Service to create Project Access Token
What does this MR do?
This MR is an intermediate step for the Project Access Token issue.
It adds a service to create Project level Access token. This service will in a future MR be invoked by a controller action that's used to create a Project Access Token.
Complete overview on the implementation of this feature can be found in the Technical Implementation details section.
What does the Service do?
- Check if the current user has the required permission to create a Project Access token
- Create a Project Bot user
- Makes the Project Bot user as a Maintainer in the project
- Create a Personal Access Token for the user
Feature Flag
The service execution is behind the Feature Flag: project_access_token
Default and Overridden values:
Entity | Column | Default value | Can user override? |
---|---|---|---|
Project Bot user | name | { Project Name } Bot | Yes |
Project Bot user | project_<project_id>_bot<incremental_counter>@example.com | No | |
Project Bot user | username | project_<project_id>_bot<incremental_counter>@example.com | No |
Personal Access Token | scopes | [:api, :read_repository, :write_repository, :read_registry] | Yes |
Personal Access Token | expires_at | nil | Yes |
Mentions #210057 (closed)
Screenshots
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers -
Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
Edited by Aishwarya Subramanian