Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
GitLab / CI/CD UX Team Design Reviews / 11 Nov 2022
GitLab / CI/CD UX Team Design Reviews / 11 Nov 2022
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: CI_JOB_TOKEN workflow video for coverage

Description

This video is to assist whoever does the UX review of this feature in development https://gitlab.com/gitlab-org/gitlab/-/issues/375782

A

Hi I'm pretty called the product designer for pipeline execution team. This video is for um whoever gets assigned to review this work. That's been done um for this issue that says, enable a CA, token permission, flow or Bots to work, across.com and other shared instances securely.

A

This one is a little tricky, uh because the premises that we are working in is a complex one. This talks about um like if there are two projects- project a and Project B. How do we allow one project to access the access, another project using a CI job token, and what is it that we can do to if we do not want any of the project to access our project and at the same time, how can we enable it?

A

So we have already worked on an issue that has added an outbound um workflow for these use cases. So if you go to the product today, you would see that just a moment, you'll see that under settings CI CD for uh projects, you would see this section that says token access and then uh there is a particular section that allows you to add an existing project to the scope. That means you are currently able to add, say that uh you want your project to have access to this other project.

A

Let's call it B and you get to decide that, like this is an outbound workload that we had worked on with time. We learned that this is not the best way of doing it and we require to work on an inbound flow as well, which will slowly replace the outbound, uh and this will be deprecated in I think the next release, which is 16.0 now talking about the inbound workflow, specifically because this is uh what is in the scope of this issue and what needs to be looked at so this particular workflow.

A

What it will do is, uh as it says, allow access to this project with SEI job token.

A

If a project B, uh which is not this project, wants access to project a which has this project, what they'll have to do is uh project a would require to add them to this list like this will give permission to Project B that okay, now you can access um this project using oci job token, and at the same time, if this is disabled, let's say, then what will um how that would be translated as uh only project a would have access uh to its own project using the cig object like no, the project would have access to it.

A

So that's that that's what will happen if this comes uh disabled um and upon enabling it this small model is going to appear that says, allow CI job to construct the following projects to access this project. So if you enter the URL of a project here, it gets added to the table below, and you can totally see that right now test one sample test.

A

One and sample test two have access to your project using the CI token, and these are the namespaces that there are part of, and you can anytime, go ahead and delete them from the list. If you don't want them to be accessing your project, so that is it and I hope this is helpful. It's a very small summary.

A

um All the decisions are documented in the discussion alongside and that's it. Thank you.