Skip to content

Authenticate/authorize the user access with browser cookie in Environment index page

Anna Vovchenko requested to merge 390767-authenticate-authorize-the-user-access-with-browser-cookie-in-environment-index-page into master

What does this MR do and why?

This MR adds the set_kas_cookie concern to the Environments index page to allow the GitLab frontend to authenticate/authorize the user access with browser cookie. Currently, the cookie is set only on the agent's page. But the frontend connection to the cluster happens on the Environments page. That's why we are adding the cookie to the Environments page.

Screenshots or screen recordings

Before (unauthorized) After (cookie created and authorized)
Screenshot_2023-05-06_at_14.26.57 Screenshot_2023-05-06_at_14.36.14

How to set up and validate locally

  1. Enable KAS on your GDK (steps 1-2 from the guide).

  2. Visit the Project -> Infrastructure -> Kubernetes clusters page and create an agent following the instruction from the modal.

    • Select the "Connect a cluster" button
    • The modal should pop up
    • In the modal select "Select an agent or enter a name to create new"
    • You probably won't have any configured agents to show up in the list, create a new one by typing the name of your choice
    • The button should appear at the bottom of the list saying "Create agent: <your-agent-name>"
    • Select the button and click "Register" in the next view.
    • Save the token to use it in the next point.

  3. Please follow points 3-8 from the guide and then the (Optional) Deploy the GitLab Agent (agentk) with k3d section to create a local cluster and connect your agent with the cluster.

  4. Visit Deployments -> Environments and create an environment.

  5. The feature is currently behind a feature flag. Enable it by running:

    Feature.enable(:kas_user_access)

    and

    Feature.enable(:kas_user_access_project, Project.find(<your-project-id>))

  6. Add a following configuration files inside your project: .gitlab/agents/<your-agent-name>/config.yaml:

    gitops:
  manifest_projects:
  - id: <your-group>/<your-project>
user_access:
  access_as: 
    agent: {}
  projects:
  - id: <your-group>/<your-project>

  7. Note that the backend isn't ready yet, in order to see the changes, please use the mock agent data in the agent computed of new_environment_item.vue and change it to the relevant data for your created agent:

    return {
   project: '<your-group>/<your-project>',
   id: '<agent-id>',
   name: '<agent-name>',
 };

  8. Verify the agent is authorized to show the cluster information.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Review progress:

Related to #390767 (closed)

Edited by Anna Vovchenko

Merge request reports