Backport token expiration rake tasks
Issue link
https://gitlab.com/gitlab-org/gitlab/-/issues/462157+
Does this request relate to a bug or to a feature?
This is a request to backport rake taks for SM users who would see a 1 year expiration set to tokens that are currently without one as part of the deprecation. The backport request is for GitLab version 15.9
to 17.1
. See https://gitlab.com/gitlab-org/gitlab/-/issues/462157#note_1977851237 for leadership approval on the additional backport. We would like to target 15.9 such that users can run the rake task identifying tokens set for expiration prior to an upgrade. However if that isn't possible, then we should backport as far back as possible towards 15.9
MR(s)
-
The same changes are already deployed to GitLab.com, and those MRs can be found in the Related Merge Requests table.
MRs | Does this cleanly apply to the desired branch? | Is the MR ready for merge? | Test Platform has verified results? | Notes |
---|---|---|---|---|
(Master) gitlab-org/gitlab!157855 (merged) |
|
N/A | N/A | original addition for reference |
|
|
|||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
Backport Versions
Version | Approval from Product (to confirm the bug justifies the upgrade cost) | Approval by Release Manager | Notes |
---|---|---|---|
17.1 | |||
17.0 | |||
16.11 | |||
16.10 | |||
16.9 | |||
16.8 | |||
16.7 | |||
16.6 | |||
16.5 | |||
16.4 | |||
16.3 | |||
16.2 | |||
16.1 | |||
16.0 |
Does this bug potentially result in data loss?
This change will not result in dataloss but will modify token expiration information when run by the instance admins.
Customer impact
On GitLab.com, we discovered that a large number of our customers were not prepared for the tokens to be expired. For self managed users we provided instance admins with scripts to identify and modify token expiration. This rake task wraps that up in an easier to use package.
Product DRI - @hsutor *
Workaround
The work around is to use the scripts provided on https://docs.gitlab.com/ee/security/token_overview.html#troubleshooting page.
@gitlab-org/release/managers please assign yourselves to this issue.