Support variables expansion in id_tokens:aud
What does this MR do and why?
Closes #414293 (closed) - Support variables expansion in id_tokens:aud
Values of the aud
claim in
id_tokens
(introduced in GitLab 15.7) can now include CI/CD variables. This
enables using such JWT tokens in contexts where the aud
claim can not
be a fixed value, for instance in some pipeline templates.
Note: in the documentation bits, I have written "since GitLab 16.1"; that's optimistic me assuming this could be merged in time for 16.1, but of course it can be changed if it has to.
How to set up and validate locally
- create a project with a pipeline file similar to https://gitlab.com/thomasgl-orange/test-id-tokens/-/blob/9297479591a95955c476d3d42d6851b7a9c5ecd4/.gitlab-ci.yml
- run the pipeline, check console output of jobs which involve some
$VARIABLE
inid_tokens:aud
: with the changes from this MR, variables should have been substituted by an actual value
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Thomas de Grenier de Latour