Provision a new instance-wide OAuth Application on GitLab.com for GitLab VS Code Extension

Production Change

Change Summary

This change adds an instance-wide OAuth app to gitlab.com production so that users of the GitLab VS Code Extension can log in using OAuth2.0

Change Details

  1. Services Impacted - Production gitlab.com (I didn't find the services list in the handbook)
  2. Change Technician - DRI for the execution of this change
  3. Change Reviewer - DRI for the review of this change
  4. Time tracking - Time, in minutes, needed to execute all change steps, including rollback
  5. Downtime Component - If there is a need for downtime, include downtime estimate here

Detailed steps for the change

Pre-Change Steps - steps to be completed before execution of the change

Estimated Time to Complete (mins) - 5

Change Steps - steps to take to execute the change

Estimated Time to Complete (mins) - 10

  • On the top bar, select Menu > Admin.
  • On the left sidebar, select Applications.
  • Select New application.
  • Set up the new application

    • Set name to "GitLab Workflow VS Code Extension"

    • Put these two lines in the Redirect URI text area:

      vscode://gitlab.gitlab-workflow/authentication
vscode-insiders://gitlab.gitlab-workflow/authentication

    • Disable the "Confidential" option

    • Ensure the "Expire Access Tokens" option is selected

    • Enable scopes api and read_user

    • For reference, your new application form should look like this: Screenshot_2022-04-19_at_14.35.04

  • Set label changecomplete on this issue

Post-Change Steps - steps to take to verify the change

Estimated Time to Complete (mins) - 5

  • share the application ID with @viktomas - this is not a secret and can be shared over slack (slack handle @Tomas Vik
    • the secret would be nice-to-have, but I don't want to go through the hustle of creating AR for SRE on Call to get access to the VS Code 1Password vault

Rollback

Rollback steps - steps to be taken in the event of a need to rollback this change

Estimated Time to Complete (mins) - 5

  • On the top bar, select Menu > Admin.
  • On the left sidebar, select Applications.
  • In "Your Applications" section, locate the "GitLab Workflow VS Code Extension" and click the "Delete" button.

Monitoring

Key metrics to observe

  • Metric: Metric Name
    • Location: Dashboard URL
    • What changes to this metric should prompt a rollback: Describe Changes

Change Reviewer checklist

C4 C3 C2 C1:

  • The scheduled day and time of execution of the change is appropriate.
  • The change plan is technically accurate.
  • The change plan includes estimated timing values based on previous testing.
  • The change plan includes a viable rollback plan.
  • The specified metrics/monitoring dashboards provide sufficient visibility for the change.

C2 C1:

  • The complexity of the plan is appropriate for the corresponding risk of the change. (i.e. the plan contains clear details).
  • The change plan includes success measures for all steps/milestones during the execution.
  • The change adequately minimizes risk within the environment/service.
  • The performance implications of executing the change are well-understood and documented.
  • The specified metrics/monitoring dashboards provide sufficient visibility for the change. - If not, is it possible (or necessary) to make changes to observability platforms for added visibility?
  • The change has a primary and secondary SRE with knowledge of the details available during the change window.

Change Technician checklist

  • This issue has a criticality label (e.g. C1, C2, C3, C4) and a change-type label (e.g. changeunscheduled, changescheduled) based on the Change Management Criticalities.
  • This issue has the change technician as the assignee.
  • Pre-Change, Change, Post-Change, and Rollback steps and have been filled out and reviewed.
  • This Change Issue is linked to the appropriate Issue and/or Epic
  • Necessary approvals have been completed based on the Change Management Workflow.
  • Change has been tested in staging and results noted in a comment on this issue.
  • A dry-run has been conducted and results noted in a comment on this issue.
  • SRE on-call has been informed prior to change being rolled out. (In #production channel, mention @sre-oncall and this issue and await their acknowledgement.)
  • Release managers have been informed (If needed! Cases include DB change) prior to change being rolled out. (In #production channel, mention @release-managers and this issue and await their acknowledgment.)
  • There are currently no active incidents.
  • If the change involves doing maintenance on a database host, an appropriate silence targeting the host(s) should be added for the duration of the change.
Edited by Igor