Rollout strategy
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
There are several strategies we can choose from to rollout Granular PATs Beta.
Granular tokens are feature flagged with the user actor. When the flag is enabled for a user, they are allowed to create a granular token and it's granular scopes will be respected when authenticating with that token.
Roll out steps
-
Feb 3
- Enable in prod for all members of the AuthZ eng team, Ilonah, Joe, Nelly
- Enable in staging globally - lets PMs do a final review of granularity and resourcing (ask here) from Feb 9 - Feb 27. @rshambhuni and AppSec team to test
- February 16th - February 27th: All Internal Team Members on prod. Selected customers interested in early testing.
- March 2nd -April 10th (18.11): Gradually rolled out to customers on GitLab.com through Beta timeline
Strategies for enabling token creation
- For single users
- Chatops command:
/chatops run feature set granular_personal_access_tokens true --user=jrandazzo,ajaythomasinc - comma separated list of GitLab usernames can be passed as argument
- Chatops command:
- For all GitLab team members
- Chatops command:
/chatops run feature set granular_personal_access_tokens true --feature-group=gitlab_team_members
- Chatops command:
- For a percentage of users
- Chatops command:
/chatops run feature set granular_personal_access_tokens 10 --actors - a percentage can be passed as argument
- Chatops command:
Limitations
- When a resource is not yet supported, an error message will be returned when authenticating with a granular token
- When disabling the feature flag, an error message will be returned when granular tokens are used to authenticate
Edited by Ajay Thomas