Add Deploy Keys to the admin panel credential inventory

Problem to solve

Compliance-minded organizations require insight into the access individuals have to their systems. We're launching an inventory of PAT and SSH credentials in %12.6, which begins to provide this insight to customers. Missing still is Deploy Keys so that customers can have a more holistic view of access to their GitLab environment.

Intended users

Personas are described at https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/ -->

Further details

This is an iteration to add Deploy Keys to an existing credential inventory accessible by Administrators.

Proposal

Add Deploy Keys to the credential inventory.

Tab_group

Title Fingerprint Read-only access Read-write access Created (Actions)
Admin deploy key d2:e8:be:cf:fd:a7:b4:fd:a7:b4 sprite_icons_copy-to-clipboard.svg 2 projects 1 project 20201-01-01 edit_remove
Empty state
Preview
illustrations_empty-state_empty-deploy-keys-lg.svg

Deploy keys allow read-only or read-write (if enabled) access to your repository

Deploy keys can be used for CI, staging or production servers. You can create a deploy key or add an existing one.

Confirm

docs

Permissions and Security

Only Administrators can view this information within the Admin Panel

Implementation plan

Integration plan

backend - See !49835 (merged) for an example

  1. Create new feature flag :credentials_inventory_deploy_keys and create feature flag removal issue
  2. Create DeployKeysFinder similar to ee/app/finders/GpgKeysFinder
  3. Check that deploy keys list is enabled like Admin::CredentialsController#check_gpg_keys_list_enabled!
  4. Add deploys keys to CredentialsInventoryHelper
  5. Add deploy keys to CredentialsInventoryActions#filter_credentials
  6. Add deploy_keys to CredentialsInventoryHelper::VALID_FILTERS list
  7. Create the destroy service for deploy keys like app/services/gpg_keys/destroy_service to follow similar conventions to the revoke service
  8. Update destroy method in ee/app/controllers/concerns/credentials_inventory_actions.rb to include deploy keys and use the destroy service
  9. Add tests

frontend

  1. Remove On suffixes from column headers in the credentials inventory
  2. Add deploy keys tab to ee/app/views/shared/credentials_inventory/index.html.haml
  3. Add New Deploy Key button to tabs list when viewing deploy keys
  4. Create deploy keys HAML view in ee/app/views/shared/credentials_inventory/deploy_keys/...
  5. Add deploy keys delete modals
  6. Add tests
  7. Add QA tests
Edited by Robert Hunt