Add missing license flag check to `RemoteDevelopment::AgentConfig::UpdateService`
Implemented in MR: Add license check to Remote Development agent c... (!120221 - merged)
The following discussion from !105783 (merged) should be addressed:
-
@splattael started a discussion: (+1 comment) Suggestion (non-blocking) Since this set of services don't have
current_user
available, could we check if feature flag/license are enabled?🙏 I am aware that we are doing it in the internal API but that might be (in the future) not always the case and having such safety-net is encouraged
💪
We can do a license check, but not a feature flag check. See this comment for explanation: !105783 (comment 1379155928) :
The internal API currently doesn't even check the return values, everything is swallowed and
no_content!
is returned.This is known and there's an open issue with the gitlab-agent team.
Also, there's no applicable concept of authorization in these kubernetes internal APIs for the remote development feature, because it's in the scope of the agent. There's only authentication. This has also been discussed with the gitlab-agent team and approved with appsec.
I agree that if there were any applicable authorization to do here for defense-in-depth, that we should, but there's not, so we can't.
As for the license check, we could do a check here, but we are already doing it at the graphql/controller layer, so it seems unnecessary to add a license check and associated tests here.