Skip to content

Abstract CRUD services for pipeline trigger tokens (for reference)

Missy Davies requested to merge gitlab-community/gitlab:md-abstract-trigger-crud-services into master

What does this MR do and why?

Resolves #421383 (closed), working off of !128838 (diffs) as inspiration

This MR adds centralized service classes for pipeline trigger token CRUD in order to standardize behavior and reduce inconsistencies across different endpoints (GraphQL, REST, UI).

How to set up and validate locally

GraphQL

  1. Run gdk/gitpod server
  2. Navigate to http://127.0.0.1:3000/-/graphql-explorer
  3. Run CRUD mutations and verify the trigger token is properly mutated
# create
mutation {
  pipelineTriggerCreate(
    input: {projectPath: "toolbox/gitlab-smoke-tests", description:"A description"}
  ) {
    pipelineTrigger {
      id
      description
      lastUsed
      owner {
        id
      }
      hasTokenExposed
      token
      canAccessProject 
    }
    errors
  }
}

# update
mutation {
  pipelineTriggerUpdate(
    input: {id: "gid://gitlab/Ci::Trigger/52", description: "A great new description!" }
  ) {
    pipelineTrigger {
      id
      description
    }
    errors
  }
}

# delete
mutation {
  pipelineTriggerDelete(
    input: {id: "gid://gitlab/Ci::Trigger/51"}
  ) {
    errors
  }
}

REST

  1. Open your favorite api testing service, I used Postman
  2. Run CRUD endpoints and verify the trigger token is properly mutated
# Create -> POST 
http://127.0.0.1:3000/api/v4/projects/3/triggers?description="My new trigger"

# Update -> PUT
http://127.0.0.1:3000/api/v4/projects/3/triggers/52/?description="An updated description"

# Delete -> DELETE
http://127.0.0.1:3000/api/v4/projects/3/triggers/50

UI

  1. Run gdk/gitpod server
  2. Navigate to a Project > Settings > CI/CD
  3. Click to expand the section on Pipeline Triggers
  4. CRUD triggers using the UI, ensure functionality works as expected

Authorizations

Ensure only the owner of a trigger token is able to read and update:

  1. Navigate to the gdk admin area 127.0.0.1:3000/admin
  2. Impersonate any user
  3. Navigate to a project they're an owner/maintainer of
  4. Go to Settings > CI/CD > Pipeline Trigger Tokens and create a few trigger tokens
  5. Stop impersonating the user
  6. Run the various CRUD operations listed in the sections above for one of the tokens you created as the impersonated user and ensure the proper behavior

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Missy Davies

Merge request reports