Skip to content

Add new group access token REST API

Fabio Huser requested to merge siemens/gitlab:feat/group-access-token-api into master

What does this MR do and why?

Related to #214046 (closed)

Project Access Tokens are available since GitLab 13.5 and can be created via REST API and UI.

Group Access Tokens do also already exist as a concept, but can only be created via Rails console, hence limiting the feature to self-hosted instances and instance administrators.

This MR adds the ability to create such Group Access Tokens via REST API and adds further test coverage to the Ressource Access Token services, so the Group Access Tokens is properly covered.

Screenshots or screen recordings

See the REST API documentation proposal.

How to set up and validate locally

  1. Create a new personal access token (<gitlab_host>/-/profile/personal_access_tokens) with the api scope
  2. Use curl and the previously created PAT to issue a new Group Access Token via the newly proposed Group Access Token API. Note: you need to have owner rights within the desired group (group ID to be set in <group_id>):
    curl --request POST --header "PRIVATE-TOKEN: <your_personal_access_token>" \
    --header "Content-Type:application/json" \
    --data '{ "name":"test_token", "scopes":["api", "read_repository"], "expires_at":"2021-01-31", "access_level": 50 }' \
    "https://gitlab.example.com/api/v4/groups/<group_id>/access_tokens"
  3. You can now use the newly created Group Access Token to e.g. list all available Group Access Token within a group:
    curl --header "PRIVATE-TOKEN: <group_access_token>" "https://gitlab.example.com/api/v4/groups/<group_id>/access_tokens"

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Fabio Huser

Merge request reports