Google Cloud Integration API
Project-level Google Cloud integration scripts
- Introduced in GitLab 16.10. This feature is an Experiment.
Workload identity federation creation script
- Introduced in GitLab 16.10.
Users with at least the Maintainer role for the project can use the following endpoint to query a shell script that creates and configures the workload identity federation in Google Cloud:
GET /projects/:id/google_cloud/setup/wlif.sh
Supported attributes:
| Attribute | Type | Required | Description |
|---|---|---|---|
id
| integer | Yes | The ID a project. |
google_cloud_project_id
| string | Yes | Google Cloud Project ID for the workload identity federation. |
google_cloud_workload_identity_pool_id
| string | No | ID of the Google Cloud workload identity pool to create. Defaults to gitlab-wlif.
|
google_cloud_workload_identity_pool_display_name
| string | No | Display name of the Google Cloud workload identity pool to create. Defaults to WLIF for GitLab integration.
|
google_cloud_workload_identity_pool_provider_id
| string | No | ID of the Google Cloud workload identity pool provider to create. Defaults to gitlab-wlif-oidc-provider.
|
google_cloud_workload_identity_pool_provider_display_name
| string | No | Display name of the Google Cloud workload identity pool provider to created. Defaults to GitLab OIDC provider.
|
Example request:
curl --request GET \
--header "PRIVATE-TOKEN: <your_access_token>" \
--url "https://gitlab.com/api/v4/projects/<your_project_id>/google_cloud/setup/wlif.sh"
Script to set up a Google Cloud integration
- Introduced in GitLab 16.10.
Users with at least the Maintainer role for the project can use the following endpoint to query a shell script to set up a Google Cloud integration:
GET /projects/:id/google_cloud/setup/integrations.sh
Only the Google Artifact Management integration is supported. The script creates IAM policies to access Google Artifact Registry:
- Artifact Registry Reader role is granted to members with at least Reporter role
- Artifact Registry Writer role is granted to members with at least Developer role
Supported attributes:
| Attribute | Type | Required | Description |
|---|---|---|---|
id
| integer | Yes | The ID of a GitLab project. |
enable_google_cloud_artifact_registry
| boolean | Yes | Flag to indicate if Google Artifact Management integration should be enabled. |
google_cloud_artifact_registry_project_id
| string | Yes | Google Cloud Project ID for the Artifact Registry. |
Example request:
curl --request GET \
--header "PRIVATE-TOKEN: <your_access_token>" \
--url "https://gitlab.com/api/v4/projects/<your_project_id>/google_cloud/setup/integrations.sh"
Script to configure a Google Cloud project for runner provisioning
- Introduced in GitLab 16.10.
Users with at least the Maintainer role for the project can use the following endpoint to query a shell script to configure a Google Cloud project for runner provisioning and execution:
GET /projects/:id/google_cloud/setup/runner_deployment_project.sh
The script performs preparatory configuration steps in the specified Google Cloud project,
namely enabling required services and creating a GRITProvisioner role and a grit-provisioner service account.
Supported attributes:
| Attribute | Type | Required | Description |
|---|---|---|---|
id
| integer | Yes | The ID of a GitLab project. |
google_cloud_project_id
| string | Yes | The ID of the Google Cloud project. |
Example request:
curl --request GET \
--header "PRIVATE-TOKEN: <your_access_token>" \
--url "https://gitlab.com/api/v4/projects/<your_project_id>/google_cloud/setup/runner_deployment_project.sh?google_cloud_project_id=<your_google_cloud_project_id>"