Personal Access Tokens

Get a list of personal access tokens

References

+:class:`gitlab.v4.objects.PersonalAccessToken`

+:class:`gitlab.v4.objects.PersonalAcessTokenManager`

+:attr:`gitlab.Gitlab.personal_access_tokens`

+:class:`gitlab.v4.objects.UserPersonalAccessToken`

+:class:`gitlab.v4.objects.UserPersonalAcessTokenManager`

+:attr:`gitlab.Gitlab.User.personal_access_tokens`

* GitLab API:

* GitLab API: https://docs.gitlab.com/ee/api/personal_access_tokens.html

+ https://docs.gitlab.com/ee/api/personal_access_tokens.html

+ https://docs.gitlab.com/ee/api/users.html#create-a-personal-access-token

Examples

List personal access tokens from other user_id (admin only)::

Revoke a personal access token fetched via list::

Revoke a personal access token by id::

Create a personal access token for a user (admin only)::

..note::As you can see above, you can only create personal access tokens

via the Users API, but you cannot revoke these objects directly.

This is because the create API uses a different endpoint than the list and revoke APIs.

You need to fetch the token via the list API first to revoke it.

As of 14.2, GitLab does not provide a GET API for single personal access tokens.

You must use the list method to retrieve single tokens.

fromgitlab.baseimportRESTManager,RESTObject

fromgitlab.mixinsimportListMixin

fromgitlab.baseimportRequiredOptional,RESTManager,RESTObject

fromgitlab.mixinsimportCreateMixin,DeleteMixin,ListMixin,ObjectDeleteMixin

__all__= [

"PersonalAccessToken",

"PersonalAccessTokenManager",

"UserPersonalAccessToken",

"UserPersonalAccessTokenManager",

]

classPersonalAccessToken(RESTObject):

classPersonalAccessToken(ObjectDeleteMixin,RESTObject):

classPersonalAccessTokenManager(ListMixin,RESTManager):

classPersonalAccessTokenManager(DeleteMixin,ListMixin,RESTManager):

_list_filters= ("user_id",)

classUserPersonalAccessToken(RESTObject):

classUserPersonalAccessTokenManager(CreateMixin,RESTManager):

_from_parent_attrs= {"user_id":"id"}

_create_attrs=RequiredOptional(

required=("name","scopes"),optional=("expires_at",)

)

from .custom_attributesimportUserCustomAttributeManager# noqa: F401

from .eventsimportUserEventManager# noqa: F401

from .personal_access_tokensimportUserPersonalAccessTokenManager# noqa: F401

__all__= [

"CurrentUserEmail",

impersonationtokens:"UserImpersonationTokenManager"

keys:"UserKeyManager"

memberships:"UserMembershipManager"

personal_access_tokens:UserPersonalAccessTokenManager

projects:"UserProjectManager"

status:"UserStatusManager"

content= {

"id":token_id,

"name":token_name,

"revoked":False,

"created_at":"2020-07-23T14:31:47.729Z",

"scopes": ["api"],

"active":True,

"user_id":user_id,

"expires_at":None,

}

defresp_list_personal_access_token():

content= [

{

"id":4,

"name":"Test Token",

"revoked":False,

"created_at":"2020-07-23T14:31:47.729Z",

"scopes": ["api"],

"active":True,

"user_id":24,

"expires_at":None,

}

]

defresp_create_user_personal_access_token():

withresponses.RequestsMock()asrsps:

rsps.add(

method=responses.POST,

url=user_token_url,

json=content,

content_type="application/json",

status=200,

)

defresp_personal_access_token(no_content):

withresponses.RequestsMock(assert_all_requests_are_fired=False)asrsps:

rsps.add(

method=responses.GET,

url="http://localhost/api/v4/personal_access_tokens",

json=content,

url=token_url,

json=[content],

content_type="application/json",

status=200,

)

rsps.add(

method=responses.DELETE,

url=single_token_url,

json=no_content,

content_type="application/json",

status=204,

)

deftest_list_personal_access_tokens(gl,resp_list_personal_access_token):

deftest_create_personal_access_token(gl,resp_create_user_personal_access_token):

user=gl.users.get(1,lazy=True)

access_token=user.personal_access_tokens.create(

{"name":token_name,"scopes":"api"}

)

assertaccess_token.revokedisFalse

assertaccess_token.name==token_name

deftest_list_personal_access_tokens(gl,resp_personal_access_token):

access_tokens=gl.personal_access_tokens.list()

assertlen(access_tokens)==1

assertaccess_tokens[0].revokedisFalse

assertaccess_tokens[0].name=="Test Token"

assertaccess_tokens[0].name==token_name

deftest_list_personal_access_tokens_filter(gl,resp_list_personal_access_token):

access_tokens=gl.personal_access_tokens.list(user_id=24)

deftest_list_personal_access_tokens_filter(gl,resp_personal_access_token):

access_tokens=gl.personal_access_tokens.list(user_id=user_id)

assertlen(access_tokens)==1

assertaccess_tokens[0].revokedisFalse

assertaccess_tokens[0].user_id==24

assertaccess_tokens[0].user_id==user_id

deftest_revoke_personal_access_token(gl,resp_personal_access_token):

access_token=gl.personal_access_tokens.list(user_id=user_id)[0]

access_token.delete()

assertresp_personal_access_token.assert_call_count(single_token_url,1)

deftest_revoke_personal_access_token_by_id(gl,resp_personal_access_token):

gl.personal_access_tokens.delete(token_id)

assertresp_personal_access_token.assert_call_count(single_token_url,1)