Commit 396ad861 authored by GitLab Bot's avatar GitLab Bot

Add latest changes from gitlab-org/gitlab@master

parent abae8f34
......@@ -3,23 +3,12 @@
module Projects
module Settings
class IntegrationsController < Projects::ApplicationController
include ServiceParams
before_action :authorize_admin_project!
layout "project_settings"
def show
@services = @project.find_or_initialize_services(exceptions: service_exceptions)
end
private
# Returns a list of services that should be hidden from the list
def service_exceptions
@project.disabled_services.dup
@services = @project.find_or_initialize_services
end
end
end
end
Projects::Settings::IntegrationsController.prepend_if_ee('EE::Projects::Settings::IntegrationsController')
# frozen_string_literal: true
class GroupMembersFinder < UnionFinder
include CreatedAtFilter
# Params can be any of the following:
# two_factor: string. 'enabled' or 'disabled' are returning different set of data, other values are not effective.
# sort: string
# search: string
# created_after: datetime
# created_before: datetime
def initialize(group, user = nil)
@group = group
......@@ -15,6 +19,7 @@ class GroupMembersFinder < UnionFinder
def execute(include_relations: [:inherited, :direct], params: {})
group_members = group.members
relations = []
@params = params
return group_members if include_relations == [:direct]
......@@ -39,15 +44,15 @@ class GroupMembersFinder < UnionFinder
return GroupMember.none if relations.empty?
members = find_union(relations, GroupMember)
filter_members(members, params)
filter_members(members)
end
# rubocop: enable CodeReuse/ActiveRecord
private
attr_reader :user, :group
attr_reader :user, :group, :params
def filter_members(members, params)
def filter_members(members)
members = members.search(params[:search]) if params[:search].present?
members = members.sort_by_attribute(params[:sort]) if params[:sort].present?
......@@ -55,7 +60,7 @@ class GroupMembersFinder < UnionFinder
members = members.filter_by_2fa(params[:two_factor])
end
members
by_created_at(members)
end
def can_manage_members
......
......@@ -2,6 +2,7 @@
class GroupMember < Member
include FromUnion
include CreatedAtFilterable
SOURCE_TYPE = 'Namespace'
......
......@@ -1238,14 +1238,12 @@ class Project < ApplicationRecord
update_column(:has_external_wiki, services.external_wikis.any?) if Gitlab::Database.read_write?
end
def find_or_initialize_services(exceptions: [])
available_services_names = Service.available_services_names - exceptions
def find_or_initialize_services
available_services_names = Service.available_services_names - disabled_services
available_services = available_services_names.map do |service_name|
available_services_names.map do |service_name|
find_or_initialize_service(service_name)
end
available_services.compact
end
def disabled_services
......@@ -1258,13 +1256,11 @@ class Project < ApplicationRecord
service = find_service(services, name)
return service if service
# We should check if template for the service exists
template = find_service(services_templates, name)
if template
Service.build_from_template(id, template)
else
# If no template, we should create an instance. Ex `build_gitlab_ci_service`
public_send("build_#{name}_service") # rubocop:disable GitlabSecurity/PublicSend
end
end
......@@ -1278,10 +1274,6 @@ class Project < ApplicationRecord
end
# rubocop: enable CodeReuse/ServiceClass
def find_service(list, name)
list.find { |service| service.to_param == name }
end
def ci_services
services.where(category: :ci)
end
......@@ -2422,6 +2414,10 @@ class Project < ApplicationRecord
private
def find_service(services, name)
services.find { |service| service.to_param == name }
end
def closest_namespace_setting(name)
namespace.closest_setting(name)
end
......
......@@ -348,7 +348,7 @@ class Service < ApplicationRecord
service.template = false
service.project_id = project_id
service.active = false if service.active? && !service.valid?
service.active = false if service.active? && service.invalid?
service
end
......
......@@ -16,8 +16,8 @@ class SystemNoteMetadata < ApplicationRecord
ICON_TYPES = %w[
commit description merge confidential visible label assignee cross_reference
title time_tracking branch milestone discussion task moved
opened closed merged duplicate locked unlocked
outdated tag due_date pinned_embed cherry_pick
opened closed merged duplicate locked unlocked outdated
tag due_date pinned_embed cherry_pick health_status
].freeze
validates :note, presence: true
......
---
title: Update detected languages for dependency scanning in no dind mode
merge_request: 27723
author:
type: fixed
......@@ -42,7 +42,7 @@ Search queries are generated by the concerns found in [ee/app/models/concerns/el
## Existing Analyzers/Tokenizers/Filters
These are all defined in <https://gitlab.com/gitlab-org/gitlab/blob/master/ee/lib/elasticsearch/git/model.rb>
These are all defined in [ee/lib/elastic/latest/config.rb](https://gitlab.com/gitlab-org/gitlab/blob/master/ee/lib/elastic/latest/config.rb)
### Analyzers
......
......@@ -36,7 +36,8 @@ Access the default page for admin area settings by navigating to
| [Slack application](../../../user/project/integrations/gitlab_slack_application.md#configuration) **(FREE ONLY)** | Slack integration allows you to interact with GitLab via slash commands in a chat window. This option is only available on GitLab.com, though it may be [available for self-managed instances in the future](https://gitlab.com/gitlab-org/gitlab/-/issues/28164). |
| [Third party offers](third_party_offers.md) | Control the display of third party offers. |
| [Snowplow](../../../telemetry/index.md#enabling-tracking) | Configure the Snowplow integration. |
| [Amazon EKS](../../project/clusters/add_new_eks_cluster.md#additional-requirements-for-self-managed-instances-core-only) | Amazon EKS integration allows you to provision EKS clusters from GitLab. |
| [Google GKE](../../project/clusters/add_gke_clusters.md) | Google GKE integration allows you to provision GKE clusters from GitLab. |
| [Amazon EKS](../../project/clusters/add_eks_clusters.md) | Amazon EKS integration allows you to provision EKS clusters from GitLab. |
## Repository
......@@ -45,7 +46,7 @@ Access the default page for admin area settings by navigating to
| [Repository mirror](visibility_and_access_controls.md#allow-mirrors-to-be-set-up-for-projects) | Configure repository mirroring. |
| [Repository storage](../../../administration/repository_storage_types.md#how-to-migrate-to-hashed-storage) | Configure storage path settings. |
| Repository maintenance | ([Repository checks](../../../administration/repository_checks.md) and [Housekeeping](../../../administration/housekeeping.md)). Configure automatic Git checks and housekeeping on repositories. |
| [Repository static objects](../../../administration/static_objects_external_storage.md) | Serve repository static objects (e.g. archives, blobs, ...) from an external storage (e.g. a CDN). |
| [Repository static objects](../../../administration/static_objects_external_storage.md) | Serve repository static objects (for example, archives, blobs, ...) from an external storage (for example, a CDN). |
## Templates **(PREMIUM ONLY)**
......
......@@ -209,13 +209,14 @@ If you want to whitelist specific vulnerabilities, you'll need to:
in the [whitelist example file](https://github.com/arminc/clair-scanner/blob/v12/example-whitelist.yaml).
1. Add the `clair-whitelist.yml` file to the Git repository of your project.
### Running Container Scanning in an offline, air-gapped installation
### Running Container Scanning in an offline environment deployment
Container Scanning can be executed on an offline air-gapped GitLab Ultimate installation using the following process:
Container Scanning can be executed on an offline GitLab Ultimate installation by using the following process:
1. Host the following Docker images on a [local Docker container registry](../../packages/container_registry/index.md):
- [arminc/clair-db vulnerabilities database](https://hub.docker.com/r/arminc/clair-db)
- GitLab klar analyzer: `registry.gitlab.com/gitlab-org/security-products/analyzers/klar`
1. [Override the container scanning template](#overriding-the-container-scanning-template) in your `.gitlab-ci.yml` file to refer to the Docker images hosted on your local Docker container registry:
```yaml
......
......@@ -442,9 +442,9 @@ dast:
The DAST job does not require the project's repository to be present when running, so by default
[`GIT_STRATEGY`](../../../ci/yaml/README.md#git-strategy) is set to `none`.
## Running DAST in an offline air-gapped installation
## Running DAST in an offline environment deployment
DAST can be executed on an offline air-gapped GitLab Ultimate installation using the following process:
DAST can be executed on an offline GitLab Ultimate installation by using the following process:
1. Host the DAST image `registry.gitlab.com/gitlab-org/security-products/dast:latest` in your local
Docker container registry.
......
......@@ -226,7 +226,7 @@ must be created with the case-sensitive name `License-Check`. This approval grou
with the number of approvals required greater than zero.
Once this group is added to your project, the approval rule is enabled for all Merge Requests. To
configure how this rule behaves, you can choose which licenses to `approve` or `blacklist` in the
configure how this rule behaves, you can choose which licenses to `allow` or `deny` in the
[project policies for License Compliance](../compliance/license_compliance/index.md#project-policies-for-license-compliance)
section.
......@@ -234,13 +234,13 @@ Any code changes cause the approvals required to reset.
An approval is required when a license report:
- Contains a dependency that includes a software license that is `blacklisted`.
- Contains a dependency that includes a software license that is `denied`.
- Is not generated during pipeline execution.
An approval is optional when a license report:
- Contains no software license violations.
- Contains only new licenses that are `approved` or unknown.
- Contains only new licenses that are `allowed` or unknown.
## Working in an offline environment
......
......@@ -2,17 +2,26 @@
type: reference, howto
---
# Air-gapped (or offline) environment deployments
# Offline environment deployments
It is possible to run most of the GitLab security scanners when not
connected to the internet.
This document describes how to operate Secure scanners in an air-gapped or offline envionment. These instructions also apply to
self-managed installations that are secured, have security policies (e.g., firewall policies), or otherwise restricted from
accessing the full internet. These instructions are designed for physically disconnected networks,
but can also be followed in these other use cases.
This document describes how to operate Secure Categories (that is, scanner types) in an offline environment. These instructions also apply to
self-managed installations that are secured, have security policies (for example, firewall policies), or are otherwise restricted from
accessing the full internet. GitLab refers to these deployments as _offline environment deployments_.
Other common names include:
## Air-gapped (or offline) environments
- Air-gapped environments
- Limited connectivity environments
- Local area network (LAN) environments
- Intranet environments
These environments have physical barriers or security policies (for example, firewalls) that prevent
or limit internet access. These instructions are designed for physically disconnected networks, but
can also be followed in these other use cases.
## Offline environments
In this situation, the GitLab instance can be one or more servers and services that can communicate
on a local network, but with no or very restricted access to the internet. Assume anything within
......@@ -64,6 +73,6 @@ hosted within your network.
Each individual scanner may be slightly different than the steps described
above. You can find more info at each of the pages below:
- [Container scanning offline directions](../container_scanning/index.md#running-container-scanning-in-an-offline-air-gapped-installation)
- [SAST offline directions](../sast/index.md#gitlab-sast-in-an-offline-air-gapped-installation)
- [DAST offline directions](../dast/index.md#running-dast-in-an-offline-air-gapped-installation)
- [Container scanning offline directions](../container_scanning/index.md#running-container-scanning-in-an-offline-environment-deployment)
- [SAST offline directions](../sast/index.md#gitlab-sast-in-an-offline-environment-deployment)
- [DAST offline directions](../dast/index.md#running-dast-in-an-offline-environment-deployment)
......@@ -491,7 +491,7 @@ Once a vulnerability is found, you can interact with it. Read more on how to
For more information about the vulnerabilities database update, check the
[maintenance table](../index.md#maintenance-and-update-of-the-vulnerabilities-database).
## GitLab SAST in an offline air-gapped installation
## GitLab SAST in an offline environment deployment
For self-managed GitLab instances in an environment with limited, restricted, or intermittent access
to external resources via the internet, some adjustments are required for the SAST job to
......
# Adding a new EKS Cluster
# Adding EKS clusters
GitLab supports adding new and existing EKS clusters.
## EKS requirements
......@@ -7,7 +9,7 @@ requirements are met:
- An [Amazon Web Services](https://aws.amazon.com/) account is set up and you are able to log in.
- You have permissions to manage IAM resources.
- If you want to use an [existing EKS cluster](add_new_eks_cluster.md#existing-eks-cluster):
- If you want to use an [existing EKS cluster](#existing-eks-cluster):
- An Amazon EKS cluster with worker nodes properly configured.
- `kubectl` [installed and configured](https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html#get-started-kubectl)
for access to the EKS cluster.
......@@ -48,9 +50,9 @@ Generate an access key for the IAM user, and configure GitLab with the credentia
To create and add a new Kubernetes cluster to your project, group, or instance:
1. Navigate to your:
- Project's **Operations > Kubernetes** page, for a project-level cluster.
- Group's **Kubernetes** page, for a group-level cluster.
- **Admin Area > Kubernetes** page, for an instance-level cluster.
- Project's **{cloud-gear}** **Operations > Kubernetes** page, for a project-level cluster.
- Group's **{cloud-gear}** **Kubernetes** page, for a group-level cluster.
- **{admin}** **Admin Area >** **{cloud-gear}** **Kubernetes**, for an instance-level cluster.
1. Click **Add Kubernetes cluster**.
1. Under the **Create new cluster** tab, click **Amazon EKS**. You will be provided with an
`Account ID` and `External ID` to use in the next step.
......@@ -246,9 +248,9 @@ To add an existing EKS cluster to your project, group, or instance:
1. Locate the the API server endpoint so GitLab can connect to the cluster. This is displayed on
the AWS EKS console, when viewing the EKS cluster details.
1. Navigate to your:
- Project's **Operations > Kubernetes** page, for a project-level cluster.
- Group's **Kubernetes** page, for a group-level cluster.
- **Admin Area > Kubernetes** page, for an instance-level cluster.
- Project's **{cloud-gear}** **Operations > Kubernetes** page, for a project-level cluster.
- Group's **{cloud-gear}** **Kubernetes** page, for a group-level cluster.
- **{admin}** **Admin Area >** **{cloud-gear}** **Kubernetes** page, for an instance-level cluster.
1. Click **Add Kubernetes cluster**.
1. Click the **Add existing cluster** tab and fill in the details:
- **Kubernetes cluster name**: A name for the cluster to identify it within GitLab.
......
# Adding a new GKE Cluster
# Adding GKE clusters
GitLab supports adding new and existing GKE clusters.
## GKE requirements
......@@ -39,9 +41,9 @@ Note the following:
To create and add a new Kubernetes cluster to your project, group, or instance:
1. Navigate to your:
- Project's **Operations > Kubernetes** page, for a project-level cluster.
- Group's **Kubernetes** page, for a group-level cluster.
- **Admin Area > Kubernetes** page, for an instance-level cluster.
- Project's **{cloud-gear}** **Operations > Kubernetes** page, for a project-level cluster.
- Group's **{cloud-gear}** **Kubernetes** page, for a group-level cluster.
- **{admin}** **Admin Area >** **{cloud-gear}** **Kubernetes** page, for an instance-level cluster.
1. Click **Add Kubernetes cluster**.
1. Under the **Create new cluster** tab, click **Google GKE**.
1. Connect your Google account if you haven't done already by clicking the
......@@ -74,3 +76,8 @@ You can choose to use Cloud Run for Anthos in place of installing Knative and Is
separately after the cluster has been created. This means that Cloud Run
(Knative), Istio, and HTTP Load Balancing will be enabled on the cluster at
create time and cannot be [installed or uninstalled](../../clusters/applications.md) separately.
## Existing GKE cluster
For information on adding an existing GKE cluster, see
[Existing Kubernetes cluster](add_remove_clusters.md#existing-kubernetes-cluster).
......@@ -28,13 +28,6 @@ Before [adding a Kubernetes cluster](#add-new-cluster) using GitLab, you need:
- [Admin Area access](../../admin_area/index.md) for a self-managed instance-level
cluster. **(CORE ONLY)**
## Add new cluster
New clusters can be added using GitLab for:
- [Google Kubernetes Engine (GKE)](add_new_gke_cluster.md).
- [Amazon Elastic Kubernetes Service (EKS)](add_new_eks_cluster.md).
## Access controls
When creating a cluster in GitLab, you will be asked if you would like to create either:
......@@ -134,14 +127,21 @@ If you don't want to use GitLab Runner in privileged mode, either:
1. Installing a Runner
[using `docker+machine`](https://docs.gitlab.com/runner/executors/docker_machine.html).
## Add new cluster
New clusters can be added using GitLab for:
- [Google Kubernetes Engine (GKE)](add_gke_clusters.md).
- [Amazon Elastic Kubernetes Service (EKS)](add_eks_clusters.md).
## Add existing cluster
If you have an existing Kubernetes cluster, you can add it to a project, group, or instance.
For more information, see information for adding an:
- [Existing Kubernetes cluster](#existing-kubernetes-cluster).
- [Existing Elastic Kubernetes Service cluster](add_new_eks_cluster.md#existing-eks-cluster).
- [Existing Kubernetes cluster](#existing-kubernetes-cluster), including GKE clusters.
- [Existing EKS cluster](add_eks_clusters.md#existing-eks-cluster).
NOTE: **Note:**
Kubernetes integration is not supported for arm64 clusters. See the issue
......@@ -152,9 +152,9 @@ Kubernetes integration is not supported for arm64 clusters. See the issue
To add a Kubernetes cluster to your project, group, or instance:
1. Navigate to your:
- Project's **Operations > Kubernetes** page, for a project-level cluster.
- Group's **Kubernetes** page, for a group-level cluster.
- **Admin Area > Kubernetes** page, for an instance-level cluster.
- Project's **{cloud-gear}** **Operations > Kubernetes** page, for a project-level cluster.
- Group's **{cloud-gear}** **Kubernetes** page, for a group-level cluster.
- **{admin}** **Admin Area >** **{cloud-gear}** **Kubernetes** page, for an instance-level cluster.
1. Click **Add Kubernetes cluster**.
1. Click the **Add existing cluster** tab and fill in the details:
- **Kubernetes cluster name** (required) - The name you wish to give the cluster.
......@@ -162,8 +162,8 @@ To add a Kubernetes cluster to your project, group, or instance:
[associated environment](index.md#setting-the-environment-scope-premium) to this cluster.
- **API URL** (required) -
It's the URL that GitLab uses to access the Kubernetes API. Kubernetes
exposes several APIs, we want the "base" URL that is common to all of them,
e.g., `https://kubernetes.example.com` rather than `https://kubernetes.example.com/api/v1`.
exposes several APIs, we want the "base" URL that is common to all of them.
For example, `https://kubernetes.example.com` rather than `https://kubernetes.example.com/api/v1`.
Get the API URL by running this command:
......
---
redirect_to: '../add_new_eks_cluster.md#existing-eks-cluster'
redirect_to: '../add_eks_clusters.md#existing-eks-cluster'
---
This document was moved to [another location](../add_new_eks_cluster.md#existing-eks-cluster).
This document was moved to [another location](../add_eks_clusters.md#existing-eks-cluster).
......@@ -238,7 +238,7 @@ The result will then be:
With GitLab Premium, you can associate more than one Kubernetes cluster to your
project. That way you can have different clusters for different environments,
like dev, staging, production, etc.
like dev, staging, production, and so on.
Simply add another cluster, like you did the first time, and make sure to
[set an environment scope](#setting-the-environment-scope-premium) that will
......@@ -247,7 +247,7 @@ differentiate the new cluster with the rest.
## Installing applications
GitLab can install and manage some applications like Helm, GitLab Runner, Ingress,
Prometheus, etc., in your project-level cluster. For more information on
Prometheus, and so on, in your project-level cluster. For more information on
installing, upgrading, uninstalling, and troubleshooting applications for
your project cluster, see
[GitLab Managed Apps](../../clusters/applications.md).
......
......@@ -109,7 +109,7 @@ gemnasium-maven-dependency_scanning:
variables:
- $GITLAB_FEATURES =~ /\bdependency_scanning\b/ &&
$DS_DEFAULT_ANALYZERS =~ /gemnasium-maven/ &&
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /\bjava\b/
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /\b(java|scala)\b/
gemnasium-python-dependency_scanning:
extends: .ds-analyzer
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment