Commit 4439a9f9 authored by Steve Abrams's avatar Steve Abrams

Add API endpoint for deleting group deploy tokens

API endpoint for deleting deploy tokens for a
given group.
parent 695f5206
......@@ -93,6 +93,7 @@ class GroupPolicy < BasePolicy
enable :create_cluster
enable :update_cluster
enable :admin_cluster
enable :destroy_deploy_token
end
rule { owner }.policy do
......
---
title: Add API endpoint for deleting group deploy tokens
merge_request: 25222
author:
type: added
......@@ -71,3 +71,26 @@ Example response:
}
]
```
## Group deploy tokens
These endpoints require group maintainer access or higher.
### Delete a group deploy token
Removes a deploy token from the group.
```
DELETE /groups/:id/deploy_tokens/:token_id
```
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user |
| `token_id` | integer | yes | The ID of the deploy token |
Example request:
```shell
curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/5/deploy_tokens/13"
```
......@@ -34,5 +34,22 @@ module API
present paginate(user_project.deploy_tokens), with: Entities::DeployToken
end
end
params do
requires :id, type: Integer, desc: 'The ID of a group'
end
resource :groups, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
desc 'Delete a group deploy token' do
detail 'This feature was introduced in GitLab 12.9'
end
delete ':id/deploy_tokens/:token_id' do
authorize!(:destroy_deploy_token, user_group)
deploy_token = user_group.group_deploy_tokens
.find_by_deploy_token_id!(params[:token_id])
destroy_conditionally!(deploy_token)
end
end
end
end
......@@ -3,10 +3,12 @@
require 'spec_helper'
describe API::DeployTokens do
let(:user) { create(:user) }
let(:creator) { create(:user) }
let(:project) { create(:project, creator_id: creator.id) }
let_it_be(:user) { create(:user) }
let_it_be(:creator) { create(:user) }
let_it_be(:project) { create(:project, creator_id: creator.id) }
let_it_be(:group) { create(:group) }
let!(:deploy_token) { create(:deploy_token, projects: [project]) }
let!(:group_deploy_token) { create(:deploy_token, :group, groups: [group]) }
describe 'GET /deploy_tokens' do
subject do
......@@ -84,4 +86,51 @@ describe API::DeployTokens do
end
end
end
describe 'DELETE /groups/:id/deploy_tokens/:token_id' do
subject do
delete api("/groups/#{group.id}/deploy_tokens/#{group_deploy_token.id}", user)
response
end
context 'when unauthenticated' do
let(:user) { nil }
it { is_expected.to have_gitlab_http_status(:forbidden) }
end
context 'when authenticated as non-admin user' do
before do
group.add_developer(user)
end
it { is_expected.to have_gitlab_http_status(:forbidden) }
end
context 'when authenticated as maintainer' do
before do
group.add_maintainer(user)
end
it 'deletes the deploy token' do
expect { subject }.to change { group.deploy_tokens.count }.by(-1)
expect(group.deploy_tokens).to be_empty
end
context 'invalid request' do
it 'returns bad request with invalid group id' do
delete api("/groups/bad_id/deploy_tokens/#{group_deploy_token.id}", user)
expect(response).to have_gitlab_http_status(:bad_request)
end
it 'returns not found with invalid deploy token id' do
delete api("/groups/#{group.id}/deploy_tokens/bad_id", user)
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment