Put groups_direct field in CI JWT tokens behind feature flag
What does this MR do and why?
This backports !161075 (merged) to 17-1-stable-ee
.
In GitLab 16.11 !146881 (merged)
introduced the groups_direct
fields for CI JWT tokens used in the
Vault integration. However, since JWT tokens are often sent in the
Authorization
HTTP header, the addition of the groups_direct
field
can cause the header to exceed the maximum allowed header size of
Web/proxy servers.
To avoid this issue, put this groups_direct
field behind a
ci_jwt_groups_direct
feature flag while we figure out the best way
to handle this.
Relates to #467253 (closed)
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
This MR is backporting a bug fix, documentation update, or spec fix, previously merged in the default branch. -
The MR that fixed the bug on the default branch has been deployed to GitLab.com (not applicable for documentation or spec changes). -
This MR has a severity label assigned (if applicable). -
Set the milestone of the merge request to match the target backport branch version. -
This MR has been approved by a maintainer (only one approval is required). -
Ensure the e2e:package-and-test-ee
job has either succeeded or been approved by a Software Engineer in Test.
Note to the merge request author and maintainer
If you have questions about the patch release process, please:
- Refer to the patch release runbook for engineers and maintainers for guidance.
- Ask questions on the
#releases
Slack channel (internal only).
Merge request reports
Activity
assigned to @stanhu
changed milestone to %17.3
added bugfunctional typebug labels
added devopsgovern grouppipeline security sectionsec labels
added typefeature label and removed typebug label
removed bugfunctional label
added pipelinetier-1 label
- A deleted user
added backend documentation feature flag labels
2 Warnings Backporting to older releases requires an exception request process The e2e:package-and-test-ee
job needs to succeed or have approval from a Software Engineer in Test.
Read the "QA e2e:package-and-test-ee" section for more details.1 Message This merge request adds or changes documentation files. A review from the Technical Writing team before you merge is recommended. Reviews can happen after you merge. Documentation review
The following files require a review from a technical writer:
-
doc/ci/secrets/id_token_authentication.md
(Link to current live version)
The review does not need to block merging this merge request. See the:
-
Metadata for the
*.md
files that you've changed. The first few lines of each*.md
file identify the stage and group most closely associated with your docs change. - The Technical Writer assigned for that stage and group.
- Documentation workflows for information on when to assign a merge request for review.
Reviewer roulette
Category Reviewer Maintainer backend @ahegyi
(UTC+2, 9 hours ahead of author)
@brytannia
(UTC+2, 9 hours ahead of author)
Please check reviewer's status!
Please refer to documentation page for guidance on how you can benefit from the Reviewer Roulette, or use the GitLab Review Workload Dashboard to find other available reviewers.
QA
e2e:package-and-test-ee
@stanhu, the
package-and-test
job must complete before merging this merge request.*If there are failures on the
package-and-test
pipeline, ping your team's associated Software Engineer in Test (SET) to confirm the failures are unrelated to the merge request. If there's no SET assigned, ask for assistance on the#test-platform
Slack channel.If needed, you can retry the
danger-review
job that generated this comment.Generated by
Danger-
E2E Test Result Summary
allure-report-publisher
generated test report!e2e-package-and-test:
test report for 02494534expand test summary
+-------------------------------------------------------------+ | suites summary | +--------+--------+--------+---------+-------+-------+--------+ | | passed | failed | skipped | flaky | total | result | +--------+--------+--------+---------+-------+-------+--------+ | Govern | 162 | 0 | 14 | 6 | 176 | ✅ | | Plan | 8 | 0 | 0 | 0 | 8 | ✅ | | Create | 8 | 0 | 0 | 0 | 8 | ✅ | +--------+--------+--------+---------+-------+-------+--------+ | Total | 178 | 0 | 14 | 6 | 192 | ✅ | +--------+--------+--------+---------+-------+-------+--------+
added bugfunctional typebug labels and removed typefeature label
added grouppipeline execution label and removed grouppipeline security label
requested review from @mc_rocha
changed milestone to %17.1
added pipeline:mr-approved label