Show identity verification required alert on shared runners enabled
Context
Currently, users go through identity verification (signup IV
from here on) as part of the signup process. Moving forward, we want to require users1 that have already started using Gitlab to go through the same identity verification process (active user IV
from here on) where they verify a phone number/credit card in exchange for in-app benefits (e.g. run pipelines using free compute minutes, create more than two top-level groups, etc.).
This is similar to the (disabled) feature that required users to provide credit card details before they can run pipelines (explained more in https://about.gitlab.com/blog/2021/05/17/prevent-crypto-mining-abuse) except that users can verify their identity using a phone number or, optionally, a credit card.
See https://gitlab.com/groups/gitlab-org/modelops/anti-abuse/-/epics/32+ for more info.
1 Limited to free users that did not go through phone number and/or credit card verification during signup.
What does this MR do and why?
This MR implements Show identity verification required alert when user tries to enable shared runners project setting.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screen_Recording_2024-05-24_at_11.52.31_AM
How to set up and validate locally
- Start GDK simulating SaaS
$ export GITLAB_SIMULATE_SAAS=1 $ gdk start
- Enable relevant FFs
$ rails c > Feature.enable(:opt_in_identity_verification) > Feature.enable(:identity_verification_phone_number) > Feature.enable(:ci_requires_identity_verification_on_free_plan)
- Update
ee/app/models/concerns/identity_verifiable.rb
to skip the check to ensure a user was created after the release date.# ee/app/models/concerns/identity_verifiable.rb def identity_verified? ... - return true if created_at < IDENTITY_VERIFICATION_RELEASE_DATE + # return true if created_at < IDENTITY_VERIFICATION_RELEASE_DATE ... end
- Login with
root
user - Create a project then go to the project's Settings -> CI/CD page
- Toggle off the instance runners setting if it is already enabled. This operation should succeed
- Toggle on the instance runners setting
- Verify that the update fails and the correct alert is shown
- Mark the user as identity verified
$ rails c > FactoryBot.create(:phone_number_validation, :validated, user: User.first)
- Attempt to toggle on the instance runners setting
- Verify that the update succeeds and no alert is shown