Add the download endpoint for Conan v2 recipe files
-
Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA. As a benefit of being a GitLab Community Contributor, you receive complimentary access to GitLab Duo.
What does this MR do and why?
This MR implements the download endpoint for Conan v2 recipe files. This endpoint is part of the Conan v2 API implementation/Revision support for Conan 1 and allows users to download recipe files (like conanfile.py) using recipe revisions.
The endpoint follows this format:
GET /api/v4/projects/:id/packages/conan/v2/conans/:package_name/:package_version/:package_username/:package_channel/revisions/:recipe_revision/files/:file_nameNotes:
- Protected by the
conan_package_revisions_supportfeature flag
References
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
Note: Since package creation with recipe revisions is not yet implemented, we cannot test the actual package download. However, we can validate the endpoint behavior regarding feature flags and permissions, ensuring proper access control and feature flag handling.
To test the Conan package download endpoint, you'll need to:
- Set up the feature flag
- Get a Conan authentication token
- Test different scenarios with curl
1. Feature Flag Setup
For GDK, open rails console (docs):
gdk rails consoleEnable/disable the feature flag:
# Enable
Feature.enable(:conan_package_revisions_support)
# Verify
Feature.enabled?(:conan_package_revisions_support)
# Disable
Feature.disable(:conan_package_revisions_support)2. Get Conan Authentication Token
First, generate a base64-encoded Basic Auth token:
# Replace with your username and PAT
echo -n "USERNAME:glpat-YOUR-TOKEN" | base64Then use it to get a Conan JWT token:
curl --request GET \
--url 'http://localhost:3000/api/v4/projects/1/packages/conan/v1/users/authenticate' \
--header 'Authorization: Basic <YOUR-BASE64-TOKEN>' \
--header 'Accept: text/plain'3. Test Scenarios
create/have 2 projects
To test we need 2 projects, one public and one private where your token has access. In requests below, replace <public_project_id> and <private_project_id> with your corresponding project ids.
Test with Feature Flag Off
curl --request GET \
--url 'http://localhost:3000/api/v4/projects/<public_project_id>/packages/conan/v2/conans/my-package/1.0/_/_/revisions/df28fd816be3a119de5ce4d374436b25/files/conanfile.py'Expected response:
- status:
404 Not Found - body:
{"message": "'conan_package_revisions_support' feature flag is disabled"}
Test Public Project Without Token
curl --request GET \
--url 'http://localhost:3000/api/v4/projects/<public_project_id>/packages/conan/v2/conans/my-package/1.0/_/_/revisions/df28fd816be3a119de5ce4d374436b25/files/conanfile.py'Expected response:
- status:
404 Not Found - body:
{"message": "Package not found"}
Test Private Project Without Token
curl --request GET \
--url 'http://localhost:3000/api/v4/projects/<private_project_id>/packages/conan/v2/conans/my-package/1.0/_/_/revisions/df28fd816be3a119de5ce4d374436b25/files/conanfile.py'Expected response:
- status:
404 Not Found - body:
{"message": "404 Project Not Found"}
Test Private Project With Token
curl --request GET \
--url 'http://localhost:3000/api/v4/projects/<private_project_id>/packages/conan/v2/conans/my-package/1.0/_/_/revisions/df28fd816be3a119de5ce4d374436b25/files/conanfile.py' \
--header 'Authorization: Bearer <YOUR-CONAN-JWT-TOKEN>'Expected response:
- status:
404 Not Found - body:
{"message": "Package not found"}
Related to #333033 (closed)
\cc @mbo5be