Username and password should only be required for JIRA service when used
We configure a plugin on the JIRA side to show commits there. We only require GitLab's JIRA service to create the full link to issues mentioned in the commits. I.e. the issue in the comment of https://code.onehippo.org/cms-community/hippo-site-toolkit/commit/ff1b56cdce3c1357fb94a5c5d14751015f85f495 links to https://issues.onehippo.com/browse/HSTTWO-4114 (sign up to see the commits)
Until 9.3 we could just configure it without specifying any user. Since 9.3 this is no longer possible as the username and password are required so we can't update any existing service configurations (which do still work, like the above example) or create new ones without configuring a user.
In https://gitlab.com/gitlab-org/gitlab-ce/issues/37124 it became apparent that this was not so much a regression as the new behaviour is according to the original design. (Pre 9.3 behaviour was a bug I guess?)
But that does mean that the current design requires us to create a user with write access, who's credentials I then need to share with all masters in my organisation, for no other reason than that the fields exist. Not because configuring that user serves any purpose..... Not very nice from either a security or maintenance perspective.
My proposal would be to only show and make the Username and Password fields required, when either or both of the "commit" or "merge request" checkboxes are ticked.
Depending on whether the above is possible in a micro release, as a possible solution for the short term, revert to the pre 9.3 behaviour of not requiring those fields.
Additionally we feel the documentation should be updated to not list write access for the user as a requirement, but explain which options specifically need it.