Add new group access token REST API
What does this MR do and why?
Related to #214046 (closed)
Project Access Tokens are available since GitLab 13.5
and can be created via REST API and UI.
Group Access Tokens do also already exist as a concept, but can only be created via Rails console, hence limiting the feature to self-hosted instances and instance administrators.
This MR adds the ability to create such Group Access Tokens via REST API and adds further test coverage to the Ressource Access Token services, so the Group Access Tokens is properly covered.
Screenshots or screen recordings
See the REST API documentation proposal.
How to set up and validate locally
- Create a new personal access token (
<gitlab_host>/-/profile/personal_access_tokens
) with theapi
scope - Use
curl
and the previously created PAT to issue a new Group Access Token via the newly proposed Group Access Token API. Note: you need to haveowner
rights within the desired group (group ID to be set in<group_id>
):curl --request POST --header "PRIVATE-TOKEN: <your_personal_access_token>" \ --header "Content-Type:application/json" \ --data '{ "name":"test_token", "scopes":["api", "read_repository"], "expires_at":"2021-01-31", "access_level": 50 }' \ "https://gitlab.example.com/api/v4/groups/<group_id>/access_tokens"
- You can now use the newly created Group Access Token to e.g. list all available Group Access Token within a group:
curl --header "PRIVATE-TOKEN: <group_access_token>" "https://gitlab.example.com/api/v4/groups/<group_id>/access_tokens"
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Fabio Huser