Skip to content

Add Personal Access Token API Filters

Andreas Deicha requested to merge TrueKalix/gitlab:feature/#362248_Add_Filters_PAT_API_Filter into master

What does this MR do and why?

This is a split MR. The original is located here.

The second part of the original MR is here.

Fixes #362248 (closed)

Adds a new set of filters for personal access token (PAT) API.

The filters are:

GET /personal_access_tokens?revoked=true
GET /personal_access_tokens?created_before=2022-01-01T00:00:00
GET /personal_access_tokens?created_after=2022-01-01T00:00:00
GET /personal_access_tokens?search=name
GET /personal_access_tokens?state=inactive
GET /personal_access_tokens?last_used_before=2022-01-01T00:00:00
GET /personal_access_tokens?last_used_after=2022-01-01T00:00:00

How to set up and validate locally

  1. Create one or multiple PAT token
  2. Set a value for a token property that matches your filter. E.g. if you are looking for revoked tokens - set one token revoked and another you leave valid
  3. Run the following commands
curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/personal_access_tokens?revoked=true
curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/personal_access_tokens?created_before=2022-01-01T00:00:00
curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/personal_access_tokens?created_after=2022-01-01T00:00:00
curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/personal_access_tokens?search=name
curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/personal_access_tokens?last_used_before=2022-01-01T00:00:00
curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/personal_access_tokens?last_used_after=2022-01-01T00:00:00
curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/personal_access_tokens?state=inactive
  1. You can also merge the filters
curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/personal_access_tokens?state=active&last_used_before=2022-01-01T00:00:00

🛠 with at Siemens

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Andreas Deicha

Merge request reports