Consolidate token expiration emails
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Release notes
Currently, GitLab generates an email for every single token that is expiring soon. As an owner in a large organization with lots of these tokens (and an automated token rotation system), I end up receiving several of these emails each day. This actually led me to miss the email notifying me of a personal token (not automated) that was expiring. If I only had one email to peruse every day that listed each of the tokens I'm being notified about and when they're expiring, and perhaps even separated them out into sections (PATs expiring, PrATs expiring, GATs expiring) organized by expiration date, it might make it easier to digest the expirations.
Problem to solve
Too many access token expiration emails. This may be unique to our organization at present, but any team that has automated token rotations or lots of tokens in their groups may benefit from this.
Proposal
Instead of generating one email for each token expiration a user is being notified of, just generate one email for each user containing a list of the expiring tokens. Break the content of the email into sections for the different types of tokens, with "Personal Access Tokens" at the top, and organize the list of tokens in order of time to expiration--e.g., the tokens with only 7 days left would be at the top, and the tokens with 60 days left would be at the bottom. Even better if the email included a link that would take the user directly to the list of tokens that lists that token, taking into account that the user may not click that link until after the token expires--I personally tend to use the details of the previous token as a guide when creating its replacement. This would reduce the number of emails GitLab has to send regarding token expirations, and reduces the number of emails an individual user may receive regarding expiring tokens.
Intended users
Unknown
Feature Usage Metrics
Everyone that uses tokens receives token expiration emails and may benefit from this change.
Does this feature require an audit event?
This change would not affect audit events; it's simply suggesting a more efficient delivery mechanism for an existing notification.