token service: Handle unrecovable, expiring tokens

Artifactory servers have a global configuration
`minimum-revocable-expiry` which dictates that any token whose expiry is
less than the global minimum cannot be revoked and must expire
naturally. [1]

If the revoke API is used on a token who expiry is less than
minimum-revocable-expiry then Artifactory appears to return a 500 status
code, although this is undocumented.

The plugin is unaware of this configuration and will optimistically
attempt to revoke tokens and assume it is no revocable if such an error
occurs.

1: https://www.jfrog.com/confluence/display/ACC/Access+Tokens#AccessTokens-GeneratingExpirableTokens

Author: jsok

pkg/token/service.go

@@ -117,6 +117,11 @@ func (s *AccessTokenService) RevokeToken(req *RevokeTokenRequest) error {
 	if err != nil {
 		return err
 	}
+
+	// This usually means that the token is not revocable
+	if resp.StatusCode == http.StatusInternalServerError {
+		return nil
+	}
 	if resp.StatusCode != http.StatusOK {
 		return errorutils.CheckError(errors.New("Artifactory response: " + resp.Status + "\n" + clientutils.IndentJson(body)))
 	}

pkg/token/service_test.go

@@ -132,6 +132,13 @@ func TestRevokeToken(t *testing.T) {
 				w.WriteHeader(http.StatusOK)
 			},
 		},
+		{
+			true,
+			&RevokeTokenRequest{Token: "unrevocable-token"},
+			func(w http.ResponseWriter, r *http.Request) {
+				w.WriteHeader(http.StatusInternalServerError)
+			},
+		},
 		{
 			false,
 			&RevokeTokenRequest{Token: "fake-token"},