Add application logs and audit event logs when creating and revoking Personal Access token
Release notes
Problem to solve
This is a pre-requisite for #17176 (closed)
Currently, we do not log any attempts to create a personal access token. Since we need to add an ability for the admin user to create personal access tokens for other users, we would like track any successful or failed attempts. See this thread for related conversation.
Intended users
User experience goal
Proposal
Add logging to PersonalAccessTokens::CreateService
and PersonalAccessTokens::RevokeService
. Since audit event logs is an Enterprise feature, also create application logs.
Further details
Permissions and Security
Documentation
Availability & Testing
What does success look like, and how can we measure that?
What is the type of buyer?
Is this a cross-stage feature?
Links / references
Edited by Sanad Liaquat