Creating a GitLab Configuration Source Provider

Create a configuration source provider in Resource Manager from GitLab.

Before You Begin

Following are the prerequisites to connect Oracle Cloud Infrastructure Resource Manager to GitLab.

  • Private Git server: Network information is required to set up a private endpoint for use with the configuration source provider, including an SSL certificate. For more information, see Private Git Server.
  • Public Git server: This server must be accessible over the internet using a public IP address. (This accessibility requirement doesn't apply to GitLab.com.)
  • Resolvable URL: Ensure that Resource Manager can resolve the server URL. Ensure that the server is deployed with a well-known root certificate, such as DigiCert, so that OCI can trust its endpoint.
  • Network configuration for IP addresses: Configure your network to allow access from OCI IP address ranges. Ensure that you include ranges for all relevant services, including the Oracle Services Network (tag: OSN).
  • Ingress rules: Enable network ingress rules on the VCN where the server is deployed to allow access from OCI IP addresses.
  • Repository permissions: You must have admin or owner permissions for the repository.
  • Personal access token (PAT): You must have a PAT to the server. To create a PAT, see the relevant guidance and documentation:
    Note

    Resource Manager reads the customer's repository content but doesn't push changes to the repository.

Importing an Existing Certificate

To access a private GitLab server, make its associated SSL certificate available in the Oracle Cloud Infrastructure Certificates service.

For more information about the Certificates service, see Certificates.

After the certificate is in the Certificates service, you can select it along with a private endpoint when you create the configuration source provider.

  1. Get the certificate information for your private Git server.
    1. Install the OpenSSL command line application.

      For Linux, run: sudo yum install openssl

      For MacOS, run: brew install openssl

      For Windows, download the openssl binary from Win32/Win64 OpenSSL and configure the environment.

    2. Get the certificate chain.

      Run the following command, replacing $SERVERNAME with the server URL and $PORT with the server's TCP port:

      openssl s_client -connect $SERVERNAME:$PORT -servername $SERVERNAME -showcerts 2>&1 < /dev/null | sed -n '/-----BEGIN/,/-----END/p' > certChain.pem
    3. Get the server certificate.

      Run the following command, replacing $SERVERNAME with the server URL and $PORT with the server's TCP port:

      echo -n | openssl s_client -connect $SERVERNAME:$PORT -servername $SERVERNAME | openssl x509 > $SERVERNAME.pem
    4. Get the private key.

      Example source of private key from NGINX Gitlab Server (/etc/gitlab/gitlab.rb):

      nginx['ssl_certificate_key'] = <Path_to_PRIVATE_KEY>
  2. Import the certificate.

    See Importing a Certificate.

    After the certificate is in the Certificates service, you can select it along with a private endpoint when you create the configuration source provider.

  • After completing all the prerequisites, follow these steps in the Console to create a configuration source provider from GitLab.
    1. On the Configuration source providers list page, select Create configuration source provider. If you need help finding the list page or the configuration source provider, see Listing Configuration Source Providers.
    2. In the Create configuration source provider panel, enter a name and optional description for the configuration source provider. Avoid entering confidential information.
    3. Select the compartment that you want to create the configuration source provider in.
    4. (Optional) To use a private endpoint, follow these steps:
      1. Select Private endpoint.
      2. Select or create a private endpoint. To select a private endpoint or certificate in a different compartment, select Change Compartment.
      3. Select an SSL certificate.
      For more information about private endpoints for private servers, see Private Git Server.
    5. For Type, select GitLab.
    6. Enter the following values:
      • Server URL: The service endpoint.

        Examples:

        • GitLab.com product: https://gitlab.com/
        • GitLab installation (relative URL): https://example.com/gitlab
        • GitLab installation (subdomain): https://gitlab.example.com/
      • Personal access token: Enter the personal access token (PAT).
    7. (Optional) Select Show advanced options and assign tags to the configuration source provider.
      • Tag namespace: To add a defined tag, select an existing namespace. To add a free-from tag, leave the value blank.
      • Tag key: To add a defined tag, select an existing tag key. To add a free-form tag, type the key name that you want.
      • Tag value: Type the tag value that you want.
      • Add tag: Click to add another tag.
    8. Select Create.
    9. To confirm that Resource Manager can access the server URL using the provided authentication information, select the configuration source provider to open its details page, and then select Validate connection.
  • Use the oci resource-manager configuration-source-provider create-github-access-token-provider command and required parameters to create a configuration source provider from GitLab.

    oci resource-manager configuration-source-provider create-gitlab-access-token-provider --access-token <personal_access_token> --api-endpoint <GitLab_service_endpoint>

    For a complete list of parameters and values for CLI commands, see the Command Line Reference for Resource Manager.

  • Run the CreateConfigurationSourceProvider operation to create a configuration source provider from GitLab.

    For an example of the configSourceProviderType part of the request, see CreateGitlabAccessTokenConfigurationSourceProviderDetails.