Class: Gitlab::Cleanup::PersonalAccessTokens

Inherits:

Object

• Object
• Gitlab::Cleanup::PersonalAccessTokens

Defined in:

lib/gitlab/cleanup/personal_access_tokens.rb

Constant Summary

DEFAULT_TIME_PERIOD =

By default tokens that haven’t been used for over 1 year will be revoked

1.year

MINIMUM_TIME_PERIOD =

To prevent inadvertently revoking all tokens, we provide a minimum time

1.day

Instance Attribute Summary

• #cut_off_date ⇒ Object readonly

  Returns the value of attribute cut_off_date.

• #group ⇒ Object readonly

  Returns the value of attribute group.

• #logger ⇒ Object readonly

  Returns the value of attribute logger.

• #revocation_time ⇒ Object readonly

  Returns the value of attribute revocation_time.

Instance Method Summary

• #initialize(cut_off_date: DEFAULT_TIME_PERIOD.ago.beginning_of_day, logger: nil, group_full_path:) ⇒ PersonalAccessTokens constructor

  A new instance of PersonalAccessTokens.

• #run!(dry_run: true, revoke_active_tokens: false) ⇒ Object

Constructor Details

#initialize(cut_off_date: DEFAULT_TIME_PERIOD.ago.beginning_of_day, logger: nil, group_full_path:) ⇒ PersonalAccessTokens

Returns a new instance of PersonalAccessTokens.

# File 'lib/gitlab/cleanup/personal_access_tokens.rb', line 13

def initialize(cut_off_date: DEFAULT_TIME_PERIOD.ago.beginning_of_day, logger: nil, group_full_path:)
  @cut_off_date = cut_off_date

  # rubocop: disable CodeReuse/ActiveRecord
  @group = Group.find_by_full_path(group_full_path)
  # rubocop: enable CodeReuse/ActiveRecord

  raise "Group with full_path #{group_full_path} not found" unless @group
  raise "Invalid time: #{@cut_off_date}" unless @cut_off_date <= MINIMUM_TIME_PERIOD.ago

  # Use a static revocation time to make correlation of revoked
  # tokens easier, should it be needed.
  @revocation_time = Time.current.utc
  @logger = logger || Gitlab::AppJsonLogger

  raise "Invalid logger: #{@logger}" unless @logger.respond_to?(:info) && @logger.respond_to?(:warn)
end

Instance Attribute Details

#cut_off_date ⇒ Object (readonly)

Returns the value of attribute cut_off_date.

# File 'lib/gitlab/cleanup/personal_access_tokens.rb', line 11

def cut_off_date
  @cut_off_date
end

#group ⇒ Object (readonly)

Returns the value of attribute group.

# File 'lib/gitlab/cleanup/personal_access_tokens.rb', line 11

def group
  @group
end

#logger ⇒ Object (readonly)

Returns the value of attribute logger.

# File 'lib/gitlab/cleanup/personal_access_tokens.rb', line 11

def logger
  @logger
end

#revocation_time ⇒ Object (readonly)

Returns the value of attribute revocation_time.

# File 'lib/gitlab/cleanup/personal_access_tokens.rb', line 11

def revocation_time
  @revocation_time
end

Instance Method Details

#run!(dry_run: true, revoke_active_tokens: false) ⇒ Object

# File 'lib/gitlab/cleanup/personal_access_tokens.rb', line 31

def run!(dry_run: true, revoke_active_tokens: false)
  # rubocop:disable Rails/Output
  if dry_run
    puts "Dry running. No changes will be made"
  elsif revoke_active_tokens
    puts "Revoking used and unused access tokens created before #{cut_off_date}..."
  else
    puts "Revoking access tokens last used and created before #{cut_off_date}..."
  end
  # rubocop:enable Rails/Output

  tokens_to_revoke = revocable_tokens(revoke_active_tokens)

  # rubocop:disable Cop/InBatches
  tokens_to_revoke.in_batches do |access_tokens|
    revoke_batch(access_tokens, dry_run)
  end
  # rubocop:enable Cop/InBatches
end