Skip to content

GitLab Next

Why GitLab
Pricing
Contact Sales
Explore

Sign in
Get free trial

Disable KAS by default in FIPS environments

Review changes
Download
Patches
Plain diff

Balasankar 'Balu' C requested to merge 6802-disable-kas-in-fips-builds into master Jun 29, 2022

Overview 11
Commits 1
Pipelines 4
Changes 4

What does this MR do?

KAS doesn't comply with FIPS (being tracked in &7933 (closed)). Hence, we should disable it by default in FIPS environments, while still giving the user control to manually enable it.

Testing

In a FIPS environment, install the gitlab-fips package from https://dev.gitlab.org/gitlab/omnibus-gitlab/-/pipelines/243115
Deploy GitLab.
See that gitlab-kas is not enabled.
Edit /etc/gitlab/gitlab.rb and add roles['application_role'] and run reconfigure.
See that gitlab-kas is still not enabled.
Repeat the test with gitlab-ee package from that pipeline in a non-FIPS environment and see that gitlab-kas is enabled by default for default, and when using application_role.

Related issues

Closes #6802

Checklist

See Definition of done.

For anything in this list which will not be completed, please provide a reason in the MR discussion

Required

Merge Request Title, and Description are up to date, accurate, and descriptive
MR targeting the appropriate branch
MR has a green pipeline on GitLab.com
Pipeline is green on dev.gitlab.org if the change is touching anything besides documentation or internal cookbooks
trigger-package has a green pipeline running against latest commit

Expected (please provide an explanation if not completing)

Test plan indicating conditions for success has been posted and passes
Documentation created/updated
Tests added
Integration tests added to GitLab QA
Equivalent MR/issue for the GitLab Chart opened

Edited Jun 30, 2022 by Balasankar 'Balu' C

Merge request reports

Assignee Loading

Reviewers Loading

Request review from

Loading

Time tracking Loading

Loading