-gitlab-reconfigure) for the
changes to take effect. changes to take effect.
1. Remove the old job logs storage location: 1. Remove the old job logs storage location:
......
...@@ -970,9 +970,13 @@ For Omnibus GitLab installations, Redis logs reside in `/var/log/gitlab/redis/`. ...@@ -970,9 +970,13 @@ For Omnibus GitLab installations, Redis logs reside in `/var/log/gitlab/redis/`.
For Omnibus GitLab installations, Alertmanager logs reside in `/var/log/gitlab/alertmanager/`. For Omnibus GitLab installations, Alertmanager logs reside in `/var/log/gitlab/alertmanager/`.
<!-- vale gitlab.Spelling = NO -->
## Crond Logs ## Crond Logs
For Omnibus GitLab installations, `crond` logs reside in `/var/log/gitlab/crond/`. For Omnibus GitLab installations, crond logs reside in `/var/log/gitlab/crond/`.
<!-- vale gitlab.Spelling = YES -->
## Grafana Logs ## Grafana Logs
...@@ -980,7 +984,7 @@ For Omnibus GitLab installations, Grafana logs reside in `/var/log/gitlab/grafan ...@@ -980,7 +984,7 @@ For Omnibus GitLab installations, Grafana logs reside in `/var/log/gitlab/grafan
## LogRotate Logs ## LogRotate Logs
For Omnibus GitLab installations, logrotate logs reside in `/var/log/gitlab/logrotate/`. For Omnibus GitLab installations, `logrotate` logs reside in `/var/log/gitlab/logrotate/`.
## GitLab Monitor Logs ## GitLab Monitor Logs
...@@ -1023,14 +1027,14 @@ GitLab Support often asks for one of these, and maintains the required tools. ...@@ -1023,14 +1027,14 @@ GitLab Support often asks for one of these, and maintains the required tools.
### Briefly tail the main logs ### Briefly tail the main logs
If the bug or error is readily reproducible, save the main GitLab logs If the bug or error is readily reproducible, save the main GitLab logs
[to a file](troubleshooting/linux_cheat_sheet.md#files--dirs) while reproducing the [to a file](troubleshooting/linux_cheat_sheet.md#files-and-directories) while reproducing the
problem a few times: problem a few times:
```shell ```shell
sudo gitlab-ctl tail | tee /tmp/<case-ID-and-keywords>.log sudo gitlab-ctl tail | tee /tmp/<case-ID-and-keywords>.log
``` ```
Conclude the log gathering with <kbd>Ctrl</kbd> + <kbd>C</kbd>. Conclude the log gathering with <kbd>Control</kbd> + <kbd>C</kbd>.
### GitLabSOS ### GitLabSOS
......
...@@ -108,7 +108,7 @@ both primary and secondaries will fail. ...@@ -108,7 +108,7 @@ both primary and secondaries will fail.
### Merge requests, issues, epics ### Merge requests, issues, epics
All write actions except those mentioned above will fail. So, in maintenace mode, a user cannot update merge requests, issues, etc. All write actions except those mentioned above will fail. So, in maintenance mode, a user cannot update merge requests, issues, etc.
### Container Registry ### Container Registry
......
...@@ -31,7 +31,7 @@ Unicorn in GitLab 14.0. ...@@ -31,7 +31,7 @@ Unicorn in GitLab 14.0.
When switching to Puma, Unicorn server configuration When switching to Puma, Unicorn server configuration
will _not_ carry over automatically, due to differences between the two application servers. For Omnibus-based will _not_ carry over automatically, due to differences between the two application servers. For Omnibus-based
deployments, see [Configuring Puma Settings](https://docs.gitlab.com/omnibus/settings/puma.html#configuring-puma-settings). deployments, see [Configuring Puma Settings](https://docs.gitlab.com/omnibus/settings/puma.html#configuring-puma-settings).
For Helm based deployments, see the [Webservice Chart documentation](https://docs.gitlab.com/charts/charts/gitlab/webservice/index.html). For Helm based deployments, see the [`webservice` chart documentation](https://docs.gitlab.com/charts/charts/gitlab/webservice/index.html).
Additionally we strongly recommend that multi-node deployments [configure their load balancers to use the readiness check](../load_balancer.md#readiness-check) due to a difference between Unicorn and Puma in how they handle connections during a restart of the service. Additionally we strongly recommend that multi-node deployments [configure their load balancers to use the readiness check](../load_balancer.md#readiness-check) due to a difference between Unicorn and Puma in how they handle connections during a restart of the service.
......
...@@ -313,13 +313,13 @@ configuration. ...@@ -313,13 +313,13 @@ configuration.
The different supported drivers are: The different supported drivers are:
| Driver | Description | | Driver | Description |
|------------|-------------------------------------| |--------------|--------------------------------------|
| filesystem | Uses a path on the local filesystem | | `filesystem` | Uses a path on the local file system |
| Azure | Microsoft Azure Blob Storage | | `Azure` | Microsoft Azure Blob Storage |
| gcs | Google Cloud Storage | | `gcs` | Google Cloud Storage |
| s3 | Amazon Simple Storage Service. Be sure to configure your storage bucket with the correct [S3 Permission Scopes](https://docs.docker.com/registry/storage-drivers/s3/#s3-permission-scopes). | | `s3` | Amazon Simple Storage Service. Be sure to configure your storage bucket with the correct [S3 Permission Scopes](https://docs.docker.com/registry/storage-drivers/s3/#s3-permission-scopes). |
| swift | OpenStack Swift Object Storage | | `swift` | OpenStack Swift Object Storage |
| oss | Aliyun OSS | | `oss` | Aliyun OSS |
Although most S3 compatible services (like [MinIO](https://min.io/)) should work with the Container Registry, we only guarantee support for AWS S3. Because we cannot assert the correctness of third-party S3 implementations, we can debug issues, but we cannot patch the registry unless an issue is reproducible against an AWS S3 bucket. Although most S3 compatible services (like [MinIO](https://min.io/)) should work with the Container Registry, we only guarantee support for AWS S3. Because we cannot assert the correctness of third-party S3 implementations, we can debug issues, but we cannot patch the registry unless an issue is reproducible against an AWS S3 bucket.
......
...@@ -35,6 +35,8 @@ The Package Registry supports the following formats: ...@@ -35,6 +35,8 @@ The Package Registry supports the following formats:
The below table lists formats that are not supported, but are accepting Community contributions for. Consider contributing to GitLab. This [development documentation](../../development/packages.md) The below table lists formats that are not supported, but are accepting Community contributions for. Consider contributing to GitLab. This [development documentation](../../development/packages.md)
guides you through the process. guides you through the process.
<!-- vale gitlab.Spelling = NO -->
| Format | Status | | Format | Status |
| ------ | ------ | | ------ | ------ |
| Chef | [#36889](https://gitlab.com/gitlab-org/gitlab/-/issues/36889) | | Chef | [#36889](https://gitlab.com/gitlab-org/gitlab/-/issues/36889) |
...@@ -51,6 +53,8 @@ guides you through the process. ...@@ -51,6 +53,8 @@ guides you through the process.
| Terraform | [WIP: Merge Request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/18834) | | Terraform | [WIP: Merge Request](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/18834) |
| Vagrant | [#36899](https://gitlab.com/gitlab-org/gitlab/-/issues/36899) | | Vagrant | [#36899](https://gitlab.com/gitlab-org/gitlab/-/issues/36899) |
<!-- vale gitlab.Spelling = YES -->
## Enabling the Packages feature ## Enabling the Packages feature
NOTE: NOTE:
......
...@@ -190,7 +190,7 @@ outside world. ...@@ -190,7 +190,7 @@ outside world.
### Additional configuration for Docker container ### Additional configuration for Docker container
The GitLab Pages daemon doesn't have permissions to bind mounts when it runs The GitLab Pages daemon doesn't have permissions to bind mounts when it runs
in a Docker container. To overcome this issue, you must change the chroot in a Docker container. To overcome this issue, you must change the `chroot`
behavior: behavior:
1. Edit `/etc/gitlab/gitlab.rb`. 1. Edit `/etc/gitlab/gitlab.rb`.
...@@ -236,7 +236,7 @@ control over how the Pages daemon runs and serves content in your environment. ...@@ -236,7 +236,7 @@ control over how the Pages daemon runs and serves content in your environment.
| `gitlab_secret` | The OAuth application secret. Leave blank to automatically fill when Pages authenticates with GitLab. | `gitlab_secret` | The OAuth application secret. Leave blank to automatically fill when Pages authenticates with GitLab.
| `gitlab_server` | Server to use for authentication when access control is enabled; defaults to GitLab `external_url`. | `gitlab_server` | Server to use for authentication when access control is enabled; defaults to GitLab `external_url`.
| `headers` | Specify any additional http headers that should be sent to the client with each response. | `headers` | Specify any additional http headers that should be sent to the client with each response.
| `inplace_chroot` | On [systems that don't support bind-mounts](index.md#additional-configuration-for-docker-container), this instructs GitLab Pages to chroot into its `pages_path` directory. Some caveats exist when using inplace chroot; refer to the GitLab Pages [README](https://gitlab.com/gitlab-org/gitlab-pages/blob/master/README.md#caveats) for more information. | `inplace_chroot` | On [systems that don't support bind-mounts](index.md#additional-configuration-for-docker-container), this instructs GitLab Pages to `chroot` into its `pages_path` directory. Some caveats exist when using in-place `chroot`; refer to the GitLab Pages [README](https://gitlab.com/gitlab-org/gitlab-pages/blob/master/README.md#caveats) for more information.
| `insecure_ciphers` | Use default list of cipher suites, may contain insecure ones like 3DES and RC4. | `insecure_ciphers` | Use default list of cipher suites, may contain insecure ones like 3DES and RC4.
| `internal_gitlab_server` | Internal GitLab server address used exclusively for API requests. Useful if you want to send that traffic over an internal load balancer. Defaults to GitLab `external_url`. | `internal_gitlab_server` | Internal GitLab server address used exclusively for API requests. Useful if you want to send that traffic over an internal load balancer. Defaults to GitLab `external_url`.
| `listen_proxy` | The addresses to listen on for reverse-proxy requests. Pages binds to these addresses' network sockets and receives incoming requests from them. Sets the value of `proxy_pass` in `$nginx-dir/conf/gitlab-pages.conf`. | `listen_proxy` | The addresses to listen on for reverse-proxy requests. Pages binds to these addresses' network sockets and receives incoming requests from them. Sets the value of `proxy_pass` in `$nginx-dir/conf/gitlab-pages.conf`.
...@@ -538,7 +538,7 @@ the below steps to do a no downtime transfer to a new storage location. ...@@ -538,7 +538,7 @@ the below steps to do a no downtime transfer to a new storage location.
1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure). 1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure).
1. Verify Pages are still being served up as expected. 1. Verify Pages are still being served up as expected.
1. Unpause Pages deployments by removing from `/etc/gitlab/gitlab.rb` the `sidekiq` setting set above. 1. Resume Pages deployments by removing from `/etc/gitlab/gitlab.rb` the `sidekiq` setting set above.
1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure). 1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure).
1. Trigger a new Pages deployment and verify it's working as expected. 1. Trigger a new Pages deployment and verify it's working as expected.
1. Remove the old Pages storage location: `sudo rm -rf /var/opt/gitlab/gitlab-rails/shared/pages` 1. Remove the old Pages storage location: `sudo rm -rf /var/opt/gitlab/gitlab-rails/shared/pages`
...@@ -629,7 +629,7 @@ database encryption. Proceed with caution. ...@@ -629,7 +629,7 @@ database encryption. Proceed with caution.
on the **Pages server** and configure this share to on the **Pages server** and configure this share to
allow access from your main **GitLab server**. allow access from your main **GitLab server**.
Note that the example there is more general and Note that the example there is more general and
shares several sub-directories from `/home` to several `/nfs/home` mountpoints. shares several sub-directories from `/home` to several `/nfs/home` mount points.
For our Pages-specific example here, we instead share only the For our Pages-specific example here, we instead share only the
default GitLab Pages folder `/var/opt/gitlab/gitlab-rails/shared/pages` default GitLab Pages folder `/var/opt/gitlab/gitlab-rails/shared/pages`
from the **Pages server** and we mount it to `/mnt/pages` from the **Pages server** and we mount it to `/mnt/pages`
...@@ -818,7 +818,7 @@ but commented out to help encourage others to add to it in the future. --> ...@@ -818,7 +818,7 @@ but commented out to help encourage others to add to it in the future. -->
### `open /etc/ssl/ca-bundle.pem: permission denied` ### `open /etc/ssl/ca-bundle.pem: permission denied`
GitLab Pages runs inside a chroot jail, usually in a uniquely numbered directory like GitLab Pages runs inside a `chroot` jail, usually in a uniquely numbered directory like
`/tmp/gitlab-pages-*`. `/tmp/gitlab-pages-*`.
Within the jail, a bundle of trusted certificates is Within the jail, a bundle of trusted certificates is
...@@ -828,7 +828,7 @@ from `/opt/gitlab/embedded/ssl/certs/cacert.pem` ...@@ -828,7 +828,7 @@ from `/opt/gitlab/embedded/ssl/certs/cacert.pem`
as part of starting up Pages. as part of starting up Pages.
If the permissions on the source file are incorrect (they should be `0644`), then If the permissions on the source file are incorrect (they should be `0644`), then
the file inside the chroot jail is also wrong. the file inside the `chroot` jail is also wrong.
Pages logs errors in `/var/log/gitlab/gitlab-pages/current` like: Pages logs errors in `/var/log/gitlab/gitlab-pages/current` like:
...@@ -837,7 +837,7 @@ x509: failed to load system roots and no roots provided ...@@ -837,7 +837,7 @@ x509: failed to load system roots and no roots provided
open /etc/ssl/ca-bundle.pem: permission denied open /etc/ssl/ca-bundle.pem: permission denied
``` ```
The use of a chroot jail makes this error misleading, as it is not The use of a `chroot` jail makes this error misleading, as it is not
referring to `/etc/ssl` on the root filesystem. referring to `/etc/ssl` on the root filesystem.
The fix is to correct the source file permissions and restart Pages: The fix is to correct the source file permissions and restart Pages:
...@@ -862,8 +862,8 @@ open /opt/gitlab/embedded/ssl/certs/cacert.pem: no such file or directory ...@@ -862,8 +862,8 @@ open /opt/gitlab/embedded/ssl/certs/cacert.pem: no such file or directory
x509: certificate signed by unknown authority x509: certificate signed by unknown authority
``` ```
The reason for those errors is that the files `resolv.conf` and `ca-bundle.pem` are missing inside the chroot. The reason for those errors is that the files `resolv.conf` and `ca-bundle.pem` are missing inside the `chroot`.
The fix is to copy the host's `/etc/resolv.conf` and the GitLab certificate bundle inside the chroot: The fix is to copy the host's `/etc/resolv.conf` and the GitLab certificate bundle inside the `chroot`:
```shell ```shell
sudo mkdir -p /var/opt/gitlab/gitlab-rails/shared/pages/etc/ssl sudo mkdir -p /var/opt/gitlab/gitlab-rails/shared/pages/etc/ssl
...@@ -895,7 +895,7 @@ gitlab_pages['listen_proxy'] = '127.0.0.1:8090' ...@@ -895,7 +895,7 @@ gitlab_pages['listen_proxy'] = '127.0.0.1:8090'
### 404 error after transferring project to a different group or user ### 404 error after transferring project to a different group or user
If you encounter a `404 Not Found` error a Pages site after transferring a project to If you encounter a `404 Not Found` error a Pages site after transferring a project to
another group or user, you must trigger adomain configuration update for Pages. To do another group or user, you must trigger a domain configuration update for Pages. To do
so, write something in the `.update` file. The Pages daemon monitors for changes to this so, write something in the `.update` file. The Pages daemon monitors for changes to this
file, and reloads the configuration when changes occur. file, and reloads the configuration when changes occur.
...@@ -945,8 +945,8 @@ in all of your GitLab Pages instances. ...@@ -945,8 +945,8 @@ in all of your GitLab Pages instances.
### 500 error with `securecookie: failed to generate random iv` and `Failed to save the session` ### 500 error with `securecookie: failed to generate random iv` and `Failed to save the session`
This problem most likely results from an [out-dated operating system](https://docs.gitlab.com/omnibus/package-information/deprecated_os.html). This problem most likely results from an [out-dated operating system](https://docs.gitlab.com/omnibus/package-information/deprecated_os.html).
The [Pages daemon uses the `securecookie` library](https://gitlab.com/search?group_id=9970&project_id=734943&repository_ref=master&scope=blobs&search=securecookie&snippets=false) to get random strings via [crypto/rand in Go](https://golang.org/pkg/crypto/rand/#pkg-variables). The [Pages daemon uses the `securecookie` library](https://gitlab.com/search?group_id=9970&project_id=734943&repository_ref=master&scope=blobs&search=securecookie&snippets=false) to get random strings via [`crypto/rand` in Go](https://golang.org/pkg/crypto/rand/#pkg-variables).
This requires the `getrandom` syscall or `/dev/urandom` to be available on the host OS. This requires the `getrandom` system call or `/dev/urandom` to be available on the host OS.
Upgrading to an [officially supported operating system](https://about.gitlab.com/install/) is recommended. Upgrading to an [officially supported operating system](https://about.gitlab.com/install/) is recommended.
### The requested scope is invalid, malformed, or unknown ### The requested scope is invalid, malformed, or unknown
......
...@@ -46,7 +46,7 @@ Each database node runs three services: ...@@ -46,7 +46,7 @@ Each database node runs three services:
`PostgreSQL` - The database itself. `PostgreSQL` - The database itself.
`Patroni` - Communicates with other patroni services in the cluster and handles `Patroni` - Communicates with other Patroni services in the cluster and handles
failover when issues with the leader server occurs. The failover procedure failover when issues with the leader server occurs. The failover procedure
consists of: consists of:
......
...@@ -233,9 +233,9 @@ It can also be used as a receiving application for content encrypted with a KMS: ...@@ -233,9 +233,9 @@ It can also be used as a receiving application for content encrypted with a KMS:
gcloud kms decrypt --key my-key --keyring my-test-kms --plaintext-file=- --ciphertext-file=my-file --location=us-west1 | sudo gitlab-rake gitlab:ldap:secret:write gcloud kms decrypt --key my-key --keyring my-test-kms --plaintext-file=- --ciphertext-file=my-file --location=us-west1 | sudo gitlab-rake gitlab:ldap:secret:write
``` ```
**gcloud secret integration example** **Google Cloud secret integration example**
It can also be used as a receiving application for secrets out of gcloud: It can also be used as a receiving application for secrets out of Google Cloud:
```shell ```shell
gcloud secrets versions access latest --secret="my-test-secret" > $1 | sudo gitlab-rake gitlab:ldap:secret:write gcloud secrets versions access latest --secret="my-test-secret" > $1 | sudo gitlab-rake gitlab:ldap:secret:write
......
...@@ -140,7 +140,7 @@ your server in `/etc/init.d/gitlab`. ...@@ -140,7 +140,7 @@ your server in `/etc/init.d/gitlab`.
--- ---
If you are using other init systems, like systemd, you can check the If you are using other init systems, like `systemd`, you can check the
[GitLab Recipes](https://gitlab.com/gitlab-org/gitlab-recipes/tree/master/init) repository for some unofficial services. These are [GitLab Recipes](https://gitlab.com/gitlab-org/gitlab-recipes/tree/master/init) repository for some unofficial services. These are
**not** officially supported so use them at your own risk. **not** officially supported so use them at your own risk.
......
...@@ -126,7 +126,7 @@ an SMTP server, but you're not seeing mail delivered. Here's how to check the se ...@@ -126,7 +126,7 @@ an SMTP server, but you're not seeing mail delivered. Here's how to check the se
For more advanced issues, `gdb` is a must-have tool for debugging issues. For more advanced issues, `gdb` is a must-have tool for debugging issues.
### The GNU Project Debugger (gdb) ### The GNU Project Debugger (GDB)
To install on Ubuntu/Debian: To install on Ubuntu/Debian:
...@@ -140,9 +140,13 @@ On CentOS: ...@@ -140,9 +140,13 @@ On CentOS:
sudo yum install gdb sudo yum install gdb
``` ```
<!-- vale gitlab.Spelling = NO -->
### rbtrace ### rbtrace
GitLab 11.2 ships with [rbtrace](https://github.com/tmm1/rbtrace), which <!-- vale gitlab.Spelling = YES -->
GitLab 11.2 ships with [`rbtrace`](https://github.com/tmm1/rbtrace), which
allows you to trace Ruby code, view all running threads, take memory dumps, allows you to trace Ruby code, view all running threads, take memory dumps,
and more. However, this is not enabled by default. To enable it, define the and more. However, this is not enabled by default. To enable it, define the
`ENABLE_RBTRACE` variable to the environment. For example, in Omnibus: `ENABLE_RBTRACE` variable to the environment. For example, in Omnibus:
...@@ -175,7 +179,7 @@ downtime. Otherwise skip to the next section. ...@@ -175,7 +179,7 @@ downtime. Otherwise skip to the next section.
1. Load the problematic URL 1. Load the problematic URL
1. Run `sudo gdb -p <PID>` to attach to the Unicorn process. 1. Run `sudo gdb -p <PID>` to attach to the Unicorn process.
1. In the gdb window, type: 1. In the GDB window, type:
```plaintext ```plaintext
call (void) rb_backtrace() call (void) rb_backtrace()
...@@ -210,7 +214,7 @@ downtime. Otherwise skip to the next section. ...@@ -210,7 +214,7 @@ downtime. Otherwise skip to the next section.
``` ```
Note that if the Unicorn process terminates before you are able to run these Note that if the Unicorn process terminates before you are able to run these
commands, gdb will report an error. To buy more time, you can always raise the commands, GDB will report an error. To buy more time, you can always raise the
Unicorn timeout. For omnibus users, you can edit `/etc/gitlab/gitlab.rb` and Unicorn timeout. For omnibus users, you can edit `/etc/gitlab/gitlab.rb` and
increase it from 60 seconds to 300: increase it from 60 seconds to 300:
...@@ -246,7 +250,7 @@ separate Rails process to debug the issue: ...@@ -246,7 +250,7 @@ separate Rails process to debug the issue:
``` ```
1. In a new window, run `top`. It should show this Ruby process using 100% CPU. Write down the PID. 1. In a new window, run `top`. It should show this Ruby process using 100% CPU. Write down the PID.
1. Follow step 2 from the previous section on using gdb. 1. Follow step 2 from the previous section on using GDB.
### GitLab: API is not accessible ### GitLab: API is not accessible
...@@ -279,4 +283,4 @@ The output in `/tmp/unicorn.txt` may help diagnose the root cause. ...@@ -279,4 +283,4 @@ The output in `/tmp/unicorn.txt` may help diagnose the root cause.
## More information ## More information
- [Debugging Stuck Ruby Processes](https://blog.newrelic.com/engineering/debugging-stuck-ruby-processes-what-to-do-before-you-kill-9/) - [Debugging Stuck Ruby Processes](https://blog.newrelic.com/engineering/debugging-stuck-ruby-processes-what-to-do-before-you-kill-9/)
- [Cheatsheet of using gdb and Ruby processes](gdb-stuck-ruby.txt) - [Cheat sheet of using GDB and Ruby processes](gdb-stuck-ruby.txt)
...@@ -55,7 +55,7 @@ chown root:git <file_or_dir> ...@@ -55,7 +55,7 @@ chown root:git <file_or_dir>
chmod u+x <file> chmod u+x <file>
``` ```
### Files & Dirs ### Files and directories
```shell ```shell
# create a new directory and all subdirectories # create a new directory and all subdirectories
...@@ -202,7 +202,7 @@ or you can build it from source if you have the Rust compiler. ...@@ -202,7 +202,7 @@ or you can build it from source if you have the Rust compiler.
First run the tool with no arguments other than the strace output filename to get First run the tool with no arguments other than the strace output filename to get
a summary of the top processes sorted by time spent actively performing tasks. You a summary of the top processes sorted by time spent actively performing tasks. You
can also sort based on total time, # of syscalls made, PID #, and # of child processes can also sort based on total time, # of system calls made, PID #, and # of child processes
using the `-S` or `--sort` flag. The number of results defaults to 25 processes, but using the `-S` or `--sort` flag. The number of results defaults to 25 processes, but
can be changed using the `-c`/`--count` option. See `--help` for full details. can be changed using the `-c`/`--count` option. See `--help` for full details.
...@@ -220,7 +220,7 @@ Top 25 PIDs ...@@ -220,7 +220,7 @@ Top 25 PIDs
... ...
``` ```
Based on the summary, you can then view the details of syscalls made by one or more Based on the summary, you can then view the details of system calls made by one or more
processes using the `-p`/`--pid` for a specific process, or `-s`/`--stats` flags for processes using the `-p`/`--pid` for a specific process, or `-s`/`--stats` flags for
a sorted list. `--stats` takes the same sorting and count options as summary. a sorted list. `--stats` takes the same sorting and count options as summary.
......
...@@ -207,7 +207,7 @@ to authenticate with the API: ...@@ -207,7 +207,7 @@ to authenticate with the API:
- [Go Proxy](../user/packages/go_proxy/index.md) - [Go Proxy](../user/packages/go_proxy/index.md)
- [Maven Repository](../user/packages/maven_repository/index.md#authenticate-with-a-ci-job-token-in-maven) - [Maven Repository](../user/packages/maven_repository/index.md#authenticate-with-a-ci-job-token-in-maven)
- [NPM Repository](../user/packages/npm_registry/index.md#authenticate-with-a-ci-job-token) - [NPM Repository](../user/packages/npm_registry/index.md#authenticate-with-a-ci-job-token)
- [Nuget Repository](../user/packages/nuget_repository/index.md) - [NuGet Repository](../user/packages/nuget_repository/index.md)
- [PyPI Repository](../user/packages/pypi_repository/index.md#authenticate-with-a-ci-job-token) - [PyPI Repository](../user/packages/pypi_repository/index.md#authenticate-with-a-ci-job-token)
- [Generic packages](../user/packages/generic_packages/index.md#publish-a-generic-package-by-using-cicd) - [Generic packages](../user/packages/generic_packages/index.md#publish-a-generic-package-by-using-cicd)
- [Get job artifacts](job_artifacts.md#get-job-artifacts) - [Get job artifacts](job_artifacts.md#get-job-artifacts)
......
...@@ -25,7 +25,7 @@ Available action types for the `action` parameter are: ...@@ -25,7 +25,7 @@ Available action types for the `action` parameter are:
- `destroyed` - `destroyed`
- `expired` - `expired`
Note that these options are downcased. Note that these options are in lower case.
### Target Types ### Target Types
...@@ -39,7 +39,7 @@ Available target types for the `target_type` parameter are: ...@@ -39,7 +39,7 @@ Available target types for the `target_type` parameter are:
- `snippet` - `snippet`
- `user` - `user`
Note that these options are downcased. Note that these options are in lower case.
### Date formatting ### Date formatting
......
...@@ -128,7 +128,7 @@ POST /features/:name ...@@ -128,7 +128,7 @@ POST /features/:name
| `user` | string | no | A GitLab username | | `user` | string | no | A GitLab username |
| `group` | string | no | A GitLab group's path, for example `gitlab-org` | | `group` | string | no | A GitLab group's path, for example `gitlab-org` |
| `project` | string | no | A projects path, for example `gitlab-org/gitlab-foss` | | `project` | string | no | A projects path, for example `gitlab-org/gitlab-foss` |
| `force` | boolean | no | Skip feature flag validation checks, ie. YAML definition | | `force` | boolean | no | Skip feature flag validation checks, such as a YAML definition |
Note that you can enable or disable a feature for a `feature_group`, a `user`, Note that you can enable or disable a feature for a `feature_group`, a `user`,
a `group`, and a `project` in a single API call. a `group`, and a `project` in a single API call.
......
...@@ -12,11 +12,15 @@ info: To determine the technical writer assigned to the Stage/Group associated w ...@@ -12,11 +12,15 @@ info: To determine the technical writer assigned to the Stage/Group associated w
Badges support placeholders that are replaced in real time in both the link and image URL. The allowed placeholders are: Badges support placeholders that are replaced in real time in both the link and image URL. The allowed placeholders are:
<!-- vale gitlab.Spelling = NO -->
- **%{project_path}**: replaced by the project path. - **%{project_path}**: replaced by the project path.
- **%{project_id}**: replaced by the project ID. - **%{project_id}**: replaced by the project ID.
- **%{default_branch}**: replaced by the project default branch. - **%{default_branch}**: replaced by the project default branch.
- **%{commit_sha}**: replaced by the last project's commit SHA. - **%{commit_sha}**: replaced by the last project's commit SHA.
<!-- vale gitlab.Spelling = YES -->
Because these endpoints aren't inside a project's context, the information used to replace the placeholders comes Because these endpoints aren't inside a project's context, the information used to replace the placeholders comes
from the first group's project by creation date. If the group hasn't got any project the original URL with the placeholders is returned. from the first group's project by creation date. If the group hasn't got any project the original URL with the placeholders is returned.
......
...@@ -319,7 +319,7 @@ POST /projects/:id/members ...@@ -319,7 +319,7 @@ POST /projects/:id/members
| `id` | integer/string | yes | The ID or [URL-encoded path of the project or group](README.md#namespaced-path-encoding) owned by the authenticated user | | `id` | integer/string | yes | The ID or [URL-encoded path of the project or group](README.md#namespaced-path-encoding) owned by the authenticated user |
| `user_id` | integer/string | yes | The user ID of the new member or multiple IDs separated by commas | | `user_id` | integer/string | yes | The user ID of the new member or multiple IDs separated by commas |
| `access_level` | integer | yes | A valid access level | | `access_level` | integer | yes | A valid access level |
| `expires_at` | string | no | A date string in the format YEAR-MONTH-DAY | | `expires_at` | string | no | A date string in the format `YEAR-MONTH-DAY` |
```shell ```shell
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" --data "user_id=1&access_level=30" "https://gitlab.example.com/api/v4/groups/:id/members" curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" --data "user_id=1&access_level=30" "https://gitlab.example.com/api/v4/groups/:id/members"
...@@ -357,7 +357,7 @@ PUT /projects/:id/members/:user_id ...@@ -357,7 +357,7 @@ PUT /projects/:id/members/:user_id
| `id` | integer/string | yes | The ID or [URL-encoded path of the project or group](README.md#namespaced-path-encoding) owned by the authenticated user | | `id` | integer/string | yes | The ID or [URL-encoded path of the project or group](README.md#namespaced-path-encoding) owned by the authenticated user |
| `user_id` | integer | yes | The user ID of the member | | `user_id` | integer | yes | The user ID of the member |
| `access_level` | integer | yes | A valid access level | | `access_level` | integer | yes | A valid access level |
| `expires_at` | string | no | A date string in the format YEAR-MONTH-DAY | | `expires_at` | string | no | A date string in the format `YEAR-MONTH-DAY` |
```shell ```shell
curl --request PUT --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/:id/members/:user_id?access_level=40" curl --request PUT --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/:id/members/:user_id?access_level=40"
......
...@@ -34,7 +34,7 @@ GET /projects/:id/templates/:type ...@@ -34,7 +34,7 @@ GET /projects/:id/templates/:type
| Attribute | Type | Required | Description | | Attribute | Type | Required | Description |
| ---------- | ------ | -------- | ----------- | | ---------- | ------ | -------- | ----------- |
| `id` | integer / string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) | | `id` | integer / string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) |
| `type` | string | yes| The type `(dockerfiles|gitignores|gitlab_ci_ymls|licenses|issues|merge_requests)` of the template | | `type` | string | yes | The type `(dockerfiles|gitignores|gitlab_ci_ymls|licenses|issues|merge_requests)` of the template |
Example response (licenses): Example response (licenses):
......
...@@ -71,7 +71,7 @@ Below are the changes made between V3 and V4. ...@@ -71,7 +71,7 @@ Below are the changes made between V3 and V4.
- Notes do not return deprecated field `upvote` and `downvote` [!9384](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/9384) - Notes do not return deprecated field `upvote` and `downvote` [!9384](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/9384)
- Return HTTP status code `400` for all validation errors when creating or updating a member instead of sometimes `422` error. [!9523](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/9523) - Return HTTP status code `400` for all validation errors when creating or updating a member instead of sometimes `422` error. [!9523](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/9523)
- Remove `GET /groups/owned`. Use `GET /groups?owned=true` instead [!9505](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/9505) - Remove `GET /groups/owned`. Use `GET /groups?owned=true` instead [!9505](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/9505)
- Return 202 with JSON body on async removals on V4 API (`DELETE /projects/:id/repository/merged_branches` and `DELETE /projects/:id`) [!9449](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/9449) - Return 202 with JSON body on asynchronous removals on V4 API (`DELETE /projects/:id/repository/merged_branches` and `DELETE /projects/:id`) [!9449](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/9449)
- `GET /projects/:id/milestones?iid[]=x&iid[]=y` array filter has been renamed to `iids` [!9096](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/9096) - `GET /projects/:id/milestones?iid[]=x&iid[]=y` array filter has been renamed to `iids` [!9096](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/9096)
- Return basic information about pipeline in `GET /projects/:id/pipelines` [!8875](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/8875) - Return basic information about pipeline in `GET /projects/:id/pipelines` [!8875](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/8875)
- Renamed all `build` references to `job` [!9463](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/9463) - Renamed all `build` references to `job` [!9463](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/9463)
......
<script>
import { visitUrl } from '~/lib/utils/url_utility';
import { s__ } from '~/locale';
import * as Sentry from '~/sentry/wrapper';
import { convertToGraphQLId } from '~/graphql_shared/utils';
import SharedForm from './shared_form.vue';
import getComplianceFrameworkQuery from '../graphql/queries/get_compliance_framework.query.graphql';
import updateComplianceFrameworkMutation from '../graphql/queries/update_compliance_framework.mutation.graphql';
export default {
components: {
SharedForm,
},
props: {
graphqlFieldName: {
type: String,
required: true,
},
groupEditPath: {
type: String,
required: true,
},
groupPath: {
type: String,
required: true,
},
id: {
type: String,
required: false,
default: null,
},
},
data() {
return {
complianceFramework: {},
errorMessage: '',
};
},
apollo: {
complianceFramework: {
query: getComplianceFrameworkQuery,
variables() {
return {
fullPath: this.groupPath,
complianceFramework: convertToGraphQLId(this.graphqlFieldName, this.id),
};
},
update(data) {
const complianceFrameworks = data.namespace?.complianceFrameworks?.nodes || [];
if (!complianceFrameworks.length) {
this.setError(new Error(this.$options.i18n.fetchError), this.$options.i18n.fetchError);
return {};
}
const { id, name, description, color } = complianceFrameworks[0];
return {
id,
name,
description,
color,
};
},
error(error) {
this.setError(error, this.$options.i18n.fetchError);
},
},
},
computed: {
isLoading() {
return this.$apollo.loading;
},
isFormReady() {
return Object.keys(this.complianceFramework).length > 0 && !this.isLoading;
},
},
methods: {
setError(error, userFriendlyText) {
this.errorMessage = userFriendlyText;
Sentry.captureException(error);
},
async onSubmit(formData) {
try {
const { data } = await this.$apollo.mutate({
mutation: updateComplianceFrameworkMutation,
variables: {
input: {
id: this.complianceFramework.id,
params: {
name: formData.name,
description: formData.description,
color: formData.color,
},
},
},
});
const [error] = data?.updateComplianceFramework?.errors || [];
if (error) {
this.setError(new Error(error), error);
} else {
visitUrl(this.groupEditPath);
}
} catch (e) {
this.setError(e, this.$options.i18n.saveError);
}
},
},
i18n: {
fetchError: s__(
'ComplianceFrameworks|Error fetching compliance frameworks data. Please refresh the page',
),
saveError: s__(
'ComplianceFrameworks|Unable to save this compliance framework. Please try again',
),
},
};
</script>
<template>
<shared-form
:group-edit-path="groupEditPath"
:loading="isLoading"
:render-form="isFormReady"
:error="errorMessage"
:compliance-framework="complianceFramework"
@submit="onSubmit"
/>
</template>
query getComplianceFramework($fullPath: ID!) { query getComplianceFramework(
$fullPath: ID!
$complianceFramework: ComplianceManagementFrameworkID
) {
namespace(fullPath: $fullPath) { namespace(fullPath: $fullPath) {
id id
name name
complianceFrameworks { complianceFrameworks(id: $complianceFramework) {
nodes { nodes {
id id
name name
......
mutation updateComplianceFramework($input: UpdateComplianceFrameworkInput!) {
updateComplianceFramework(input: $input) {
clientMutationId
errors
}
}
...@@ -2,6 +2,7 @@ import Vue from 'vue'; ...@@ -2,6 +2,7 @@ import Vue from 'vue';
import VueApollo from 'vue-apollo'; import VueApollo from 'vue-apollo';
import CreateForm from './components/create_form.vue'; import CreateForm from './components/create_form.vue';
import EditForm from './components/edit_form.vue';
import createDefaultClient from '~/lib/graphql'; import createDefaultClient from '~/lib/graphql';
Vue.use(VueApollo); Vue.use(VueApollo);
...@@ -15,14 +16,19 @@ const createComplianceFrameworksFormApp = (el) => { ...@@ -15,14 +16,19 @@ const createComplianceFrameworksFormApp = (el) => {
return false; return false;
} }
const { groupEditPath, groupPath } = el.dataset; const { groupEditPath, groupPath, graphqlFieldName = null, frameworkId: id = null } = el.dataset;
return new Vue({ return new Vue({
el, el,
apolloProvider, apolloProvider,
render(createElement) { render(createElement) {
const element = CreateForm; let element = CreateForm;
const props = { groupEditPath, groupPath }; let props = { groupEditPath, groupPath };
if (id) {
element = EditForm;
props = { ...props, graphqlFieldName, id };
}
return createElement(element, { return createElement(element, {
props, props,
......
import VueApollo from 'vue-apollo';
import { createLocalVue, shallowMount } from '@vue/test-utils';
import waitForPromises from 'helpers/wait_for_promises';
import createMockApollo from 'helpers/mock_apollo_helper';
import getComplianceFrameworkQuery from 'ee/groups/settings/compliance_frameworks/graphql/queries/get_compliance_framework.query.graphql';
import updateComplianceFrameworkMutation from 'ee/groups/settings/compliance_frameworks/graphql/queries/update_compliance_framework.mutation.graphql';
import EditForm from 'ee/groups/settings/compliance_frameworks/components/edit_form.vue';
import SharedForm from 'ee/groups/settings/compliance_frameworks/components/shared_form.vue';
import { visitUrl } from '~/lib/utils/url_utility';
import {
validFetchOneResponse,
emptyFetchResponse,
frameworkFoundResponse,
validUpdateResponse,
errorUpdateResponse,
} from '../mock_data';
import * as Sentry from '~/sentry/wrapper';
const localVue = createLocalVue();
localVue.use(VueApollo);
jest.mock('~/lib/utils/url_utility');
describe('Form', () => {
let wrapper;
const sentryError = new Error('Network error');
const sentrySaveError = new Error('Invalid values given');
const propsData = {
graphqlFieldName: 'field',
groupPath: 'group-1',
groupEditPath: 'group-1/edit',
id: '1',
scopedLabelsHelpPath: 'help/scoped-labels',
};
const fetchOne = jest.fn().mockResolvedValue(validFetchOneResponse);
const fetchEmpty = jest.fn().mockResolvedValue(emptyFetchResponse);
const fetchLoading = jest.fn().mockResolvedValue(new Promise(() => {}));
const fetchWithErrors = jest.fn().mockRejectedValue(sentryError);
const update = jest.fn().mockResolvedValue(validUpdateResponse);
const updateWithNetworkErrors = jest.fn().mockRejectedValue(sentryError);
const updateWithErrors = jest.fn().mockResolvedValue(errorUpdateResponse);
const findForm = () => wrapper.findComponent(SharedForm);
function createMockApolloProvider(requestHandlers) {
localVue.use(VueApollo);
return createMockApollo(requestHandlers);
}
function createComponent(requestHandlers = []) {
return shallowMount(EditForm, {
localVue,
apolloProvider: createMockApolloProvider(requestHandlers),
propsData,
});
}
afterEach(() => {
wrapper.destroy();
});
describe('loading', () => {
beforeEach(() => {
wrapper = createComponent([[getComplianceFrameworkQuery, fetchLoading]]);
});
it('passes the loading state to the form', () => {
expect(findForm().props('loading')).toBe(true);
expect(findForm().props('renderForm')).toBe(false);
});
});
describe('on load', () => {
it('queries for existing framework data and passes to the form', async () => {
wrapper = createComponent([[getComplianceFrameworkQuery, fetchOne]]);
await waitForPromises();
expect(fetchOne).toHaveBeenCalledTimes(1);
expect(findForm().props('complianceFramework')).toMatchObject(frameworkFoundResponse);
expect(findForm().props('renderForm')).toBe(true);
});
it('passes the error to the form if the existing framework query returns no data', async () => {
jest.spyOn(Sentry, 'captureException');
wrapper = createComponent([[getComplianceFrameworkQuery, fetchEmpty]]);
await waitForPromises();
expect(fetchEmpty).toHaveBeenCalledTimes(1);
expect(findForm().props('loading')).toBe(false);
expect(findForm().props('renderForm')).toBe(false);
expect(findForm().props('error')).toBe(
'Error fetching compliance frameworks data. Please refresh the page',
);
expect(Sentry.captureException.mock.calls[0][0]).toStrictEqual(
new Error('Error fetching compliance frameworks data. Please refresh the page'),
);
});
it('passes the error to the form if the existing framework query fails', async () => {
jest.spyOn(Sentry, 'captureException');
wrapper = createComponent([[getComplianceFrameworkQuery, fetchWithErrors]]);
await waitForPromises();
expect(fetchWithErrors).toHaveBeenCalledTimes(1);
expect(findForm().props('loading')).toBe(false);
expect(findForm().props('renderForm')).toBe(false);
expect(findForm().props('error')).toBe(
'Error fetching compliance frameworks data. Please refresh the page',
);
expect(Sentry.captureException.mock.calls[0][0].networkError).toBe(sentryError);
});
});
describe('onSubmit', () => {
const name = 'Test';
const description = 'Test description';
const color = '#000000';
const updateProps = {
input: {
id: 'gid://gitlab/ComplianceManagement::Framework/1',
params: {
name,
description,
color,
},
},
};
it('passes the error to the form when saving causes an exception and does not redirect', async () => {
jest.spyOn(Sentry, 'captureException');
wrapper = createComponent([
[getComplianceFrameworkQuery, fetchOne],
[updateComplianceFrameworkMutation, updateWithNetworkErrors],
]);
await waitForPromises();
findForm().vm.$emit('submit', { name, description, color });
await waitForPromises();
expect(updateWithNetworkErrors).toHaveBeenCalledWith(updateProps);
expect(findForm().props('loading')).toBe(false);
expect(findForm().props('renderForm')).toBe(true);
expect(visitUrl).not.toHaveBeenCalled();
expect(findForm().props('error')).toBe(
'Unable to save this compliance framework. Please try again',
);
expect(Sentry.captureException.mock.calls[0][0].networkError).toStrictEqual(sentryError);
});
it('passes the errors to the form when saving fails and does not redirect', async () => {
jest.spyOn(Sentry, 'captureException');
wrapper = createComponent([
[getComplianceFrameworkQuery, fetchOne],
[updateComplianceFrameworkMutation, updateWithErrors],
]);
await waitForPromises();
findForm().vm.$emit('submit', { name, description, color });
await waitForPromises();
expect(updateWithErrors).toHaveBeenCalledWith(updateProps);
expect(findForm().props('loading')).toBe(false);
expect(findForm().props('renderForm')).toBe(true);
expect(visitUrl).not.toHaveBeenCalled();
expect(findForm().props('error')).toBe('Invalid values given');
expect(Sentry.captureException.mock.calls[0][0]).toStrictEqual(sentrySaveError);
});
it('saves inputted values and redirects', async () => {
wrapper = createComponent([
[getComplianceFrameworkQuery, fetchOne],
[updateComplianceFrameworkMutation, update],
]);
await waitForPromises();
findForm().vm.$emit('submit', { name, description, color });
await waitForPromises();
expect(update).toHaveBeenCalledWith(updateProps);
expect(findForm().props('loading')).toBe(false);
expect(findForm().props('renderForm')).toBe(true);
expect(visitUrl).toHaveBeenCalledWith(propsData.groupEditPath);
});
});
});
import { createWrapper } from '@vue/test-utils';
import { createComplianceFrameworksFormApp } from 'ee/groups/settings/compliance_frameworks/init_form';
import CreateForm from 'ee/groups/settings/compliance_frameworks/components/create_form.vue';
import EditForm from 'ee/groups/settings/compliance_frameworks/components/edit_form.vue';
import { suggestedLabelColors } from './mock_data';
describe('createComplianceFrameworksFormApp', () => {
let wrapper;
let el;
const groupEditPath = 'group-1/edit';
const groupPath = 'group-1';
const graphqlFieldName = 'field';
const testId = '1';
const findFormApp = (form) => wrapper.find(form);
const setUpDocument = (id = null) => {
el = document.createElement('div');
el.setAttribute('data-group-edit-path', groupEditPath);
el.setAttribute('data-group-path', groupPath);
if (id) {
el.setAttribute('data-graphql-field-name', graphqlFieldName);
el.setAttribute('data-framework-id', id);
}
document.body.appendChild(el);
wrapper = createWrapper(createComplianceFrameworksFormApp(el));
};
beforeEach(() => {
gon.suggested_label_colors = suggestedLabelColors;
});
afterEach(() => {
wrapper.destroy();
wrapper = null;
el.remove();
el = null;
});
describe('CreateForm', () => {
beforeEach(() => {
setUpDocument();
});
it('parses and passes props', () => {
expect(findFormApp(CreateForm).props()).toMatchObject({
groupEditPath,
groupPath,
});
});
});
describe('EditForm', () => {
beforeEach(() => {
setUpDocument(testId);
});
it('parses and passes props', () => {
expect(findFormApp(EditForm).props()).toMatchObject({
groupEditPath,
groupPath,
id: testId,
});
});
});
});
export const suggestedLabelColors = {
'#000000': 'Black',
'#0033CC': 'UA blue',
'#428BCA': 'Moderate blue',
'#44AD8E': 'Lime green',
};
export const validFetchResponse = { export const validFetchResponse = {
data: { data: {
namespace: { namespace: {
...@@ -46,7 +53,28 @@ export const frameworkFoundResponse = { ...@@ -46,7 +53,28 @@ export const frameworkFoundResponse = {
name: 'GDPR', name: 'GDPR',
description: 'General Data Protection Regulation', description: 'General Data Protection Regulation',
color: '#1aaa55', color: '#1aaa55',
parsedId: 1, };
export const validFetchOneResponse = {
data: {
namespace: {
id: 'gid://gitlab/Group/1',
name: 'Group 1',
complianceFrameworks: {
nodes: [
{
id: 'gid://gitlab/ComplianceManagement::Framework/1',
name: 'GDPR',
description: 'General Data Protection Regulation',
color: '#1aaa55',
__typename: 'ComplianceFramework',
},
],
__typename: 'ComplianceFrameworkConnection',
},
__typename: 'Namespace',
},
},
}; };
export const validCreateResponse = { export const validCreateResponse = {
...@@ -74,3 +102,23 @@ export const errorCreateResponse = { ...@@ -74,3 +102,23 @@ export const errorCreateResponse = {
}, },
}, },
}; };
export const validUpdateResponse = {
data: {
updateComplianceFramework: {
clientMutationId: null,
errors: [],
__typename: 'UpdateComplianceFrameworkPayload',
},
},
};
export const errorUpdateResponse = {
data: {
updateComplianceFramework: {
clientMutationId: null,
errors: ['Invalid values given'],
__typename: 'UpdateComplianceFrameworkPayload',
},
},
};
...@@ -49,6 +49,20 @@ RSpec.describe ObjectStoreSettings do ...@@ -49,6 +49,20 @@ RSpec.describe ObjectStoreSettings do
} }
end end
shared_examples 'consolidated settings for objects accelerated by Workhorse' do
it 'consolidates active object storage settings' do
described_class::WORKHORSE_ACCELERATED_TYPES.each do |object_type|
# Use to_h to avoid https://gitlab.com/gitlab-org/gitlab/-/issues/286873
section = subject.try(object_type).to_h
next unless section.dig('object_store', 'enabled')
expect(section['object_store']['connection']).to eq(connection)
expect(section['object_store']['consolidated_settings']).to be true
end
end
end
it 'sets correct default values' do it 'sets correct default values' do
subject subject
...@@ -77,9 +91,7 @@ RSpec.describe ObjectStoreSettings do ...@@ -77,9 +91,7 @@ RSpec.describe ObjectStoreSettings do
expect(settings.pages['object_store']['consolidated_settings']).to be true expect(settings.pages['object_store']['consolidated_settings']).to be true
expect(settings.external_diffs['enabled']).to be false expect(settings.external_diffs['enabled']).to be false
expect(settings.external_diffs['object_store']['enabled']).to be false expect(settings.external_diffs['object_store']).to be_nil
expect(settings.external_diffs['object_store']['remote_directory']).to eq('external_diffs')
expect(settings.external_diffs['object_store']['consolidated_settings']).to be true
end end
it 'raises an error when a bucket is missing' do it 'raises an error when a bucket is missing' do
...@@ -95,8 +107,10 @@ RSpec.describe ObjectStoreSettings do ...@@ -95,8 +107,10 @@ RSpec.describe ObjectStoreSettings do
expect(settings.pages['object_store']).to eq(nil) expect(settings.pages['object_store']).to eq(nil)
end end
it 'allows pages to define its own connection' do context 'GitLab Pages' do
pages_connection = { 'provider' => 'Google', 'google_application_default' => true } let(:pages_connection) { { 'provider' => 'Google', 'google_application_default' => true } }
before do
config['pages'] = { config['pages'] = {
'enabled' => true, 'enabled' => true,
'object_store' => { 'object_store' => {
...@@ -104,20 +118,38 @@ RSpec.describe ObjectStoreSettings do ...@@ -104,20 +118,38 @@ RSpec.describe ObjectStoreSettings do
'connection' => pages_connection 'connection' => pages_connection
} }
} }
end
expect { subject }.not_to raise_error it_behaves_like 'consolidated settings for objects accelerated by Workhorse'
described_class::WORKHORSE_ACCELERATED_TYPES.each do |object_type| it 'allows pages to define its own connection' do
section = settings.try(object_type) expect { subject }.not_to raise_error
next unless section expect(settings.pages['object_store']['connection']).to eq(pages_connection)
expect(settings.pages['object_store']['consolidated_settings']).to be_falsey
end
end
expect(section['object_store']['connection']).to eq(connection) context 'when object storage is selectively disabled for artifacts' do
expect(section['object_store']['consolidated_settings']).to be true before do
config['artifacts'] = {
'enabled' => true,
'object_store' => {
'enabled' => false
}
}
end end
expect(settings.pages['object_store']['connection']).to eq(pages_connection) it_behaves_like 'consolidated settings for objects accelerated by Workhorse'
expect(settings.pages['object_store']['consolidated_settings']).to be_falsey
it 'does not enable consolidated settings for artifacts' do
subject
expect(settings.artifacts['enabled']).to be true
expect(settings.artifacts['object_store']['remote_directory']).to be_nil
expect(settings.artifacts['object_store']['enabled']).to be_falsey
expect(settings.artifacts['object_store']['consolidated_settings']).to be_falsey
end
end end
context 'with legacy config' do context 'with legacy config' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment