Allow adding a project to the inbound scope via Mutation
What does this MR do and why?
This MR adds the ability to add a project to the inbound job token scope allowlist as part of issue #346298 (closed).
Screenshots or screen recordings
How to set up and validate locally
My examples use routes where the projects and hosts are based on the data loaded into the gdk on intall.
- Enable the feature flag in the rails console (
$rails c
)Feature.enable(:ci_inbound_job_token_scope)
- Navigate to the grapqhl explorer
http://localhost:3000/-/graphql-explorer. # can be different based on gdk config
- Copy and paste and run the following queries to the grqphql explorer to test
# Fetching the lists of projects
query fetchAllowlists {
project(fullPath: "flightjs/Flight") {
id
ciJobTokenScope {
outboundAllowlist {
edges {
node {
id
}
}
},
inboundAllowlist {
edges {
node {
id
}
}
}
}
}
}
# adding a project
mutation addProjectOutboundDefault {
ciJobTokenScopeAddProject(
input: {
projectPath: "flightjs/Flight",
targetProjectPath: "gitlab-org/gitlab-shell"
}
) {
errors,
clientMutationId,
ciJobTokenScope {
outboundAllowlist {
edges {
node {
id
}
}
}
}
}
}
mutation addProjectOutboundExplicit {
ciJobTokenScopeAddProject(
input: {
projectPath: "flightjs/Flight",
targetProjectPath: "gitlab-org/gitlab-shell",
direction: OUTBOUND
}
) {
errors,
clientMutationId,
ciJobTokenScope {
outboundAllowlist {
edges {
node {
id
}
}
}
}
}
}
mutation addProjectInboundExplicit {
ciJobTokenScopeAddProject(
input: {
projectPath: "flightjs/Flight",
targetProjectPath: "gitlab-org/gitlab-shell",
direction: INBOUND
}
) {
errors,
clientMutationId,
ciJobTokenScope {
inboundAllowlist {
edges {
node {
id
}
}
},
outboundAllowlist {
edges {
node {
id
}
}
}
}
}
}
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Allison Browne