Admin Token API: Add support for reading Cluster Agent Tokens
requested to merge gitlab-community/gitlab:443597-nwittstruck-add-cluster-agent-tokens-to-api into master
-
Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA. As a benefit of being a GitLab Community Contributor, you can request access to GitLab Duo.
What does this MR do and why?
This MR adds support for retrieving information about cluster agent tokens to the Admin Token API. It does not support revoking yet - this will be done in a separate MR to keep things small.
References
- Issue that implements the token information API for the first few token types.
MR acceptance checklist
MR Checklist ( @nwittstruck)
-
Changelog entry added, if necessary -
Documentation created/updated via this MR -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Tested in all supported browsers -
Conforms to the code review guidelines -
Conforms to the merge request performance guidelines -
Conforms to the style guides -
Conforms to the javascript style guides -
Conforms to the database guides
How to set up and validate locally
-
You'll need to create two new tokens:
- A
personal access tokenwithadmin_modeandapicapabilities at:Preferences > Access tokens > Add new token - A
cluster agent tokenthat you can query:
- If you have configured the GDK with
gitlab_k8s_agentenabled, you can create a new cluster token atAny Project > Kubernetes clusters > Connect a cluster. You can now register a new agent. - You can also create a new token with
rails c. This assumes there is at least project. This example uses the first project, feel free to choose any other project:
agent = Clusters::Agent.new(name: 'test-agent', project: Project.first) agent.save token = Clusters::AgentToken.new(name: 'test-agent-token', agent: agent) # this will print the token: token.ensure_token # don't forget to save the token to be able to retrieve it: token.save - A
-
Now you can retrieve information about this token:
curl -k --request POST \
--url 'https://gdk.test:3443/api/v4/admin/token' \
--header 'Authorization: Bearer <Admin Token from Step 1.>' \
--header 'Content-Type: application/json' \
--data '{"token": "glagent-token-from-step-1-2"}'
Related to #443597 (closed)
Edited by Nicholas Wittstruck