Remove revoked agent tokens from API's
What does this MR do and why?
This excludes the revoked agent tokens from both the REST and GraphQL APIs. In detail, that means:
GraphQL API
| Query | Change |
|---|---|
ClusterAgent.tokens |
The resulting list only includes active agent tokens |
REST API
| Command | Endpoint | Change |
|---|---|---|
| List Tokens | GET /projects/:id/cluster_agents/:agent_id/tokens |
The resulting list only includes active agent tokens |
| Get Token | GET /projects/:id/cluster_agents/:agent_id/tokens/:token_id |
Returns a 404 if the agent token specified is revoked |
Issue: #382131 (closed)
Deprecation Issue (released in %15.8): #382129 (closed)
Screenshots or screen recordings
Setup
List of Agent Tokens with one revoked token
Tests
GraphQL API
| Query | Screenshot |
|---|---|
ClusterAgent.tokens |
 |
REST API
| Command | Screenshot |
|---|---|
| List Tokens |  |
| Get Token (Active) |  |
| Get Token (Revoked) |  |
How to set up and validate locally
Setup
- In an example project, navigate to Infrastructure -> Kubernetes clusters and register a new agent (there is no need to connect to a K8s cluster as we are just testing the tokens)
- Navigate to the new Agent's page, and go to the Agent Tokens tab
- Create several tokens, and revoke and of the token
Test
UI
Reload the Agent Tokens page in the setup, and verify that the revoked agent tokens are not displayed
API
Run the following commands in the terminal.
-
REST API - List Agent Tokens
curl -k -X GET \ --header "Authorization: Bearer $PERSONAL_ACCESS_TOKEN" \ "https://gdk.test:3443/api/v4/projects/:project_id/cluster_agents/:agent_id/tokens" \ | json_pp -json_opt pretty,canonical -
REST API - Get Agent Token
curl -k -X GET \ --header "Authorization: Bearer $PERSONAL_ACCESS_TOKEN" \ "https://gdk.test:3443/api/v4/projects/:project_Id/cluster_agents/:agent_id/tokens/:token_id" \ | json_pp -json_opt pretty,canonical -
GraphQL API -
ClusterAgent.tokenscurl "https://gdk.test:3443/api/graphql" \ -k -X POST \ --header "Authorization: Bearer $PERSONAL_ACCESS_TOKEN" \ --header "Content-Type: application/json" \ --data "{\"query\": \"query {project(fullPath: \\\"<project-full-path>\\\") {name clusterAgent(name: \\\"<agent-name>\\\") {name tokens {nodes {id name status}}}}}\"}" \ | json_pp -json_opt pretty,canonical
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Pam Artiaga