Skip to content

Secure Suggested Reviewer gRPC with TLS

Tan Le requested to merge secure-tls-suggested-reviewer into master

What does this MR do and why?

This MR ensures the gRPC channel between GitLab and Suggested Reviewer is encrypted with server-TLS.

The user-facing functions are gated behind feature flag suggested_reviewers

Relates to https://gitlab.com/gitlab-org/modelops/applied-ml/review-recommender/recommender-bot-service/-/issues/19

How to set up and validate locally

  1. Run the recommender-bot-service in a development K8s cluster
  2. Update the rpc_url value, e.g suggested-reviewer.dev:443
  3. Copy the certificate used by the service in Step 1 to the gitlab folder, e.g. dev.crt
  4. In the gitlab folder, try bundle exec rails c
    pry(main)> certs = File.read('dev.crt')
    pry(main)> c = ::Gitlab::AppliedMl::SuggestedReviewers::Client.new(rpc_url: 'suggested-reviewer.dev:443', certs: certs)
    pry(main)> d = c.suggested_reviewers(project_id: 15238759, merge_request_iid: 1, top_n: 5, changes: ['db', 'ee/db'], author_username: 'joe')
    => {:version=>"0.1.0", :top_n=>5, :reviewers=>[]}

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Tan Le

Merge request reports

Loading