Add revoked on to PAT credentials inventory

This adds a revoked PAT credentials
column to the credentials inventory.

ee/app/controllers/concerns/credentials_inventory_actions.rb

@@ -14,7 +14,7 @@ module CredentialsInventoryActions
 
   def filter_credentials
     if show_personal_access_tokens?
-      ::PersonalAccessTokensFinder.new({ user: users, impersonation: false, state: 'active', sort: 'id_desc' }).execute
+      ::PersonalAccessTokensFinder.new({ user: users, impersonation: false, sort: 'id_desc' }).execute
     elsif show_ssh_keys?
       ::KeysFinder.new({ users: users, key_type: 'ssh' }).execute
     end

ee/app/views/shared/credentials_inventory/_personal_access_tokens.html.haml

@@ -4,5 +4,6 @@
     .table-section.section-30{ role: 'rowheader' }= _('Scope')
     .table-section.section-10{ role: 'rowheader' }= _('Created On')
     .table-section.section-10{ role: 'rowheader' }= _('Expiration')
+    .table-section.section-10{ role: 'rowheader' }= _('Revoked')
 
   = render partial: 'shared/credentials_inventory/personal_access_tokens/personal_access_token', collection: credentials

ee/app/views/shared/credentials_inventory/personal_access_tokens/_personal_access_token.html.haml

@@ -7,7 +7,7 @@
   .table-section.section-30
     .table-mobile-header{ role: 'rowheader' }
       = _('Scope')
-    .table-mobile-content
+    .table-mobile-content.ws-normal
       - scopes = personal_access_token.scopes
       = scopes.present? ? scopes.join(", ") : _('No Scopes')
   .table-section.section-10
@@ -23,3 +23,10 @@
         = personal_access_token.expires_at
       - else
         = _('Never')
+  .table-section.section-10
+    .table-mobile-header{ role: 'rowheader' }
+      = _('Revoked')
+    .table-mobile-content
+      - if personal_access_token.revoked?
+        -# We're inferring the revoked date from the last updated_at, see https://gitlab.com/gitlab-org/gitlab/-/issues/218046#note_362875952
+        = personal_access_token.updated_at.to_date

ee/changelogs/unreleased/218046-add-revoked-on-to-credentials-inventory.yml

+---
+title: Show revoked date in credentials inventory for personal access tokens
+merge_request: 35251
+author:
+type: changed

ee/spec/features/admin/admin_credentials_inventory_spec.rb

@@ -45,21 +45,9 @@ RSpec.describe 'Admin::CredentialsInventory' do
 
     context 'filtering' do
       context 'by Personal Access Tokens' do
-        before do
-          create(:personal_access_token,
-            user: create(:user, name: 'David'),
-            created_at: '2019-12-10',
-            expires_at: nil)
-
-          visit admin_credentials_path(filter: 'personal_access_tokens')
-        end
+        let(:credentials_path) { admin_credentials_path(filter: 'personal_access_tokens') }
 
-        it 'shows details of personal access tokens' do
-          expect(first_row.text).to include('David')
-          expect(first_row.text).to include('api')
-          expect(first_row.text).to include('2019-12-10')
-          expect(first_row.text).to include('Never')
-        end
+        it_behaves_like 'credentials inventory personal access tokens'
       end
 
       context 'by SSH Keys' do

ee/spec/features/groups/groups_security_credentials_spec.rb

@@ -42,21 +42,9 @@ RSpec.describe 'Groups::Security::Credentials' do
 
     context 'filtering' do
       context 'by Personal Access Tokens' do
-        before do
-          create(:personal_access_token,
-            user: managed_user,
-            created_at: '2019-12-10',
-            expires_at: nil)
-
-          visit group_security_credentials_path(group_id: group_id, filter: 'personal_access_tokens')
-        end
+        let(:credentials_path) { group_security_credentials_path(group_id: group_id, filter: 'personal_access_tokens') }
 
-        it 'shows details of personal access tokens' do
-          expect(first_row.text).to include('David')
-          expect(first_row.text).to include('api')
-          expect(first_row.text).to include('2019-12-10')
-          expect(first_row.text).to include('Never')
-        end
+        it_behaves_like 'credentials inventory personal access tokens', group_managed_account: true
       end
 
       context 'by SSH Keys' do

ee/spec/support/shared_examples/features/credentials_inventory_shared_examples.rb

+# frozen_string_literal: true
+
+RSpec.shared_examples_for 'credentials inventory personal access tokens' do |group_managed_account: false|
+  let_it_be(:user) { group_managed_account ? managed_user : create(:user, name: 'David') }
+
+  context 'when a personal access token is active' do
+    before do
+      create(:personal_access_token,
+        user: user,
+        created_at: '2019-12-10',
+        updated_at: '2020-06-22',
+        expires_at: nil)
+
+      visit credentials_path
+    end
+
+    it 'shows the details with no revoked date' do
+      expect(first_row.text).to include('David')
+      expect(first_row.text).to include('api')
+      expect(first_row.text).to include('2019-12-10')
+      expect(first_row.text).to include('Never')
+      expect(first_row.text).not_to include('2020-06-22')
+    end
+  end
+
+  context 'when a personal access token is revoked' do
+    before do
+      create(:personal_access_token,
+        :revoked,
+        user: user,
+        created_at: '2019-12-10',
+        updated_at: '2020-06-22',
+        expires_at: nil)
+
+      visit credentials_path
+    end
+
+    it 'shows the details with a revoked date' do
+      expect(first_row.text).to include('David')
+      expect(first_row.text).to include('api')
+      expect(first_row.text).to include('2019-12-10')
+      expect(first_row.text).to include('2020-06-22')
+    end
+  end
+end

locale/gitlab.pot

@@ -19531,6 +19531,9 @@ msgstr ""
 msgid "Revoke"
 msgstr ""
 
+msgid "Revoked"
+msgstr ""
+
 msgid "Revoked impersonation token %{token_name}!"
 msgstr ""