Audit event streaming fails because of hardcoded limit in header for bearer token

Context

One of our large enterprise customers (2000 users, self managed) is currently adopting Ultimate. They would like to implement audit streaming to Sentinel in Azure Cloud.

To authenticate against the log ingester in azure a bearer token is required.

Unfortunately bearer tokens from Azure are ~1000 characters long.

Customer did a sample script to generate bearer tokens and the result was:

size=$(./get_bearer_token.sh)

echo ${#size}

1297

This seems to be an artificial limit to control scalability and performance.

Problem

When you try to configure the audit stream with this bearer token you get the error message:

• "Value is too long (maximum is 255 characters)"

Reason seems to be this hardcoded length limit:

• length: { maximum: 255 },
  • https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/app/models/audit_events/streaming/instance_header.rb#L12

Proposal

Implement a much larger limit, to be able to support Azure as streaming destination like for Sentinel.

Update our streaming event docs to outline details for Azure log streaming to Sentinel

Update our streaming event docs to mention any kind of limit for the bearer token, as there may be even more services, which may run in this artificial problem

Refs

Doc:

• https://learn.microsoft.com/en-us/entra/identity-platform/access-tokens

SLACK:

• https://gitlab.slack.com/archives/CN7C8029H/p1741726854016899?thread_ts=1741698335.055129&cid=CN7C8029H

cc @sam.figueroa @alex-dess