Add internal API endpoint for workspace authorize user access (!203350) · Merge requests · GitLab.org / GitLab

Issue: Add endpoint to check if user has access to a g... (#556367 - closed) • Chad Woolley • 18.4

What does this MR do and why?

Add internal API endpoint for workspace authorize user access

See Add endpoint to check if user has access to a g... (#556367 - closed) • Chad Woolley • 18.4 for details

References

Simplify Workspaces setup by removing GitLab Wo... (&16785) • Chad Woolley, Vishal Tak
Add endpoint to check if user has access to a g... (#556367 - closed) • Chad Woolley • 18.4
Based on original commit from spike/integration MR: Draft: Agentw Rails Integration MR for vtak - D... (!197262 - closed) • Vishal Tak

Screenshots or screen recordings

N/A - api endpoint

How to set up and validate locally

Full integration test

Test using integration branch with the commits from this MR copied in: Draft: Agentw Rails Integration MR for vtak - D... (!197262 - closed)
Docs for additional manual setup are in Add workspace tunnelling grpc service (gitlab-org/cluster-integration/gitlab-agent!2699 - merged) (work is in progress to get all of this configured automatically in the GDK).

Easier testing (skip KAS authentication)

If you just want to test the behavior in this MR without having to invoke it via KAS with the JWT authentication, you can do the following:

Comment out the line authenticate_gitlab_kas_request! in ee/lib/api/remote_development/internal/agent/agentw/authorize_user_access.rb
gdk restart rails-web
curl -v http://gdk.test:3000/api/v4/internal/agents/agentw/authorize_user_access

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited Sep 05, 2025 by Chad Woolley