Skip to content

Extend email notification for expiring tokens to inherited members

Proposal

It was discovered here that email notification for expiring tokens are only sent to direct members. For group tokens, a direct group owner receives expiration notifications. For project tokens, direct project maintainer is notified. Customers expect that all members are notified. Organizations have many maintainers/owners that are inherited via saml/ldap integrations at the top group.

Implementation considerations

Based on the discussion below, it's proposed that we extend notifications to inherited members as an optional setting that can be enabled by group owners and instance admins.

  • A setting for All direct members or All direct and inherited members will be created for token notifications.
  • The setting will default to All direct members and group owners or instance admins can optionally enable All direct and inherited members . It will be applicable to all sub-groups and projects.
  • This can be a drop down, added under Settings > General page under "Permission and group features"
  • We already have the options around Email notifications Screenshot_2024-06-06_at_1.35.12_PM
  • There is a risk that users may miss critical token expirations and hence the suggestion to default enable the sending of notifications to inherited members.
  • If the notifications are deemed too noising, or the members do not necessarily find them as actionable, the setting can be set to All direct members
  • We have a need for platform wide consistent notifications however that is outside the scope of this request. We should opt to simplify the approach for this work if needed, to provide expiration notification for inherited members first.
  • Changes for project owners to receive email not... (!155391 - merged) Add notifications for project owners along with project maintainers and group owners that already receive one.
  • The changes should be behind a FF that will be rolled out to GitLab-org (GitLab team members) first.
  • This is likely to add workload on mailgun and should be monitored as we enable the FF

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.

Edited by Adil Farrukh