Add jira_connect_proxy_url application setting
What does this MR do and why?
This is part of #372967 (closed). See !96818 (closed) for a full context MR.
When a user installs the GitLab for Jira app we receive an installed hook. It includes a JWT token that we have to verify using a public key. The public key is fetched from connect-install-keys.atlassian.com
(see lib/atlassian/jira_connect/jwt/asymmetric.rb:15).
To make the app available for self-managed users, GitLab.com will serve as a proxy. It forwards the installed hook to the self-managed instance, but generates a new JWT token. To make this work, we need to:
- Build the JWT infrastructure (!98431 (merged))
- Add a service to generate JWT tokens.
- Store the public keys with an expiry date.
- Provide an endpoint to fetch public keys.
- Allow the public key CDN URL to be configured. (This MR)
- Add an application setting that defaults to
https://connect-install-keys.atlassian.com
and can be pointed tohttps://gitlab.com/-/jira_connect/-/jira_connect/public_keys
.
- Add an application setting that defaults to
- Forward the installed event to self-managed
- Add a service that sends an installed hook to the self-managed instance when
instance_url
is updated.
- Add a service that sends an installed hook to the self-managed instance when
I explained the problem in more detail in #372967 (closed)
How to set up and validate locally
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.