Setup GitLab for Jira app OAuth
Production Change
Change Summary
This sets up an OAuth application and store the ID in a setting. This will enable us to activate the jira_connect_oauth feature on Gitlab.com.
The feature is for the GitLab.com for Jira Cloud app. The app is served from GitLab.com and rendered in an iframe on Jira. Some cookies are restricted in iframes, so we need to have a way for users to log in without using cookies. To fix this we want to use OAuth. The change described here will set up the OAuth application and expose it to the frontend via an application setting. This issue has more details about the feature.
We are planning to roll this feature out on GitLab.com first and then make it available to self-managed as well. Self-managed admins will have to go through the same steps as in this change request. I've created an issue to make sure this will be added to the documentation.
Change Details
- Services Impacted - ServiceGitLab Rails
- Change Technician -
- Change Reviewer - @stanhu
- Time tracking - 5
- Downtime Component - No
Detailed steps for the change
Change Steps - steps to take to execute the change
*Estimated Time to Complete 5mins
-
Set label changein-progress /label ~change::in-progress
-
Activate the jira_connect_oauth
feature for your user by either:- run
/chatops run feature set --user=<your-username> jira_connect_oauth true
on Slack - run
Feature.enable(:jira_connect_oauth, User.find_by_username('<your-username>'))
on the Rails console
- run
-
Go to https://gitlab.com/admin/applications -
Click New Application -
Fill the fields - Name: 'GitLab for Jira App'
- Redirect URI: 'https://gitlab.com/-/jira_connect/oauth_callbacks'
-
Scopes:
api
- Make sure Trusted and Confidential are not selected
-
Click Save Application -
Copy Application ID -
Go to https://gitlab.com/admin/application_settings/general
-
Expand GitLab for Jira App -
Paste the Application ID -
Click Save changes -
Set label changecomplete /label ~change::complete
Rollback
Rollback steps - steps to be taken in the event of a need to rollback this change
Estimated Time to Complete (mins) - Estimated Time to Complete in Minutes
-
Enable the jira_connect_oauth
feature if not already enabled for your user by either:- run
/chatops run feature set --user=<your-username> jira_connect_oauth true
on Slack - run
Feature.enable(:jira_connect_oauth, User.find_by_username('<your-username>'))
on the Rails console
- run
-
Go to https://gitlab.com/admin/application_settings/general
-
Expand GitLab for Jira App -
Clear the Application ID field -
Click Save changes -
Go to https://gitlab.com/admin/applications -
Locate the App named 'GitLab for Jira App' -
Click Destroy -
Set label changeaborted /label ~change::aborted
Monitoring
Key metrics to observe
No change is expected because the feature is behind a feature flag that is not enabled.
- Metric: Metric Name
- Location: Dashboard URL
- What changes to this metric should prompt a rollback: Describe Changes
Change Reviewer checklist
-
Check if the following applies: - The scheduled day and time of execution of the change is appropriate.
- The change plan is technically accurate.
- The change plan includes estimated timing values based on previous testing.
- The change plan includes a viable rollback plan.
- The specified metrics/monitoring dashboards provide sufficient visibility for the change.
-
Check if the following applies: - The complexity of the plan is appropriate for the corresponding risk of the change. (i.e. the plan contains clear details).
- The change plan includes success measures for all steps/milestones during the execution.
- The change adequately minimizes risk within the environment/service.
- The performance implications of executing the change are well-understood and documented.
- The specified metrics/monitoring dashboards provide sufficient visibility for the change.
- If not, is it possible (or necessary) to make changes to observability platforms for added visibility?
- The change has a primary and secondary SRE with knowledge of the details available during the change window.
- The labels blocks deployments and/or blocks feature-flags are applied as necessary
Change Technician checklist
-
Check if all items below are complete: - The change plan is technically accurate.
- This Change Issue is linked to the appropriate Issue and/or Epic
- Change has been tested in staging and results noted in a comment on this issue.
- A dry-run has been conducted and results noted in a comment on this issue.
- For C1 and C2 change issues, the change event is added to the GitLab Production calendar.
- For C1 and C2 change issues, the SRE on-call has been informed prior to change being rolled out. (In #production channel, mention
@sre-oncall
and this issue and await their acknowledgement.) - Release managers have been informed (If needed! Cases include DB change) prior to change being rolled out. (In #production channel, mention
@release-managers
and this issue and await their acknowledgment.) - There are currently no active incidents that are severity1 or severity2
- If the change involves doing maintenance on a database host, an appropriate silence targeting the host(s) should be added for the duration of the change.