Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
8b7111eb
Commit
8b7111eb
authored
Feb 28, 2020
by
Etienne Baqué
Committed by
Phil Hughes
Feb 28, 2020
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Added GroupDeployToken model
Added model and rspecs. Updated DeployToken model associations.
parent
c42cbbcf
Changes
47
Show whitespace changes
Inline
Side-by-side
Showing
47 changed files
with
350 additions
and
131 deletions
+350
-131
.haml-lint_todo.yml
.haml-lint_todo.yml
+1
-0
app/assets/javascripts/pages/groups/settings/ci_cd/show/index.js
...ets/javascripts/pages/groups/settings/ci_cd/show/index.js
+3
-0
app/assets/javascripts/pages/projects/settings/ci_cd/show/index.js
...s/javascripts/pages/projects/settings/ci_cd/show/index.js
+4
-0
app/controllers/groups/deploy_tokens_controller.rb
app/controllers/groups/deploy_tokens_controller.rb
+12
-0
app/controllers/groups/settings/ci_cd_controller.rb
app/controllers/groups/settings/ci_cd_controller.rb
+26
-1
app/controllers/projects/deploy_tokens_controller.rb
app/controllers/projects/deploy_tokens_controller.rb
+1
-1
app/controllers/projects/settings/ci_cd_controller.rb
app/controllers/projects/settings/ci_cd_controller.rb
+21
-0
app/controllers/projects/settings/repository_controller.rb
app/controllers/projects/settings/repository_controller.rb
+0
-20
app/helpers/ci_variables_helper.rb
app/helpers/ci_variables_helper.rb
+16
-0
app/models/group.rb
app/models/group.rb
+3
-0
app/models/group_deploy_token.rb
app/models/group_deploy_token.rb
+1
-1
app/models/project.rb
app/models/project.rb
+8
-0
app/services/concerns/deploy_token_methods.rb
app/services/concerns/deploy_token_methods.rb
+11
-0
app/services/deploy_tokens/create_service.rb
app/services/deploy_tokens/create_service.rb
+0
-11
app/services/groups/deploy_tokens/create_service.rb
app/services/groups/deploy_tokens/create_service.rb
+13
-0
app/services/projects/deploy_tokens/create_service.rb
app/services/projects/deploy_tokens/create_service.rb
+13
-0
app/views/groups/settings/ci_cd/show.html.haml
app/views/groups/settings/ci_cd/show.html.haml
+3
-0
app/views/projects/settings/ci_cd/show.html.haml
app/views/projects/settings/ci_cd/show.html.haml
+3
-0
app/views/projects/settings/repository/show.html.haml
app/views/projects/settings/repository/show.html.haml
+0
-1
app/views/shared/deploy_tokens/_form.html.haml
app/views/shared/deploy_tokens/_form.html.haml
+2
-2
app/views/shared/deploy_tokens/_index.html.haml
app/views/shared/deploy_tokens/_index.html.haml
+18
-0
app/views/shared/deploy_tokens/_new_deploy_token.html.haml
app/views/shared/deploy_tokens/_new_deploy_token.html.haml
+0
-0
app/views/shared/deploy_tokens/_revoke_modal.html.haml
app/views/shared/deploy_tokens/_revoke_modal.html.haml
+3
-5
app/views/shared/deploy_tokens/_table.html.haml
app/views/shared/deploy_tokens/_table.html.haml
+4
-4
changelogs/unreleased/21765-group-token-refactor.yml
changelogs/unreleased/21765-group-token-refactor.yml
+5
-0
config/routes/group.rb
config/routes/group.rb
+7
-0
config/routes/project.rb
config/routes/project.rb
+3
-1
ee/app/controllers/ee/projects/settings/ci_cd_controller.rb
ee/app/controllers/ee/projects/settings/ci_cd_controller.rb
+2
-2
ee/app/controllers/ee/projects/settings/repository_controller.rb
...controllers/ee/projects/settings/repository_controller.rb
+0
-1
locale/gitlab.pot
locale/gitlab.pot
+12
-3
qa/qa/page/project/settings/ci_cd.rb
qa/qa/page/project/settings/ci_cd.rb
+10
-0
qa/qa/page/project/settings/deploy_tokens.rb
qa/qa/page/project/settings/deploy_tokens.rb
+2
-2
qa/qa/page/project/settings/repository.rb
qa/qa/page/project/settings/repository.rb
+0
-6
qa/qa/resource/deploy_token.rb
qa/qa/resource/deploy_token.rb
+7
-9
spec/controllers/groups/settings/ci_cd_controller_spec.rb
spec/controllers/groups/settings/ci_cd_controller_spec.rb
+12
-0
spec/controllers/projects/settings/ci_cd_controller_spec.rb
spec/controllers/projects/settings/ci_cd_controller_spec.rb
+8
-0
spec/controllers/projects/settings/repository_controller_spec.rb
...ntrollers/projects/settings/repository_controller_spec.rb
+0
-20
spec/features/groups/settings/ci_cd_spec.rb
spec/features/groups/settings/ci_cd_spec.rb
+13
-0
spec/features/projects/settings/ci_cd_settings_spec.rb
spec/features/projects/settings/ci_cd_settings_spec.rb
+24
-0
spec/features/projects/settings/repository_settings_spec.rb
spec/features/projects/settings/repository_settings_spec.rb
+0
-33
spec/features/projects/settings/user_sees_revoke_deploy_token_modal_spec.rb
...ects/settings/user_sees_revoke_deploy_token_modal_spec.rb
+1
-1
spec/routing/project_routing_spec.rb
spec/routing/project_routing_spec.rb
+5
-0
spec/services/groups/deploy_tokens/create_service_spec.rb
spec/services/groups/deploy_tokens/create_service_spec.rb
+10
-0
spec/services/projects/deploy_tokens/create_service_spec.rb
spec/services/projects/deploy_tokens/create_service_spec.rb
+10
-0
spec/support/services/deploy_token_shared_examples.rb
spec/support/services/deploy_token_shared_examples.rb
+4
-7
spec/support/shared_examples/controllers/deploy_token_shared_examples.rb
...ared_examples/controllers/deploy_token_shared_examples.rb
+22
-0
spec/support/shared_examples/features/deploy_token_shared_examples.rb
.../shared_examples/features/deploy_token_shared_examples.rb
+27
-0
No files found.
.haml-lint_todo.yml
View file @
8b7111eb
...
...
@@ -374,6 +374,7 @@ linters:
-
'
app/views/shared/boards/components/sidebar/_due_date.html.haml'
-
'
app/views/shared/boards/components/sidebar/_labels.html.haml'
-
'
app/views/shared/boards/components/sidebar/_milestone.html.haml'
-
'
app/views/shared/deploy_tokens/_revoke_modal.html.haml'
-
'
app/views/shared/empty_states/_priority_labels.html.haml'
-
'
app/views/shared/hook_logs/_content.html.haml'
-
'
app/views/shared/issuable/_assignees.html.haml'
...
...
app/assets/javascripts/pages/groups/settings/ci_cd/show/index.js
View file @
8b7111eb
import
initSettingsPanels
from
'
~/settings_panels
'
;
import
AjaxVariableList
from
'
~/ci_variable_list/ajax_variable_list
'
;
import
initVariableList
from
'
~/ci_variable_list
'
;
import
DueDateSelectors
from
'
~/due_date_select
'
;
document
.
addEventListener
(
'
DOMContentLoaded
'
,
()
=>
{
// Initialize expandable settings panels
initSettingsPanels
();
// eslint-disable-next-line no-new
new
DueDateSelectors
();
if
(
gon
.
features
.
newVariablesUi
)
{
initVariableList
();
...
...
app/assets/javascripts/pages/projects/settings/ci_cd/show/index.js
View file @
8b7111eb
...
...
@@ -3,6 +3,7 @@ import SecretValues from '~/behaviors/secret_values';
import
AjaxVariableList
from
'
~/ci_variable_list/ajax_variable_list
'
;
import
registrySettingsApp
from
'
~/registry/settings/registry_settings_bundle
'
;
import
initVariableList
from
'
~/ci_variable_list
'
;
import
DueDateSelectors
from
'
~/due_date_select
'
;
document
.
addEventListener
(
'
DOMContentLoaded
'
,
()
=>
{
// Initialize expandable settings panels
...
...
@@ -39,5 +40,8 @@ document.addEventListener('DOMContentLoaded', () => {
autoDevOpsExtraSettings
.
classList
.
toggle
(
'
hidden
'
,
!
target
.
checked
);
});
// eslint-disable-next-line no-new
new
DueDateSelectors
();
registrySettingsApp
();
});
app/controllers/groups/deploy_tokens_controller.rb
0 → 100644
View file @
8b7111eb
# frozen_string_literal: true
class
Groups::DeployTokensController
<
Groups
::
ApplicationController
before_action
:authorize_admin_group!
def
revoke
@token
=
@group
.
deploy_tokens
.
find
(
params
[
:id
])
@token
.
revoke!
redirect_to
group_settings_ci_cd_path
(
@group
,
anchor:
'js-deploy-tokens'
)
end
end
app/controllers/groups/settings/ci_cd_controller.rb
View file @
8b7111eb
...
...
@@ -9,9 +9,9 @@ module Groups
before_action
do
push_frontend_feature_flag
(
:new_variables_ui
,
@group
,
default_enabled:
true
)
end
before_action
:define_variables
,
only:
[
:show
,
:create_deploy_token
]
def
show
define_ci_variables
end
def
update
...
...
@@ -41,8 +41,23 @@ module Groups
redirect_to
group_settings_ci_cd_path
end
def
create_deploy_token
@new_deploy_token
=
Groups
::
DeployTokens
::
CreateService
.
new
(
@group
,
current_user
,
deploy_token_params
).
execute
if
@new_deploy_token
.
persisted?
flash
.
now
[
:notice
]
=
s_
(
'DeployTokens|Your new group deploy token has been created.'
)
end
render
'show'
end
private
def
define_variables
define_ci_variables
define_deploy_token_variables
end
def
define_ci_variables
@variable
=
Ci
::
GroupVariable
.
new
(
group:
group
)
.
present
(
current_user:
current_user
)
...
...
@@ -50,6 +65,12 @@ module Groups
.
map
{
|
variable
|
variable
.
present
(
current_user:
current_user
)
}
end
def
define_deploy_token_variables
@deploy_tokens
=
@group
.
deploy_tokens
.
active
@new_deploy_token
=
DeployToken
.
new
end
def
authorize_admin_group!
return
render_404
unless
can?
(
current_user
,
:admin_group
,
group
)
end
...
...
@@ -73,6 +94,10 @@ module Groups
def
update_group_params
params
.
require
(
:group
).
permit
(
:max_artifacts_size
)
end
def
deploy_token_params
params
.
require
(
:deploy_token
).
permit
(
:name
,
:expires_at
,
:read_repository
,
:read_registry
,
:username
)
end
end
end
end
app/controllers/projects/deploy_tokens_controller.rb
View file @
8b7111eb
...
...
@@ -7,6 +7,6 @@ class Projects::DeployTokensController < Projects::ApplicationController
@token
=
@project
.
deploy_tokens
.
find
(
params
[
:id
])
@token
.
revoke!
redirect_to
project_settings_
repository
_path
(
project
,
anchor:
'js-deploy-tokens'
)
redirect_to
project_settings_
ci_cd
_path
(
project
,
anchor:
'js-deploy-tokens'
)
end
end
app/controllers/projects/settings/ci_cd_controller.rb
View file @
8b7111eb
...
...
@@ -46,6 +46,16 @@ module Projects
redirect_to
namespace_project_settings_ci_cd_path
end
def
create_deploy_token
@new_deploy_token
=
Projects
::
DeployTokens
::
CreateService
.
new
(
@project
,
current_user
,
deploy_token_params
).
execute
if
@new_deploy_token
.
persisted?
flash
.
now
[
:notice
]
=
s_
(
'DeployTokens|Your new project deploy token has been created.'
)
end
render
'show'
end
private
def
update_params
...
...
@@ -64,6 +74,10 @@ module Projects
end
end
def
deploy_token_params
params
.
require
(
:deploy_token
).
permit
(
:name
,
:expires_at
,
:read_repository
,
:read_registry
,
:username
)
end
def
run_autodevops_pipeline
(
service
)
return
unless
service
.
run_auto_devops_pipeline?
...
...
@@ -83,6 +97,7 @@ module Projects
def
define_variables
define_runners_variables
define_ci_variables
define_deploy_token_variables
define_triggers_variables
define_badges_variables
define_auto_devops_variables
...
...
@@ -132,6 +147,12 @@ module Projects
def
define_auto_devops_variables
@auto_devops
=
@project
.
auto_devops
||
ProjectAutoDevops
.
new
end
def
define_deploy_token_variables
@deploy_tokens
=
@project
.
deploy_tokens
.
active
@new_deploy_token
=
DeployToken
.
new
end
end
end
end
...
...
app/controllers/projects/settings/repository_controller.rb
View file @
8b7111eb
...
...
@@ -10,16 +10,6 @@ module Projects
render_show
end
def
create_deploy_token
@new_deploy_token
=
DeployTokens
::
CreateService
.
new
(
@project
,
current_user
,
deploy_token_params
).
execute
if
@new_deploy_token
.
persisted?
flash
.
now
[
:notice
]
=
s_
(
'DeployTokens|Your new project deploy token has been created.'
)
end
render_show
end
def
cleanup
cleanup_params
=
params
.
require
(
:project
).
permit
(
:bfg_object_map
)
result
=
Projects
::
UpdateService
.
new
(
project
,
current_user
,
cleanup_params
).
execute
...
...
@@ -38,9 +28,7 @@ module Projects
def
render_show
@deploy_keys
=
DeployKeysPresenter
.
new
(
@project
,
current_user:
current_user
)
@deploy_tokens
=
@project
.
deploy_tokens
.
active
define_deploy_token
define_protected_refs
remote_mirror
...
...
@@ -93,14 +81,6 @@ module Projects
gon
.
push
(
protectable_branches_for_dropdown
)
gon
.
push
(
access_levels_options
)
end
def
define_deploy_token
@new_deploy_token
||=
DeployToken
.
new
end
def
deploy_token_params
params
.
require
(
:deploy_token
).
permit
(
:name
,
:expires_at
,
:read_repository
,
:read_registry
,
:username
)
end
end
end
end
...
...
app/helpers/ci_variables_helper.rb
View file @
8b7111eb
...
...
@@ -5,6 +5,22 @@ module CiVariablesHelper
Gitlab
::
CurrentSettings
.
current_application_settings
.
protected_ci_variables
end
def
create_deploy_token_path
(
entity
,
opts
=
{})
if
entity
.
is_a?
(
Group
)
create_deploy_token_group_settings_ci_cd_path
(
entity
,
opts
)
else
create_deploy_token_project_settings_repository_path
(
entity
,
opts
)
end
end
def
revoke_deploy_token_path
(
entity
,
token
)
if
entity
.
is_a?
(
Group
)
revoke_group_deploy_token_path
(
entity
,
token
)
else
revoke_project_deploy_token_path
(
entity
,
token
)
end
end
def
ci_variable_protected?
(
variable
,
only_key_value
)
if
variable
&&
!
only_key_value
variable
.
protected
...
...
app/models/group.rb
View file @
8b7111eb
...
...
@@ -59,6 +59,9 @@ class Group < Namespace
has_many
:import_failures
,
inverse_of: :group
has_many
:group_deploy_tokens
has_many
:deploy_tokens
,
through: :group_deploy_tokens
accepts_nested_attributes_for
:variables
,
allow_destroy:
true
validate
:visibility_level_allowed_by_projects
...
...
app/models/group_deploy_token.rb
View file @
8b7111eb
...
...
@@ -9,7 +9,7 @@ class GroupDeployToken < ApplicationRecord
validates
:deploy_token_id
,
uniqueness:
{
scope:
[
:group_id
]
}
def
has_access_to?
(
requested_project
)
return
false
unless
Feature
.
enabled?
(
:allow_group_deploy_token
,
default:
true
)
return
false
unless
Feature
.
enabled?
(
:allow_group_deploy_token
,
default
_enabled
:
true
)
requested_project_group
=
requested_project
&
.
group
return
false
unless
requested_project_group
...
...
app/models/project.rb
View file @
8b7111eb
...
...
@@ -2343,6 +2343,14 @@ class Project < ApplicationRecord
Gitlab
::
CurrentSettings
.
self_monitoring_project_id
==
id
end
def
deploy_token_create_url
(
opts
=
{})
Gitlab
::
Routing
.
url_helpers
.
create_deploy_token_project_settings_ci_cd_path
(
self
,
opts
)
end
def
deploy_token_revoke_url_for
(
token
)
Gitlab
::
Routing
.
url_helpers
.
revoke_project_deploy_token_path
(
self
,
token
)
end
private
def
closest_namespace_setting
(
name
)
...
...
app/services/concerns/deploy_token_methods.rb
0 → 100644
View file @
8b7111eb
# frozen_string_literal: true
module
DeployTokenMethods
def
create_deploy_token_for
(
entity
,
params
)
params
[
:deploy_token_type
]
=
DeployToken
.
deploy_token_types
[
"
#{
entity
.
class
.
name
.
downcase
}
_type"
.
to_sym
]
entity
.
deploy_tokens
.
create
(
params
)
do
|
deploy_token
|
deploy_token
.
username
=
params
[
:username
].
presence
end
end
end
app/services/deploy_tokens/create_service.rb
deleted
100644 → 0
View file @
c42cbbcf
# frozen_string_literal: true
module
DeployTokens
class
CreateService
<
BaseService
def
execute
@project
.
deploy_tokens
.
create
(
params
)
do
|
deploy_token
|
deploy_token
.
username
=
params
[
:username
].
presence
end
end
end
end
app/services/groups/deploy_tokens/create_service.rb
0 → 100644
View file @
8b7111eb
# frozen_string_literal: true
module
Groups
module
DeployTokens
class
CreateService
<
BaseService
include
DeployTokenMethods
def
execute
create_deploy_token_for
(
@group
,
params
)
end
end
end
end
app/services/projects/deploy_tokens/create_service.rb
0 → 100644
View file @
8b7111eb
# frozen_string_literal: true
module
Projects
module
DeployTokens
class
CreateService
<
BaseService
include
DeployTokenMethods
def
execute
create_deploy_token_for
(
@project
,
params
)
end
end
end
end
app/views/groups/settings/ci_cd/show.html.haml
View file @
8b7111eb
...
...
@@ -3,6 +3,7 @@
-
expanded
=
expanded_by_default?
-
general_expanded
=
@group
.
errors
.
empty?
?
expanded
:
true
-
deploy_token_description
=
s_
(
'DeployTokens|Group deploy tokens allow read-only access to the repositories and registry images within the group.'
)
-# Given we only have one field in this form which is also admin-only,
-# we don't want to show an empty section to non-admin users,
...
...
@@ -24,6 +25,8 @@
.settings-content
=
render
'ci/variables/index'
,
save_endpoint:
group_variables_path
=
render
"shared/deploy_tokens/index"
,
group_or_project:
@group
,
description:
deploy_token_description
%section
.settings
#runners-settings
.no-animate
{
class:
(
'expanded'
if
expanded
)
}
.settings-header
%h4
...
...
app/views/projects/settings/ci_cd/show.html.haml
View file @
8b7111eb
...
...
@@ -4,6 +4,7 @@
-
expanded
=
expanded_by_default?
-
general_expanded
=
@project
.
errors
.
empty?
?
expanded
:
true
-
deploy_token_description
=
s_
(
'DeployTokens|Deploy tokens allow read-only access to your repository and registry images.'
)
%section
.settings
#js-general-pipeline-settings
.no-animate
{
class:
(
'expanded'
if
general_expanded
)
}
.settings-header
...
...
@@ -51,6 +52,8 @@
.settings-content
=
render
'ci/variables/index'
,
save_endpoint:
project_variables_path
(
@project
)
=
render
"shared/deploy_tokens/index"
,
group_or_project:
@project
,
description:
deploy_token_description
%section
.settings.no-animate
#js-pipeline-triggers
{
class:
(
'expanded'
if
expanded
)
}
.settings-header
%h4
...
...
app/views/projects/settings/repository/show.html.haml
View file @
8b7111eb
...
...
@@ -13,7 +13,6 @@
=
render
"projects/settings/repository/protected_branches"
=
render
@deploy_keys
=
render
"projects/deploy_tokens/index"
=
render
"projects/cleanup/show"
=
render_if_exists
'shared/promotions/promote_repository_features'
app/views/
projects
/deploy_tokens/_form.html.haml
→
app/views/
shared
/deploy_tokens/_form.html.haml
View file @
8b7111eb
%p
.profile-settings-content
=
s_
(
"DeployTokens|Pick a name for the application, and we'll give you a unique deploy token."
)
=
form_for
token
,
url:
create_deploy_token_
namespace_project_settings_repository_path
(
project
.
namespace
,
project
,
anchor:
'js-deploy-tokens'
),
method: :post
do
|
f
|
=
form_for
token
,
url:
create_deploy_token_
path
(
group_or_
project
,
anchor:
'js-deploy-tokens'
),
method: :post
do
|
f
|
=
form_errors
(
token
)
.form-group
...
...
@@ -24,7 +24,7 @@
=
label_tag
(
"deploy_token_read_repository"
),
'read_repository'
,
class:
'label-bold form-check-label'
.text-secondary
=
s_
(
'DeployTokens|Allows read-only access to the repository'
)
-
if
container_registry_enabled?
(
project
)
-
if
container_registry_enabled?
(
group_or_
project
)
%fieldset
.form-group.form-check
=
f
.
check_box
:read_registry
,
class:
'form-check-input qa-deploy-token-read-registry'
=
label_tag
(
"deploy_token_read_registry"
),
'read_registry'
,
class:
'label-bold form-check-label'
...
...
app/views/
projects
/deploy_tokens/_index.html.haml
→
app/views/
shared
/deploy_tokens/_index.html.haml
View file @
8b7111eb
-
expanded
=
expand_deploy_tokens_section?
(
@new_deploy_token
)
%section
.qa-deploy-tokens-settings.settings.no-animate
#js-deploy-tokens
{
class:
(
'expanded'
if
expanded
)
}
%section
.qa-deploy-tokens-settings.settings.no-animate
#js-deploy-tokens
{
class:
(
'expanded'
if
expanded
)
,
data:
{
qa_selector:
'deploy_tokens_settings'
}
}
.settings-header
%h4
=
s_
(
'DeployTokens|Deploy Tokens'
)
%button
.btn.js-settings-toggle.qa-expand-deploy-keys
{
type:
'button'
}
=
expanded
?
'Collapse'
:
'Expand'
%p
=
s_
(
'DeployTokens|Deploy tokens allow read-only access to your repository and registry images.'
)
=
description
.settings-content
-
if
@new_deploy_token
.
persisted?
=
render
'
projects
/deploy_tokens/new_deploy_token'
,
deploy_token:
@new_deploy_token
=
render
'
shared
/deploy_tokens/new_deploy_token'
,
deploy_token:
@new_deploy_token
%h5
.prepend-top-0
=
s_
(
'DeployTokens|Add a deploy token'
)
=
render
'
projects/deploy_tokens/form'
,
project:
@
project
,
token:
@new_deploy_token
,
presenter:
@deploy_tokens
=
render
'
shared/deploy_tokens/form'
,
group_or_project:
group_or_
project
,
token:
@new_deploy_token
,
presenter:
@deploy_tokens
%hr
=
render
'projects/deploy_tokens/table'
,
project:
@project
,
active_tokens:
@deploy_tokens
=
render
'shared/deploy_tokens/table'
,
group_or_project:
group_or_project
,
active_tokens:
@deploy_tokens
app/views/
projects
/deploy_tokens/_new_deploy_token.html.haml
→
app/views/
shared
/deploy_tokens/_new_deploy_token.html.haml
View file @
8b7111eb
File moved
app/views/
projects
/deploy_tokens/_revoke_modal.html.haml
→
app/views/
shared
/deploy_tokens/_revoke_modal.html.haml
View file @
8b7111eb
...
...
@@ -3,15 +3,13 @@
.modal-content
.modal-header
%h4
.modal-title
=
s_
(
'DeployTokens|Revoke'
)
%b
#{
token
.
name
}
?
=
s_
(
'DeployTokens|Revoke %{b_start}%{name}%{b_end}?'
).
html_safe
%
{
b_start:
'<b>'
.
html_safe
,
name:
token
.
name
,
b_end:
'</b>'
.
html_safe
}
%button
.close
{
type:
"button"
,
"data-dismiss"
:
"modal"
,
"aria-label"
=>
_
(
'Close'
)
}
%span
{
"aria-hidden"
:
true
}
×
.modal-body
%p
=
s_
(
'DeployTokens|You are about to revoke'
)
%b
#{
token
.
name
}
.
=
s_
(
'DeployTokens|You are about to revoke %{b_start}%{name}%{b_end}.'
).
html_safe
%
{
b_start:
'<b>'
.
html_safe
,
name:
token
.
name
,
b_end:
'</b>'
.
html_safe
}
=
s_
(
'DeployTokens|This action cannot be undone.'
)
.modal-footer
%a
{
href:
'#'
,
data:
{
dismiss:
'modal'
},
class:
'btn btn-default'
}=
_
(
'Cancel'
)
=
link_to
s_
(
'DeployTokens|Revoke %{name}'
)
%
{
name:
token
.
name
},
revoke_
project_deploy_token_path
(
project
,
token
),
method: :put
,
class:
'btn btn-danger'
=
link_to
s_
(
'DeployTokens|Revoke %{name}'
)
%
{
name:
token
.
name
},
revoke_
deploy_token_path
(
group_or_
project
,
token
),
method: :put
,
class:
'btn btn-danger'
app/views/
projects
/deploy_tokens/_table.html.haml
→
app/views/
shared
/deploy_tokens/_table.html.haml
View file @
8b7111eb
...
...
@@ -22,10 +22,10 @@
%span
{
class:
(
'text-warning'
if
token
.
expires_soon?
)
}
In
#{
distance_of_time_in_words_to_now
(
token
.
expires_at
)
}
-
else
%span
.token-never-expires-label
Never
%td
=
token
.
scopes
.
present?
?
token
.
scopes
.
join
(
", "
)
:
"<no scopes selected>"
%span
.token-never-expires-label
=
_
(
'Never'
)
%td
=
token
.
scopes
.
present?
?
token
.
scopes
.
join
(
", "
)
:
_
(
'<no scopes selected>'
)
%td
=
link_to
s_
(
'DeployTokens|Revoke'
),
"#"
,
class:
"btn btn-danger float-right"
,
data:
{
toggle:
"modal"
,
target:
"#revoke-modal-
#{
token
.
id
}
"
}
=
render
'
projects/deploy_tokens/revoke_modal'
,
token:
token
,
project:
project
=
render
'
shared/deploy_tokens/revoke_modal'
,
token:
token
,
group_or_project:
group_or_
project
-
else
.settings-message.text-center
=
s_
(
'DeployTokens|This
project has no active Deploy Tokens.'
)
=
s_
(
'DeployTokens|This
%{entity_type} has no active Deploy Tokens.'
)
%
{
entity_type:
group_or_project
.
class
.
name
.
downcase
}
changelogs/unreleased/21765-group-token-refactor.yml
0 → 100644
View file @
8b7111eb
---
title
:
Addition of the Group Deploy Token interface
merge_request
:
24102
author
:
type
:
added
config/routes/group.rb
View file @
8b7111eb
...
...
@@ -29,6 +29,7 @@ constraints(::Constraints::GroupUrlConstrainer.new) do
resource
:ci_cd
,
only:
[
:show
,
:update
],
controller:
'ci_cd'
do
put
:reset_registration_token
patch
:update_auto_devops
post
:create_deploy_token
,
path:
'deploy_token/create'
end
end
...
...
@@ -49,6 +50,12 @@ constraints(::Constraints::GroupUrlConstrainer.new) do
end
end
resources
:deploy_tokens
,
constraints:
{
id:
/\d+/
},
only:
[]
do
member
do
put
:revoke
end
end
resource
:avatar
,
only:
[
:destroy
]
concerns
:clusterable
...
...
config/routes/project.rb
View file @
8b7111eb
...
...
@@ -79,7 +79,9 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
resource
:integrations
,
only:
[
:show
]
resource
:repository
,
only:
[
:show
],
controller: :repository
do
post
:create_deploy_token
,
path:
'deploy_token/create'
# TODO: Move 'create_deploy_token' here to the ':ci_cd' resource above during 12.9.
# More details here: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/24102#note_287572556
post
:create_deploy_token
,
path:
'deploy_token/create'
,
to:
'ci_cd#create_deploy_token'
post
:cleanup
end
end
...
...
ee/app/controllers/ee/projects/settings/ci_cd_controller.rb
View file @
8b7111eb
...
...
@@ -8,8 +8,8 @@ module EE
extend
ActiveSupport
::
Concern
prepended
do
before_action
:assign_variables_to_gon
,
only:
:show
before_action
:define_protected_env_variables
,
only:
:show
before_action
:assign_variables_to_gon
,
only:
[
:show
,
:create_deploy_token
]
before_action
:define_protected_env_variables
,
only:
[
:show
,
:create_deploy_token
]
end
# rubocop:disable Gitlab/ModuleWithInstanceVariables
...
...
ee/app/controllers/ee/projects/settings/repository_controller.rb
View file @
8b7111eb
...
...
@@ -42,7 +42,6 @@ module EE
@deploy_keys
=
::
Projects
::
Settings
::
DeployKeysPresenter
.
new
(
@project
,
current_user:
current_user
)
@deploy_tokens
=
@project
.
deploy_tokens
.
active
define_deploy_token
define_protected_refs
push_rule
remote_mirror
...
...
locale/gitlab.pot
View file @
8b7111eb
...
...
@@ -6501,6 +6501,9 @@ msgstr ""
msgid "DeployTokens|Expires"
msgstr ""
msgid "DeployTokens|Group deploy tokens allow read-only access to the repositories and registry images within the group."
msgstr ""
msgid "DeployTokens|Name"
msgstr ""
...
...
@@ -6510,16 +6513,19 @@ msgstr ""
msgid "DeployTokens|Revoke"
msgstr ""
msgid "DeployTokens|Revoke %{b_start}%{name}%{b_end}?"
msgstr ""
msgid "DeployTokens|Revoke %{name}"
msgstr ""
msgid "DeployTokens|Scopes"
msgstr ""
msgid "DeployTokens|This
action cannot be undone
."
msgid "DeployTokens|This
%{entity_type} has no active Deploy Tokens
."
msgstr ""
msgid "DeployTokens|This
project has no active Deploy Tokens
."
msgid "DeployTokens|This
action cannot be undone
."
msgstr ""
msgid "DeployTokens|Use this token as a password. Make sure you save it - you won't be able to access it again."
...
...
@@ -6531,12 +6537,15 @@ msgstr ""
msgid "DeployTokens|Username"
msgstr ""
msgid "DeployTokens|You are about to revoke"
msgid "DeployTokens|You are about to revoke
%{b_start}%{name}%{b_end}.
"
msgstr ""
msgid "DeployTokens|Your New Deploy Token"
msgstr ""
msgid "DeployTokens|Your new group deploy token has been created."
msgstr ""
msgid "DeployTokens|Your new project deploy token has been created."
msgstr ""
...
...
qa/qa/page/project/settings/ci_cd.rb
View file @
8b7111eb
...
...
@@ -13,6 +13,16 @@ module QA
element
:variables_settings_content
end
view
'app/views/shared/deploy_tokens/_index.html.haml'
do
element
:deploy_tokens_settings
end
def
expand_deploy_tokens
(
&
block
)
expand_section
(
:deploy_tokens_settings
)
do
Settings
::
DeployTokens
.
perform
(
&
block
)
end
end
def
expand_runners_settings
(
&
block
)
expand_section
(
:runners_settings_content
)
do
Settings
::
Runners
.
perform
(
&
block
)
...
...
qa/qa/page/project/settings/deploy_tokens.rb
View file @
8b7111eb
...
...
@@ -5,7 +5,7 @@ module QA
module
Project
module
Settings
class
DeployTokens
<
Page
::
Base
view
'app/views/
projects
/deploy_tokens/_form.html.haml'
do
view
'app/views/
shared
/deploy_tokens/_form.html.haml'
do
element
:deploy_token_name
element
:deploy_token_expires_at
element
:deploy_token_read_repository
...
...
@@ -13,7 +13,7 @@ module QA
element
:create_deploy_token
end
view
'app/views/
projects
/deploy_tokens/_new_deploy_token.html.haml'
do
view
'app/views/
shared
/deploy_tokens/_new_deploy_token.html.haml'
do
element
:created_deploy_token_section
element
:deploy_token_user
element
:deploy_token
...
...
qa/qa/page/project/settings/repository.rb
View file @
8b7111eb
...
...
@@ -31,12 +31,6 @@ module QA
end
end
def
expand_deploy_tokens
(
&
block
)
expand_section
(
:deploy_tokens_settings
)
do
DeployTokens
.
perform
(
&
block
)
end
end
def
expand_mirroring_repositories
(
&
block
)
expand_section
(
:mirroring_repositories_settings_section
)
do
MirroringRepositories
.
perform
(
&
block
)
...
...
qa/qa/resource/deploy_token.rb
View file @
8b7111eb
...
...
@@ -6,16 +6,16 @@ module QA
attr_accessor
:name
,
:expires_at
attribute
:username
do
Page
::
Project
::
Settings
::
Repository
.
perform
do
|
repository
_page
|
repository
_page
.
expand_deploy_tokens
do
|
token
|
Page
::
Project
::
Settings
::
CICD
.
perform
do
|
cicd
_page
|
cicd
_page
.
expand_deploy_tokens
do
|
token
|
token
.
token_username
end
end
end
attribute
:password
do
Page
::
Project
::
Settings
::
Repository
.
perform
do
|
repository
_page
|
repository
_page
.
expand_deploy_tokens
do
|
token
|
Page
::
Project
::
Settings
::
CICD
.
perform
do
|
cicd
_page
|
cicd
_page
.
expand_deploy_tokens
do
|
token
|
token
.
token_password
end
end
...
...
@@ -31,12 +31,10 @@ module QA
def
fabricate!
project
.
visit!
Page
::
Project
::
Menu
.
act
do
go_to_repository_settings
end
Page
::
Project
::
Menu
.
perform
(
&
:go_to_ci_cd_settings
)
Page
::
Project
::
Settings
::
Repository
.
perform
do
|
setting
|
setting
.
expand_deploy_tokens
do
|
page
|
Page
::
Project
::
Settings
::
CICD
.
perform
do
|
cicd
|
cicd
.
expand_deploy_tokens
do
|
page
|
page
.
fill_token_name
(
name
)
page
.
fill_token_expires_at
(
expires_at
)
page
.
fill_scopes
(
read_repository:
true
,
read_registry:
false
)
...
...
spec/controllers/groups/settings/ci_cd_controller_spec.rb
View file @
8b7111eb
...
...
@@ -210,4 +210,16 @@ describe Groups::Settings::CiCdController do
end
end
end
describe
'POST create_deploy_token'
do
it_behaves_like
'a created deploy token'
do
let
(
:entity
)
{
group
}
let
(
:create_entity_params
)
{
{
group_id:
group
}
}
let
(
:deploy_token_type
)
{
DeployToken
.
deploy_token_types
[
:group_type
]
}
before
do
entity
.
add_owner
(
user
)
end
end
end
end
spec/controllers/projects/settings/ci_cd_controller_spec.rb
View file @
8b7111eb
...
...
@@ -247,4 +247,12 @@ describe Projects::Settings::CiCdController do
end
end
end
describe
'POST create_deploy_token'
do
it_behaves_like
'a created deploy token'
do
let
(
:entity
)
{
project
}
let
(
:create_entity_params
)
{
{
namespace_id:
project
.
namespace
,
project_id:
project
}
}
let
(
:deploy_token_type
)
{
DeployToken
.
deploy_token_types
[
:project_type
]
}
end
end
end
spec/controllers/projects/settings/repository_controller_spec.rb
View file @
8b7111eb
...
...
@@ -32,24 +32,4 @@ describe Projects::Settings::RepositoryController do
expect
(
RepositoryCleanupWorker
).
to
have_received
(
:perform_async
).
once
end
end
describe
'POST create_deploy_token'
do
let
(
:deploy_token_params
)
do
{
name:
'deployer_token'
,
expires_at:
1
.
month
.
from_now
.
to_date
.
to_s
,
username:
'deployer'
,
read_repository:
'1'
}
end
subject
(
:create_deploy_token
)
{
post
:create_deploy_token
,
params:
{
namespace_id:
project
.
namespace
,
project_id:
project
,
deploy_token:
deploy_token_params
}
}
it
'creates deploy token'
do
expect
{
create_deploy_token
}.
to
change
{
DeployToken
.
active
.
count
}.
by
(
1
)
expect
(
response
).
to
have_gitlab_http_status
(
:ok
)
expect
(
response
).
to
render_template
(
:show
)
end
end
end
spec/features/groups/settings/ci_cd_spec.rb
View file @
8b7111eb
...
...
@@ -37,6 +37,19 @@ describe 'Group CI/CD settings' do
end
end
context
'Deploy tokens'
do
let!
(
:deploy_token
)
{
create
(
:deploy_token
,
:group
,
groups:
[
group
])
}
before
do
stub_container_registry_config
(
enabled:
true
)
visit
group_settings_ci_cd_path
(
group
)
end
it_behaves_like
'a deploy token in ci/cd settings'
do
let
(
:entity_type
)
{
'group'
}
end
end
describe
'Auto DevOps form'
do
before
do
stub_application_setting
(
auto_devops_enabled:
true
)
...
...
spec/features/projects/settings/ci_cd_settings_spec.rb
0 → 100644
View file @
8b7111eb
# frozen_string_literal: true
require
'spec_helper'
describe
'Projects > Settings > CI/CD settings'
do
let
(
:project
)
{
create
(
:project_empty_repo
)
}
let
(
:user
)
{
create
(
:user
)
}
let
(
:role
)
{
:maintainer
}
context
'Deploy tokens'
do
let!
(
:deploy_token
)
{
create
(
:deploy_token
,
projects:
[
project
])
}
before
do
project
.
add_role
(
user
,
role
)
sign_in
(
user
)
stub_container_registry_config
(
enabled:
true
)
visit
project_settings_ci_cd_path
(
project
)
end
it_behaves_like
'a deploy token in ci/cd settings'
do
let
(
:entity_type
)
{
'project'
}
end
end
end
spec/features/projects/settings/repository_settings_spec.rb
View file @
8b7111eb
...
...
@@ -108,39 +108,6 @@ describe 'Projects > Settings > Repository settings' do
end
end
context
'Deploy tokens'
do
let!
(
:deploy_token
)
{
create
(
:deploy_token
,
projects:
[
project
])
}
before
do
stub_container_registry_config
(
enabled:
true
)
visit
project_settings_repository_path
(
project
)
end
it
'view deploy tokens'
do
within
(
'.deploy-tokens'
)
do
expect
(
page
).
to
have_content
(
deploy_token
.
name
)
expect
(
page
).
to
have_content
(
'read_repository'
)
expect
(
page
).
to
have_content
(
'read_registry'
)
end
end
it
'add a new deploy token'
do
fill_in
'deploy_token_name'
,
with:
'new_deploy_key'
fill_in
'deploy_token_expires_at'
,
with:
(
Date
.
today
+
1
.
month
).
to_s
fill_in
'deploy_token_username'
,
with:
'deployer'
check
'deploy_token_read_repository'
check
'deploy_token_read_registry'
click_button
'Create deploy token'
expect
(
page
).
to
have_content
(
'Your new project deploy token has been created'
)
within
(
'.created-deploy-token-container'
)
do
expect
(
page
).
to
have_selector
(
"input[name='deploy-token-user'][value='deployer']"
)
expect
(
page
).
to
have_selector
(
"input[name='deploy-token'][readonly='readonly']"
)
end
end
end
context
'remote mirror settings'
do
let
(
:user2
)
{
create
(
:user
)
}
...
...
spec/features/projects/settings/user_sees_revoke_deploy_token_modal_spec.rb
View file @
8b7111eb
...
...
@@ -11,7 +11,7 @@ describe 'Repository Settings > User sees revoke deploy token modal', :js do
before
do
project
.
add_role
(
user
,
role
)
sign_in
(
user
)
visit
(
project_settings_
repository
_path
(
project
))
visit
(
project_settings_
ci_cd
_path
(
project
))
click_link
(
'Revoke'
)
end
...
...
spec/routing/project_routing_spec.rb
View file @
8b7111eb
...
...
@@ -798,6 +798,11 @@ describe 'project routing' do
end
it_behaves_like
'redirecting a legacy project path'
,
"/gitlab/gitlabhq/settings/repository"
,
"/gitlab/gitlabhq/-/settings/repository"
# TODO: remove this test as part of https://gitlab.com/gitlab-org/gitlab/issues/207079 (12.9)
it
'to ci_cd#create_deploy_token'
do
expect
(
post
(
'gitlab/gitlabhq/-/settings/repository/deploy_token/create'
)).
to
route_to
(
'projects/settings/ci_cd#create_deploy_token'
,
namespace_id:
'gitlab'
,
project_id:
'gitlabhq'
)
end
end
describe
Projects
::
TemplatesController
,
'routing'
do
...
...
spec/services/groups/deploy_tokens/create_service_spec.rb
0 → 100644
View file @
8b7111eb
# frozen_string_literal: true
require
'spec_helper'
describe
Groups
::
DeployTokens
::
CreateService
do
it_behaves_like
'a deploy token creation service'
do
let
(
:entity
)
{
create
(
:group
)
}
let
(
:deploy_token_class
)
{
GroupDeployToken
}
end
end
spec/services/projects/deploy_tokens/create_service_spec.rb
0 → 100644
View file @
8b7111eb
# frozen_string_literal: true
require
'spec_helper'
describe
Projects
::
DeployTokens
::
CreateService
do
it_behaves_like
'a deploy token creation service'
do
let
(
:entity
)
{
create
(
:project
)
}
let
(
:deploy_token_class
)
{
ProjectDeployToken
}
end
end
spec/s
ervices/deploy_tokens/create_service_spec
.rb
→
spec/s
upport/services/deploy_token_shared_examples
.rb
View file @
8b7111eb
# frozen_string_literal: true
require
'spec_helper'
describe
DeployTokens
::
CreateService
do
let
(
:project
)
{
create
(
:project
)
}
RSpec
.
shared_examples
'a deploy token creation service'
do
let
(
:user
)
{
create
(
:user
)
}
let
(
:deploy_token_params
)
{
attributes_for
(
:deploy_token
)
}
describe
'#execute'
do
subject
{
described_class
.
new
(
project
,
user
,
deploy_token_params
).
execute
}
subject
{
described_class
.
new
(
entity
,
user
,
deploy_token_params
).
execute
}
context
'when the deploy token is valid'
do
it
'creates a new DeployToken'
do
...
...
@@ -16,7 +13,7 @@ describe DeployTokens::CreateService do
end
it
'creates a new ProjectDeployToken'
do
expect
{
subject
}.
to
change
{
ProjectDeployToken
.
count
}.
by
(
1
)
expect
{
subject
}.
to
change
{
deploy_token_class
.
count
}.
by
(
1
)
end
it
'returns a DeployToken'
do
...
...
@@ -56,7 +53,7 @@ describe DeployTokens::CreateService do
end
it
'does not create a new ProjectDeployToken'
do
expect
{
subject
}.
not_to
change
{
ProjectDeployToken
.
count
}
expect
{
subject
}.
not_to
change
{
deploy_token_class
.
count
}
end
end
end
...
...
spec/support/shared_examples/controllers/deploy_token_shared_examples.rb
0 → 100644
View file @
8b7111eb
# frozen_string_literal: true
RSpec
.
shared_examples
'a created deploy token'
do
let
(
:deploy_token_params
)
do
{
name:
'deployer_token'
,
expires_at:
1
.
month
.
from_now
.
to_date
.
to_s
,
username:
'deployer'
,
read_repository:
'1'
,
deploy_token_type:
deploy_token_type
}
end
subject
(
:create_deploy_token
)
{
post
:create_deploy_token
,
params:
create_entity_params
.
merge
({
deploy_token:
deploy_token_params
})
}
it
'creates deploy token'
do
expect
{
create_deploy_token
}.
to
change
{
DeployToken
.
active
.
count
}.
by
(
1
)
expect
(
response
).
to
have_gitlab_http_status
(
:ok
)
expect
(
response
).
to
render_template
(
:show
)
end
end
spec/support/shared_examples/features/deploy_token_shared_examples.rb
0 → 100644
View file @
8b7111eb
# frozen_string_literal: true
RSpec
.
shared_examples
'a deploy token in ci/cd settings'
do
it
'view deploy tokens'
do
within
(
'.deploy-tokens'
)
do
expect
(
page
).
to
have_content
(
deploy_token
.
name
)
expect
(
page
).
to
have_content
(
'read_repository'
)
expect
(
page
).
to
have_content
(
'read_registry'
)
end
end
it
'add a new deploy token'
do
fill_in
'deploy_token_name'
,
with:
'new_deploy_key'
fill_in
'deploy_token_expires_at'
,
with:
(
Date
.
today
+
1
.
month
).
to_s
fill_in
'deploy_token_username'
,
with:
'deployer'
check
'deploy_token_read_repository'
check
'deploy_token_read_registry'
click_button
'Create deploy token'
expect
(
page
).
to
have_content
(
"Your new
#{
entity_type
}
deploy token has been created"
)
within
(
'.created-deploy-token-container'
)
do
expect
(
page
).
to
have_selector
(
"input[name='deploy-token-user'][value='deployer']"
)
expect
(
page
).
to
have_selector
(
"input[name='deploy-token'][readonly='readonly']"
)
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment