Separate authentication parameters for pull mirroring via API
Proposal
In the current version of the GitLab API, pull mirroring can be added to a project via the /projects
endpoint by providing an import_url
and setting the paramter mirror
to true, as described in the docs
curl --request PUT --header "PRIVATE-TOKEN: <your_access_token>" \
--header "Content-Type: application/json" \
--data-urlencode 'mirror=true' \
--data-urlencode 'import_url=gitlab.example.com/group/project.git' \
--url "https://gitlab.example.com/api/v4/projects/:id"
If the remote repository is protected via basic auth (username & password), these can be provided as part of the URL:
"import_url": "https://username:token@gitlab.example.com/group/project.git"
Issues of the current implementation
The behavior of the REST API described above is not in line with the behavior of the app controller where username and password are provided in separate, using the import_url_user
and import_url_password
parameters.
In addition, encoding login credentials as part of the URL is broken, as described in #465311 (closed)
Proposed changes
We propose to add two new API parameters import_url_user
and import_url_password
to the /projects
endpoint if the REST API. Variable names are derived from the names used in the app controller.
In comparison to the current implementation, adding pull mirroring of a basic auth protected repository to a project would work like this:
curl --location --request PUT 'https://gitlab.example.com/api/v4/projects/:id' \
--header 'PRIVATE-TOKEN: glpat-<your_access_token>' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'mirror=true' \
--data-urlencode 'import_url=gitlab.example.com/group/project.git' \
--data-urlencode 'import_url_user=user@domain.org' \
--data-urlencode 'import_url_password=PasswordWithSpecialCh@rs'