Allow pipeline status to be queried via job token authentication
What does this MR do?
Currently job tokens can be used to trigger pipelines but cannot be used to check the status of the pipelines result. This significantly complicates the rather common use-case of triggering a pipeline and failing if the triggered pipeline fails (see gitlab-ee#5096).
This limitation seems especially silly given that job tokens can be used to download artifacts, which poses a significantly greater threat of information leakage than a simple pipeline status query.
Here we treat single pipeline queries similarly to how artifact GET requests are handled, admitting authentication via job token.
What are the relevant issue numbers?
Closes gitlab-ee#5096
Does this MR meet the acceptance criteria?
-
Changelog entry added, if necessary -
Documentation created/updated via this MR -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Tested in all supported browsers -
Conforms to the code review guidelines -
Conforms to the merge request performance guidelines -
Conforms to the style guides -
Conforms to the database guides -
Link to e2e tests MR added if this MR has Requires e2e tests label. See the Test Planning Process. -
Security reports checked/validated by reviewer
Edited by Toon Claes