Add namespace support to GitLab Secrets Manager

Alex Scheelrequested to merge
add-namespace-secrets-manager into main

What does this MR do?

Add namespace support to GitLab Secrets Manager

While secret path is correctly constructed to allow <namespace_path>/<engine_path>, authentication occurs via a different path, <namespace_path>/auth/<auth_path>/<login_path>; while commonly login_path is just "login", notably namespace and auth mount paths are on different sides of the literal string "auth/". This means the current construction (only giving control over <auth_path>) does not work for injecting namespaces from GitLab Secrets Manager into Runner's inline authentication.

We resolve this by using a single fixed (full, minus the /v1/ prefix) authentication path, while retaining two-way compatibility with older/newer GitLab Rails versions.

See also: gitlab#554281 (closed)

Signed-off-by: Alexander Scheel ascheel@gitlab.com

Why was this MR needed?

See related thread: https://gitlab.slack.com/archives/C09GSEDT50U/p1760982437184459

What's the best way to test this MR?

TBD: opening a Rails change as well.

What are the relevant issue numbers?

Follow-up to: gitlab#554281 (closed)

fyi: @ken.mcdonald @srajadas @iamricecake

Edited by Alex Scheel

Merge request reports