Merge branch 'selhorn-flag-2' into 'master'

Re-did feature flag to latest guidelines See merge request gitlab-org/gitlab!82043

Merge branch 'selhorn-flag-2' into 'master'
Re-did feature flag to latest guidelines See merge request gitlab-org/gitlab!82043
d1e71868 · Evan Read · a35667b2 · fa4499cd · d1e71868 · d1e71868
Commit d1e71868 authored Mar 02, 2022 by Evan Read
Showing with 8 additions and 40 deletions

doc/security/two_factor_authentication.md doc/security/two_factor_authentication.md +6 -33

doc/user/admin_area/settings/account_and_limit_settings.md doc/user/admin_area/settings/account_and_limit_settings.md +2 -7

No files found.
--- a/doc/security/two_factor_authentication.md
+++ b/doc/security/two_factor_authentication.md
@@ -33,10 +33,10 @@ To enable 2FA for all users:
 If you want 2FA enforcement to take effect during the next sign-in attempt,
 change the grace period to `0`.

-## Disable 2FA enforcement through rails console
+## Disable 2FA enforcement through Rails console

-Using the [rails console](../administration/operations/rails_console.md), enforcing 2FA for
-all user can be disabled. Connect to the rails console and run:
+Using the [Rails console](../administration/operations/rails_console.md), enforcing 2FA for
+all user can be disabled. Connect to the Rails console and run:

 ```ruby
 Gitlab::CurrentSettings.update!('require_two_factor_authentication': false)
@@ -108,13 +108,10 @@ reactivate 2FA from scratch if they want to use it again.

 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/270554) in GitLab 13.7.
 > - [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/299088) from GitLab Free to GitLab Premium in 13.9.
-> - It's [deployed behind a feature flag](../user/feature_flags.md), disabled by default.
-> - It's disabled on GitLab.com.
-> - It's not recommended for production use.
-> - To use it in GitLab self-managed instances, ask a GitLab administrator to [enable it](#enable-or-disable-2fa-for-git-operations).
+> - It's deployed behind a feature flag, disabled by default.

-WARNING:
-This feature might not be available to you. Check the **version history** note above for details.
+FLAG:
+On self-managed GitLab, by default this feature is not available. To make it available, ask an administrator to [enable the feature flag](../administration/feature_flags.md) named `two_factor_for_cli`. On GitLab.com, this feature is not available. The feature is not ready for production use. This feature flag also affects [session duration for Git Operations when 2FA is enabled](../user/admin_area/settings/account_and_limit_settings.md#customize-session-duration-for-git-operations-when-2fa-is-enabled).

 Two-factor authentication can be enforced for Git over SSH operations. However, we recommend using
 [ED25519_SK](../ssh/index.md#ed25519_sk-ssh-keys) or [ECDSA_SK](../ssh/index.md#ecdsa_sk-ssh-keys) SSH keys instead.
@@ -135,30 +132,6 @@ After the OTP is verified, Git over SSH operations can be used for a session dur
 Once an OTP is verified, anyone can run Git over SSH with that private SSH key for
 the configured [session duration](../user/admin_area/settings/account_and_limit_settings.md#customize-session-duration-for-git-operations-when-2fa-is-enabled).

-### Enable or disable 2FA for Git operations
-
-2FA for Git operations is under development and not
-ready for production use. It is deployed behind a feature flag that is
-**disabled by default**. [GitLab administrators with access to the GitLab Rails console](../administration/feature_flags.md)
-can enable it.
-
-To enable it:
-
-```ruby
-Feature.enable(:two_factor_for_cli)
-```
-
-To disable it:
-
-```ruby
-Feature.disable(:two_factor_for_cli)
-```
-
-The feature flag affects these features:
-
- [Two-factor Authentication (2FA) for Git over SSH operations](#2fa-for-git-over-ssh-operations).
- [Customize session duration for Git Operations when 2FA is enabled](../user/admin_area/settings/account_and_limit_settings.md#customize-session-duration-for-git-operations-when-2fa-is-enabled).
-
 <!-- ## Troubleshooting

 Include any troubleshooting steps that you can foresee. If you know beforehand what issues

--- a/doc/user/admin_area/settings/account_and_limit_settings.md
+++ b/doc/user/admin_area/settings/account_and_limit_settings.md
@@ -178,14 +178,9 @@ nginx['client_max_body_size'] = "200m"

 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/296669) in GitLab 13.9.
 > - It's deployed behind a feature flag, disabled by default.
-> - It's disabled on GitLab.com.
-> - It's not recommended for production use.
-> - To use it in GitLab self-managed instances, ask a GitLab administrator to [enable it](../../../security/two_factor_authentication.md#enable-or-disable-2fa-for-git-operations).

-NOTE:
-This feature is under development and not ready for production use. It is deployed
-behind a feature flag that is **disabled by default**. To use it in GitLab
-self-managed instances, ask a GitLab administrator to [enable it](../../../security/two_factor_authentication.md#enable-or-disable-2fa-for-git-operations).
+FLAG:
+On self-managed GitLab, by default this feature is not available. To make it available, ask an administrator to [enable the feature flag](../../../administration/feature_flags.md) named `two_factor_for_cli`. On GitLab.com, this feature is not available. This feature is not ready for production use. This feature flag also affects [2FA for Git over SSH operations](../../../security/two_factor_authentication.md#2fa-for-git-over-ssh-operations).

 GitLab administrators can choose to customize the session duration (in minutes) for Git operations when 2FA is enabled. The default is 15 and this can be set to a value between 1 and 10080.