Merge branch '21811-instance-deploy-tokens' into 'master'

Add DeployTokens instance API endpoint See merge request gitlab-org/gitlab!25066

Merge branch '21811-instance-deploy-tokens' into 'master'
Add DeployTokens instance API endpoint See merge request gitlab-org/gitlab!25066
035eacbb · Dylan Griffith · 66259a01 · 0b80cc3e · 035eacbb · 035eacbb
Commit 035eacbb authored Feb 20, 2020 by Dylan Griffith
6 changed files
--- a/changelogs/unreleased/21811-instance-deploy-tokens.yml
+++ b/changelogs/unreleased/21811-instance-deploy-tokens.yml
+---
+title: Add deploy tokens instance API endpoint
+merge_request: 25066
+author:
+type: added
--- a/doc/api/deploy_tokens.md
+++ b/doc/api/deploy_tokens.md
+# Deploy Tokens API
+
+## List all deploy tokens
+
+Get a list of all deploy tokens across all projects of the GitLab instance.
+
+>**Note:**
+> This endpoint requires admin access.
+
+```
+GET /deploy_tokens
+```
+
+```shell
+curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/deploy_tokens"
+```
+
+Example response:
+
+```json
+[
+  {
+    "id": 1,
+    "name": "MyToken",
+    "username": "gitlab+deploy-token-1",
+    "expires_at": "2020-02-14T00:00:00.000Z",
+    "token": "jMRvtPNxrn3crTAGukpZ",
+    "scopes": [
+      "read_repository",
+      "read_registry"
+    ]
+  }
+]
+```
--- a/lib/api/api.rb
+++ b/lib/api/api.rb
@@ -121,6 +121,7 @@ module API
      mount ::API::Commits
      mount ::API::CommitStatuses
      mount ::API::DeployKeys
+      mount ::API::DeployTokens
      mount ::API::Deployments
      mount ::API::Environments
      mount ::API::ErrorTracking

--- a/lib/api/deploy_tokens.rb
+++ b/lib/api/deploy_tokens.rb
+# frozen_string_literal: true
+
+module API
+  class DeployTokens < Grape::API
+    include PaginationParams
+
+    before { authenticated_as_admin! }
+
+    desc 'Return all deploy tokens' do
+      detail 'This feature was introduced in GitLab 12.9.'
+      success Entities::DeployToken
+    end
+    params do
+      use :pagination
+    end
+    get 'deploy_tokens' do
+      present paginate(DeployToken.all), with: Entities::DeployToken
+    end
+  end
+end
--- a/lib/api/entities/deploy_token.rb
+++ b/lib/api/entities/deploy_token.rb
+# frozen_string_literal: true
+
+module API
+  module Entities
+    class DeployToken < Grape::Entity
+      expose :id, :name, :username, :expires_at, :token, :scopes
+    end
+  end
+end
--- a/spec/requests/api/deploy_tokens_spec.rb
+++ b/spec/requests/api/deploy_tokens_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe API::DeployTokens do
+  let(:creator)       { create(:user) }
+  let(:project)       { create(:project, creator_id: creator.id) }
+  let!(:deploy_token) { create(:deploy_token, projects: [project]) }
+
+  describe 'GET /deploy_tokens' do
+    subject { get api('/deploy_tokens', user) }
+
+    context 'when unauthenticated' do
+      let(:user) { nil }
+
+      it 'rejects the response as unauthorized' do
+        subject
+
+        expect(response).to have_gitlab_http_status(:unauthorized)
+      end
+    end
+
+    context 'when authenticated as non-admin user' do
+      let(:user) { creator }
+
+      it 'rejects the response as forbidden' do
+        subject
+
+        expect(response).to have_gitlab_http_status(:forbidden)
+      end
+    end
+
+    context 'when authenticated as admin' do
+      let(:user) { create(:admin) }
+
+      it 'returns all deploy tokens' do
+        subject
+
+        expect(response).to have_gitlab_http_status(:ok)
+        expect(response).to include_pagination_headers
+        expect(json_response).to be_an Array
+        expect(json_response.first['id']).to eq(deploy_token.id)
+      end
+    end
+  end
+end