Commit 8db7d214 authored by Steve Abrams's avatar Steve Abrams

Add endpoint for deleting project deploy tokens

API endpoint for deleting a deploy token for
a given project.
parent 0e0563cf
...@@ -315,6 +315,7 @@ class ProjectPolicy < BasePolicy ...@@ -315,6 +315,7 @@ class ProjectPolicy < BasePolicy
enable :read_deploy_token enable :read_deploy_token
enable :create_deploy_token enable :create_deploy_token
enable :read_pod_logs enable :read_pod_logs
enable :destroy_deploy_token
end end
rule { (mirror_available & can?(:admin_project)) | admin }.enable :admin_remote_mirror rule { (mirror_available & can?(:admin_project)) | admin }.enable :admin_remote_mirror
......
---
title: Add API endpoint for deleting project deploy tokens
merge_request: 25220
author:
type: added
...@@ -78,7 +78,7 @@ Example response: ...@@ -78,7 +78,7 @@ Example response:
### Create a project deploy token ### Create a project deploy token
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/21811) in GitLab 12.9. > [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/21811) in GitLab 12.9.
Creates a new deploy token for a project. Creates a new deploy token for a project.
...@@ -113,6 +113,27 @@ Example response: ...@@ -113,6 +113,27 @@ Example response:
} }
``` ```
### Delete a project deploy token
> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/21811) in GitLab 12.9.
Removes a deploy token from the project.
```
DELETE /projects/:id/deploy_tokens/:token_id
```
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user |
| `token_id` | integer | yes | The ID of the deploy token |
Example request:
```shell
curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/5/deploy_tokens/13"
```
## Group deploy tokens ## Group deploy tokens
These endpoints require group maintainer access or higher. These endpoints require group maintainer access or higher.
......
...@@ -71,6 +71,24 @@ module API ...@@ -71,6 +71,24 @@ module API
present deploy_token, with: Entities::DeployTokenWithToken present deploy_token, with: Entities::DeployTokenWithToken
end end
desc 'Delete a project deploy token' do
detail 'This feature was introduced in GitLab 12.9'
end
params do
requires :token_id, type: Integer, desc: 'The deploy token ID'
end
delete ':id/deploy_tokens/:token_id' do
authorize!(:destroy_deploy_token, user_project)
deploy_token = user_project.project_deploy_tokens
.find_by_deploy_token_id(params[:token_id])
not_found!('Deploy Token') unless deploy_token
deploy_token.destroy
no_content!
end
end end
params do params do
......
...@@ -52,7 +52,7 @@ describe ProjectPolicy do ...@@ -52,7 +52,7 @@ describe ProjectPolicy do
admin_snippet admin_project_member admin_note admin_wiki admin_project admin_snippet admin_project_member admin_note admin_wiki admin_project
admin_commit_status admin_build admin_container_image admin_commit_status admin_build admin_container_image
admin_pipeline admin_environment admin_deployment destroy_release add_cluster admin_pipeline admin_environment admin_deployment destroy_release add_cluster
daily_statistics read_deploy_token create_deploy_token daily_statistics read_deploy_token create_deploy_token destroy_deploy_token
] ]
end end
......
...@@ -148,21 +148,21 @@ describe API::DeployTokens do ...@@ -148,21 +148,21 @@ describe API::DeployTokens do
end end
end end
describe 'DELETE /groups/:id/deploy_tokens/:token_id' do describe 'DELETE /projects/:id/deploy_tokens/:token_id' do
subject do subject do
delete api("/groups/#{group.id}/deploy_tokens/#{group_deploy_token.id}", user) delete api("/projects/#{project.id}/deploy_tokens/#{deploy_token.id}", user)
response response
end end
context 'when unauthenticated' do context 'when unauthenticated' do
let(:user) { nil } let(:user) { nil }
it { is_expected.to have_gitlab_http_status(:forbidden) } it { is_expected.to have_gitlab_http_status(:not_found) }
end end
context 'when authenticated as non-admin user' do context 'when authenticated as non-admin user' do
before do before do
group.add_developer(user) project.add_developer(user)
end end
it { is_expected.to have_gitlab_http_status(:forbidden) } it { is_expected.to have_gitlab_http_status(:forbidden) }
...@@ -170,26 +170,26 @@ describe API::DeployTokens do ...@@ -170,26 +170,26 @@ describe API::DeployTokens do
context 'when authenticated as maintainer' do context 'when authenticated as maintainer' do
before do before do
group.add_maintainer(user) project.add_maintainer(user)
end end
it 'deletes the deploy token' do it { is_expected.to have_gitlab_http_status(:no_content) }
expect { subject }.to change { group.deploy_tokens.count }.by(-1)
expect(group.deploy_tokens).to be_empty it 'deletes the deploy token' do
expect { subject }.to change { project.deploy_tokens.count }.by(-1)
end end
context 'invalid request' do context 'invalid request' do
it 'returns not found with invalid group id' do it 'returns not found with invalid group id' do
delete api("/groups/bad_id/deploy_tokens/#{group_deploy_token.id}", user) delete api("/projects/bad_id/deploy_tokens/#{group_deploy_token.id}", user)
expect(response).to have_gitlab_http_status(:not_found) expect(response).to have_gitlab_http_status(:not_found)
end end
it 'returns not found with invalid deploy token id' do it 'returns bad_request with invalid token id' do
delete api("/groups/#{group.id}/deploy_tokens/bad_id", user) delete api("/projects/#{project.id}/deploy_tokens/123abc", user)
expect(response).to have_gitlab_http_status(:not_found) expect(response).to have_gitlab_http_status(:bad_request)
end end
end end
end end
...@@ -262,4 +262,51 @@ describe API::DeployTokens do ...@@ -262,4 +262,51 @@ describe API::DeployTokens do
it_behaves_like 'creating a deploy token', :group, :forbidden it_behaves_like 'creating a deploy token', :group, :forbidden
end end
end end
describe 'DELETE /groups/:id/deploy_tokens/:token_id' do
subject do
delete api("/groups/#{group.id}/deploy_tokens/#{group_deploy_token.id}", user)
response
end
context 'when unauthenticated' do
let(:user) { nil }
it { is_expected.to have_gitlab_http_status(:forbidden) }
end
context 'when authenticated as non-admin user' do
before do
group.add_developer(user)
end
it { is_expected.to have_gitlab_http_status(:forbidden) }
end
context 'when authenticated as maintainer' do
before do
group.add_maintainer(user)
end
it 'deletes the deploy token' do
expect { subject }.to change { group.deploy_tokens.count }.by(-1)
expect(group.deploy_tokens).to be_empty
end
context 'invalid request' do
it 'returns bad request with invalid group id' do
delete api("/groups/bad_id/deploy_tokens/#{group_deploy_token.id}", user)
expect(response).to have_gitlab_http_status(:not_found)
end
it 'returns not found with invalid deploy token id' do
delete api("/groups/#{group.id}/deploy_tokens/bad_id", user)
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment