Add latest changes from gitlab-org/gitlab@master
This commit is contained in:
parent
ae6730843a
commit
61ca90e0b4
|
@ -101,6 +101,10 @@ review-deploy:
|
|||
- .review:rules:review-deploy
|
||||
stage: deploy
|
||||
needs: ["review-build-cng"]
|
||||
cache:
|
||||
key: "review-deploy-dependencies-charts-${GITLAB_HELM_CHART_REF}-v1"
|
||||
paths:
|
||||
- "gitlab-${GITLAB_HELM_CHART_REF}"
|
||||
before_script:
|
||||
- export GITLAB_SHELL_VERSION=$(<GITLAB_SHELL_VERSION)
|
||||
- export GITALY_VERSION=$(<GITALY_SERVER_VERSION)
|
||||
|
@ -111,7 +115,6 @@ review-deploy:
|
|||
script:
|
||||
- check_kube_domain
|
||||
- download_chart
|
||||
- date
|
||||
- deploy || (display_deployment_debug && exit 1)
|
||||
- verify_deploy || exit 1
|
||||
- disable_sign_ups || (delete_release && exit 1)
|
||||
|
|
|
@ -4,15 +4,10 @@ import { concatPagination } from '@apollo/client/utilities';
|
|||
import getIssueStateQuery from '~/issues/show/queries/get_issue_state.query.graphql';
|
||||
import createDefaultClient from '~/lib/graphql';
|
||||
import typeDefs from '~/work_items/graphql/typedefs.graphql';
|
||||
import workItemQuery from '~/work_items/graphql/work_item.query.graphql';
|
||||
import { WIDGET_TYPE_LABELS } from '~/work_items/constants';
|
||||
|
||||
export const temporaryConfig = {
|
||||
typeDefs,
|
||||
cacheConfig: {
|
||||
possibleTypes: {
|
||||
LocalWorkItemWidget: ['LocalWorkItemLabels'],
|
||||
},
|
||||
typePolicies: {
|
||||
Project: {
|
||||
fields: {
|
||||
|
@ -23,20 +18,6 @@ export const temporaryConfig = {
|
|||
},
|
||||
WorkItem: {
|
||||
fields: {
|
||||
mockWidgets: {
|
||||
read(widgets) {
|
||||
return (
|
||||
widgets || [
|
||||
{
|
||||
__typename: 'LocalWorkItemLabels',
|
||||
type: WIDGET_TYPE_LABELS,
|
||||
allowScopedLabels: true,
|
||||
nodes: [],
|
||||
},
|
||||
]
|
||||
);
|
||||
},
|
||||
},
|
||||
widgets: {
|
||||
merge(_, incoming) {
|
||||
return incoming;
|
||||
|
@ -62,27 +43,6 @@ export const resolvers = {
|
|||
});
|
||||
cache.writeQuery({ query: getIssueStateQuery, data });
|
||||
},
|
||||
localUpdateWorkItem(_, { input }, { cache }) {
|
||||
const sourceData = cache.readQuery({
|
||||
query: workItemQuery,
|
||||
variables: { id: input.id },
|
||||
});
|
||||
|
||||
const data = produce(sourceData, (draftData) => {
|
||||
if (input.labels) {
|
||||
const labelsWidget = draftData.workItem.mockWidgets.find(
|
||||
(widget) => widget.type === WIDGET_TYPE_LABELS,
|
||||
);
|
||||
labelsWidget.nodes = [...input.labels];
|
||||
}
|
||||
});
|
||||
|
||||
cache.writeQuery({
|
||||
query: workItemQuery,
|
||||
variables: { id: input.id },
|
||||
data,
|
||||
});
|
||||
},
|
||||
},
|
||||
};
|
||||
|
||||
|
|
|
@ -141,8 +141,9 @@ export default {
|
|||
await followUser(this.user.id);
|
||||
this.$emit('follow');
|
||||
} catch (error) {
|
||||
const message = error.response?.data?.message || I18N_ERROR_FOLLOW;
|
||||
createAlert({
|
||||
message: I18N_ERROR_FOLLOW,
|
||||
message,
|
||||
error,
|
||||
captureError: true,
|
||||
});
|
||||
|
|
|
@ -177,7 +177,7 @@ export default {
|
|||
return this.workItem?.widgets?.find((widget) => widget.type === WIDGET_TYPE_ASSIGNEES);
|
||||
},
|
||||
workItemLabels() {
|
||||
return this.workItem?.mockWidgets?.find((widget) => widget.type === WIDGET_TYPE_LABELS);
|
||||
return this.workItem?.widgets?.find((widget) => widget.type === WIDGET_TYPE_LABELS);
|
||||
},
|
||||
workItemDueDate() {
|
||||
return this.workItem?.widgets?.find(
|
||||
|
|
|
@ -1,16 +1,21 @@
|
|||
<script>
|
||||
import { GlTokenSelector, GlLabel, GlSkeletonLoader } from '@gitlab/ui';
|
||||
import { debounce, uniqueId } from 'lodash';
|
||||
import { debounce, uniqueId, without } from 'lodash';
|
||||
import { getIdFromGraphQLId } from '~/graphql_shared/utils';
|
||||
import Tracking from '~/tracking';
|
||||
import labelSearchQuery from '~/vue_shared/components/sidebar/labels_select_widget/graphql/project_labels.query.graphql';
|
||||
import LabelItem from '~/vue_shared/components/sidebar/labels_select_widget/label_item.vue';
|
||||
import { DEFAULT_DEBOUNCE_AND_THROTTLE_MS } from '~/lib/utils/constants';
|
||||
import { isScopedLabel, scopedLabelKey } from '~/lib/utils/common_utils';
|
||||
import { isScopedLabel } from '~/lib/utils/common_utils';
|
||||
import workItemQuery from '../graphql/work_item.query.graphql';
|
||||
import localUpdateWorkItemMutation from '../graphql/local_update_work_item.mutation.graphql';
|
||||
import updateWorkItemMutation from '../graphql/update_work_item.mutation.graphql';
|
||||
|
||||
import { i18n, TRACKING_CATEGORY_SHOW, WIDGET_TYPE_LABELS } from '../constants';
|
||||
import {
|
||||
i18n,
|
||||
I18N_WORK_ITEM_ERROR_FETCHING_LABELS,
|
||||
TRACKING_CATEGORY_SHOW,
|
||||
WIDGET_TYPE_LABELS,
|
||||
} from '../constants';
|
||||
|
||||
function isTokenSelectorElement(el) {
|
||||
return el?.classList.contains('gl-label-close') || el?.classList.contains('dropdown-item');
|
||||
|
@ -52,6 +57,8 @@ export default {
|
|||
localLabels: [],
|
||||
searchKey: '',
|
||||
searchLabels: [],
|
||||
addLabelIds: [],
|
||||
removeLabelIds: [],
|
||||
};
|
||||
},
|
||||
apollo: {
|
||||
|
@ -74,7 +81,7 @@ export default {
|
|||
variables() {
|
||||
return {
|
||||
fullPath: this.fullPath,
|
||||
search: this.searchKey,
|
||||
searchTerm: this.searchKey,
|
||||
};
|
||||
},
|
||||
skip() {
|
||||
|
@ -84,7 +91,7 @@ export default {
|
|||
return data.workspace?.labels?.nodes.map((node) => addClass({ ...node, ...node.label }));
|
||||
},
|
||||
error() {
|
||||
this.$emit('error', i18n.fetchError);
|
||||
this.$emit('error', I18N_WORK_ITEM_ERROR_FETCHING_LABELS);
|
||||
},
|
||||
},
|
||||
},
|
||||
|
@ -100,7 +107,7 @@ export default {
|
|||
};
|
||||
},
|
||||
allowScopedLabels() {
|
||||
return this.labelsWidget.allowScopedLabels;
|
||||
return this.labelsWidget?.allowsScopedLabels;
|
||||
},
|
||||
containerClass() {
|
||||
return !this.isEditing ? 'gl-shadow-none!' : '';
|
||||
|
@ -109,10 +116,10 @@ export default {
|
|||
return this.$apollo.queries.searchLabels.loading;
|
||||
},
|
||||
labelsWidget() {
|
||||
return this.workItem?.mockWidgets?.find((widget) => widget.type === WIDGET_TYPE_LABELS);
|
||||
return this.workItem?.widgets?.find((widget) => widget.type === WIDGET_TYPE_LABELS);
|
||||
},
|
||||
labels() {
|
||||
return this.labelsWidget?.nodes || [];
|
||||
return this.labelsWidget?.labels?.nodes || [];
|
||||
},
|
||||
},
|
||||
watch: {
|
||||
|
@ -131,44 +138,74 @@ export default {
|
|||
},
|
||||
removeLabel({ id }) {
|
||||
this.localLabels = this.localLabels.filter((label) => label.id !== id);
|
||||
this.removeLabelIds.push(id);
|
||||
this.setLabels();
|
||||
},
|
||||
setLabels(event) {
|
||||
async setLabels() {
|
||||
if (this.addLabelIds.length === 0 && this.removeLabelIds.length === 0) return;
|
||||
|
||||
this.searchKey = '';
|
||||
if (isTokenSelectorElement(event.relatedTarget) || !this.isEditing) return;
|
||||
this.isEditing = false;
|
||||
this.$apollo
|
||||
.mutate({
|
||||
mutation: localUpdateWorkItemMutation,
|
||||
try {
|
||||
const {
|
||||
data: {
|
||||
workItemUpdate: { errors },
|
||||
},
|
||||
} = await this.$apollo.mutate({
|
||||
mutation: updateWorkItemMutation,
|
||||
variables: {
|
||||
input: {
|
||||
id: this.workItemId,
|
||||
labels: this.localLabels,
|
||||
labelsWidget: {
|
||||
addLabelIds: this.addLabelIds,
|
||||
removeLabelIds: this.removeLabelIds,
|
||||
},
|
||||
},
|
||||
},
|
||||
})
|
||||
.catch((e) => {
|
||||
this.$emit('error', e);
|
||||
});
|
||||
this.track('updated_labels');
|
||||
|
||||
if (errors.length > 0) {
|
||||
this.throwUpdateError();
|
||||
return;
|
||||
}
|
||||
|
||||
this.addLabelIds = [];
|
||||
this.removeLabelIds = [];
|
||||
|
||||
this.track('updated_labels');
|
||||
} catch {
|
||||
this.throwUpdateError();
|
||||
}
|
||||
},
|
||||
throwUpdateError() {
|
||||
this.$emit('error', i18n.updateError);
|
||||
// If mutation is rejected, we're rolling back to initial state
|
||||
this.localLabels = this.labels.map(addClass);
|
||||
this.addLabelIds = [];
|
||||
this.removeLabelIds = [];
|
||||
},
|
||||
handleBlur(event) {
|
||||
if (isTokenSelectorElement(event.relatedTarget) || !this.isEditing) return;
|
||||
this.setLabels();
|
||||
},
|
||||
handleFocus() {
|
||||
this.isEditing = true;
|
||||
this.searchStarted = true;
|
||||
},
|
||||
async focusTokenSelector(labels) {
|
||||
if (this.allowScopedLabels) {
|
||||
const newLabel = labels[labels.length - 1];
|
||||
const existingLabels = labels.slice(0, labels.length - 1);
|
||||
const labelsToAdd = without(labels, ...this.localLabels).map((label) => label.id);
|
||||
const labelsToRemove = without(this.localLabels, ...labels).map((label) => label.id);
|
||||
|
||||
const newLabelKey = scopedLabelKey(newLabel);
|
||||
|
||||
const removeLabelsWithSameScope = existingLabels.filter((label) => {
|
||||
const sameKey = newLabelKey === scopedLabelKey(label);
|
||||
return !sameKey;
|
||||
});
|
||||
|
||||
this.localLabels = [...removeLabelsWithSameScope, newLabel];
|
||||
if (labelsToAdd.length > 0) {
|
||||
this.addLabelIds.push(...labelsToAdd);
|
||||
}
|
||||
|
||||
if (labelsToRemove.length > 0) {
|
||||
this.removeLabelIds.push(...labelsToRemove);
|
||||
}
|
||||
|
||||
this.localLabels = labels;
|
||||
|
||||
this.handleFocus();
|
||||
await this.$nextTick();
|
||||
this.$refs.tokenSelector.focusTextInput();
|
||||
|
@ -201,7 +238,7 @@ export default {
|
|||
>
|
||||
<gl-token-selector
|
||||
ref="tokenSelector"
|
||||
v-model="localLabels"
|
||||
:selected-tokens="localLabels"
|
||||
:aria-labelledby="labelsTitleId"
|
||||
:container-class="containerClass"
|
||||
:dropdown-items="searchLabels"
|
||||
|
@ -212,7 +249,7 @@ export default {
|
|||
@input="focusTokenSelector"
|
||||
@text-input="debouncedSearchKeyUpdate"
|
||||
@focus="handleFocus"
|
||||
@blur="setLabels"
|
||||
@blur="handleBlur"
|
||||
@mouseover.native="handleMouseOver"
|
||||
@mouseout.native="handleMouseOut"
|
||||
>
|
||||
|
|
|
@ -36,6 +36,9 @@ export const i18n = {
|
|||
),
|
||||
};
|
||||
|
||||
export const I18N_WORK_ITEM_ERROR_FETCHING_LABELS = s__(
|
||||
'WorkItem|Something went wrong when fetching labels. Please try again.',
|
||||
);
|
||||
export const I18N_WORK_ITEM_ERROR_CREATING = s__(
|
||||
'WorkItem|Something went wrong when creating %{workItemType}. Please try again.',
|
||||
);
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
enum LocalWidgetType {
|
||||
ASSIGNEES
|
||||
LABELS
|
||||
}
|
||||
|
||||
interface LocalWorkItemWidget {
|
||||
|
@ -12,16 +11,6 @@ type LocalWorkItemAssignees implements LocalWorkItemWidget {
|
|||
nodes: [UserCore]
|
||||
}
|
||||
|
||||
type LocalWorkItemLabels implements LocalWorkItemWidget {
|
||||
type: LocalWidgetType!
|
||||
allowScopedLabels: Boolean!
|
||||
nodes: [Label!]
|
||||
}
|
||||
|
||||
extend type WorkItem {
|
||||
mockWidgets: [LocalWorkItemWidget]
|
||||
}
|
||||
|
||||
input LocalUserInput {
|
||||
id: ID!
|
||||
name: String
|
||||
|
@ -30,17 +19,9 @@ input LocalUserInput {
|
|||
avatarUrl: String
|
||||
}
|
||||
|
||||
input LocalLabelInput {
|
||||
id: ID!
|
||||
title: String!
|
||||
color: String
|
||||
description: String
|
||||
}
|
||||
|
||||
input LocalUpdateWorkItemInput {
|
||||
id: WorkItemID!
|
||||
assignees: [LocalUserInput!]
|
||||
labels: [LocalLabelInput]
|
||||
}
|
||||
|
||||
type LocalWorkItemPayload {
|
||||
|
|
|
@ -1,17 +1,7 @@
|
|||
#import "~/graphql_shared/fragments/label.fragment.graphql"
|
||||
#import "./work_item.fragment.graphql"
|
||||
|
||||
query workItem($id: WorkItemID!) {
|
||||
workItem(id: $id) {
|
||||
...WorkItem
|
||||
mockWidgets @client {
|
||||
... on LocalWorkItemLabels {
|
||||
type
|
||||
allowScopedLabels
|
||||
nodes {
|
||||
...Label
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
#import "~/graphql_shared/fragments/label.fragment.graphql"
|
||||
#import "~/graphql_shared/fragments/user.fragment.graphql"
|
||||
|
||||
fragment WorkItemWidgets on WorkItemWidget {
|
||||
... on WorkItemWidgetDescription {
|
||||
type
|
||||
|
@ -14,6 +17,14 @@ fragment WorkItemWidgets on WorkItemWidget {
|
|||
}
|
||||
}
|
||||
}
|
||||
... on WorkItemWidgetLabels {
|
||||
type
|
||||
labels {
|
||||
nodes {
|
||||
...Label
|
||||
}
|
||||
}
|
||||
}
|
||||
... on WorkItemWidgetStartAndDueDate {
|
||||
type
|
||||
dueDate
|
||||
|
|
|
@ -174,8 +174,9 @@ class UsersController < ApplicationController
|
|||
end
|
||||
|
||||
def follow
|
||||
current_user.follow(user)
|
||||
followee = current_user.follow(user)
|
||||
|
||||
flash[:alert] = followee.errors.full_messages.join(', ') if followee&.errors&.any?
|
||||
redirect_path = referer_path(request) || @user
|
||||
|
||||
redirect_to redirect_path
|
||||
|
|
|
@ -2,4 +2,6 @@
|
|||
|
||||
class ProtectedBranch::MergeAccessLevel < ApplicationRecord
|
||||
include ProtectedBranchAccess
|
||||
# default value for the access_level column
|
||||
GITLAB_DEFAULT_ACCESS_LEVEL = Gitlab::Access::MAINTAINER
|
||||
end
|
||||
|
|
|
@ -2,6 +2,8 @@
|
|||
|
||||
class ProtectedBranch::PushAccessLevel < ApplicationRecord
|
||||
include ProtectedBranchAccess
|
||||
# default value for the access_level column
|
||||
GITLAB_DEFAULT_ACCESS_LEVEL = Gitlab::Access::MAINTAINER
|
||||
|
||||
belongs_to :deploy_key
|
||||
|
||||
|
|
|
@ -1648,8 +1648,9 @@ class User < ApplicationRecord
|
|||
begin
|
||||
followee = Users::UserFollowUser.create(follower_id: self.id, followee_id: user.id)
|
||||
self.followees.reset if followee.persisted?
|
||||
followee
|
||||
rescue ActiveRecord::RecordNotUnique
|
||||
false
|
||||
nil
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -1,7 +1,22 @@
|
|||
# frozen_string_literal: true
|
||||
module Users
|
||||
class UserFollowUser < ApplicationRecord
|
||||
MAX_FOLLOWEE_LIMIT = 300
|
||||
|
||||
belongs_to :follower, class_name: 'User'
|
||||
belongs_to :followee, class_name: 'User'
|
||||
|
||||
validate :max_follow_limit
|
||||
|
||||
private
|
||||
|
||||
def max_follow_limit
|
||||
followee_count = self.class.where(follower_id: follower_id).limit(MAX_FOLLOWEE_LIMIT).count
|
||||
return if followee_count < MAX_FOLLOWEE_LIMIT
|
||||
|
||||
errors.add(:base, format(
|
||||
_("You can't follow more than %{limit} users. To follow more users, unfollow some others."),
|
||||
limit: MAX_FOLLOWEE_LIMIT))
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,23 +0,0 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
module Clusters
|
||||
module Applications
|
||||
class DestroyService < ::Clusters::Applications::BaseService
|
||||
def execute(_request)
|
||||
instantiate_application.tap do |application|
|
||||
break unless application.can_uninstall?
|
||||
|
||||
application.make_scheduled!
|
||||
|
||||
Clusters::Applications::UninstallWorker.perform_async(application.name, application.id)
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def builder
|
||||
cluster.public_send(application_class.association_name) # rubocop:disable GitlabSecurity/PublicSend
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -1,29 +0,0 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
module Clusters
|
||||
module Applications
|
||||
class UninstallService < BaseHelmService
|
||||
def execute
|
||||
return unless app.scheduled?
|
||||
|
||||
app.make_uninstalling!
|
||||
uninstall
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def uninstall
|
||||
helm_api.uninstall(app.uninstall_command)
|
||||
|
||||
Clusters::Applications::WaitForUninstallAppWorker.perform_in(
|
||||
Clusters::Applications::WaitForUninstallAppWorker::INTERVAL, app.name, app.id)
|
||||
rescue Kubeclient::HttpError => e
|
||||
log_error(e)
|
||||
app.make_errored!("Kubernetes error: #{e.error_code}")
|
||||
rescue StandardError => e
|
||||
log_error(e)
|
||||
app.make_errored!('Failed to uninstall.')
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -39,6 +39,7 @@
|
|||
access_levels: ProjectMember.permissible_access_level_roles(current_user, @project),
|
||||
default_access_level: Gitlab::Access::GUEST,
|
||||
prefix: :resource_access_token,
|
||||
description_prefix: :project_access_token,
|
||||
help_path: help_page_path('user/project/settings/project_access_tokens', anchor: 'scopes-for-a-project-access-token')
|
||||
|
||||
= render 'shared/access_tokens/table',
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
- ajax = local_assigns.fetch(:ajax, false)
|
||||
- title = local_assigns.fetch(:title, _('Add a %{type}') % { type: type })
|
||||
- prefix = local_assigns.fetch(:prefix, :personal_access_token)
|
||||
- description_prefix = local_assigns.fetch(:description_prefix, prefix)
|
||||
- help_path = local_assigns.fetch(:help_path)
|
||||
- resource = local_assigns.fetch(:resource, false)
|
||||
- access_levels = local_assigns.fetch(:access_levels, false)
|
||||
|
@ -43,7 +44,7 @@
|
|||
%p.text-secondary#select_scope_help_text
|
||||
= s_('Tokens|Scopes set the permission levels granted to the token.')
|
||||
= link_to _("Learn more."), help_path, target: '_blank', rel: 'noopener noreferrer'
|
||||
= render 'shared/tokens/scopes_form', prefix: prefix, token: token, scopes: scopes, f: f
|
||||
= render 'shared/tokens/scopes_form', prefix: prefix, description_prefix: description_prefix, token: token, scopes: scopes, f: f
|
||||
|
||||
.gl-mt-3
|
||||
= f.submit _('Create %{type}') % { type: type }, data: { qa_selector: 'create_token_button' }, pajamas_button: true
|
||||
|
|
|
@ -1,11 +1,12 @@
|
|||
- scopes = local_assigns.fetch(:scopes)
|
||||
- prefix = local_assigns.fetch(:prefix)
|
||||
- description_prefix = local_assigns.fetch(:description_prefix, prefix)
|
||||
- token = local_assigns.fetch(:token)
|
||||
- f = local_assigns.fetch(:f)
|
||||
|
||||
%fieldset
|
||||
- scopes.each do |scope|
|
||||
- help_text = t scope, scope: scope_description(prefix)
|
||||
- help_text = t scope, scope: scope_description(description_prefix)
|
||||
= f.gitlab_ui_checkbox_component :scopes, scope,
|
||||
help_text: help_text,
|
||||
checkbox_options: { checked: token.scopes.include?(scope), id: "#{prefix}_scopes_#{scope}", multiple: true, data: { qa_selector: "#{scope}_checkbox" } },
|
||||
|
|
|
@ -14,11 +14,7 @@ module Clusters
|
|||
worker_has_external_dependencies!
|
||||
loggable_arguments 0
|
||||
|
||||
def perform(app_name, app_id)
|
||||
find_application(app_name, app_id) do |app|
|
||||
Clusters::Applications::UninstallService.new(app).execute
|
||||
end
|
||||
end
|
||||
def perform(app_name, app_id); end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -98,17 +98,17 @@ en:
|
|||
Grants read-only access to the user's primary email address using OpenID Connect.
|
||||
project_access_token_scope_desc:
|
||||
api:
|
||||
Grants complete read/write access to the scoped project API.
|
||||
Grants complete read and write access to the scoped project API, including the Package Registry.
|
||||
read_api:
|
||||
Grants read access to the scoped project API.
|
||||
Grants read access to the scoped project API, including the Package Registry.
|
||||
read_repository:
|
||||
Allows read-only access (pull) to the repository.
|
||||
Grants read access (pull) to the repository.
|
||||
write_repository:
|
||||
Allows read-write access (pull, push) to the repository.
|
||||
Grants read and write access (pull and push) to the repository.
|
||||
read_registry:
|
||||
Allows read-access (pull) to container registry images if the project is private and authorization is required.
|
||||
Grants read access (pull) to the Container Registry images if a project is private and authorization is required.
|
||||
write_registry:
|
||||
Allows write-access (push) to container registry.
|
||||
Grants write access (push) to the Container Registry.
|
||||
flash:
|
||||
applications:
|
||||
create:
|
||||
|
|
|
@ -3,7 +3,7 @@ table_name: push_rules
|
|||
classes:
|
||||
- PushRule
|
||||
feature_categories:
|
||||
- compliance_management
|
||||
- source_code_management
|
||||
description: TODO
|
||||
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/commit/1b98b5ab97ce3e9997df542059cbf3c6ce0bf0e1
|
||||
milestone: '8.10'
|
||||
|
|
|
@ -0,0 +1,17 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
class AddPartialIndexProjectIncidentManagementSettingsOnProjectIdAndSlaTimer < Gitlab::Database::Migration[2.0]
|
||||
disable_ddl_transaction!
|
||||
|
||||
INDEX_NAME = 'index_project_incident_management_settings_on_p_id_sla_timer'
|
||||
|
||||
def up
|
||||
add_concurrent_index :project_incident_management_settings, :project_id,
|
||||
name: INDEX_NAME,
|
||||
where: 'sla_timer = TRUE'
|
||||
end
|
||||
|
||||
def down
|
||||
remove_concurrent_index_by_name :project_incident_management_settings, name: INDEX_NAME
|
||||
end
|
||||
end
|
|
@ -0,0 +1 @@
|
|||
b39261356f0ca89d543f680e1b28f3e3bdf468b02d6f8ea21c6ea1a1af91420c
|
|
@ -29933,6 +29933,8 @@ CREATE INDEX index_project_group_links_on_project_id ON project_group_links USIN
|
|||
|
||||
CREATE INDEX index_project_import_data_on_project_id ON project_import_data USING btree (project_id);
|
||||
|
||||
CREATE INDEX index_project_incident_management_settings_on_p_id_sla_timer ON project_incident_management_settings USING btree (project_id) WHERE (sla_timer = true);
|
||||
|
||||
CREATE INDEX index_project_members_on_id_temp ON members USING btree (id) WHERE ((source_type)::text = 'Project'::text);
|
||||
|
||||
CREATE INDEX index_project_mirror_data_on_last_successful_update_at ON project_mirror_data USING btree (last_successful_update_at);
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
type: reference
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -0,0 +1,78 @@
|
|||
---
|
||||
stage: Manage
|
||||
group: Authentication and Authorization
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
||||
# SAML API **(PREMIUM SAAS)**
|
||||
|
||||
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/227841) in GitLab 15.5.
|
||||
|
||||
API for accessing SAML features.
|
||||
|
||||
## Get SAML identities for a group
|
||||
|
||||
```plaintext
|
||||
GET /groups/:id/saml/identities
|
||||
```
|
||||
|
||||
Fetch SAML identities for a group.
|
||||
|
||||
Supported attributes:
|
||||
|
||||
| Attribute | Type | Required | Description |
|
||||
|:------------------|:--------|:---------|:----------------------|
|
||||
| `id` | integer | Yes | Group ID for the group to return SAML identities. |
|
||||
|
||||
If successful, returns [`200`](index.md#status-codes) and the following
|
||||
response attributes:
|
||||
|
||||
| Attribute | Type | Description |
|
||||
| ------------ | ------ | ------------------------- |
|
||||
| `extern_uid` | string | External UID for the user |
|
||||
| `user_id` | string | ID for the user |
|
||||
|
||||
Example request:
|
||||
|
||||
```shell
|
||||
curl --location --request GET "https://gdk.test:3443/api/v4/groups/33/saml/identities" \
|
||||
--header "<PRIVATE-TOKEN>" \
|
||||
--form "extern_uid=<ID_TO_BE_UPDATED>" \
|
||||
```
|
||||
|
||||
Example response:
|
||||
|
||||
```json
|
||||
[
|
||||
{
|
||||
"extern_uid": "4",
|
||||
"user_id": 48
|
||||
}
|
||||
]
|
||||
```
|
||||
|
||||
## Update `extern_uid` field for a SAML identity
|
||||
|
||||
Update `extern_uid` field for a SAML identity. Field that can be updated are:
|
||||
|
||||
| SAML IdP attribute | GitLab field |
|
||||
| ------------------ | ------------ |
|
||||
| `id/externalId` | `extern_uid` |
|
||||
|
||||
```plaintext
|
||||
PATCH groups/:groups_id/saml/:uid
|
||||
```
|
||||
|
||||
Parameters:
|
||||
|
||||
| Attribute | Type | Required | Description |
|
||||
| --------- | ------ | -------- | ------------------------- |
|
||||
| `uid` | string | yes | External UID of the user. |
|
||||
|
||||
Example request:
|
||||
|
||||
```shell
|
||||
curl --location --request PATCH "https://gdk.test:3443/api/v4/groups/33/saml/sydney_jones" \
|
||||
--header "<PRIVATE TOKEN>" \
|
||||
--form "extern_uid=sydney_jones_new" \
|
||||
```
|
243
doc/api/scim.md
243
doc/api/scim.md
|
@ -4,251 +4,80 @@ stage: Manage
|
|||
group: Authentication and Authorization
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
# SCIM API **(PREMIUM SAAS)**
|
||||
|
||||
# SCIM API (SYSTEM ONLY) **(PREMIUM SAAS)**
|
||||
|
||||
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/9388) in GitLab 11.10.
|
||||
|
||||
The SCIM API implements the [RFC7644 protocol](https://www.rfc-editor.org/rfc/rfc7644). As this API is for
|
||||
**system** use for SCIM provider integration, it is subject to change without notice.
|
||||
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/98354) in GitLab 15.5.
|
||||
|
||||
To use this API, [Group SSO](../user/group/saml_sso/index.md) must be enabled for the group.
|
||||
This API is only in use where [SCIM for Group SSO](../user/group/saml_sso/scim_setup.md) is enabled. It's a prerequisite to the creation of SCIM identities.
|
||||
|
||||
## Get a list of SCIM provisioned users
|
||||
Not to be confused with the [internal SCIM API](../development/internal_api/index.md#scim-api).
|
||||
|
||||
This endpoint is used as part of the SCIM syncing mechanism. It only returns
|
||||
a single user based on a unique ID which should match the `extern_uid` of the user.
|
||||
## Get SCIM identities for a group
|
||||
|
||||
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/227841) in GitLab 15.5.
|
||||
|
||||
```plaintext
|
||||
GET /api/scim/v2/groups/:group_path/Users
|
||||
GET /groups/:id/scim/identities
|
||||
```
|
||||
|
||||
Parameters:
|
||||
Supported attributes:
|
||||
|
||||
| Attribute | Type | Required | Description |
|
||||
|:----------|:--------|:---------|:----------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| `filter` | string | no | A [filter](#available-filters) expression. |
|
||||
| `group_path` | string | yes | Full path to the group. |
|
||||
| `startIndex` | integer | no | The 1-based index indicating where to start returning results from. A value of less than one will be interpreted as 1. |
|
||||
| `count` | integer | no | Desired maximum number of query results. |
|
||||
| Attribute | Type | Required | Description |
|
||||
|:------------------|:--------|:---------|:----------------------|
|
||||
| `id` | integer | Yes | Return SAML identities for the given group ID. |
|
||||
|
||||
NOTE:
|
||||
Pagination follows the [SCIM spec](https://www.rfc-editor.org/rfc/rfc7644#section-3.4.2.4) rather than GitLab pagination as used elsewhere. If records change between requests it is possible for a page to either be missing records that have moved to a different page or repeat records from a previous request.
|
||||
If successful, returns [`200`](index.md#status-codes) and the following
|
||||
response attributes:
|
||||
|
||||
Example request:
|
||||
|
||||
```shell
|
||||
curl "https://gitlab.example.com/api/scim/v2/groups/test_group/Users?filter=id%20eq%20%220b1d561c-21ff-4092-beab-8154b17f82f2%22" \
|
||||
--header "Authorization: Bearer <your_scim_token>" \
|
||||
--header "Content-Type: application/scim+json"
|
||||
```
|
||||
| Attribute | Type | Description |
|
||||
| ------------ | ------ | ------------------------- |
|
||||
| `extern_uid` | string | External UID for the user |
|
||||
| `user_id` | string | ID for the user |
|
||||
|
||||
Example response:
|
||||
|
||||
```json
|
||||
{
|
||||
"schemas": [
|
||||
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
|
||||
],
|
||||
"totalResults": 1,
|
||||
"itemsPerPage": 20,
|
||||
"startIndex": 1,
|
||||
"Resources": [
|
||||
[
|
||||
{
|
||||
"schemas": [
|
||||
"urn:ietf:params:scim:schemas:core:2.0:User"
|
||||
],
|
||||
"id": "0b1d561c-21ff-4092-beab-8154b17f82f2",
|
||||
"active": true,
|
||||
"name.formatted": "Test User",
|
||||
"userName": "username",
|
||||
"meta": { "resourceType":"User" },
|
||||
"emails": [
|
||||
{
|
||||
"type": "work",
|
||||
"value": "name@example.com",
|
||||
"primary": true
|
||||
}
|
||||
]
|
||||
"extern_uid": "4",
|
||||
"user_id": 48
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
```
|
||||
|
||||
## Get a single SCIM provisioned user
|
||||
|
||||
```plaintext
|
||||
GET /api/scim/v2/groups/:group_path/Users/:id
|
||||
```
|
||||
|
||||
Parameters:
|
||||
|
||||
| Attribute | Type | Required | Description |
|
||||
|:----------|:--------|:---------|:----------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| `id` | string | yes | External UID of the user. |
|
||||
| `group_path` | string | yes | Full path to the group. |
|
||||
|
||||
Example request:
|
||||
|
||||
```shell
|
||||
curl "https://gitlab.example.com/api/scim/v2/groups/test_group/Users/f0b1d561c-21ff-4092-beab-8154b17f82f2" \
|
||||
--header "Authorization: Bearer <your_scim_token>" --header "Content-Type: application/scim+json"
|
||||
curl --location --request GET "https://gdk.test:3443/api/v4/groups/33/scim/identities" \
|
||||
--header "<PRIVATE-TOKEN>" \
|
||||
--form "extern_uid=<ID_TO_BE_UPDATED>" \
|
||||
```
|
||||
|
||||
Example response:
|
||||
## Update extern_uid field for a SCIM identity
|
||||
|
||||
```json
|
||||
{
|
||||
"schemas": [
|
||||
"urn:ietf:params:scim:schemas:core:2.0:User"
|
||||
],
|
||||
"id": "0b1d561c-21ff-4092-beab-8154b17f82f2",
|
||||
"active": true,
|
||||
"name.formatted": "Test User",
|
||||
"userName": "username",
|
||||
"meta": { "resourceType":"User" },
|
||||
"emails": [
|
||||
{
|
||||
"type": "work",
|
||||
"value": "name@example.com",
|
||||
"primary": true
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
## Create a SCIM provisioned user
|
||||
|
||||
```plaintext
|
||||
POST /api/scim/v2/groups/:group_path/Users/
|
||||
```
|
||||
|
||||
Parameters:
|
||||
|
||||
| Attribute | Type | Required | Description |
|
||||
|:---------------|:----------|:----|:--------------------------|
|
||||
| `externalId` | string | yes | External UID of the user. |
|
||||
| `userName` | string | yes | Username of the user. |
|
||||
| `emails` | JSON string | yes | Work email. |
|
||||
| `name` | JSON string | yes | Name of the user. |
|
||||
| `meta` | string | no | Resource type (`User`). |
|
||||
|
||||
Example request:
|
||||
|
||||
```shell
|
||||
curl --verbose --request POST "https://gitlab.example.com/api/scim/v2/groups/test_group/Users" \
|
||||
--data '{"externalId":"test_uid","active":null,"userName":"username","emails":[{"primary":true,"type":"work","value":"name@example.com"}],"name":{"formatted":"Test User","familyName":"User","givenName":"Test"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:User"],"meta":{"resourceType":"User"}}' \
|
||||
--header "Authorization: Bearer <your_scim_token>" --header "Content-Type: application/scim+json"
|
||||
```
|
||||
|
||||
Example response:
|
||||
|
||||
```json
|
||||
{
|
||||
"schemas": [
|
||||
"urn:ietf:params:scim:schemas:core:2.0:User"
|
||||
],
|
||||
"id": "0b1d561c-21ff-4092-beab-8154b17f82f2",
|
||||
"active": true,
|
||||
"name.formatted": "Test User",
|
||||
"userName": "username",
|
||||
"meta": { "resourceType":"User" },
|
||||
"emails": [
|
||||
{
|
||||
"type": "work",
|
||||
"value": "name@example.com",
|
||||
"primary": true
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
Returns a `201` status code if successful.
|
||||
|
||||
## Update a single SCIM provisioned user
|
||||
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/227841) in GitLab 15.5.
|
||||
|
||||
Fields that can be updated are:
|
||||
|
||||
| SCIM/IdP field | GitLab field |
|
||||
|:---------------------------------|:-----------------------------------------------------------------------------|
|
||||
| `id/externalId` | `extern_uid` |
|
||||
| `name.formatted` | `name` ([Removed](https://gitlab.com/gitlab-org/gitlab/-/issues/363058)) |
|
||||
| `emails\[type eq "work"\].value` | `email` ([Removed](https://gitlab.com/gitlab-org/gitlab/-/issues/363058)) |
|
||||
| `active` | Identity removal if `active` = `false` |
|
||||
| `userName` | `username` ([Removed](https://gitlab.com/gitlab-org/gitlab/-/issues/363058)) |
|
||||
| SCIM/IdP field | GitLab field |
|
||||
| --------------- | ------------ |
|
||||
| `id/externalId` | `extern_uid` |
|
||||
|
||||
```plaintext
|
||||
PATCH /api/scim/v2/groups/:group_path/Users/:id
|
||||
PATCH groups/:groups_id/scim/:uid
|
||||
```
|
||||
|
||||
Parameters:
|
||||
|
||||
| Attribute | Type | Required | Description |
|
||||
|:----------|:--------|:---------|:----------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| `id` | string | yes | External UID of the user. |
|
||||
| `group_path` | string | yes | Full path to the group. |
|
||||
| `Operations` | JSON string | yes | An [operations](#available-operations) expression. |
|
||||
| Attribute | Type | Required | Description |
|
||||
| --------- | ------ | -------- | ------------------------- |
|
||||
| `uid` | string | yes | External UID of the user. |
|
||||
|
||||
Example request:
|
||||
|
||||
```shell
|
||||
curl --verbose --request PATCH "https://gitlab.example.com/api/scim/v2/groups/test_group/Users/f0b1d561c-21ff-4092-beab-8154b17f82f2" \
|
||||
--data '{ "Operations": [{"op":"Add","path":"name.formatted","value":"New Name"}] }' \
|
||||
--header "Authorization: Bearer <your_scim_token>" --header "Content-Type: application/scim+json"
|
||||
```
|
||||
|
||||
Returns an empty response with a `204` status code if successful.
|
||||
|
||||
## Remove a single SCIM provisioned user
|
||||
|
||||
Removes the user's SSO identity and group membership.
|
||||
|
||||
```plaintext
|
||||
DELETE /api/scim/v2/groups/:group_path/Users/:id
|
||||
```
|
||||
|
||||
Parameters:
|
||||
|
||||
| Attribute | Type | Required | Description |
|
||||
|:----------|:--------|:---------|:----------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| `id` | string | yes | External UID of the user. |
|
||||
| `group_path` | string | yes | Full path to the group. |
|
||||
|
||||
Example request:
|
||||
|
||||
```shell
|
||||
curl --verbose --request DELETE "https://gitlab.example.com/api/scim/v2/groups/test_group/Users/f0b1d561c-21ff-4092-beab-8154b17f82f2" \
|
||||
--header "Authorization: Bearer <your_scim_token>" --header "Content-Type: application/scim+json"
|
||||
```
|
||||
|
||||
Returns an empty response with a `204` status code if successful.
|
||||
|
||||
## Available filters
|
||||
|
||||
They match an expression as specified in [the RFC7644 filtering section](https://www.rfc-editor.org/rfc/rfc7644#section-3.4.2.2).
|
||||
|
||||
| Filter | Description |
|
||||
| ----- | ----------- |
|
||||
| `eq` | The attribute matches exactly the specified value. |
|
||||
|
||||
Example:
|
||||
|
||||
```plaintext
|
||||
id eq a-b-c-d
|
||||
```
|
||||
|
||||
## Available operations
|
||||
|
||||
They perform an operation as specified in [the RFC7644 update section](https://www.rfc-editor.org/rfc/rfc7644#section-3.5.2).
|
||||
|
||||
| Operator | Description |
|
||||
| ----- | ----------- |
|
||||
| `Replace` | The attribute's value is updated. |
|
||||
| `Add` | The attribute has a new value. |
|
||||
|
||||
Example:
|
||||
|
||||
```json
|
||||
{ "op": "Add", "path": "name.formatted", "value": "New Name" }
|
||||
curl --location --request PATCH "https://gdk.test:3443/api/v4/groups/33/scim/sydney_jones" \
|
||||
--header "<PRIVATE TOKEN>" \
|
||||
--form "extern_uid=sydney_jones_new" \
|
||||
```
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Foundations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
description: "GitLab's development guidelines for Integrations"
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -965,3 +965,253 @@ Example response:
|
|||
### Known consumers
|
||||
|
||||
- CustomersDot
|
||||
|
||||
## SCIM API **(PREMIUM SAAS)**
|
||||
|
||||
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/9388) in GitLab 11.10.
|
||||
|
||||
The SCIM API implements the [RFC7644 protocol](https://www.rfc-editor.org/rfc/rfc7644). As this API is for
|
||||
**system** use for SCIM provider integration, it is subject to change without notice.
|
||||
|
||||
To use this API, [Group SSO](../../user/group/saml_sso/index.md) must be enabled for the group.
|
||||
This API is only in use where [SCIM for Group SSO](../../user/group/saml_sso/scim_setup.md) is enabled. It's a prerequisite to the creation of SCIM identities.
|
||||
|
||||
Not to be confused with the [main SCIM API](../../api/scim.md).
|
||||
|
||||
### Get a list of SCIM provisioned users
|
||||
|
||||
This endpoint is used as part of the SCIM syncing mechanism. It only returns
|
||||
a single user based on a unique ID which should match the `extern_uid` of the user.
|
||||
|
||||
```plaintext
|
||||
GET /api/scim/v2/groups/:group_path/Users
|
||||
```
|
||||
|
||||
Parameters:
|
||||
|
||||
| Attribute | Type | Required | Description |
|
||||
|:----------|:--------|:---------|:----------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| `filter` | string | no | A [filter](#available-filters) expression. |
|
||||
| `group_path` | string | yes | Full path to the group. |
|
||||
| `startIndex` | integer | no | The 1-based index indicating where to start returning results from. A value of less than one will be interpreted as 1. |
|
||||
| `count` | integer | no | Desired maximum number of query results. |
|
||||
|
||||
NOTE:
|
||||
Pagination follows the [SCIM spec](https://www.rfc-editor.org/rfc/rfc7644#section-3.4.2.4) rather than GitLab pagination as used elsewhere. If records change between requests it is possible for a page to either be missing records that have moved to a different page or repeat records from a previous request.
|
||||
|
||||
Example request:
|
||||
|
||||
```shell
|
||||
curl "https://gitlab.example.com/api/scim/v2/groups/test_group/Users?filter=id%20eq%20%220b1d561c-21ff-4092-beab-8154b17f82f2%22" \
|
||||
--header "Authorization: Bearer <your_scim_token>" \
|
||||
--header "Content-Type: application/scim+json"
|
||||
```
|
||||
|
||||
Example response:
|
||||
|
||||
```json
|
||||
{
|
||||
"schemas": [
|
||||
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
|
||||
],
|
||||
"totalResults": 1,
|
||||
"itemsPerPage": 20,
|
||||
"startIndex": 1,
|
||||
"Resources": [
|
||||
{
|
||||
"schemas": [
|
||||
"urn:ietf:params:scim:schemas:core:2.0:User"
|
||||
],
|
||||
"id": "0b1d561c-21ff-4092-beab-8154b17f82f2",
|
||||
"active": true,
|
||||
"name.formatted": "Test User",
|
||||
"userName": "username",
|
||||
"meta": { "resourceType":"User" },
|
||||
"emails": [
|
||||
{
|
||||
"type": "work",
|
||||
"value": "name@example.com",
|
||||
"primary": true
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
### Get a single SCIM provisioned user
|
||||
|
||||
```plaintext
|
||||
GET /api/scim/v2/groups/:group_path/Users/:id
|
||||
```
|
||||
|
||||
Parameters:
|
||||
|
||||
| Attribute | Type | Required | Description |
|
||||
|:----------|:--------|:---------|:----------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| `id` | string | yes | External UID of the user. |
|
||||
| `group_path` | string | yes | Full path to the group. |
|
||||
|
||||
Example request:
|
||||
|
||||
```shell
|
||||
curl "https://gitlab.example.com/api/scim/v2/groups/test_group/Users/f0b1d561c-21ff-4092-beab-8154b17f82f2" \
|
||||
--header "Authorization: Bearer <your_scim_token>" --header "Content-Type: application/scim+json"
|
||||
```
|
||||
|
||||
Example response:
|
||||
|
||||
```json
|
||||
{
|
||||
"schemas": [
|
||||
"urn:ietf:params:scim:schemas:core:2.0:User"
|
||||
],
|
||||
"id": "0b1d561c-21ff-4092-beab-8154b17f82f2",
|
||||
"active": true,
|
||||
"name.formatted": "Test User",
|
||||
"userName": "username",
|
||||
"meta": { "resourceType":"User" },
|
||||
"emails": [
|
||||
{
|
||||
"type": "work",
|
||||
"value": "name@example.com",
|
||||
"primary": true
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
### Create a SCIM provisioned user
|
||||
|
||||
```plaintext
|
||||
POST /api/scim/v2/groups/:group_path/Users/
|
||||
```
|
||||
|
||||
Parameters:
|
||||
|
||||
| Attribute | Type | Required | Description |
|
||||
|:---------------|:----------|:----|:--------------------------|
|
||||
| `externalId` | string | yes | External UID of the user. |
|
||||
| `userName` | string | yes | Username of the user. |
|
||||
| `emails` | JSON string | yes | Work email. |
|
||||
| `name` | JSON string | yes | Name of the user. |
|
||||
| `meta` | string | no | Resource type (`User`). |
|
||||
|
||||
Example request:
|
||||
|
||||
```shell
|
||||
curl --verbose --request POST "https://gitlab.example.com/api/scim/v2/groups/test_group/Users" \
|
||||
--data '{"externalId":"test_uid","active":null,"userName":"username","emails":[{"primary":true,"type":"work","value":"name@example.com"}],"name":{"formatted":"Test User","familyName":"User","givenName":"Test"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:User"],"meta":{"resourceType":"User"}}' \
|
||||
--header "Authorization: Bearer <your_scim_token>" --header "Content-Type: application/scim+json"
|
||||
```
|
||||
|
||||
Example response:
|
||||
|
||||
```json
|
||||
{
|
||||
"schemas": [
|
||||
"urn:ietf:params:scim:schemas:core:2.0:User"
|
||||
],
|
||||
"id": "0b1d561c-21ff-4092-beab-8154b17f82f2",
|
||||
"active": true,
|
||||
"name.formatted": "Test User",
|
||||
"userName": "username",
|
||||
"meta": { "resourceType":"User" },
|
||||
"emails": [
|
||||
{
|
||||
"type": "work",
|
||||
"value": "name@example.com",
|
||||
"primary": true
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
Returns a `201` status code if successful.
|
||||
|
||||
### Update a single SCIM provisioned user
|
||||
|
||||
Fields that can be updated are:
|
||||
|
||||
| SCIM/IdP field | GitLab field |
|
||||
|:---------------------------------|:-----------------------------------------------------------------------------|
|
||||
| `id/externalId` | `extern_uid` |
|
||||
| `name.formatted` | `name` ([Removed](https://gitlab.com/gitlab-org/gitlab/-/issues/363058)) |
|
||||
| `emails\[type eq "work"\].value` | `email` ([Removed](https://gitlab.com/gitlab-org/gitlab/-/issues/363058)) |
|
||||
| `active` | Identity removal if `active` = `false` |
|
||||
| `userName` | `username` ([Removed](https://gitlab.com/gitlab-org/gitlab/-/issues/363058)) |
|
||||
|
||||
```plaintext
|
||||
PATCH /api/scim/v2/groups/:group_path/Users/:id
|
||||
```
|
||||
|
||||
Parameters:
|
||||
|
||||
| Attribute | Type | Required | Description |
|
||||
|:----------|:--------|:---------|:----------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| `id` | string | yes | External UID of the user. |
|
||||
| `group_path` | string | yes | Full path to the group. |
|
||||
| `Operations` | JSON string | yes | An [operations](#available-operations) expression. |
|
||||
|
||||
Example request:
|
||||
|
||||
```shell
|
||||
curl --verbose --request PATCH "https://gitlab.example.com/api/scim/v2/groups/test_group/Users/f0b1d561c-21ff-4092-beab-8154b17f82f2" \
|
||||
--data '{ "Operations": [{"op":"Add","path":"name.formatted","value":"New Name"}] }' \
|
||||
--header "Authorization: Bearer <your_scim_token>" --header "Content-Type: application/scim+json"
|
||||
```
|
||||
|
||||
Returns an empty response with a `204` status code if successful.
|
||||
|
||||
### Remove a single SCIM provisioned user
|
||||
|
||||
Removes the user's SSO identity and group membership.
|
||||
|
||||
```plaintext
|
||||
DELETE /api/scim/v2/groups/:group_path/Users/:id
|
||||
```
|
||||
|
||||
Parameters:
|
||||
|
||||
| Attribute | Type | Required | Description |
|
||||
| ------------ | ------ | -------- | ------------------------- |
|
||||
| `id` | string | yes | External UID of the user. |
|
||||
| `group_path` | string | yes | Full path to the group. |
|
||||
|
||||
Example request:
|
||||
|
||||
```shell
|
||||
curl --verbose --request DELETE "https://gitlab.example.com/api/scim/v2/groups/test_group/Users/f0b1d561c-21ff-4092-beab-8154b17f82f2" \
|
||||
--header "Authorization: Bearer <your_scim_token>" --header "Content-Type: application/scim+json"
|
||||
```
|
||||
|
||||
Returns an empty response with a `204` status code if successful.
|
||||
|
||||
### Available filters
|
||||
|
||||
They match an expression as specified in [the RFC7644 filtering section](https://www.rfc-editor.org/rfc/rfc7644#section-3.4.2.2).
|
||||
|
||||
| Filter | Description |
|
||||
| ----- | ----------- |
|
||||
| `eq` | The attribute matches exactly the specified value. |
|
||||
|
||||
Example:
|
||||
|
||||
```plaintext
|
||||
id eq a-b-c-d
|
||||
```
|
||||
|
||||
### Available operations
|
||||
|
||||
They perform an operation as specified in [the RFC7644 update section](https://www.rfc-editor.org/rfc/rfc7644#section-3.5.2).
|
||||
|
||||
| Operator | Description |
|
||||
| ----- | ----------- |
|
||||
| `Replace` | The attribute's value is updated. |
|
||||
| `Add` | The attribute has a new value. |
|
||||
|
||||
Example:
|
||||
|
||||
```json
|
||||
{ "op": "Add", "path": "name.formatted", "value": "New Name" }
|
||||
```
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
comments: false
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
remove_date: '2022-10-29'
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -261,7 +261,7 @@ It also displays the following information:
|
|||
|
||||
## Export your license usage
|
||||
|
||||
> Introduced in GitLab 14.6.
|
||||
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/66826) in GitLab 14.2.
|
||||
|
||||
If you are an administrator, you can export your license usage into a CSV:
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -15,7 +15,7 @@ GitLab SAML SSO SCIM doesn't support updating users.
|
|||
|
||||
When SCIM is enabled for a GitLab group, membership of that group is synchronized between GitLab and an identity provider.
|
||||
|
||||
The GitLab [SCIM API](../../../api/scim.md) implements part of [the RFC7644 protocol](https://www.rfc-editor.org/rfc/rfc7644).
|
||||
The [internal GitLab SCIM API](../../../development/internal_api/index.md#scim-api) implements part of [the RFC7644 protocol](https://www.rfc-editor.org/rfc/rfc7644).
|
||||
|
||||
## Configure GitLab
|
||||
|
||||
|
@ -121,7 +121,7 @@ attributes and modify them accordingly. In particular, the `objectId` source att
|
|||
target attribute.
|
||||
|
||||
If a mapping is not listed in the table, use the Azure Active Directory defaults. For a list of required attributes,
|
||||
refer to the [SCIM API documentation](../../../api/scim.md).
|
||||
refer to the [internal SCIM API](../../../development/internal_api/index.md#scim-api) documentation.
|
||||
|
||||
### Configure Okta
|
||||
|
||||
|
|
|
@ -34,7 +34,7 @@ Administrators can use the Admin Area to [list SCIM identities for a user](../..
|
|||
|
||||
Group owners can see the list of users and the `externalId` stored for each user in the group SAML SSO Settings page.
|
||||
|
||||
A possible alternative is to use the [SCIM API](../../../api/scim.md#get-a-list-of-scim-provisioned-users) to manually retrieve the `externalId` we have stored for users, also called the `external_uid` or `NameId`.
|
||||
A possible alternative is to use the [SCIM API](../../../api/scim.md) to manually retrieve the `externalId` we have stored for users, also called the `external_uid` or `NameId`.
|
||||
|
||||
To see how the `external_uid` compares to the value returned as the SAML NameId, you can have the user use a [SAML Tracer](troubleshooting.md#saml-debugging-tools).
|
||||
|
||||
|
@ -53,7 +53,7 @@ you can address the problem in the following ways:
|
|||
|
||||
- You can have users unlink and relink themselves, based on the ["SAML authentication failed: User has already been taken"](troubleshooting.md#message-saml-authentication-failed-user-has-already-been-taken) section.
|
||||
- You can unlink all users simultaneously, by removing all users from the SAML app while provisioning is turned on.
|
||||
- It may be possible to use the [SCIM API](../../../api/scim.md#update-a-single-scim-provisioned-user) to manually correct the `externalId` stored for users to match the SAML `NameId`.
|
||||
- Use the [SCIM API](../../../api/scim.md) to manually correct the `externalId` stored for users to match the SAML `NameId`.
|
||||
To look up a user, you need to know the desired value that matches the `NameId` as well as the current `externalId`.
|
||||
|
||||
It is important not to update these to incorrect values, since this causes users to be unable to sign in. It is also important not to assign a value to the wrong user, as this causes users to get signed into the wrong account.
|
||||
|
@ -71,11 +71,13 @@ Changing the SAML or SCIM configuration or provider can cause the following prob
|
|||
| Problem | Solution |
|
||||
| ------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| SAML and SCIM identity mismatch. | First [verify that the user's SAML NameId matches the SCIM externalId](#how-do-i-verify-users-saml-nameid-matches-the-scim-externalid) and then [update or fix the mismatched SCIM externalId and SAML NameId](#update-or-fix-mismatched-scim-externalid-and-saml-nameid). |
|
||||
| SCIM identity mismatch between GitLab and the identity provider SCIM app. | You can confirm whether you're hitting the error because of your SCIM identity mismatch between your SCIM app and GitLab.com by using [SCIM API](../../../api/scim.md#update-a-single-scim-provisioned-user) which shows up in the `id` key and compares it with the user `externalId` in the SCIM app. You can use the same [SCIM API](../../../api/scim.md#update-a-single-scim-provisioned-user) to update the SCIM `id` for the user on GitLab.com. |
|
||||
| SCIM identity mismatch between GitLab and the identity provider SCIM app. | You can confirm whether you're hitting the error because of your SCIM identity mismatch between your SCIM app and GitLab.com by using the [SCIM API](../../../api/scim.md) which shows up in the `id` key and compares it with the user `externalId` in the SCIM app. You can use the same [SCIM API](../../../api/scim.md) to update the SCIM `id` for the user on GitLab.com. |
|
||||
|
||||
## Search Rails logs for SCIM requests
|
||||
|
||||
GitLab.com administrators can search for SCIM requests in the `api_json.log` using the `pubsub-rails-inf-gprd-*` index in [Kibana](https://about.gitlab.com/handbook/support/workflows/kibana.html#using-kibana). Use the following filters based on the [SCIM API](../../../api/scim.md):
|
||||
GitLab.com administrators can search for SCIM requests in the `api_json.log` using the `pubsub-rails-inf-gprd-*` index in
|
||||
[Kibana](https://about.gitlab.com/handbook/support/workflows/kibana.html#using-kibana). Use the following filters based on the internal
|
||||
[SCIM API](../../../development/internal_api/index.md#scim-api):
|
||||
|
||||
- `json.path`: `/scim/v2/groups/<group-path>`
|
||||
- `json.params.value`: `<externalId>`
|
||||
|
|
|
@ -140,10 +140,10 @@ The scope determines the actions you can perform when you authenticate with a gr
|
|||
|:-------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| `api` | Grants complete read and write access to the scoped group and related project API, including the [Package Registry](../../packages/package_registry/index.md). |
|
||||
| `read_api` | Grants read access to the scoped group and related project API, including the [Package Registry](../../packages/package_registry/index.md). |
|
||||
| `read_registry` | Allows read access (pull) to the [Container Registry](../../packages/container_registry/index.md) images if any project within a group is private and authorization is required. |
|
||||
| `write_registry` | Allows write access (push) to the [Container Registry](../../packages/container_registry/index.md). |
|
||||
| `read_repository` | Allows read access (pull) to all repositories within a group. |
|
||||
| `write_repository` | Allows read and write access (pull and push) to all repositories within a group. |
|
||||
| `read_registry` | Grants read access (pull) to the [Container Registry](../../packages/container_registry/index.md) images if any project within a group is private and authorization is required. |
|
||||
| `write_registry` | Grants write access (push) to the [Container Registry](../../packages/container_registry/index.md). |
|
||||
| `read_repository` | Grants read access (pull) to all repositories within a group. |
|
||||
| `write_repository` | Grants read and write access (pull and push) to all repositories within a group. |
|
||||
|
||||
## Enable or disable group access token creation
|
||||
|
||||
|
|
|
@ -317,6 +317,9 @@ GitLab tracks user contribution activity. You can follow or unfollow other users
|
|||
- The small popover that appears when you hover over a user's name ([introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/76050)
|
||||
in GitLab 15.0).
|
||||
|
||||
In [GitLab 15.5 and later](https://gitlab.com/gitlab-org/gitlab/-/issues/360755),
|
||||
the maximum number of users you can follow is 300.
|
||||
|
||||
To view a user's activity in a top-level Activity view:
|
||||
|
||||
1. From a user's profile, select **Follow**.
|
||||
|
|
|
@ -105,14 +105,14 @@ A personal access token can perform actions based on the assigned scopes.
|
|||
|
||||
| Scope | Access |
|
||||
|--------------------|--------|
|
||||
| `api` | Read-write for the complete API, including all groups and projects, the Container Registry, and the Package Registry. |
|
||||
| `read_user` | Read-only for endpoints under `/users`. Essentially, access to any of the `GET` requests in the [Users API](../../api/users.md). |
|
||||
| `read_api` | Read-only for the complete API, including all groups and projects, the Container Registry, and the Package Registry. ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/28944) in GitLab 12.10.) |
|
||||
| `read_repository` | Read-only (pull) for the repository through `git clone`. |
|
||||
| `write_repository` | Read-write (pull, push) for the repository through `git clone`. |
|
||||
| `read_registry` | Read-only (pull) for [Container Registry](../packages/container_registry/index.md) images if a project is private and authorization is required. Available only when the Container Registry is enabled. |
|
||||
| `write_registry` | Read-write (push) for [Container Registry](../packages/container_registry/index.md) images if a project is private and authorization is required. Available only when the Container Registry is enabled. ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/28958) in GitLab 12.10.) |
|
||||
| `sudo` | API actions as any user in the system (if the authenticated user is an administrator). |
|
||||
| `api` | Grants complete read/write access to the API, including all groups and projects, the container registry, and the package registry. |
|
||||
| `read_user` | Grants read-only access to the authenticated user's profile through the `/user` API endpoint, which includes username, public email, and full name. Also grants access to read-only API endpoints under [`/users`](../../api/users.md). |
|
||||
| `read_api` | Grants read access to the API, including all groups and projects, the container registry, and the package registry. ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/28944) in GitLab 12.10.) |
|
||||
| `read_repository` | Grants read-only access to repositories on private projects using Git-over-HTTP or the Repository Files API. |
|
||||
| `write_repository` | Grants read-write access to repositories on private projects using Git-over-HTTP (not using the API). |
|
||||
| `read_registry` | Grants read-only (pull) access to a [Container Registry](../packages/container_registry/index.md) images if a project is private and authorization is required. Available only when the Container Registry is enabled. |
|
||||
| `write_registry` | Grants read-write (push) access to a [Container Registry](../packages/container_registry/index.md) images if a project is private and authorization is required. Available only when the Container Registry is enabled. ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/28958) in GitLab 12.10.) |
|
||||
| `sudo` | Grants permission to perform API actions as any user in the system, when authenticated as an administrator. |
|
||||
|
||||
## When personal access tokens expire
|
||||
|
||||
|
|
|
@ -68,11 +68,11 @@ following table along with GitLab version it was introduced in:
|
|||
|
||||
| Scope | Description | Introduced in GitLab Version |
|
||||
|--------------------------|-------------|------------------------------|
|
||||
| `read_repository` | Allows read-access to the repository through `git clone` | -- |
|
||||
| `read_registry` | Allows read-access to [container registry](../../packages/container_registry/index.md) images if a project is private and authorization is required. | -- |
|
||||
| `write_registry` | Allows write-access (push) to [container registry](../../packages/container_registry/index.md). | 12.10 |
|
||||
| `read_package_registry` | Allows read access to the package registry. | 13.0 |
|
||||
| `write_package_registry` | Allows write access to the package registry. | 13.0 |
|
||||
| `read_repository` | Grants read-access to the repository through `git clone` | -- |
|
||||
| `read_registry` | Grants read-access to [container registry](../../packages/container_registry/index.md) images if a project is private and authorization is required. | -- |
|
||||
| `write_registry` | Grants write-access (push) to [container registry](../../packages/container_registry/index.md). | 12.10 |
|
||||
| `read_package_registry` | Grants read access to the package registry. | 13.0 |
|
||||
| `write_package_registry` | Grants write access to the package registry. | 13.0 |
|
||||
|
||||
## Deploy token custom username
|
||||
|
||||
|
|
|
@ -204,7 +204,7 @@ defaults to the default project visibility.
|
|||
Supported GitHub branch protection rules are mapped to GitLab branch protection rules or project-wide GitLab settings when they are imported:
|
||||
|
||||
- GitHub rule **Require conversation resolution before merging** for the project's default branch is mapped to the [**All threads must be resolved** GitLab setting](../../discussions/index.md#prevent-merge-unless-all-threads-are-resolved). [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/371110) in GitLab 15.5.
|
||||
- Support for GitHub rule **Require a pull request before merging** is proposed in issue [370951](https://gitlab.com/gitlab-org/gitlab/-/issues/370951).
|
||||
- GitHub rule **Require a pull request before merging** is mapped to the **No one** option in the **Allowed to push** list of the branch protection rule. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/370951) in GitLab 15.5.
|
||||
- GitHub rule **Require signed commits** for the project's default branch is mapped to the **Reject unsigned commits** GitLab setting. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/370949) in GitLab 15.5.
|
||||
- Support for GitHub rule **Require status checks to pass before merging** was proposed in issue [370948](https://gitlab.com/gitlab-org/gitlab/-/issues/370948). However, this rule cannot be translated during project import into GitLab due to technical difficulties.
|
||||
You can still create [status checks](../merge_requests/status_checks.md) in GitLab yourself.
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
stage: Ecosystem
|
||||
stage: Manage
|
||||
group: Integrations
|
||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
|
||||
---
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue