refactor: Follow-ups to glpat auto-revocation
What does this MR do and why?
Some cleanup follow-ups as documented in #371658 (comment 1175310397). See each commit for individual change explanation. Summary:
- chore: Cleanup
revocation_permitted?check to better represent permission attribution and callback tosourceasself - chore: Deduplicate revocation of glpat tokens to prevent excess revocations of the same token regardless of occurrences in a pipeline report
- chore: Add explanatory code comment to revocation svc key type
- feat: Improve audit trail with
User.security_botattribution on auto-revocation - feat: Include explanatory comment on Vulnerability page attributing auto-revocation
Screenshots
feat: Improve audit trail with User.security_bot attribution on auto-revocation
| before | after |
|---|---|
 |
 |
feat: Include explanatory comment on Vulnerability page attributing auto-revocation
Note that the state should remain "needs triage" for awareness, only the comment is added
| before | after |
|---|---|
 |
 |
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Lucas Charles