Add License checks to AgentAuthorizationsFinder
What does this MR do and why?
The CI/CD tunnel's ci_user
and ci_job
impersonation features are
EE-only, so these should only be returned when the license is available.
We check the license on the CI job's project under the assumption that
this project and the agent fall under the same license.
This is not a user facing change, so I have not included a changelog.
Screenshots or screen recordings
KUBECONFIG
still gets populated with these changes:
How to set up and validate locally
-
GDK needs a runner attached, and the
gitlab-k8s-agent
enabled -
Enable the feature flag
group_authorized_agents
:Feature.enable(:group_authorized_agents)
-
Add an agent with configuration project
gitlab-agent-testing/config
with the following configuration:# config/.gitlab/agents/first/config.yaml ci_access: projects: - id: gitlab-agent-testing/ci-project # <-- We will run CI/CD in here
-
In a separate project,
gitlab-agent-testing/ci-project
, add the following.gitlab-ci.yml
:# .gitlab-ci.yml test: image: registry.gitlab.com/gitlab-org/cluster-integration/helm-install-image/releases/3.6.3-kube-1.17.17-alpine-3.14 script: - kubectl config get-contexts
-
View the job logs for the
test
job
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.