Abstract CRUD services for pipeline trigger tokens (for reference)
What does this MR do and why?
Resolves #421383 (closed), working off of !128838 (diffs) as inspiration
This MR adds centralized service classes for pipeline trigger token CRUD in order to standardize behavior and reduce inconsistencies across different endpoints (GraphQL, REST, UI).
How to set up and validate locally
GraphQL
- Run gdk/gitpod server
- Navigate to
http://127.0.0.1:3000/-/graphql-explorer
- Run CRUD mutations and verify the trigger token is properly mutated
# create
mutation {
pipelineTriggerCreate(
input: {projectPath: "toolbox/gitlab-smoke-tests", description:"A description"}
) {
pipelineTrigger {
id
description
lastUsed
owner {
id
}
hasTokenExposed
token
canAccessProject
}
errors
}
}
# update
mutation {
pipelineTriggerUpdate(
input: {id: "gid://gitlab/Ci::Trigger/52", description: "A great new description!" }
) {
pipelineTrigger {
id
description
}
errors
}
}
# delete
mutation {
pipelineTriggerDelete(
input: {id: "gid://gitlab/Ci::Trigger/51"}
) {
errors
}
}
REST
- Open your favorite api testing service, I used Postman
- Run CRUD endpoints and verify the trigger token is properly mutated
# Create -> POST
http://127.0.0.1:3000/api/v4/projects/3/triggers?description="My new trigger"
# Update -> PUT
http://127.0.0.1:3000/api/v4/projects/3/triggers/52/?description="An updated description"
# Delete -> DELETE
http://127.0.0.1:3000/api/v4/projects/3/triggers/50
UI
- Run gdk/gitpod server
- Navigate to a Project > Settings > CI/CD
- Click to expand the section on
Pipeline Triggers
- CRUD triggers using the UI, ensure functionality works as expected
Authorizations
Ensure only the owner of a trigger token is able to read and update:
- Navigate to the gdk admin area 127.0.0.1:3000/admin
- Impersonate any user
- Navigate to a project they're an owner/maintainer of
- Go to Settings > CI/CD > Pipeline Trigger Tokens and create a few trigger tokens
- Stop impersonating the user
- Run the various CRUD operations listed in the sections above for one of the tokens you created as the impersonated user and ensure the proper behavior
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Missy Davies