Admin Token API: Identify CI/CD Job Tokens (!175234) · Merge requests · GitLab.org / GitLab · GitLab

Nicholas Wittstruck requested to merge gitlab-community/gitlab-org/gitlab:508619-nwittstruck-admin-token-api-post-ci-cd-job-tokens into master Dec 10, 2024

Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA. As a benefit of being a GitLab Community Contributor, you receive complimentary access to GitLab Duo.

What does this MR do and why?

This MR adds support for identifying CI/CD Job Tokens in the Admin Token API.

Revocation is left out to keep the MR small and will be added in a separate MR.

🛠️ with ❤️ at Siemens

References

Issue: #508619 (closed)
Epic: &15777
Docs: https://docs.gitlab.com/ee/api/admin/token.html

MR acceptance checklist

MR Checklist ( @nwittstruck)

How to set up and validate locally

You'll need to create a personal access token to access the token and get a ci/cd job token token that you'd like to query:
1. Create a personal access token with admin_mode and api capabilities. Preferences > Access Tokens > Add a new token
2. You'll need a token of a job. If you've seeded the GDK, you can generate a JWT token for an existing job:

::Ci::JobToken::Jwt.encode(Ci::Build.last)

Now you can retrieve information about this token:

curl -k --request POST \
--url 'https://gdk.test:3443/api/v4/admin/token' \
--header 'Authorization: Bearer <Admin Token from Step 2.1>' \
--header 'Content-Type: application/json' \
--data '{"token": "glcbt-token-from-step-2.2"}'

{
	"id": 385,
	"status": "running",
	"stage": "deploy",
	"name": "helm:download",
	"ref": "refs/merge-requests/2/head",
	"tag": false,
	"coverage": null,
	"allow_failure": false,
	"created_at": "2024-11-27T14:16:55.229Z",
	"started_at": null,
	"finished_at": null,
	"erased_at": null,
	"duration": null,
	"queued_duration": 245299.936464,
        ...
}

Related to #508619 (closed)

Edited Jan 07, 2025 by Nicholas Wittstruck