kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2022-10-13 09:37:59 +00:00
parent ae6730843a
commit 61ca90e0b4
133 changed files with 1302 additions and 1855 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.gitlab/ci/review-apps/main.gitlab-ci.yml
View File

@ -101,6 +101,10 @@ review-deploy:
- .review:rules:review-deploy
stage: deploy
needs: ["review-build-cng"]
cache:
key: "review-deploy-dependencies-charts-${GITLAB_HELM_CHART_REF}-v1"
paths:
- "gitlab-${GITLAB_HELM_CHART_REF}"
before_script:
- export GITLAB_SHELL_VERSION=$(<GITLAB_SHELL_VERSION)
- export GITALY_VERSION=$(<GITALY_SERVER_VERSION)
@ -111,7 +115,6 @@ review-deploy:
script:
- check_kube_domain
- download_chart
- date
- deploy || (display_deployment_debug && exit 1)
- verify_deploy || exit 1
- disable_sign_ups || (delete_release && exit 1)

40
app/assets/javascripts/graphql_shared/issuable_client.js
View File

@ -4,15 +4,10 @@ import { concatPagination } from '@apollo/client/utilities';
import getIssueStateQuery from '~/issues/show/queries/get_issue_state.query.graphql';
import createDefaultClient from '~/lib/graphql';
import typeDefs from '~/work_items/graphql/typedefs.graphql';
import workItemQuery from '~/work_items/graphql/work_item.query.graphql';
import { WIDGET_TYPE_LABELS } from '~/work_items/constants';
export const temporaryConfig = {
typeDefs,
cacheConfig: {
possibleTypes: {
LocalWorkItemWidget: ['LocalWorkItemLabels'],
},
typePolicies: {
Project: {
fields: {
@ -23,20 +18,6 @@ export const temporaryConfig = {
},
WorkItem: {
fields: {
mockWidgets: {
read(widgets) {
return (
widgets || [
{
__typename: 'LocalWorkItemLabels',
type: WIDGET_TYPE_LABELS,
allowScopedLabels: true,
nodes: [],
},
]
);
},
},
widgets: {
merge(_, incoming) {
return incoming;
@ -62,27 +43,6 @@ export const resolvers = {
});
cache.writeQuery({ query: getIssueStateQuery, data });
},
localUpdateWorkItem(_, { input }, { cache }) {
const sourceData = cache.readQuery({
query: workItemQuery,
variables: { id: input.id },
});
const data = produce(sourceData, (draftData) => {
if (input.labels) {
const labelsWidget = draftData.workItem.mockWidgets.find(
(widget) => widget.type === WIDGET_TYPE_LABELS,
);
labelsWidget.nodes = [...input.labels];
}
});
cache.writeQuery({
query: workItemQuery,
variables: { id: input.id },
data,
});
},
},
};

3
app/assets/javascripts/vue_shared/components/user_popover/user_popover.vue
View File

@ -141,8 +141,9 @@ export default {
await followUser(this.user.id);
this.$emit('follow');
} catch (error) {
const message = error.response?.data?.message || I18N_ERROR_FOLLOW;
createAlert({
message: I18N_ERROR_FOLLOW,
message,
error,
captureError: true,
});

2
app/assets/javascripts/work_items/components/work_item_detail.vue
View File

@ -177,7 +177,7 @@ export default {
return this.workItem?.widgets?.find((widget) => widget.type === WIDGET_TYPE_ASSIGNEES);
},
workItemLabels() {
return this.workItem?.mockWidgets?.find((widget) => widget.type === WIDGET_TYPE_LABELS);
return this.workItem?.widgets?.find((widget) => widget.type === WIDGET_TYPE_LABELS);
},
workItemDueDate() {
return this.workItem?.widgets?.find(

101
app/assets/javascripts/work_items/components/work_item_labels.vue
View File

@ -1,16 +1,21 @@
<script>
import { GlTokenSelector, GlLabel, GlSkeletonLoader } from '@gitlab/ui';
import { debounce, uniqueId } from 'lodash';
import { debounce, uniqueId, without } from 'lodash';
import { getIdFromGraphQLId } from '~/graphql_shared/utils';
import Tracking from '~/tracking';
import labelSearchQuery from '~/vue_shared/components/sidebar/labels_select_widget/graphql/project_labels.query.graphql';
import LabelItem from '~/vue_shared/components/sidebar/labels_select_widget/label_item.vue';
import { DEFAULT_DEBOUNCE_AND_THROTTLE_MS } from '~/lib/utils/constants';
import { isScopedLabel, scopedLabelKey } from '~/lib/utils/common_utils';
import { isScopedLabel } from '~/lib/utils/common_utils';
import workItemQuery from '../graphql/work_item.query.graphql';
import localUpdateWorkItemMutation from '../graphql/local_update_work_item.mutation.graphql';
import updateWorkItemMutation from '../graphql/update_work_item.mutation.graphql';
import { i18n, TRACKING_CATEGORY_SHOW, WIDGET_TYPE_LABELS } from '../constants';
import {
i18n,
I18N_WORK_ITEM_ERROR_FETCHING_LABELS,
TRACKING_CATEGORY_SHOW,
WIDGET_TYPE_LABELS,
} from '../constants';
function isTokenSelectorElement(el) {
return el?.classList.contains('gl-label-close') || el?.classList.contains('dropdown-item');
@ -52,6 +57,8 @@ export default {
localLabels: [],
searchKey: '',
searchLabels: [],
addLabelIds: [],
removeLabelIds: [],
};
},
apollo: {
@ -74,7 +81,7 @@ export default {
variables() {
return {
fullPath: this.fullPath,
search: this.searchKey,
searchTerm: this.searchKey,
};
},
skip() {
@ -84,7 +91,7 @@ export default {
return data.workspace?.labels?.nodes.map((node) => addClass({ ...node, ...node.label }));
},
error() {
this.$emit('error', i18n.fetchError);
this.$emit('error', I18N_WORK_ITEM_ERROR_FETCHING_LABELS);
},
},
},
@ -100,7 +107,7 @@ export default {
};
},
allowScopedLabels() {
return this.labelsWidget.allowScopedLabels;
return this.labelsWidget?.allowsScopedLabels;
},
containerClass() {
return !this.isEditing ? 'gl-shadow-none!' : '';
@ -109,10 +116,10 @@ export default {
return this.$apollo.queries.searchLabels.loading;
},
labelsWidget() {
return this.workItem?.mockWidgets?.find((widget) => widget.type === WIDGET_TYPE_LABELS);
return this.workItem?.widgets?.find((widget) => widget.type === WIDGET_TYPE_LABELS);
},
labels() {
return this.labelsWidget?.nodes || [];
return this.labelsWidget?.labels?.nodes || [];
},
},
watch: {
@ -131,44 +138,74 @@ export default {
},
removeLabel({ id }) {
this.localLabels = this.localLabels.filter((label) => label.id !== id);
this.removeLabelIds.push(id);
this.setLabels();
},
setLabels(event) {
async setLabels() {
if (this.addLabelIds.length === 0 && this.removeLabelIds.length === 0) return;
this.searchKey = '';
if (isTokenSelectorElement(event.relatedTarget) || !this.isEditing) return;
this.isEditing = false;
this.$apollo
.mutate({
mutation: localUpdateWorkItemMutation,
try {
const {
data: {
workItemUpdate: { errors },
},
} = await this.$apollo.mutate({
mutation: updateWorkItemMutation,
variables: {
input: {
id: this.workItemId,
labels: this.localLabels,
labelsWidget: {
addLabelIds: this.addLabelIds,
removeLabelIds: this.removeLabelIds,
},
},
},
})
.catch((e) => {
this.$emit('error', e);
});
this.track('updated_labels');
if (errors.length > 0) {
this.throwUpdateError();
return;
}
this.addLabelIds = [];
this.removeLabelIds = [];
this.track('updated_labels');
} catch {
this.throwUpdateError();
}
},
throwUpdateError() {
this.$emit('error', i18n.updateError);
// If mutation is rejected, we're rolling back to initial state
this.localLabels = this.labels.map(addClass);
this.addLabelIds = [];
this.removeLabelIds = [];
},
handleBlur(event) {
if (isTokenSelectorElement(event.relatedTarget) || !this.isEditing) return;
this.setLabels();
},
handleFocus() {
this.isEditing = true;
this.searchStarted = true;
},
async focusTokenSelector(labels) {
if (this.allowScopedLabels) {
const newLabel = labels[labels.length - 1];
const existingLabels = labels.slice(0, labels.length - 1);
const labelsToAdd = without(labels, ...this.localLabels).map((label) => label.id);
const labelsToRemove = without(this.localLabels, ...labels).map((label) => label.id);
const newLabelKey = scopedLabelKey(newLabel);
const removeLabelsWithSameScope = existingLabels.filter((label) => {
const sameKey = newLabelKey === scopedLabelKey(label);
return !sameKey;
});
this.localLabels = [...removeLabelsWithSameScope, newLabel];
if (labelsToAdd.length > 0) {
this.addLabelIds.push(...labelsToAdd);
}
if (labelsToRemove.length > 0) {
this.removeLabelIds.push(...labelsToRemove);
}
this.localLabels = labels;
this.handleFocus();
await this.$nextTick();
this.$refs.tokenSelector.focusTextInput();
@ -201,7 +238,7 @@ export default {
>
<gl-token-selector
ref="tokenSelector"
v-model="localLabels"
:selected-tokens="localLabels"
:aria-labelledby="labelsTitleId"
:container-class="containerClass"
:dropdown-items="searchLabels"
@ -212,7 +249,7 @@ export default {
@input="focusTokenSelector"
@text-input="debouncedSearchKeyUpdate"
@focus="handleFocus"
@blur="setLabels"
@blur="handleBlur"
@mouseover.native="handleMouseOver"
@mouseout.native="handleMouseOut"
>

3
app/assets/javascripts/work_items/constants.js
View File

@ -36,6 +36,9 @@ export const i18n = {
),
};
export const I18N_WORK_ITEM_ERROR_FETCHING_LABELS = s__(
'WorkItem|Something went wrong when fetching labels. Please try again.',
);
export const I18N_WORK_ITEM_ERROR_CREATING = s__(
'WorkItem|Something went wrong when creating %{workItemType}. Please try again.',
);

19
app/assets/javascripts/work_items/graphql/typedefs.graphql
View File

@ -1,6 +1,5 @@
enum LocalWidgetType {
ASSIGNEES
LABELS
}
interface LocalWorkItemWidget {
@ -12,16 +11,6 @@ type LocalWorkItemAssignees implements LocalWorkItemWidget {
nodes: [UserCore]
}
type LocalWorkItemLabels implements LocalWorkItemWidget {
type: LocalWidgetType!
allowScopedLabels: Boolean!
nodes: [Label!]
}
extend type WorkItem {
mockWidgets: [LocalWorkItemWidget]
}
input LocalUserInput {
id: ID!
name: String
@ -30,17 +19,9 @@ input LocalUserInput {
avatarUrl: String
}
input LocalLabelInput {
id: ID!
title: String!
color: String
description: String
}
input LocalUpdateWorkItemInput {
id: WorkItemID!
assignees: [LocalUserInput!]
labels: [LocalLabelInput]
}
type LocalWorkItemPayload {

10
app/assets/javascripts/work_items/graphql/work_item.query.graphql
View File

@ -1,17 +1,7 @@
#import "~/graphql_shared/fragments/label.fragment.graphql"
#import "./work_item.fragment.graphql"
query workItem($id: WorkItemID!) {
workItem(id: $id) {
...WorkItem
mockWidgets @client {
... on LocalWorkItemLabels {
type
allowScopedLabels
nodes {
...Label
}
}
}
}
}

11
app/assets/javascripts/work_items/graphql/work_item_widgets.fragment.graphql
View File

@ -1,3 +1,6 @@
#import "~/graphql_shared/fragments/label.fragment.graphql"
#import "~/graphql_shared/fragments/user.fragment.graphql"
fragment WorkItemWidgets on WorkItemWidget {
... on WorkItemWidgetDescription {
type
@ -14,6 +17,14 @@ fragment WorkItemWidgets on WorkItemWidget {
}
}
}
... on WorkItemWidgetLabels {
type
labels {
nodes {
...Label
}
}
}
... on WorkItemWidgetStartAndDueDate {
type
dueDate

3
app/controllers/users_controller.rb
View File

@ -174,8 +174,9 @@ class UsersController < ApplicationController
end
def follow
current_user.follow(user)
followee = current_user.follow(user)
flash[:alert] = followee.errors.full_messages.join(', ') if followee&.errors&.any?
redirect_path = referer_path(request) || @user
redirect_to redirect_path

2
app/models/protected_branch/merge_access_level.rb
View File

@ -2,4 +2,6 @@
class ProtectedBranch::MergeAccessLevel < ApplicationRecord
include ProtectedBranchAccess
# default value for the access_level column
GITLAB_DEFAULT_ACCESS_LEVEL = Gitlab::Access::MAINTAINER
end

2
app/models/protected_branch/push_access_level.rb
View File

@ -2,6 +2,8 @@
class ProtectedBranch::PushAccessLevel < ApplicationRecord
include ProtectedBranchAccess
# default value for the access_level column
GITLAB_DEFAULT_ACCESS_LEVEL = Gitlab::Access::MAINTAINER
belongs_to :deploy_key

3
app/models/user.rb
View File

@ -1648,8 +1648,9 @@ class User < ApplicationRecord
begin
followee = Users::UserFollowUser.create(follower_id: self.id, followee_id: user.id)
self.followees.reset if followee.persisted?
followee
rescue ActiveRecord::RecordNotUnique
false
nil
end
end

15
app/models/users/user_follow_user.rb
View File

@ -1,7 +1,22 @@
# frozen_string_literal: true
module Users
class UserFollowUser < ApplicationRecord
MAX_FOLLOWEE_LIMIT = 300
belongs_to :follower, class_name: 'User'
belongs_to :followee, class_name: 'User'
validate :max_follow_limit
private
def max_follow_limit
followee_count = self.class.where(follower_id: follower_id).limit(MAX_FOLLOWEE_LIMIT).count
return if followee_count < MAX_FOLLOWEE_LIMIT
errors.add(:base, format(
_("You can't follow more than %{limit} users. To follow more users, unfollow some others."),
limit: MAX_FOLLOWEE_LIMIT))
end
end
end

23
app/services/clusters/applications/destroy_service.rb
View File

@ -1,23 +0,0 @@
# frozen_string_literal: true
module Clusters
module Applications
class DestroyService < ::Clusters::Applications::BaseService
def execute(_request)
instantiate_application.tap do |application|
break unless application.can_uninstall?
application.make_scheduled!
Clusters::Applications::UninstallWorker.perform_async(application.name, application.id)
end
end
private
def builder
cluster.public_send(application_class.association_name) # rubocop:disable GitlabSecurity/PublicSend
end
end
end
end

29
app/services/clusters/applications/uninstall_service.rb
View File

@ -1,29 +0,0 @@
# frozen_string_literal: true
module Clusters
module Applications
class UninstallService < BaseHelmService
def execute
return unless app.scheduled?
app.make_uninstalling!
uninstall
end
private
def uninstall
helm_api.uninstall(app.uninstall_command)
Clusters::Applications::WaitForUninstallAppWorker.perform_in(
Clusters::Applications::WaitForUninstallAppWorker::INTERVAL, app.name, app.id)
rescue Kubeclient::HttpError => e
log_error(e)
app.make_errored!("Kubernetes error: #{e.error_code}")
rescue StandardError => e
log_error(e)
app.make_errored!('Failed to uninstall.')
end
end
end
end

1
app/views/projects/settings/access_tokens/index.html.haml
View File

@ -39,6 +39,7 @@
access_levels: ProjectMember.permissible_access_level_roles(current_user, @project),
default_access_level: Gitlab::Access::GUEST,
prefix: :resource_access_token,
description_prefix: :project_access_token,
help_path: help_page_path('user/project/settings/project_access_tokens', anchor: 'scopes-for-a-project-access-token')
= render 'shared/access_tokens/table',

3
app/views/shared/access_tokens/_form.html.haml
View File

@ -1,6 +1,7 @@
- ajax = local_assigns.fetch(:ajax, false)
- title = local_assigns.fetch(:title, _('Add a %{type}') % { type: type })
- prefix = local_assigns.fetch(:prefix, :personal_access_token)
- description_prefix = local_assigns.fetch(:description_prefix, prefix)
- help_path = local_assigns.fetch(:help_path)
- resource = local_assigns.fetch(:resource, false)
- access_levels = local_assigns.fetch(:access_levels, false)
@ -43,7 +44,7 @@
%p.text-secondary#select_scope_help_text
= s_('Tokens|Scopes set the permission levels granted to the token.')
= link_to _("Learn more."), help_path, target: '_blank', rel: 'noopener noreferrer'
= render 'shared/tokens/scopes_form', prefix: prefix, token: token, scopes: scopes, f: f
= render 'shared/tokens/scopes_form', prefix: prefix, description_prefix: description_prefix, token: token, scopes: scopes, f: f
.gl-mt-3
= f.submit _('Create %{type}') % { type: type }, data: { qa_selector: 'create_token_button' }, pajamas_button: true

3
app/views/shared/tokens/_scopes_form.html.haml
View File

@ -1,11 +1,12 @@
- scopes = local_assigns.fetch(:scopes)
- prefix = local_assigns.fetch(:prefix)
- description_prefix = local_assigns.fetch(:description_prefix, prefix)
- token = local_assigns.fetch(:token)
- f = local_assigns.fetch(:f)
%fieldset
- scopes.each do |scope|
- help_text = t scope, scope: scope_description(prefix)
- help_text = t scope, scope: scope_description(description_prefix)
= f.gitlab_ui_checkbox_component :scopes, scope,
help_text: help_text,
checkbox_options: { checked: token.scopes.include?(scope), id: "#{prefix}_scopes_#{scope}", multiple: true, data: { qa_selector: "#{scope}_checkbox" } },

6
app/workers/clusters/applications/uninstall_worker.rb
View File

@ -14,11 +14,7 @@ module Clusters
worker_has_external_dependencies!
loggable_arguments 0
def perform(app_name, app_id)
find_application(app_name, app_id) do |app|
Clusters::Applications::UninstallService.new(app).execute
end
end
def perform(app_name, app_id); end
end
end
end

12
config/locales/doorkeeper.en.yml
View File

@ -98,17 +98,17 @@ en:
Grants read-only access to the user's primary email address using OpenID Connect.
project_access_token_scope_desc:
api:
Grants complete read/write access to the scoped project API.
Grants complete read and write access to the scoped project API, including the Package Registry.
read_api:
Grants read access to the scoped project API.
Grants read access to the scoped project API, including the Package Registry.
read_repository:
Allows read-only access (pull) to the repository.
Grants read access (pull) to the repository.
write_repository:
Allows read-write access (pull, push) to the repository.
Grants read and write access (pull and push) to the repository.
read_registry:
Allows read-access (pull) to container registry images if the project is private and authorization is required.
Grants read access (pull) to the Container Registry images if a project is private and authorization is required.
write_registry:
Allows write-access (push) to container registry.
Grants write access (push) to the Container Registry.
flash:
applications:
create:

2
db/docs/push_rules.yml
View File

@ -3,7 +3,7 @@ table_name: push_rules
classes:
- PushRule
feature_categories:
- compliance_management
- source_code_management
description: TODO
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/commit/1b98b5ab97ce3e9997df542059cbf3c6ce0bf0e1
milestone: '8.10'

17
db/migrate/20221011162637_add_partial_index_project_incident_management_settings_on_project_id_and_sla_timer.rb Normal file
View File

@ -0,0 +1,17 @@
# frozen_string_literal: true
class AddPartialIndexProjectIncidentManagementSettingsOnProjectIdAndSlaTimer < Gitlab::Database::Migration[2.0]
disable_ddl_transaction!
INDEX_NAME = 'index_project_incident_management_settings_on_p_id_sla_timer'
def up
add_concurrent_index :project_incident_management_settings, :project_id,
name: INDEX_NAME,
where: 'sla_timer = TRUE'
end
def down
remove_concurrent_index_by_name :project_incident_management_settings, name: INDEX_NAME
end
end

1
db/schema_migrations/20221011162637 Normal file
View File

@ -0,0 +1 @@
b39261356f0ca89d543f680e1b28f3e3bdf468b02d6f8ea21c6ea1a1af91420c

2
db/structure.sql
View File

@ -29933,6 +29933,8 @@ CREATE INDEX index_project_group_links_on_project_id ON project_group_links USIN
CREATE INDEX index_project_import_data_on_project_id ON project_import_data USING btree (project_id);
CREATE INDEX index_project_incident_management_settings_on_p_id_sla_timer ON project_incident_management_settings USING btree (project_id) WHERE (sla_timer = true);
CREATE INDEX index_project_members_on_id_temp ON members USING btree (id) WHERE ((source_type)::text = 'Project'::text);
CREATE INDEX index_project_mirror_data_on_last_successful_update_at ON project_mirror_data USING btree (last_successful_update_at);

2
doc/administration/system_hooks.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
type: reference

2
doc/api/api_resources.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/api/graphql/getting_started.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/api/graphql/index.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/api/graphql/removed_items.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/api/index.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/api/integrations.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/api/openapi/openapi_interactive.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

78
doc/api/saml.md Normal file
View File

@ -0,0 +1,78 @@
---
stage: Manage
group: Authentication and Authorization
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---
# SAML API **(PREMIUM SAAS)**
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/227841) in GitLab 15.5.
API for accessing SAML features.
## Get SAML identities for a group
```plaintext
GET /groups/:id/saml/identities
```
Fetch SAML identities for a group.
Supported attributes:
| Attribute | Type | Required | Description |
|:------------------|:--------|:---------|:----------------------|
| `id` | integer | Yes | Group ID for the group to return SAML identities. |
If successful, returns [`200`](index.md#status-codes) and the following
response attributes:
| Attribute | Type | Description |
| ------------ | ------ | ------------------------- |
| `extern_uid` | string | External UID for the user |
| `user_id` | string | ID for the user |
Example request:
```shell
curl --location --request GET "https://gdk.test:3443/api/v4/groups/33/saml/identities" \
--header "<PRIVATE-TOKEN>" \
--form "extern_uid=<ID_TO_BE_UPDATED>" \
```
Example response:
```json
[
{
"extern_uid": "4",
"user_id": 48
}
]
```
## Update `extern_uid` field for a SAML identity
Update `extern_uid` field for a SAML identity. Field that can be updated are:
| SAML IdP attribute | GitLab field |
| ------------------ | ------------ |
| `id/externalId` | `extern_uid` |
```plaintext
PATCH groups/:groups_id/saml/:uid
```
Parameters:
| Attribute | Type | Required | Description |
| --------- | ------ | -------- | ------------------------- |
| `uid` | string | yes | External UID of the user. |
Example request:
```shell
curl --location --request PATCH "https://gdk.test:3443/api/v4/groups/33/saml/sydney_jones" \
--header "<PRIVATE TOKEN>" \
--form "extern_uid=sydney_jones_new" \
```

243
doc/api/scim.md
View File

@ -4,251 +4,80 @@ stage: Manage
group: Authentication and Authorization
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---
# SCIM API **(PREMIUM SAAS)**
# SCIM API (SYSTEM ONLY) **(PREMIUM SAAS)**
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/9388) in GitLab 11.10.
The SCIM API implements the [RFC7644 protocol](https://www.rfc-editor.org/rfc/rfc7644). As this API is for
**system** use for SCIM provider integration, it is subject to change without notice.
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/98354) in GitLab 15.5.
To use this API, [Group SSO](../user/group/saml_sso/index.md) must be enabled for the group.
This API is only in use where [SCIM for Group SSO](../user/group/saml_sso/scim_setup.md) is enabled. It's a prerequisite to the creation of SCIM identities.
## Get a list of SCIM provisioned users
Not to be confused with the [internal SCIM API](../development/internal_api/index.md#scim-api).
This endpoint is used as part of the SCIM syncing mechanism. It only returns
a single user based on a unique ID which should match the `extern_uid` of the user.
## Get SCIM identities for a group
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/227841) in GitLab 15.5.
```plaintext
GET /api/scim/v2/groups/:group_path/Users
GET /groups/:id/scim/identities
```
Parameters:
Supported attributes:
| Attribute | Type | Required | Description |
|:----------|:--------|:---------|:----------------------------------------------------------------------------------------------------------------------------------------|
| `filter` | string | no | A [filter](#available-filters) expression. |
| `group_path` | string | yes | Full path to the group. |
| `startIndex` | integer | no | The 1-based index indicating where to start returning results from. A value of less than one will be interpreted as 1. |
| `count` | integer | no | Desired maximum number of query results. |
| Attribute | Type | Required | Description |
|:------------------|:--------|:---------|:----------------------|
| `id` | integer | Yes | Return SAML identities for the given group ID. |
NOTE:
Pagination follows the [SCIM spec](https://www.rfc-editor.org/rfc/rfc7644#section-3.4.2.4) rather than GitLab pagination as used elsewhere. If records change between requests it is possible for a page to either be missing records that have moved to a different page or repeat records from a previous request.
If successful, returns [`200`](index.md#status-codes) and the following
response attributes:
Example request:
```shell
curl "https://gitlab.example.com/api/scim/v2/groups/test_group/Users?filter=id%20eq%20%220b1d561c-21ff-4092-beab-8154b17f82f2%22" \
--header "Authorization: Bearer <your_scim_token>" \
--header "Content-Type: application/scim+json"
```
| Attribute | Type | Description |
| ------------ | ------ | ------------------------- |
| `extern_uid` | string | External UID for the user |
| `user_id` | string | ID for the user |
Example response:
```json
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 1,
"itemsPerPage": 20,
"startIndex": 1,
"Resources": [
[
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"id": "0b1d561c-21ff-4092-beab-8154b17f82f2",
"active": true,
"name.formatted": "Test User",
"userName": "username",
"meta": { "resourceType":"User" },
"emails": [
{
"type": "work",
"value": "name@example.com",
"primary": true
}
]
"extern_uid": "4",
"user_id": 48
}
]
}
]
```
## Get a single SCIM provisioned user
```plaintext
GET /api/scim/v2/groups/:group_path/Users/:id
```
Parameters:
| Attribute | Type | Required | Description |
|:----------|:--------|:---------|:----------------------------------------------------------------------------------------------------------------------------------------|
| `id` | string | yes | External UID of the user. |
| `group_path` | string | yes | Full path to the group. |
Example request:
```shell
curl "https://gitlab.example.com/api/scim/v2/groups/test_group/Users/f0b1d561c-21ff-4092-beab-8154b17f82f2" \
--header "Authorization: Bearer <your_scim_token>" --header "Content-Type: application/scim+json"
curl --location --request GET "https://gdk.test:3443/api/v4/groups/33/scim/identities" \
--header "<PRIVATE-TOKEN>" \
--form "extern_uid=<ID_TO_BE_UPDATED>" \
```
Example response:
## Update extern_uid field for a SCIM identity
```json
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"id": "0b1d561c-21ff-4092-beab-8154b17f82f2",
"active": true,
"name.formatted": "Test User",
"userName": "username",
"meta": { "resourceType":"User" },
"emails": [
{
"type": "work",
"value": "name@example.com",
"primary": true
}
]
}
```
## Create a SCIM provisioned user
```plaintext
POST /api/scim/v2/groups/:group_path/Users/
```
Parameters:
| Attribute | Type | Required | Description |
|:---------------|:----------|:----|:--------------------------|
| `externalId` | string | yes | External UID of the user. |
| `userName` | string | yes | Username of the user. |
| `emails` | JSON string | yes | Work email. |
| `name` | JSON string | yes | Name of the user. |
| `meta` | string | no | Resource type (`User`). |
Example request:
```shell
curl --verbose --request POST "https://gitlab.example.com/api/scim/v2/groups/test_group/Users" \
--data '{"externalId":"test_uid","active":null,"userName":"username","emails":[{"primary":true,"type":"work","value":"name@example.com"}],"name":{"formatted":"Test User","familyName":"User","givenName":"Test"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:User"],"meta":{"resourceType":"User"}}' \
--header "Authorization: Bearer <your_scim_token>" --header "Content-Type: application/scim+json"
```
Example response:
```json
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"id": "0b1d561c-21ff-4092-beab-8154b17f82f2",
"active": true,
"name.formatted": "Test User",
"userName": "username",
"meta": { "resourceType":"User" },
"emails": [
{
"type": "work",
"value": "name@example.com",
"primary": true
}
]
}
```
Returns a `201` status code if successful.
## Update a single SCIM provisioned user
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/227841) in GitLab 15.5.
Fields that can be updated are:
| SCIM/IdP field | GitLab field |
|:---------------------------------|:-----------------------------------------------------------------------------|
| `id/externalId` | `extern_uid` |
| `name.formatted` | `name` ([Removed](https://gitlab.com/gitlab-org/gitlab/-/issues/363058)) |
| `emails\[type eq "work"\].value` | `email` ([Removed](https://gitlab.com/gitlab-org/gitlab/-/issues/363058)) |
| `active` | Identity removal if `active` = `false` |
| `userName` | `username` ([Removed](https://gitlab.com/gitlab-org/gitlab/-/issues/363058)) |
| SCIM/IdP field | GitLab field |
| --------------- | ------------ |
| `id/externalId` | `extern_uid` |
```plaintext
PATCH /api/scim/v2/groups/:group_path/Users/:id
PATCH groups/:groups_id/scim/:uid
```
Parameters:
| Attribute | Type | Required | Description |
|:----------|:--------|:---------|:----------------------------------------------------------------------------------------------------------------------------------------|
| `id` | string | yes | External UID of the user. |
| `group_path` | string | yes | Full path to the group. |
| `Operations` | JSON string | yes | An [operations](#available-operations) expression. |
| Attribute | Type | Required | Description |
| --------- | ------ | -------- | ------------------------- |
| `uid` | string | yes | External UID of the user. |
Example request:
```shell
curl --verbose --request PATCH "https://gitlab.example.com/api/scim/v2/groups/test_group/Users/f0b1d561c-21ff-4092-beab-8154b17f82f2" \
--data '{ "Operations": [{"op":"Add","path":"name.formatted","value":"New Name"}] }' \
--header "Authorization: Bearer <your_scim_token>" --header "Content-Type: application/scim+json"
```
Returns an empty response with a `204` status code if successful.
## Remove a single SCIM provisioned user
Removes the user's SSO identity and group membership.
```plaintext
DELETE /api/scim/v2/groups/:group_path/Users/:id
```
Parameters:
| Attribute | Type | Required | Description |
|:----------|:--------|:---------|:----------------------------------------------------------------------------------------------------------------------------------------|
| `id` | string | yes | External UID of the user. |
| `group_path` | string | yes | Full path to the group. |
Example request:
```shell
curl --verbose --request DELETE "https://gitlab.example.com/api/scim/v2/groups/test_group/Users/f0b1d561c-21ff-4092-beab-8154b17f82f2" \
--header "Authorization: Bearer <your_scim_token>" --header "Content-Type: application/scim+json"
```
Returns an empty response with a `204` status code if successful.
## Available filters
They match an expression as specified in [the RFC7644 filtering section](https://www.rfc-editor.org/rfc/rfc7644#section-3.4.2.2).
| Filter | Description |
| ----- | ----------- |
| `eq` | The attribute matches exactly the specified value. |
Example:
```plaintext
id eq a-b-c-d
```
## Available operations
They perform an operation as specified in [the RFC7644 update section](https://www.rfc-editor.org/rfc/rfc7644#section-3.5.2).
| Operator | Description |
| ----- | ----------- |
| `Replace` | The attribute's value is updated. |
| `Add` | The attribute has a new value. |
Example:
```json
{ "op": "Add", "path": "name.formatted", "value": "New Name" }
curl --location --request PATCH "https://gdk.test:3443/api/v4/groups/33/scim/sydney_jones" \
--header "<PRIVATE TOKEN>" \
--form "extern_uid=sydney_jones_new" \
```

2
doc/api/system_hooks.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/development/fe_guide/view_component.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Foundations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/development/graphql_guide/graphql_pro.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/development/graphql_guide/index.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/development/graphql_guide/monitoring.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/development/graphql_guide/pagination.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/development/integrations/index.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
description: "GitLab's development guidelines for Integrations"

2
doc/development/integrations/jenkins.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/development/integrations/jira_connect.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

250
doc/development/internal_api/index.md
View File

@ -965,3 +965,253 @@ Example response:
### Known consumers
- CustomersDot
## SCIM API **(PREMIUM SAAS)**
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/9388) in GitLab 11.10.
The SCIM API implements the [RFC7644 protocol](https://www.rfc-editor.org/rfc/rfc7644). As this API is for
**system** use for SCIM provider integration, it is subject to change without notice.
To use this API, [Group SSO](../../user/group/saml_sso/index.md) must be enabled for the group.
This API is only in use where [SCIM for Group SSO](../../user/group/saml_sso/scim_setup.md) is enabled. It's a prerequisite to the creation of SCIM identities.
Not to be confused with the [main SCIM API](../../api/scim.md).
### Get a list of SCIM provisioned users
This endpoint is used as part of the SCIM syncing mechanism. It only returns
a single user based on a unique ID which should match the `extern_uid` of the user.
```plaintext
GET /api/scim/v2/groups/:group_path/Users
```
Parameters:
| Attribute | Type | Required | Description |
|:----------|:--------|:---------|:----------------------------------------------------------------------------------------------------------------------------------------|
| `filter` | string | no | A [filter](#available-filters) expression. |
| `group_path` | string | yes | Full path to the group. |
| `startIndex` | integer | no | The 1-based index indicating where to start returning results from. A value of less than one will be interpreted as 1. |
| `count` | integer | no | Desired maximum number of query results. |
NOTE:
Pagination follows the [SCIM spec](https://www.rfc-editor.org/rfc/rfc7644#section-3.4.2.4) rather than GitLab pagination as used elsewhere. If records change between requests it is possible for a page to either be missing records that have moved to a different page or repeat records from a previous request.
Example request:
```shell
curl "https://gitlab.example.com/api/scim/v2/groups/test_group/Users?filter=id%20eq%20%220b1d561c-21ff-4092-beab-8154b17f82f2%22" \
--header "Authorization: Bearer <your_scim_token>" \
--header "Content-Type: application/scim+json"
```
Example response:
```json
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 1,
"itemsPerPage": 20,
"startIndex": 1,
"Resources": [
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"id": "0b1d561c-21ff-4092-beab-8154b17f82f2",
"active": true,
"name.formatted": "Test User",
"userName": "username",
"meta": { "resourceType":"User" },
"emails": [
{
"type": "work",
"value": "name@example.com",
"primary": true
}
]
}
]
}
```
### Get a single SCIM provisioned user
```plaintext
GET /api/scim/v2/groups/:group_path/Users/:id
```
Parameters:
| Attribute | Type | Required | Description |
|:----------|:--------|:---------|:----------------------------------------------------------------------------------------------------------------------------------------|
| `id` | string | yes | External UID of the user. |
| `group_path` | string | yes | Full path to the group. |
Example request:
```shell
curl "https://gitlab.example.com/api/scim/v2/groups/test_group/Users/f0b1d561c-21ff-4092-beab-8154b17f82f2" \
--header "Authorization: Bearer <your_scim_token>" --header "Content-Type: application/scim+json"
```
Example response:
```json
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"id": "0b1d561c-21ff-4092-beab-8154b17f82f2",
"active": true,
"name.formatted": "Test User",
"userName": "username",
"meta": { "resourceType":"User" },
"emails": [
{
"type": "work",
"value": "name@example.com",
"primary": true
}
]
}
```
### Create a SCIM provisioned user
```plaintext
POST /api/scim/v2/groups/:group_path/Users/
```
Parameters:
| Attribute | Type | Required | Description |
|:---------------|:----------|:----|:--------------------------|
| `externalId` | string | yes | External UID of the user. |
| `userName` | string | yes | Username of the user. |
| `emails` | JSON string | yes | Work email. |
| `name` | JSON string | yes | Name of the user. |
| `meta` | string | no | Resource type (`User`). |
Example request:
```shell
curl --verbose --request POST "https://gitlab.example.com/api/scim/v2/groups/test_group/Users" \
--data '{"externalId":"test_uid","active":null,"userName":"username","emails":[{"primary":true,"type":"work","value":"name@example.com"}],"name":{"formatted":"Test User","familyName":"User","givenName":"Test"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:User"],"meta":{"resourceType":"User"}}' \
--header "Authorization: Bearer <your_scim_token>" --header "Content-Type: application/scim+json"
```
Example response:
```json
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"id": "0b1d561c-21ff-4092-beab-8154b17f82f2",
"active": true,
"name.formatted": "Test User",
"userName": "username",
"meta": { "resourceType":"User" },
"emails": [
{
"type": "work",
"value": "name@example.com",
"primary": true
}
]
}
```
Returns a `201` status code if successful.
### Update a single SCIM provisioned user
Fields that can be updated are:
| SCIM/IdP field | GitLab field |
|:---------------------------------|:-----------------------------------------------------------------------------|
| `id/externalId` | `extern_uid` |
| `name.formatted` | `name` ([Removed](https://gitlab.com/gitlab-org/gitlab/-/issues/363058)) |
| `emails\[type eq "work"\].value` | `email` ([Removed](https://gitlab.com/gitlab-org/gitlab/-/issues/363058)) |
| `active` | Identity removal if `active` = `false` |
| `userName` | `username` ([Removed](https://gitlab.com/gitlab-org/gitlab/-/issues/363058)) |
```plaintext
PATCH /api/scim/v2/groups/:group_path/Users/:id
```
Parameters:
| Attribute | Type | Required | Description |
|:----------|:--------|:---------|:----------------------------------------------------------------------------------------------------------------------------------------|
| `id` | string | yes | External UID of the user. |
| `group_path` | string | yes | Full path to the group. |
| `Operations` | JSON string | yes | An [operations](#available-operations) expression. |
Example request:
```shell
curl --verbose --request PATCH "https://gitlab.example.com/api/scim/v2/groups/test_group/Users/f0b1d561c-21ff-4092-beab-8154b17f82f2" \
--data '{ "Operations": [{"op":"Add","path":"name.formatted","value":"New Name"}] }' \
--header "Authorization: Bearer <your_scim_token>" --header "Content-Type: application/scim+json"
```
Returns an empty response with a `204` status code if successful.
### Remove a single SCIM provisioned user
Removes the user's SSO identity and group membership.
```plaintext
DELETE /api/scim/v2/groups/:group_path/Users/:id
```
Parameters:
| Attribute | Type | Required | Description |
| ------------ | ------ | -------- | ------------------------- |
| `id` | string | yes | External UID of the user. |
| `group_path` | string | yes | Full path to the group. |
Example request:
```shell
curl --verbose --request DELETE "https://gitlab.example.com/api/scim/v2/groups/test_group/Users/f0b1d561c-21ff-4092-beab-8154b17f82f2" \
--header "Authorization: Bearer <your_scim_token>" --header "Content-Type: application/scim+json"
```
Returns an empty response with a `204` status code if successful.
### Available filters
They match an expression as specified in [the RFC7644 filtering section](https://www.rfc-editor.org/rfc/rfc7644#section-3.4.2.2).
| Filter | Description |
| ----- | ----------- |
| `eq` | The attribute matches exactly the specified value. |
Example:
```plaintext
id eq a-b-c-d
```
### Available operations
They perform an operation as specified in [the RFC7644 update section](https://www.rfc-editor.org/rfc/rfc7644#section-3.5.2).
| Operator | Description |
| ----- | ----------- |
| `Replace` | The attribute's value is updated. |
| `Add` | The attribute has a new value. |
Example:
```json
{ "op": "Add", "path": "name.formatted", "value": "New Name" }
```

2
doc/integration/datadog.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/integration/external-issue-tracker.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/integration/gmail_action_buttons_for_gitlab.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/integration/index.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
comments: false

2
doc/integration/jenkins.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/integration/jenkins_deprecated.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
remove_date: '2022-10-29'

2
doc/integration/jira/configure.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/integration/jira/connect-app.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/integration/jira/development_panel.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/integration/jira/dvcs.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/integration/jira/index.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/integration/jira/issues.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/integration/jira/jira_cloud_configuration.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/integration/jira/jira_server_configuration.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/integration/slash_commands.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/integration/trello_power_up.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/subscriptions/self_managed/index.md
View File

@ -261,7 +261,7 @@ It also displays the following information:
## Export your license usage
> Introduced in GitLab 14.6.
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/66826) in GitLab 14.2.
If you are an administrator, you can export your license usage into a CSV:

2
doc/user/admin_area/settings/project_integration_management.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

4
doc/user/group/saml_sso/scim_setup.md
View File

@ -15,7 +15,7 @@ GitLab SAML SSO SCIM doesn't support updating users.
When SCIM is enabled for a GitLab group, membership of that group is synchronized between GitLab and an identity provider.
The GitLab [SCIM API](../../../api/scim.md) implements part of [the RFC7644 protocol](https://www.rfc-editor.org/rfc/rfc7644).
The [internal GitLab SCIM API](../../../development/internal_api/index.md#scim-api) implements part of [the RFC7644 protocol](https://www.rfc-editor.org/rfc/rfc7644).
## Configure GitLab
@ -121,7 +121,7 @@ attributes and modify them accordingly. In particular, the `objectId` source att
target attribute.
If a mapping is not listed in the table, use the Azure Active Directory defaults. For a list of required attributes,
refer to the [SCIM API documentation](../../../api/scim.md).
refer to the [internal SCIM API](../../../development/internal_api/index.md#scim-api) documentation.
### Configure Okta

10
doc/user/group/saml_sso/troubleshooting_scim.md
View File

@ -34,7 +34,7 @@ Administrators can use the Admin Area to [list SCIM identities for a user](../..
Group owners can see the list of users and the `externalId` stored for each user in the group SAML SSO Settings page.
A possible alternative is to use the [SCIM API](../../../api/scim.md#get-a-list-of-scim-provisioned-users) to manually retrieve the `externalId` we have stored for users, also called the `external_uid` or `NameId`.
A possible alternative is to use the [SCIM API](../../../api/scim.md) to manually retrieve the `externalId` we have stored for users, also called the `external_uid` or `NameId`.
To see how the `external_uid` compares to the value returned as the SAML NameId, you can have the user use a [SAML Tracer](troubleshooting.md#saml-debugging-tools).
@ -53,7 +53,7 @@ you can address the problem in the following ways:
- You can have users unlink and relink themselves, based on the ["SAML authentication failed: User has already been taken"](troubleshooting.md#message-saml-authentication-failed-user-has-already-been-taken) section.
- You can unlink all users simultaneously, by removing all users from the SAML app while provisioning is turned on.
- It may be possible to use the [SCIM API](../../../api/scim.md#update-a-single-scim-provisioned-user) to manually correct the `externalId` stored for users to match the SAML `NameId`.
- Use the [SCIM API](../../../api/scim.md) to manually correct the `externalId` stored for users to match the SAML `NameId`.
To look up a user, you need to know the desired value that matches the `NameId` as well as the current `externalId`.
It is important not to update these to incorrect values, since this causes users to be unable to sign in. It is also important not to assign a value to the wrong user, as this causes users to get signed into the wrong account.
@ -71,11 +71,13 @@ Changing the SAML or SCIM configuration or provider can cause the following prob
| Problem | Solution |
| ------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| SAML and SCIM identity mismatch. | First [verify that the user's SAML NameId matches the SCIM externalId](#how-do-i-verify-users-saml-nameid-matches-the-scim-externalid) and then [update or fix the mismatched SCIM externalId and SAML NameId](#update-or-fix-mismatched-scim-externalid-and-saml-nameid). |
| SCIM identity mismatch between GitLab and the identity provider SCIM app. | You can confirm whether you're hitting the error because of your SCIM identity mismatch between your SCIM app and GitLab.com by using [SCIM API](../../../api/scim.md#update-a-single-scim-provisioned-user) which shows up in the `id` key and compares it with the user `externalId` in the SCIM app. You can use the same [SCIM API](../../../api/scim.md#update-a-single-scim-provisioned-user) to update the SCIM `id` for the user on GitLab.com. |
| SCIM identity mismatch between GitLab and the identity provider SCIM app. | You can confirm whether you're hitting the error because of your SCIM identity mismatch between your SCIM app and GitLab.com by using the [SCIM API](../../../api/scim.md) which shows up in the `id` key and compares it with the user `externalId` in the SCIM app. You can use the same [SCIM API](../../../api/scim.md) to update the SCIM `id` for the user on GitLab.com. |
## Search Rails logs for SCIM requests
GitLab.com administrators can search for SCIM requests in the `api_json.log` using the `pubsub-rails-inf-gprd-*` index in [Kibana](https://about.gitlab.com/handbook/support/workflows/kibana.html#using-kibana). Use the following filters based on the [SCIM API](../../../api/scim.md):
GitLab.com administrators can search for SCIM requests in the `api_json.log` using the `pubsub-rails-inf-gprd-*` index in
[Kibana](https://about.gitlab.com/handbook/support/workflows/kibana.html#using-kibana). Use the following filters based on the internal
[SCIM API](../../../development/internal_api/index.md#scim-api):
- `json.path`: `/scim/v2/groups/<group-path>`
- `json.params.value`: `<externalId>`

8
doc/user/group/settings/group_access_tokens.md
View File

@ -140,10 +140,10 @@ The scope determines the actions you can perform when you authenticate with a gr
|:-------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `api` | Grants complete read and write access to the scoped group and related project API, including the [Package Registry](../../packages/package_registry/index.md). |
| `read_api` | Grants read access to the scoped group and related project API, including the [Package Registry](../../packages/package_registry/index.md). |
| `read_registry` | Allows read access (pull) to the [Container Registry](../../packages/container_registry/index.md) images if any project within a group is private and authorization is required. |
| `write_registry` | Allows write access (push) to the [Container Registry](../../packages/container_registry/index.md). |
| `read_repository` | Allows read access (pull) to all repositories within a group. |
| `write_repository` | Allows read and write access (pull and push) to all repositories within a group. |
| `read_registry` | Grants read access (pull) to the [Container Registry](../../packages/container_registry/index.md) images if any project within a group is private and authorization is required. |
| `write_registry` | Grants write access (push) to the [Container Registry](../../packages/container_registry/index.md). |
| `read_repository` | Grants read access (pull) to all repositories within a group. |
| `write_repository` | Grants read and write access (pull and push) to all repositories within a group. |
## Enable or disable group access token creation

3
doc/user/profile/index.md
View File

@ -317,6 +317,9 @@ GitLab tracks user contribution activity. You can follow or unfollow other users
- The small popover that appears when you hover over a user's name ([introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/76050)
in GitLab 15.0).
In [GitLab 15.5 and later](https://gitlab.com/gitlab-org/gitlab/-/issues/360755),
the maximum number of users you can follow is 300.
To view a user's activity in a top-level Activity view:
1. From a user's profile, select **Follow**.

16
doc/user/profile/personal_access_tokens.md
View File

@ -105,14 +105,14 @@ A personal access token can perform actions based on the assigned scopes.
| Scope | Access |
|--------------------|--------|
| `api` | Read-write for the complete API, including all groups and projects, the Container Registry, and the Package Registry. |
| `read_user` | Read-only for endpoints under `/users`. Essentially, access to any of the `GET` requests in the [Users API](../../api/users.md). |
| `read_api` | Read-only for the complete API, including all groups and projects, the Container Registry, and the Package Registry. ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/28944) in GitLab 12.10.) |
| `read_repository` | Read-only (pull) for the repository through `git clone`. |
| `write_repository` | Read-write (pull, push) for the repository through `git clone`. |
| `read_registry` | Read-only (pull) for [Container Registry](../packages/container_registry/index.md) images if a project is private and authorization is required. Available only when the Container Registry is enabled. |
| `write_registry` | Read-write (push) for [Container Registry](../packages/container_registry/index.md) images if a project is private and authorization is required. Available only when the Container Registry is enabled. ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/28958) in GitLab 12.10.) |
| `sudo` | API actions as any user in the system (if the authenticated user is an administrator). |
| `api` | Grants complete read/write access to the API, including all groups and projects, the container registry, and the package registry. |
| `read_user` | Grants read-only access to the authenticated user's profile through the `/user` API endpoint, which includes username, public email, and full name. Also grants access to read-only API endpoints under [`/users`](../../api/users.md). |
| `read_api` | Grants read access to the API, including all groups and projects, the container registry, and the package registry. ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/28944) in GitLab 12.10.) |
| `read_repository` | Grants read-only access to repositories on private projects using Git-over-HTTP or the Repository Files API. |
| `write_repository` | Grants read-write access to repositories on private projects using Git-over-HTTP (not using the API). |
| `read_registry` | Grants read-only (pull) access to a [Container Registry](../packages/container_registry/index.md) images if a project is private and authorization is required. Available only when the Container Registry is enabled. |
| `write_registry` | Grants read-write (push) access to a [Container Registry](../packages/container_registry/index.md) images if a project is private and authorization is required. Available only when the Container Registry is enabled. ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/28958) in GitLab 12.10.) |
| `sudo` | Grants permission to perform API actions as any user in the system, when authenticated as an administrator. |
## When personal access tokens expire

10
doc/user/project/deploy_tokens/index.md
View File

@ -68,11 +68,11 @@ following table along with GitLab version it was introduced in:
| Scope | Description | Introduced in GitLab Version |
|--------------------------|-------------|------------------------------|
| `read_repository` | Allows read-access to the repository through `git clone` | -- |
| `read_registry` | Allows read-access to [container registry](../../packages/container_registry/index.md) images if a project is private and authorization is required. | -- |
| `write_registry` | Allows write-access (push) to [container registry](../../packages/container_registry/index.md). | 12.10 |
| `read_package_registry` | Allows read access to the package registry. | 13.0 |
| `write_package_registry` | Allows write access to the package registry. | 13.0 |
| `read_repository` | Grants read-access to the repository through `git clone` | -- |
| `read_registry` | Grants read-access to [container registry](../../packages/container_registry/index.md) images if a project is private and authorization is required. | -- |
| `write_registry` | Grants write-access (push) to [container registry](../../packages/container_registry/index.md). | 12.10 |
| `read_package_registry` | Grants read access to the package registry. | 13.0 |
| `write_package_registry` | Grants write access to the package registry. | 13.0 |
## Deploy token custom username

2
doc/user/project/import/github.md
View File

@ -204,7 +204,7 @@ defaults to the default project visibility.
Supported GitHub branch protection rules are mapped to GitLab branch protection rules or project-wide GitLab settings when they are imported:
- GitHub rule **Require conversation resolution before merging** for the project's default branch is mapped to the [**All threads must be resolved** GitLab setting](../../discussions/index.md#prevent-merge-unless-all-threads-are-resolved). [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/371110) in GitLab 15.5.
- Support for GitHub rule **Require a pull request before merging** is proposed in issue [370951](https://gitlab.com/gitlab-org/gitlab/-/issues/370951).
- GitHub rule **Require a pull request before merging** is mapped to the **No one** option in the **Allowed to push** list of the branch protection rule. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/370951) in GitLab 15.5.
- GitHub rule **Require signed commits** for the project's default branch is mapped to the **Reject unsigned commits** GitLab setting. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/370949) in GitLab 15.5.
- Support for GitHub rule **Require status checks to pass before merging** was proposed in issue [370948](https://gitlab.com/gitlab-org/gitlab/-/issues/370948). However, this rule cannot be translated during project import into GitLab due to technical difficulties.
You can still create [status checks](../merge_requests/status_checks.md) in GitLab yourself.

2
doc/user/project/integrations/asana.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/user/project/integrations/bamboo.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/user/project/integrations/bugzilla.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/user/project/integrations/custom_issue_tracker.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/user/project/integrations/discord_notifications.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/user/project/integrations/emails_on_push.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/user/project/integrations/ewm.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/user/project/integrations/github.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/user/project/integrations/gitlab_slack_application.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/user/project/integrations/hangouts_chat.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/user/project/integrations/harbor.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/user/project/integrations/index.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/user/project/integrations/irker.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/user/project/integrations/mattermost.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/user/project/integrations/mattermost_slash_commands.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/user/project/integrations/microsoft_teams.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/user/project/integrations/mock_ci.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/user/project/integrations/pipeline_status_emails.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/user/project/integrations/pivotal_tracker.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/user/project/integrations/pumble.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/user/project/integrations/redmine.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/user/project/integrations/servicenow.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/user/project/integrations/shimo.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/user/project/integrations/slack.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/user/project/integrations/slack_slash_commands.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/user/project/integrations/unify_circuit.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/user/project/integrations/webex_teams.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/user/project/integrations/webhook_events.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/user/project/integrations/webhooks.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

2
doc/user/project/integrations/youtrack.md
View File

@ -1,5 +1,5 @@
---
stage: Ecosystem
stage: Manage
group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

Some files were not shown because too many files have changed in this diff Show More