diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-10-26 15:12:12 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-10-26 15:12:12 +0300 |
commit | ae436dd0c51ac75aadcc811c750b8625880919b8 (patch) | |
tree | 79394dd156361448d0dbfbb0c3f24f4408d590e7 /doc/architecture | |
parent | 79cd3f3a38777b1436107bd1e3205f593e1a3bd1 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/architecture')
-rw-r--r-- | doc/architecture/blueprints/cells/impacted_features/personal-access-tokens.md | 28 | ||||
-rw-r--r-- | doc/architecture/blueprints/cells/index.md | 2 |
2 files changed, 27 insertions, 3 deletions
diff --git a/doc/architecture/blueprints/cells/impacted_features/personal-access-tokens.md b/doc/architecture/blueprints/cells/impacted_features/personal-access-tokens.md index 3aca9f1e116..a493a1c4395 100644 --- a/doc/architecture/blueprints/cells/impacted_features/personal-access-tokens.md +++ b/doc/architecture/blueprints/cells/impacted_features/personal-access-tokens.md @@ -17,13 +17,37 @@ we can document the reasons for not choosing this approach. ## 1. Definition -Personal Access Tokens associated with a User are a way for Users to interact with the API of GitLab to perform operations. -Personal Access Tokens today are scoped to the User, and can access all Groups that a User has access to. +Personal Access Tokens (PATs) associated with a User are a way for Users to interact with the API of GitLab to perform operations. +PATs today are scoped to the User, and can access all Groups that a User has access to. ## 2. Data flow ## 3. Proposal +### 3.1. Organization-scoped PATs + +Pros: + +- Can be managed entirely from Rails application. +- Increased security. PAT is limited only to Organization. + +Cons: + +- Different PAT needed for different Organizations. +- Cannot tell at a glance if PAT will apply to a certain Project/Namespace. + +### 3.2. Cluster-wide PATs + +Pros: + +- User does not have to worry about which scope the PAT applies to. + +Cons: + +- User has to worry about wide-ranging scope of PAT (e.g. separation of personal items versus work items). +- Organization cannot limit scope of PAT to only their Organization. +- Increases complexity. All cluster-wide data likely will be moved to a separate [data access layer](../../cells/index.md#1-data-access-layer). + ## 4. Evaluation ## 4.1. Pros diff --git a/doc/architecture/blueprints/cells/index.md b/doc/architecture/blueprints/cells/index.md index 1366d308487..c9a03830a4a 100644 --- a/doc/architecture/blueprints/cells/index.md +++ b/doc/architecture/blueprints/cells/index.md @@ -338,6 +338,7 @@ Below is a list of known affected features with preliminary proposed solutions. - [Cells: Global Search](impacted_features/global-search.md) - [Cells: GraphQL](impacted_features/graphql.md) - [Cells: Organizations](impacted_features/organizations.md) +- [Cells: Personal Access Tokens](impacted_features/personal-access-tokens.md) - [Cells: Personal Namespaces](impacted_features/personal-namespaces.md) - [Cells: Secrets](impacted_features/secrets.md) - [Cells: Snippets](impacted_features/snippets.md) @@ -354,7 +355,6 @@ The following list of impacted features only represents placeholders that still - [Cells: Group Transfer](impacted_features/group-transfer.md) - [Cells: Issues](impacted_features/issues.md) - [Cells: Merge Requests](impacted_features/merge-requests.md) -- [Cells: Personal Access Tokens](impacted_features/personal-access-tokens.md) - [Cells: Project Transfer](impacted_features/project-transfer.md) - [Cells: Router Endpoints Classification](impacted_features/router-endpoints-classification.md) - [Cells: Schema changes (Postgres and Elasticsearch migrations)](impacted_features/schema-changes.md) |