Support customizable timeouts for git CLI 2FA
Problem to solve
Currently, the OTP timeout for git CLI 2FA is hard-coded to 15 minutes, which doesn't allow for any customization.
Intended users
Personas are described at https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/
- Delaney (Development Team Lead)
- Sasha (Software Developer)
- Devon (DevOps Engineer)
- Rachel (Release Manager)
- Simone (Software Engineer in Test)
User experience goal
After OTP has been validated, the user has 15 minutes to use git
commands that interact with the server (e.g. clone
/push
/pull
) w/o requiring another OTP. After 15 minutes the user must request another OTP, which can be a problem for long-running processes, like automated builds.
Proposal
The following use cases need to be covered:
-
MVC: Provide
gitlab.rb
setting instead of hard-coded value so a system-wide default can be set - Follow-on enhancement: Provide a UI to set system-wide default (UPDATE: We have decided to skip the MVC above and proceed directly with providing UI to set a system-wide default)
- Follow-on enhancement: Provide per-user customization of timeout
Further details
Permissions and Security
Documentation
Availability & Testing
What does success look like, and how can we measure that?
What is the type of buyer?
Is this a cross-stage feature?
Links / references
Edited by Manoj M J