- Notifications
You must be signed in to change notification settings - Fork676
feat(job_token_scope): support job token access allowlist API#2767
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Changes fromall commits
File filter
Filter by extension
Conversations
Uh oh!
There was an error while loading.Please reload this page.
Jump to
Uh oh!
There was an error while loading.Please reload this page.
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -49,3 +49,23 @@ Refresh the current state of job token scope:: | ||
| scope.refresh() | ||
| print(scope.inbound_enabled) | ||
| # False | ||
| Get a project's CI/CD job token inbound allowlist:: | ||
| allowlist = scope.allowlist.list() | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others.Learn more. Not sure yet about this naming here, but it follows both the endpoint URL and our convention 😕 There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others.Learn more. yeah it would definetly be clearer if it were But | ||
| Add a project to the project's inbound allowlist:: | ||
| allowed_project = scope.allowlist.create({"target_project_id": 42}) | ||
| Remove a project from the project's inbound allowlist:: | ||
| allowed_project.delete() | ||
| # or directly using a project ID | ||
| scope.allowlist.delete(42) | ||
| .. warning:: | ||
| Similar to above, the ID attributes you receive from the create and list | ||
| APIs are not consistent. To safely retrieve the ID of the allowlisted project | ||
| regardless of how the object was created, always use its ``.get_id()`` method. | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -2,12 +2,18 @@ | ||
| from gitlab.base import RESTManager, RESTObject | ||
| from gitlab.mixins import ( | ||
| CreateMixin, | ||
| DeleteMixin, | ||
| GetWithoutIdMixin, | ||
| ListMixin, | ||
| ObjectDeleteMixin, | ||
| RefreshMixin, | ||
| SaveMixin, | ||
| UpdateMethod, | ||
| UpdateMixin, | ||
| ) | ||
| from gitlab.types import RequiredOptional | ||
| __all__ = [ | ||
| "ProjectJobTokenScope", | ||
| @@ -18,6 +24,8 @@ | ||
| class ProjectJobTokenScope(RefreshMixin, SaveMixin, RESTObject): | ||
| _id_attr = None | ||
| allowlist: "AllowlistedProjectManager" | ||
| class ProjectJobTokenScopeManager(GetWithoutIdMixin, UpdateMixin, RESTManager): | ||
| _path = "/projects/{project_id}/job_token_scope" | ||
| @@ -27,3 +35,23 @@ class ProjectJobTokenScopeManager(GetWithoutIdMixin, UpdateMixin, RESTManager): | ||
| def get(self, **kwargs: Any) -> ProjectJobTokenScope: | ||
| return cast(ProjectJobTokenScope, super().get(**kwargs)) | ||
| class AllowlistedProject(ObjectDeleteMixin, RESTObject): | ||
| _id_attr = "target_project_id" # note: only true for create endpoint | ||
| def get_id(self) -> int: | ||
| """Returns the id of the resource. This override deals with | ||
| the fact that either an `id` or a `target_project_id` attribute | ||
| is returned by the server depending on the endpoint called.""" | ||
| try: | ||
| return cast(int, getattr(self, self._id_attr)) | ||
| except AttributeError: | ||
| return cast(int, getattr(self, "id")) | ||
Comment on lines +47 to +50 There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others.Learn more. GitLab at it again - create response: {"source_project_id":1,"target_project_id":2}list response: {"id":4,"description":null,"name":"Diaspora Client","name_with_namespace":"Diaspora / Diaspora Client","path":"diaspora-client",...}There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others.Learn more. I'm kind of thinking for the create to not return anything. As the caller appears to use all the values when creating that will be returned. Not sure if that would simplify things or not. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others.Learn more. Convention in REST and so far in python-gitlab would be to return the object that has been created. Means that in future if Gitlab add optional things into the contract which get returned back in the POST, user's would get insight into that | ||
| class AllowlistedProjectManager(ListMixin, CreateMixin, DeleteMixin, RESTManager): | ||
| _path = "/projects/{project_id}/job_token_scope/allowlist" | ||
| _obj_cls = AllowlistedProject | ||
| _from_parent_attrs = {"project_id": "project_id"} | ||
| _create_attrs = RequiredOptional(required=("target_project_id",)) | ||