Project Level Access Tokens / Project Bots [BE]
Problem
Please see the problem statement outlined in the epic.
Proposal
Please see: #209276 (closed) and the acceptance criteria.
Note that this effort is dependent on #22754 (closed) and #15666 (closed) which are due to be completed by the Access team in parallel to the Spaces group's portion of the work.
Technical Implementation
The idea is to create a Project Bot user under the hood, when there's a request to generate a Project Level Access token.
This type of user will have:
- Access to api
- No access to UI
- No notifications (since we pre-set email)
- Have access to git
- Be able to use slash commands
- Be a Maintainer in the project
Breaking the task into two parts:
-
Introduce Project bot users (MR: !28169 (merged)) -
Add Service to create a Project bot user with permissions mentioned in the above section (MR: !28621 (merged)) -
Add an internal api for creation for project level access token - API requirements as listed in the below section (MR: !29086 (closed))
Frontend Integration Requirements
Variables exposed to HAML
-
@project_access_token- Project access token model -
@scopes- Available scopes -
@active_project_access_tokens- Active project access tokens -
@inactive_project_access_tokens- Inactive project access tokens -
@new_project_access_token- New project access token when form is successfully submitted
Endpoints/Actions
Feel free to name the actions however makes the most sense in the backend
| Endpoint | Action | Used for | Form Params (if applicable) | Response |
|---|---|---|---|---|
GET |
index |
Displaying form and access token table | HTML |
|
POST |
create |
Submit form for new project access token | { name: name, scopes: [], expires_at: date } | HTML |
PUT |
revoke |
Revoking token | HTML |
Edited by Aishwarya Subramanian