Skip to content

Implement REST API endpoint to create `k8s_proxy`-scoped PAT for user

Timo Furrer requested to merge feature/user-create-pat-rest-api into master

What does this MR do and why?

Implement REST API endpoint to create k8s_proxy-scoped PAT for currently auth'ed user

This change set implements a new REST API endpoint at user/personal_access_tokens that is able to create a new Personal Access Token for the currently authenticated user. It limits the scopes to the only the k8s-proxy scope for security pruposes (see reference issue for more details). The default expiration is at the end of the day the token was created at. The maximum lifetime of the token is subject to the regular PAT lifetime limit.

This will help to with #425171 (closed) that requires glab to create short-lived k8s_proxy-scoped PATs.

Refs: Support creating a PAT with another PAT for the... (#425171 - closed)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Timo Furrer

Merge request reports

Loading