Add granular token enforcement to application settings

Hinam Mehrarequested to merge
593961-add-pat-enforce-application-setting into master

What does this MR do and why?

  • Adds personal_access_token_settings JSONB column to application settings.
  • Inside that we add two settings - enforce_granular_tokens (boolean) & granular_tokens_enforced_after (date).
  • If feature flag, granular_personal_access_tokens_enforcement is enabled, admins set a date after which granular tokens will be enforced.
  • If an admin sets a date, creating a legacy personal access token will be disabled for all users on the instance. Will add the enforcement in a follow-up as part of #579727

Screenshots or screen recordings

How to set up and validate locally

  1. Enable the feature flag:
Feature.enable(:granular_personal_access_tokens_enforcement)
  1. Log-in as an admin and navigate to admin/application_settings/general and check the box for & set a date for the field, Require fine-grained personal access tokens after a specific date.
  2. Confirm the correct date is set in the console:
Gitlab::CurrentSettings.enforce_granular_tokens
Gitlab::CurrentSettings.granular_tokens_enforced_after

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #579726

Edited by Bogdan Denkovych

Merge request reports