List personal access tokens for service accounts

Eduardo Sanz Garcíarequested to merge
eduardosanz/service-account-token-list into master

What does this MR do and why?

For service accounts, list personal access tokens.

This is work in progress. Future work:

  • Update URL when filters are modified
  • Add cards summarising some stats: number of active/inactive/expiring soon tokens
  • Add sorting options
  • Enable revoking/rotation of tokens

EE: true

References

Please include cross links to any resources that are relevant to this MR. This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Empty state Tokens and filters Tokens with long descriptions
image image image
Viewport size
xs (<576px)
sm (>=576px) image
md (>=768px)
lg (>=992px)
xl (>=1200px)

How to set up and validate locally

  1. Enable the following feature flag: https://gdk.test:3443/rails/features/service_accounts_crud
  2. Enable Ultimate license to group Flightjs
  3. Create a service account and several tokens in the gdk rails console:
group = Group.find_by(name: 'Flightjs')
response = Namespaces::ServiceAccounts::CreateService.new(User.first, name: 'My service account', organization_id: group.organization_id, namespace_id: group.id).execute
service_account = response.payload[:user]

(1..5).each do |n|
  service_account.personal_access_tokens.create!(name: "Active token #{n}", expires_at: 30.days.since, scopes: ['read_api', 'read_user'])

  service_account.personal_access_tokens.create!(name: "Expiring token #{n}", expires_at: 5.days.since, scopes: ['read_api', 'read_user'])

  service_account.personal_access_tokens.create!(name: "Expired token #{n}", expires_at: 30.days.ago, scopes: ['read_api', 'read_user'])

  service_account.personal_access_tokens.create!(name: "Revoked token #{n}", revoked: true, expires_at: 30.days.since, scopes: ['read_api', 'read_user'])
end

service_account.id
  1. In SaaS emulation, go to https://gdk.test:3443/groups/my_service_account/-/settings/service_accounts/[id (last line from console)]/access_tokens
  2. Without SaaS emulation, go to https://gdk.test:3443/admin/application_settings/service_accounts/[id (last line from console)]/access_tokens
Edited by Eduardo Sanz García

Merge request reports