diff options
Diffstat (limited to 'doc/integration')
-rw-r--r-- | doc/integration/bitbucket.md | 4 | ||||
-rw-r--r-- | doc/integration/datadog.md | 4 | ||||
-rw-r--r-- | doc/integration/elasticsearch.md | 2 | ||||
-rw-r--r-- | doc/integration/jenkins.md | 209 | ||||
-rw-r--r-- | doc/integration/kerberos.md | 21 | ||||
-rw-r--r-- | doc/integration/mattermost/index.md | 3 | ||||
-rw-r--r-- | doc/integration/oauth_provider.md | 2 | ||||
-rw-r--r-- | doc/integration/omniauth.md | 12 | ||||
-rw-r--r-- | doc/integration/openid_connect_provider.md | 29 | ||||
-rw-r--r-- | doc/integration/saml.md | 8 | ||||
-rw-r--r-- | doc/integration/sourcegraph.md | 45 |
11 files changed, 162 insertions, 177 deletions
diff --git a/doc/integration/bitbucket.md b/doc/integration/bitbucket.md index db7e7d74efe..2fc80aa1769 100644 --- a/doc/integration/bitbucket.md +++ b/doc/integration/bitbucket.md @@ -6,10 +6,6 @@ info: To determine the technical writer assigned to the Stage/Group associated w # Integrate your GitLab server with Bitbucket Cloud **(FREE SELF)** -NOTE: -Starting from GitLab 11.4, OmniAuth is enabled by default. If you're using an -earlier version, you must explicitly enable it. - You can set up Bitbucket.org as an OAuth 2.0 provider to use your Bitbucket.org account credentials to sign in to GitLab. You can also import your projects from Bitbucket.org. diff --git a/doc/integration/datadog.md b/doc/integration/datadog.md index 89e08d330e8..4be0089703a 100644 --- a/doc/integration/datadog.md +++ b/doc/integration/datadog.md @@ -32,9 +32,11 @@ project, group, or instance level: 1. Scroll to **Add an integration**, and select **Datadog**. 1. Select **Active** to enable the integration. 1. Specify the [**Datadog site**](https://docs.datadoghq.com/getting_started/site/) to send data to. +1. Provide your Datadog **API key**. +<!-- 1. Optional. Select **Enable logs collection** to enable logs collection for the output of jobs. ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/346339) in GitLab 14.8.) --> +<!-- TODO: uncomment the archive_trace_events field once :datadog_integration_logs_collection is rolled out. Rollout issue: https://gitlab.com/gitlab-org/gitlab/-/issues/346339 --> 1. Optional. To override the API URL used to send data directly, provide an **API URL**. Used only in advanced scenarios. -1. Provide your Datadog **API key**. 1. Optional. If you use more than one GitLab instance, provide a unique **Service** name to differentiate between your GitLab instances. 1. Optional. If you use groups of GitLab instances (such as staging and production diff --git a/doc/integration/elasticsearch.md b/doc/integration/elasticsearch.md index 8461aca8c8d..7356574a33e 100644 --- a/doc/integration/elasticsearch.md +++ b/doc/integration/elasticsearch.md @@ -478,6 +478,8 @@ The following are some available Rake tasks: | [`sudo gitlab-rake gitlab:elastic:mark_reindex_failed`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/tasks/gitlab/elastic.rake) | Mark the most recent re-index job as failed. | | [`sudo gitlab-rake gitlab:elastic:list_pending_migrations`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/tasks/gitlab/elastic.rake) | List pending migrations. Pending migrations include those that have not yet started, have started but not finished, and those that are halted. | | [`sudo gitlab-rake gitlab:elastic:estimate_cluster_size`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/tasks/gitlab/elastic.rake) | Get an estimate of cluster size based on the total repository size. | +| [`sudo gitlab-rake gitlab:elastic:enable_search_with_elasticsearch`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/tasks/gitlab/elastic.rake) | Enable advanced search with Elasticsearch. | +| [`sudo gitlab-rake gitlab:elastic:disable_search_with_elasticsearch`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/tasks/gitlab/elastic.rake) | Disables advanced search with Elasticsearch. | ### Environment variables diff --git a/doc/integration/jenkins.md b/doc/integration/jenkins.md index 822530775e5..bae52622966 100644 --- a/doc/integration/jenkins.md +++ b/doc/integration/jenkins.md @@ -4,100 +4,80 @@ group: Integrations info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Jenkins CI service **(FREE)** +# Jenkins integration **(FREE)** > [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/246756) to GitLab Free in 13.7. -From GitLab, you can trigger a Jenkins build when you push code to a repository, or when a merge -request is created. In return, the Jenkins pipeline status is shown on merge requests widgets and -on the GitLab project's home page. +You can trigger a build in Jenkins when you push code to your repository or +create a merge request in GitLab. The Jenkins pipeline status displays on merge +requests widgets and on the GitLab project's home page. -To better understand the GitLab Jenkins integration, watch the following video: +<i class="fa fa-youtube-play youtube" aria-hidden="true"></i> +For an overview of the Jenkins integration for GitLab, see +[GitLab workflow with Jira issues and Jenkins pipelines](https://youtu.be/Jn-_fyra7xQ). -- [GitLab workflow with Jira issues and Jenkins pipelines](https://youtu.be/Jn-_fyra7xQ) +Use the Jenkins integration when: -Use the Jenkins integration with GitLab when: - -- You plan to migrate your CI from Jenkins to [GitLab CI/CD](../ci/index.md) in the future, but -need an interim solution. -- You're invested in [Jenkins Plugins](https://plugins.jenkins.io/) and choose to keep using Jenkins -to build your apps. - -For a real use case, read the blog post [Continuous integration: From Jenkins to GitLab using Docker](https://about.gitlab.com/blog/2017/07/27/docker-my-precious/). - -Moving from a traditional CI plug-in to a single application for the entire software development -life cycle can decrease hours spent on maintaining toolchains by 10% or more. For more details, see -the ['GitLab vs. Jenkins' comparison page](https://about.gitlab.com/devops-tools/jenkins-vs-gitlab/). +- You plan to migrate your CI from Jenkins to [GitLab CI/CD](../ci/index.md) + in the future, but need an interim solution. +- You're invested in [Jenkins plugins](https://plugins.jenkins.io/) and choose + to keep using Jenkins to build your apps. NOTE: -This documentation focuses only on how to **configure** a Jenkins *integration* with +This documentation focuses only on how to configure a Jenkins *integration* with GitLab. Learn how to set up Jenkins [on your local machine](../development/integrations/jenkins.md) -in our developer documentation, and how to **migrate** from Jenkins to GitLab CI/CD in our +in the developer documentation, and how to migrate from Jenkins to GitLab CI/CD in the [Migrating from Jenkins](../ci/migration/jenkins.md) documentation. -## Configure GitLab integration with Jenkins - -The GitLab Jenkins integration requires installation and configuration in both GitLab and Jenkins. -In GitLab, you need to grant Jenkins access to the relevant projects. In Jenkins, you need to -install and configure several plugins. - -### GitLab requirements - -- [Grant Jenkins permission to GitLab project](#grant-jenkins-access-to-gitlab-project) -- [Configure GitLab API access](#configure-gitlab-api-access) -- [Configure the GitLab project](#configure-the-gitlab-project) - -### Jenkins requirements +The Jenkins integration requires configuration in both GitLab and Jenkins. -- [Configure the Jenkins server](#configure-the-jenkins-server) -- [Configure the Jenkins project](#configure-the-jenkins-project) +## Grant Jenkins access to the GitLab project -## Grant Jenkins access to GitLab project - -Grant a GitLab user access to the select GitLab projects. +Grant a GitLab user access to the relevant GitLab projects. 1. Create a new GitLab user, or choose an existing GitLab user. This account is used by Jenkins to access the GitLab projects. We recommend creating a GitLab user for only this purpose. If you use a person's account, and their account is deactivated or - deleted, the GitLab-Jenkins integration stops working. + deleted, the Jenkins integration stops working. 1. Grant the user permission to the GitLab projects. - If you're integrating Jenkins with many GitLab projects, consider granting the user the global - Administrator role. Otherwise, add the user to each project, and grant the Developer role. + If you're integrating Jenkins with many GitLab projects, consider granting the + user the administrator access level. Otherwise, add the user to each project + and grant the Developer role. -## Configure GitLab API access +## Grant Jenkins access to the GitLab API -Create a personal access token to authorize Jenkins' access to GitLab. +Create a personal access token to authorize Jenkins to access GitLab. 1. Sign in to GitLab as the user to be used with Jenkins. -1. In the top-right corner, select your avatar. +1. On the top bar, in the top right corner, select your avatar. 1. Select **Edit profile**. 1. On the left sidebar, select **Access Tokens**. -1. Create a personal access token with the **API** scope checkbox checked. For more details, see - [Personal access tokens](../user/profile/personal_access_tokens.md). -1. Record the personal access token's value, because it's required in [Configure the Jenkins server](#configure-the-jenkins-server) section. +1. Create a [personal access token](../user/profile/personal_access_tokens.md) and + select the **API** scope. +1. Copy the personal access token. You need it to [configure the Jenkins server](#configure-the-jenkins-server). ## Configure the Jenkins server Install and configure the Jenkins plugin. The plugin must be installed and configured to authorize the connection to GitLab. -1. On the Jenkins server, go to **Manage Jenkins > Manage Plugins**. +1. On the Jenkins server, select **Manage Jenkins > Manage Plugins**. 1. Install the [Jenkins GitLab Plugin](https://wiki.jenkins.io/display/JENKINS/GitLab+Plugin). -1. Go to **Manage Jenkins > Configure System**. -1. In the **GitLab** section, check the **Enable authentication for '/project' end-point** checkbox. -1. Click **Add**, then choose **Jenkins Credential Provider**. -1. Choose **GitLab API token** as the token type. -1. Enter the GitLab personal access token's value in the **API Token** field and click **Add**. -1. Enter the GitLab server's URL in the **GitLab host URL** field. -1. Click **Test Connection**, ensuring the connection is successful before proceeding. - -For more information, see GitLab Plugin documentation about -[Jenkins-to-GitLab authentication](https://github.com/jenkinsci/gitlab-plugin#jenkins-to-gitlab-authentication). +1. Select **Manage Jenkins > Configure System**. +1. In the **GitLab** section, select **Enable authentication for '/project' end-point**. +1. Select **Add**, then choose **Jenkins Credential Provider**. +1. Select **GitLab API token** as the token type. +1. Enter the GitLab personal access token's value in **API Token** and select **Add**. +1. Enter the GitLab server's URL in **GitLab host URL**. +1. To test the connection, select **Test Connection**. -![Jenkins GitLab plugin configuration](img/jenkins_gitlab_plugin_config.png) + ![Jenkins plugin configuration](img/jenkins_gitlab_plugin_config.png) + +For more information, see +[Jenkins-to-GitLab authentication](https://github.com/jenkinsci/gitlab-plugin#jenkins-to-gitlab-authentication). ## Configure the Jenkins project @@ -105,15 +85,15 @@ Set up the Jenkins project you intend to run your build on. 1. On your Jenkins instance, go to **New Item**. 1. Enter the project's name. -1. Choose between **Freestyle** or **Pipeline** and click **OK**. - We recommend a Freestyle project, because the Jenkins plugin updates the build status on - GitLab. In a Pipeline project, you must configure a script to update the status on GitLab. -1. Choose your GitLab connection from the dropdown. -1. Check the **Build when a change is pushed to GitLab** checkbox. -1. Check the following checkboxes: +1. Select **Freestyle** or **Pipeline** and select **OK**. + We recommend a Freestyle project, because the Jenkins plugin updates the build status on + GitLab. In a Pipeline project, you must configure a script to update the status on GitLab. +1. Choose your GitLab connection from the dropdown list. +1. Select **Build when a change is pushed to GitLab**. +1. Select the following checkboxes: - **Accepted Merge Request Events** - **Closed Merge Request Events** -1. Specify how build status is reported to GitLab: +1. Specify how the build status is reported to GitLab: - If you created a **Freestyle** project, in the **Post-build Actions** section, choose **Publish build status to GitLab**. - If you created a **Pipeline** project, you must use a Jenkins Pipeline script to update the status on @@ -143,39 +123,49 @@ Set up the Jenkins project you intend to run your build on. Configure the GitLab integration with Jenkins in one of the following ways. -### Recommended Jenkins integration +### Configure a Jenkins integration (recommended) GitLab recommends this approach for Jenkins integrations because it is easier to configure -than the [webhook integration](#webhook-integration). +than the [webhook integration](#configure-a-webhook). -1. Create a new GitLab project or choose an existing one. -1. Go to **Settings > Integrations**, then select **Jenkins CI**. -1. Turn on the **Active** toggle. +1. On the top bar, select **Menu > Projects** and find your project. +1. On the left sidebar, select **Settings > Integrations**. +1. Select **Jenkins**. +1. Select the **Active** checkbox. 1. Select the events you want GitLab to trigger a Jenkins build for: - Push - Merge request - Tag push -1. Enter the **Jenkins URL**. +1. Enter the **Jenkins server URL**. 1. Enter the **Project name**. The project name should be URL-friendly, where spaces are replaced with underscores. To ensure the project name is valid, copy it from your browser's address bar while viewing the Jenkins project. -1. Enter the **Username** and **Password** if your Jenkins server requires - authentication. -1. Click **Test settings and save changes**. GitLab tests the connection to Jenkins. +1. If your Jenkins server requires + authentication, enter the **Username** and **Password**. +1. To test the connection to Jenkins, select **Test settings**. +1. Select **Save changes**. -### Webhook integration +### Configure a webhook If you are unable to provide GitLab with your Jenkins server login, you can use this option to integrate GitLab and Jenkins. -1. In the configuration of your Jenkins job, in the GitLab configuration section, click **Advanced**. -1. Click the **Generate** button under the **Secret Token** field. -1. Copy the resulting token, and save the job configuration. +1. In the configuration of your Jenkins job, in the GitLab configuration section, select **Advanced**. +1. Under **Secret Token**, select **Generate**. +1. Copy the token, and save the job configuration. 1. In GitLab, create a webhook for your project, enter the trigger URL - (such as `https://JENKINS_URL/project/YOUR_JOB`) and paste the token in the **Secret Token** field. -1. After you add the webhook, click the **Test** button, and it should succeed. + (such as `https://JENKINS_URL/project/YOUR_JOB`) and paste the token in **Secret Token**. +1. To test the webhook, select **Test**. + +## Related topics + +- For a real use case, read the blog post + [Continuous integration: From Jenkins to GitLab using Docker](https://about.gitlab.com/blog/2017/07/27/docker-my-precious/). +- See the ['GitLab vs. Jenkins' comparison page](https://about.gitlab.com/devops-tools/jenkins-vs-gitlab/) + for information on how moving to a single application for the entire software development + lifecycle can decrease hours spent on maintaining toolchains by 10% or more. ## Troubleshooting @@ -188,24 +178,31 @@ If you get this error message while configuring GitLab, the following are possib - The Jenkins instance is at a local address and is not included in the [GitLab installation's allowlist](../security/webhooks.md#allowlist-for-local-requests). - The credentials for the Jenkins instance do not have sufficient access or are invalid. -- The **Enable authentication for ‘/project’ end-point checkbox** is not selected in your [Jenkin's plugin configuration](#configure-the-jenkins-server). +- The **Enable authentication for ‘/project’ end-point** checkbox is not selected in your [Jenkin's plugin configuration](#configure-the-jenkins-server). ### Error in merge requests - "Could not connect to the CI server" -This integration relies on Jenkins reporting the build status back to GitLab via -the [Commit Status API](../api/commits.md#commit-status). +You might get the `Could not connect to the CI server` error if GitLab did not +receive a build status update from Jenkins via the [Commit Status API](../api/commits.md#commit-status). + +This issue occurs when Jenkins is not properly +configured or there is an error reporting the status via the API. -The error 'Could not connect to the CI server' usually means that GitLab did not -receive a build status update via the API. Either Jenkins was not properly -configured or there was an error reporting the status via the API. +To fix this issue, ensure you: -1. [Configure the Jenkins server](#configure-the-jenkins-server) for GitLab API access +1. [Configure the Jenkins server](#configure-the-jenkins-server) for GitLab API access. 1. [Configure the Jenkins project](#configure-the-jenkins-project), including the 'Publish build status to GitLab' post-build action. -### Merge Request event does not trigger a Jenkins Pipeline +### Merge request event does not trigger a Jenkins pipeline -Check [service hook logs](../user/project/integrations/overview.md#troubleshooting-integrations) for request failures or check the `/var/log/gitlab/gitlab-rails/production.log` file for messages like: +This issue can occur when the request exceeds the +[webhook timeout](../user/project/integrations/webhooks.md#webhook-fails-or-multiple-webhook-requests-are-triggered), +which is set to 10 seconds by default. + +Check the [service hook logs](../user/project/integrations/overview.md#troubleshooting-integrations) +for request failures or check the `/var/log/gitlab/gitlab-rails/production.log` +file for messages like: ```plaintext WebHook Error => Net::ReadTimeout @@ -217,30 +214,38 @@ or WebHook Error => execution expired ``` -If those are present, the request is exceeding the -[webhook timeout](../user/project/integrations/webhooks.md#webhook-fails-or-multiple-webhook-requests-are-triggered), -which is set to 10 seconds by default. - -To fix this the `gitlab_rails['webhook_timeout']` value must be increased -in the `gitlab.rb` configuration file, followed by the [`gitlab-ctl reconfigure` command](../administration/restart_gitlab.md). - -If you don't find the errors above, but do find *duplicate* entries like below (in `/var/log/gitlab/gitlab-rail`), -[webhook requests may be timing out](../user/project/integrations/webhooks.md#webhook-fails-or-multiple-webhook-requests-are-triggered): +Or check for duplicate messages in `/var/log/gitlab/gitlab-rail`, like: ```plaintext 2019-10-25_04:22:41.25630 2019-10-25T04:22:41.256Z 1584 TID-ovowh4tek WebHookWorker JID-941fb7f40b69dff3d833c99b INFO: start 2019-10-25_04:22:41.25630 2019-10-25T04:22:41.256Z 1584 TID-ovowh4tek WebHookWorker JID-941fb7f40b69dff3d833c99b INFO: start ``` +To fix this issue: + +1. Increase the `gitlab_rails['webhook_timeout']` value in the `gitlab.rb` + configuration file. +1. [Restart](../administration/restart_gitlab.md) GitLab: + + ```shell + gitlab-ctl reconfigure + ``` + ### Enable job logs in Jenkins -When troubleshooting an integration issue, it is useful to enable job logs in Jenkins to see more details about what is happening under the hood. +To troubleshoot an integration issue, you can enable job logs in Jenkins to get +more details about your builds. + To enable job logs in Jenkins: 1. Go to **Dashboard > Manage Jenkins > System Log**. 1. Select **Add new log recorder**. 1. Enter a name for the log recorder. -1. On the next screen, select **Add** and enter `org.jenkinsci.plugins.workflow.job` in the text field. +1. On the next screen, select **Add** and enter `org.jenkinsci.plugins.workflow.job`. 1. Make sure that the Log Level is **All** and select **Save**. -Now, after you run a build, you can go to the loggers page (**Dashboard > Manage Jenkins > System Log**), select your logger, and check the logs. +To view your logs: + +1. Run a build. +1. Go to **Dashboard > Manage Jenkins > System Log**. +1. Select your logger and check the logs. diff --git a/doc/integration/kerberos.md b/doc/integration/kerberos.md index 0f9bf3ba1d1..04a02b8fa68 100644 --- a/doc/integration/kerberos.md +++ b/doc/integration/kerberos.md @@ -1,6 +1,6 @@ --- stage: Manage -group: Access +group: Authentication & Authorization info: "To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments" --- @@ -9,9 +9,8 @@ info: "To determine the technical writer assigned to the Stage/Group associated GitLab can integrate with [Kerberos](https://web.mit.edu/kerberos/) as an authentication mechanism. WARNING: -GitLab CI/CD does not work with a Kerberos-enabled GitLab instance due to an unresolved -[bug in Git CLI](https://lore.kernel.org/git/YKNVop80H8xSTCjz@coredump.intra.peff.net/T/#mab47fd7dcb61fee651f7cc8710b8edc6f62983d5) -that fails to use job token authentication from the GitLab Runners. +GitLab CI/CD doesn't work with a Kerberos-enabled GitLab instance unless the integration is +[set to use a dedicated port](#http-git-access-with-kerberos-token-passwordless-authentication). ## Overview @@ -235,19 +234,23 @@ know the `libcurl` version installed, run `curl-config --version`. ### HTTP Git access with Kerberos token (passwordless authentication) -#### Support for Git before 2.4 - -Until Git version 2.4, the `git` command uses only the `negotiate` authentication +Because of [a bug in current Git versions](https://lore.kernel.org/git/YKNVop80H8xSTCjz@coredump.intra.peff.net/T/#mab47fd7dcb61fee651f7cc8710b8edc6f62983d5), +the `git` CLI command uses only the `negotiate` authentication method if the HTTP server offers it, even if this method fails (such as when the client does not have a Kerberos token). It is thus not possible to fall back -to username/password (also known as `basic`) authentication if Kerberos +to an embedded username and password (also known as `basic`) authentication if Kerberos authentication fails. For GitLab users to be able to use either `basic` or `negotiate` authentication -with older Git versions, it is possible to offer Kerberos ticket-based +with current Git versions, it is possible to offer Kerberos ticket-based authentication on a different port (for example, `8443`) while the standard port offers only `basic` authentication. +NOTE: +[Git 2.4 and later](https://github.com/git/git/blob/master/Documentation/RelNotes/2.4.0.txt#L225-L228) supports falling back to `basic` authentication if the +username and password is passed interactively or through a credentials manager. It fails to fall back when the username and password is passed as part of the URL instead. For example, +this can happen in GitLab CI/CD jobs that [authenticate with the CI/CD job token](../ci/jobs/ci_job_token.md). + **For source installations with HTTPS** 1. Edit the NGINX configuration file for GitLab diff --git a/doc/integration/mattermost/index.md b/doc/integration/mattermost/index.md index 97da971dd75..02fe0f4ea71 100644 --- a/doc/integration/mattermost/index.md +++ b/doc/integration/mattermost/index.md @@ -340,7 +340,8 @@ Below is a list of Mattermost versions for GitLab 11.10 and later: | 14.3 | 5.38 | | 14.4 | 5.39 | | 14.5 | 5.39 | -| 14.6 | 6.1 | +| 14.6 | 6.1 | +| 14.7 | 6.2 | - GitLab 14.5 remained on Mattermost 5.39 - GitLab 14.6 updates to Mattermost 6.1 instead of 6.0 diff --git a/doc/integration/oauth_provider.md b/doc/integration/oauth_provider.md index af715e47ab9..ff144d9985b 100644 --- a/doc/integration/oauth_provider.md +++ b/doc/integration/oauth_provider.md @@ -1,6 +1,6 @@ --- stage: Manage -group: Access +group: Authentication & Authorization info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- diff --git a/doc/integration/omniauth.md b/doc/integration/omniauth.md index dd51d823109..4c05f94148c 100644 --- a/doc/integration/omniauth.md +++ b/doc/integration/omniauth.md @@ -46,10 +46,6 @@ GitLab supports the following OmniAuth providers. ## Configure initial settings -NOTE: -In GitLab 11.4 and later, OmniAuth is enabled by default. If you're using an -earlier version, you must explicitly enable it. - Before you configure the OmniAuth provider, configure the settings that are common for all providers. @@ -153,7 +149,7 @@ To enable or disable an OmniAuth provider: ## Disable OmniAuth -In GitLab 11.4 and later, OmniAuth is enabled by default. However, OmniAuth only works +OmniAuth is enabled by default. However, OmniAuth only works if providers are configured and [enabled](#enable-or-disable-sign-in-with-an-omniauth-provider-without-disabling-import-sources). If OmniAuth providers are causing problems even when individually disabled, you @@ -385,3 +381,9 @@ then override the icon in one of two ways: ... } ``` + +## Limitations + +Most supported OmniAuth providers don't support Git over HTTP password authentication. +The only exception is [Atlassian Crowd](../administration/auth/crowd.md) (since GitLab [13.7](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/46935)). +As a workaround, you can authenticate using a [personal access token](../user/profile/personal_access_tokens.md). diff --git a/doc/integration/openid_connect_provider.md b/doc/integration/openid_connect_provider.md index 54d4a5b6bb7..e85231d1c25 100644 --- a/doc/integration/openid_connect_provider.md +++ b/doc/integration/openid_connect_provider.md @@ -47,20 +47,19 @@ The following user information is shared with clients: | Claim | Type | Description | |:-----------------|:----------|:------------| -| `sub` | `string` | The ID of the user -| `sub_legacy` | `string` | An opaque token that uniquely identifies the user<br><br>**Deprecation notice:** this token isn't stable because it's tied to the Rails secret key base, and is provided only for migration to the new stable `sub` value available from GitLab 11.1 -| `auth_time` | `integer` | The timestamp for the user's last authentication -| `name` | `string` | The user's full name -| `nickname` | `string` | The user's GitLab username -| `email` | `string` | The user's email address<br>This is the user's *primary* email address if the application has access to the `email` claim and the user's *public* email address otherwise -| `email_verified` | `boolean` | Whether the user's email address was verified -| `website` | `string` | URL for the user's website -| `profile` | `string` | URL for the user's GitLab profile -| `picture` | `string` | URL for the user's GitLab avatar -| `groups` | `array` | Paths for the groups the user is a member of, either directly or through an ancestor group. -| `groups_direct` | `array` | Paths for the groups the user is a direct member of. -| `https://gitlab.org/claims/groups/owner` | `array` | Names of the groups the user is a direct member of with Owner role -| `https://gitlab.org/claims/groups/maintainer` | `array` | Names of the groups the user is a direct member of with Maintainer role -| `https://gitlab.org/claims/groups/developer` | `array` | Names of the groups the user is a direct member of with Developer role +| `sub` | `string` | The ID of the user | +| `auth_time` | `integer` | The timestamp for the user's last authentication | +| `name` | `string` | The user's full name | +| `nickname` | `string` | The user's GitLab username | +| `email` | `string` | The user's email address<br>This is the user's *primary* email address if the application has access to the `email` claim and the user's *public* email address otherwise | +| `email_verified` | `boolean` | Whether the user's email address was verified | +| `website` | `string` | URL for the user's website | +| `profile` | `string` | URL for the user's GitLab profile | +| `picture` | `string` | URL for the user's GitLab avatar | +| `groups` | `array` | Paths for the groups the user is a member of, either directly or through an ancestor group. | +| `groups_direct` | `array` | Paths for the groups the user is a direct member of. | +| `https://gitlab.org/claims/groups/owner` | `array` | Names of the groups the user is a direct member of with Owner role | +| `https://gitlab.org/claims/groups/maintainer` | `array` | Names of the groups the user is a direct member of with Maintainer role | +| `https://gitlab.org/claims/groups/developer` | `array` | Names of the groups the user is a direct member of with Developer role | The claims `sub`, `sub_legacy`, `email`, `email_verified` and `groups_direct` are included in the ID token. All other claims are available from the `/oauth/userinfo` endpoint used by OIDC clients. diff --git a/doc/integration/saml.md b/doc/integration/saml.md index 70d6932b9eb..61d09b4e173 100644 --- a/doc/integration/saml.md +++ b/doc/integration/saml.md @@ -1,6 +1,6 @@ --- stage: Manage -group: Access +group: Authentication & Authorization info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments type: reference --- @@ -917,8 +917,10 @@ You may also find the [SAML Tracer](https://addons.mozilla.org/en-US/firefox/add ### Invalid audience This error means that the IdP doesn't recognize GitLab as a valid sender and -receiver of SAML requests. Make sure to add the GitLab callback URL to the approved -audiences of the IdP server. +receiver of SAML requests. Make sure to: + +- Add the GitLab callback URL to the approved audiences of the IdP server. +- Avoid trailing whitespace in the `issuer` string. ### Missing claims, or `Email can't be blank` errors diff --git a/doc/integration/sourcegraph.md b/doc/integration/sourcegraph.md index 6f0027aedc7..b2e5f7b4b7d 100644 --- a/doc/integration/sourcegraph.md +++ b/doc/integration/sourcegraph.md @@ -7,8 +7,13 @@ type: reference, how-to # Sourcegraph integration **(FREE)** -> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/16556) in GitLab 12.5. -> - Note that this integration is in BETA and deployed [behind a feature flag](#enable-the-sourcegraph-feature-flag) disabled by default. Self-managed instances can opt to enable it. +> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/16556) in GitLab 12.5 [with a flag](../administration/feature_flags.md) named `sourcegraph`. Disabled by default. +> - Enabled on GitLab.com in GitLab 12.5. +> - [Enabled on self-managed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/73116) in GitLab 14.8. + +FLAG: +On self-managed GitLab, by default this feature is available. To hide the feature, ask an administrator to [disable the feature flag](../administration/feature_flags.md) named `sourcegraph`. +On GitLab.com, this feature is available for public projects only. [Sourcegraph](https://sourcegraph.com) provides code intelligence features, natively integrated into the GitLab UI. @@ -26,41 +31,9 @@ you can choose to enable Sourcegraph [through your user preferences](#enable-sou ## Set up for self-managed GitLab instances **(FREE SELF)** Before you can enable Sourcegraph code intelligence in GitLab you must: +configure a Sourcegraph instance with your GitLab instance as an external service. -- Enable the `sourcegraph` feature flag for your GitLab instance. -- Configure a Sourcegraph instance with your GitLab instance as an external service. - -### Enable the Sourcegraph feature flag - -NOTE: -If you are running a self-managed instance, the Sourcegraph integration is unavailable -unless the feature flag `sourcegraph` is enabled. This can be done from the Rails console -by instance administrators. - -Use these commands to start the Rails console: - -```shell -# Omnibus GitLab -gitlab-rails console - -# Installation from source -cd /home/git/gitlab -sudo -u git -H bin/rails console -e production -``` - -Then run the following command to enable the feature flag: - -```ruby -Feature.enable(:sourcegraph) -``` - -You can also enable the feature flag only for specific projects with: - -```ruby -Feature.enable(:sourcegraph, Project.find_by_full_path('my_group/my_project')) -``` - -### Set up a self-managed Sourcegraph instance +### Set up a self-managed Sourcegraph instance **(FREE SELF)** If you are new to Sourcegraph, head over to the [Sourcegraph installation documentation](https://docs.sourcegraph.com/admin) and get your instance up and running. |