Skip to content

Service to create Project Access Token

Aishwarya Subramanian requested to merge project-access-token into master

What does this MR do?

This MR is an intermediate step for the Project Access Token issue.

It adds a service to create Project level Access token. This service will in a future MR be invoked by a controller action that's used to create a Project Access Token.

Complete overview on the implementation of this feature can be found in the Technical Implementation details section.

What does the Service do?

  1. Check if the current user has the required permission to create a Project Access token
  2. Create a Project Bot user
  3. Makes the Project Bot user as a Maintainer in the project
  4. Create a Personal Access Token for the user

Feature Flag

The service execution is behind the Feature Flag: project_access_token

Default and Overridden values:

Entity Column Default value Can user override?
Project Bot user name { Project Name } Bot Yes
Project Bot user email project_<project_id>_bot<incremental_counter>@example.com No
Project Bot user username project_<project_id>_bot<incremental_counter>@example.com No
Personal Access Token scopes [:api, :read_repository, :write_repository, :read_registry] Yes
Personal Access Token expires_at nil Yes

Mentions #210057 (closed)

Screenshots

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team
Edited by Aishwarya Subramanian

Merge request reports