Skip to content

Webhook event for Resource access token expiration

Smriti Garg requested to merge smriti-426147/webhook_notifications_for_expiring_grat_prat into master

What does this MR do and why?

Webhook event for resource access token expiration is added and webhook execution is configured for ExpiringWorker

#426147 (closed)

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

For Project webhook

Before After
Screenshot 2024-01-25 at 5.29.14 PM.png Screenshot 2024-01-31 at 4.21.47 PM.png

For Group Webhook

Before After
Screenshot 2024-01-29 at 4.09.23 PM.png Screenshot 2024-01-31 at 4.07.07 PM.png

Webhook worker getting scheduled

Screenshot_2024-02-06_at_9.51.53_PM

How to set up and validate locally

  1. Configure a webhook for any project or group with Trigger as Access Token Events
  2. I used https://webhook.site for the gdk setup to generate webhook url and test if the same is executed properly.
  3. Create a Project Access Token with expiry in next 3-4 days
  4. Execute PersonalAccessTokens::ExpiringWorker.new.perform from rails console
  5. Check webhook.log for the execution logs or you can also try checking sidekiq logs to see if the webhook worker has been executed or not

Payload

For Groups

{
"object_kind": "access_token",
"group_id": 35,
"group": {
"group_name": "Twitter",
"group_path": "twitter",
"full_path": "twitter",
"group_id": 35
},
"object_attributes": {
"user_id": 92,
"created_at": "2024-01-29 09:08:33 UTC",
"id": 27,
"name": "test-token-34",
"expires_at": "2024-01-31"
},
"event_name": "expiring_access_token"
}

For Projects

{
  "object_kind": "access_token",
  "project_id": 7,
  "project": {
    "id": 7,
    "name": "Flight",
    "description": "Eum dolore maxime atque reprehenderit voluptatem.",
    "web_url": "https://gdk.test:3443/flightjs/Flight",
    "avatar_url": null,
    "git_ssh_url": "ssh://git@gdk.test:2222/flightjs/Flight.git",
    "git_http_url": "https://gdk.test:3443/flightjs/Flight.git",
    "namespace": "Flightjs",
    "visibility_level": 0,
    "path_with_namespace": "flightjs/Flight",
    "default_branch": "master",
    "ci_config_path": null,
    "homepage": "https://gdk.test:3443/flightjs/Flight",
    "url": "ssh://git@gdk.test:2222/flightjs/Flight.git",
    "ssh_url": "ssh://git@gdk.test:2222/flightjs/Flight.git",
    "http_url": "https://gdk.test:3443/flightjs/Flight.git"
  },
  "object_attributes": {
    "user_id": 90,
    "created_at": "2024-01-24 16:27:40 UTC",
    "id": 25,
    "name": "acd",
    "expires_at": "2024-01-26",
  }
 "event_name": "expiring_access_token"
}

Migrations

Rollback migration

Screenshot 2024-01-29 at 3.17.53 PM.pngDatabase migration

**Query plans for personal access token query for bot users **

SELECT "personal_access_tokens"."id", "personal_access_tokens"."user_id" FROM "personal_access_tokens" LEFT OUTER JOIN "users" ON "users"."id" = "personal_access_tokens"."user_id" WHERE "personal_access_tokens"."impersonation" = FALSE AND (revoked = false AND expire_notification_delivered = false AND expires_at >= CURRENT_DATE AND expires_at <= '2024-02-20') AND "users"."user_type" = 6 LIMIT 100

https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/26196/commands/82440

Query plan for queries generated for newly added scope for user where we are preloading resources and tokens belonging to a user

SELECT "users".* FROM "users" WHERE "users"."id" IN (1, 70, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169)

https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/26608/commands/83302

SELECT "members".*,
 "namespaces".* 
 FROM "members" LEFT OUTER JOIN "namespaces" ON "namespaces"."id" = "members"."source_id" 
 AND "namespaces"."type" = 'Group' WHERE "members"."source_type" = 'Namespace' AND "members"."type" = 'GroupMember' 
 AND "members"."requested_at" IS NULL AND (access_level >= 10) AND "namespaces"."type" = 'Group' 
 AND "members"."user_id" IN (1, 70, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169)

https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/26608/commands/83303

SELECT "members".* FROM "members" WHERE "members"."source_type" = 'Project' 
 AND "members"."type" = 'ProjectMember' AND "members"."requested_at" IS NULL 
 AND "members"."user_id" IN (1, 70, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169)

https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/26608/commands/83304

select "projects".* FROM "projects" WHERE "projects"."id" IN (1, 70, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169)

https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/26608/commands/83306

SELECT "personal_access_tokens".* FROM "personal_access_tokens" WHERE "personal_access_tokens"."user_id" IN (1, 70, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169)

https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/26608/commands/83305

** Query plan for updating PersonalAccessToken**

UPDATE "personal_access_tokens" SET "expire_notification_delivered" = TRUE WHERE "personal_access_tokens"."id" IN (1, 70, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169)

https://postgres.ai/console/gitlab/gitlab-production-tunnel-pg12/sessions/26608/commands/83307

Edited by Smriti Garg

Merge request reports