Send email when resource access token about to expire (!128662) · Merge requests · GitLab.org / GitLab

Drew Blessing requested to merge dblessing_resource_access_token_notifications into master Aug 07, 2023

What does this MR do and why?

Relates to:

When a project bot's personal access tokens is about to expire, sends notification emails to all project bot group owners or project maintainers.

The email notification closely matches the format of the existing personal access token about to expire emails. See https://gitlab.com/gitlab-org/gitlab/-/blob/02746d336c364f3ad3297b5ece2efd38c75d336f/app/views/notify/access_token_about_to_expire_email.html.haml

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Plaintext

HTML

Database

The new association in Project matches one for owners in Group

SELECT
    users.*
FROM
    users
    JOIN members ON users.id = members.user_id
WHERE
    members.type = 'ProjectMember' AND
    members.source_id = 20 AND
    members.source_type = 'Project' AND
    members.requested_at IS NULL AND
    members.access_level = 40;

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Navigate to a test group or project -> Settings -> Access Tokens
Create a new token and set expiration in a day or two.
In a Rails console, manually execute the expiring worker: PersonalAccessTokens::ExpiringWorker.new.perform
Load letter opener and observe the email: https://gdk.test:3443/rails/letter_opener.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Aug 28, 2023 by Drew Blessing

Send email when resource access token about to expire