Skip to content

PersonalAccessToken model validation updated

Smriti Garg requested to merge smriti-421420/service_accounts_optional_pat_expiry_remove_constraint into master

What does this MR do and why?

Model level validation for PAT expires_at criteria - #421420 (closed)

How to set up and validate locally

For testing self-managed

  1. Create service account user by following documentation - https://docs.gitlab.com/ee/user/profile/service_accounts.html#self-managed-gitlab

  2. From the rails console, check the value of Application setting -

    app_setting = ApplicationSetting.first.as.service_access_tokens_expiration_enforced

  3. If the value is true curl request to create a PAT for Service account user should throw an error like -

curl --request POST --header "PRIVATE-TOKEN: $USER_PAT" --data "name=mytoken" \
     --data "scopes[]=api" "https:/gdk.test:3443/api/v4/users/<service_account_user_id>/personal_access_tokens"
{"message":"Expiration date can't be blank"}%

  1. Update app_setting value obtained in first step to false, curl request should be able to create PAT with nil expiry date for the service account user

    curl --request POST --header "PRIVATE-TOKEN: $USER_PAT" --data "name=mytoken" --data "expires_at=" \
     --data "scopes[]=api" "https:/gdk.test:3443/api/v4/users/<service_account_user_id>/personal_access_tokens"

For testing Saas version

  1. Create Service account user by following documentation - https://docs.gitlab.com/ee/user/profile/service_accounts.html#gitlabcom

  2. From the rails console, check the value of Group setting -

    group.namespace_settings.service_access_tokens_expiration_enforce

  3. If the value is true curl request to create PAT for Service account user with nil expiration date should throw and error like -

    curl --request POST --header "PRIVATE-TOKEN: $USER_PAT" "https://gdk.test:3443/api/v4/groups/<group id>/service_accounts/<service account id>/personal_access_tokens" --data "scopes[]=api" --data "name=service_accounts_token"

{"message":"Expiration date can't be blank"}%
  1. Update setting to false and now you should be able to create PAT with nil expiration date

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Smriti Garg

Merge request reports