Add role check instructions for a project access token
Context
I was rotating https://gitlab.com/gitlab-org/quality/engineering-productivity/team/-/blob/main/runbooks/rotating-credentials.md#gitlab_project_review_app_cleanup_api_token, when I saw the following text:
Create a new
GITLAB_PROJECT_REVIEW_APP_CLEANUP_API_TOKEN
token withapi
scope,Maintainer
role (TODO: check if required)
I wanted to check whether it was required, and then realized that we might want to have a systematic check for those.
Goal
I tried to have the following in the checks:
- Generic: we will want to do such a check for all tokens
- Recurrent: This check should be done regularly, so I thought it might be a good idea to add it as part of the rotation instructions
Expand to all tokens
If we like the approach, it might be a good idea to add some instructions to all tokens.
I already made a separate section that we can crosslink to avoid duplication.
Edited by David Dieulivol