Add authentication to suggested reviewer client
What does this MR do and why?
This MR add JWT authentication on the Suggested Reviewer gRPC client.
The user-facing functions are gated behind a feature flag suggested_reviewers
Implementations
- GitLab: store signing key in an environment variable (issue)
- GitLab: attach a JWT token to the request header with HMAC using SHA-256 hash algorithm signed with signing key <-- this MR
- Suggested Reviewer: store verifying key in an environment variable (MR)
- Suggested Reviewer decode the message in the request and validate current time is not more than the expired time (MR)
How to set up and validate locally
- Run the
recommender-bot-service
in a development K8s cluster - Update the
rpc_url
value, e.gsuggested-reviewer.dev:443
- Copy the certificate used by the service in Step 1 to the gitlab folder, e.g.
dev.crt
- In the gitlab folder, try
bundle exec rails c
pry(main)> certs = File.read('dev.crt') pry(main)> ENV['SUGGESTED_REVIEWERS_SECRET'] = 'fBwSLJ32cjJPxuzkN7IXsPwC6aDAe3LdrwUM1vfaj9sv09QhDmJYEAv5ipfB8mc9' pry(main)> c = ::Gitlab::AppliedMl::SuggestedReviewers::Client.new(rpc_url: 'suggested-reviewer.dev:443', certs: certs) pry(main)> d = c.suggested_reviewers(project_id: 15238759, merge_request_iid: 1, top_n: 5, changes: ['db', 'ee/db'], author_username: 'joe') => {:version=>"0.1.0", :top_n=>5, :reviewers=>[]}
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Tan Le