Draft: Add partner token verification service for Secret Detection
What does this MR do and why?
Add partner token verification service for Secret Detection
Implements the GitLab-side service for verifying partner platform tokens through the Secret Detection Response Service (SDRS).
-
Add PartnerTokenVerificationService to handle verification requests
- Validates prerequisites (feature flag, SDRS config, permissions)
- Generates JWT tokens for secure SDRS authentication
- Sends async verification requests with proper error handling
- Updates token status throughout the verification process
-
Add CreateOrUpdateService for managing FindingTokenStatus records
- Creates or updates token verification status
- Validates status transitions
- Maintains audit trail of verification attempts
-
Add comprehensive test coverage for both services
- Tests for various error scenarios
- Tests for JWT generation and SDRS communication
- Tests for status transitions and validations
This enables security teams to verify the status of leaked partner tokens, helping prioritize remediation efforts on active credentials.
EE: true
References
Screenshots or screen recordings
| Before | After |
|---|---|
How to set up and validate locally
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Related to #551363 (closed)