Rename wlif parameters to more accurate names
🐟 Context
We are currently building the support for Google Cloud services.
For the authentication part, we leveraged the workflow identity federation.
For that, we are managing several parameters that are required.
One of them has been named wlif
since the beginning but as explained here, that name is misleading.
We actually have two different things:
- The
audience
field in the credentials structure. - The
aud
(audience too😼 ) that we need to set for the tokens that are presented to the workload identity federation.
We were confused because by default, both aspects are set to the exact same value. As such, we called it the wlif
string.
To clear the confusion, we need to use more accurate names for each part:
-
identity_provider_resource_name
. (A workload identity pool has many identity providers and we need to tell the authentication which one we should use = we need the resource name). This string has a very strict format://iam.googleapis.com/projects/<project-number>/locations/global/workloadIdentityPools/<pool-id>/providers/<provider-id>
. -
target_audience
. As discussed here.
🔬 What does this MR do and why?
- Rename
wlif
toidentity_provider_resource_name
in the Google Cloud logic that builds the credentials structure. - Rename
wlif
totarget_audience
in the JWT that are sent to glgo. - Update the related specs.
While at it, I also:
- Renamed a few variables from
gcp_x
togoogle_cloud_x
as we shouldn't usegcp
. - Simplified the client classes
initialize
function by sending the project integration objects.
These changes are a refactoring that has no impact in the existing behaviors. If there is an impact that should be considered as a bug.
Lastly, the entire Google Cloud support is behind (multiple) feature flag and a saas only flag.
⚙ MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
☎ Screenshots or screen recordings
No UI changes.
⚙ How to set up and validate locally
We can re-use the past MR set ups for local validation:
Related to #440252 (closed) and https://gitlab.com/gitlab-org/gitlab/-/issues/439731