Skip to content

Update RevokeUserPersonalAccessTokens script

Mark Lapierre requested to merge ml-update-revoke-pat-script into master

What does this MR do and why?

Update RevokeUserPersonalAccessTokens script

  • Fixes pagination
  • Fetch and revoke tokens a page at a time rather than fetching all before revoking
  • Exits early after 100 pages so CI jobs don't time out
  • Include tokens that are no longer active
  • Fix default args

This is related to https://gitlab.com/gitlab-org/gitlab/-/issues/457099#note_1871915474 and the need to cleanup PATs test users create.

Once this is merged the script can be included in scheduled pipelines in gitlab-org/quality/pipeline-common!417 (closed)

Test pipelines

Tested via:

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

To do a dry run of deleting PATs created before 2024-04-10:

cd qa
GITLAB_ADDRESS=https://gitlab.com \
GITLAB_QA_ACCESS_TOKEN=<a current PAT with api scope> \
USER_ID=<your user id> \
bundle exec rake "revoke_user_pats[2024-04-10, true]"

Remove , true to actually delete the PATs. Remove the date to delete tokens created before 3 days ago.

Edited by Mark Lapierre

Merge request reports