Skip email domain checks for service accounts
What does this MR do and why?
Skip email domain checks for service accounts
Currently, when a user attempts to add a service account to a subgroup or project where the "Restrict group access by email domain" feature is enabled, they receive an error message. This MR fixes the behavior to skip domain checks for service accounts, and adds a spec to prevent regressions.
See 426906 for more details
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
| Before | After |
|---|---|
 |
 |
How to set up and validate locally
- Ensure premium or ultimate license is applied
- Create a group
top-level -
Create a service account user for the
top-levelgroup - Enable the restrict group access by email domain feature for this group, using a domain you control (
example.com) - Create a sub-group or project
sub-level - Add the service account user to the sub-group or project
- Before this MR, the UI and API will display a validation error. After the MR, it should work as expected.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #426906 (closed)
Edited by Andrew Evans