Commit 60877d1b authored by GitLab Bot's avatar GitLab Bot

Add latest changes from gitlab-org/gitlab@master

parent 75687c79
......@@ -457,7 +457,7 @@ The replication process is now complete.
## PgBouncer support (optional)
[PgBouncer](http://pgbouncer.github.io/) may be used with GitLab Geo to pool
[PgBouncer](https://www.pgbouncer.org/) may be used with GitLab Geo to pool
PostgreSQL connections. We recommend using PgBouncer if you use GitLab in a
high-availability configuration with a cluster of nodes supporting a Geo
**primary** node and another cluster of nodes supporting a Geo **secondary** node. For more
......
......@@ -4,7 +4,7 @@ type: reference
# Working with the bundle PgBouncer service
As part of its High Availability stack, GitLab Premium includes a bundled version of [PgBouncer](https://pgbouncer.github.io/) that can be managed through `/etc/gitlab/gitlab.rb`.
As part of its High Availability stack, GitLab Premium includes a bundled version of [PgBouncer](https://www.pgbouncer.org/) that can be managed through `/etc/gitlab/gitlab.rb`.
In a High Availability setup, PgBouncer is used to seamlessly migrate database connections between servers in a failover scenario.
......@@ -177,7 +177,7 @@ If you enable Monitoring, it must be enabled on **all** PgBouncer servers.
#### Administrative console
As part of Omnibus GitLab, we provide a command `gitlab-ctl pgb-console` to automatically connect to the PgBouncer administrative console. Please see the [PgBouncer documentation](https://pgbouncer.github.io/usage.html#admin-console) for detailed instructions on how to interact with the console.
As part of Omnibus GitLab, we provide a command `gitlab-ctl pgb-console` to automatically connect to the PgBouncer administrative console. Please see the [PgBouncer documentation](https://www.pgbouncer.org/usage.html#admin-console) for detailed instructions on how to interact with the console.
To start a session, run
......
......@@ -491,7 +491,7 @@ multiple machines with the Sentinel daemon.
1. **You can omit this step if the Sentinels will be hosted in the same node as
the other Redis instances.**
[Download/install](https://about.gitlab.com/downloads-ee) the
[Download/install](https://about.gitlab.com/install/) the
Omnibus GitLab Enterprise Edition package using **steps 1 and 2** from the
GitLab downloads page.
- Make sure you select the correct Omnibus package, with the same version
......
......@@ -877,6 +877,6 @@ The above image shows:
- The HEAD request to the AWS bucket reported a 403 Unauthorized.
What does this mean? This strongly suggests that the S3 user does not have the right
[permissions to perform a HEAD request](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectHEAD.html).
[permissions to perform a HEAD request](https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadObject.html).
The solution: check the [IAM permissions again](https://docs.docker.com/registry/storage-drivers/s3/).
Once the right permissions were set, the error will go away.
......@@ -605,7 +605,7 @@ Set Jira service for a project.
> Starting with GitLab 8.14, `api_url`, `issues_url`, `new_issue_url` and
> `project_url` are replaced by `url`. If you are using an
> older version, [follow this documentation][old-jira-api].
> older version, [follow this documentation](https://gitlab.com/gitlab-org/gitlab/blob/8-13-stable-ee/doc/api/services.md#jira).
```
PUT /projects/:id/services/jira
......@@ -1224,9 +1224,6 @@ Get Jenkins CI (Deprecated) service settings for a project.
GET /projects/:id/services/jenkins-deprecated
```
[jira-doc]: ../user/project/integrations/jira.md
[old-jira-api]: https://gitlab.com/gitlab-org/gitlab/blob/8-13-stable/doc/api/services.md#jira
## MockCI
Mock an external CI. See [`gitlab-org/gitlab-mock-ci-service`](https://gitlab.com/gitlab-org/gitlab-mock-ci-service) for an example of a companion mock service.
......
......@@ -174,7 +174,7 @@ support this.
The above command will register a new Runner to use the special
`docker:19.03.1` image, which is provided by Docker. **Notice that it's
using the `privileged` mode to start the build and service
containers.** If you want to use [docker-in-docker] mode, you always
containers.** If you want to use [docker-in-docker](https://www.docker.com/blog/docker-can-now-run-within-docker/) mode, you always
have to use `privileged = true` in your Docker containers.
This will also mount `/certs/client` for the service and build
......@@ -723,7 +723,6 @@ or [Kubernetes](https://docs.gitlab.com/runner/executors/kubernetes.html) execut
make sure that [`pull_policy`](https://docs.gitlab.com/runner/executors/docker.html#how-pull-policies-work)
is set to `always`.
[docker-in-docker]: https://blog.docker.com/2013/09/docker-can-now-run-within-docker/
[docker-cap]: https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities
[2fa]: ../../user/profile/account/two_factor_authentication.md
[pat]: ../../user/profile/personal_access_tokens.md
......
......@@ -999,12 +999,11 @@ docker build:
when: delayed
start_in: '3 hours'
- when: on_success # Otherwise include the job and set to run normally
```
Additional job configuration may be added to rules in the future. If something
useful isn't available, please
[open an issue](https://www.gitlab.com/gitlab-org/gitlab/issues).
[open an issue](https://gitlab.com/gitlab-org/gitlab/issues).
### `tags`
......
# Flows in GitLab QA
Flows are frequently used sequences of actions. They are a higher level
of abstraction than page objects. Flows can include multiple page objects,
or any other relevant code.
For example, the sign in flow encapsulates two steps that are included
in every browser UI test.
```ruby
# QA::Flow::Login
def sign_in(as: nil)
Runtime::Browser.visit(:gitlab, Page::Main::Login)
Page::Main::Login.perform { |login| login.sign_in_using_credentials(user: as) }
end
# When used in a test
it 'performs a test after signing in as the default user' do
Flow::Login.sign_in
# Perform the test
end
```
`QA::Flow::Login` provides an even more useful flow, allowing a test to easily switch users.
```ruby
# QA::Flow::Login
def while_signed_in(as: nil)
Page::Main::Menu.perform(&:sign_out_if_signed_in)
sign_in(as: as)
yield
Page::Main::Menu.perform(&:sign_out)
end
# When used in a test
it 'performs a test as one user and verifies as another' do
user1 = Resource::User.fabricate_or_use(Runtime::Env.gitlab_qa_username_1, Runtime::Env.gitlab_qa_password_1)
user2 = Resource::User.fabricate_or_use(Runtime::Env.gitlab_qa_username_2, Runtime::Env.gitlab_qa_password_2)
Flow::Login.while_signed_in(as: user1) do
# Perform some setup as user1
end
Flow::Login.sign_in(as: user2)
# Perform the rest of the test as user2
end
```
......@@ -131,6 +131,7 @@ Continued reading:
- [Style Guide](style_guide.md)
- [Best Practices](best_practices.md)
- [Testing with feature flags](feature_flags.md)
- [Flows](flows.md)
## Where can I ask for help?
......
......@@ -24,7 +24,7 @@ Bitbucket.org.
GitLab 8.15 significantly simplified the way to integrate Bitbucket.org with
GitLab. You are encouraged to upgrade your GitLab instance if you haven't done so
already. If you're using GitLab 8.14 or below, [use the previous integration
docs][bb-old].
docs](https://gitlab.com/gitlab-org/gitlab/blob/8-14-stable-ee/doc/integration/bitbucket.md).
To enable the Bitbucket OmniAuth provider you must register your application
with Bitbucket.org. Bitbucket will generate an application ID and secret key for
......@@ -135,9 +135,6 @@ GitLab and [start importing your projects][bb-import].
If you want to import projects from Bitbucket, but don't want to enable signing in,
you can [disable Sign-Ins in the admin panel](omniauth.md#enable-or-disable-sign-in-with-an-omniauth-provider-without-disabling-import-sources).
[init-oauth]: omniauth.md#initial-omniauth-configuration
[bb-import]: ../user/project/import/bitbucket.md
[bb-old]: https://gitlab.com/gitlab-org/gitlab/blob/8-14-stable/doc/integration/bitbucket.md
[bitbucket-docs]: https://confluence.atlassian.com/bitbucket/use-the-ssh-protocol-with-bitbucket-cloud-221449711.html#UsetheSSHprotocolwithBitbucketCloud-KnownhostorBitbucket%27spublickeyfingerprints
[reconfigure GitLab]: ../administration/restart_gitlab.md#omnibus-gitlab-reconfigure
[restart]: ../administration/restart_gitlab.md#installations-from-source
......@@ -572,7 +572,7 @@ installations from source. Restart Unicorn using the `sudo gitlab-ctl restart un
command on Omnibus installations and `sudo service gitlab restart` on installations
from source.
You may also find the [SSO Tracer](https://addons.mozilla.org/en-US/firefox/addon/sso-tracer/)
You may also find the [SAML Tracer](https://addons.mozilla.org/en-US/firefox/addon/saml-tracer/)
(Firefox) and [SAML Chrome Panel](https://chrome.google.com/webstore/detail/saml-chrome-panel/paijfdbeoenhembfhkhllainmocckace)
(Chrome) browser extensions useful in your debugging.
......
......@@ -8,7 +8,7 @@ To enable UltraAuth OmniAuth provider, you must use UltraAuth's credentials for
To get the credentials (a pair of Client ID and Client Secret), you must register an application on UltraAuth.
1. Sign in to [UltraAuth](https://ultraauth.com).
1. Navigate to [Create an App](https://ultraauth.com/select-strategy) and click on "Ruby on Rails".
1. Navigate to **Create an App** and click on **Ruby on Rails**.
1. Scroll down the page that is displayed to locate the **Client ID** and **Client Secret**.
Keep this page open as you continue configuration.
......
......@@ -112,7 +112,7 @@ To make full use of Auto DevOps, you will need:
NOTE: **Note:**
If you are using your own Ingress instead of the one provided by GitLab's managed
apps, ensure you are running at least version 0.9.0 of NGINX Ingress and
[enable Prometheus metrics](https://github.com/kubernetes/ingress-nginx/blob/master/docs/examples/customization/custom-vts-metrics-prometheus/nginx-vts-metrics-conf.yaml)
[enable Prometheus metrics](https://github.com/helm/charts/tree/master/stable/nginx-ingress#prometheus-metrics)
in order for the response metrics to appear. You will also have to
[annotate](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
the NGINX Ingress deployment to be scraped by Prometheus using
......@@ -698,6 +698,27 @@ workers:
terminationGracePeriodSeconds: 60
```
#### Running commands in the container
Applications built with [Auto Build](#auto-build) using Herokuish, the default
unless you have [a custom Dockerfile](#auto-build-using-a-dockerfile), may require
commands to be wrapped as follows:
```shell
/bin/herokuish procfile exec $COMMAND
```
This might be neccessary, for example, when:
- Attaching using `kubectl exec`.
- Using GitLab's [Web Terminal](../../ci/environments.md#web-terminals).
For example, to start a Rails console from the application root directory, run:
```sh
/bin/herokuish procfile exec bin/rails c
```
### Auto Monitoring
Once your application is deployed, Auto Monitoring makes it possible to monitor
......
......@@ -4,13 +4,17 @@ type: howto
# Activating and deactivating users
GitLab administrators can deactivate and activate users.
## Deactivating a user
> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/63921) in GitLab 12.4.
In order to temporarily prevent access by a GitLab user that has no recent activity, administrators can choose to deactivate the user.
In order to temporarily prevent access by a GitLab user that has no recent activity, administrators
can choose to deactivate the user.
Deactivating a user is functionally identical to [blocking a user](blocking_unblocking_users.md), with the following differences:
Deactivating a user is functionally identical to [blocking a user](blocking_unblocking_users.md),
with the following differences:
- It does not prohibit the user from logging back in via the UI.
- Once a deactivated user logs back into the GitLab UI, their account is set to active.
......@@ -19,11 +23,11 @@ A deactivated user:
- Cannot access Git repositories or the API.
- Will not receive any notifications from GitLab.
- Will not be able to use [slash commands](../../../integration/slash_commands.md).
- Will not be able to use [slash commands](../../integration/slash_commands.md).
Personal projects, group and user history of the deactivated user will be left intact.
Personal projects, and group and user history of the deactivated user will be left intact.
A user can be deactivated from the Admin area. To do this:
A user can be deactivated from the Admin Area. To do this:
1. Navigate to **Admin Area > Overview > Users**.
1. Select a user.
......@@ -34,16 +38,16 @@ Please note that for the deactivation option to be visible to an admin, the user
- Must be currently active.
- Should not have any activity in the last 180 days.
Users can also be deactivated using the [GitLab API](../../../api/users.html#deactivate-user).
Users can also be deactivated using the [GitLab API](../../api/users.html#deactivate-user).
NOTE: **Note:**
A deactivated user does not consume a [seat](../../../subscriptions/index.md#managing-subscriptions).
A deactivated user does not consume a [seat](../../subscriptions/index.md#managing-subscriptions).
## Activating a user
> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/63921) in GitLab 12.4.
A deactivated user can be activated from the Admin area.
A deactivated user can be activated from the Admin Area.
To do this:
......@@ -52,10 +56,11 @@ To do this:
1. Select a user.
1. Under the **Account** tab, click **Activate user**.
Users can also be activated using the [GitLab API](../../../api/users.html#activate-user).
Users can also be activated using the [GitLab API](../../api/users.html#activate-user).
NOTE: **Note:**
Activating a user will change the user's state to active and it consumes a [seat](../../../subscriptions/index.md#managing-subscriptions).
Activating a user will change the user's state to active and it consumes a
[seat](../../subscriptions/index.md#managing-subscriptions).
TIP: **Tip:**
A deactivated user can also activate their account by themselves by simply logging back via the UI.
......@@ -4,12 +4,15 @@ type: howto
# Blocking and unblocking users
GitLab administrators block and unblock users.
## Blocking a user
Inorder to completely prevent access of a user to the GitLab instance, admin can choose to block the user.
In order to completely prevent access of a user to the GitLab instance, administrators can choose to
block the user.
Users can be blocked [via an abuse report](../../admin_area/abuse_reports.md#blocking-users),
or directly from the Admin area. To do this:
Users can be blocked [via an abuse report](abuse_reports.md#blocking-users),
or directly from the Admin Area. To do this:
1. Navigate to **Admin Area > Overview > Users**.
1. Select a user.
......@@ -20,25 +23,26 @@ A blocked user:
- Will not be able to login.
- Cannot access Git repositories or the API.
- Will not receive any notifications from GitLab.
- Will not be able to use [slash commands](../../../integration/slash_commands.md).
- Will not be able to use [slash commands](../../integration/slash_commands.md).
Personal projects, group and user history of the blocked user will be left intact.
Personal projects, and group and user history of the blocked user will be left intact.
Users can also be blocked using the [GitLab API](../../../api/users.html#block-user).
Users can also be blocked using the [GitLab API](../../api/users.html#block-user).
NOTE: **Note:**
A blocked user does not consume a [seat](../../../subscriptions/index.md#managing-subscriptions).
A blocked user does not consume a [seat](../../subscriptions/index.md#managing-subscriptions).
## Unblocking a user
A blocked user can be unblocked from the Admin area. To do this:
A blocked user can be unblocked from the Admin Area. To do this:
1. Navigate to **Admin Area > Overview > Users**.
1. Click on the **Blocked** tab.
1. Select a user.
1. Under the **Account** tab, click **Unblock user**.
Users can also be unblocked using the [GitLab API](../../../api/users.html#unblock-user).
Users can also be unblocked using the [GitLab API](../../api/users.html#unblock-user).
NOTE: **Note:**
Unblocking a user will change the user's state to active and it consumes a [seat](../../../subscriptions/index.md#managing-subscriptions).
Unblocking a user will change the user's state to active and it consumes a
[seat](../../subscriptions/index.md#managing-subscriptions).
......@@ -112,8 +112,8 @@ To list users matching a specific criteria, click on one of the following tabs o
- **2FA Enabled**
- **2FA Disabled**
- **External**
- **[Blocked](../profile/account/blocking_unblocking_users.md)**
- **[Deactivated](../profile/account/activating_deactivating_users.md)**
- **[Blocked](blocking_unblocking_users.md)**
- **[Deactivated](activating_deactivating_users.md)**
- **Without projects**
For each user, their username, email address, are listed, also the date their account was
......
......@@ -13,7 +13,7 @@ type: concepts, howto
GitLab provides liveness and readiness probes to indicate service health and
reachability to required services. These probes report on the status of the
database connection, Redis connection, and access to the filesystem. These
endpoints [can be provided to schedulers like Kubernetes][kubernetes] to hold
endpoints [can be provided to schedulers like Kubernetes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) to hold
traffic until the system is ready or restart the container as needed.
## IP whitelist
......@@ -169,4 +169,3 @@ but commented out to help encourage others to add to it in the future. -->
[pingdom]: https://www.pingdom.com
[nagios-health]: https://nagios-plugins.org/doc/man/check_http.html
[newrelic-health]: https://docs.newrelic.com/docs/alerts/alert-policies/downtime-alerts/availability-monitoring
[kubernetes]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
......@@ -59,7 +59,7 @@ The following languages and dependency managers are supported.
| Go ([Golang](https://golang.org/)) | not currently ([issue](https://gitlab.com/gitlab-org/gitlab/issues/7132 "Dependency Scanning for Go")) | not available |
| PHP ([Composer](https://getcomposer.org/)) | yes | [gemnasium](https://gitlab.com/gitlab-org/security-products/gemnasium) |
| Python ([pip](https://pip.pypa.io/en/stable/)) | yes | [gemnasium](https://gitlab.com/gitlab-org/security-products/gemnasium) |
| Python ([Pipfile](https://docs.pipenv.org/en/latest/basics/)) | not currently ([issue](https://gitlab.com/gitlab-org/gitlab/issues/11756 "Pipfile.lock support for Dependency Scanning"))| not available |
| Python ([Pipfile](https://pipenv.kennethreitz.org/en/latest/basics/)) | not currently ([issue](https://gitlab.com/gitlab-org/gitlab/issues/11756 "Pipfile.lock support for Dependency Scanning"))| not available |
| Python ([poetry](https://poetry.eustace.io/)) | not currently ([issue](https://gitlab.com/gitlab-org/gitlab/issues/7006 "Support Poetry in Dependency Scanning")) | not available |
| Ruby ([gem](https://rubygems.org/)) | yes | [gemnasium](https://gitlab.com/gitlab-org/security-products/gemnasium), [bundler-audit](https://github.com/rubysec/bundler-audit) |
......
......@@ -34,8 +34,10 @@ Management projects are restricted to the following:
### Selecting a cluster management project
This will be implemented as part of [this
issue](https://gitlab.com/gitlab-org/gitlab/issues/32810).
You can select a management project for the cluster under **Advanced
settings**.
![Selecting a cluster management project under Advanced settings](img/advanced-settings-cluster-management-project-v12_5.png)
### Configuring your pipeline
......
......@@ -116,7 +116,7 @@ NOTE: **Note:** GitLab is unable to provide support for IdPs that are not listed
| Azure | [Configuring single sign-on to applications](https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications) |
| Auth0 | [Auth0 as Identity Provider](https://auth0.com/docs/protocols/saml/saml-idp-generic) |
| G Suite | [Set up your own custom SAML application](https://support.google.com/a/answer/6087519?hl=en) |
| JumpCloud | [Single Sign On (SSO) with GitLab](https://support.jumpcloud.com/customer/en/portal/articles/2810701-single-sign-on-sso-with-gitlab) |
| JumpCloud | [Single Sign On (SSO) with GitLab](https://support.jumpcloud.com/support/s/article/single-sign-on-sso-with-gitlab-2019-08-21-10-36-47) |
| Okta | [Setting up a SAML application in Okta](https://developer.okta.com/docs/guides/saml-application-setup/overview/) |
| OneLogin | [Use the OneLogin SAML Test Connector](https://onelogin.service-now.com/support?id=kb_article&sys_id=93f95543db109700d5505eea4b96198f) |
| Ping Identity | [Add and configure a new SAML application](https://support.pingidentity.com/s/document-item?bundleId=pingone&topicId=xsh1564020480660-1.html) |
......
......@@ -31,7 +31,7 @@ integration settings.
Keep in mind that you need to have the appropriate permissions for your Slack
team in order to be able to install a new application, read more in Slack's
docs on [Adding an app to your team][slack-docs].
docs on [Adding an app to your team](https://slack.com/help/articles/202035138).
To enable GitLab's service for your Slack team:
......@@ -60,6 +60,5 @@ project, you would do:
/gitlab gitlab-org/gitlab issue show 1001
```
[slack-docs]: https://get.slack.help/hc/en-us/articles/202035138-Adding-apps-to-your-team
[slash commands]: ../../../integration/slash_commands.md
[slack-manual]: slack_slash_commands.md
......@@ -59,7 +59,7 @@ When connecting to **Jira Cloud**, which supports authentication via API token,
> higher is required.
> - GitLab 8.14 introduced a new way to integrate with Jira which greatly simplified
> the configuration options you have to enter. If you are using an older version,
> [follow this documentation][jira-repo-old-docs].
> [follow this documentation](https://gitlab.com/gitlab-org/gitlab/blob/8-13-stable-ee/doc/project_services/jira.md).
> - In order to support Oracle's Access Manager, GitLab will send additional cookies
> to enable Basic Auth. The cookie being added to each request is `OBBasicAuth` with
> a value of `fromDialog`.
......@@ -205,4 +205,3 @@ authenticate with the Jira site. You will need to log in to your Jira instance
and complete the CAPTCHA.
[services-templates]: services_templates.md
[jira-repo-old-docs]: https://gitlab.com/gitlab-org/gitlab/blob/8-13-stable/doc/project_services/jira.md
......@@ -58,7 +58,7 @@ Click on the service links to see further configuration instructions and details
## Push hooks limit
> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/31009) in GitLab 12.4.
> [Introduced](https://gitlab.com/gitlab-org/gitlab/merge_requests/17874) in GitLab 12.4.
If a single push includes changes to more than three branches or tags, services
supported by `push_hooks` and `tag_push_hooks` events won't be executed.
......
......@@ -9,6 +9,14 @@ require_relative '../lib/gitlab/utils'
require_relative '../config/initializers/0_inject_enterprise_edition_module'
module QA
##
# Helper classes to represent frequently used sequences of actions
# (e.g., login)
#
module Flow
autoload :Login, 'qa/flow/login'
end
##
# GitLab QA runtime classes, mostly singletons.
#
......
# frozen_string_literal: true
module QA
module Flow
module Login
module_function
def while_signed_in(as: nil)
Page::Main::Menu.perform(&:sign_out_if_signed_in)
sign_in(as: as)
yield
Page::Main::Menu.perform(&:sign_out)
end
def while_signed_in_as_admin
while_signed_in(as: Runtime::User.admin) do
yield
end
end
def sign_in(as: nil)
Runtime::Browser.visit(:gitlab, Page::Main::Login)
Page::Main::Login.perform { |login| login.sign_in_using_credentials(user: as) }
end
def sign_in_as_admin
sign_in(as: Runtime::User.admin)
end
end
end
end
......@@ -5,6 +5,10 @@ module QA
module User
extend self
def admin
Struct.new(:username, :password).new(admin_username, admin_password)
end
def default_username
'root'
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment