Class: Gitlab::Cleanup::PersonalAccessTokens
- Inherits:
-
Object
- Object
- Gitlab::Cleanup::PersonalAccessTokens
- Defined in:
- lib/gitlab/cleanup/personal_access_tokens.rb
Constant Summary collapse
- DEFAULT_TIME_PERIOD =
By default tokens that haven’t been used for over 1 year will be revoked
1.year
- MINIMUM_TIME_PERIOD =
To prevent inadvertently revoking all tokens, we provide a minimum time
1.day
Instance Attribute Summary collapse
-
#cut_off_date ⇒ Object
readonly
Returns the value of attribute cut_off_date.
-
#group ⇒ Object
readonly
Returns the value of attribute group.
-
#logger ⇒ Object
readonly
Returns the value of attribute logger.
-
#revocation_time ⇒ Object
readonly
Returns the value of attribute revocation_time.
Instance Method Summary collapse
-
#initialize(cut_off_date: DEFAULT_TIME_PERIOD.ago.beginning_of_day, logger: nil, group_full_path:) ⇒ PersonalAccessTokens
constructor
A new instance of PersonalAccessTokens.
- #run!(dry_run: true, revoke_active_tokens: false) ⇒ Object
Constructor Details
#initialize(cut_off_date: DEFAULT_TIME_PERIOD.ago.beginning_of_day, logger: nil, group_full_path:) ⇒ PersonalAccessTokens
Returns a new instance of PersonalAccessTokens.
13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
# File 'lib/gitlab/cleanup/personal_access_tokens.rb', line 13 def initialize(cut_off_date: DEFAULT_TIME_PERIOD.ago.beginning_of_day, logger: nil, group_full_path:) @cut_off_date = cut_off_date # rubocop: disable CodeReuse/ActiveRecord @group = Group.find_by_full_path(group_full_path) # rubocop: enable CodeReuse/ActiveRecord raise "Group with full_path #{group_full_path} not found" unless @group raise "Invalid time: #{@cut_off_date}" unless @cut_off_date <= MINIMUM_TIME_PERIOD.ago # Use a static revocation time to make correlation of revoked # tokens easier, should it be needed. @revocation_time = Time.current.utc @logger = logger || Gitlab::AppJsonLogger raise "Invalid logger: #{@logger}" unless @logger.respond_to?(:info) && @logger.respond_to?(:warn) end |
Instance Attribute Details
#cut_off_date ⇒ Object (readonly)
Returns the value of attribute cut_off_date.
11 12 13 |
# File 'lib/gitlab/cleanup/personal_access_tokens.rb', line 11 def cut_off_date @cut_off_date end |
#group ⇒ Object (readonly)
Returns the value of attribute group.
11 12 13 |
# File 'lib/gitlab/cleanup/personal_access_tokens.rb', line 11 def group @group end |
#logger ⇒ Object (readonly)
Returns the value of attribute logger.
11 12 13 |
# File 'lib/gitlab/cleanup/personal_access_tokens.rb', line 11 def logger @logger end |
#revocation_time ⇒ Object (readonly)
Returns the value of attribute revocation_time.
11 12 13 |
# File 'lib/gitlab/cleanup/personal_access_tokens.rb', line 11 def revocation_time @revocation_time end |
Instance Method Details
#run!(dry_run: true, revoke_active_tokens: false) ⇒ Object
31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
# File 'lib/gitlab/cleanup/personal_access_tokens.rb', line 31 def run!(dry_run: true, revoke_active_tokens: false) # rubocop:disable Rails/Output if dry_run puts "Dry running. No changes will be made" elsif revoke_active_tokens puts "Revoking used and unused access tokens created before #{cut_off_date}..." else puts "Revoking access tokens last used and created before #{cut_off_date}..." end # rubocop:enable Rails/Output tokens_to_revoke = revocable_tokens(revoke_active_tokens) # rubocop:disable Cop/InBatches tokens_to_revoke.in_batches do |access_tokens| revoke_batch(access_tokens, dry_run) end # rubocop:enable Cop/InBatches end |