Add JWT signing for internal cluster agent API

Review changes
Download
Patches
Plain diff

Thong Kuah requested to merge kas-internal-api-auth into master Aug 18, 2020

Overview 39
Commits 2
Pipelines 10
Changes 11

What does this MR do?

This ensures only gitlab-kas can make requests to the internal API, which is necessary as sensitive info is returned in response.

FYI this whole endpoint is behind a disabled feature flag (:kubernetes_agent_internal_api)

Related issue: #235910 (closed)

Screenshots

Does this MR meet the acceptance criteria?

Conformity

[-] Changelog entry as still behind feature flag
Documentation (if required)
Code review guidelines
Merge request performance guidelines
Style guides
[-] Database guides
[-] Separation of EE specific content

Availability and Testing

Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Test with gitlab-org/cluster-integration/gitlab-agent!54 (merged)

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

Label as security and @ mention @gitlab-com/gl-security/appsec
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
Security reports checked/validated by a reviewer from the AppSec team

Edited Aug 21, 2020 by Thong Kuah

Merge request reports

Assignee

Select assignees

Reviewers

Request review from

Time tracking