Skip to content

GitLab Next

Why GitLab
Pricing
Contact Sales
Explore

Sign in
Get free trial

GitLab.org
GitLab FOSS
Merge requests
!17894

Create Project Deploy Tokens to allow permanent access to repo and registry

Review changes
Download
Patches
Plain diff

Mayra Cabrera requested to merge 31591-project-deploy-tokens-to-allow-permanent-access into master Mar 20, 2018

Overview 161
Commits 22
Pipelines 36
Changes 47

What does this MR do?

Create project-based deploy tokens, to allow permanent access to repository and registry images.

Are there points in the code the reviewer needs to double check?

Ensure there aren't any loose ends regarding the implementation of Project Deploy Tokens

Why was this MR needed?

When a project is deployed to a Kubernetes cluster, it relies on a Docker image that has been pushed to the GitLab Container Registry. Kubernetes fetches this image and uses it to run the application.

If the project is public, the image can be accessed by Kubernetes without any authentication.

If the project is private/internal, the registry requires credentials to pull the image. This is actually addressed by providing CI_JOB_TOKEN as the password that can be used, but this token is temporary and no longer valid as soon as the deployment job finishes. This means that Kubernetes can run the application, but in case it should be restarted or executed somewhere else, it cannot be accessed again. This creates problems if the deployed application is something that should be available for a long term (e.g., production deployments).

By having project-based deploy tokens we can avoid the latter situation.

Screenshots (if relevant)

Deploy tokens section (with no active tokens)

Deploy tokens section (with active tokens)

Revoke modal

Does this MR meet the acceptance criteria?

Changelog entry added, if necessary
Documentation created/updated
Tests added for this feature/bug
Review
- Has been reviewed by UX
- Has been reviewed by Frontend
- Has been reviewed by Backend
- Has been reviewed by Database
Conform by the merge request performance guides
Conform by the style guides
Squashed related commits together
Internationalization required/considered
End-to-end tests pass (package-and-qa manual pipeline job)

What are the relevant issue numbers?

Closes #31591 (closed)

To do

Display new deploy token, if it's created
Implement revoke modal
Return deploy token data, if error
Feature specs
Fix js problem or open an issue about it
Implement backend logic for read_repo
Implement backend logic for read_registry

Port to EE

https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/5278

Edited Apr 07, 2018 by Kamil Trzciński

Merge request reports

Assignee

Select assignees

Reviewers

Request review from

Time tracking