API for instance level Public Deploy Keys
Proposal
As an admin it is possible to create public deploy keys on instance level of GitLab. Admins can then grant projects access to use these deploy keys.
Although this is possible in the UI, there is no API to perform the same action. The proposal is to extend the Deploy Keys API to also include these instance wide public deploy keys.
We already have a GET /deploy_keys API endpoint. Implement a POST /deploy_keys endpoint, similar to https://docs.gitlab.com/ee/api/deploy_keys.html#add-deploy-key with key, title and expires_at (optional) fields.
Ensure that this endpoint is available for admin users only. Return Unauthorized otherwise.
This feature request is also a pre-requisite to implement this issue to support public deploy keys in the GitLab Terraform provider.
Implementation Guide
The above proposal already contains plenty of the user-facing and UX details required to implement the API endpoint. From an implementation perspective here are a few pointers:
- The Admin UI uses the
DeployKeys::CreateServiceto create deploy keys. The new API endpoint can do the same. - The new Deploy Key API endpoint must be implemented here
- The specs for it here
- The Deploy Key API endpoint should use the
authenticated_as_admin!helper - The documentation for the new Deploy Key API endpoint should be added here
- Also have a look at the API Style Guide and how to document REST API endpoints.
Don't hesitate to ping @timofurrer or @nagyv-gitlab in comments in this issue or an eventual MR in case of questions, review requests or anything else.