Secure Suggested Reviewer gRPC with TLS
What does this MR do and why?
This MR ensures the gRPC channel between GitLab and Suggested Reviewer is encrypted with server-TLS.
The user-facing functions are gated behind feature flag suggested_reviewers
How to set up and validate locally
- Run the
recommender-bot-service
in a development K8s cluster - Update the
rpc_url
value, e.gsuggested-reviewer.dev:443
- Copy the certificate used by the service in Step 1 to the gitlab folder, e.g.
dev.crt
- In the gitlab folder, try
bundle exec rails c
pry(main)> certs = File.read('dev.crt') pry(main)> c = ::Gitlab::AppliedMl::SuggestedReviewers::Client.new(rpc_url: 'suggested-reviewer.dev:443', certs: certs) pry(main)> d = c.suggested_reviewers(project_id: 15238759, merge_request_iid: 1, top_n: 5, changes: ['db', 'ee/db'], author_username: 'joe') => {:version=>"0.1.0", :top_n=>5, :reviewers=>[]}
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Tan Le