Adds a Cleanup class for unused still-active Personal Access Tokens
Unused active Personal Access Tokens pose a risk to organizations in that they may have been, or may be, leaked to unauthorized individuals. They are likely providing little / no current value because they are not actively being used, and should therefore be proactively revoked. This MR introduces a scope for identifying unused Personal Access Tokens. It also adds a class which, like other Cleanup classes, can be used in a "dry run" (default) or active mode. It provides logging, performant batched updates, and safe defaults. Ideally, tokens are created with a short expiry time. For everything else, there's Gitlab::Cleanup::UnusedPersonalAccessTokens. - https://gitlab.com/gitlab-org/gitlab/-/issues/369000 - https://gitlab.com/gitlab-org/gitlab/-/work_items/113164901 Changelog: added
显示
- app/models/personal_access_token.rb 1 个添加, 0 个删除app/models/personal_access_token.rb
- lib/gitlab/cleanup/unused_personal_access_tokens.rb 111 个添加, 0 个删除lib/gitlab/cleanup/unused_personal_access_tokens.rb
- spec/lib/gitlab/cleanup/unused_personal_access_tokens_spec.rb 137 个添加, 0 个删除.../lib/gitlab/cleanup/unused_personal_access_tokens_spec.rb
- spec/models/personal_access_token_spec.rb 35 个添加, 0 个删除spec/models/personal_access_token_spec.rb
加载中
想要评论请 注册 或 登录