Token prefixes: Add support for deploy tokens

• Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA. As a benefit of being a GitLab Community Contributor, you receive complimentary access to GitLab Duo.

What does this MR do and why?

This MR adds support for instance wide token prefixes to Deploy Tokens. Until now, only feed tokens are supported.

Instance wide token prefix have been added with !179852 (merged)

The new prefix format is: #{instance_prefix}#{token_type_prefix}. E.g. for deploy tokens, we'd get: #{instance_prefix}dt-. By default, this is the current token prefix glft-. However, we can now customize the instance prefix to create a new prefix: my-company-name-dt-.

With this custom prefix, it is easier to identify leaked tokens, because we can now skip all leaked tokens that start with gl. Now, we only need to look at tokens starting with my-company-name-.

🛠️ with ❤️ at Siemens

References

• Previous MR that adds support for Feed Tokens
• Issue

How to set up and validate locally

1. Enable feature flag via rails c:

Feature.enable(:custom_prefix_for_all_token_types)

2. Create a deploy token <Project> > Settings > Repository > Deploy Tokens.

3. Now, change the instance wide token prefix: Admin area > General > Account and limit > Instance token prefix, e.g. to my-custom-prefix

4. Create another deploy token. You now have two valid tokens with a different token prefix.

5. You can test that both tokens can be found with the Token Information API or you can use the deploy token as usual. To use the Token Information API, create a personal access token with admin_mode and api capabilities. Preferences > Access Tokens > Add a new token:

curl -k --request POST \
--url 'https://gdk.test:3443/api/v4/admin/token' \
--header 'Authorization: Bearer <Admin Token you just created>' \
--header 'Content-Type: application/json' \
--data '{"token": "<token>"}'

To test the token itself, you can e.g. clone a repository with both tokens:

git clone https://<username>:<deploy_token>@gitlab.example.com/tanuki/awesome_project.git

MR acceptance checklist

MR Checklist ( @nwittstruck)

• Changelog entry added, if necessary
• Documentation created/updated via this MR
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Tested in all supported browsers
• Conforms to the code review guidelines
• Conforms to the merge request performance guidelines
• Conforms to the style guides
• Conforms to the javascript style guides
• Conforms to the database guides

Related to #388379