Consider limiting number of projects in job token scope
Problem
In !62733 (comment 596094537) while working on introducing a CI_JOB_TOKEN scope, this point was raised:
With this MR we are introducing a security layer on top of
CI_JOB_TOKEN
usage in the form ofCi::JobToken::Scope
. The scope defines the list of projects that the job token can access to. By default the scope for a given job token includes only the project where the job token originates from.Question: Do we have a limit for the projects? A limit may help with the performance, but not sure if that works from the feature perspective
Answer: user can only add projects they have access to and in the first iteration we would only allow managing projects via the UI. I doubt that a user would add thousands of projects to the scope.
Should we consider limiting the number of projects a user can add? This may be more a discussion for the next iteration, if we think about adding/removing groups.