Create a dedicated GitLab service account for every agent

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Release notes

Problem to solve

This feature would support other user problems to be handled elegantly and with relative simplicity, like:

• notifying Flux about changes in projects outside the agent configuration project
• storing vulnerability reports outside the agent configuration project

Proposal

1. Create a new service account at the Organization level for every agent registered. (default)
   • The service account name should be unique. Using the agent ID with a prefix likely works.
   • Initially release in GitLab Ultimate (see the last points here)
2. Allow the user to specify the name of the service account. This allows reusing existing service accounts (or creating them if they don't exist yet).
3. Allow disabling the feature (needed because of the artificial restriction on available Service accounts in GitLab Premium)
4. Move the feature from GitLab Ultimate to GitLab Premium

Intended users

• Priyanka (Platform Engineer)

Feature Usage Metrics

No dedicated metrics as this feature would support actual user facing work.

Does this feature require an audit event?

No. Agent token creation already has an audit event.