Add require_personal_access_token_expiry application setting
What does this MR do and why?
This backports !158186 (merged) to 17-1-stable-ee
for gitlab-org/release/tasks#11510 (closed).
Adds a new admin setting, ApplicationSettings#require_personal_access_token_expiry
that removes the expiration enforcement of PAT, PrAT and GrATs A SM admins can optionally enable the setting Require access tokens to have an expiry
to require expiration for their tokens. This will only be applicable to net new tokens.
Related to #470192 (closed).
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
This MR is backporting a bug fix, documentation update, or spec fix, previously merged in the default branch. -
The MR that fixed the bug on the default branch has been deployed to GitLab.com (not applicable for documentation or spec changes). -
This MR has a severity label assigned (if applicable). -
Set the milestone of the merge request to match the target backport branch version. -
This MR has been approved by a maintainer (only one approval is required). -
Ensure the e2e:package-and-test-ee
job has either succeeded or been approved by a Software Engineer in Test.
Note to the merge request author and maintainer
If you have questions about the patch release process, please:
- Refer to the patch release runbook for engineers and maintainers for guidance.
- Ask questions on the
#releases
Slack channel (internal only).
Merge request reports
Activity
assigned to @stanhu
mentioned in issue gitlab-org/release/tasks#11510 (closed)
changed milestone to %17.1
added typebug label
added devopsgovern groupauthentication sectionsec labels
added pipelinetier-1 label
- A deleted user
added backend database documentation frontend labels
2 Warnings Backporting to older releases requires an exception request process The e2e:package-and-test-ee
job needs to succeed or have approval from a Software Engineer in Test.
Read the "QA e2e:package-and-test-ee" section for more details.2 Messages CHANGELOG missing: If this merge request needs a changelog entry, add the
Changelog
trailer to the commit message you want to add to the changelog.If this merge request doesn't need a CHANGELOG entry, feel free to ignore this message.
This merge request adds or changes documentation files. A review from the Technical Writing team before you merge is recommended. Reviews can happen after you merge. Documentation review
The following files require a review from a technical writer:
-
doc/administration/settings/account_and_limit_settings.md
(Link to current live version) -
doc/api/settings.md
(Link to current live version) -
doc/security/token_overview.md
(Link to current live version)
The review does not need to block merging this merge request. See the:
-
Metadata for the
*.md
files that you've changed. The first few lines of each*.md
file identify the stage and group most closely associated with your docs change. - The Technical Writer assigned for that stage and group.
- Documentation workflows for information on when to assign a merge request for review.
Reviewer roulette
Category Reviewer Maintainer backend @jfypk
(UTC+0, 7 hours ahead of author)
@tkuah
(UTC+12, 19 hours ahead of author)
frontend @lwanko
(UTC+2, 9 hours ahead of author)
@kushalpandya
(UTC-4, 3 hours ahead of author)
Please check reviewer's status!
Please refer to documentation page for guidance on how you can benefit from the Reviewer Roulette, or use the GitLab Review Workload Dashboard to find other available reviewers.
QA
e2e:package-and-test-ee
@stanhu, the
package-and-test
job must complete before merging this merge request.*If there are failures on the
package-and-test
pipeline, ping your team's associated Software Engineer in Test (SET) to confirm the failures are unrelated to the merge request. If there's no SET assigned, ask for assistance on the#test-platform
Slack channel.If needed, you can retry the
danger-review
job that generated this comment.Generated by
Danger-
added 1 commit
- a94c2d59 - Merge branch 'sh-add-require-pat-expiry-option' into 'master'
Generated bygitlab_quality-test_tooling
.
Slow tests detected in this merge request. These slow tests might be related to this merge request's changes.Click to expand
Job File Name Duration Expected duration #7477458719 spec/lib/release_highlights/validator_spec.rb#L82
ReleaseHighlights::Validator when validating all files they should have no errors 74.04 s < 27.12 s #7477459307 ee/spec/lib/ee/search/settings_spec.rb#L19
Search results for settings behaves like all sections exist and have correct anchor links has only valid settings sections 45.61 s < 27.12 s #7485220888 ee/spec/lib/ee/search/settings_spec.rb#L19
Search results for settings behaves like all sections exist and have correct anchor links has only valid settings sections 41.97 s < 27.12 s #7485220480 spec/lib/release_highlights/validator_spec.rb#L82
ReleaseHighlights::Validator when validating all files they should have no errors 73.37 s < 27.12 s #7486694285 ee/spec/lib/ee/search/settings_spec.rb#L19
Search results for settings behaves like all sections exist and have correct anchor links has only valid settings sections 50.46 s < 27.12 s #7486694170 ee/spec/lib/ee/search/settings_spec.rb#L19
Search results for settings behaves like all sections exist and have correct anchor links has only valid settings sections 38.98 s < 27.12 s #7486694210 ee/spec/lib/ee/search/settings_spec.rb#L19
Search results for settings behaves like all sections exist and have correct anchor links has only valid settings sections 50.08 s < 27.12 s #7486693439 spec/lib/release_highlights/validator_spec.rb#L82
ReleaseHighlights::Validator when validating all files they should have no errors 76.93 s < 27.12 s #7486693656 spec/lib/release_highlights/validator_spec.rb#L82
ReleaseHighlights::Validator when validating all files they should have no errors 77.66 s < 27.12 s #7486693539 spec/lib/release_highlights/validator_spec.rb#L82
ReleaseHighlights::Validator when validating all files they should have no errors 87.44 s < 27.12 s #7495029190 ee/spec/lib/ee/search/settings_spec.rb#L19
Search results for settings behaves like all sections exist and have correct anchor links has only valid settings sections 46.13 s < 27.12 s #7495027985 spec/lib/release_highlights/validator_spec.rb#L82
ReleaseHighlights::Validator when validating all files they should have no errors 69.73 s < 27.12 s #7495028995 ee/spec/lib/ee/search/settings_spec.rb#L19
Search results for settings behaves like all sections exist and have correct anchor links has only valid settings sections 57.86 s < 27.12 s #7495028138 spec/lib/release_highlights/validator_spec.rb#L82
ReleaseHighlights::Validator when validating all files they should have no errors 78.25 s < 27.12 s #7495029120 ee/spec/lib/ee/search/settings_spec.rb#L19
Search results for settings behaves like all sections exist and have correct anchor links has only valid settings sections 62.58 s < 27.12 s #7495027856 spec/lib/release_highlights/validator_spec.rb#L82
ReleaseHighlights::Validator when validating all files they should have no errors 82.27 s < 27.12 s - A deleted user
added rspec:slow test detected label
E2E Test Result Summary
allure-report-publisher
generated test report!e2e-package-and-test:
test report for 3b5090c7expand test summary
+-------------------------------------------------------------+ | suites summary | +--------+--------+--------+---------+-------+-------+--------+ | | passed | failed | skipped | flaky | total | result | +--------+--------+--------+---------+-------+-------+--------+ | Govern | 108 | 1 | 8 | 3 | 117 | ❌ | | Create | 165 | 115 | 30 | 1 | 310 | ❌ | | Plan | 8 | 0 | 0 | 0 | 8 | ✅ | +--------+--------+--------+---------+-------+-------+--------+ | Total | 281 | 116 | 38 | 4 | 435 | ❌ | +--------+--------+--------+---------+-------+-------+--------+
- Resolved by Dat Tang
@stanhu Thee2e:package-and-test-ee
job has failed.-
e2e:package-and-test-ee
pipeline: https://gitlab.com/gitlab-org/gitlab/-/pipelines/1396082489
e2e:package-and-test-ee
pipeline is allowed to fail due its flakiness. Failures should be investigated to guarantee this backport complies with the Quality standards.Ping your team's associated Software Engineer in Test (SET) to confirm the failures are unrelated to the merge request. If there's no SET assigned, ask for assistance on the
#test-platform
Slack channel. -
It looks like https://gitlab.com/gitlab-org/gitlab/-/jobs/7477459447 failed. Submitted a backport fix: !161408 (merged)
changed milestone to %17.3
added missed:17.1 label
added 3 commits
-
a94c2d59...b6871a56 - 2 commits from branch
17-1-stable-ee
- 3b5090c7 - Merge branch 'sh-add-require-pat-expiry-option' into 'master'
-
a94c2d59...b6871a56 - 2 commits from branch