UNCLASSIFIED - NO CUI

Skip to content

Gitlab Object Storage Secret needs to be available with all settings

Bug

Description

if using IAM profile the endpoint value is not set because it is tied to the AccessKey values. the Endpoint needs to be set any time it is present in the values. This is an issue that will never present in unclassified systems. If the endpoint value is not set then Gitlab will default the domain for the s3 endpoint to amazonaws.com. On SIPR and JWICS if we cannot set the endpoint value then we lose the ability to use object storage cause the domains for the AWS endpoint are different.

With out this change on classified networks you are unable to use object storage with and IAM profile.

BigBang Version

Bigbang version 1.55

This can be retrieved multiple ways:

current application

{{- else if eq .Values.addons.gitlab.objectStorage.iamProfile "" }}
      aws_access_key_id: {{ .Values.addons.gitlab.objectStorage.accessKey }}
      aws_secret_access_key: {{ .Values.addons.gitlab.objectStorage.accessSecret }}
      endpoint: "{{ .Values.addons.gitlab.objectStorage.endpoint }}"
{{- end }}

What is needed

{{- else if eq .Values.addons.gitlab.objectStorage.iamProfile "" }}
      aws_access_key_id: {{ .Values.addons.gitlab.objectStorage.accessKey }}
      aws_secret_access_key: {{ .Values.addons.gitlab.objectStorage.accessSecret }}
{{- end }}
{{- if .Values.addons.gitlab.objectStorage.endpoint }}
      endpoint: "{{ .Values.addons.gitlab.objectStorage.endpoint }}"
{{- end }}

https://repo1.dso.mil/big-bang/bigbang/-/blob/master/chart/templates/gitlab/secret-objectstore.yaml#L19

UNCLASSIFIED - NO CUI