2FA in CLI in Premium
Designs
- Show closed items
Activity
-
Newest first Oldest first
-
Show all activity Show comments only Show history only
- Melissa Ushakov added to epic &2889
added to epic &2889
- Melissa Ushakov removed GitLab Core label
removed GitLab Core label
- Melissa Ushakov removed GitLab Starter label
removed GitLab Starter label
- Maintainer
Setting label(s) devopsmanage sectiondev based on ~"group::access".
- 🤖 GitLab Bot 🤖 added devopsmanage sectiondev labels
added devopsmanage sectiondev labels
- Melissa Ushakov changed milestone to %13.9
changed milestone to %13.9
- Author Contributor
@ifarkas Can you please help with refinement for this issue? Is the scope of this issue clear enough to assign a weight to it?
Collapse replies - Maintainer
The code we need to move to
ee
are:-
Fortinet
relatedAuth::Otp::Strategies
classes -
Fortinet
related logic inUser#two_factor_otp_enabled?
- logic selecting the strategy in
Users::ValidateOtpService
- internal API endpoint
Auth::Otp::SessionEnforcer
GitAccess::check_otp_session!
That seems a lot but it should be straightforward, so I would assign a weight of
3
. @manojmj, could you please review my estimation?Edited by Imre Farkas -
Hmm, I am confused about the scope here between Imre's response above and the issue description
Description says:
Checking for 2FA in the CLI should be in Premium not CE
which makes me wonder if ONLY
2FA for CLI
should be moved to Premium and the other parts - ie,Fortinet as a 2FA provider
can continue to remain in CE.@mushakov could you please clarify?
- Author Contributor
@manojmj FortiNet as a provider for the web UI could be in CE.
cc: @kmcknight
- Author Contributor
My reasoning for the above...
2fa is a CE feature today ... Fortinet is a provider that can be configured so it makes sense to me to keep this in CE
Enforcing 2fa in the CLI is a security enhancement that matches the Director persona so it would be a premium feature for all providers.
Edited by Melissa Ushakov 1 - Author Contributor
- Maintainer
@mushakov, apologies
, I got confused by having the GitLab Premium label on the whole epic, so I thought we need to move everything toee/
. Moving only the code related to git operations involves:- internal API endpoint
Auth::Otp::SessionEnforcer
GitAccess::check_otp_session!
So I suggest a weight of
2
. @manojmj, would you agree with that?
- 🤖 GitLab Bot 🤖 added [deprecated] Accepting merge requests label
added [deprecated] Accepting merge requests label
- Imre Farkas set weight to 3
set weight to 3
- Imre Farkas assigned to @manojmj
assigned to @manojmj
- 🤖 GitLab Bot 🤖 removed [deprecated] Accepting merge requests label
removed [deprecated] Accepting merge requests label
- Melissa Ushakov unassigned @mushakov
unassigned @mushakov
- Melissa Ushakov added workflowready for development label
added workflowready for development label
- Melissa Ushakov added workflowrefinement label and removed workflowready for development label
added workflowrefinement label and removed workflowready for development label
- Manoj M J added workflowready for development label and removed workflowrefinement label
added workflowready for development label and removed workflowrefinement label
- Manoj M J set weight to 2
set weight to 2
- Imre Farkas assigned to @ifarkas
assigned to @ifarkas
- Manoj M J mentioned in issue #296669 (closed)
mentioned in issue #296669 (closed)
- Manoj M J mentioned in merge request !52769 (merged)
mentioned in merge request !52769 (merged)
- Melissa Ushakov unassigned @ifarkas
unassigned @ifarkas
- Developer
@mushakov can you please clarify the timeframe for this issue to be completed? It has a milestone of %13.9 but is no longer assigned to anyone. We definitely need 2FA on CLI to be a GitLab Premium feature.
/cc @mnevolo
Collapse replies - Author Contributor
@kmcknight It's targeted for %13.9 and waiting to be picked up by an engineer. The other assignment was outdated since it was for refinement only. I removed it to signal to the team that this is ready for someone to take it on.
1 - Maintainer
The other assignment was outdated since it was for refinement only. I removed it to signal to the team that this is ready for someone to take it on.
@mushakov, I already picked it up and my assignment was not outdated, it happened after refinement.
So I assume it was accidental, I am reassigning myself. - Author Contributor
- Author Contributor
@ifarkas Changed the workflow label to workflowin dev
1
- 🤖 GitLab Bot 🤖 added [deprecated] Accepting merge requests label
added [deprecated] Accepting merge requests label
- 🤖 GitLab Bot 🤖 mentioned in issue gitlab-org/quality/triage-reports#1797 (closed)
mentioned in issue gitlab-org/quality/triage-reports#1797 (closed)
- Imre Farkas assigned to @ifarkas
assigned to @ifarkas
- Melissa Ushakov added workflowin dev label and removed workflowready for development label
added workflowin dev label and removed workflowready for development label
- 🤖 GitLab Bot 🤖 removed [deprecated] Accepting merge requests label
removed [deprecated] Accepting merge requests label
- Imre Farkas mentioned in merge request !53166 (merged)
mentioned in merge request !53166 (merged)
- Sanad Liaquat added quad-planningcomplete-no-action label
added quad-planningcomplete-no-action label
- Imre Farkas added workflowin review label and removed workflowin dev label
added workflowin review label and removed workflowin dev label
- Author Contributor
@ifarkas I see that the MRs that were related to this issue have been merged
. I'm going to close this issue. If there are other changes that need to be made to complete this work please re-open it. - Melissa Ushakov closed
closed
- Liam McAndrew added backend label
added backend label