Skip to content

Add JWT support for internal Subscriptions API

Josianne Hyson requested to merge jh/migrate_subscription_auth into master

What does this MR do and why?

Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/466368+

Add JWT support for internal Subscriptions API

We want to be able to authenticate with a JWT from CustomersDot when accessing this endpoint. Migrate it to the internal API definition which has JWT auth, and update the specs to account for this.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

Start the GDK and CustomersDot.

  1. GitLab: find the ID of a top level namespace without a subscription (you may have to delete the sub as it can be lazy-populated)
  2. CustomersDot: Start a rails console
  3. CustomersDot: verify the existing admin PAT auth still works 
    # create a subscription
irb(main):001> Client::GitlabApp.post("/api/v4/namespaces/3488/gitlab_subscription", body: { seats: 10, start_date: '2023-01-01', plan_code: 'premium' }, token: Client::GitlabApp::ADMIN_API_TOKEN)
=> {"plan"=>{"code"=>"premium", "name"=>"Premium", "trial"=>false, "auto_renew"=>nil, "upgradable"=>true, "exclude_guests"=>false},
    "usage"=>{"seats_in_subscription"=>10, "seats_in_use"=>0, "max_seats_used"=>0, "seats_owed"=>0},
    "billing"=>{"subscription_start_date"=>"2023-01-01", "subscription_end_date"=>nil, "trial_ends_on"=>nil}}

# update a subscription
irb(main):002> Client::GitlabApp.put("/api/v4/namespaces/3488/gitlab_subscription", body: { seats: 5 }, token: Client::GitlabApp::ADMIN_API_TOKEN)
=> {"plan"=>{"code"=>"premium", "name"=>"Premium", "trial"=>false, "auto_renew"=>nil, "upgradable"=>true, "exclude_guests"=>false},
    "usage"=>{"seats_in_subscription"=>5, "seats_in_use"=>0, "max_seats_used"=>0, "seats_owed"=>0},
    "billing"=>{"subscription_start_date"=>"2023-01-01", "subscription_end_date"=>nil, "trial_ends_on"=>nil}
  4. GitLab: find another top level namespace ID without a subscription
  5. CustomersDot: verify the new JWT auth works 
    # create a subscription
irb(main):001> Client::GitlabApp.post("/api/v4/namespaces/3488/gitlab_subscription", body: { seats: 10, start_date: '2023-01-01', plan_code: 'premium' }, internal_jwt_token: Gitlab::Api::Internal::GenerateJwt.instance.execute)
=> {"plan"=>{"code"=>"premium", "name"=>"Premium", "trial"=>false, "auto_renew"=>nil, "upgradable"=>true, "exclude_guests"=>false},
    "usage"=>{"seats_in_subscription"=>10, "seats_in_use"=>0, "max_seats_used"=>0, "seats_owed"=>0},
    "billing"=>{"subscription_start_date"=>"2023-01-01", "subscription_end_date"=>nil, "trial_ends_on"=>nil}}

# update a subscription
irb(main):002> Client::GitlabApp.put("/api/v4/namespaces/3488/gitlab_subscription", body: { seats: 5 }, internal_jwt_token: Gitlab::Api::Internal::GenerateJwt.instance.execute)
=> {"plan"=>{"code"=>"premium", "name"=>"Premium", "trial"=>false, "auto_renew"=>nil, "upgradable"=>true, "exclude_guests"=>false},
    "usage"=>{"seats_in_subscription"=>5, "seats_in_use"=>0, "max_seats_used"=>0, "seats_owed"=>0},
    "billing"=>{"subscription_start_date"=>"2023-01-01", "subscription_end_date"=>nil, "trial_ends_on"=>nil}}
Edited by Josianne Hyson

Merge request reports