The rotated project access token will be removed when the old token expires
Summary
Creating a 'Project Access Tokens' creates both a token and a membership between the project and the token. When created, both token and membership have the same expiry date. Rotating the token using the Project Access Token API will not extend the expiry date of the membership. It will remove valid and rotated project tokens along with the membership.
Steps to reproduce
- Create a "project access token" on the project page with an expiry date (d)
- Rotate the token using the "project access token API". The newly created token has an expiry date extended by 7 days (d+7).
- Wait until the expiry date of the old token (d).
- The old (revoked) and new (valid) tokens will be deleted.
Example Project
What is the current bug behavior?
Rotating the token using the "/rotate" endpoint in the "Project Access Token API" does not extend the expiry date of the membership.
What is the expected correct behavior?
Endpoint rotation in the "Project Access Token API" should extend the expiry date of the membership.
Relevant logs and/or screenshots
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)