Handle bespoke integrations observe allowlist
What does this MR do and why?
This is a second MR to support allow-listing integrations through instance admin #500610 (closed).
In !172951 (merged)
most integrations observe the integration allowlist settings by virtue
of the .active scope and #active? method.
This change updates some particular integrations to observe the settings in other situations:
- Special handling of incoming communications from 3rd party integrations, like:
- The GitLab for Jira Cloud app.
- The GitLab for Slack app.
- Special handling of cached property on
project_settingsthat determines if Confluence is enabled or not.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
You can set the instance admin integrations allow list, in two ways:
- Through API calls (see below).
- You could make a local branch and merge this branch into !174617 (merged) locally to use the admin UI (see that MR for admin UI steps).
Note, when changing application settings, wait for up to 1 minute for the cache of old settings to expire.
QA Confluence integration
- Enable the confluence integration https://docs.gitlab.com/ee/user/project/integrations/confluence.html
- Verify that the link to Confluence appears in Plan section of side nav
- Ban Confluence integration using the allow list settings. The link should disappear.
- Unban Confluence using the allow list settings. Link should appear again.
QA the GitLab for Slack app integration
- Using GitPod, configure your instance with a GitLab for Slack app https://gitlab.com/gitlab-org/foundations/import-and-integrate/team/-/blob/main/integrations/slack.md
- Configure the GitLab for Slack app integration for a project https://docs.gitlab.com/ee/user/project/integrations/gitlab_slack_application.html
- Verify that the following features work:
- Slash commands work
- In your Slack app workspace, visit the "App home" Apps > GitLab, and the home view loads
- Ban GitLab for Slack app using the allow list settings. Slash commands and app home should not work.
- Unban GitLab for Slack app using the allow list settings. Both feature should work again.
QA the Jira Cloud app integration
- Using GitPod, configure your instance with the GitLab for Jira Cloud app https://docs.gitlab.com/ee/development/integrations/jira_connect.html
- Configure the GitLab for Jira Cloud app for a group https://docs.gitlab.com/ee/integration/jira/connect-app.html
- Verify that development data is synced to Jira
- Ban GitLab for Cloud app using the allow list settings. Development data should no longer sync to Jira.
- Unban GitLab for Cloud app using the allow list settings. Feature should work again.
Example API calls:
Allow all integrations:
curl --location --globoff --request PUT 'http://gdk.test:3000/api/v4/application/settings?allow_all_integrations=true' \
--header 'Authorization: Bearer <PAT>'Ban all integrations:
curl --location --globoff --request \
PUT 'http://gdk.test:3000/api/v4/application/settings?&allowed_integrations=[]&allow_all_integrations=false' \
--header 'Authorization: Bearer <PAT>'Allow only confluence integration:
curl --location --globoff --request \
PUT 'http://gdk.test:3000/api/v4/application/settings?&allowed_integrations[]=confluence&allow_all_integrations=false' \
--header 'Authorization: Bearer <PAT>'Allow only confluence and jira_cloud_app integrations:
curl --location --globoff --request \
PUT 'http://gdk.test:3000/api/v4/application/settings?&allowed_integrations[]=confluence&allowed_integrations[]=jira_cloud_app&allow_all_integrations=false' \
--header 'Authorization: Bearer <PAT>'You can use the .to_param value of any integration in these API calls, for example:
| Integration | value |
|---|---|
| GitLab for Slack app | gitlab_slack_application |
| GitLab for Jira Cloud app | jira_cloud_app |
| Confluence | confluence |
Related to #500610 (closed)