Commit df535ca4 authored by Steve Abrams's avatar Steve Abrams

Add group deploy tokens list API endpoint

Add endpoint for returning all group deploy
tokens within a given group.
parent 4308790b
...@@ -94,6 +94,7 @@ class GroupPolicy < BasePolicy ...@@ -94,6 +94,7 @@ class GroupPolicy < BasePolicy
enable :update_cluster enable :update_cluster
enable :admin_cluster enable :admin_cluster
enable :destroy_deploy_token enable :destroy_deploy_token
enable :read_deploy_token
end end
rule { owner }.policy do rule { owner }.policy do
......
---
title: Add api endpoint for listing deploy tokens for a group
merge_request: 25219
author:
type: added
...@@ -2,6 +2,8 @@ ...@@ -2,6 +2,8 @@
## List all deploy tokens ## List all deploy tokens
> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/21811) in GitLab 12.9.
Get a list of all deploy tokens across the GitLab instance. This endpoint requires admin access. Get a list of all deploy tokens across the GitLab instance. This endpoint requires admin access.
```plaintext ```plaintext
...@@ -37,6 +39,8 @@ Project deploy token API endpoints require project maintainer access or higher. ...@@ -37,6 +39,8 @@ Project deploy token API endpoints require project maintainer access or higher.
### List project deploy tokens ### List project deploy tokens
> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/21811) in GitLab 12.9.
Get a list of a project's deploy tokens. Get a list of a project's deploy tokens.
```plaintext ```plaintext
...@@ -113,8 +117,49 @@ Example response: ...@@ -113,8 +117,49 @@ Example response:
These endpoints require group maintainer access or higher. These endpoints require group maintainer access or higher.
### List group deploy deploy tokens
> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/21811) in GitLab 12.9.
Get a list of a group's deploy tokens
```
GET /groups/:id/deploy_tokens
```
Parameters:
| Attribute | Type | Required | Description |
|:---------------|:---------------|:---------|:-----------------------------------------------------------------------------|
| `id` | integer/string | yes | ID or [URL-encoded path of the project](README.md#namespaced-path-encoding). |
Example request:
```shell
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/1/deploy_tokens"
```
Example response:
```json
[
{
"id": 1,
"name": "MyToken",
"username": "gitlab+deploy-token-1",
"expires_at": "2020-02-14T00:00:00.000Z",
"scopes": [
"read_repository",
"read_registry"
]
}
]
```
### Delete a group deploy token ### Delete a group deploy token
> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/21811) in GitLab 12.9.
Removes a deploy token from the group. Removes a deploy token from the group.
``` ```
......
...@@ -23,6 +23,8 @@ module API ...@@ -23,6 +23,8 @@ module API
use :pagination use :pagination
end end
get 'deploy_tokens' do get 'deploy_tokens' do
service_unavailable! unless Feature.enabled?(:deploy_tokens_api, default_enabled: true)
authenticated_as_admin! authenticated_as_admin!
present paginate(DeployToken.all), with: Entities::DeployToken present paginate(DeployToken.all), with: Entities::DeployToken
...@@ -32,6 +34,10 @@ module API ...@@ -32,6 +34,10 @@ module API
requires :id, type: Integer, desc: 'The ID of a project' requires :id, type: Integer, desc: 'The ID of a project'
end end
resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
before do
service_unavailable! unless Feature.enabled?(:deploy_tokens_api, user_project, default_enabled: true)
end
params do params do
use :pagination use :pagination
end end
...@@ -71,6 +77,23 @@ module API ...@@ -71,6 +77,23 @@ module API
requires :id, type: Integer, desc: 'The ID of a group' requires :id, type: Integer, desc: 'The ID of a group'
end end
resource :groups, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do resource :groups, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
before do
service_unavailable! unless Feature.enabled?(:deploy_tokens_api, user_group, default_enabled: true)
end
params do
use :pagination
end
desc 'List deploy tokens for a group' do
detail 'This feature was introduced in GitLab 12.9'
success Entities::DeployToken
end
get ':id/deploy_tokens' do
authorize!(:read_deploy_token, user_group)
present paginate(user_group.deploy_tokens), with: Entities::DeployToken
end
desc 'Delete a group deploy token' do desc 'Delete a group deploy token' do
detail 'This feature was introduced in GitLab 12.9' detail 'This feature was introduced in GitLab 12.9'
end end
......
...@@ -10,12 +10,24 @@ describe API::DeployTokens do ...@@ -10,12 +10,24 @@ describe API::DeployTokens do
let!(:deploy_token) { create(:deploy_token, projects: [project]) } let!(:deploy_token) { create(:deploy_token, projects: [project]) }
let!(:group_deploy_token) { create(:deploy_token, :group, groups: [group]) } let!(:group_deploy_token) { create(:deploy_token, :group, groups: [group]) }
shared_examples 'with feature flag disabled' do
context 'disabled feature flag' do
before do
stub_feature_flags(deploy_tokens_api: false)
end
it { is_expected.to have_gitlab_http_status(:service_unavailable) }
end
end
describe 'GET /deploy_tokens' do describe 'GET /deploy_tokens' do
subject do subject do
get api('/deploy_tokens', user) get api('/deploy_tokens', user)
response response
end end
it_behaves_like 'with feature flag disabled'
context 'when unauthenticated' do context 'when unauthenticated' do
let(:user) { nil } let(:user) { nil }
...@@ -69,6 +81,8 @@ describe API::DeployTokens do ...@@ -69,6 +81,8 @@ describe API::DeployTokens do
project.add_maintainer(user) project.add_maintainer(user)
end end
it_behaves_like 'with feature flag disabled'
it { is_expected.to have_gitlab_http_status(:ok) } it { is_expected.to have_gitlab_http_status(:ok) }
it 'returns all deploy tokens for the project' do it 'returns all deploy tokens for the project' do
...@@ -87,6 +101,53 @@ describe API::DeployTokens do ...@@ -87,6 +101,53 @@ describe API::DeployTokens do
end end
end end
describe 'GET /groups/:id/deploy_tokens' do
subject do
get api("/groups/#{group.id}/deploy_tokens", user)
response
end
context 'when unauthenticated' do
let(:user) { nil }
it { is_expected.to have_gitlab_http_status(:forbidden) }
end
context 'when authenticated as non-admin user' do
before do
group.add_developer(user)
end
it { is_expected.to have_gitlab_http_status(:forbidden) }
end
context 'when authenticated as maintainer' do
let!(:other_deploy_token) { create(:deploy_token, :group) }
before do
group.add_maintainer(user)
end
it_behaves_like 'with feature flag disabled'
it { is_expected.to have_gitlab_http_status(:ok) }
it 'returns all deploy tokens for the group' do
subject
expect(response).to include_pagination_headers
expect(response).to match_response_schema('public_api/v4/deploy_tokens')
end
it 'does not return deploy tokens for other groups' do
subject
token_ids = json_response.map { |token| token['id'] }
expect(token_ids).not_to include(other_deploy_token.id)
end
end
end
describe 'DELETE /groups/:id/deploy_tokens/:token_id' do describe 'DELETE /groups/:id/deploy_tokens/:token_id' do
subject do subject do
delete api("/groups/#{group.id}/deploy_tokens/#{group_deploy_token.id}", user) delete api("/groups/#{group.id}/deploy_tokens/#{group_deploy_token.id}", user)
...@@ -119,10 +180,10 @@ describe API::DeployTokens do ...@@ -119,10 +180,10 @@ describe API::DeployTokens do
end end
context 'invalid request' do context 'invalid request' do
it 'returns bad request with invalid group id' do it 'returns not found with invalid group id' do
delete api("/groups/bad_id/deploy_tokens/#{group_deploy_token.id}", user) delete api("/groups/bad_id/deploy_tokens/#{group_deploy_token.id}", user)
expect(response).to have_gitlab_http_status(:bad_request) expect(response).to have_gitlab_http_status(:not_found)
end end
it 'returns not found with invalid deploy token id' do it 'returns not found with invalid deploy token id' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment