Add forms for defining secrets permissions
What does this MR do and why?
For #470367 (closed).
This allows the user to add a new user, group, or role permission rule for the Secrets Manager. The users and groups that show up in the listbox are those that have been added to the project, and would therefore have access to its secrets.
For roles, Guest and Owner are removed from the list. Custom roles, will be added in a follow-up. See #503311[2c_AddRoles.png] (comment 2200418660). We also implement the following behavior for the checkboxes:
![#503311[2c_AddRoles.png] (comment 2200418660)](https://gitlab.com/gitlab-org/gitlab/-/issues/503311/designs/2c_AddRoles.png#note_2200418660){kind=link}
- All checkboxes are unchecked by default.
- When Access/Read is unchecked, the dependent permissions (Create, Edit, Delete) are disabled and cannot be selected.
- When Access/Read is checked, the dependent checkboxes become enabled, allowing users to select them as needed.
References
Partially implements #470367 (closed).
Screenshots or screen recordings
Screen_Recording_2025-07-08_at_18.08.13
How to set up and validate locally
- Set up openbao on your gdk.
- Enable the Secrets Manager on gdk.
- Add users and groups to your project so they'll show up in the dropdown later (through Manage > Members).
- Go to your project settings (Settings > General) and expand Visibility, project features, permissions to view the permissions table.
- Click on Add at the upper right dropdown to add a new user, group, or role permission.
Viewing permissions is not yet implemented, but you can verify with the following graphql:
query {
secretPermissions(projectPath: "/path/to/project") {
edges {
node {
expiredAt
grantedBy
permissions
principal {
id
type
}
project {
id
}
}
}
}
}
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.