GraphQL: Implement RunnerCloudProvisioningOptions in ProjectType
What does this MR do and why?
This MR adds the project.runnerCloudProvisioningOptions
query, required to support the new runner provisioning flow on Google Cloud (frontend: #437907 (closed)). It builds on #439569 (closed) to allow fetching regions
, zones
, and machineTypes
available to a Google Cloud project. The Google Cloud project is associated with a GitLab project through the New Google Artifact Registry Project Integration (#425066 - closed) (temporary, this will be moved to a new Google IAM project integration).
The graphql query is gated on the :read_runner_cloud_provisioning_options
project policy introduced in !143570 (merged), available only to maintainer+ users on a project, and when the SaaS google_artifact_registry
feature is available.
Closes #438315 (closed)
Changelog: added EE: true
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
Although the client class itself is quite simple to use, the setup of the supporting components can be quite involved.
We have two way to set up things: either using the gcp demo project (if you have access) or using a service account.
1️⃣ Set up using the gcp demo project
- In Cloud Run, there is a
glgo
instance running. Click on the details and copy the url. - In
ee/lib/google_cloud_platform/base_client.rb
, replace theGLGO_BASE_URL
constant with the url from (1.). - In
ee/lib/google_cloud_platform/jwt.rb
, return a fixed string of your choice for#issuer
. I usedhttp://pedropombeiro.gdk.test:3000
. - Start your local GDK, access
/oauth/discovery/keys
and paste the content on a Gitlab.com snippet. Copy the url of the raw form of the snippet. - In Cloud Run, create a new version to deploy and update the
GLGO_KNOWN_ISSUERS
env variable with the following string:,<issuer string>;<url of the raw form of the snippet>
Don't forget to set up a Workload Identity Federation properly and get its url without the protocol.
2️⃣ Set up using a service account
- Create a service account that has the
Compute Viewer
role. - Create a json file credentials and download it.
- In
ee/lib/google_cloud_platform/compute/client.rb
, in the#external_credentials
function. Replace the method content with the path to the credentials file.
3️⃣ The client class in action
One last setup, there is a guard to make sure that the client class is used in the saas instance only. In ee/lib/google_cloud_platform/compute/client.rb
, comment L133.
Now, that the set up is out of the way, let's play!
-
Set up a project integration in some project, e.g.
gitlab-org/playground
-
Open http://gdk.test:3000/-/graphql-explorer and run the following query:
{ project(fullPath: "gitlab-org/playground") { id runnerCloudProvisioningOptions(provider: GOOGLE_CLOUD) { regions(first: 2) { nodes { name description } pageInfo { hasNextPage endCursor } } zones(region: "us-east1", first: 2) { nodes { name description } pageInfo { hasNextPage endCursor } } machineTypes(zone: "us-east1-b", first: 2) { nodes { name description zone } pageInfo { hasNextPage endCursor } } } } }
You should see the zones and machine types requested.