Implement REST API endpoint to create `k8s_proxy`-scoped PAT for user (!131923) · Merge requests · GitLab.org / GitLab

Timo Furrer requested to merge feature/user-create-pat-rest-api into master Sep 15, 2023

What does this MR do and why?

Implement REST API endpoint to create k8s_proxy-scoped PAT for currently auth'ed user

This change set implements a new REST API endpoint at user/personal_access_tokens that is able to create a new Personal Access Token for the currently authenticated user. It limits the scopes to the only the k8s-proxy scope for security pruposes (see reference issue for more details). The default expiration is at the end of the day the token was created at. The maximum lifetime of the token is subject to the regular PAT lifetime limit.

This will help to with #425171 (closed) that requires glab to create short-lived k8s_proxy-scoped PATs.

Refs: Support creating a PAT with another PAT for the... (#425171 - closed)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Oct 04, 2023 by Timo Furrer

Implement REST API endpoint to create `k8s_proxy`-scoped PAT for user

What does this MR do and why?

MR acceptance checklist

Merge request reports