Group Deploy Keys - UI

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Goal

The goal here is to offer a UI for the Group Deploy Keys. This UI should be based on the existing Project Deploy Keys UI

Preparatory work made ahead of time refactored these views already. However, a Group Deploy Keys presenter class should be set up in order to complete work on this UI.

As part of this issue, Group Deploy Keys enabled for a given group should also be displayed in the Project Deploy Keys section of the projects that belong to that group.

Problem to solve

You need to add a deploy key to every project manually in order to use GitLab CI with the same deploy keys across projects. This is so the runner will get permission to clone/fetch other repositories that are internal or private.

This is not very effective, especially if you need to update your key or add a new one.

Intended users

Everyone working with GitLab CI and using the repo tool:

• Sasha (Software Developer)
• Devon (DevOps Engineer)

User experience goal

• The user should be able to configure deploy keys on the group level so they will be accessible in any child project. - Users should find it easy to locate the group deploy keys in a group.
• Ideally, users should be knowledgable about group deploy keys when being in a project context

Proposal

• Add a menu option Repository under the group sidebar Settings menu
• Add a section Deploy keys
• Group Deploy keys allow read-only or read-write (if enabled) access to your project repositories within the group.
  • Note Group deploy keys do not support protected branches unless #30769 (comment 337230547) is implemented.
• Deploy keys can be used for access to environments. You can create a group deploy key or add an existing one.
  • Note Group deploy keys do not support protected environments unless #223748 is implemented
• Project deploy keys are unique within the same instance. This means they can't be both be added in User settings > SSH keys and in a group's or project's deploy keys section.
  • This is shown with an error message similar as for project deploy keys (depicted at #14729 (comment 387842401))
• Group deploy keys inherit the same read/write access given to the key to the entire group.
• Group deploy keys are shown the same way as instance level deploy keys within a project's deploy keys context.

UI layout of Deploy keys section:

Similar to the project settings section at /settings/repository to begin with. This should ideally be moved to a similar creation flow as variables with a modal containing the creation flow.

#### Deploy Keys

Deploy keys allow read-only or read-write (if enabled) access to your group's repositories. Deploy keys can be used for CI, staging, or production servers. You can create a deploy key or add an existing one.

Create a new deploy key for this group.

Title

[FIELD]

Key

[FIELD]

Paste a machine public key here. Read more about how to generate it [here](https://gitlab.com/help/ssh/README).

* [ ] Write access allowed
      Allow this key to push to __all of this group's repositories__ as well? (Default only allows pull access.)

Deploy keys table:

[TAB][Enabled deploy keys][NUM] [TAB][Privately accessible deploy keys][NUM] [TAB][Publicly accessible deploy keys][NUM]

[HEADER][Deploy key]       [HEADER][Project usage]                                      [HEADER][Created]

[ROW]{Title}{Fingerprint}  [BADGE per Project]{Project reference}{Access level icon}    [Date]{icon:calendar}{time ago}         [ACTIONS]{Enable}{Disable}{Remove}{Edit}

Further details

Permissions and Security

Everyone who has access to Group > Settings > CI / CD should be able to add Group Deploy Keys/Tokens.

• Add expected impact to Maintainer (40) members
• Add expected impact to Owner (50) members

Documentation

Availability & Testing

What is the type of buyer?

Core or Starter

Is this a cross-stage feature?

Links / references

Parent issue: #14729 (closed)