Backport instance admin setting to disable token expiration enforcement
Issue link
Add admin setting for SM users allowing non-enf... (gitlab-org/gitlab#470192 - closed)
Does this request relate to a bug or to a feature?
This is a request to backport an admin setting for SM users who would see a 1 year expiration set to tokens that are currently without one as part of the deprecation. The setting will be default disabled but allows them to disable token expiration enforcement. The backport request is for GitLab version 16.11, 17.0, 17.1, and 17.2. See https://gitlab.com/gitlab-org/gitlab/-/issues/462157#note_2017380347 for leadership approval on the additional backport.
MR(s)
-
The same changes are already deployed to GitLab.com, and those MRs can be found in the Related Merge Requests table.
| MRs | Does this cleanly apply to the desired branch? | Is the MR ready for merge? | Test Platform has verified results? | Notes |
|---|---|---|---|---|
|
(17.3 (Master): gitlab-org/gitlab!158186 (merged) |
N/A | N/A | original addition for reference | |
|
|
||||
|
|
||||
|
|
||||
|
(16.11): gitlab-org/gitlab!161391 (merged) |
|
Backport Versions
| Version | Approval from Product (to confirm the bug justifies the upgrade cost) | Approval by Release Manager | Notes |
|---|---|---|---|
| 17.2 | |||
| 17.1 | |||
| 17.0 | |||
| 16.11 |
Does this bug potentially result in data loss?
This change will not result in dataloss but will skip token expiration enforcement which will allow the use of expired tokens.
Customer impact
On GitLab.com, we discovered that a large number of our customers were not prepared for the tokens to be expired. For self managed users are adding an instance setting allowing them to disable token expiration enforcement.
Product DRI - @hsutor *
Workaround
The work around is to use the scripts provided on https://docs.gitlab.com/ee/security/token_overview.html#troubleshooting page to manually extend token expiration.
@gitlab-org/release/managers please assign yourselves to this issue.