Skip to content

Add GoogleCloudPlatform::WorkloadIdentityFederation integration

Imre Farkas requested to merge if-439200-wlif_integration into master

What does this MR do and why?

This MR adds a new integration GoogleCloudPlatform::WorkloadIdentityFederation.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

The integration form The integration is in the list of integrations
Screenshot_2024-02-09_at_16.56.08 Screenshot_2024-02-09_at_16.48.12

How to set up and validate locally

  1. Simulate a SaaS instance in the local GDK

  2. Enable the feature flag in the rails console:

    Feature.enable(:google_cloud_workload_identity_federation)

UI

  1. Visit Group > Settings > Integrations

  2. Choose to configure Google Cloud Identity and Access Management integration

  3. Fill the form with required field and enable the integration.

  4. The new integration should appear in the list of active integrations.

    Since we activated the integration on the group level, it'll be also activated for all projects in that group.

REST API

We could play with the new integration using project level API endpoints.

  1. Update the new Google Cloud Identity and Access Management integration

    Default settings are inherited from the group level, but Custom settings might be updated.

    curl --request PUT --header "Authorization: Bearer <gl-pat>" "http://gdk.test:3000/api/v4/projects/<project-id>/integrations/google-cloud-platform-workload-identity-federation" -H "Content-Type: application/json" -d '{"workload_identity_federation_project_id": "dmeshcharakou-920d238d", "workload_identity_federation_project_number": "917659427920", "workload_identity_pool_id": "gitlab-gcp-demo", "workload_identity_pool_provider_id": "gitlab-gcp-prod-gitlab-org", "active": false}'

  2. Retrieve the integration

    curl --header "Authorization: Bearer <gl-pat>" "http://gdk.test:3000/api/v4/projects/<project-id>/integrations/google-cloud-platform-workload-identity-federation"

  3. Deactivate the integration

    curl --request DELETE --header "Authorization: Bearer <gl-pat>" "http://gdk.test:3000/api/v4/projects/<project-id>/integrations/google-cloud-platform-workload-identity-federation"
Edited by Dzmitry (Dima) Meshcharakou

Merge request reports