Make Service Account REST API usable for IaC
Service Accounts - We will be adding complete CRUD operations to our REST API for service accounts. These updates to the APIs are crucial to make proper use of Service Accounts in automation (where Service Accounts play a crucial role).
The currently documented REST API endpoints for the Service Account consists of:
- one to create a Service Account
- one to create an Access Token for a Service Account
- one to rotate an Access Token of a Service Account
While that's already "something", it's usually not enough to implement a proper Infrastructure as Code workflow - e.g. like it's used with Terraform. That means that we need the whole set of CR(U)D operations for those REST API "resources" (I'd consider the U
(update) as optional here):
- CR(U)D for Service Account
- CR(U)D for Service Account Access Token
... the rotate API for the Access Token, may be considered the "update" API of the Access Token ...
Even if the Service Account is currently an MVC those APIs are crucial to make proper use of Service Accounts in automation (where Service Accounts play a crucial role in). We also have users asking for it in the GitLab Terraform Provider, see New Resource - gitlab_service_account (terraform-provider-gitlab#5377)
As a side note, it would be really awesome if those API endpoints were documented according to our REST API documentation guidelines. At the moment it's hard to discover what the API is capable of (especially in terms of inputs and outputs).
Following updates for Service accounts functionality will be covered as part of this issue -
-
User Entity returned as part of API calls for service accounts should be same for both /groups/:id
and/service_accounts
urls -
Updated documentation for CRUD operations for - create instance-level service account
- list instance-level service accounts
- read instance-level service account
- rotate instance-level service account
- revoke instance-level service account
- create group-level service account
- read instance-level service account
- list group-level service accounts
- rotate group-level service account
- revoke group-level service account
-
Delete endpoint for Service accounts for a group owner for DELETE /groups/:id/service_accounts/:user_id
-
2nd Iteration for Listing all service accounts