Add latest changes from gitlab-org/gitlab@master

3 files changed, 37 insertions, 2 deletions

diff --git a/lib/gitlab/ci/config/entry/id_token.rb b/lib/gitlab/ci/config/entry/id_token.rb
new file mode 100644
index 00000000000..12e0975d1b1
--- /dev/null
+++ b/lib/gitlab/ci/config/entry/id_token.rb
@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module Ci
+    class Config
+      module Entry
+        ##
+        # Entry that represents a JWT definition.
+        #
+        class IdToken < ::Gitlab::Config::Entry::Node
+          include ::Gitlab::Config::Entry::Attributable
+          include ::Gitlab::Config::Entry::Validatable
+
+          attributes %i[aud]
+
+          validations do
+            validates :config, required_keys: %i[aud], allowed_keys: %i[aud]
+            validates :aud, array_of_strings_or_string: true
+          end
+
+          def value
+            { aud: aud }
+          end
+        end
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/ci/config/entry/job.rb b/lib/gitlab/ci/config/entry/job.rb
index 8e7f6ba4326..ab17e1e3870 100644
--- a/lib/gitlab/ci/config/entry/job.rb
+++ b/lib/gitlab/ci/config/entry/job.rb
@@ -14,7 +14,7 @@ module Gitlab
           ALLOWED_KEYS = %i[tags script image services start_in artifacts
                             cache dependencies before_script after_script
                             environment coverage retry parallel interruptible timeout
-                            release].freeze
+                            release id_tokens].freeze
 
           validations do
             validates :config, allowed_keys: Gitlab::Ci::Config::Entry::Job.allowed_keys + PROCESSABLE_ALLOWED_KEYS
@@ -116,6 +116,11 @@ module Gitlab
             description: 'Indicates whether this job is allowed to fail or not.',
             inherit: false
 
+          entry :id_tokens, ::Gitlab::Config::Entry::ComposableHash,
+            description: 'Configured JWTs for this job',
+            inherit: false,
+            metadata: { composable_class: ::Gitlab::Ci::Config::Entry::IdToken }
+
           attributes :script, :tags, :when, :dependencies,
                      :needs, :retry, :parallel, :start_in,
                      :interruptible, :timeout,
@@ -158,7 +163,8 @@ module Gitlab
               ignore: ignored?,
               allow_failure_criteria: allow_failure_criteria,
               needs: needs_defined? ? needs_value : nil,
-              scheduling_type: needs_defined? ? :dag : :stage
+              scheduling_type: needs_defined? ? :dag : :stage,
+              id_tokens: id_tokens_value
             ).compact
           end
 
diff --git a/lib/gitlab/ci/yaml_processor/result.rb b/lib/gitlab/ci/yaml_processor/result.rb
index ff255543d3b..31a4e10a535 100644
--- a/lib/gitlab/ci/yaml_processor/result.rb
+++ b/lib/gitlab/ci/yaml_processor/result.rb
@@ -107,6 +107,7 @@ module Gitlab
             cache: job[:cache],
             resource_group_key: job[:resource_group],
             scheduling_type: job[:scheduling_type],
+            id_tokens: job[:id_tokens],
             options: {
               image: job[:image],
               services: job[:services],