Add observability scopes for personal tokens
What does this MR do and why?
This MR adds two read_observability and write_obsevability) to be used by GitLab Observability exclusively only if feature flag observability_group_tab is enabled. See the rollout issue.
These scopes do not enable any abilities within GitLab itself. Those tokens are only meant to be used by GitLab Observability itself. (See example)
The new scopes are only visible on Group > Settings > Access tokens and hidden on other Access token pages (Project, Profile, Admin).
See gitlab-org/opstrace/opstrace#2086 (closed) for more information.
Screenshots or screen recordings
| Group > Settings > Access tokens | Project > Settings > Access tokens | Profile > Preferences > Access tokens | Admin > Users > Impersonation Tokens | |
|---|---|---|---|---|
| feature flag ENABLED globally |
|
|
|
|
| feature flag ENABLED on group | On that group On other group 
|
|
|
|
| feature flag DISABLED |
|
|
|
|
-
✅ Visible -
❌ Hidden
| Token created |
|---|
 |
How to set up and validate locally
- Start GDK
- Go to Group > Settings > Access tokens
- Go to Project > Settings > Access tokens
- Go to Profile > Preferences > Access tokens
- Go to Admin > Users > Impersonation Tokens
- Enable feature flag
observability_group_tabon group viaFeature.enable(:observability_group_tab, Group.first)in Rails console - go to 2.
- Enable feature flag
observability_group_tabglobally viaFeature.enable(:observability_group_tab)in Rails console - go to 2.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Peter Leitzen