Commit e38f70c7 authored by huzaifaiftikhar1's avatar huzaifaiftikhar1

Enable SSH key lifetime settings by default

Update the documentation and toggle the ff_limit_ssh_key_lifetime
feature flag to be enabled by default.

Changelog: added
EE: true
parent 43e8687d
...@@ -194,12 +194,13 @@ To set a limit on how long these sessions are valid: ...@@ -194,12 +194,13 @@ To set a limit on how long these sessions are valid:
## Limit the lifetime of SSH keys **(ULTIMATE SELF)** ## Limit the lifetime of SSH keys **(ULTIMATE SELF)**
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/1007) in GitLab 14.6 [with a flag](../../../administration/feature_flags.md) named `ff_limit_ssh_key_lifetime`. Disabled by default. > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/1007) in GitLab 14.6 [with a flag](../../../administration/feature_flags.md) named `ff_limit_ssh_key_lifetime`. Disabled by default.
> - [Enabled on self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/346753) in GitLab 14.6.
FLAG: FLAG:
On self-managed GitLab, by default this feature is not available. To make it available, On self-managed GitLab, by default this feature is available. To hide the feature,
ask an administrator to [enable the feature flag](../../../administration/feature_flags.md) named `ff_limit_ssh_key_lifetime`. ask an administrator to [disable the feature flag](../../../administration/feature_flags.md) named `ff_limit_ssh_key_lifetime`.
On GitLab.com, this feature is not available. The feature is not ready for production use. On GitLab.com, this feature is not available.
Users can optionally specify a lifetime for Users can optionally specify a lifetime for
[SSH keys](../../../ssh/index.md). [SSH keys](../../../ssh/index.md).
......
...@@ -23,12 +23,12 @@ module EE ...@@ -23,12 +23,12 @@ module EE
end end
def ssh_key_expiration_policy_licensed? def ssh_key_expiration_policy_licensed?
License.feature_available?(:ssh_key_expiration_policy) && ::Feature.enabled?(:ff_limit_ssh_key_lifetime) License.feature_available?(:ssh_key_expiration_policy) && ::Feature.enabled?(:ff_limit_ssh_key_lifetime, default_enabled: :yaml)
end end
override :ssh_key_expiration_policy_enabled? override :ssh_key_expiration_policy_enabled?
def ssh_key_expiration_policy_enabled? def ssh_key_expiration_policy_enabled?
::Gitlab::CurrentSettings.max_ssh_key_lifetime && ssh_key_expiration_policy_licensed? && ::Feature.enabled?(:ff_limit_ssh_key_lifetime) ::Gitlab::CurrentSettings.max_ssh_key_lifetime && ssh_key_expiration_policy_licensed? && ::Feature.enabled?(:ff_limit_ssh_key_lifetime, default_enabled: :yaml)
end end
end end
end end
...@@ -5,4 +5,4 @@ rollout_issue_url: ...@@ -5,4 +5,4 @@ rollout_issue_url:
milestone: '14.6' milestone: '14.6'
type: development type: development
group: group::compliance group: group::compliance
default_enabled: false default_enabled: true
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment