Skip to content

Add REST API to project's groups allowlist

Dmytro Biryukov requested to merge dbiryukov_rest_api_ci_job_token_group_allowlist_mr-441291 into master

Original follow-up issue: #441291 (closed)

Original issue: #435903 (closed)

What does this MR do and why?

Introduces a new REST API endpoints to:

  • To fetch the project's groups allowlist
    • GET "api/v4/projects/:id/job_token_scope/groups_allowlist"
    • The response is paginated
  • To add a target group to the project's groups allowlist
    • POST "api/v4/projects/:id/job_token_scope/groups_allowlist"
  • To remove a target group from the project's groups allow list
    • DELETE "api/v4/projects/:id/job_token_scope/groups_allowlist/:target_group_id"

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

  1. Create a personal access token with the respective permissions
  2. Ensure the user of the personal access token is at least a maintainer of the project
  3. Execute the following curl commands

Fetch allowed groups

Request:

curl --request GET \
  --url http://127.0.0.1:3000/api/v4/projects/7/job_token_scope/groups_allowlist?private_token=<personal_access_token_of_project_maintainer>

Response:

[{"id":116,"web_url":"http://127.0.0.1:3000/groups/dmitry/dmitry_subgroup1","name":"dmitry_subgroup1"},{"id":121,"web_url":"http://127.0.0.1:3000/groups/dmitry_subgroup1","name":"dmitry_subgroup1"},{"id":123,"web_url":"http://127.0.0.1:3000/groups/private_target_group","name":"private_target_group"},{"id":128,"web_url":"http://127.0.0.1:3000/groups/dmitry/dmitry_subgroup2","name":"dmitry_subgroup2"},{"id":129,"web_url":"http://127.0.0.1:3000/groups/dmitry/dmitry_subgroup3","name":"dmitry_subgroup3"},{"id":130,"web_url":"http://127.0.0.1:3000/groups/dmitry/dmitry_subroup4","name":"dmitry_subroup4"}]

Add a target group to the allowlist

Request:

curl --request POST \
  --url http://127.0.0.1:3000/api/v4/projects/49/job_token_scope/groups_allowlist?private_token=<personal_access_token_of_project_maintainer> \
  --header 'Content-Type: application/json' \
  --data '{"target_group_id": <target group id>}'

Response:

{"source_project_id":49,"target_group_id":132}

Delete a target group from the allowlist

Request:

curl --request DELETE \
  --url http://127.0.0.1:3000/api/v4/projects/49/job_token_scope/groups_allowlist/116 \
  --header 'PRIVATE_TOKEN: <personal_access_token_of_project_maintainer> ' \
  --header 'Content-Type: application/json'
Edited by Dmytro Biryukov

Merge request reports