Skip to content

Cannot Enable Group Access Token after being disabled

Summary

Group Access Tokens can be enabled or disabled by toggling the Users can create project access tokens and group access tokens in this group option. However due to a potential regression from this MR: Policy change to read and destroy token without license for .com, once this is disabled, the option will disappear and cannot be enabled again.

Steps to reproduce

  1. Create a top-level group.
  2. Go to the group page.'
  3. Go to Settings > General > Permissions and group features.
  4. Under Permissions, uncheck the Users can create project access tokens and group access tokens in this group option.
  5. Refresh the page and observe the option is already missing.

Example Project

What is the current bug behavior?

  1. Group administrators are unable to enable group access token again once it is disabled.

What is the expected correct behavior?

  1. Group administrators should be to enable group access token again after disabling it.

Relevant logs and/or screenshots

  • Default options when a group is created.

Screenshot_from_2023-01-20_11-36-38

  • Option is missing after disabling it.

Screenshot_from_2023-01-20_11-37-08

Output of checks

This bug happens on GitLab.com

Results of GitLab environment info

Expand for output related to GitLab environment info 

(For installations with omnibus-gitlab package run and paste the output of:
`sudo gitlab-rake gitlab:env:info`)

(For installations from source run and paste the output of:
`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)

Results of GitLab application Check

Expand for output related to the GitLab application check 
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)


(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)


(we will only investigate if the tests are passing)

Possible fixes

  • A temporary workaround is to enable it back using the rails console.
group = Group.find(GROUPID)
group.namespace_settings.update(resource_access_token_creation_allowed: true)
Edited by Kent Japhet Ballon