Admin Token API: Revoke Impersonation tokens

• Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA. As a benefit of being a GitLab Community Contributor, you receive complimentary access to GitLab Duo.

What does this MR do and why?

Impersonation tokens are already supported by the Admin Token API, since underneath they are PATs. This MR updates the docs and adds a spec for this.

🛠️ with ❤️ at Siemens

References

• &15777
• Docs: https://docs.gitlab.com/ee/api/admin/token.html

MR acceptance checklist

checklist

• Changelog entry added, if necessary
• Documentation created/updated via this MR
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Tested in all supported browsers
• Conforms to the code review guidelines
• Conforms to the merge request performance guidelines
• Conforms to the style guides
• Conforms to the javascript style guides
• Conforms to the database guides

How to set up and validate locally

1. Enable feature flag via rails c:

Feature.enable(:admin_agnostic_token_finder)

2. You'll need to create a personal access token to access the token and the impersonation token that you'd like to query:
   1. Create a personal access token with admin_mode and api capabilities. Preferences > Access Tokens > Add a new token
   2. Create an impersonation token to query. Admin > Users > User-X > Impersonation tokens > Add token
3. Now you can revoke the token:

curl -k --request DELETE \
--url 'https://gdk.test:3443/api/v4/admin/token' \
--header 'Authorization: Bearer <Admin Token from Step 1.>' \
--header 'Content-Type: application/json' \
--data '{"token": "glpat-token-from-step-1-2"}'

Related to #499958 (closed)