Service Account Creation Flow (!73896) · Merge requests · GitLab.org / GitLab

Sri Rang requested to merge incubation_5mp_google_cloud_backend_new_service_account into master Nov 07, 2021

What does this MR do and why?

This MR introduces the backend for the create GCP service account flow. The service accounts (sub)controller is introduced with two routes. Index renders the data for the Vue for component and Create handles form post. Both routes are behind the Google OAuth2 flow.

This commit's antecedents can be traced back to !71420 (closed) which is being split up into smaller MRs given its size.

Changes introduced:

BaseController for all google_cloud requests
- GoogleCloudController extends BaseController
ServiceAccountsController
- Perform Google OAuth2 on access
- Flash alert on decline
ServiceAccounts # index renders ID placeholder to show form
- User's GCP projects are fetched
- If cloudresourcemanager API is enabled, else alert user
  - Alert if no GCP projects found for user
- Render gcp_projects and project environments for vue component
ServiceAccounts # create creates service accounts
- If iam API is enabled, else alert user
- Receives selected GCP project and Environment from form submission
- Creates service account and service account key
- Stores GCP project id, service account and key as project CI vars
- Redirect to project/google_cloud main page

Reviewing this MR

You have two options:

Review the code
Review the code and test the functionality

Reviewing the code is easy, local setup is not required.

To review the functionality, several steps need to be taken to configure your local GDK.

Local Setup

1. Use a proper TLD

This feature integrates with Google OAuth2
Callback URLs need to be registered via the GCP console
Google will not accept gdk.test, you will need a proper TLD
- I use local-gitlab.com
Setup your GDK for such a domain, update your /etc/hosts and possibly Nginx if used to proxy the GDK port

2. Setup Google Cloud

Follow the instructions here: https://docs.gitlab.com/ee/integration/google.html
For the GCP project that is used for OAuth2
- Enable cloudresourcemanager API
- Enable iam API

3. Configure GDK for Google OAuth2

Update gdk.yml and add the Google OAuth2 config

---
hostname: local-gitlab.com
omniauth:
  google_oauth2:
    client_id: {google_oauth_client_id}
    client_secret: {google_oauth_client_secret}

or, use the CLI to do the same

$ gdk config set omniauth.google_oauth2.client_id '..'
$ gdk config set omniauth.google_oauth2.client_secret '..'

or, another option is to update the gdk/gitlab/config/gitlab.yml with google_oauth details
then run: gdk reconfigure

4. Enable Feature Flag

Enable feature flag incubation_5mp_google_cloud

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Nov 15, 2021 by Sri Rang

Service Account Creation Flow