Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
9cfb02f8
Commit
9cfb02f8
authored
Apr 09, 2019
by
GitLab Bot
Browse files
Options
Browse Files
Download
Plain Diff
Automatic merge of gitlab-org/gitlab-ce master
parents
ae04aeba
b47d971e
Changes
7
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
176 additions
and
0 deletions
+176
-0
app/models/ci/pipeline.rb
app/models/ci/pipeline.rb
+4
-0
app/policies/ci/pipeline_policy.rb
app/policies/ci/pipeline_policy.rb
+12
-0
changelogs/unreleased/expose-pipeline-variables-via-api.yml
changelogs/unreleased/expose-pipeline-variables-via-api.yml
+5
-0
doc/api/pipelines.md
doc/api/pipelines.md
+30
-0
lib/api/pipelines.rb
lib/api/pipelines.rb
+13
-0
spec/policies/ci/pipeline_policy_spec.rb
spec/policies/ci/pipeline_policy_spec.rb
+46
-0
spec/requests/api/pipelines_spec.rb
spec/requests/api/pipelines_spec.rb
+66
-0
No files found.
app/models/ci/pipeline.rb
View file @
9cfb02f8
...
@@ -750,6 +750,10 @@ module Ci
...
@@ -750,6 +750,10 @@ module Ci
self
.
sha
==
sha
||
self
.
source_sha
==
sha
self
.
sha
==
sha
||
self
.
source_sha
==
sha
end
end
def
triggered_by?
(
current_user
)
user
==
current_user
end
private
private
def
ci_yaml_from_repo
def
ci_yaml_from_repo
...
...
app/policies/ci/pipeline_policy.rb
View file @
9cfb02f8
...
@@ -14,6 +14,10 @@ module Ci
...
@@ -14,6 +14,10 @@ module Ci
@subject
.
external?
@subject
.
external?
end
end
condition
(
:triggerer_of_pipeline
)
do
@subject
.
triggered_by?
(
@user
)
end
# Disallow users without permissions from accessing internal pipelines
# Disallow users without permissions from accessing internal pipelines
rule
{
~
can?
(
:read_build
)
&
~
external_pipeline
}.
policy
do
rule
{
~
can?
(
:read_build
)
&
~
external_pipeline
}.
policy
do
prevent
:read_pipeline
prevent
:read_pipeline
...
@@ -29,6 +33,14 @@ module Ci
...
@@ -29,6 +33,14 @@ module Ci
enable
:destroy_pipeline
enable
:destroy_pipeline
end
end
rule
{
can?
(
:admin_pipeline
)
}.
policy
do
enable
:read_pipeline_variable
end
rule
{
can?
(
:update_pipeline
)
&
triggerer_of_pipeline
}.
policy
do
enable
:read_pipeline_variable
end
def
ref_protected?
(
user
,
project
,
tag
,
ref
)
def
ref_protected?
(
user
,
project
,
tag
,
ref
)
access
=
::
Gitlab
::
UserAccess
.
new
(
user
,
project:
project
)
access
=
::
Gitlab
::
UserAccess
.
new
(
user
,
project:
project
)
...
...
changelogs/unreleased/expose-pipeline-variables-via-api.yml
0 → 100644
View file @
9cfb02f8
---
title
:
Expose pipeline variables via API
merge_request
:
26501
author
:
Agustin Henze <tin@redhat.com>
type
:
added
doc/api/pipelines.md
View file @
9cfb02f8
...
@@ -93,6 +93,36 @@ Example of response
...
@@ -93,6 +93,36 @@ Example of response
}
}
```
```
### Get variables of a pipeline
```
GET /projects/:id/pipelines/:pipeline_id/variables
```
| Attribute | Type | Required | Description |
|------------|---------|----------|---------------------|
|
`id`
| integer/string | yes | The ID or
[
URL-encoded path of the project
](
README.md#namespaced-path-encoding
)
owned by the authenticated user |
|
`pipeline_id`
| integer | yes | The ID of a pipeline |
```
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/1/pipelines/46/variables"
```
Example of response
```
json
[
{
"key"
:
"RUN_NIGHTLY_BUILD"
,
"value"
:
"true"
},
{
"key"
:
"foo"
,
"value"
:
"bar"
}
]
```
## Create a new pipeline
## Create a new pipeline
> [Introduced][ce-7209] in GitLab 8.14
> [Introduced][ce-7209] in GitLab 8.14
...
...
lib/api/pipelines.rb
View file @
9cfb02f8
...
@@ -81,6 +81,19 @@ module API
...
@@ -81,6 +81,19 @@ module API
present
pipeline
,
with:
Entities
::
Pipeline
present
pipeline
,
with:
Entities
::
Pipeline
end
end
desc
'Gets the variables for a given pipeline'
do
detail
'This feature was introduced in GitLab 11.11'
success
Entities
::
Variable
end
params
do
requires
:pipeline_id
,
type:
Integer
,
desc:
'The pipeline ID'
end
get
':id/pipelines/:pipeline_id/variables'
do
authorize!
:read_pipeline_variable
,
pipeline
present
pipeline
.
variables
,
with:
Entities
::
Variable
end
desc
'Deletes a pipeline'
do
desc
'Deletes a pipeline'
do
detail
'This feature was introduced in GitLab 11.6'
detail
'This feature was introduced in GitLab 11.6'
http_codes
[[
204
,
'Pipeline was deleted'
],
[
403
,
'Forbidden'
]]
http_codes
[[
204
,
'Pipeline was deleted'
],
[
403
,
'Forbidden'
]]
...
...
spec/policies/ci/pipeline_policy_spec.rb
View file @
9cfb02f8
...
@@ -100,5 +100,51 @@ describe Ci::PipelinePolicy, :models do
...
@@ -100,5 +100,51 @@ describe Ci::PipelinePolicy, :models do
end
end
end
end
end
end
describe
'read_pipeline_variable'
do
let
(
:project
)
{
create
(
:project
,
:public
)
}
context
'when user has owner access'
do
let
(
:user
)
{
project
.
owner
}
it
'is enabled'
do
expect
(
policy
).
to
be_allowed
:read_pipeline_variable
end
end
context
'when user is developer and the creator of the pipeline'
do
let
(
:pipeline
)
{
create
(
:ci_empty_pipeline
,
project:
project
,
user:
user
)
}
before
do
project
.
add_developer
(
user
)
create
(
:protected_branch
,
:developers_can_merge
,
name:
pipeline
.
ref
,
project:
project
)
end
it
'is enabled'
do
expect
(
policy
).
to
be_allowed
:read_pipeline_variable
end
end
context
'when user is developer and it is not the creator of the pipeline'
do
let
(
:pipeline
)
{
create
(
:ci_empty_pipeline
,
project:
project
,
user:
project
.
owner
)
}
before
do
project
.
add_developer
(
user
)
create
(
:protected_branch
,
:developers_can_merge
,
name:
pipeline
.
ref
,
project:
project
)
end
it
'is disabled'
do
expect
(
policy
).
to
be_disallowed
:read_pipeline_variable
end
end
context
'when user is not owner nor developer'
do
it
'is disabled'
do
expect
(
policy
).
not_to
be_allowed
:read_pipeline_variable
end
end
end
end
end
end
end
spec/requests/api/pipelines_spec.rb
View file @
9cfb02f8
...
@@ -445,6 +445,72 @@ describe API::Pipelines do
...
@@ -445,6 +445,72 @@ describe API::Pipelines do
end
end
end
end
describe
'GET /projects/:id/pipelines/:pipeline_id/variables'
do
subject
{
get
api
(
"/projects/
#{
project
.
id
}
/pipelines/
#{
pipeline
.
id
}
/variables"
,
api_user
)
}
let
(
:api_user
)
{
user
}
context
'user is a mantainer'
do
it
'returns pipeline variables empty'
do
subject
expect
(
response
).
to
have_gitlab_http_status
(
200
)
expect
(
json_response
).
to
be_empty
end
context
'with variables'
do
let!
(
:variable
)
{
create
(
:ci_pipeline_variable
,
pipeline:
pipeline
,
key:
'foo'
,
value:
'bar'
)
}
it
'returns pipeline variables'
do
subject
expect
(
response
).
to
have_gitlab_http_status
(
200
)
expect
(
json_response
).
to
contain_exactly
({
"key"
=>
"foo"
,
"value"
=>
"bar"
})
end
end
end
context
'user is a developer'
do
let
(
:pipeline_owner_user
)
{
create
(
:user
)
}
let
(
:pipeline
)
{
create
(
:ci_empty_pipeline
,
project:
project
,
user:
pipeline_owner_user
)
}
before
do
project
.
add_developer
(
api_user
)
end
context
'pipeline created by the developer user'
do
let
(
:api_user
)
{
pipeline_owner_user
}
let!
(
:variable
)
{
create
(
:ci_pipeline_variable
,
pipeline:
pipeline
,
key:
'foo'
,
value:
'bar'
)
}
it
'returns pipeline variables'
do
subject
expect
(
response
).
to
have_gitlab_http_status
(
200
)
expect
(
json_response
).
to
contain_exactly
({
"key"
=>
"foo"
,
"value"
=>
"bar"
})
end
end
context
'pipeline created is not created by the developer user'
do
let
(
:api_user
)
{
create
(
:user
)
}
it
'should not return pipeline variables'
do
subject
expect
(
response
).
to
have_gitlab_http_status
(
403
)
end
end
end
context
'user is not a project member'
do
it
'should not return pipeline variables'
do
get
api
(
"/projects/
#{
project
.
id
}
/pipelines/
#{
pipeline
.
id
}
/variables"
,
non_member
)
expect
(
response
).
to
have_gitlab_http_status
(
404
)
expect
(
json_response
[
'message'
]).
to
eq
'404 Project Not Found'
end
end
end
describe
'DELETE /projects/:id/pipelines/:pipeline_id'
do
describe
'DELETE /projects/:id/pipelines/:pipeline_id'
do
context
'authorized user'
do
context
'authorized user'
do
let
(
:owner
)
{
project
.
owner
}
let
(
:owner
)
{
project
.
owner
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment