Admin Token API: Add support for revocation of Cluster Agent Tokens

• Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA. As a benefit of being a GitLab Community Contributor, you receive complimentary access to GitLab Duo.

What does this MR do and why?

This MR adds support for revocation of Cluster Agent Tokens to the Admin Token API.

🛠️ with ❤️ at Siemens

References

• Issue: #513537 (closed)
• Epic: &15777
• Docs: https://docs.gitlab.com/ee/api/admin/token.html

MR acceptance checklist

MR Checklist ( @nwittstruck)

• Changelog entry added, if necessary
• Documentation created/updated via this MR
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Tested in all supported browsers
• Conforms to the code review guidelines
• Conforms to the merge request performance guidelines
• Conforms to the style guides
• Conforms to the javascript style guides
• Conforms to the database guides

How to set up and validate locally

1. Enable the feature flag with rails c:

Feature.enable(:api_admin_token_revoke)

2. You'll need to create two new tokens:
   1. A personal access token with admin_mode and api capabilities at: Preferences > Access tokens > Add new token
   2. A cluster agent token that you can query:
   • If you have configured the GDK with gitlab_k8s_agent enabled, you can create a new cluster token at Any Project > Operate > Kubernetes clusters > Connect a cluster. You can now register a new agent.
   • You can also create a new token with rails c. This assumes there is at least one project. This example uses the first project, feel free to choose any other project:

      agent = Clusters::Agent.new(name: 'test-agent', project: Project.first)
      agent.save
   
      token = Clusters::AgentToken.new(name: 'test-agent-token', agent: agent)
      # this will print the token:
      token.ensure_token
      # don't forget to save the token to be able to retrieve it:
      token.save

3. Now you can retrieve information about this token and see that the status is active:

curl -k --request POST \
--url 'https://gdk.test:3443/api/v4/admin/token' \
--header 'Authorization: Bearer <Admin Token from Step 2.>' \
--header 'Content-Type: application/json' \
--data '{"token": "glagent-token-from-step-2-2"}'

5. Now, revoke the token:

curl -k --request DELETE \
--url 'https://gdk.test:3443/api/v4/admin/token \       
--header 'Authorization: Bearer <Admin Token from Step 1.>' \
--header 'Content-Type: application/json' \
--data '{"token": "glagent-token-from-step-2-2"}'

6. Query the token again - you should now see that the status has changed to revoked.

Related to #513537 (closed)