Add db fields for workspace sudo access (!163730) · Merge requests · GitLab.org / GitLab

Vishal Tak requested to merge vtak/workspace_sudo_access_db into master Aug 23, 2024

Issue: DB: Add database fields for sudo access (#474966 - closed)

What does this MR do and why?

In order to enable users to use sudo securely within a workspace, we have identified 3 ways - configure Sysbox, configure Kata containers, and configure Kubernetes cluster to use user namespaces feature.

To achieve this, users needs to provide certain values - labels, annotations, default_runtime_class, allow_privilege_escalation, use_kubernetes_user_namespaces. Details about what combination of fields need to be configured for each case(Sysbox, Kata Containers, User Namespaces) can be found in the comment.

This MR adds these fields for workspace sudo access in the workspaces_agent_config table along with the required validations as mentioned in #474966 (closed) . These values will be used in Rails in a follow-up MR to drive the behaviour of the Workspace Kubernetes resources generated.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

N.A.

How to set up and validate locally

Not much to validate locally here since this MR is only adding the database fields. The unit tests should cover the validation logic.

Database migrations validations

The output of the db check migration job can be found at !163730 (comment 2080635643)

Edited Aug 30, 2024 by Vishal Tak

Add db fields for workspace sudo access

What does this MR do and why?

MR acceptance checklist

Screenshots or screen recordings

How to set up and validate locally

Database migrations validations

Merge request reports