Add APIs to support service accounts and token management for the UI
A. Service accounts. - [x] EDIT endpoint (update service account) to group level service accounts, looks to be missing: https://gitlab.com/gitlab-org/gitlab/-/issues/514528 - [x] [EDIT endpoint (update service account) for Instance Admin can re-use the general Edit User API](https://docs.gitlab.com/ee/api/users.html#modify-a-user) B. Token management. The following API are required for token management for service accounts: For service accounts associated to groups: - [x] [endpoint to list service accounts PATs](https://docs.gitlab.com/ee/api/personal_access_tokens.html#list-personal-access-tokens) The `/api/v4/personal_access_tokens?user_id=[service_account_id]` endpoint is not working for group owners. It doesn't list SA PATs for a service account! https://gitlab.com/gitlab-org/gitlab/-/issues/526924 - [x] [endpoint to create service accounts PATs](https://docs.gitlab.com/ee/api/group_service_accounts.html#create-a-personal-access-token-for-a-service-account-user) - [x] endpoint to revoke service accounts PATs: https://gitlab.com/gitlab-org/gitlab/-/issues/513959 (for admins), https://gitlab.com/gitlab-org/gitlab/-/issues/526070 (for group owners) - [x] [endpoint to rotate service accounts PATs](https://docs.gitlab.com/ee/api/group_service_accounts.html#rotate-a-personal-access-token-for-a-service-account-user) For instance or 'admi' service accounts (not associated to groups): - [x] [endpoint to list service accounts PATs](https://docs.gitlab.com/ee/api/personal_access_tokens.html#list-personal-access-tokens) - [x] [endpoint to create service accounts PATs](https://docs.gitlab.com/ee/api/user_tokens.html#create-a-personal-access-token-for-a-user) - [x] [endpoint to revoke service accounts PATs](https://docs.gitlab.com/ee/api/personal_access_tokens.html#using-a-personal-access-token-id-1) - [x] [endpoint to rotate service accounts PATs](https://docs.gitlab.com/ee/api/personal_access_tokens.html#use-a-personal-access-token-id) Secondarily, we should implement an endpoint that return the scopes available for each token type: - [ ] `GET /access_token/scopes/[personal/group/project/impersonation`. The scopes should be return in json format in the order from less to more permission: ``` [ { "name": "read_user", "description": "Grants read-only access to your profile..." }, { "name": "read_repository", "description": "Grants read-only access to repositories on private projects..." }, { "name": "read_api", "description": "Grants read access to the API..." }, ... ] ``` This will allow to create the UI programmatically.
epic