Configure the Git Integration to use GitLab on-premises (Beta)

Configure the Git integration for self-managed GitLab.

The Git Integration has beta support for a self-managed GitLab installation deployed on-premises or in the cloud. SnapLogic provides an app gateway, a secure transparent proxy, to route Git requests through your Groundplex to the GitLab server, providing an additional layer of security.

Important: Ensure that the network idle timeout on the GitLab service is more than 20 seconds. A timeout of 20 seconds or less can lead to connection errors for API calls.

To enable use of self-managed GitLab for tracking SnapLogic assets, you need the following:

  • A subscription for the SnapLogic Git Integration
  • Administrative permission for the GitLab group
  • SnapLogic Environment (Org) admin permission

Repository visibility

We recommend that you configure the Git Integration to only access repositories dedicated to SnapLogic assets. This improves the performance of authorization and Git operations in the SnapLogic Platform. It also improves usability by reducing the list of repositories that pipeline developers must choose from during checkout.

GitLab doesn't have a way to filter the repositories accessed by third parties. In SnapLogic Git Integration settings, the optional Namespaces field controls which repositories are visible in Designer and Classic Manager:

  • An empty field makes all groups and repositories that a user has permission to access visible.
  • A comma-separated list with no spaces of one or more paths:
    • A wildcard includes all repositories in a group or subgroup. For example: My-group/* includes all repos in My-group, while My-group/subgroup1/* includes all repositories in subgroup1.
    • Individual repositories qualified with their parent group or subgroup name. For example: the My-group/SL-repo1 is directly under the group, while My-group/subgroup1/SL-repo1 is a repo under subgroup1.

      The list of paths can be in any order. If two entries in the list overlap, the most restrictive applies. In the following list only the repositories in subgroup1 are visible: My-group/*,My-group/subgroup1/*.

Important: GitLab groups and subgroups act as containers for Git repositories. GitLab supports multiple levels of subgroups. The SnapLogic Git Integration can only expose repositories one level below the root, which includes top-level subgroups and their direct children. Repositories in a subgroup of a subgroup aren't visible.

The following examples show how the most restrictive path applies when entries overlap:

  • snaplogic1/*,snaplogic1/repositoryA,snaplogic1/subgroup1/* : Only repositoryA and all repositories in subgroup1 are visible.
  • snaplogic1/subgroup1/*,snaplogic1/subgroup1/repositoryB,snaplogic1/subgroup1/repositoryC: Only repositoryB and repositoryC are visible.
  • snaplogic1/*,snaplogic1/repositoryE,snaplogic1/subgroup1/repositoryF: Only repositoryE and repositoryF are visible.
  • snaplogic1/*,snaplogic1/repositoryG,snaplogic1/subgroup1/*,snaplogic1/subgroup1/repositoryH,snaplogic1/subgroup2/*: Only repositoryG, repositoryH, and all repositories in subgroup2 are visible.

Create an application in GitLab

To enable GitLab to track SnapLogic assets, create an application that configures connectivity:

  1. Log in to GitLab.
  2. Navigate to your Group.
  3. Select Settings.
  4. Click Applications.
  5. Click Add a new application.
  6. Enter a name.
  7. Specify these values:
    • For Redirect URI, enter: https://control-plane-name.snaplogic.com/api/1/rest/asset/app/oauthcallback
      Where control-plane-name is the control plane you are using. For example:
      • elastic
      • uat
      • emea
      Important: This Redirect URI is the same as the Callback URL that you specify to configure the Git Integration in your SnapLogic environment/org.
    • Leave the Confidential box checked.
    • For Scopes select the following:
      • api
      • read_api
      • read_user
      • write_repository
    • Click Save application.
    • Click the application to view it and copy the secret to use when configuring the SnapLogic environment.

Configure the SnapLogic environment

To finish the configuration, a SnapLogic Environment admin can configure Git Integration settings in:

  • Classic Manager
  • Admin Manager
  1. Open the Classic Manager.
  2. From the left panel select Settings.
  3. Scroll down to Git Integration and click Configure Git.
  4. From the Git Integration Type dropdown list, select GitLab on-premises. The configuration dialog opens:
    Configure GitLab

  5. Enter the following values:
    1. App ID: The Application ID from the GitLab application.
    2. Namespaces: An optional, comma-separated list of repository paths that specifies which repositories are visible to developers in the SnapLogic interface. Refer to Repository visibility for the acceptable syntax.
    3. Client Secret: The Secret copied from the GitLab application.
    4. Gitlab URL: The app gateway URL in the format: org-location-environment-appname.control-plane-name.
    5. Auth URL: The URL for your GitLab server.
    6. Http proxy: The HTTP proxy.
    7. Https proxy: The HTTPS proxy.
    8. Authorized scopes: api read_api read_user write_repository
    9. Callback URL: The Redirect URI from the GitLab application, https://control-plane-name.snaplogic.com/api/1/rest/asset/app/oauthcallback.
      Where control-plane-name is the control plane you are using. For example:
      • elastic
      • uat
      • emea
      Important: This Callback URL is the same as the Redirect URI that you specified in the GitLab application.
  6. Click Save.
  1. Open Admin Manager.
  2. From the left navigation panel under System Configurations select Git Integration.
  3. From the Git integration type dropdown list, select GitLab on-premises. The configuration page opens:
    Configure GitLab

  4. Enter the following values:
    1. App ID: The Application ID from the GitLab application.
    2. Namespaces: An optional, comma-separated list of repository paths that specifies which repositories are visible to developers in the SnapLogic interface. Refer to Repository visibility for the acceptable syntax.
    3. Client secret: The secret copied from the GitLab application.
    4. Gitlab URL: The app gateway URL in the format: org-location-environment-appname.control-plane-name:port-number. For example, with an environment named test and a Groundplex with an Environment value of dev, the gateway URL would be as follows:

      https://test-sidekick-dev-gitlab.appgateway.prod.snaplogic.io:8095

    5. Auth URL: The URL for your GitLab server.
    6. Http proxy: The HTTP proxy.
    7. Https proxy: The HTTPS proxy.
    8. Authorized scopes: api read_api read_user write_repository
    9. Callback URL: The Redirect URI from the GitLab application, https://control-plane-name.snaplogic.com/api/1/rest/asset/app/oauthcallback.
      Where control-plane-name is the control plane you are using. For example:
      • elastic
      • uat
      • emea
      Important: This Callback URL is the same as the Redirect URI that you specified in the GitLab application.
  5. Click Save.

Configure the Groundplex

Configure the Groundplex to connect to the app gateway in Classic Manager or Admin Manager.

  • Classic Manager
  • Admin Manager

From Classic Manager:

  1. Select the Project associated with the Groundplex.
  2. Search for the Groundplex.
  3. Click it to open the Update Snaplex dialog.
  4. Click the Node Properties tab.
  5. In the Global Properties section, click Plus Icon to add the gateway key-value pair:
    On-premises Git configuration on Snaplex Node Properties tab

  6. Enter the appropriate values for the app gateway:
    • Key: jcc.app.gateway.gitlab
    • Value: https://org-location-environment-appname.controlplanename:port where:
      • org: The environment name.
      • location: The location of your Groundplex. Always sidekick.
      • environment: The value in the Environment field in your Groundplex Snaplex Settings tab.
      • appname: gitlab.
      • controlplanename: The control plane that hosts your environment and the app gateway port number:
        • Production: appgateway.prod.snaplogic.io:8095
        • UAT: appgateway.uat.snaplogic.io:8095
        • EMEA: appgateway.emea.snaplogic.io:8095

    • For example, with an environment named test and a Groundplex with an Environment value of dev, the gateway URL for self-managed GitLab would be as follows:

      https://test-sidekick-dev-gitlab.appgateway.prod.snaplogic.io:8095

From Admin Manager:

  1. In the left pane, click Snaplexes.
  2. Click the Groundplex to open the Update Snaplex page.
  3. Click the Node properties tab.
  4. In the Global properties section, click + Add new global property to add the gateway key-value pair:
    On-premises Git configuration on Snaplex Node Properties tab

  5. Enter the appropriate values for the app gateway:
    • Key: jcc.app.gateway.gitlab
    • Value: https://org-location-environment-appname.controlplanename:port where:
      • org: The environment (Org) name without hyphens (-). For example: myenterprise-snap-test should be passed as myenterprisesnaptest.
      • location: Location of your groundplex. Always sidekick.
      • environment: The value in the Environment field in your Groundplex Snaplex Settings tab.
      • appname: gitlab.
      • controlplanename: The control plane that hosts your environment and the app gateway port number:
        • Production: appgateway.prod.snaplogic.io:8095
        • UAT: appgateway.uat.snaplogic.io:8095
        • EMEA: appgateway.emea.snaplogic.io:8095

      For example, with an environment named test and a Groundplex with an Environment value of dev, the gateway URL for self-managed GitLab would be as follows:

      https://test-sidekick-dev-gitlab.appgateway.prod.snaplogic.io:8095