Commit 0e0563cf authored by Michael Kozono's avatar Michael Kozono

Merge branch '21811-group-create-deploy-tokens' into 'master'

API endpoint for creating group deploy tokens

See merge request gitlab-org/gitlab!25629
parents 46f70b20 4d8ed076
...@@ -95,6 +95,7 @@ class GroupPolicy < BasePolicy ...@@ -95,6 +95,7 @@ class GroupPolicy < BasePolicy
enable :admin_cluster enable :admin_cluster
enable :destroy_deploy_token enable :destroy_deploy_token
enable :read_deploy_token enable :read_deploy_token
enable :create_deploy_token
end end
rule { owner }.policy do rule { owner }.policy do
......
---
title: Add api endpoint for creating group deploy tokens
merge_request: 25629
author:
type: added
...@@ -156,6 +156,45 @@ Example response: ...@@ -156,6 +156,45 @@ Example response:
] ]
``` ```
### Create a group deploy token
> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/21811) in GitLab 12.9.
Creates a new deploy token for a group.
```
POST /groups/:id/deploy_tokens
```
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the group](README.md#namespaced-path-encoding) owned by the authenticated user |
| `name` | string | yes | New deploy token's name |
| `expires_at` | datetime | no | Expiration date for the deploy token. Does not expire if no value is provided. |
| `username` | string | no | Username for deploy token. Default is `gitlab+deploy-token-{n}` |
| `scopes` | array of strings | yes | Indicates the deploy token scopes. Must be at least one of `read_repository` or `read_registry`. |
Example request:
```shell
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" --header "Content-Type: application/json" --data '{"name": "My deploy token", "expires_at": "2021-01-01", "username": "custom-user", "scopes": ["read_repository"]}' "https://gitlab.example.com/api/v4/groups/5/deploy_tokens/"
```
Example response:
```json
{
"id": 1,
"name": "My deploy token",
"username": "custom-user",
"expires_at": "2021-01-01T00:00:00.000Z",
"token": "jMRvtPNxrn3crTAGukpZ",
"scopes": [
"read_registry"
]
}
```
### Delete a group deploy token ### Delete a group deploy token
> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/21811) in GitLab 12.9. > [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/21811) in GitLab 12.9.
......
...@@ -31,7 +31,7 @@ module API ...@@ -31,7 +31,7 @@ module API
end end
params do params do
requires :id, type: Integer, desc: 'The ID of a project' requires :id, type: String, desc: 'The ID of a project'
end end
resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
before do before do
...@@ -74,7 +74,7 @@ module API ...@@ -74,7 +74,7 @@ module API
end end
params do params do
requires :id, type: Integer, desc: 'The ID of a group' requires :id, type: String, desc: 'The ID of a group'
end end
resource :groups, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do resource :groups, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
before do before do
...@@ -94,6 +94,27 @@ module API ...@@ -94,6 +94,27 @@ module API
present paginate(user_group.deploy_tokens), with: Entities::DeployToken present paginate(user_group.deploy_tokens), with: Entities::DeployToken
end end
params do
requires :name, type: String, desc: 'The name of the deploy token'
requires :expires_at, type: DateTime, desc: 'Expiration date for the deploy token. Does not expire if no value is provided.'
requires :username, type: String, desc: 'Username for deploy token. Default is `gitlab+deploy-token-{n}`'
requires :scopes, type: Array[String], values: ::DeployToken::AVAILABLE_SCOPES.map(&:to_s),
desc: 'Indicates the deploy token scopes. Must be at least one of "read_repository" or "read_registry".'
end
desc 'Create a group deploy token' do
detail 'This feature was introduced in GitLab 12.9'
success Entities::DeployTokenWithToken
end
post ':id/deploy_tokens' do
authorize!(:create_deploy_token, user_group)
deploy_token = ::Groups::DeployTokens::CreateService.new(
user_group, current_user, scope_params.merge(declared(params, include_missing: false, include_parent_namespaces: false))
).execute
present deploy_token, with: Entities::DeployTokenWithToken
end
desc 'Delete a group deploy token' do desc 'Delete a group deploy token' do
detail 'This feature was introduced in GitLab 12.9' detail 'This feature was introduced in GitLab 12.9'
end end
......
...@@ -195,56 +195,71 @@ describe API::DeployTokens do ...@@ -195,56 +195,71 @@ describe API::DeployTokens do
end end
end end
describe 'POST /projects/:id/deploy_tokens' do context 'deploy token creation' do
let(:params) do shared_examples 'creating a deploy token' do |entity, unauthenticated_response|
{ let(:params) do
name: 'Foo', {
expires_at: 1.year.from_now, name: 'Foo',
scopes: [ expires_at: 1.year.from_now,
'read_repository' scopes: [
], 'read_repository'
username: 'Bar' ],
} username: 'Bar'
end }
end
subject do context 'when unauthenticated' do
post api("/projects/#{project.id}/deploy_tokens", user), params: params let(:user) { nil }
response
end
context 'when unauthenticated' do it { is_expected.to have_gitlab_http_status(unauthenticated_response) }
let(:user) { nil } end
it { is_expected.to have_gitlab_http_status(:not_found) } context 'when authenticated as non-admin user' do
end before do
send(entity).add_developer(user)
end
context 'when authenticated as non-admin user' do it { is_expected.to have_gitlab_http_status(:forbidden) }
before do
project.add_developer(user)
end end
it { is_expected.to have_gitlab_http_status(:forbidden) } context 'when authenticated as maintainer' do
end before do
send(entity).add_maintainer(user)
end
context 'when authenticated as maintainer' do it 'creates the deploy token' do
before do expect { subject }.to change { DeployToken.count }.by(1)
project.add_maintainer(user)
end
it 'creates the deploy token' do expect(response).to have_gitlab_http_status(:created)
expect { subject }.to change { DeployToken.count }.by(1) expect(response).to match_response_schema('public_api/v4/deploy_token')
end
expect(response).to have_gitlab_http_status(:created) context 'with an invalid scope' do
expect(response).to match_response_schema('public_api/v4/deploy_token') before do
end params[:scopes] = %w[read_repository all_access]
end
context 'with an invalid scope' do it { is_expected.to have_gitlab_http_status(:bad_request) }
before do
params[:scopes] = %w[read_repository all_access]
end end
end
end
describe 'POST /projects/:id/deploy_tokens' do
subject do
post api("/projects/#{project.id}/deploy_tokens", user), params: params
response
end
it_behaves_like 'creating a deploy token', :project, :not_found
end
it { is_expected.to have_gitlab_http_status(:bad_request) } describe 'POST /groups/:id/deploy_tokens' do
subject do
post api("/groups/#{group.id}/deploy_tokens", user), params: params
response
end end
it_behaves_like 'creating a deploy token', :group, :forbidden
end end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment