Document allowed auth mechanisms for package managers
What does this MR do?
This MR documents which authentication tokens and transport mechanisms should be accepted by package managers. &3807 aims to redesign the authentication specification mechanism such that which tokens and transports actually are accepted can be easily determined by analysis (of Ruby). !50729 (closed) exhaustively tests (almost) every combination of token and transport in order to A) determine which are accepted and B) prevent regressions.
Currently, there is very little information on what tokens and transports should be accepted. I largely based the documentation on the description and discussion of &3807.
documentation Category:Package Registry devopspackage ~"group::package"
Author's checklist (required)
-
Follow the Documentation Guidelines and Style Guide. - [-] Update the permissions table.
- [-] Link docs to and from the higher-level index page, plus other related docs where helpful.
- [-] Add the product tier badge accordingly.
- [-] Add GitLab's version history note(s).
- [-] Add/update the feature flag section.
Review checklist
All reviewers can help ensure accuracy, clarity, completeness, and adherence to the Documentation Guidelines and Style Guide.
1. Primary Reviewer
-
Review by a code reviewer or other selected colleague to confirm accuracy, clarity, and completeness. This can be skipped for minor fixes without substantive content changes.
2. Technical Writer
-
Technical writer review. If not requested for this MR, must be scheduled post-merge. To request for this MR, assign the writer listed for the applicable DevOps stage. -
Ensure docs metadata are present and up-to-date. -
Ensure Technical Writing and documentation are added. -
Add the corresponding docs::
scoped label. -
If working on UI text, add the corresponding UI Text
scoped label. -
Add twdoing when starting work on the MR. -
Add twfinished if Technical Writing team work on the MR is complete but it remains open.
-
For more information about labels, see Technical Writing workflows - Labels.
For suggestions that you are confident don't need to be reviewed, change them locally and push a commit directly to save others from unneeded reviews. For example:
- Clear typos, like
this is a typpo
. - Minor issues, like single quotes instead of double quotes, Oxford commas, and periods.
For more information, see our documentation on Merging a merge request.
3. Maintainer
-
Review by assigned maintainer, who can always request/require the above reviews. Maintainer's review can occur before or after a technical writer review. -
Ensure a release milestone is set. -
If there has not been a technical writer review, create an issue for one using the Doc Review template.