Update and select Vault Policy for JWT in GitLab
Problem to solve
Today, users have to have a deep knowledge of HashiCorp Vault, the documentation, and bound_claims in order to effectively permission the JWT authentication from GitLab to HashiCorp. This is a painful, high switching cost experience.
Intended users
User experience goal
In the CICD settings at the Group and Project level, I would like to be able to select a Vault Policy to scope my JWT for Vault authentication.
Proposal
- Connect Vault Policies to CICD Settings
- Add a "HashiCorp Vault Policies" section
- Dropdown/open url path field to select a human-readable Vault Policy for a JWT
Permissions and Security
Project-Level:
- Members with no access (0)should not be able to get to CICD settings and therefore cannot access Vault Policies
- Guest (10) members should not be able to get to CICD settings and therefore cannot access Vault Policies
- Reporter (20) members should not be able to get to CICD settings and therefore cannot access Vault Policies
- Developer (30) members should not be able to get to CICD settings and therefore cannot access Vault Policies
- Maintainer (40) members can select a Vault Policy
- Owner (50) members can select a Vault Policy
Group & Subgroup-Level:
- Members with no access (0)should not be able to get to CICD settings and therefore cannot access Vault Policies
- Guest (10) members should not be able to get to CICD settings and therefore cannot access Vault Policies
- Reporter (20) members should not be able to get to CICD settings and therefore cannot access Vault Policies
- Developer (30) members should not be able to get to CICD settings and therefore cannot access Vault Policies
- Maintainer (40) members can select a Vault Policy
- Owner (50) members can select a Vault Policy
Documentation
- Create documentation on https://docs.gitlab.com/ee/ci/examples/authenticating-with-hashicorp-vault/ under: https://docs.gitlab.com/ee/ci/examples/setting-a-hashicorp-vault-policy-in-gitlab/
What is the type of buyer?
cc @krasio