Improve access control model for embedded Observability (!112021) · Merge requests · GitLab.org / GitLab

Daniele Rossetti requested to merge rossetd/goui-access-control-embed-3 into master Feb 15, 2023

What does this MR do and why?

This is the second part of the work required to improve access control to GitLab Observability features (gitlab-org/opstrace/opstrace-ui#191 (closed) + !110645 (merged))

We want to restrict embedded Observability elements to only the developers a the group. It additionally prevents embedding invalid links.

Screenshots or screen recordings

How to set up and validate locally

Setup GDK with GOUI https://gitlab.com/gitlab-org/opstrace/opstrace-ui/-/blob/main/contribute/developer-guide.md#local-gdk
Embed a link in an issue/MR description/comments with a group-id for which the user is not a developer. Note that the Observability UI is not embedded (Format of the embedded link should be "https://observe.gitlab.com/GROUP_ID/explore")

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Before Merging

Wait until !112019 (merged) and !110645 (merged) are merged

Edited Feb 15, 2023 by Daniele Rossetti

Improve access control model for embedded Observability

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Before Merging

Merge request reports