Webhook event for Resource access token expiration
What does this MR do and why?
Webhook event for resource access token
expiration is added and webhook execution is configured for ExpiringWorker
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
For Project webhook
Before | After |
---|---|
For Group Webhook
Before | After |
---|---|
Webhook worker getting scheduled
How to set up and validate locally
- Configure a webhook for any project or group with Trigger as
Access Token Events
- I used https://webhook.site for the gdk setup to generate webhook url and test if the same is executed properly.
- Create a Project Access Token with expiry in next 3-4 days
- Execute
PersonalAccessTokens::ExpiringWorker.new.perform
from rails console - Check webhook.log for the execution logs or you can also try checking sidekiq logs to see if the webhook worker has been executed or not
Payload
For Groups
{
"object_kind": "access_token",
"group_id": 35,
"group": {
"group_name": "Twitter",
"group_path": "twitter",
"full_path": "twitter",
"group_id": 35
},
"object_attributes": {
"user_id": 92,
"created_at": "2024-01-29 09:08:33 UTC",
"id": 27,
"name": "test-token-34",
"expires_at": "2024-01-31"
},
"event_name": "expiring_access_token"
}
For Projects
{
"object_kind": "access_token",
"project_id": 7,
"project": {
"id": 7,
"name": "Flight",
"description": "Eum dolore maxime atque reprehenderit voluptatem.",
"web_url": "https://gdk.test:3443/flightjs/Flight",
"avatar_url": null,
"git_ssh_url": "ssh://git@gdk.test:2222/flightjs/Flight.git",
"git_http_url": "https://gdk.test:3443/flightjs/Flight.git",
"namespace": "Flightjs",
"visibility_level": 0,
"path_with_namespace": "flightjs/Flight",
"default_branch": "master",
"ci_config_path": null,
"homepage": "https://gdk.test:3443/flightjs/Flight",
"url": "ssh://git@gdk.test:2222/flightjs/Flight.git",
"ssh_url": "ssh://git@gdk.test:2222/flightjs/Flight.git",
"http_url": "https://gdk.test:3443/flightjs/Flight.git"
},
"object_attributes": {
"user_id": 90,
"created_at": "2024-01-24 16:27:40 UTC",
"id": 25,
"name": "acd",
"expires_at": "2024-01-26",
}
"event_name": "expiring_access_token"
}
Migrations
Rollback migration
**Query plans for personal access token query for bot users **
SELECT "personal_access_tokens"."id", "personal_access_tokens"."user_id" FROM "personal_access_tokens" LEFT OUTER JOIN "users" ON "users"."id" = "personal_access_tokens"."user_id" WHERE "personal_access_tokens"."impersonation" = FALSE AND (revoked = false AND expire_notification_delivered = false AND expires_at >= CURRENT_DATE AND expires_at <= '2024-02-20') AND "users"."user_type" = 6 LIMIT 100
https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/26196/commands/82440
Query plan for queries generated for newly added scope for user where we are preloading resources and tokens belonging to a user
SELECT "users".* FROM "users" WHERE "users"."id" IN (1, 70, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169)
https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/26608/commands/83302
SELECT "members".*,
"namespaces".*
FROM "members" LEFT OUTER JOIN "namespaces" ON "namespaces"."id" = "members"."source_id"
AND "namespaces"."type" = 'Group' WHERE "members"."source_type" = 'Namespace' AND "members"."type" = 'GroupMember'
AND "members"."requested_at" IS NULL AND (access_level >= 10) AND "namespaces"."type" = 'Group'
AND "members"."user_id" IN (1, 70, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169)
https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/26608/commands/83303
SELECT "members".* FROM "members" WHERE "members"."source_type" = 'Project'
AND "members"."type" = 'ProjectMember' AND "members"."requested_at" IS NULL
AND "members"."user_id" IN (1, 70, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169)
https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/26608/commands/83304
select "projects".* FROM "projects" WHERE "projects"."id" IN (1, 70, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169)
https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/26608/commands/83306
SELECT "personal_access_tokens".* FROM "personal_access_tokens" WHERE "personal_access_tokens"."user_id" IN (1, 70, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169)
https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/26608/commands/83305
** Query plan for updating PersonalAccessToken**
UPDATE "personal_access_tokens" SET "expire_notification_delivered" = TRUE WHERE "personal_access_tokens"."id" IN (1, 70, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169)
https://postgres.ai/console/gitlab/gitlab-production-tunnel-pg12/sessions/26608/commands/83307