Permanently enables enforce_abilities_check_for_dependency_proxy (!190324) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

Dependency proxy authentication now enforces scope checks

https://docs.gitlab.com/update/deprecations/#dependency-proxy-token-scope-enforcement

Changelog: changed

References

Related to issue #426887 (closed)
Deprecation notice: https://docs.gitlab.com/update/deprecations/#dependency-proxy-token-scope-enforcement
Rollout issue: #521193 (closed)

How to set up and validate locally

Have a group and a user with access to that group ready, e.g. group 33 (Flightjs) and root user on GDK
Personal access tokens, group access tokens, and group deploy tokens with the required scopes - api or read_registry + write_registry should be able to login
Personal access tokens, group access tokens and group deploy tokens without the required scopes - e.g. read_registry only - should get a HTTP 403 response

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited May 08, 2025 by Radamanthus Batnag

Permanently enables enforce_abilities_check_for_dependency_proxy

What does this MR do and why?

References

How to set up and validate locally

MR acceptance checklist

Merge request reports