Ensure terraform_state.enabled config is respected
What does this MR do and why?
Issue: #348453 (closed)
The Terraform documentation indicates that Terraform state administration can be disabled in a GitLab instance. This can be done through the GitLab Omnibus or directly in the source as described in this section; it can also be done through the helm chart installation or the GDK.
We have found an issue where, regardless of the installation method, Terraform state administration is never disabled even if it is disabled in configuration. Further investigations show that this was because the Rails app (this repository) never considers the terraform_state.enabled
configuration anywhere.
This MR ensures that if terraform_state.enabled=false
, it is applied in the following areas:
- the State & StateVersion REST API's, which means that a Terraform job that uses GitLab as the state backend will fail
- the Project -> Infrastructure -> Terraform menu item is hidden, and its corresponding page returns a 404
Notes on the default value of the Terraform State administration config
If terraform_state.enabled
is not set, it defaults to true
. See this setting initialization.
In gprd
, the ::Gitlab.config.terraform_state.enabled
value is true
In gstg
, the ::Gitlab.config.terraform_state.enabled
value is true
Screenshots or screen recordings
true
)
Terraform State management setting is not set (defaults to Pipeline - no failures
Project -> Infrastructure -> Terraform menu item and page is accessible
true
Terraform State management setting is set to Pipeline - no failures
Project -> Infrastructure -> Terraform menu item and page is accessible
false
Terraform State management setting is set to Terraform validate job - fails
Project -> Infrastructure -> Terraform menu item is hidden
Project -> Infrastructure -> Terraform page is accessible
How to set up and validate locally
Project setup
Create a project that creates cloud resources through Terraform and the GitLab CI Pipeline.
You can use the Create a Google GKE cluster through Terraform example.
Testing
In the GitLab Rails app's config/gitlab.yml
file, find the the terraform_state.enabled
setting and set it according to the behavior you want to test. Restart the rails application to make sure the setting is applied.
If the terraform_state.enabled
is not set, or if terraform_state.enabled=true
:
- the project pipeline should run successfully
- the Project -> Infrastructure -> Terraform menu item and page should be accessible
If terraform_state.enabled=false
:
- the terraform job should fail
- the Project -> Infrastructure -> Terraform menu item should be hidden
- the Project -> Infrastructure -> Terraform page should not be accessible
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.