Extend group IP restriction to API activity
Problem
Our first iteration of IP access restriction https://gitlab.com/gitlab-org/gitlab-ee/issues/1985 only covered the UI. For organizations looking for a solution that comprehensively covers their access control needs without workarounds, we should extend this restriction to perform this access check on the command line for API activity.
Proposal
- If any incoming request does not adhere to the group's IP address restriction, fail the request with an
- Cover API endpoints associated with the group, as well as all projects and subgroups within the group.
- Instance-level endpoints outside the boundaries of the group IP filter should not be impacted (Users API, for example).
Git activity to be covered in #32113 (closed).
Edited by Jeremy Watson (ex-GitLab)