Skip to content

Hide feed, incoming email, and static access tokens by default

What does this MR do and why?

Describe in detail what your merge request does and why.

Enables the hide_access_tokens feature flag by default. This feature flag has already been enabled on gitlab.com.

Screenshots or screen recordings

For context

Before After
Screen_Shot_2021-12-08_at_1.02.38_PM Screen_Shot_2021-12-08_at_1.01.54_PM

How to set up and validate locally

  1. Open gitlab.yml in the gdk/gitlab directory. Find the incoming_email property and change enabled to true. Run gdk restart
  2. Sign in as an Admin.
  3. Navigate to /admin/application_settings/general. Open the Visibility and access controls section and ensure the Disable feed token checkbox is unchecked.
  4. Navigate to /admin/application_settings/repository. Open the External storage for repository static objects section. Enter https://foo.bar for the External storage URL field and a random value (fdsafasdf) for External storage authentication token.
  5. Navigate to /-/profile/personal_access_tokens

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Peter Hegman

Merge request reports

Loading