Use #persisted_environment for agent impersonation (!88666) · Merge requests · GitLab.org / GitLab

Hordur Freyr Yngvason requested to merge use-persisted-environment-for-agent-impersonation into master May 26, 2022

What does this MR do and why?

We were using #deployment, but this is not present for non-deployment jobs that don't have access to the environment.

Screenshots or screen recordings

N/A

How to set up and validate locally

In your GDK, in any project, create an agent under Infrastructure > Kubernetes (you can skip installing it in a cluster), and then create a pipeline from the following .gitlab-ci.yml:

test:
  environment:
    name: test
    action: stop
  image: 
    name: bitnami/kubectl
    entrypoint: [""]
  script:
    - sleep 1000

Then, in your rails console, grab the job's token:

Ci::Build.last.token

Set it to $TOKEN and call the API:

curl --header "JOB-TOKEN: $TOKEN" 'https://gdk.test:3000/api/v4/job/allowed_agents'

The response should include

{ "environment":{"slug":"test"}, ... }

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited May 31, 2022 by Hordur Freyr Yngvason

Use #persisted_environment for agent impersonation

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports