Read-only acces token to the GitLab API
Problem to solve
There is no personal access token for read-only API calls.
Intended users
Use-case:
- Check with GitLab-Python if a pipline is finished.
- Simple API calls
Further details
Example:
import gitlab
token = 'xxx'
gl = gitlab.Gitlab('https://gitlab.example.org', token = token)
gl.auth()
project = gl.projects.get(<id>, lazy=True)
pipeline = project.pipelines.get(<pipeline_id>, private_token = token)
pipelines = project.pipelines.list()
print(pipelines[0].finished_at)
This example returns gitlab.exceptions.GitlabGetError: 403: insufficient_scope
when the token has not full read/write access.
Proposal
Introduce a new access token for read-only API calls.
Permissions and Security
Currently it is necessary to create an access token that grants complete read/write access to the API, including all groups and projects.