NotificationsYou must be signed in to change notification settings
Fork676
Star2.4k

Commit9386847

committed

feat: add support for groups_allowlist in job_token_scope

Signed-off-by: Tim Knight <tim.knight1@engineering.digital.dwp.gov.uk>

1 parent6f4a2fb commit9386847Copy full SHA for 9386847

File tree

5 files changed

+207

-7

lines changed

docs/gl_objects
- job_token_scope.rst
gitlab/v4/objects
- job_token_scope.py
tests
- functional
  - api
    - test_project_job_token_scope.py
  - fixtures
    - .env
- unit/objects
  - test_job_token_scope.py

5 files changed

+207

-7

lines changed

`‎docs/gl_objects/job_token_scope.rst‎`

Lines changed: 21 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -69,3 +69,24 @@ Remove a project from the project's inbound allowlist::`
`69`	`69`	`Similar to above, the ID attributes you receive from the create and list`
`70`	`70`	`APIs are not consistent. To safely retrieve the ID of the allowlisted project`
`71`	`71`	regardless of how the object was created, always use its ``.get_id()`` method.
	`72`	`+`
	`73`	`+Get a project's CI/CD job token inbound groups allowlist::`
	`74`	`+`
	`75`	`+ allowlist = scope.groups_allowlist.list()`
	`76`	`+`
	`77`	`+Add a project to the project's inbound groups allowlist::`
	`78`	`+`
	`79`	`+ allowed_project = scope.groups_allowlist.create({"target_project_id": 42})`
	`80`	`+`
	`81`	`+Remove a project from the project's inbound agroups llowlist::`
	`82`	`+`
	`83`	`+ allowed_project.delete()`
	`84`	`+ # or directly using a Group ID`
	`85`	`+ scope.groups_allowlist.delete(42)`
	`86`	`+`
	`87`	`+..warning::`
	`88`	`+`
	`89`	`+ Similar to above, the ID attributes you receive from the create and list`
	`90`	`+ APIs are not consistent. To safely retrieve the ID of the allowlisted group`
	`91`	+ regardless of how the object was created, always use its ``.get_id()`` method.
	`92`	`+`

`‎gitlab/v4/objects/job_token_scope.py‎`

Lines changed: 21 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -24,6 +24,7 @@ class ProjectJobTokenScope(RefreshMixin, SaveMixin, RESTObject):`
`24`	`24`	`_id_attr=None`
`25`	`25`
`26`	`26`	`allowlist:"AllowlistedProjectManager"`
	`27`	`+groups_allowlist:"AllowlistedGroupManager"`
`27`	`28`
`28`	`29`
`29`	`30`	`classProjectJobTokenScopeManager(GetWithoutIdMixin,UpdateMixin,RESTManager):`
`@@ -54,3 +55,23 @@ class AllowlistedProjectManager(ListMixin, CreateMixin, DeleteMixin, RESTManager`
`54`	`55`	`_obj_cls=AllowlistedProject`
`55`	`56`	`_from_parent_attrs= {"project_id":"project_id"}`
`56`	`57`	`_create_attrs=RequiredOptional(required=("target_project_id",))`
	`58`	`+`
	`59`	`+`
	`60`	`+classAllowlistedGroup(ObjectDeleteMixin,RESTObject):`
	`61`	`+_id_attr="target_group_id"# note: only true for create endpoint`
	`62`	`+`
	`63`	`+defget_id(self)->int:`
	`64`	`+"""Returns the id of the resource. This override deals with`
	`65`	+ the fact that either an `id` or a `target_project_id` attribute
	`66`	`+ is returned by the server depending on the endpoint called."""`
	`67`	`+try:`
	`68`	`+returncast(int,getattr(self,self._id_attr))`
	`69`	`+exceptAttributeError:`
	`70`	`+returncast(int,getattr(self,"id"))`
	`71`	`+`
	`72`	`+`
	`73`	`+classAllowlistedGroupManager(ListMixin,CreateMixin,DeleteMixin,RESTManager):`
	`74`	`+_path="/projects/{project_id}/job_token_scope/groups_allowlist"`
	`75`	`+_obj_cls=AllowlistedProject`
	`76`	`+_from_parent_attrs= {"project_id":"project_id"}`
	`77`	`+_create_attrs=RequiredOptional(required=("target_group_id",))`

`‎tests/functional/api/test_project_job_token_scope.py‎`

Lines changed: 79 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,26 @@`
	`1`	`+# https://docs.gitlab.com/ee/ci/jobs/ci_job_token.html#allow-any-project-to-access-your-project`
	`2`	`+deftest_enable_limit_access_to_this_project(gl,project):`
	`3`	`+scope=project.job_token_scope.get()`
	`4`	`+`
	`5`	`+scope.enabled=True`
	`6`	`+scope.save()`
	`7`	`+`
	`8`	`+scope.refresh()`
	`9`	`+`
	`10`	`+assertscope.inbound_enabled`
	`11`	`+`
	`12`	`+`
	`13`	`+deftest_disable_limit_access_to_this_project(gl,project):`
	`14`	`+scope=project.job_token_scope.get()`
	`15`	`+`
	`16`	`+scope.enabled=False`
	`17`	`+scope.save()`
	`18`	`+`
	`19`	`+scope.refresh()`
	`20`	`+`
	`21`	`+assertnotscope.inbound_enabled`
	`22`	`+`
	`23`	`+`
`1`	`24`	`deftest_add_project_to_job_token_scope_allowlist(gl,project):`
`2`	`25`	`project_to_add=gl.projects.create({"name":"Ci_Cd_token_add_proj"})`
`3`	`26`
`@@ -12,8 +35,6 @@ def test_add_project_to_job_token_scope_allowlist(gl, project):`
`12`	`35`
`13`	`36`	`deftest_projects_job_token_scope_allowlist_contains_added_project_name(gl,project):`
`14`	`37`	`scope=project.job_token_scope.get()`
`15`		`-assertlen(scope.allowlist.list())==0`
`16`		`-`
`17`	`38`	`project_name="Ci_Cd_token_named_proj"`
`18`	`39`	`project_to_add=gl.projects.create({"name":project_name})`
`19`	`40`	`scope.allowlist.create({"target_project_id":project_to_add.id})`
`@@ -26,18 +47,70 @@ def test_projects_job_token_scope_allowlist_contains_added_project_name(gl, proj`
`26`	`47`
`27`	`48`	`deftest_remove_project_by_id_from_projects_job_token_scope_allowlist(gl,project):`
`28`	`49`	`scope=project.job_token_scope.get()`
`29`		`-assertlen(scope.allowlist.list())==0`
`30`	`50`
`31`	`51`	`project_to_add=gl.projects.create({"name":"Ci_Cd_token_remove_proj"})`
`32`	`52`
`33`	`53`	`scope.allowlist.create({"target_project_id":project_to_add.id})`
`34`	`54`
`35`	`55`	`scope.refresh()`
`36`		`-assertlen(scope.allowlist.list())!=0`
`37`	`56`
`38`		`-scope.allowlist.remove(project_to_add.id)`
	`57`	`+scope.allowlist.delete(project_to_add.id)`
`39`	`58`
`40`	`59`	`scope.refresh()`
`41`		`-assertlen(scope.allowlist.list())==0`
	`60`	`+assertnotany(`
	`61`	`+allowed.id==project_to_add.idforallowedinscope.allowlist.list()`
	`62`	`+ )`
`42`	`63`
`43`	`64`	`project_to_add.delete()`
	`65`	`+`
	`66`	`+`
	`67`	`+deftest_add_group_to_job_token_scope_allowlist(gl,project):`
	`68`	`+group_to_add=gl.groups.create(`
	`69`	`+ {"name":"add_group","path":"allowlisted-add-test"}`
	`70`	`+ )`
	`71`	`+`
	`72`	`+scope=project.job_token_scope.get()`
	`73`	`+resp=scope.groups_allowlist.create({"target_group_id":group_to_add.id})`
	`74`	`+`
	`75`	`+assertresp.source_project_id==project.id`
	`76`	`+assertresp.target_group_id==group_to_add.id`
	`77`	`+`
	`78`	`+group_to_add.delete()`
	`79`	`+`
	`80`	`+`
	`81`	`+deftest_projects_job_token_scope_groups_allowlist_contains_added_group_name(`
	`82`	`+gl,project`
	`83`	`+):`
	`84`	`+scope=project.job_token_scope.get()`
	`85`	`+group_name="list_group"`
	`86`	`+group_to_add=gl.groups.create(`
	`87`	`+ {"name":group_name,"path":"allowlisted-add-and-list-test"}`
	`88`	`+ )`
	`89`	`+`
	`90`	`+scope.groups_allowlist.create({"target_group_id":group_to_add.id})`
	`91`	`+`
	`92`	`+scope.refresh()`
	`93`	`+assertany(allowed.name==group_nameforallowedinscope.groups_allowlist.list())`
	`94`	`+`
	`95`	`+group_to_add.delete()`
	`96`	`+`
	`97`	`+`
	`98`	`+deftest_remove_group_by_id_from_projects_job_token_scope_groups_allowlist(gl,project):`
	`99`	`+scope=project.job_token_scope.get()`
	`100`	`+`
	`101`	`+group_to_add=gl.groups.create(`
	`102`	`+ {"name":"delete_group","path":"allowlisted-delete-test"}`
	`103`	`+ )`
	`104`	`+`
	`105`	`+scope.groups_allowlist.create({"target_group_id":group_to_add.id})`
	`106`	`+`
	`107`	`+scope.refresh()`
	`108`	`+`
	`109`	`+scope.groups_allowlist.delete(group_to_add.id)`
	`110`	`+`
	`111`	`+scope.refresh()`
	`112`	`+assertnotany(`
	`113`	`+allowed.name==group_to_add.nameforallowedinscope.groups_allowlist.list()`
	`114`	`+ )`
	`115`	`+`
	`116`	`+group_to_add.delete()`

`‎tests/functional/fixtures/.env‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,2 @@`
`1`	`1`	`GITLAB_IMAGE=gitlab/gitlab-ee`
`2`		`-GITLAB_TAG=16.9.1-ee.0`
	`2`	`+GITLAB_TAG=nightly`

`‎tests/unit/objects/test_job_token_scope.py‎`

Lines changed: 85 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -6,12 +6,55 @@`
`6`	`6`	`importresponses`
`7`	`7`
`8`	`8`	`fromgitlab.v4.objectsimportProjectJobTokenScope`
	`9`	`+fromgitlab.v4.objects.job_token_scopeimport (`
	`10`	`+AllowlistedGroupManager,`
	`11`	`+AllowlistedProjectManager,`
	`12`	`+)`
`9`	`13`
`10`	`14`	`job_token_scope_content= {`
`11`	`15`	`"inbound_enabled":True,`
`12`	`16`	`"outbound_enabled":False,`
`13`	`17`	`}`
`14`	`18`
	`19`	`+project_allowlist_content= [`
	`20`	`+ {`
	`21`	`+"id":4,`
	`22`	`+"description":"",`
	`23`	`+"name":"Diaspora Client",`
	`24`	`+"name_with_namespace":"Diaspora / Diaspora Client",`
	`25`	`+"path":"diaspora-client",`
	`26`	`+"path_with_namespace":"diaspora/diaspora-client",`
	`27`	`+"created_at":"2013-09-30T13:46:02Z",`
	`28`	`+"default_branch":"main",`
	`29`	`+"tag_list": ["example","disapora client"],`
	`30`	`+"topics": ["example","disapora client"],`
	`31`	`+"ssh_url_to_repo":"git@gitlab.example.com:diaspora/diaspora-client.git",`
	`32`	`+"http_url_to_repo":"https://gitlab.example.com/diaspora/diaspora-client.git",`
	`33`	`+"web_url":"https://gitlab.example.com/diaspora/diaspora-client",`
	`34`	`+"avatar_url":"https://gitlab.example.com/uploads/project/avatar/4/uploads/avatar.png",`
	`35`	`+"star_count":0,`
	`36`	`+"last_activity_at":"2013-09-30T13:46:02Z",`
	`37`	`+"namespace": {`
	`38`	`+"id":2,`
	`39`	`+"name":"Diaspora",`
	`40`	`+"path":"diaspora",`
	`41`	`+"kind":"group",`
	`42`	`+"full_path":"diaspora",`
	`43`	`+"parent_id":"",`
	`44`	`+"avatar_url":"",`
	`45`	`+"web_url":"https://gitlab.example.com/diaspora",`
	`46`	`+ },`
	`47`	`+ }`
	`48`	`+]`
	`49`	`+`
	`50`	`+groups_allowlist_content= [`
	`51`	`+ {`
	`52`	`+"id":4,`
	`53`	`+"web_url":"https://gitlab.example.com/groups/diaspora/diaspora-group",`
	`54`	`+"name":"namegroup",`
	`55`	`+ }`
	`56`	`+]`
	`57`	`+`
`15`	`58`
`16`	`59`	`@pytest.fixture`
`17`	`60`	`defresp_get_job_token_scope():`
`@@ -26,6 +69,32 @@ def resp_get_job_token_scope():`
`26`	`69`	`yieldrsps`
`27`	`70`
`28`	`71`
	`72`	`+@pytest.fixture`
	`73`	`+defresp_get_allowlist():`
	`74`	`+withresponses.RequestsMock(assert_all_requests_are_fired=False)asrsps:`
	`75`	`+rsps.add(`
	`76`	`+method=responses.GET,`
	`77`	`+url="http://localhost/api/v4/projects/1/job_token_scope/allowlist",`
	`78`	`+json=project_allowlist_content,`
	`79`	`+content_type="application/json",`
	`80`	`+status=200,`
	`81`	`+ )`
	`82`	`+yieldrsps`
	`83`	`+`
	`84`	`+`
	`85`	`+@pytest.fixture`
	`86`	`+defresp_get_groups_allowlist():`
	`87`	`+withresponses.RequestsMock(assert_all_requests_are_fired=False)asrsps:`
	`88`	`+rsps.add(`
	`89`	`+method=responses.GET,`
	`90`	`+url="http://localhost/api/v4/projects/1/job_token_scope/groups_allowlist",`
	`91`	`+json=groups_allowlist_content,`
	`92`	`+content_type="application/json",`
	`93`	`+status=200,`
	`94`	`+ )`
	`95`	`+yieldrsps`
	`96`	`+`
	`97`	`+`
`29`	`98`	`@pytest.fixture`
`30`	`99`	`defresp_patch_job_token_scope():`
`31`	`100`	`withresponses.RequestsMock(assert_all_requests_are_fired=False)asrsps:`
`@@ -61,3 +130,19 @@ def test_save_job_token_scope(job_token_scope, resp_patch_job_token_scope):`
`61`	`130`
`62`	`131`	`deftest_update_job_token_scope(project,resp_patch_job_token_scope):`
`63`	`132`	`project.job_token_scope.update(new_data={"enabled":False})`
	`133`	`+`
	`134`	`+`
	`135`	`+deftest_get_projects_allowlist(job_token_scope,resp_get_allowlist):`
	`136`	`+allowlist=job_token_scope.allowlist`
	`137`	`+assertisinstance(allowlist,AllowlistedProjectManager)`
	`138`	`+`
	`139`	`+allowlist_content=allowlist.list()`
	`140`	`+assertisinstance(allowlist_content,list)`
	`141`	`+`
	`142`	`+`
	`143`	`+deftest_get_groups_allowlist(job_token_scope,resp_get_groups_allowlist):`
	`144`	`+allowlist=job_token_scope.groups_allowlist`
	`145`	`+assertisinstance(allowlist,AllowlistedGroupManager)`
	`146`	`+`
	`147`	`+allowlist_content=allowlist.list()`
	`148`	`+assertisinstance(allowlist_content,list)`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit9386847

File tree

5 files changed

5 files changed

`‎docs/gl_objects/job_token_scope.rst‎`

`‎gitlab/v4/objects/job_token_scope.py‎`

`‎tests/functional/api/test_project_job_token_scope.py‎`

`‎tests/functional/fixtures/.env‎`

`‎tests/unit/objects/test_job_token_scope.py‎`

0 commit comments