Add License checks to AgentAuthorizationsFinder (!73226) · Merge requests · GitLab.org / GitLab

Hordur Freyr Yngvason requested to merge add-licensed-agent-ci-tunnel-feature-guards into master Oct 28, 2021

What does this MR do and why?

The CI/CD tunnel's ci_user and ci_job impersonation features are EE-only, so these should only be returned when the license is available. We check the license on the CI job's project under the assumption that this project and the agent fall under the same license.

This is not a user facing change, so I have not included a changelog.

Screenshots or screen recordings

KUBECONFIG still gets populated with these changes:

How to set up and validate locally

GDK needs a runner attached, and the gitlab-k8s-agent enabled
Enable the feature flag group_authorized_agents:
```
Feature.enable(:group_authorized_agents)
```

Add an agent with configuration project gitlab-agent-testing/config with the following configuration:

# config/.gitlab/agents/first/config.yaml
ci_access:
  projects:
    - id: gitlab-agent-testing/ci-project # <-- We will run CI/CD in here

In a separate project, gitlab-agent-testing/ci-project, add the following .gitlab-ci.yml:

# .gitlab-ci.yml
test:
  image: registry.gitlab.com/gitlab-org/cluster-integration/helm-install-image/releases/3.6.3-kube-1.17.17-alpine-3.14
  script:
    - kubectl config get-contexts

View the job logs for the test job

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Oct 28, 2021 by Hordur Freyr Yngvason

Add License checks to AgentAuthorizationsFinder

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports