The Authentication group will be working on adding a UI for service accounts. Today we offer APIs to create, delete and list service accounts and for adding PATs to a service account. We want to offer a UI-based experience to make this easier for admin or top-level owners. ### Problem to solve <!--What problem do we solve? Try to define the who/what/why of the opportunity as a user story. For example, "As a (who), I want (what), so I can (why/value)."--> As an admin or a top level group owner, [service accounts](https://docs.gitlab.com/ee/user/profile/service_accounts.html) were built iteratively the APIs to create, delete and list service accounts, along with adding PATs to a service account. For users more familiar with the UI, or for improved experience, we'd also want to provide a UI that can perform the same tasks. SA addition to project or groups already follows the user invite flow, and doesn't need to be modified. ↵ ### Intended users These would be instance admins and top-level group owners for SM, along with top-level group owners on GitLab.com. All other user roles will continue to leverage the existing user invite flow for adding Service accounts (SA) to their projects or groups. ### Proposal <!--How are we going to solve the problem? Try to include the user journey! https://about.gitlab.com/handbook/journeys/#user-journey--> See https://gitlab.com/gitlab-org/gitlab/-/issues/504455+ and https://gitlab.com/gitlab-org/gitlab/-/issues/387071#note_2205092066 for the proposal. For first iteration, we propose that the service account is generated with the default name/username, and a user can separately add a PAT(s) or edit the service accounts name/username.<!-- This issue template can be used as a great starting point for feature requests. Learn more about the process: https://handbook.gitlab.com/handbook/product/how-to-engage/#customer-feature-requests. The first section "Release notes" is required if you want to have your release post blog MR auto generated. Currently in BETA, details on the **release post item generator** can be found in the handbook: https://about.gitlab.com/handbook/marketing/blog/release-posts/#release-post-item-generator and this video: https://www.youtube.com/watch?v=rfn9ebgTwKg. The next four sections: "Problem to solve", "Intended users", "User experience goal", and "Proposal", are strongly recommended in your first draft, while the rest of the sections can be filled out during the problem validation or breakdown phase. However, keep in mind that providing complete and relevant information early helps our product team validate the problem and start working on a solution. -->↵ ### Release notes <!--What is the problem and solution you're proposing? This content sets the overall vision for the feature and serves as the release notes that will populate in various places, including the [release post blog](https://about.gitlab.com/releases/categories/releases/) and [Gitlab project releases](https://gitlab.com/gitlab-org/gitlab/-/releases). "--> ### Problem to solve <!--What problem do we solve? Try to define the who/what/why of the opportunity as a user story. For example, "As a (who), I want (what), so I can (why/value)."--> ### Intended users <!--Who will use this feature? If known, include any of the following: types of users (e.g. Developer), personas, or specific company roles (e.g. Release Manager). It's okay to write "Unknown" and fill this field in later. Personas are described at https://handbook.gitlab.com/handbook/product/personas/ * [Parker (Product Manager)](https://handbook.gitlab.com/handbook/product/personas/#parker-product-manager) * [Delaney (Development Team Lead)](https://handbook.gitlab.com/handbook/product/personas/#delaney-development-team-lead) * [Presley (Product Designer)](https://handbook.gitlab.com/handbook/product/personas/#presley-product-designer) * [Sasha (Software Developer)](https://handbook.gitlab.com/handbook/product/personas/#sasha-software-developer) * [Priyanka (Platform Engineer)](https://handbook.gitlab.com/handbook/product/personas/#priyanka-platform-engineer) * [Sidney (Systems Administrator)](https://handbook.gitlab.com/handbook/product/personas/#sidney-systems-administrator) * [Rachel (Release Manager)](https://handbook.gitlab.com/handbook/product/personas/#rachel-release-manager) * [Simone (Software Engineer in Test)](https://handbook.gitlab.com/handbook/product/personas/#simone-software-engineer-in-test) * [Allison (Application Ops)](https://handbook.gitlab.com/handbook/product/personas/#allison-application-ops) * [Ingrid (Infrastructure Operator)](https://handbook.gitlab.com/handbook/product/personas/#ingrid-infrastructure-operator) * [Dakota (Application Development Director)](https://handbook.gitlab.com/handbook/product/personas/#dakota-application-development-director)↵ * [Dana (Data Analyst)](https://handbook.gitlab.com/handbook/product/personas/#dana-data-analyst)↵ * [Eddie (Content Editor)](https://handbook.gitlab.com/handbook/product/personas/#eddie-content-editor)↵ * [Amy (Application Security Engineer)](https://handbook.gitlab.com/handbook/product/personas/#amy-application-security-engineer) * [Isaac (Infrastructure Engineer)](https://handbook.gitlab.com/handbook/product/personas/#isaac-infrastructure-security-engineer) * [Alex (Security Operations Engineer)](https://handbook.gitlab.com/handbook/product/personas/#alex-security-operations-engineer) * [Cameron (Compliance Manager)](https://handbook.gitlab.com/handbook/product/personas/#cameron-compliance-manager)--> ### User experience goal <!--What is the single user experience workflow this problem addresses? For example, "The user should be able to use the UI/API/.gitlab-ci.yml with GitLab to <perform a specific task>" https://about.gitlab.com/handbook/product/ux/ux-research-training/user-story-mapping/--> ### Further details <!--Include use cases, benefits, goals, or any other details that will help us understand the problem better.--> ### Permissions and Security <!--What permissions are required to perform the described actions? Are they consistent with the existing permissions as documented for users, groups, and projects as appropriate? Is the proposed behavior consistent between the UI, API, and other access methods (e.g. email replies)? Consider adding checkboxes and expectations of users with certain levels of membership https://docs.gitlab.com/ee/user/permissions.html * [ ] Add expected impact to members with no access (0) * [ ] Add expected impact to Guest (10) members * [ ] Add expected impact to Reporter (20) members * [ ] Add expected impact to Developer (30) members * [ ] Add expected impact to Maintainer (40) members * [ ] Add expected impact to Owner (50) members Please consider performing a threat model for the code changes that are introduced as part of this feature. To get started, refer to our Threat Modeling handbook page https://about.gitlab.com/handbook/security/threat_modeling/#threat-modeling. Don't hesitate to reach out to the Application Security Team (`@gitlab-com/gl-security/appsec`) to discuss any security concerns.--> These were discussed during the UX reviews but adding here for summary:↵ - Instance admins & optionally top-level group owners on self-managed can create a SA. The navigational entrance to create/view service accounts, or add/manage PATs should therefore be limited to these roles.↵ - Top-level group owners on GitLab.com can create a SA. The navigational entrance to create/view service accounts, or add/manage PATs should therefore be limited to these roles.↵ - All other roles would follow the invite flow to add service accounts to their groups or projects, if their permissions allow for it (group owners, project maintainers). This should not require any additional changes, and the flow exists ### Documentation <!--See the Feature Change Documentation Workflow https://docs.gitlab.com/ee/development/documentation/workflow.html#for-a-product-change * Add all known Documentation Requirements in this section. See https://docs.gitlab.com/ee/development/documentation/workflow.html * If this feature requires changing permissions, update the permissions document. See https://docs.gitlab.com/ee/user/permissions.html--> ### Availability & Testing <!--This section needs to be retained and filled in during the workflow planning breakdown phase of this feature proposal, if not earlier. What risks does this change pose to our availability? How might it affect the quality of the product? What additional test coverage or changes to tests will be needed? Will it require cross-browser testing? Please list the test areas (unit, integration and end-to-end) that needs to be added or updated to ensure that this feature will work as intended. Please use the list below as guidance. * Unit test changes * Integration test changes * End-to-end test change See the Quality Engineering quad planning and test planning processes and reach out to your counterpart Software Engineer in Test for assistance. Quad Planning: https://handbook.gitlab.com/handbook/engineering/infrastructure/test-platform/quad-planning/ Test Planning: https://handbook.gitlab.com/handbook/engineering/infrastructure/test-platform/test-engineering/#test-planning--> ### Available Tier This will be available on GitLab Premium and Ultimate. Please see https://docs.gitlab.com/ee/user/profile/service_accounts.html#create-a-service-account for how many service accounts are allowed on each tier. <!--This section should be used for setting the appropriate tier that this feature will belong to. Pricing can be found here: https://about.gitlab.com/pricing/ * Free↵ * Premium/Silver↵ * Ultimate/Gold↵--> ### Feature Usage Metrics <!--How are you going to track usage of this feature? Think about user behavior and their interaction with the product. What indicates someone is getting value from it?--> ### What does success look like, and how can we measure that? <!--Define both the success metrics and acceptance criteria. Note that success metrics indicate the desired business outcomes, while acceptance criteria indicate when the solution is working correctly. If there is no way to measure success, link to an issue that will implement a way to measure this. Explore (../../doc/development/internal_analytics/internal_event_instrumentation/quick_start.md) for a guide.--> ### What is the type of buyer? <!--What is the buyer persona for this feature? See https://handbook.gitlab.com/handbook/marketing/brand-and-product-marketing/product-and-solution-marketing/roles-personas/buyer-persona/ In which enterprise tier should this feature go? See https://handbook.gitlab.com/handbook/company/pricing/#three-tiers--> ### Is this a cross-stage feature? <!--Communicate if this change will affect multiple Stage Groups or product areas. We recommend always start with the assumption that a feature request will have an impact into another Group. Loop in the most relevant PM and Product Designer from that Group to provide strategic support to help align the Group's broader plan and vision, as well as to avoid UX and technical debt. https://about.gitlab.com/handbook/product/#cross-stage-features--> ### What is the competitive advantage or differentiation for this feature? ### Links / references <!--Label reminders Make sure to add the appropriate labels for the product stage and/or group (e.g ~"devops::plan") if known and add a comment tagging the appropriate Product Manager. Use the following resources to find the appropriate labels: - Use only one tier label choosing the lowest tier this is intended for - https://gitlab.com/gitlab-org/gitlab/-/labels - https://about.gitlab.com/handbook/product/categories/features/ Examples: /label ~group:: ~section:: ~Category: /label ~"GitLab Free" ~"GitLab Premium" ~"GitLab Ultimate"--> ## Engineering Issue Parallelization Option 1 Here is the order of issues that can be parallelized. ### Sequentially: * https://gitlab.com/gitlab-org/gitlab/-/issues/509865+s * https://gitlab.com/gitlab-org/gitlab/-/issues/509866+s * https://gitlab.com/gitlab-org/gitlab/-/issues/387071+s Once the above issues are completed we can parallelize efforts ### Parallel: * https://gitlab.com/gitlab-org/gitlab/-/issues/509870+s * https://gitlab.com/gitlab-org/gitlab/-/issues/393233+s IIa and IIb can be done at the same time. ### Sequential Part IIa * https://gitlab.com/gitlab-org/gitlab/-/issues/393234+s ### Sequential Part IIb: * https://gitlab.com/gitlab-org/gitlab/-/issues/387072+s ### Parallel Part II: * https://gitlab.com/gitlab-org/gitlab/-/issues/509879+s * https://gitlab.com/gitlab-org/gitlab/-/issues/509877+s ----------- ## Engineering Issue Parallelization Option 2 This approach relies on us splitting the efforts for the Service Accounts Management Vue Routes, and the Token Management Vue Route. Once the router and App is bootstrapped we can parallelize efforts but this will require us creating service accounts via CURL to unblock working with real data in the Token management screen during development. ### Phase 1: #### Sequentially Track A: * https://gitlab.com/gitlab-org/gitlab/-/issues/509865+s * https://gitlab.com/gitlab-org/gitlab/-/issues/509866+s * https://gitlab.com/gitlab-org/gitlab/-/issues/387071+s ### Phase 2: #### Sequentially Track A: * https://gitlab.com/gitlab-org/gitlab/-/issues/509870+s #### Sequentially Track B: * https://gitlab.com/gitlab-org/gitlab/-/issues/387072+s #### Parallel: * https://gitlab.com/gitlab-org/gitlab/-/issues/393234+s * https://gitlab.com/gitlab-org/gitlab/-/issues/393233+s * https://gitlab.com/gitlab-org/gitlab/-/issues/509879+s * https://gitlab.com/gitlab-org/gitlab/-/issues/509877+s