Commit fd83d464 authored by Craig Norris's avatar Craig Norris

Merge branch 'eread/remove-duplicated-group-access-token-info' into 'master'

Remove duplicate information

See merge request gitlab-org/gitlab!78418
parents ddf15292 fa5e537d
...@@ -7,10 +7,15 @@ type: reference, howto ...@@ -7,10 +7,15 @@ type: reference, howto
# Group access tokens # Group access tokens
With group access tokens, you can use a single token to:
- Perform actions for groups.
- Manage the projects within the group.
You can use a group access token to authenticate: You can use a group access token to authenticate:
- With the [GitLab API](../../../api/index.md#personalprojectgroup-access-tokens). - With the [GitLab API](../../../api/index.md#personalprojectgroup-access-tokens).
- With Git, when using HTTP Basic Authentication. - In [GitLab 14.2](https://gitlab.com/gitlab-org/gitlab/-/issues/330718) and later, authenticate with Git over HTTPS.
After you configure a group access token, you don't need a password when you authenticate. After you configure a group access token, you don't need a password when you authenticate.
Instead, you can enter any non-blank value. Instead, you can enter any non-blank value.
......
...@@ -84,78 +84,6 @@ To enable or disable project access token creation for all projects in a top-lev ...@@ -84,78 +84,6 @@ To enable or disable project access token creation for all projects in a top-lev
Even when creation is disabled, you can still use and revoke existing project access tokens. Even when creation is disabled, you can still use and revoke existing project access tokens.
## Group access tokens **(FREE SELF)**
With group access tokens, you can use a single token to:
- Perform actions for groups.
- Manage the projects within the group.
- In [GitLab 14.2](https://gitlab.com/gitlab-org/gitlab/-/issues/330718) and later, authenticate with Git over HTTPS.
NOTE:
You cannot use the UI to create a group access token. [An issue exists](https://gitlab.com/gitlab-org/gitlab/-/issues/214045)
to add this functionality. This section describes a workaround.
If you are an administrator of a self-managed GitLab instance, you can create a group access token in the
[Rails console](../../../administration/operations/rails_console.md).
<div class="video-fallback">
For a demo of the group access token workaround, see <a href="https://www.youtube.com/watch?v=W2fg1P1xmU0">Demo: Group Level Access Tokens</a>.
</div>
<figure class="video-container">
<iframe src="https://www.youtube.com/embed/W2fg1P1xmU0" frameborder="0" allowfullscreen="true"> </iframe>
</figure>
### Create a group access token
To create a group access token:
1. Run the following commands in a [Rails console](../../../administration/operations/rails_console.md):
```ruby
# Set the GitLab administration user to use. If user ID 1 is not available or is not an administrator, use 'admin = User.admins.first' instead to select an administrator.
admin = User.find(1)
# Set the group group you want to create a token for. For example, group with ID 109.
group = Group.find(109)
# Create the group bot user. For further group access tokens, the username should be group_#{group.id}_bot#{bot_count}. For example, group_109_bot2 and email address group_109_bot2@example.com.
bot = Users::CreateService.new(admin, { name: 'group_token', username: "group_#{group.id}_bot", email: "group_#{group.id}_bot@example.com", user_type: :project_bot }).execute
# Confirm the group bot.
bot.confirm
# Add the bot to the group with the required role.
group.add_user(bot, :maintainer)
# Give the bot a personal access token.
token = bot.personal_access_tokens.create(scopes:[:api, :write_repository], name: 'group_token')
# Get the token value.
gtoken = token.token
```
1. Test if the generated group access token works:
1. Use the group access token in the `PRIVATE-TOKEN` header with GitLab REST APIs. For example:
- [Create an epic](../../../api/epics.md#new-epic) in the group.
- [Create a project pipeline](../../../api/pipelines.md#create-a-new-pipeline) in one of the group's projects.
- [Create an issue](../../../api/issues.md#new-issue) in one of the group's projects.
1. Use the group token to [clone a group's project](../../../gitlab-basics/start-using-git.md#clone-with-https)
using HTTPS.
### Revoke a group access token
To revoke a group access token, run the following command in a [Rails console](../../../administration/operations/rails_console.md):
```ruby
bot = User.find_by(username: 'group_109_bot') # the owner of the token you want to revoke
token = bot.personal_access_tokens.last # the token you want to revoke
token.revoke!
```
## Project bot users ## Project bot users
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/210181) in GitLab 13.0. > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/210181) in GitLab 13.0.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment