Skip to content

GitLab Next

Why GitLab
Pricing
Contact Sales
Explore

Sign in
Get free trial

Add flag for disabling GitLab secrets handling

Review changes
Download
Patches
Plain diff

Grant Young requested to merge gy-custom-secrets-propagation-support into main Sep 16, 2022

Overview 6
Commits 3
Pipelines 0
Changes 14

What does this MR do?

MR adds a flag to configure if the Toolkit should handle propagation of GitLab Secrets and SSH keys in multi-node setups. Disabling is an advanced use case and secrets must be propagated in full by the user via Custom Tasks / Cloud Native Hybrid Custom Secrets Tasks including the handling of reconfigure calls, etc... For example:

Omnibus - Use Custom Tasks as normal to propagate secrets as destired (note that an omnibus reconfigure will likely be required as well).
Cloud Native Hybrid - Use Custom Secrets task file (named for Kubernetes secrets but can apply for both) to copy the secrets over.
Note for Geo, after reviewing how it works, the same approach should work as you would be pulling secrets from the same source so a separate task wouldn't be required here - You would just run the same Omnibus and Cloud Native Hybrid custom tasks files as the primary.

This is intended as a temporary path as we await a new product solution for secrets.

Related issues

Closes https://gitlab.com/gitlab-org/gitlab-environment-toolkit/-/issues/532

Author's checklist

When ready for review, the Author applies the workflowready for review label and mention @gl-quality/get-maintainers:

Merge request:
- Corresponding Issue raised and reviewed by the GET maintainers team.
- Merge Request Title and Description are up-to-date, accurate, and descriptive
- MR targeting the appropriate branch
- MR has a green pipeline
- MR has no new security alerts in the widget from the Secret Detection and IaC Scan (SAST) jobs.
Code:
- Check the area changed works as expected. Consider testing it in different environment sizes (1k,3k,10k,etc.).
- Documentation created/updated in the same MR.
- If this MR adds an optional configuration - check that all permutations continue to work.
- For Terraform changes: set up a previous version environment, then run a terraform plan with your new changes and ensure nothing will be destroyed. If anything will be destroyed and this can't be avoided please add a comment to the current MR.
Create any follow-up issue(s) to support the new feature across other supported cloud providers or advanced configurations. Create 1 issue for each provider/configuration. Contact the Quality Enablement team if unsure.

Edited Sep 20, 2022 by Grant Young

Merge request reports

Assignee Loading

Reviewers Loading

Request review from

Loading

Time tracking Loading

Loading