Fix(access_tokens): expires_at field not required anymore

Jose Gabriel Companioni Benitezrequested to merge
gitlab-community/gitlab-org/gitlab:bug/574745 into master

What does this MR do and why?

This MR makes the expires_at field optional when creating project and group access tokens via the API, aligning the behavior with personal access tokens.

Before: The expires_at field was required with a hardcoded default value, which didn't respect the instance-level require_personal_access_token_expiry setting.

After:

  • When feature flag allow_resource_access_token_creation_without_expiry_date is disabled, same behavior as before
  • When feature flag allow_resource_access_token_creation_without_expiry_date is enabled:
    • When expires_at is omitted and require_personal_access_token_expiry is enabled -> returns bad request
    • When expires_at is omitted and require_personal_access_token_expiry is disabled → creates a token with no expiration

This change enables Terraform Provider users to create tokens without explicitly setting expiration dates, matching the behavior of personal access tokens.

References

group access tokens

project access tokens

resolves #574745

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Jose Gabriel Companioni Benitez

Merge request reports