From 01d55f6b7d6b9965d77b4ebcce3bf626f455c55b Mon Sep 17 00:00:00 2001 From: dannydd88 <386542+dannydd88@users.noreply.github.com> Date: Sun, 20 Aug 2023 17:06:31 +0800 Subject: [PATCH 1/2] feature: add API GetProjectJobTokenAccessSettings and PatchProjectJobTokenAccessSettings for JobTokenScopeService --- job_token_scope.go | 61 +++++++++++++++++++++++++++++++++++++++++ job_token_scope_test.go | 58 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 119 insertions(+) diff --git a/job_token_scope.go b/job_token_scope.go index 82dc50819..57e783bb4 100644 --- a/job_token_scope.go +++ b/job_token_scope.go @@ -26,6 +26,67 @@ type JobTokenScopeService struct { client *Client } +// JobTokenAccessSettings represents job token access attributes for this project. +// +// GitLab API docs: https://docs.gitlab.com/ee/api/project_job_token_scopes.html +type JobTokenAccessSettings struct { + InboundEnabled bool `json:"inbound_enabled"` + OutboundEnabled bool `json:"outbound_enabled"` +} + +// GetProjectJobTokenAccessSettings fetch the CI/CD job token access settings (job token scope) of a project. +// +// GitLab API docs: +// https://docs.gitlab.com/ee/api/project_job_token_scopes.html#get-a-projects-cicd-job-token-access-settings +func (j *JobTokenScopeService) GetProjectJobTokenAccessSettings(pid interface{}, options ...RequestOptionFunc) (*JobTokenAccessSettings, *Response, error) { + project, err := parseID(pid) + if err != nil { + return nil, nil, err + } + u := fmt.Sprintf(`projects/%s/job_token_scope`, PathEscape(project)) + + req, err := j.client.NewRequest(http.MethodGet, u, nil, options) + if err != nil { + return nil, nil, err + } + + var settings *JobTokenAccessSettings + resp, err := j.client.Do(req, &settings) + if err != nil { + return nil, resp, err + } + + return settings, resp, err +} + +// PatchProjectJobTokenAccessSettingsOptions represents the available +// PatchProjectJobTokenAccessSettings() options. +// +// GitLab API docs: +// https://docs.gitlab.com/ee/api/project_job_token_scopes.html#patch-a-projects-cicd-job-token-access-settings +type PatchProjectJobTokenAccessSettingsOptions struct { + Enabled bool `json:"enabled"` +} + +// PatchProjectJobTokenAccessSettings patch the Limit access to this project setting (job token scope) of a project. +// +// GitLab API docs: +// https://docs.gitlab.com/ee/api/project_job_token_scopes.html#patch-a-projects-cicd-job-token-access-settings +func (j *JobTokenScopeService) PatchProjectJobTokenAccessSettings(pid interface{}, opt *PatchProjectJobTokenAccessSettingsOptions, options ...RequestOptionFunc) (*Response, error) { + project, err := parseID(pid) + if err != nil { + return nil, err + } + u := fmt.Sprintf(`projects/%s/job_token_scope`, PathEscape(project)) + + req, err := j.client.NewRequest(http.MethodPatch, u, opt, options) + if err != nil { + return nil, err + } + + return j.client.Do(req, nil) +} + // JobTokenInboundAllowItem represents a single job token inbound allowlist item. // // GitLab API docs: https://docs.gitlab.com/ee/api/project_job_token_scopes.html diff --git a/job_token_scope_test.go b/job_token_scope_test.go index 06e116c34..0e33f73e9 100644 --- a/job_token_scope_test.go +++ b/job_token_scope_test.go @@ -23,6 +23,64 @@ import ( "github.com/stretchr/testify/assert" ) +func TestGetProjectTokenAccessSettings(t *testing.T) { + mux, client := setup(t) + + // Handle project ID 1, and print a result of access settings + mux.HandleFunc("/api/v4/projects/1/job_token_scope", func(w http.ResponseWriter, r *http.Request) { + testMethod(t, r, http.MethodGet) + + // Print on the response + fmt.Fprint(w, `{"inbound_enabled":true,"outbound_enabled":false}`) + }) + + want := &JobTokenAccessSettings{ + InboundEnabled: true, + OutboundEnabled: false, + } + + settings, _, err := client.JobTokenScope.GetProjectJobTokenAccessSettings(1) + + assert.NoError(t, err) + assert.Equal(t, want, settings) +} + +func TestPatchProjectJobTokenAccessSettings(t *testing.T) { + mux, client := setup(t) + + mux.HandleFunc("/api/v4/projects/1/job_token_scope", func(w http.ResponseWriter, r *http.Request) { + testMethod(t, r, http.MethodPatch) + + // Read the request to determine which target project is passed in + body, err := io.ReadAll(r.Body) + if err != nil { + t.Fatalf("JobTokenScope.PatchProjectJobTokenAccessSettings failed to read body") + } + + // Parse to object to ensure it's sent on the request appropriately. + var options PatchProjectJobTokenAccessSettingsOptions + err = json.Unmarshal(body, &options) + if err != nil { + t.Fatalf("JobTokenScope.PatchProjectJobTokenAccessSettings failed to unmarshal body: %v", err) + } + + // Ensure we provide the proper response + w.WriteHeader(http.StatusNoContent) + + // Print an empty body, since that's what the API provides. + fmt.Fprint(w, "") + }) + + resp, err := client.JobTokenScope.PatchProjectJobTokenAccessSettings( + 1, + &PatchProjectJobTokenAccessSettingsOptions{ + Enabled: false, + }, + ) + assert.NoError(t, err) + assert.Equal(t, 204, resp.StatusCode) +} + // This tests that when calling the GetProjectJobTokenInboundAllowList, we get a // list of projects back properly. There isn't a "deep" test with every attribute // specifieid, because the object returned is a *Project object, which is already From 170162387f8d034ab9daa15bdceb48cb7c66cd3b Mon Sep 17 00:00:00 2001 From: Sander van Harmelen Date: Sat, 2 Sep 2023 14:29:21 +0200 Subject: [PATCH 2/2] =?UTF-8?q?Minor=20tweaks=E2=80=A6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- job_token_scope.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/job_token_scope.go b/job_token_scope.go index 57e783bb4..ff96ba698 100644 --- a/job_token_scope.go +++ b/job_token_scope.go @@ -50,13 +50,13 @@ func (j *JobTokenScopeService) GetProjectJobTokenAccessSettings(pid interface{}, return nil, nil, err } - var settings *JobTokenAccessSettings - resp, err := j.client.Do(req, &settings) + jt := new(JobTokenAccessSettings) + resp, err := j.client.Do(req, jt) if err != nil { return nil, resp, err } - return settings, resp, err + return jt, resp, err } // PatchProjectJobTokenAccessSettingsOptions represents the available @@ -156,13 +156,13 @@ func (j *JobTokenScopeService) AddProjectToJobScopeAllowList(pid interface{}, op return nil, nil, err } - ai := new(JobTokenInboundAllowItem) - resp, err := j.client.Do(req, ai) + jt := new(JobTokenInboundAllowItem) + resp, err := j.client.Do(req, jt) if err != nil { return nil, resp, err } - return ai, resp, nil + return jt, resp, nil } // RemoveProjectFromJobScopeAllowList removes a project from a project's job