Allow Access to Project Information via CI_JOB_TOKEN

Problem to solve

Compliance managers currently cannot access project-specific information (specifically, the associated compliance frameworks) via an API from within a CI job without creating a Personal Access Token which is user-specific or a project-access token which is an Alpha feature.

The CI_JOB_TOKEN is intended only to be used with a very limited subset of API endpoints so we need to:

• Investigate what the threshold is for allowing new API endpoints to be added to this authentication method.
• Add /projects and /projects/:project_id endpoints to this.

Intended users

• Cameron (Compliance Manager)

User experience goal

A developer can execute a CI job and utilize the CI_JOB_TOKEN as a valid API key when accessing the following REST API endpoints:

[GET] /projects

[GET] /projects/:project_id

Proposal

Enabling this feature by adding a route setting to the relevent API endpoints:

route_setting :authentication, job_token_allowed: true

Further details

This is created in response to a customer request.

Permissions and Security

Documentation

Availability & Testing

What does success look like, and how can we measure that?

What is the type of buyer?

Is this a cross-stage feature?

Yes devopscreate

Links / references