Skip to content

Adjust project settings CI_JOB_TOKEN section wording

Miranda Fluharty requested to merge 415519-add-groups-to-ci-job-token-allowlist-5 into master

What does this MR do and why?

Context

This MR contains the changes from Rename "Limit access to this project" to "Allow... (!151704 - merged) (which was reverted because the language didn't match how the toggle works)...

except the toggle label will remain "Limit access _to_ this project" to match how the feature currently works:

  • toggle off: any project can use CI_JOB_TOKEN to authenticate with this project
  • toggle on: only projects on the allowlist can use CI_JOB_TOKEN to authenticate with this project

Description

Clarify CI Job Token wording

Reword UI text around "Limit access to this project" toggle
Add card header secondary text, wrap it responsively
On md+ viewports, wrap text before it reaches the button
On smaller viewports, make the text full width and
wrap the button below the rest of the text

Changelog: changed

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Before After
Screenshot_2024-06-21_at_19.54.50 Screenshot_2024-06-21_at_19.57.40
how the new description text wraps with the button on smaller screens
Screen_Recording_2024-06-21_at_20.25.06

How to set up and validate locally

  1. navigate to a project
  2. in the sidebar, choose Settings => CI/CD
  3. expand the Job token permissions section (formerly known as Token Access)
  4. review the following text changes:
settings section
  title:
-   Token Access
+   Job token permissions
  description:
-   Control how the CI_JOB_TOKEN CI/CD variable is used for API access between projects.
+   Control whether CI/CD job tokens can be used to authenticate with this project.

toggle
  help text:
-   Allow access to this project from authorized groups or projects by adding them to the allowlist. It is a security risk to disable this feature, because unauthorized projects might attempt to retrieve an active token and access the API.
+   When enabled, only groups and projects in the allowlist are authorized to use a CI/CD job token to authenticate requests to this project. When disabled, any group or project can do so.

card/table header
  title:
-   Groups and projects with access
+   Authorized groups and projects
  description (new)
+   Ensure only groups and projects with members authorized to access sensitive project data are added to the allowlist.

Related to #415519 (closed)

Edited by Miranda Fluharty

Merge request reports