Add project_visibility JWT claim (!125787) · Merge requests · GitLab.org / GitLab

Alishan Ladhani requested to merge ali/add-project-visibility-jwt-claim into master Jul 07, 2023

What does this MR do and why?

Adds a new claim called project_visibility to Ci::JwtV2. This claim will be used by Fulcio to generate certificates for keyless signing.

Related to #418810 (closed)

Screenshots or screen recordings

{
  ...
  "sha": "4e9b7dbc7e42626ca4f4676ad91f17951f97af9a",
  "project_visibility": "public",
  "ci_config_ref_uri": "gitlab.localdev:3000/gitlab-org/gitlab-shell//.gitlab-ci.yml@refs/heads/memory-limit",
  ...
}

[8] pry(main)> build.project.visibility_level
=> 20

How to set up and validate locally

build = Ci::Build.last
Gitlab::Ci::JwtV2.new(build, aud: 'my-aud', ttl: 1.hour).payload

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Jul 24, 2023 by Alishan Ladhani

Add project_visibility JWT claim

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports