Support customizable timeouts for git CLI 2FA

Problem to solve

Currently, the OTP timeout for git CLI 2FA is hard-coded to 15 minutes, which doesn't allow for any customization.

Intended users

Personas are described at https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/

• Delaney (Development Team Lead)
• Sasha (Software Developer)
• Devon (DevOps Engineer)
• Rachel (Release Manager)
• Simone (Software Engineer in Test)

User experience goal

After OTP has been validated, the user has 15 minutes to use git commands that interact with the server (e.g. clone/push/pull) w/o requiring another OTP. After 15 minutes the user must request another OTP, which can be a problem for long-running processes, like automated builds.

Proposal

The following use cases need to be covered:

1. MVC: Provide gitlab.rb setting instead of hard-coded value so a system-wide default can be set
2. Follow-on enhancement: Provide a UI to set system-wide default (UPDATE: We have decided to skip the MVC above and proceed directly with providing UI to set a system-wide default)
3. Follow-on enhancement: Provide per-user customization of timeout

Further details

Permissions and Security

Documentation

Availability & Testing

What does success look like, and how can we measure that?

What is the type of buyer?

Is this a cross-stage feature?

Links / references