OpsLevel Logo
Product
Developer portal
Software catalog
Understand your entire architecture at a glance
Standards
Your guide to safe, reliable software
Developer self-service
Empower developers to move faster, risk-free
Integrations
Connect your most powerful third-party tools
Use Cases
Ownership
Build accountability and clarity into your catalog
Standardization
Set and rollout best practices for your software
Developer Experience
Free up your team to focus on high-impact work
Customers
Resources
All Resources
Our full library of resources
Pricing
Flexible and designed for your unique needs
Podcast
Podcast
Conversations with technical leaders
Blog
Blog
DevOps resources, tips, and best practices
Demo
Demo
Videos of our product and features
Tech talk
Tech talk
Our POV on technical topics
Guide
Guide
Practical resources to roll out new programs and features
DocsLog In
Talk to usTry for free
No items found.
Share this
Table of contents
 
Resources
Blog

Updated OpsLevel GitLab App Permissions as Part of Service Creation

Product
Automation
Tooling
Platform engineer
Security
Integration
Service Creation
Updated OpsLevel GitLab App Permissions as Part of Service Creation
Kenneth Rose
|
August 11, 2022
Updated OpsLevel GitLab App Permissions as Part of Service Creation

On August 18, 2022, OpsLevel will begin providing Early Access to one of our most anticipated new features - Service Creation. With Service Creation, you can create and manage a gallery of service templates that can be utilized by developers to easily spin up new services. When creating new services, OpsLevel will automatically register them in your catalog and publish them to your GitLab organization. This will allow you kick off service creation workflows directly in OpsLevel.

Service Creation in OpsLevel
Service Creation in OpsLevel

How Do I Get Started with Service Creation?

If you want Early Access to Service Creation, please notify your Customer Success Manager on or after August 18, 2022 to turn the feature on for you.

For Service Creation to integrate with GitLab, OpsLevel needs additional permissions from GitLab to create repos. You will be required to update your existing GitLab OpsLevel App in order to grant us these permissions. We have a step-by-step guide on how to update your permissions in our documentation.

What Should I Know About these New GitLab Permissions?

In order for you to make use of Service Creation, OpsLevel will need to perform the following actions within your GitLab repository:

  • Create a new repository and populate it with a new service code
  • Create pull/merge requests against existing repositories
       

We will not be taking any actions other than the ones listed above. We will update you should we ever need to expand these actions for future features.

Even though we only need to perform a limited set of actions, the GitLab permissions model is not granular enough to restrict us to only these required actions.

Specifically, we are requesting the following additional permissions in your GitLab organization:

  • Read and write on “administration”:  We need this to create new repos.
  • Read and write on “contents”: We need this to populate newly created repos with the templated repo content.‍
  • Read and write on “pull requests” We need this to create new pull requests., which we’ll use to help update templates.‍
  • Read and write on “checks” We need this to create GitHub checks per pull request. This is for a future feature to see OpsLevel checks, including new checks around templates, directly in GitHub.

NOTE: Several of the APIs in this list require further permissions to be able to use them (e.g., the secrets, checks, and workflows endpoints). We have no plans at this time to use any of the APIs we haven’t explicitly mentioned as part of Service Creation. We will notify you if we ever change these plans.

     

How will OpsLevel ensure these permissions are used securely and responsibly?

We appreciate that the GitLab app permissions we’re requesting are broad in scope. These permissions are broader than we’d like, but they are the minimum necessary for us to provide Service Creation.

On the security front, we have taken measures to ensure that the access you grant us to your GitLab organization cannot be accessed by malicious actors nor inadvertently leaked.

     
  • All-access tokens, including GitLab, are encrypted at rest and in transit. Our security page has more details on ciphers and versions.
  • As part of our SOC2 compliance, all access to our production systems are logged.
  • The background workers running the service creation logic are running exclusively within our secured infrastructure
  • From a product perspective, again, we currently plan to use these permissions only for the use cases around service creation:
  • Creating new repositories
  • Creating pull / merge requests against existing repositories
  •  

We take seriously the trust you have in us to properly protect this data. Customer security is at the forefront of our product development process. We will not introduce any new action without it being thoroughly reviewed by our Product and Engineering teams.

We are also always available to listen to feedback and concerns that you may have.

Use Branch Protection for additional protection

We empathize that despite taking all steps necessary to minimize risks with granting us these new permissions, there may still be some hesitancy or additional protections customers would like to have in place.

One such protection is enabling branch protection on all of your services’ repositories.  We always recommend enabling this. Branch protection ensures that your default branches are protected and that no one, including OpsLevel, can do things against them like delete, force push, etc.

OpsLevel has a branch protection check that can assist in giving visibility into which service repos already have this in place.

What Are the Next Steps?

On August 18, 2022, we will update the existing GitLab App to enable these changes. You will be notified by OpsLevel when the updated GitLab App is available. We encourage our customers to update to the new app in order to take full advantage of Service Creation. However, if you do not want to update, there will be no changes to your existing OpsLevel functionality outside of not being able to use the Service Creation feature.

We aim to have all of our customers updated to the new permissions by September 16, 2022. If you have any hesitations or concerns, please reach out to your Customer Success Manager and we will be more than happy to schedule time and work through any issues.

 

More resources

Blog
September 19, 2023
by
Fernando Villalba
The OpsLevel Developer Experience (DevEx) series. Part 1: What is DevEx?

Great developer experience (DevEx) is what you get when developers can easily achieve and maintain flow state at work. This article begins a series where we tackle all of the areas that affect flow state and impair your developer experience at your company and provide example metrics and suggestion to help you operate like a potential future unicorn.

Blog
August 31, 2023
by
OpsLevel
August 2023 release notes

This month included an update to our Service Maturity features—to give you even more flexibility—plus more sorting and syncing improvements. Read on to learn more!

Blog
May 31, 2023
by
Haley Hnatiw
May 2023 release notes

See what we’ve shipped in the month of May.

OpsLevel Logo
Subscribe
Join our newsletter to stay up to date on features and releases.
By subscribing you agree to with our Privacy Policy and provide consent to receive updates from our company.
SOC 2AICPA SOC
Product
Software CatalogMaturityIntegrationsSelf-serviceRequest a demo
Company
About usCareersContact UsCustomersPartnersSecurity
Resources
Docs
Blog
Demo
© 1999 J/K Labs Inc. All rights reserved.
Cookie Preferences
Terms of Use
Privacy Policy
Responsible Disclosure
By using this website, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Data Processing Agreement for more information.
Okay!