Skip to content

Restrict non saas Cdot requests

Kiesha Hermanrequested to merge
573909-restrict-sm-cdot-requests into master

What does this MR do and why?

Self managed and dedicated environments are not authorized to access CDot. As a result, when requests are made a 401 error is returned. This MR restricts subscription portal requests to Saas only environment unless explicitly disabled.

References

Screenshots or screen recordings

How to set up and validate locally

Currently there are safeguards in the UI from hitting the CDot endpoint. Easiest validation test:

  1. Set your local environment up in self-managed GITLAB_SIMULATE_SAAS=0
  2. Jump into the rails console with: bundle exec rails c
  3. Enter: Gitlab::SubscriptionPortal::Client.namespace_trial_types (or any other method from ee/lib/gitlab/subscription_portal/clients/rest.rb
  4. Observe this error: => {"success"=>false, "data"=>{"errors"=>"Subscription portal requests disabled"}}

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #573909 (closed)

Edited by Kiesha Herman

Merge request reports