Access controls for Pages on gitlab.com
Problem to solve
The ability to set up access control for pages was introduced in https://gitlab.com/gitlab-org/gitlab-ce/issues/33422.
There is now an infrastructure ticket to enable it in production: https://gitlab.com/gitlab-com/gl-infra/infrastructure/issues/5576. This issue represents the engineering team's work to work with the infrastructure team to ensure that happens.
- check what happens when you disable access control(@vshushlin: 404 for me locally, which is strange)
Further details
This is a great, working feature that would be valuable to users on gitlab.com as well. We need to ensure that the solution will work and be performant/not cause other issues on gitlab.com before enabling it.
Proposal
Complete infrastructure ticket and enable feature on gitlab.com.
Links / references
- Infrastructure ticket: https://gitlab.com/gitlab-com/gl-infra/infrastructure/issues/5576.
- GitLab Pages access control was introduced in https://gitlab.com/gitlab-org/gitlab-ce/issues/33422.
- Here's the Omnibus changes omnibus-gitlab!2583 (merged) and the admin docs are at https://docs.gitlab.com/ee/administration/pages/#access-control.
Designs
- Show closed items
- Issue#35247014.81Category:Fuzz Testing GitLab Ultimate Technical Writing UX devops application security testing feature enhancement frontend fuzzing coverage group dynamic analysis section sec tw finished type feature workflow production
- Issue#35246514.81auto updated devops application security testing frontend section sec
- Issue#35207314.8Category:Fuzz Testing GitLab Ultimate backend devops application security testing feature enhancement fuzzing coverage group dynamic analysis section sec type bug workflow verification
- Issue#35163214.8Category:Fuzz Testing GitLab Ultimate devops application security testing feature enhancement frontend fuzzing coverage group dynamic analysis section sec type feature workflow verification
- Issue#35153914.8Category:Fuzz Testing GitLab Ultimate devops application security testing feature enhancement frontend fuzzing coverage group dynamic analysis section sec type feature workflow verification
- Issue#35097514.82Category:Fuzz Testing GitLab Ultimate devops application security testing feature enhancement frontend fuzzing coverage group dynamic analysis section sec type feature workflow verification
- Issue#35097414.82Category:Fuzz Testing GitLab Ultimate devops application security testing feature enhancement frontend fuzzing coverage group dynamic analysis section sec type feature workflow in dev
- Issue#34901414.8Category:Fuzz Testing GitLab Ultimate devops application security testing feature flag frontend fuzzing coverage group dynamic analysis missed:14.7 section sec type feature workflow in dev
- Issue#34748314.7Category:Fuzz Testing GitLab Ultimate devops application security testing feature enhancement frontend fuzzing coverage group dynamic analysis missed:14.6 section sec type bug workflow verification
- Issue#34509014.73Category:Fuzz Testing GitLab Ultimate devops application security testing feature enhancement frontend fuzzing coverage group dynamic analysis section sec type feature workflow verification
- Issue#34508914.73Category:Fuzz Testing auto updated devops application security testing frontend group dynamic analysis section sec workflow verification
- Issue#34508814.63Category:Fuzz Testing GitLab Ultimate devops application security testing feature enhancement frontend fuzzing coverage group dynamic analysis missed:14.5 section sec type feature workflow verification
- Issue#34148614.55Category:Fuzz Testing backend devops application security testing feature addition fuzzing coverage group dynamic analysis section sec type feature
- Issue#34148514.55Category:Fuzz Testing backend devops application security testing feature addition fuzzing coverage group dynamic analysis section sec type feature
- Issue#34148914.82Category:Fuzz Testing Technical Writing backend devops application security testing documentation feature addition fuzzing coverage group dynamic analysis missed:14.6 missed:14.7 section sec tw-weight 8 type feature
- Issue#34148714.65Category:Fuzz Testing backend devops application security testing feature enhancement fuzzing coverage group dynamic analysis section sec type feature
- Issue#34258014.62Category:Fuzz Testing GitLab Ultimate devops application security testing feature enhancement frontend fuzzing coverage group dynamic analysis missed:14.5 section sec type feature workflow verification
- Issue#34258314.82Category:Fuzz Testing GitLab Ultimate devops application security testing feature enhancement frontend fuzzing coverage group dynamic analysis missed:14.6 missed:14.7 section sec type feature workflow verification
- Issue#34243314.63Category:Fuzz Testing GitLab Ultimate devops application security testing feature enhancement frontend fuzzing coverage group dynamic analysis missed:14.5 section sec type feature workflow verification
- Issue#34133814.4automation:ml devops package group package registry section ops
- Issue#34121814.6Category:Package Registry Generic Package Repository auto updated devops package fuzzing coverage group package registry missed:14.4 missed:14.5 section ops
- Epicgitlab-org#668323Dec 18, 2021 – Jan 17, 2022Category:Fuzz Testing backend devops create frontend fuzzing coverage group dynamic analysis missed:14.2 section sec
- Issue#33973214.5Category:Fuzz Testing GitLab Ultimate backend devops application security testing direction fuzzing coverage group dynamic analysis missed:14.3 missed:14.4 section sec type feature workflow in dev
- Epicgitlab-org#640647Jul 18 – Aug 17, 2021Category:Fuzz Testing Deliverable GitLab Ultimate devops application security testing frontend fuzzing coverage group dynamic analysis section sec type feature
- Issue#33494114.7Category:Fuzz Testing Technical Writing backend devops application security testing documentation fuzzing coverage group dynamic analysis missed:14.2 missed:14.3 missed:14.4 missed:14.5 missed:14.6 section sec tw-weight 5 workflow refinement
- Issue#27316914.2Category:Fuzz Testing devops application security testing fuzzing coverage group dynamic analysis missed:13.8 section sec
- Issue#32689513.113Category:Fuzz Testing Deliverable GitLab Ultimate devops application security testing direction frontend fuzzing coverage group dynamic analysis missed-deliverable missed:13.10 section sec type feature workflow in review
- Issue#32689613.112Category:Fuzz Testing Deliverable GitLab Ultimate devops application security testing direction frontend fuzzing coverage group dynamic analysis missed-deliverable missed:13.10 section sec type feature workflow in review
- Issue#32689413.111Category:Fuzz Testing Deliverable GitLab Ultimate devops application security testing direction frontend fuzzing coverage group dynamic analysis missed-deliverable missed:13.10 section sec type feature workflow verification
- Issue#28059213.112Category:Fuzz Testing Deliverable GitLab Ultimate backend devops application security testing direction fuzzing coverage group dynamic analysis section sec type feature workflow in dev
- Issue#32636113.113Category:Fuzz Testing Deliverable GitLab Ultimate backend devops application security testing direction fuzzing coverage group dynamic analysis section sec type feature workflow in dev
- Issue#32636213.112Category:Fuzz Testing Deliverable GitLab Ultimate backend devops application security testing direction fuzzing coverage group dynamic analysis section sec type feature workflow in dev
- Issue#29444413.113Category:Fuzz Testing Deliverable GitLab Ultimate devops application security testing direction frontend fuzzing coverage group dynamic analysis missed-deliverable missed:13.10 section sec type feature workflow verification
- Issue#32161814.3Category:Fuzz Testing backend devops create frontend fuzzing coverage group dynamic analysis missed:14.2 section sec
- Issue#32789714.52Category:Fuzz Testing GitLab Ultimate devops application security testing frontend fuzzing coverage group dynamic analysis section sec type feature workflow production
- Issue#32088613.103Category:Fuzz Testing GitLab Ultimate devops application security testing direction frontend fuzzing coverage group dynamic analysis section sec workflow verification
- Issue#29954413.101Category:Fuzz Testing Deferred UX Deliverable UX devops create frontend group dynamic analysis workflow in dev
- Issue#29442513.92Category:Fuzz Testing GitLab Ultimate backend devops application security testing direction frontend fuzzing coverage group dynamic analysis section sec type feature workflow production
- Issue#28059314.32Category:Fuzz Testing GitLab Ultimate backend devops application security testing direction frontend fuzzing coverage group dynamic analysis section sec type feature workflow production
- Issue#28059013.9Category:Fuzz Testing backend devops application security testing fuzzing coverage group dynamic analysis missed:13.7 section sec type feature workflow ready for development
- Issue#32841814.8Category:Fuzz Testing GitLab Ultimate devops application security testing feature flag frontend fuzzing coverage group dynamic analysis missed:14.7 section sec type feature
- Issue#29074113.10Category:Fuzz Testing Deliverable devops application security testing fuzzing coverage group dynamic analysis missed-deliverable missed:13.8 section sec workflow verification
- Issue#268004Category:Fuzz Testing GitLab Ultimate UX FY21-Q4 backend devops application security testing direction feature enhancement frontend fuzzing coverage group dynamic analysis section sec secure:refinement-backend secure:refinement-frontend type feature workflow refinement
- Issue#32847514.2Category:Fuzz Testing Deliverable GitLab Ultimate devops application security testing frontend fuzzing coverage group dynamic analysis section sec type feature workflow refinement
Relates to
Activity
-
Newest first Oldest first
-
Show all activity Show comments only Show history only
- Jason Yavorska added devopsrelease [DEPRECATED] + 1 deleted label
added devopsrelease [DEPRECATED] + 1 deleted label
- Jason Yavorska changed milestone to %11.7
changed milestone to %11.7
- 🤖 GitLab Bot 🤖 added [deprecated] Accepting merge requests label
added [deprecated] Accepting merge requests label
- Maintainer
@jlenny I was thinking if will be better to keep gitlab-com/gl-infra/infrastructure#5576 as SSOT and create issues on gitlab-ce only for actionable items. What do you think?
- Maintainer
I'll assign this to myself to track that during %11.7 I'll collaborate on https://gitlab.com/gitlab-com/gl-infra/infrastructure/issues/5576 as gitlab-ce~24926493 engineer.
I think the goal here is to make sure we have a plan to bring this feature on .com and start working on some of the items we plan.
- Alessio Caiazza added Deliverable backend labels
added Deliverable backend labels
- Alessio Caiazza assigned to @nolith
assigned to @nolith
- 🤖 GitLab Bot 🤖 removed [deprecated] Accepting merge requests label
removed [deprecated] Accepting merge requests label
- Author Contributor
@nolith @erushton the purpose here is just to avoid having an "off the map" bit of work on the ~Release team to support an infrastructure ticket. This ticket does just represent the work to support the other ticket, but appears in our planning, roadmap, check-ins, etc., unlike the other one.
If there's a different approach you want to use to manage this that's cool with me and we can chat about it. My intent here was just to make sure you weren't on the hook for "bonus" work that wasn't part of planning.
- Developer
for creating awareness and visibility of work on our boards. - Maintainer
This issue has passed the feature freeze date and considered a gitlab-ce~3804821. Adding missed:11.7.
- 🤖 GitLab Bot 🤖 added missed-deliverable missed:11.7 labels
added missed-deliverable missed:11.7 labels
- Author Contributor
For those following this issue, feature freeze is not actually for another 6 days; @gitlab-bot appears to have applied the label incorrectly, so that can be disregarded at this point.
- Jason Yavorska removed missed-deliverable missed:11.7 labels
removed missed-deliverable missed:11.7 labels
- Maintainer
This issue has passed the feature freeze date and considered a gitlab-ce~3804821. Adding missed:11.7.
- 🤖 GitLab Bot 🤖 added missed-deliverable missed:11.7 labels
added missed-deliverable missed:11.7 labels
- Author Contributor
Apologies for the spam, but as with yesterday this issue has not actually missed %11.7 at this point (feature freeze is not for several days). Re-removing the missed:11.7 label.
- Jason Yavorska removed missed-deliverable missed:11.7 labels
removed missed-deliverable missed:11.7 labels
- Jason Yavorska added direction label
added direction label
- Author Contributor
- Jason Yavorska added missed-deliverable missed:11.7 labels
added missed-deliverable missed:11.7 labels
- Jason Yavorska changed milestone to %11.8
changed milestone to %11.8
- 🤖 GitLab Bot 🤖 mentioned in issue gl-retrospectives/release#4 (closed)
mentioned in issue gl-retrospectives/release#4 (closed)
- Jason Yavorska added to epic &768
added to epic &768
- Jason Yavorska added Category:Pages label
added Category:Pages label
- Author Contributor
This item has unfortunately also missed %11.8. @darbyfrey will help us determine what the right way to partner with infrastructure is to get this done, and when it can happen. In the meantime I'm moving to %11.9 since it remains a priority if possible.
3 - Jason Yavorska changed milestone to %11.9
changed milestone to %11.9
- Jason Yavorska added missed:11.8 label
added missed:11.8 label
- 🤖 GitLab Bot 🤖 mentioned in issue gl-retrospectives/release#5 (closed)
mentioned in issue gl-retrospectives/release#5 (closed)
- Author Contributor
@darbyfrey have we been able to unblock this item? Should it still be tracking to %11.9?
- Developer
@jlenny I've been working with infra to get the work on their roadmap. It looks like it will be a few weeks, so we should probably push this to %11.10.
- Author Contributor
Thanks for confirming @darbyfrey, I'll update.
- Jason Yavorska changed milestone to %11.10
changed milestone to %11.10
- Jason Yavorska added missed:11.9 label
added missed:11.9 label
- Jason Yavorska removed Deliverable label
removed Deliverable label
- Darby Frey mentioned in issue gitlab-pages#209 (closed)
mentioned in issue gitlab-pages#209 (closed)
- Jason Yavorska unassigned @nolith
unassigned @nolith
- Author Contributor
Unfortunately we did not have capacity to fit this into our %11.10 release, and are still waiting on https://gitlab.com/gitlab-com/gl-infra/infrastructure/issues/5576. Setting to the next release for now. @darbyfrey let me know if I've misunderstood the relationship between this issue and the infra one - this was sitting in the unassigned group, but if that's just because there's nothing to do except wait for the infra issue, I'll move this back (which would be great.)
1 - Jason Yavorska changed milestone to %11.11
changed milestone to %11.11
- 🤖 GitLab Bot 🤖 added [deprecated] Accepting merge requests label
added [deprecated] Accepting merge requests label
- Developer
@jlenny gitlab-pages#209 (closed) is required to unblock the infra ticket. Once that is delivered, things should start moving forward
- 🤖 GitLab Bot 🤖 mentioned in issue gl-retrospectives/release#6 (closed)
mentioned in issue gl-retrospectives/release#6 (closed)
- Cynthia "Arty" Ng added internal customer label
added internal customer label
- Cynthia "Arty" Ng added customer label
added customer label
- Author Contributor
@filipa @dosuken123 can you please take a look and ask questions/confirm feasibility of this issue as we head into finalizing scope for 11.11? cc @rverissimo
Collapse replies - Contributor
This seems to be more backend than frontend. If I understand correctly we should be reusing the same UX used in https://gitlab.com/gitlab-org/gitlab-ce/issues/33422
- Maintainer
@jlenny It seems gitlab-pages#209 (closed) is a blocker and @vshushlin has some progress on it (gitlab-pages!138 (merged)).
@vshushlin Would you mind summarizing what's need to be done for closing this ticket?
- Developer
- I agree with Filipa that this issue doesn't require any additional frontend work.
- There are two blockers:
- https://gitlab.com/gitlab-org/gitlab-ce/issues/59286 - this is a ambiguous, I wrote PoC script there, but we still need to decide what to do with this issue
- gitlab-pages#209 (closed) - it's on review, and I think it will be merged soon
- Aside from that infrastructure team said that there is no other blockers.
- Vladimir Shushlin marked this issue as related to gitlab-pages#209 (closed)
marked this issue as related to gitlab-pages#209 (closed)
- Darby Frey added Deliverable label
added Deliverable label
- Darby Frey assigned to @vshushlin
assigned to @vshushlin
- 🤖 GitLab Bot 🤖 removed [deprecated] Accepting merge requests label
removed [deprecated] Accepting merge requests label
- Vladimir Shushlin changed the description
changed the description
- Jason Yavorska added missed:11.10 label
added missed:11.10 label
- Author Contributor
- Jason Yavorska changed milestone to %12.0
changed milestone to %12.0
- Jason Yavorska added missed:11.11 label
added missed:11.11 label
A customer with 130 seats Silver have requested this feature: https://gitlab.my.salesforce.com/0016100001HG4TV
@teemo we're on Bronze plan with 79 seats at the moment. We also would like this to happen as soon as possible: one of the use case is to publish code coverage report for internal users. https://gitlab.com/target-digital-transformation
BTW, how do I raise a official request from the subscription?
We're on Bronze plan with 136 seats and we also would like this to happen as soon as possible, is there any ETA when this would be available?
17- Corrina Stasik changed title from Enable access control for pages on gitlab.com to Access controls for Pages on gitlab.com
changed title from Enable access control for pages on gitlab.com to Access controls for Pages on gitlab.com
- Darby Frey changed milestone to %12.1
changed milestone to %12.1
- Jason Yavorska added missed:12.0 label
added missed:12.0 label
- Developer
Customer with 275 seats of ultimate needs this to move their subscription to gitlab.com gold. https://gitlab.my.salesforce.com/0016100001EogBS
2 Research institute needs this feature as well
- Corrina Stasik changed milestone to %12.2
changed milestone to %12.2
- Corrina Stasik added 1 deleted label
added 1 deleted label
- Corrina Stasik changed milestone to %12.4
changed milestone to %12.4
Moving to %12.4 due to identified gitlab-ce~2779335 prerequisite issues identified for remediation.
- 🤖 GitLab Bot 🤖 removed Deliverable label
removed Deliverable label
- 🤖 GitLab Bot 🤖 added 1 deleted label
added 1 deleted label
- Developer
Silver customer looking for this (internal): https://gitlab.zendesk.com/agent/tickets/129323
1 - Author Contributor
@darbyfrey is it clear what needs to be done here now? This is one that we've tried to deliver on 7 releases with no luck.
Collapse replies - Developer
Yes, the path forward is clear now. The delays were due in part to reviews and prereqs from SRE and Appsec
- Author Contributor
Moving this to %12.5 when the predecessor work will be complete.
4 Collapse replies - Contributor
@darbyfrey Has the prerequisite been closed? I see that all related issues are.
- Developer
Yes, @ogolowinski, all blockers are resolved now. You can track the progress here (internal-only)
- Jason Yavorska changed milestone to %12.5
changed milestone to %12.5
- 🤖 GitLab Bot 🤖 changed milestone to %12.5
changed milestone to %12.5
- Developer
It's enabled on <code data-sourcepos="1:19-1:28">gitlab.com</code>, and I don't anticipate any more work required from the side backend here, so I'm moving this to the current milestone and closing.
cc @ogolowinski @jlenny @darbyfrey
1 1 1 Collapse replies - Contributor
@vshushlin - Where can we see how to make things private?
This documentation still says it's only publicly available on gitlab.com https://gitlab.com/help/user/project/pages/index.md#availability
- Maintainer
@chill104 this part of the documentation speaks of the way the sites are served. I think you want this https://docs.gitlab.com/ee/user/project/pages/introduction.html#gitlab-pages-access-control-core-only.
Edited by Achilleas Pipinellis - Contributor
I see, and it turns out gitlab.com still doesn't support this. https://gitlab.com/gitlab-com/gl-infra/infrastructure/issues/5576
- Vladimir Shushlin closed
closed
- Vladimir Shushlin changed milestone to %12.4
changed milestone to %12.4
- Contributor
@vshushlin Well done! I would love to see it working - I will schedule a demo
1 - Cynthia "Arty" Ng mentioned in merge request !17963 (merged)
mentioned in merge request !17963 (merged)
- Contributor
Added Deliverable
- Orit Golowinski added Deliverable label
added Deliverable label
- Orit Golowinski added grouprelease [DEPRECATED] label and removed 1 deleted label
added grouprelease [DEPRECATED] label and removed 1 deleted label
- Jackie Porter marked this issue as related to gitlab-com/Product#1846 (closed)
marked this issue as related to gitlab-com/Product#1846 (closed)
- Jackie Porter mentioned in issue gitlab-com/Product#1846 (closed)
mentioned in issue gitlab-com/Product#1846 (closed)