Disable All Types of Access Tokens for FIPS-enabled instance (MVC)
Release notes
Problem to solve
As the administrator of an instance, I wish to disable the creation of Personal Access Tokens (PATs) as authentication for any resources within the namespace.
This is a FedRAMP MilestoneRAR Requirement .
MVC
- For any instance that is
Gitlab::FIPS.enabled?
, PATs, PrATs, and GATS are not able to be created - If PATs, PrATs, and GATS already exist prior to turn this setting on, do nothing (Because this is FedRAMP only, this scenario should not exist to begin with. But if it does, ignore them)
Future Iterations (Personal Access Token focused):
- Expand functionality so it's not limited to FIPS only instances
- Ability to enable/disable PAT creation from UI
- Ability to enable/disable PAT creation from Namespace level
- If PAT creation is disabled, existing PATs are revoked - this would include the frontend work of making it very clear that this is a disruptive action
Metrics
Notes
Before this is released to customers outside of FedRAMP instances, thought needs to be put into what to do with existing PATs.
What happens in the scenario where they are allowed, then disallowed, then allowed again? Should all existing PATs be revoked/deleted? Should they live again once the setting is turned back on?
Availability & Testing
Add specs to cover following cases when PAT creation is disabled:
- Ensure PATs, PrATs, and GATS cannot be created via the API or the UI
- Admin's can also not create PATs, PrATs, and GATS for other users via the API
- Amin's cannot create PATs, PrATs, and GATS for other users via the UI when they impersonate them
- Any existing PATs, PrATs, and GATS will stop working
Edited by Sanad Liaquat