Add background migration to expiry all OAuth tokens

What does this MR do and why?

❗ This is a breaking change for %15.0. ❗

In !86362 (merged), we are removing the backward compatibility for non-expiring OAuth tokens introduced. This MR makes sure that all existing tokens have an expiry, otherwise they would never expire.

Related to #340848 (closed)

Screenshots or screen recordings

These are strongly recommended to assist reviewers and reduce the time to merge your change.

Migration output

up

$ rake db:migrate:up:main VERSION=20220428133724                                                                                                                                                                
== 20220428133724 ScheduleExpireOAuthTokens: migrating ========================
== 20220428133724 ScheduleExpireOAuthTokens: migrated (0.0431s) ===============

down

$ rake db:migrate:up:main VERSION=20220428133724                                                                                                                                                                
== 20220428133724 ScheduleExpireOAuthTokens: migrating ========================
== 20220428133724 ScheduleExpireOAuthTokens: migrated (0.0431s) ===============

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.

changed milestone to %15.0

added groupauthentication and authorization [DEPRECATED] typefeature + 1 deleted label

assigned to @ifarkas

changed the description

Suggested Reviewers (beta)

This is an experimental ML-based code reviewer recommendation system created by ~"group::applied ml".

The individuals below may be good candidates to participate in the review based on various factors.

After you review all recommendations, please assign reviewers manually, as this is not done automatically.

You can use slash commands in comments to quickly assign /assign_reviewer @user1.

Reviewers
@stomlinson, @a_akgun, @abrandl, @alinamihaila, @dbalexandre

If you do not believe these recommendations are useful or if you do not want to use any of the suggestions, please apply the label Bad Suggested Reviewer. You can also provide feedback for this feature on this issue: https://gitlab.com/gitlab-org/gitlab/-/issues/357923.

Automatically generated by Suggested Reviewers Bot

	1 Warning
⚠	New migrations added but db/structure.sql wasn't updated Usually, when adding new migrations, db/structure.sql should be updated too (unless the migration isn't changing the DB schema and isn't the most recent one).

Reviewer roulette

Changes that require review have been detected!

Please refer to the table below for assigning reviewers and maintainers suggested by Danger in the specified category:

Category	Reviewer	Maintainer
backend	Josianne Hyson (@jhyson) (UTC+12, 10 hours ahead of @ifarkas)	Marc Shaw (@marc_shaw) (UTC+12, 10 hours ahead of @ifarkas)
database	Pavel Shutsin (@pshutsin) (UTC+2, same timezone as @ifarkas)	Simon Tomlinson (@stomlinson) (UTC-5, 7 hours behind @ifarkas)
~migration	No reviewer available	No maintainer available

To spread load more evenly across eligible reviewers, Danger has picked a candidate for each review slot, based on their timezone. Feel free to override these selections if you think someone else would be better-suited or use the GitLab Review Workload Dashboard to find other available reviewers.

To read more on how to use the reviewer roulette, please take a look at the Engineering workflow and code review guidelines. Please consider assigning a reviewer or maintainer who is a domain expert in the area of the merge request.

Once you've decided who will review this merge request, assign them as a reviewer! Danger does not automatically notify them for you.

Generated by 🚫 Danger

Allure report

allure-report-publisher generated test report!

review-qa-blocking: ❗ test report for 3b3bde42

expand test summary

+-------------------------------------------------------------------+
|                          suites summary                           |
+----------------------+--------+--------+---------+-------+--------+
|                      | passed | failed | skipped | flaky | result |
+----------------------+--------+--------+---------+-------+--------+
| Create               | 23     | 0      | 2       | 18    | ❗     |
| Plan                 | 36     | 0      | 1       | 29    | ❗     |
| Protect              | 2      | 0      | 0       | 2     | ❗     |
| Manage               | 26     | 0      | 2       | 21    | ❗     |
| Verify               | 10     | 0      | 1       | 10    | ❗     |
| Configure            | 0      | 0      | 1       | 0     | ➖     |
| Package              | 0      | 0      | 1       | 0     | ➖     |
| Version sanity check | 0      | 0      | 1       | 0     | ➖     |
+----------------------+--------+--------+---------+-------+--------+
| Total                | 97     | 0      | 9       | 80    | ❗     |
+----------------------+--------+--------+---------+-------+--------+

Setting label(s) devopsmanage sectiondev based on ~"group::authentication and authorization".

added devopsmanage sectiondev labels

👋 @ifarkas, please can you answer the question: Should this have a feature flag? to help with code review for the Authentication and Authorization group.

This nudge was added by this triage-ops policy.

added 1 commit

• e2a524e9 - Add background migration to expiry all OAuth tokens

Compare with previous version

added 1 commit

• 628d6a88 - Add background migration to expiry all OAuth tokens

Compare with previous version

changed the description

@alexbuijs, could you please review for backend?

requested review from @alexbuijs

requested review from @jdrpereira

approved this merge request

added databasereviewed label