Unify the way that project/group access tokens are referred to
Proposal
Activity by a project access token is logged in a number of different ways, resulting in an unclear audit trail of activity that involves an access token.
A project access token comprises
- a token ID (generated automatically, likely by PostgreSQL)
- a token name (picked by the user)
- a bot
@handle(generated by GitLab)
None of these seem to refer to each other, so it makes it hard to tie together log entries.
The bot handle, for example, could include the token name - which would help. It probably can't include the token ID easily, though handles can be changed. So, if it was changed to include the token ID once the token existed, that'd also help.
The bot name includes a hash of some string .. what is that? Since it gets persisted in activity, it'd be helpful if the bot handle contained only information that is useful from a user-facing perspective - the token ID is unique, if that's a requirement.
- In the activity log the token name and the bot account name are used (this currently gets deleted when the token expires - #432790 (closed))
- In merge request events, the token name is used for the user name, the bot
@handleis dropped in as plain text:
- When the account has been deleted, only the bot account
@handleremains, because it happened to be in the freeform text. (see: #276496 (closed))
- In the audit log, the token name and the token ID are referred to, but the bot
@handleis not, so to match the bot name to the token name and token ID it'd have to be done forensically
