Skip to content

Add a service for token revocation

Saikat Sarkar requested to merge token-revocation into master

What does this MR do?

This MR is related to the issue: https://gitlab.com/gitlab-org/gitlab/-/issues/270211. In this MR, we are going to add a service which calls APIs for revoking keys(AWS key id, AWS secret, etc).

Screenshots (strongly suggested)

rake db:migrate

➜  gitlab git:(token-revocation) ✗ bin/rake db:migrate
WARNING: This version of GitLab depends on gitlab-shell 13.12.0, but you're running 13.11.0. Please update gitlab-shell.
== 20201109180311 AddSecretDetectionRevocationTokenTypesApplicationSettings: migrating
-- add_column(:application_settings, :secret_detection_revocation_token_types_url, :text, {:null=>true})
   -> 0.0015s
== 20201109180311 AddSecretDetectionRevocationTokenTypesApplicationSettings: migrated (0.0015s)

== 20201109184023 AddTextLimitToSecretDetectionRevocationTokenTypesApplicationSettings: migrating
-- transaction_open?()
   -> 0.0000s
-- current_schema()
   -> 0.0002s
-- execute("ALTER TABLE application_settings\nADD CONSTRAINT check_a5704163cc\nCHECK ( char_length(secret_detection_revocation_token_types_url) <= 255 )\nNOT VALID;\n")
   -> 0.0011s
-- current_schema()
   -> 0.0002s
-- execute("SET statement_timeout TO 0")
   -> 0.0002s
-- execute("ALTER TABLE application_settings VALIDATE CONSTRAINT check_a5704163cc;")
   -> 0.0007s
-- execute("RESET ALL")
   -> 0.0002s
== 20201109184023 AddTextLimitToSecretDetectionRevocationTokenTypesApplicationSettings: migrated (0.0073s)

rake db:rollback

➜  gitlab git:(token-revocation) ✗ bin/rake db:rollback STEP=2
WARNING: This version of GitLab depends on gitlab-shell 13.12.0, but you're running 13.11.0. Please update gitlab-shell.
== 20201109184023 AddTextLimitToSecretDetectionRevocationTokenTypesApplicationSettings: reverting
-- execute("ALTER TABLE application_settings\nDROP CONSTRAINT IF EXISTS check_a5704163cc\n")
   -> 0.0013s
== 20201109184023 AddTextLimitToSecretDetectionRevocationTokenTypesApplicationSettings: reverted (0.0054s)

== 20201109180311 AddSecretDetectionRevocationTokenTypesApplicationSettings: reverting
-- remove_column(:application_settings, :secret_detection_revocation_token_types_url)
   -> 0.0007s
== 20201109180311 AddSecretDetectionRevocationTokenTypesApplicationSettings: reverted (0.0008s)

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • [-] Label as security and @ mention @gitlab-com/gl-security/appsec
  • [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • [-] Security reports checked/validated by a reviewer from the AppSec team
Edited by Mayra Cabrera

Merge request reports

Loading