Adds KAS properties to GraphQL
What does this MR do?
Relates to: #322606 (closed)
Adds KAS metadata types to GraphQL API. They'll be accessible through the instance metadata, since KAS is a service part of the GitLab infrastructure.
Here's how I've implemented it.
GraphQL query
query {
metadata {
version # don't need to include it necessarily
revision # don't need to include it necessarily
kas{
enabled
version
externalUrl
}
}
}
GraphQL response
{
"data": {
"metadata": {
"version": "13.11.0-pre",
"revision": "7fe6ecdfea7",
"kas": {
"enabled": true,
"version": "13.11.1",
"externalUrl": "/Users/alexand/dev/gitlab-development-kit/gitlab/.gitlab_kas_secret"
}
}
}
}
Considerations
Why did I not add KAS metadata simply as fields of the instance metadata? Instead I created KAS as a sub-type of it.
- I thought is would be more organized this way, since KAS already has 3 readable attributes and I think there could be more in the future. So it will make more sense to have it as its own field, if we decide to make KAS attributes a field of
QueryType
in the future. I was also afraid to have to create deprecations quickly in the near feature, which is not the end of the world for GraphQL, but it is always an inconvenience. - I think this looks more natural for the client querying the API.
- I think we might be increasing the query complexity by one or 2 extra points, since with this approach we'll also have to check for a separate policy (
InstanceMetadata::KasPolicy
), even though I'm applying the same policy (read_instance_metadata
) that theMetadataType
already requires. Although, this complexity increase seems quite small, specially considering that this endpoint is probably not used in conjunction with very complex queries. There are no joins or too many nested fields that relate tometadata
. - I've decided to make all fields non-nullable with exception of
kas.version
andkas.externalUrl
, since those don't make sense ifkas.enabled? == false
.
Screenshots (strongly suggested)
Does this MR meet the acceptance criteria?
Conformity
-
📋 Does this MR need a changelog?-
I have included a changelog entry. -
I have not included a changelog entry because _____.
-
-
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers -
Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
Edited by Bob Van Landuyt