Skip to content

Send email when resource access token about to expire

What does this MR do and why?

Relates to:

When a project bot's personal access tokens is about to expire, sends notification emails to all project bot group owners or project maintainers.

The email notification closely matches the format of the existing personal access token about to expire emails. See https://gitlab.com/gitlab-org/gitlab/-/blob/02746d336c364f3ad3297b5ece2efd38c75d336f/app/views/notify/access_token_about_to_expire_email.html.haml

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Plaintext

Screenshot_2023-08-28_at_3.53.24_PM

HTML

Screenshot_2023-08-28_at_3.53.39_PM

Database

The new association in Project matches one for owners in Group

SELECT
    users.*
FROM
    users
    JOIN members ON users.id = members.user_id
WHERE
    members.type = 'ProjectMember' AND
    members.source_id = 20 AND
    members.source_type = 'Project' AND
    members.requested_at IS NULL AND
    members.access_level = 40;

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

  1. Navigate to a test group or project -> Settings -> Access Tokens
  2. Create a new token and set expiration in a day or two.
  3. In a Rails console, manually execute the expiring worker: PersonalAccessTokens::ExpiringWorker.new.perform
  4. Load letter opener and observe the email: https://gdk.test:3443/rails/letter_opener.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Drew Blessing

Merge request reports

Loading