Draft: Allow generation of GCP service accounts within a Project
Update
This MR, while complete, will be split into multiple MRs on the request of reviewers.
What does this MR do and why?
- Continuation of !70715 (merged)
- Implements listing and generation of GCP service accounts within the
project :: infrastructure
section - Generated service accounts and service account keys are stored as project CI variables
- Related issues:
Screenshots or screen recordings
- Demo:
- Edge cases:
- Test scenarios:
Reviewing this MR
You have two options:
- Review the code
- Review the code and test the functionality
Reviewing the code is easy, local setup is not required.
To review the functionality, several steps need to be taken to configure your local GDK.
Local Setup
1. Use a proper TLD
- This feature integrates with Google OAuth2
- Callback URLs need to be registered via the GCP console
- Google will not accept
gdk.test
, you will need a proper TLD- I use
local-gitlab.com
- I use
- Setup your GDK for such a domain, update your
/etc/hosts
and possibly Nginx if used to proxy the GDK port
2. Setup Google Cloud
- Follow the instructions here: https://docs.gitlab.com/ee/integration/google.html
- For the GCP project that is used for OAuth2
- Enable
cloudresourcemanager
API - Enable
iam
API
- Enable
3. Configure GDK for Google OAuth2
- Update
gdk.yml
and add the Google OAuth2 config--- hostname: local-gitlab.com omniauth: google_oauth2: client_id: {google_oauth_client_id} client_secret: {google_oauth_client_secret}
- or, use the CLI to do the same
$ gdk config set omniauth.google_oauth2.client_id '..' $ gdk config set omniauth.google_oauth2.client_secret '..'
- or, another option is to update the
gdk/gitlab/config/gitlab.yml
withgoogle_oauth
details - then run:
gdk reconfigure
4. Enable Feature Flag
Enable feature flag incubation_5mp_google_cloud
You should now be able to navigate to a project on your GHDK instance, select the infrastructure :: google cloud
section and see the service accounts list and generate a service account.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Sri Rang