Obtaining an agent token
This issue is blocked by
Background
We have our Architecture as explained in our docs
The system needs to authenticate with GitLab, using a token
graph TB
agentk -- request for information with TOKEN --> kas
subgraph "GitLab"
kas[kas]
GitLabRoR[GitLab RoR] -- gRPC --> kas
kas -- request for information with TOKEN --> GitLabRoR[GitLabRoR - Check for matching TOKEN stored in database. Return project and agent_name connected to TOKEN]
end
subgraph "Kubernetes cluster"
agentk[agentk]
token[TOKEN stored in Secret Object]
end
In order to communicate, a user needs:
- A GitLab Project
- A
token
attached to a GitLab project. The Agent will use this token for authentication. - An
agent name
attached to a GitLab project. This name tellskas
where configure files are stored.
Example: I have a Project named project-1
and an agent name of myFirstAgent
. KAS will look for configuration files inside:
graph LR
subgraph "project-1"
git[.gitlab folder] --> agents[agents folder] --> name[myFirstAgent folder] --> file[config.yaml file]
end
Our docs have additional configuration information.
Issue
A user must go through the process of creating the Project, the Permissions Object, and the Token.
Right now, a user is able to create a Project. After creating the project there is no way a user can create the Permissions Object or the Token.
After the user creates the Permissions Object and Token, there is no information given on next steps or what to do with the Token.
API Needs
-
Create a GraphQl create
mutation where you can submit aproject_path
andagent_name
and create aPermissions Object
--- MR
-
Create a GraphQl create
mutation where you can submit aPermission Object ID
and create an associatedTOKEN
--- MR
-
Create a GraphQl query where you can view Permissions Objects
associated with a project --- MR -
Create a GraphQl query where you can view TOKEN IDs
associated withPermission Objects
--- MR
-
Create a GraphQl delete
mutation where you can submit aPermission Object ID
and delete the agent, plus associated tokens. --- MR
-
Create a GraphQl delete
mutation where you can submit aTOKEN ID
and delete the token. --- MR
UI Needs
- Connect the
Permissions create
mutation API to a User interface (probably a form in GitLab) - Connect the
token create
mutation API to a User interface (maybe a form or button in GitLab) - Connect the
query
API to a User interface (maybe an index page) - Connect the
Permissions delete
mutation API to a User interface (maybe a trash can icon) - Connect the
token delete
mutation API to a User interface (maybe a trash can icon) - Add instructions on how to connect a
Permissions Object
to config files and add aToken Secret Object
to a cluster.
Follow-up Issues
- Per discussion below, token values should not be editable, but being able to activate/inactivate tokens should be available. This feature does not currently exists and would need to be built out in the future.
- Look into adding a
TOKEN name
so we have something other thanTOKEN ID
to display to the customer. - Add
created_by
,comments
, and other fields to thePermissions Object
andToken
. See docs - Currently the
TOKEN
only works with one project. Investigate allowing the Permissions Object to access multiple projects (maybe permissions objecthas_many
associated_projects
?) sokas
can work similar to ourgroup clusters
andinstance clusters
. See discussion: gitlab-org/gitlab#232791 (comment 387604056) - This task is focused on creating new agents. We should have an option to edit the
Permission Objects
in the future. - Decide how to handle errors related to setup: gitlab-org/gitlab#237888 (closed)
Edited by Emily Ring