Skip to content
GitLab
Next
Closed
Issue created by Jeremy Watson (ex-GitLab)@jeremy-glContributor

Extend group IP restriction to API activity

Problem

Our first iteration of IP access restriction https://gitlab.com/gitlab-org/gitlab-ee/issues/1985 only covered the UI. For organizations looking for a solution that comprehensively covers their access control needs without workarounds, we should extend this restriction to perform this access check on the command line for API activity.

Proposal

  • If any incoming request does not adhere to the group's IP address restriction, fail the request with an
  • Cover API endpoints associated with the group, as well as all projects and subgroups within the group.
  • Instance-level endpoints outside the boundaries of the group IP filter should not be impacted (Users API, for example).

Git activity to be covered in #32113.

Edited by Jeremy Watson (ex-GitLab)