Api endpoint list all group pats
What does this MR do and why?
Introduced an endpoint for group owners to list PATs for the users in a group. This feature is currently behind a feature flag
Screenshots or screen recordings
Curl request showing forbidden response for a user who is not group owner
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
Perform following steps in the console
- Find the group in your local setup by id/group_name and non-bot user belonging to the group
group = Group.find(<group_id)
user = group.user.human.first- Create an enterprise user for a group by setting
enterprise_group_idfield of the user to group's id -
user.enterprise_group_id = group.id
- Create Personal access token for the user using following api
https://docs.gitlab.com/ee/api/user_keys.html#add-an-ssh-key-for-a-user
- Try using the api endpoint introduced in the MR with pat created for for the group owner with api access
curl --header "PRIVATE-TOKEN: <group_owner_path>" "https://gdk.test:3443/api/v4/groups/<group_id>/manage/ssh_keys" -k Tokens created for user in step 3 should be listed.
Try using filters like created_before, created_after, expires_before etc and the api call should return appropriate response.
Edited by Smriti Garg