Skip to content

Add project_visibility JWT claim

Alishan Ladhani requested to merge ali/add-project-visibility-jwt-claim into master

What does this MR do and why?

Adds a new claim called project_visibility to Ci::JwtV2. This claim will be used by Fulcio to generate certificates for keyless signing.

Related to #418810 (closed)

Screenshots or screen recordings

{
  ...
  "sha": "4e9b7dbc7e42626ca4f4676ad91f17951f97af9a",
  "project_visibility": "public",
  "ci_config_ref_uri": "gitlab.localdev:3000/gitlab-org/gitlab-shell//.gitlab-ci.yml@refs/heads/memory-limit",
  ...
}
[8] pry(main)> build.project.visibility_level
=> 20

How to set up and validate locally

build = Ci::Build.last
Gitlab::Ci::JwtV2.new(build, aud: 'my-aud', ttl: 1.hour).payload

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Alishan Ladhani

Merge request reports

Loading