Add support for organization-wide agent CI authorization
What does this MR do and why?
Add support for organization-wide agent CI authorization
Uses the newly added 'ci_access.instance' entry in the agent configuration file to allow all projects within an organization to use the agent CI tunnel.
Unlike project and group authorizations, specifying an organization is not allowed because this would create a dependency across organizations. An agent can only authorize the organization it belongs to.
This functionality is disabled by default, as it is not currently suitable for GitLab.com. To use this feature, the application setting must be enabled.
References
Database review
For the new agent_organization_authorizations table:
- Anticipated growth: Zero on GitLab.com as the feature is not available. Typically 1-5 records total on self-managed, with a maximum of one record per agent.
- Reads/writes: Zero on GitLab.com. On self-managed, one record is inserted/updated when an agent config file changes. Records are read as part of CI variable generation.
- Availability risk: None.
Finder changes:
- The query will only be executed on self-managed instances that enable the setting.
- There is a maximum of one possible record per agent, so the total number returned by the query will be low.
An example of the query that will be run once configured is https://console.postgres.ai/gitlab/gitlab-production-main/sessions/37328/commands/114216.
How to set up and validate locally
- Go to Admin -> Settings -> General, expand "GitLab agent for Kubernetes", and enable instance wide agent sharing.
- Register an agent using the following config:
ci_access: instance: {} - In an unrelated project (different top level group/namespace), run a pipeline with the following
.gitlab-ci.yml:deploy: image: name: bitnami/kubectl:latest entrypoint: [''] script: - kubectl config get-contexts - In the job output, verify the context is available for the agent created above.
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.