Commit df535ca4 authored by Steve Abrams's avatar Steve Abrams

Add group deploy tokens list API endpoint

Add endpoint for returning all group deploy
tokens within a given group.
parent 4308790b
......@@ -94,6 +94,7 @@ class GroupPolicy < BasePolicy
enable :update_cluster
enable :admin_cluster
enable :destroy_deploy_token
enable :read_deploy_token
end
rule { owner }.policy do
......
---
title: Add api endpoint for listing deploy tokens for a group
merge_request: 25219
author:
type: added
......@@ -2,6 +2,8 @@
## List all deploy tokens
> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/21811) in GitLab 12.9.
Get a list of all deploy tokens across the GitLab instance. This endpoint requires admin access.
```plaintext
......@@ -37,6 +39,8 @@ Project deploy token API endpoints require project maintainer access or higher.
### List project deploy tokens
> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/21811) in GitLab 12.9.
Get a list of a project's deploy tokens.
```plaintext
......@@ -113,8 +117,49 @@ Example response:
These endpoints require group maintainer access or higher.
### List group deploy deploy tokens
> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/21811) in GitLab 12.9.
Get a list of a group's deploy tokens
```
GET /groups/:id/deploy_tokens
```
Parameters:
| Attribute | Type | Required | Description |
|:---------------|:---------------|:---------|:-----------------------------------------------------------------------------|
| `id` | integer/string | yes | ID or [URL-encoded path of the project](README.md#namespaced-path-encoding). |
Example request:
```shell
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/1/deploy_tokens"
```
Example response:
```json
[
{
"id": 1,
"name": "MyToken",
"username": "gitlab+deploy-token-1",
"expires_at": "2020-02-14T00:00:00.000Z",
"scopes": [
"read_repository",
"read_registry"
]
}
]
```
### Delete a group deploy token
> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/21811) in GitLab 12.9.
Removes a deploy token from the group.
```
......
......@@ -23,6 +23,8 @@ module API
use :pagination
end
get 'deploy_tokens' do
service_unavailable! unless Feature.enabled?(:deploy_tokens_api, default_enabled: true)
authenticated_as_admin!
present paginate(DeployToken.all), with: Entities::DeployToken
......@@ -32,6 +34,10 @@ module API
requires :id, type: Integer, desc: 'The ID of a project'
end
resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
before do
service_unavailable! unless Feature.enabled?(:deploy_tokens_api, user_project, default_enabled: true)
end
params do
use :pagination
end
......@@ -71,6 +77,23 @@ module API
requires :id, type: Integer, desc: 'The ID of a group'
end
resource :groups, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
before do
service_unavailable! unless Feature.enabled?(:deploy_tokens_api, user_group, default_enabled: true)
end
params do
use :pagination
end
desc 'List deploy tokens for a group' do
detail 'This feature was introduced in GitLab 12.9'
success Entities::DeployToken
end
get ':id/deploy_tokens' do
authorize!(:read_deploy_token, user_group)
present paginate(user_group.deploy_tokens), with: Entities::DeployToken
end
desc 'Delete a group deploy token' do
detail 'This feature was introduced in GitLab 12.9'
end
......
......@@ -10,12 +10,24 @@ describe API::DeployTokens do
let!(:deploy_token) { create(:deploy_token, projects: [project]) }
let!(:group_deploy_token) { create(:deploy_token, :group, groups: [group]) }
shared_examples 'with feature flag disabled' do
context 'disabled feature flag' do
before do
stub_feature_flags(deploy_tokens_api: false)
end
it { is_expected.to have_gitlab_http_status(:service_unavailable) }
end
end
describe 'GET /deploy_tokens' do
subject do
get api('/deploy_tokens', user)
response
end
it_behaves_like 'with feature flag disabled'
context 'when unauthenticated' do
let(:user) { nil }
......@@ -69,6 +81,8 @@ describe API::DeployTokens do
project.add_maintainer(user)
end
it_behaves_like 'with feature flag disabled'
it { is_expected.to have_gitlab_http_status(:ok) }
it 'returns all deploy tokens for the project' do
......@@ -87,6 +101,53 @@ describe API::DeployTokens do
end
end
describe 'GET /groups/:id/deploy_tokens' do
subject do
get api("/groups/#{group.id}/deploy_tokens", user)
response
end
context 'when unauthenticated' do
let(:user) { nil }
it { is_expected.to have_gitlab_http_status(:forbidden) }
end
context 'when authenticated as non-admin user' do
before do
group.add_developer(user)
end
it { is_expected.to have_gitlab_http_status(:forbidden) }
end
context 'when authenticated as maintainer' do
let!(:other_deploy_token) { create(:deploy_token, :group) }
before do
group.add_maintainer(user)
end
it_behaves_like 'with feature flag disabled'
it { is_expected.to have_gitlab_http_status(:ok) }
it 'returns all deploy tokens for the group' do
subject
expect(response).to include_pagination_headers
expect(response).to match_response_schema('public_api/v4/deploy_tokens')
end
it 'does not return deploy tokens for other groups' do
subject
token_ids = json_response.map { |token| token['id'] }
expect(token_ids).not_to include(other_deploy_token.id)
end
end
end
describe 'DELETE /groups/:id/deploy_tokens/:token_id' do
subject do
delete api("/groups/#{group.id}/deploy_tokens/#{group_deploy_token.id}", user)
......@@ -119,10 +180,10 @@ describe API::DeployTokens do
end
context 'invalid request' do
it 'returns bad request with invalid group id' do
it 'returns not found with invalid group id' do
delete api("/groups/bad_id/deploy_tokens/#{group_deploy_token.id}", user)
expect(response).to have_gitlab_http_status(:bad_request)
expect(response).to have_gitlab_http_status(:not_found)
end
it 'returns not found with invalid deploy token id' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment