Cells: Authorization for Workhorse endpoints for Git over SSH
Overview
The general information can be found in Cells: SSH Routing for Git Pull (&13532)
The blueprint Architectural blueprint for SSH requests routing (!146231 - merged) and PoC !146227 (closed) provides the following example for Git over SSH endpoint authorization:
- As mentioned in Workhorse: HTTP endpoint for bidirectional SSH ... (#456116 - closed) Geo requests are checked separately
- GitLab Shell secret is the same for all Cells. Global GitLab Shell signs a JWT token and sends it to a Cell. The Cell verifies the token using the shared secret and authorizes the request.
Requirement
This issue is about implementing the discussed proposal or implementing a new solution based on the authorization decision made by ~"group::tenant scale"