Commit 5c5d34f4 authored by Suzanne Selhorn's avatar Suzanne Selhorn

Merge branch 'master' into 'master'

Fix Vale issues for unit_test_reports.md and ssh_certificates.md

See merge request gitlab-org/gitlab!60215
parents ed5a3828 e9204e24
...@@ -110,10 +110,10 @@ Where `{KEY_ID}` is the `%i` argument passed to the script ...@@ -110,10 +110,10 @@ Where `{KEY_ID}` is the `%i` argument passed to the script
(e.g. `aeanfjord`), and `{PRINCIPAL}` is the principal passed to it (e.g. `aeanfjord`), and `{PRINCIPAL}` is the principal passed to it
(e.g. `sshUsers`). (e.g. `sshUsers`).
You will need to customize the `sshUsers` part of that. It should be You need to customize the `sshUsers` part of that. It should be
some principal that's guaranteed to be part of the key for all users some principal that's guaranteed to be part of the key for all users
who can log in to GitLab, or you must provide a list of principals, who can log in to GitLab, or you must provide a list of principals,
one of which is going to be present for the user, e.g.: one of which is present for the user, e.g.:
```plaintext ```plaintext
[...] [...]
...@@ -122,7 +122,7 @@ one of which is going to be present for the user, e.g.: ...@@ -122,7 +122,7 @@ one of which is going to be present for the user, e.g.:
## Principals and security ## Principals and security
You can supply as many principals as you want, these will be turned You can supply as many principals as you want, these are turned
into multiple lines of `authorized_keys` output, as described in the into multiple lines of `authorized_keys` output, as described in the
`AuthorizedPrincipalsFile` documentation in `sshd_config(5)`. `AuthorizedPrincipalsFile` documentation in `sshd_config(5)`.
...@@ -130,32 +130,32 @@ Normally when using the `AuthorizedKeysCommand` with OpenSSH the ...@@ -130,32 +130,32 @@ Normally when using the `AuthorizedKeysCommand` with OpenSSH the
principal is some "group" that's allowed to log into that principal is some "group" that's allowed to log into that
server. However with GitLab it's only used to appease OpenSSH's server. However with GitLab it's only used to appease OpenSSH's
requirement for it, we effectively only care about the "key ID" being requirement for it, we effectively only care about the "key ID" being
correct. Once that's extracted GitLab will enforce its own ACLs for correct. Once that's extracted GitLab enforces its own ACLs for
that user (e.g. what projects the user can access). that user (e.g. what projects the user can access).
So it's OK to e.g. be overly generous in what you accept, since if the So it's OK to e.g. be overly generous in what you accept, since if the
user e.g. has no access to GitLab at all it'll just error out with a user e.g. has no access to GitLab at all it just errors out with a
message about this being an invalid user. message about this being an invalid user.
## Interaction with the `authorized_keys` file ## Interaction with the `authorized_keys` file
SSH certificates can be used in conjunction with the `authorized_keys` SSH certificates can be used in conjunction with the `authorized_keys`
file, and if set up as configured above the `authorized_keys` file will file, and if set up as configured above the `authorized_keys` file
still serve as a fallback. still serves as a fallback.
This is because if the `AuthorizedPrincipalsCommand` can't This is because if the `AuthorizedPrincipalsCommand` can't
authenticate the user, OpenSSH will fall back on authenticate the user, OpenSSH falls back on
`~/.ssh/authorized_keys` (or the `AuthorizedKeysCommand`). `~/.ssh/authorized_keys` (or the `AuthorizedKeysCommand`).
Therefore there may still be a reason to use the ["Fast lookup of Therefore there may still be a reason to use the ["Fast lookup of
authorized SSH keys in the database"](fast_ssh_key_lookup.html) method authorized SSH keys in the database"](fast_ssh_key_lookup.html) method
in conjunction with this. Since you'll be using SSH certificates for in conjunction with this. Since you are using SSH certificates for
all your normal users, and relying on the `~/.ssh/authorized_keys` all your normal users, and relying on the `~/.ssh/authorized_keys`
fallback for deploy keys, if you make use of those. fallback for deploy keys, if you make use of those.
But you may find that there's no reason to do that, since all your But you may find that there's no reason to do that, since all your
normal users will use the fast `AuthorizedPrincipalsCommand` path, and normal users use the fast `AuthorizedPrincipalsCommand` path, and
only automated deployment key access will fall back on only automated deployment key access falls back on
`~/.ssh/authorized_keys`, or that you have a lot more keys for normal `~/.ssh/authorized_keys`, or that you have a lot more keys for normal
users (especially if they're renewed) than you have deploy keys. users (especially if they're renewed) than you have deploy keys.
...@@ -167,14 +167,14 @@ uploading an SSH public key to their profile, relying on the ...@@ -167,14 +167,14 @@ uploading an SSH public key to their profile, relying on the
currently no feature to prevent this, [but there's an open request for currently no feature to prevent this, [but there's an open request for
adding it](https://gitlab.com/gitlab-org/gitlab/-/issues/23260). adding it](https://gitlab.com/gitlab-org/gitlab/-/issues/23260).
Such a restriction can currently be hacked in by e.g. providing a Such a restriction can currently be hacked in by, for example, providing a
custom `AuthorizedKeysCommand` which checks if the discovered key-ID custom `AuthorizedKeysCommand` which checks if the discovered key-ID
returned from `gitlab-shell-authorized-keys-check` is a deploy key or returned from `gitlab-shell-authorized-keys-check` is a deploy key or
not (all non-deploy keys should be refused). not (all non-deploy keys should be refused).
## Disabling the global warning about users lacking SSH keys ## Disabling the global warning about users lacking SSH keys
By default GitLab will show a "You won't be able to pull or push By default GitLab shows a "You won't be able to pull or push
project code via SSH" warning to users who have not uploaded an SSH project code via SSH" warning to users who have not uploaded an SSH
key to their profile. key to their profile.
......
...@@ -11,12 +11,12 @@ type: reference ...@@ -11,12 +11,12 @@ type: reference
> - [Renamed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/39737) from JUnit test reports to Unit test reports in GitLab 13.4. > - [Renamed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/39737) from JUnit test reports to Unit test reports in GitLab 13.4.
It is very common that a [CI/CD pipeline](pipelines/index.md) contains a It is very common that a [CI/CD pipeline](pipelines/index.md) contains a
test job that will verify your code. test job that verifies your code.
If the tests fail, the pipeline fails and users get notified. The person that If the tests fail, the pipeline fails and users get notified. The person that
works on the merge request will have to check the job logs and see where the works on the merge request has to check the job logs and see where the
tests failed so that they can fix them. tests failed so that they can fix them.
You can configure your job to use Unit test reports, and GitLab will display a You can configure your job to use Unit test reports, and GitLab displays a
report on the merge request so that it's easier and faster to identify the report on the merge request so that it's easier and faster to identify the
failure without having to check the entire log. Unit test reports currently failure without having to check the entire log. Unit test reports currently
only support test reports in the JUnit report format. only support test reports in the JUnit report format.
...@@ -49,7 +49,7 @@ comparing the head and base branch's JUnit report format XML files, where: ...@@ -49,7 +49,7 @@ comparing the head and base branch's JUnit report format XML files, where:
The reports panel has a summary showing how many tests failed, how many had errors The reports panel has a summary showing how many tests failed, how many had errors
and how many were fixed. If no comparison can be done because data for the base branch and how many were fixed. If no comparison can be done because data for the base branch
is not available, the panel will just show the list of failed tests for head. is not available, the panel just shows the list of failed tests for head.
There are four types of results: There are four types of results:
...@@ -59,8 +59,8 @@ There are four types of results: ...@@ -59,8 +59,8 @@ There are four types of results:
1. **Existing failures:** Test cases which failed on base branch and failed on head branch 1. **Existing failures:** Test cases which failed on base branch and failed on head branch
1. **Resolved failures:** Test cases which failed on base branch and passed on head branch 1. **Resolved failures:** Test cases which failed on base branch and passed on head branch
Each entry in the panel will show the test name and its type from the list Each entry in the panel shows the test name and its type from the list
above. Clicking on the test name will open a modal window with details of its above. Clicking on the test name opens a modal window with details of its
execution time and the error output. execution time and the error output.
![Test Reports Widget](img/junit_test_report.png) ![Test Reports Widget](img/junit_test_report.png)
...@@ -115,7 +115,7 @@ ruby: ...@@ -115,7 +115,7 @@ ruby:
### Go example ### Go example
Use the following job in `.gitlab-ci.yml`, and ensure you use `-set-exit-code`, Use the following job in `.gitlab-ci.yml`, and ensure you use `-set-exit-code`,
otherwise the pipeline will be marked successful, even if the tests fail: otherwise the pipeline is marked successful, even if the tests fail:
```yaml ```yaml
## Use https://github.com/jstemmer/go-junit-report to generate a JUnit report format XML file with go ## Use https://github.com/jstemmer/go-junit-report to generate a JUnit report format XML file with go
...@@ -137,7 +137,7 @@ There are a few tools that can produce JUnit report format XML file in Java. ...@@ -137,7 +137,7 @@ There are a few tools that can produce JUnit report format XML file in Java.
#### Gradle #### Gradle
In the following example, `gradle` is used to generate the test reports. In the following example, `gradle` is used to generate the test reports.
If there are multiple test tasks defined, `gradle` will generate multiple If there are multiple test tasks defined, `gradle` generates multiple
directories under `build/test-results/`. In that case, you can leverage glob directories under `build/test-results/`. In that case, you can leverage glob
matching by defining the following path: `build/test-results/test/**/TEST-*.xml`: matching by defining the following path: `build/test-results/test/**/TEST-*.xml`:
...@@ -198,8 +198,8 @@ There are a few tools that can produce JUnit report format XML files in C/C++. ...@@ -198,8 +198,8 @@ There are a few tools that can produce JUnit report format XML files in C/C++.
In the following example, `gtest` is used to generate the test reports. In the following example, `gtest` is used to generate the test reports.
If there are multiple `gtest` executables created for different architectures (`x86`, `x64` or `arm`), If there are multiple `gtest` executables created for different architectures (`x86`, `x64` or `arm`),
you will be required to run each test providing a unique filename. The results you are required to run each test providing a unique filename. The results
will then be aggregated together. are then be aggregated together.
```yaml ```yaml
cpp: cpp:
...@@ -313,8 +313,8 @@ test: ...@@ -313,8 +313,8 @@ test:
> - The feature flag was removed and the feature was [made generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/216478) in GitLab 13.3. > - The feature flag was removed and the feature was [made generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/216478) in GitLab 13.3.
If JUnit report format XML files are generated and uploaded as part of a pipeline, these reports If JUnit report format XML files are generated and uploaded as part of a pipeline, these reports
can be viewed inside the pipelines details page. The **Tests** tab on this page will can be viewed inside the pipelines details page. The **Tests** tab on this page
display a list of test suites and cases reported from the XML file. displays a list of test suites and cases reported from the XML file.
![Test Reports Widget](img/pipelines_junit_test_report_v13_10.png) ![Test Reports Widget](img/pipelines_junit_test_report_v13_10.png)
...@@ -340,7 +340,7 @@ If parsing JUnit report XML results in an error, an indicator is shown next to t ...@@ -340,7 +340,7 @@ If parsing JUnit report XML results in an error, an indicator is shown next to t
WARNING: WARNING:
This feature might not be available to you. Check the **version history** note above for details. This feature might not be available to you. Check the **version history** note above for details.
When [this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/6061) is complete, the attached file will be visible on the pipeline details page. When [this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/6061) is complete, the attached file is visible on the pipeline details page.
If JUnit report format XML files contain an `attachment` tag, GitLab parses the attachment. If JUnit report format XML files contain an `attachment` tag, GitLab parses the attachment.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment