Skip to content

Add JWT support for internal CI::Minutes APIs

Josianne Hyson requested to merge jh/migrate_ci_minutes_auth into master

What does this MR do and why?

Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/466368+

Add JWT support for internal CI::Minutes APIs

We want to be able to authenticate with a JWT from CustomersDot when accessing this endpoint. Migrate it to the internal API definition which has JWT auth, and update the specs to account for this.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

Start the GDK and CustomersDot.

  1. GitLab: find the ID of a top level namespace
  2. CustomersDot: Start a rails console
  3. CustomersDot: verify the Admin auth still works 
    # create the a CI minutes pack
irb(main):001> Client::GitlabApp.post("/api/v4/namespaces/3486/minutes", body: { packs: [ { number_of_minutes: 10_000, expires_at: 1.year.from_now.to_s, purchase_xid: SecureRandom.hex(16) } ] }, token: Client::GitlabApp::ADMIN_API_TOKEN)
=> [{"namespace_id"=>3486, "expires_at"=>"2025-08-09", "number_of_minutes"=>10000, "purchase_xid"=>"052b34e969b3e608c44847b9a46e1cc3"}]

# transfer a CI minutes pack
irb(main):002> Client::GitlabApp.patch("/api/v4/namespaces/3486/minutes/move/3488", token: Client::GitlabApp::ADMIN_API_TOKEN)
=> {"message"=>"202 Accepted"}
  4. CustomersDot: verify the new JWT auth works 
    # create the a CI minutes pack
irb(main):001> Client::GitlabApp.post("/api/v4/namespaces/3486/minutes", body: { packs: [ { number_of_minutes: 10_000, expires_at: 1.year.from_now.to_s, purchase_xid: SecureRandom.hex(16) } ] }, internal_jwt_token: Gitlab::Api::Internal::GenerateJwt.instance.execute)
=> [{"namespace_id"=>3486, "expires_at"=>"2025-08-09", "number_of_minutes"=>10000, "purchase_xid"=>"b867d163f1ada8385bf37931974e61ab"}]

# transfer a CI minutes pack
irb(main):002> Client::GitlabApp.patch("/api/v4/namespaces/3486/minutes/move/3488", internal_jwt_token: Gitlab::Api::Internal::GenerateJwt.instance.execute)
=> {"message"=>"202 Accepted"}
  5. GitLab: verify both packs were transferred to the correct namespace 
    irb(main):001:0> Ci::Minutes::AdditionalPack.last(2)
=>
[#<Ci::Minutes::AdditionalPack:0x000000016e67bcd0
  id: 5,
  created_at: Fri, 09 Aug 2024 04:00:37.488906000 UTC +00:00,
  updated_at: Fri, 09 Aug 2024 04:00:37.488906000 UTC +00:00,
  namespace_id: 3488,
  expires_at: Sat, 09 Aug 2025,
  number_of_minutes: 10000,
  purchase_xid: "052b34e969b3e608c44847b9a46e1cc3">,
 #<Ci::Minutes::AdditionalPack:0x000000016e67bd70
  id: 6,
  created_at: Fri, 09 Aug 2024 04:04:30.116258000 UTC +00:00,
  updated_at: Fri, 09 Aug 2024 04:04:30.116258000 UTC +00:00,
  namespace_id: 3488,
  expires_at: Sat, 09 Aug 2025,
  number_of_minutes: 10000,
  purchase_xid: "b867d163f1ada8385bf37931974e61ab">]
Edited by Josianne Hyson

Merge request reports