OpsLevel Logo
Product

Visibility

Catalog

Keep an automated record of truth

Integrations

Unify your entire tech stack

AI Engine

Restoring knowledge & generating insight

Standards

Scorecards

Measure and improve software health

Campaigns

Action on cross-cutting initiatives with ease

Checks

Get actionable insights

Developer Autonomy

Service Templates

Spin up new services within guardrails

Self-service Actions

Empower devs to do more on their own

Knowledge Center

Tap into API & Tech Docs in one single place

Featured Resource

March Product Updates
March Product Updates
Read more
Use Cases

Use cases

Improve Standards

Set and rollout best practices for your software

Drive Ownership

Build accountability and clarity into your catalog

Developer Experience

Free up your team to focus on high-impact work

Featured Resource

The Ultimate Guide to Microservices Versioning Best Practices
The Ultimate Guide to Microservices Versioning Best Practices
Read more
Customers
Our customers

We support leading engineering teams to deliver high-quality software, faster.

More customers
Hudl
Hudl goes from Rookie to MVP with OpsLevel
Read more
Hudl
Keller Williams
Keller Williams’ software catalog becomes a vital source of truth
Read more
Keller Williams
Duolingo
How Duolingo automates service creation and maintenance to tackle more impactful infra work
Read more
Duolingo
Resources
Our resources

Explore our library of helpful resources and learn what your team can do with OpsLevel.

All resources

Resource types

Blog

Resources, tips, and the latest in engineering insights

Guide

Practical resources to roll out new programs and features

Demo

Videos of our product and features

Events

Live and on-demand conversations

Interactive Demo

See OpsLevel in action

Pricing

Flexible and designed for your unique needs

Docs
Log In
Book a demo
Log In
Book a demo
No items found.
Share this
Table of contents
 link
 
Resources
Blog

Updated OpsLevel GitLab App Permissions as Part of Service Creation

Product
Automation
Tooling
Platform engineer
Security
Integration
Service Creation
Updated OpsLevel GitLab App Permissions as Part of Service Creation
Kenneth Rose
|
August 11, 2022

On August 18, 2022, OpsLevel will begin providing Early Access to one of our most anticipated new features - Service Creation. With Service Creation, you can create and manage a gallery of service templates that can be utilized by developers to easily spin up new services. When creating new services, OpsLevel will automatically register them in your catalog and publish them to your GitLab organization. This will allow you kick off service creation workflows directly in OpsLevel.

Service Creation in OpsLevel
Service Creation in OpsLevel

How Do I Get Started with Service Creation?

If you want Early Access to Service Creation, please notify your Customer Success Manager on or after August 18, 2022 to turn the feature on for you.

For Service Creation to integrate with GitLab, OpsLevel needs additional permissions from GitLab to create repos. You will be required to update your existing GitLab OpsLevel App in order to grant us these permissions. We have a step-by-step guide on how to update your permissions in our documentation.

What Should I Know About these New GitLab Permissions?

In order for you to make use of Service Creation, OpsLevel will need to perform the following actions within your GitLab repository:

  • Create a new repository and populate it with a new service code
  • Create pull/merge requests against existing repositories
       

We will not be taking any actions other than the ones listed above. We will update you should we ever need to expand these actions for future features.

Even though we only need to perform a limited set of actions, the GitLab permissions model is not granular enough to restrict us to only these required actions.

Specifically, we are requesting the following additional permissions in your GitLab organization:

  • Read and write on “administration”:  We need this to create new repos.
  • Read and write on “contents”: We need this to populate newly created repos with the templated repo content.‍
  • Read and write on “pull requests” We need this to create new pull requests., which we’ll use to help update templates.‍
  • Read and write on “checks” We need this to create GitHub checks per pull request. This is for a future feature to see OpsLevel checks, including new checks around templates, directly in GitHub.

NOTE: Several of the APIs in this list require further permissions to be able to use them (e.g., the secrets, checks, and workflows endpoints). We have no plans at this time to use any of the APIs we haven’t explicitly mentioned as part of Service Creation. We will notify you if we ever change these plans.

     

How will OpsLevel ensure these permissions are used securely and responsibly?

We appreciate that the GitLab app permissions we’re requesting are broad in scope. These permissions are broader than we’d like, but they are the minimum necessary for us to provide Service Creation.

On the security front, we have taken measures to ensure that the access you grant us to your GitLab organization cannot be accessed by malicious actors nor inadvertently leaked.

     
  • All-access tokens, including GitLab, are encrypted at rest and in transit. Our security page has more details on ciphers and versions.
  • As part of our SOC2 compliance, all access to our production systems are logged.
  • The background workers running the service creation logic are running exclusively within our secured infrastructure
  • From a product perspective, again, we currently plan to use these permissions only for the use cases around service creation:
  • Creating new repositories
  • Creating pull / merge requests against existing repositories
  •  

We take seriously the trust you have in us to properly protect this data. Customer security is at the forefront of our product development process. We will not introduce any new action without it being thoroughly reviewed by our Product and Engineering teams.

We are also always available to listen to feedback and concerns that you may have.

Use Branch Protection for additional protection

We empathize that despite taking all steps necessary to minimize risks with granting us these new permissions, there may still be some hesitancy or additional protections customers would like to have in place.

One such protection is enabling branch protection on all of your services’ repositories.  We always recommend enabling this. Branch protection ensures that your default branches are protected and that no one, including OpsLevel, can do things against them like delete, force push, etc.

OpsLevel has a branch protection check that can assist in giving visibility into which service repos already have this in place.

What Are the Next Steps?

On August 18, 2022, we will update the existing GitLab App to enable these changes. You will be notified by OpsLevel when the updated GitLab App is available. We encourage our customers to update to the new app in order to take full advantage of Service Creation. However, if you do not want to update, there will be no changes to your existing OpsLevel functionality outside of not being able to use the Service Creation feature.

We aim to have all of our customers updated to the new permissions by September 16, 2022. If you have any hesitations or concerns, please reach out to your Customer Success Manager and we will be more than happy to schedule time and work through any issues.

 

More resources

March Product Updates
Blog
March Product Updates

Some of the big releases from the month of March.

Read more
How Generative AI Is Changing Software Development: Key Insights from the DORA Report
Blog
How Generative AI Is Changing Software Development: Key Insights from the DORA Report

Discover the key findings from the 2024 DORA Report on Generative AI in Software Development. Learn how OpsLevel’s AI-powered tools enhance productivity, improve code quality, and simplify documentation, while helping developers avoid common pitfalls of AI adoption.

Read more
Introducing OpsLevel AI: Finding Your Lost Engineering Knowledge
Blog
Introducing OpsLevel AI: Finding Your Lost Engineering Knowledge

Read more
Product
Software catalogMaturityIntegrationsSelf-serviceKnowledge CenterBook a meeting
Company
About usCareersContact usCustomersPartnersSecurity
Resources
DocsEventsBlogPricingDemoGuide to Internal Developer PortalsGuide to Production Readiness
Comparisons
OpsLevel vs BackstageOpsLevel vs CortexOpsLevel vs Atlassian CompassOpsLevel vs Port
Subscribe
Join our newsletter to stay up to date on features and releases.
By subscribing you agree to with our Privacy Policy and provide consent to receive updates from our company.
SOC 2AICPA SOC
© 2024 J/K Labs Inc. All rights reserved.
Terms of Use
Privacy Policy
Responsible Disclosure
By using this website, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Data Processing Agreement for more information.
Okay!