<!--- Please read this! Before opening a new issue, make sure to search for keywords in the issues filtered by the "regression" or "type::bug" label: - https://gitlab.com/gitlab-org/gitlab/issues?label_name%5B%5D=regression - https://gitlab.com/gitlab-org/gitlab/issues?label_name%5B%5D=type::bug and verify the issue you're about to submit isn't a duplicate. ---> ### Summary <!-- Summarize the bug encountered concisely. --> When a [personal access token for a service account is created](https://docs.gitlab.com/ee/api/group_service_accounts.html#create-a-personal-access-token-for-a-service-account-user), an optional parameter of `expires_at` can be used to set the token expiry date. It is possible to [rotate a personal access token for a service account user](https://docs.gitlab.com/ee/api/group_service_accounts.html#rotate-a-personal-access-token-for-a-service-account-user) using the API. However for this API there is no option to specify a new expiry date so the default of 7 days from the date the `rotate` call is made is set on the newly rotated token. This is not in line with the behaviour offered in the [Rotate a personal access token](https://docs.gitlab.com/ee/api/personal_access_tokens.html#rotate-a-personal-access-token) API for user PATs. ### Steps to reproduce <!-- Describe how one can reproduce the issue - this is very important. Please use an ordered list. --> 1. create the service account token: ``` curl --request POST --header "PRIVATE-TOKEN: glpat-xxx" "https://gitlab.example.com/api/v4/groups/123/service_accounts/456/personal_access_tokens" --data "scopes[]=read_user" --data "name=service_accounts_token" --data "expires_at=2024-11-21" ``` response: ``` {"id":1234,"name":"service_accounts_token","revoked":false,"created_at":"2024-11-20T11:29:02.353Z","scopes":["read_user"],"user_id":456,"last_used_at":null,"active":true,"expires_at":"2024-11-21","token":"glpat-yyy"}% ``` 2. use the rotate API call: ``` curl --request POST --header "PRIVATE-TOKEN: glpat-xxx" "https://gitlab.example.com/api/v4/groups/123/service_accounts/456/personal_access_tokens/1234/rotate" ``` response: ``` {"id":1235,"name":"service_accounts_token","revoked":false,"created_at":"2024-11-20T11:32:02.923Z","scopes":["read_user"],"user_id":456,"last_used_at":null,"active":true,"expires_at":"2024-11-27","token":"glpat-zzz"}% ``` ### Example Project <!-- If possible, please create an example project here on GitLab.com that exhibits the problematic behavior, and link to it here in the bug report. If you are using an older version of GitLab, this will also determine whether the bug is fixed in a more recent version. --> ### What is the current *bug* behavior? <!-- Describe what actually happens. --> There is no parity between the `rotate` API calls for `users` and `service account` PATs ### What is the expected *correct* behavior? <!-- Describe what you should see instead. --> Allow the use of `expires_at` in the `rotate` API for `Service accounts` similar to the `rotate` for user account PATs. ### Relevant logs and/or screenshots <!-- Paste any relevant logs - please use code blocks (```) to format console output, logs, and code as it's tough to read otherwise. --> ### Output of checks <!-- If you are reporting a bug on GitLab.com, uncomment below --> <!-- This bug happens on GitLab.com --> <!-- and uncomment below if you have /label privileges --> <!-- /label ~"reproduced on GitLab.com" --> <!-- or follow up with an issue comment of `@gitlab-bot label ~"reproduced on GitLab.com"` if you do not --> #### Results of GitLab environment info <!-- Input any relevant GitLab environment information if needed. --> <details> <summary>Expand for output related to GitLab environment info</summary> <pre> (For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`) </pre> </details> #### Results of GitLab application Check <!-- Input any relevant GitLab application check information if needed. --> <details> <summary>Expand for output related to the GitLab application check</summary> <pre> (For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:check SANITIZE=true`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true`) (we will only investigate if the tests are passing) </pre> </details> ### Possible fixes <!-- If you can, link to the line of code that might be responsible for the problem. --> <!-- If you don't have /label privileges, follow up with an issue comment of `@gitlab-bot label ~"type::bug"` -->