Backport token expiration rake tasks

Issue link

https://gitlab.com/gitlab-org/gitlab/-/issues/462157+

Does this request relate to a bug or to a feature?

This is a request to backport rake taks for SM users who would see a 1 year expiration set to tokens that are currently without one as part of the deprecation. The backport request is for GitLab version 15.9 to 17.1. See https://gitlab.com/gitlab-org/gitlab/-/issues/462157#note_1977851237 for leadership approval on the additional backport. We would like to target 15.9 such that users can run the rake task identifying tokens set for expiration prior to an upgrade. However if that isn't possible, then we should backport as far back as possible towards 15.9

MR(s)

The same changes are already deployed to GitLab.com, and those MRs can be found in the Related Merge Requests table.

MRs	Does this cleanly apply to the desired branch?	Is the MR ready for merge?	Test Platform has verified results?	Notes
(Master) gitlab-org/gitlab!157855 (merged)	✅	N/A	N/A	original addition for reference
(17.1) gitlab-org/gitlab!159049 (merged)	✅		✅
(17.0) gitlab-org/gitlab!159054 (merged)	✅	✅	✅
(16.11) gitlab-org/gitlab!159056 (merged)	✅	✅	✅
(16.10) gitlab-org/gitlab!159057 (merged)	✅	✅	✅
(16.9) gitlab-org/gitlab!159058 (merged)	✅	✅	✅
(16.8) gitlab-org/gitlab!159066 (merged)	✅	✅	✅
(16.7) gitlab-org/gitlab!159069 (merged)	✅	✅	✅
(16.6) gitlab-org/gitlab!159089 (merged)	✅	✅	✅
(16.5) gitlab-org/gitlab!159093 (merged)	✅		✅
(16.4) gitlab-org/gitlab!159125 (merged)	✅		✅
(16.3) gitlab-org/gitlab!159383 (merged)	✅		✅
(16.2) gitlab-org/gitlab!159401 (merged)	✅		✅
(16.1) gitlab-org/gitlab!159414 (merged)	✅		✅
(16.0) gitlab-org/gitlab!159446 (merged)	✅		✅

Backport Versions

⚠ Product Manager Approval needs to be provided in the table below for each version. Without Product Manager Approval, the Backport Request will not be taken into consideration by Release Managers ⚠

Version	Approval from Product (to confirm the bug justifies the upgrade cost)	Approval by Release Manager	Notes
17.1	✅
17.0	✅
16.11	✅
16.10	✅
16.9	✅
16.8	✅
16.7	✅
16.6	✅
16.5	✅
16.4	✅
16.3	✅
16.2	✅
16.1	✅
16.0	✅

Does this bug potentially result in data loss?

This change will not result in dataloss but will modify token expiration information when run by the instance admins.

Customer impact

On GitLab.com, we discovered that a large number of our customers were not prepared for the tokens to be expired. For self managed users we provided instance admins with scripts to identify and modify token expiration. This rake task wraps that up in an easier to use package.

Product DRI - @hsutor *

Workaround

The work around is to use the scripts provided on https://docs.gitlab.com/ee/security/token_overview.html#troubleshooting page.

@gitlab-org/release/managers please assign yourselves to this issue.

Edited Jul 22, 2024 by Richard Chong