kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2022-04-22 00:08:40 +00:00
parent 6216eabd1c
commit e5bf29c7cd
33 changed files with 104 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/assets/javascripts/diffs/components/diff_file_header.vue
View File

@ -394,6 +394,7 @@ export default {
<gl-dropdown
v-gl-tooltip.hover.focus="$options.i18n.optionsDropdownTitle"
size="small"
category="tertiary"
right
toggle-class="btn-icon js-diff-more-actions"
class="gl-pt-0!"
@ -402,7 +403,7 @@ export default {
@hidden="setMoreActionsShown(false)"
>
<template #button-content>
<gl-icon name="ellipsis_v" class="mr-0" :size="12" />
<gl-icon name="ellipsis_v" class="mr-0" />
<span class="sr-only">{{ $options.i18n.optionsDropdownTitle }}</span>
</template>
<gl-dropdown-item

3
app/assets/javascripts/security_configuration/components/app.vue
View File

@ -1,7 +1,6 @@
<script>
import { GlTab, GlTabs, GlSprintf, GlLink, GlAlert } from '@gitlab/ui';
import { __, s__ } from '~/locale';
import glFeatureFlagsMixin from '~/vue_shared/mixins/gl_feature_flags_mixin';
import LocalStorageSync from '~/vue_shared/components/local_storage_sync.vue';
import UserCalloutDismisser from '~/vue_shared/components/user_callout_dismisser.vue';
import AutoDevOpsAlert from './auto_dev_ops_alert.vue';
@ -50,7 +49,6 @@ export default {
UserCalloutDismisser,
TrainingProviderList,
},
mixins: [glFeatureFlagsMixin()],
inject: ['projectFullPath', 'vulnerabilityTrainingDocsPath'],
props: {
augmentedSecurityFeatures: {
@ -252,7 +250,6 @@ export default {
</section-layout>
</gl-tab>
<gl-tab
v-if="glFeatures.secureVulnerabilityTraining"
data-testid="vulnerability-management-tab"
:title="$options.i18n.vulnerabilityManagement"
query-param-value="vulnerability-management"

1
app/controllers/projects/merge_requests_controller.rb
View File

@ -41,7 +41,6 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
push_frontend_feature_flag(:refactor_mr_widgets_extensions, project, default_enabled: :yaml)
push_frontend_feature_flag(:refactor_mr_widget_test_summary, project, default_enabled: :yaml)
push_frontend_feature_flag(:rebase_without_ci_ui, project, default_enabled: :yaml)
push_frontend_feature_flag(:secure_vulnerability_training, project, default_enabled: :yaml)
push_frontend_feature_flag(:issue_assignees_widget, @project, default_enabled: :yaml)
push_frontend_feature_flag(:realtime_labels, project, default_enabled: :yaml)
push_frontend_feature_flag(:updated_diff_expansion_buttons, project, default_enabled: :yaml)

2
app/models/ci/build_metadata.rb
View File

@ -38,7 +38,7 @@ module Ci
job_timeout_source: 4
}
ignore_columns :runner_features, remove_with: '14.7', remove_after: '2021-11-22'
ignore_columns :runner_features, remove_with: '15.1', remove_after: '2022-05-22'
def update_timeout_state
timeout = timeout_with_highest_precedence

18
app/views/admin/application_settings/_runner_registrars_form.html.haml
View File

@ -1,16 +1,16 @@
= form_for @application_setting, url: ci_cd_admin_application_settings_path(anchor: 'js-runner-settings'), html: { class: 'fieldset-form' } do |f|
= gitlab_ui_form_for @application_setting, url: ci_cd_admin_application_settings_path(anchor: 'js-runner-settings'), html: { class: 'fieldset-form' } do |f|
= form_errors(@application_setting)
%fieldset
.form-group
= hidden_field_tag "application_setting[valid_runner_registrars][]", nil
- ApplicationSetting::VALID_RUNNER_REGISTRAR_TYPES.each do |type|
.form-check
= f.check_box(:valid_runner_registrars, { multiple: true, checked: valid_runner_registrars.include?(type), class: 'form-check-input' }, type, nil)
= f.label :valid_runner_registrars, class: 'form-check-label' do
= s_("Runners|Members of the %{type} can register runners") % { type: type }
%span.form-text.gl-text-gray-600
.gl-form-group
%span.form-text.gl-mb-3.gl-mt-0
= _('If no options are selected, only administrators can register runners.')
= link_to _('Learn more.'), help_page_path('user/admin_area/settings/continuous_integration', anchor: 'prevent-users-from-registering-runners'), target: '_blank', rel: 'noopener noreferrer'
= hidden_field_tag "application_setting[valid_runner_registrars][]", nil
- ApplicationSetting::VALID_RUNNER_REGISTRAR_TYPES.each do |type|
= f.gitlab_ui_checkbox_component :valid_runner_registrars, s_("Runners|Members of the %{type} can register runners") % { type: type },
checkbox_options: { multiple: true, checked: valid_runner_registrars.include?(type) },
checked_value: type,
unchecked_value: nil
= f.submit _('Save changes'), class: "gl-button btn btn-confirm"

8
config/feature_flags/development/secure_vulnerability_training.yml
View File

@ -1,8 +0,0 @@
---
name: secure_vulnerability_training
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/issues/346074
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/346308
milestone: '14.6'
type: development
group: group::threat insights
default_enabled: true

2
data/deprecations/14-0-nfs-fot-git-repository-storage.yml
View File

@ -16,7 +16,7 @@
We encourage customers currently using NFS for Git repositories to plan their migration by reviewing our documentation on [migrating to Gitaly Cluster](https://docs.gitlab.com/ee/administration/gitaly/index.html#migrate-to-gitaly-cluster).
reporter: mjwood
stage: create # (optional - may be required in the future) String value of the stage that the feature was created in. e.g., Growth
stage: create
tiers: # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
issue_url: # (optional) This is a link to the deprecation issue in GitLab
documentation_url: # (optional) This is a link to the current documentation page

3
data/deprecations/14-5-deprecate-defaultMergeCommitMessageWithDescription-graphql.yml
View File

@ -7,7 +7,8 @@
body: | # Do not modify this line, instead modify the lines below.
The GraphQL API field `defaultMergeCommitMessageWithDescription` has been deprecated and will be removed in GitLab 15.0. For projects with a commit message template set, it will ignore the template.
# The following items are not published on the docs page, but may be used in the future.
stage: # (optional - may be required in the future) String value of the stage that the feature was created in. e.g., Growth
stage: create
reporter: phikai
tiers: # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
issue_url: # (optional) This is a link to the deprecation issue in GitLab
documentation_url: # (optional) This is a link to the current documentation page

2
data/deprecations/14-5-deprecate-sles-12sp2.yml
View File

@ -6,3 +6,5 @@
breaking_change: true
body: | # Do not modify this line, instead modify the lines below.
Long term service and support (LTSS) for SUSE Linux Enterprise Server (SLES) 12 SP2 [ended on March 31, 2021](https://www.suse.com/lifecycle/). The CA certificates on SP2 include the expired DST root certificate, and it's not getting new CA certificate package updates. We have implemented some [workarounds](https://gitlab.com/gitlab-org/gitlab-omnibus-builder/-/merge_requests/191), but we will not be able to continue to keep the build running properly.
stage: enablement
reporter: dorrino

3
data/deprecations/14-6-deprecate-types.yml
View File

@ -7,7 +7,8 @@
body: | # Do not modify this line, instead modify the lines below.
The `type` and `types` CI/CD keywords will be removed in GitLab 15.0. Pipelines that use these keywords will stop working, so you must switch to `stage` and `stages`, which have the same behavior.
# The following items are not published on the docs page, but may be used in the future.
stage: # (optional - may be required in the future) String value of the stage that the feature was created in. e.g., Growth
stage: verify
reporter: dhershkovitch
tiers: # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
issue_url: # (optional) This is a link to the deprecation issue in GitLab
documentation_url: # (optional) This is a link to the current documentation page

3
data/deprecations/14-6-job_char_limit.yml
View File

@ -7,7 +7,8 @@
body: | # Do not modify this line, instead modify the lines below.
In GitLab 15.0 we are going to limit the number of characters in CI/CD job names to 255. Any pipeline with job names that exceed the 255 character limit will stop working after the 15.0 release.
# The following items are not published on the docs page, but may be used in the future.
stage: # (optional - may be required in the future) String value of the stage that the feature was created in. e.g., Growth
reporter: dhershkovitch
stage: verify
tiers: # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/342800 # (optional) This is a link to the deprecation issue in GitLab
documentation_url: # (optional) This is a link to the current documentation page

2
data/deprecations/14-8-deprecate-projectFingerprint-from-PipelineSecurityReportFinding-GraphQL.yml
View File

@ -11,7 +11,7 @@
The method for calculating fingerprints has changed, resulting in different values. Going forward, the new values will be
exposed in the UUID field. Data previously available in the projectFingerprint field will eventually be removed entirely.
# The following items are not published on the docs page, but may be used in the future.
stage: # (optional - may be required in the future) String value of the stage that the feature was created in. e.g., Growth
stage: secure
tiers: # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
issue_url: # (optional) This is a link to the deprecation issue in GitLab
documentation_url: # (optional) This is a link to the current documentation page

1
data/deprecations/14-8-enforce-pat-expiration.yml
View File

@ -9,5 +9,6 @@
The feature to disable enforcement of PAT expiration is unusual from a security perspective.
We have become concerned that this unusual feature could create unexpected behavior for users.
Unexpected behavior in a security feature is inherently dangerous, so we have decided to remove this feature.
stage: manage
issue_url: "https://gitlab.com/gitlab-org/gitlab/-/issues/351962" # (optional) This is a link to the deprecation issue in GitLab
documentation_url: "https://docs.gitlab.com/ee/user/admin_area/settings/account_and_limit_settings.html#allow-expired-personal-access-tokens-to-be-used-deprecated" # (optional) This is a link to the current documentation page

1
data/deprecations/14-8-enforce-ssh-expiration.yml
View File

@ -9,5 +9,6 @@
The feature to disable enforcement of SSH expiration is unusual from a security perspective.
We have become concerned that this unusual feature could create unexpected behavior for users.
Unexpected behavior in a security feature is inherently dangerous, so we have decided to remove this feature.
stage: manage
issue_url: "https://gitlab.com/gitlab-org/gitlab/-/issues/351963" # (optional) This is a link to the deprecation issue in GitLab
documentation_url: "https://docs.gitlab.com/ee/user/admin_area/settings/account_and_limit_settings.html#allow-expired-ssh-keys-to-be-used-deprecated" # (optional) This is a link to the current documentation page

2
data/deprecations/14-8-graphql-ids.yml
View File

@ -58,7 +58,7 @@
to one of the other two forms (using the correct appropriate type in the signature, or using
an inline argument expression).
# The following items are not published on the docs page, but may be used in the future.
stage: # (optional - may be required in the future) String value of the stage that the feature was created in. e.g., Growth
stage: ecosystem
tiers: # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
issue_url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/257883'
documentation_url: # (optional) This is a link to the current documentation page

2
data/deprecations/14-8-grpc-proxy.yml
View File

@ -18,7 +18,7 @@
increase throughput and reduce Go garbage collection latency. For more information, see
the [relevant epic](https://gitlab.com/groups/gitlab-com/gl-infra/-/epics/463).
# The following items are not published on the docs page, but may be used in the future.
stage: # (optional - may be required in the future) String value of the stage that the feature was created in. e.g., Growth
stage: platform
tiers: # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
issue_url: # (optional) This is a link to the deprecation issue in GitLab
documentation_url: # (optional) This is a link to the current documentation page

1
data/deprecations/14-9-deprecate-composer-download-permissions.yml
View File

@ -9,3 +9,4 @@
The GitLab Composer repository can be used to push, search, fetch metadata about, and download PHP dependencies. All these actions require authentication, except for downloading dependencies.
Downloading Composer dependencies without authentication is deprecated in GitLab 14.9, and will be removed in GitLab 15.0. Starting with GitLab 15.0, you must authenticate to download Composer dependencies.
stage: package

1
data/deprecations/14-9-deprecate-permissions-change-package-settings.yml
View File

@ -14,3 +14,4 @@
- [Container Registry cleanup policy](https://docs.gitlab.com/ee/api/graphql/reference/#containerexpirationpolicy)
- [Dependency Proxy time-to-live policy](https://docs.gitlab.com/ee/api/graphql/reference/#dependencyproxyimagettlgrouppolicy)
- [Enabling the Dependency Proxy for your group](https://docs.gitlab.com/ee/api/graphql/reference/#dependencyproxysetting)
stage: package

1
data/deprecations/14-9-deprecate-testcoveragesetting.yml
View File

@ -12,3 +12,4 @@
Instead, using the projects `.gitlab-ci.yml`, provide a regular expression with the `coverage` keyword to set
testing coverage results in merge requests.
stage: verify

1
data/deprecations/14-9-deprecation-htpassword-authentication-container-registry.yml
View File

@ -9,3 +9,4 @@
The Container Registry supports [authentication](https://gitlab.com/gitlab-org/container-registry/-/blob/master/docs/configuration.md#auth) with `htpasswd`. It relies on an [Apache `htpasswd` file](https://httpd.apache.org/docs/2.4/programs/htpasswd.html), with passwords hashed using `bcrypt`.
Since it isn't used in the context of GitLab (the product), `htpasswd` authentication will be deprecated in GitLab 14.9 and removed in GitLab 15.0.
stage: package

2
data/deprecations/15-0-JTW_v2_update.yml
View File

@ -20,7 +20,7 @@
body: | # Do not modify this line, instead modify the lines below.
The `CI_JOB_JWT` will be updated to support a wider variety of cloud providers. It will be changed to match [`CI_JOB_JWT_V2`](https://docs.gitlab.com/ee/ci/variables/predefined_variables.html), but this change may not be backwards compatible for all users, including Hashicorp Vault users. To maintain the current behavior, users can switch to using `CI_JOB_JWT_V1`, or update their configuration in GitLab 15.0 to use the improved `CI_JOB_JWT`.
# The following items are not published on the docs page, but may be used in the future.
stage: # (optional - may be required in the future) String value of the stage that the feature was created in. e.g., Growth
stage: verify
tiers: # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
issue_url: # (optional) This is a link to the deprecation issue in GitLab
documentation_url: # (optional) This is a link to the current documentation page

3
data/deprecations/15-0-oauth-noexpiry.yml
View File

@ -16,7 +16,8 @@
1. Select **Expire access tokens** to enable them. Tokens must be revoked or they dont expire.
# The following items are not published on the docs page, but may be used in the future.
stage: # Manage
reporter: hsutor
stage: manage
tiers: # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
issue_url: # https://gitlab.com/gitlab-org/gitlab/-/issues/21745
documentation_url: # (optional) This is a link to the current documentation page

3
data/deprecations/15-0-oauth.yml
View File

@ -7,7 +7,8 @@
body: | # Do not modify this line, instead modify the lines below.
The OAuth implicit grant authorization flow will be removed in our next major release, GitLab 15.0. Any applications that use OAuth implicit grant should switch to alternative [supported OAuth flows](https://docs.gitlab.com/ee/api/oauth2.html).
# The following items are not published on the docs page, but may be used in the future.
stage: # Manage
reporter: hsutor
stage: manage
tiers: # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
issue_url: # https://gitlab.com/gitlab-org/gitlab/-/issues/344609
documentation_url: # (optional) This is a link to the current documentation page

13
db/post_migrate/20211103184303_drop_runner_features_from_ci_builds_metadata.rb Normal file
View File

@ -0,0 +1,13 @@
# frozen_string_literal: true
class DropRunnerFeaturesFromCiBuildsMetadata < Gitlab::Database::Migration[1.0]
enable_lock_retries!
def up
remove_column :ci_builds_metadata, :runner_features
end
def down
add_column :ci_builds_metadata, :runner_features, :jsonb, default: {}, null: false
end
end

1
db/schema_migrations/20211103184303 Normal file
View File

@ -0,0 +1 @@
fdec8e2d58c5b857a997d7fa3536969df8c05b8c455811cbec984834e031f2cb

1
db/structure.sql
View File

@ -12368,7 +12368,6 @@ CREATE TABLE ci_builds_metadata (
secrets jsonb DEFAULT '{}'::jsonb NOT NULL,
build_id bigint NOT NULL,
id bigint NOT NULL,
runner_features jsonb DEFAULT '{}'::jsonb NOT NULL,
runtime_runner_features jsonb DEFAULT '{}'::jsonb NOT NULL
);

31
doc/administration/gitaly/configure_gitaly.md
View File

@ -773,8 +773,8 @@ settings:
Clone traffic can put a large strain on your Gitaly service. The bulk of the work gets done in the
either of the following RPCs:
- `SSHUploadPack` (for Git SSH).
- `PostUploadPack` (for Git HTTP).
- `SSHUploadPackWithSidechannel` (for Git SSH).
- `PostUploadPackWithSidechannel` (for Git HTTP).
To prevent such workloads from overwhelming your Gitaly server, you can set concurrency limits in
Gitaly's configuration file. For example:
@ -784,26 +784,39 @@ Gitaly's configuration file. For example:
gitaly['concurrency'] = [
{
'rpc' => "/gitaly.SmartHTTPService/PostUploadPack",
'max_per_repo' => 20
'rpc' => "/gitaly.SmartHTTPService/PostUploadPackWithSidechanel",
'max_per_repo' => 20,
'max_queue_time' => "1s",
'max_queue_size' => 10
},
{
'rpc' => "/gitaly.SSHService/SSHUploadPack",
'rpc' => "/gitaly.SSHService/SSHUploadPackWithSidechannel",
'max_per_repo' => 20
'max_queue_time' => "1s",
'max_queue_size' => 10
}
]
```
- `rpc` is the name of the RPC to set a concurrency limit for per repository.
- `max_per_repo` is the maximum number of in-flight RPC calls for the given RPC per repository.
- `max_queue_time` is the maximum amount of time a request can wait in the concurrency queue to
be picked up by Gitaly.
- `max_queue_size` is the maximum size the concurrency queue can grow to before requests are rejected by
Gitaly.
This limits the number of in-flight RPC calls for the given RPCs. The limit is applied per
repository. In the example above:
- Each repository served by the Gitaly server can have at most 20 simultaneous `PostUploadPack` RPC
calls in flight, and the same for `SSHUploadPack`.
- Each repository served by the Gitaly server can have at most 20 simultaneous `PostUploadPackWithSidechannel` and
`SSHUploadPackWithSidechannel` RPC calls in flight.
- If another request comes in for a repository that has used up its 20 slots, that request gets
queued.
- If a request waits in the queue for more than 1 second, it is rejected with an error.
- If the queue grows beyond 10, subsequent requests are rejected with an error.
You can observe the behavior of this queue using the Gitaly logs and Prometheus. For more
information, see the [relevant documentation](index.md#monitor-gitaly).
information, see the [relevant documentation](index.md#monitor-gitaly-concurrency-limiting).
## Background Repository Optimization
@ -1068,7 +1081,7 @@ closed it.
### Observe the cache
The cache can be observed [using metrics](index.md#monitor-gitaly) and in the following logged
The cache can be observed [using metrics](index.md#pack-objects-cache) and in the following logged
information:
|Message|Fields|Description|

35
doc/administration/gitaly/index.md
View File

@ -403,23 +403,38 @@ Metric definitions are available:
- Using [Grafana Explore](https://grafana.com/docs/grafana/latest/explore/) on a
Grafana instance configured against Prometheus.
### Monitor Gitaly
### Monitor Gitaly rate limiting
You can observe the behavior of [queued requests](configure_gitaly.md#limit-rpc-concurrency) using
Gitaly can be configured to limit requests based on:
- Concurrency of requests.
- A rate limit.
Monitor Gitaly request limiting with the `gitaly_requests_dropped_total` Prometheus metric. This metric provides a total count
of requests dropped due to request limiting. The `reason` label indicates why a request was dropped:
- `rate`, due to rate limiting.
- `max_size`, because the concurrency queue size was reached.
- `max_time`, because the request exceeded the maximum queue wait time as configured in Gitaly.
### Monitor Gitaly concurrency limiting
You can observe specific behavior of [concurrency-queued requests](configure_gitaly.md#limit-rpc-concurrency) using
the Gitaly logs and Prometheus:
- In the [Gitaly logs](../logs.md#gitaly-logs), look for the string (or structured log field)
`acquire_ms`. Messages that have this field are reporting about the concurrency limiter.
- In Prometheus, look for the following metrics:
- `gitaly_rate_limiting_in_progress`.
- `gitaly_rate_limiting_queued`.
- `gitaly_rate_limiting_seconds`.
- `gitaly_concurrency_limiting_in_progress` indicates how many concurrent requests are
being processed.
- `gitaly_concurrency_limiting_queued` indicates how many requests for an RPC for a given
repository are waiting due to the concurrency limit being reached.
- `gitaly_concurrency_limiting_acquiring_seconds` indiciates how long a request has to
wait due to concurrency limits before being processed.
Although the name of the Prometheus metric contains `rate_limiting`, it's a concurrency limiter,
not a rate limiter. If a Gitaly client makes 1,000 requests in a row very quickly, concurrency
doesn't exceed 1, and the concurrency limiter has no effect.
### `pack-objects` cache
The following [pack-objects cache](configure_gitaly.md#pack-objects-cache) metrics are available:
The following [`pack-objects` cache](configure_gitaly.md#pack-objects-cache) metrics are available:
- `gitaly_pack_objects_cache_enabled`, a gauge set to `1` when the cache is enabled. Available
labels: `dir` and `max_age`.
@ -448,7 +463,7 @@ gitaly_streamcache_filestore_removed_total{dir="/var/opt/gitlab/git-data/reposit
gitaly_streamcache_index_entries{dir="/var/opt/gitlab/git-data/repositories/+gitaly/PackObjectsCache"} 1
```
#### Useful queries
### Useful queries
The following are useful queries for monitoring Gitaly:

2
doc/administration/gitaly/recovery.md
View File

@ -357,7 +357,7 @@ The `list-untracked-repositories` Praefect sub-command lists repositories of the
- Aren't tracked in the Praefect database.
Add the `-older-than` option to avoid showing repositories that are the process of being created and for which a record doesn't yet exist in the
Praefect database. Replace <duration> with a time duration (for example, `5s`, `10m`, or `1h`). Defaults to `6h`.
Praefect database. Replace `<duration>` with a time duration (for example, `5s`, `10m`, or `1h`). Defaults to `6h`.
```shell
sudo /opt/gitlab/embedded/bin/praefect -config /var/opt/gitlab/praefect/config.toml list-untracked-repositories -older-than <duration>

9
doc/integration/elasticsearch.md
View File

@ -217,7 +217,7 @@ The following Elasticsearch settings are available:
| `Password` | The password of your Elasticsearch instance. |
| `Number of Elasticsearch shards` | Elasticsearch indexes are split into multiple shards for performance reasons. In general, you should use at least 5 shards, and indexes with tens of millions of documents need to have more shards ([see below](#guidance-on-choosing-optimal-cluster-configuration)). Changes to this value do not take effect until the index is recreated. You can read more about tradeoffs in the [Elasticsearch documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/scalability.html). |
| `Number of Elasticsearch replicas` | Each Elasticsearch shard can have a number of replicas. These are a complete copy of the shard, and can provide increased query performance or resilience against hardware failure. Increasing this value increases total disk space required by the index. |
| `Limit namespaces and projects that can be indexed` | Enabling this allows you to select namespaces and projects to index. All other namespaces and projects use database search instead. If you enable this option but do not select any namespaces or projects, none are indexed. [Read more below](#limit-namespaces-and-projects).
| `Limit the number of namespaces and projects that can be indexed` | Enabling this allows you to select namespaces and projects to index. All other namespaces and projects use database search instead. If you enable this option but do not select any namespaces or projects, none are indexed. [Read more below](#limit-the-number-of-namespaces-and-projects-that-can-be-indexed).
| `Using AWS hosted Elasticsearch with IAM credentials` | Sign your Elasticsearch requests using [AWS IAM authorization](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html), [AWS EC2 Instance Profile Credentials](https://docs.aws.amazon.com/codedeploy/latest/userguide/getting-started-create-iam-instance-profile.html#getting-started-create-iam-instance-profile-cli), or [AWS ECS Tasks Credentials](https://docs.aws.amazon.com/AmazonECS/latest/userguide/task-iam-roles.html). Please refer to [Identity and Access Management in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ac.html) for details of AWS hosted OpenSearch domain access policy configuration. |
| `AWS Region` | The AWS region in which your OpenSearch Service is located. |
| `AWS Access Key` | The AWS access key. |
@ -234,9 +234,10 @@ Sidekiq performance. Return them to their default values if you see increased `s
in your Sidekiq logs. For more information, see
[issue 322147](https://gitlab.com/gitlab-org/gitlab/-/issues/322147).
### Limit namespaces and projects
### Limit the number of namespaces and projects that can be indexed
If you select `Limit namespaces and projects that can be indexed`, more options become available.
If you check checkbox `Limit the number of namespaces and projects that can be indexed`
under **Elasticsearch indexing restrictions** more options become available.
![limit namespaces and projects options](img/limit_namespaces_projects_options.png)
@ -920,7 +921,7 @@ More [complex Elasticsearch API calls](https://www.elastic.co/guide/en/elasticse
It is important to understand at which level the problem is manifesting (UI, Rails code, Elasticsearch side) to be able to [troubleshoot further](../administration/troubleshooting/elasticsearch.md#search-results-workflow).
NOTE:
The above instructions are not to be used for scenarios that only index a [subset of namespaces](#limit-namespaces-and-projects).
The above instructions are not to be used for scenarios that only index a [subset of namespaces](#limit-the-number-of-namespaces-and-projects-that-can-be-indexed).
See [Elasticsearch Index Scopes](#advanced-search-index-scopes) for more information on searching for specific types of data.

BIN
doc/integration/img/limit_namespaces_projects_options.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 7.7 KiB

After

Width:  |  Height:  |  Size: 47 KiB

2
spec/features/admin/admin_settings_spec.rb
View File

@ -370,7 +370,7 @@ RSpec.describe 'Admin updates settings' do
expect(current_settings.valid_runner_registrars).to eq(ApplicationSetting::VALID_RUNNER_REGISTRAR_TYPES)
page.within('.as-runner') do
find_all('.form-check-input').each(&:click)
find_all('input[type="checkbox"]').each(&:click)
click_button 'Save changes'
end

27
spec/frontend/security_configuration/components/app_spec.js
View File

@ -41,11 +41,7 @@ describe('App component', () => {
let wrapper;
let userCalloutDismissSpy;
const createComponent = ({
shouldShowCallout = true,
secureVulnerabilityTraining = true,
...propsData
}) => {
const createComponent = ({ shouldShowCallout = true, ...propsData }) => {
userCalloutDismissSpy = jest.fn();
wrapper = extendedWrapper(
@ -57,9 +53,6 @@ describe('App component', () => {
autoDevopsPath,
projectFullPath,
vulnerabilityTrainingDocsPath,
glFeatures: {
secureVulnerabilityTraining,
},
},
stubs: {
...stubChildren(SecurityConfigurationApp),
@ -467,22 +460,4 @@ describe('App component', () => {
expect(trainingLink.attributes('href')).toBe(vulnerabilityTrainingDocsPath);
});
});
describe('when secureVulnerabilityTraining feature flag is disabled', () => {
beforeEach(() => {
createComponent({
augmentedSecurityFeatures: securityFeaturesMock,
augmentedComplianceFeatures: complianceFeaturesMock,
secureVulnerabilityTraining: false,
});
});
it('renders correct amount of tabs', () => {
expect(findTabs()).toHaveLength(2);
});
it('does not render the vulnerability-management tab', () => {
expect(wrapper.findByTestId('vulnerability-management-tab').exists()).toBe(false);
});
});
});