Secrets Manager - organization move

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

This issue tracks work required to enable organizations to move between different cells. This presupposes that we already are running multiple cells and that OpenBao has been updated to support moving namespaces between clusters (either via import/export or some other mechanism).

The flow proposed in https://handbook.gitlab.com/handbook/engineering/architecture/design-documents/secret_manager/#cells is as follows:

1. Org Mover initially triggers Rails to set up pre-move federation in OpenBao for the given partition.

• This talks between Cells to allow the destination Cell's OpenBao instance to federate to the existing mount on the source Cell's OpenBao cluster for the given projects & groups.

2. Org Mover migrates all relevant table data over to the destination GitLab instance.
3. Org Mover triggers Rails to finish migrating OpenBao data.

• Rails finishes the rest of the migration, transferring the subset of OpenBao data from one instance to the other.

This same procedure can also be used for splitting organizations.