Deprecate GrafanaIntegration graphql token field

After making #token in GrafanaIntegration model private,
we have to depricate graphql filed and make it always return nil.

app/graphql/types/grafana_integration_type.rb

@@ -10,14 +10,19 @@ module Types
       description: 'Internal ID of the Grafana integration'
     field :grafana_url, GraphQL::STRING_TYPE, null: false,
       description: 'Url for the Grafana host for the Grafana integration'
-    field :token, GraphQL::STRING_TYPE, null: false,
-      description: 'API token for the Grafana integration'
     field :enabled, GraphQL::BOOLEAN_TYPE, null: false,
       description: 'Indicates whether Grafana integration is enabled'
-
     field :created_at, Types::TimeType, null: false,
           description: 'Timestamp of the issue\'s creation'
     field :updated_at, Types::TimeType, null: false,
           description: 'Timestamp of the issue\'s last activity'
+
+    field :token, GraphQL::STRING_TYPE, null: false,
+          deprecation_reason: 'Plain text token has been masked for security reasons',
+          description: 'API token for the Grafana integration. Field is permanently masked.'
+
+    def token
+      object.masked_token
+    end
   end
 end

changelogs/unreleased/security-fix-grafana-token-leaked-in-plain-to-other-maintainers.yml

 ---
-title: Prevent gafana integration token from being displayed as a plain text to other project maintainers, by only displaying a masked version of it.
+title: Prevent gafana integration token from being displayed as a plain text to other project maintainers, by only displaying a masked version of it. GraphQL api deprecate token field in GrafanaIntegration type.
 merge_request:
 author:
 type: security

doc/api/graphql/reference/gitlab_schema.graphql

@@ -2658,9 +2658,9 @@ type GrafanaIntegration {
   id: ID!
 
   """
-  API token for the Grafana integration
+  API token for the Grafana integration. Field is permanently masked.
   """
-  token: String!
+  token: String! @deprecated(reason: "Plain text token has been masked for security reasons")
 
   """
   Timestamp of the issue's last activity

doc/api/graphql/reference/gitlab_schema.json

@@ -17275,7 +17275,7 @@
             },
             {
               "name": "token",
-              "description": "API token for the Grafana integration",
+              "description": "API token for the Grafana integration. Field is permanently masked.",
               "args": [
 
               ],
@@ -17288,8 +17288,8 @@
                   "ofType": null
                 }
               },
-              "isDeprecated": false,
-              "deprecationReason": null
+              "isDeprecated": true,
+              "deprecationReason": "Plain text token has been masked for security reasons"
             },
             {
               "name": "updatedAt",

doc/api/graphql/reference/index.md

@@ -403,7 +403,7 @@ Autogenerated return type of EpicTreeReorder
 | `enabled` | Boolean! | Indicates whether Grafana integration is enabled |
 | `grafanaUrl` | String! | Url for the Grafana host for the Grafana integration |
 | `id` | ID! | Internal ID of the Grafana integration |
-| `token` | String! | API token for the Grafana integration |
+| `token` | String! | API token for the Grafana integration. Field is permanently masked. |
 | `updatedAt` | Time! | Timestamp of the issue's last activity |
 
 ## Group

spec/requests/api/graphql/project/grafana_integration_spec.rb

@@ -45,7 +45,7 @@ describe 'Getting Grafana Integration' do
 
       it_behaves_like 'a working graphql query'
 
-      it { expect(integration_data['token']).to eql grafana_integration.token }
+      it { expect(integration_data['token']).to eql grafana_integration.masked_token }
       it { expect(integration_data['grafanaUrl']).to eql grafana_integration.grafana_url }
 
       it do