Add group deploy tokens
What does this MR do?
This is the second MR related to adding group deploy tokens as a new feature.
The first MR was about adding a deploy_token_type
column to the deploy_tokens
table in order to be able to differentiate whether a deploy token is of type Project
or Group
.
In this MR:
- architecture used in clusters (ie. project clusters vs group clusters) was reused here to make the creation of group (or project) deploy token possible.
- some logic was added in the
DeployToken
model (eg. it can either be a project token or a group token) - existing logic related to whether a token can access a project was updated: now projects under a group can be accessed by a group token (linked to that group)
- rspecs were added accordingly.
Screenshots
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
Relates to #21765 (closed)
Edited by Etienne Baqué