Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
GitLab / Solutions Architecture / 4 Feb 2021
GitLab / Solutions Architecture / 4 Feb 2021
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: Leveraging GitLabForm for Compliance

Description

Projects Used for Demo:
https://github.com/egnyte/gitlabform
https://gitlab.com/poffey21/gitlab-form
https://gitlab.com/gitlab-gold/tpoffenbarger/gitlab-form

A

Hi everyone, my name, is tim boffenberger and I'm a solutions arc architect with git lab and wanted to um spend some time talking through a tool called get lab form.

A

It's based on an open source project and I've been spending a little bit of time with it to make it more uh friendly, with our ultimate offering, um essentially the the gist of what um of what gitlab form does for you is given a config.yaml file.

A

You can specify certain settings that you want always to be set to be true. These can be things that you want existing in a particular project or merge request approvals or different types of approval rules.

A

Even you know, managed licenses that you want approved or denied, and then you can also have project settings where you have very specific things and with this yaml file, which is, in my opinion, pretty easy to read, um flows nicely with how we do approvals today or manage our settings today.

A

um You can leverage gitlab to um to kick this pipeline off, and here I'm just using a template. So let me show you what that template looks like it's pretty simple um we're really just executing the scalab form. All defined is going to specify that everything that's defined within this config.yaml file is going to be applied.

A

So so, let's take a look at what this might look like today, so I have a. I have a top level group and I want all these projects to kind of fit a certain type of mold. So I just created this brand new billing api and you can actually see when I'm in this billing api there's. No, you know code owners file which might be problematic.

A

If I go to general and merge requests approvals, it doesn't look like there's any approvals set up again. You know kind of a red flag and um what git lab form allows us to do is if I head over to my farmer in the sky project.

A

um I have this set up on a scheduled basis right now, and if I kick this off, we can see the pipeline running.

A

And a few things to note what it's going to do is it's actually going to leverage um our ci environment variables, so this ci project, namespace of the farmer in the site sky group, which would be get lab gold, t, poff and barger get lab form.

A

um So it's going to leverage that and it's going to add that as its default group. Additionally, we also have this project settings, so this particular project, the this farmer in the sky. I want specific settings for this config.yaml, so that coffee21 me is always a part of the merge request approvals process and you can see that it's it's looking at that top level group. It's looking at all the different applications within that top level group. One thing to note is all defined can be customized.

A

You can actually specify a certain project so that way, if you have a lot of projects, you don't have to run all of them at the same time, all right- and it looks like it succeeded. So, let's head back to um our get lab form.

A

Sorry about that gitlab form finance billing api, and if we pull up these general settings again, we can actually see that the merge request approvals process was updated. Great license, check, vulnerability, check are all in place now. um We also added this default approvers rule um generated by gitlab form, and then we can also see that there's a code owner's file in here, which is great because now um we can, we can manage not only settings but also particular files that we want to exist in here.

A

Taking this one step further I'd like to propose. So let's say that I have this new happened and if I drill into my settings merge request approval process, and I I decide that I actually want um my. I want to allow overrides to approval lists for them for the merge request. um My proposal here is that, rather than making the save changes reflective of this change, we could just simply have this dynamically generate a merge request, so upon click it automatically opens up a merge request for this farmer in the sky.

A

Sets it in draft mode. You know, modify approval rules for my new app. um If I save those changes and we look at the changes that were applied, we actually see that it just took this my new app and then merge request approvals and then added that rule in place um seems like a a kind of a quick iterative way to to deal with some of our compliance needs.

A

um You know, and it leans into the unique ways that get lab leverages code to manage all the things thanks for your time, uh get lab form is is a great product uh again, I I'm borrowing it from another um from another team that built this, and I added a few things that I hope to incorporate back into the the main project.