gitlab-org--gitlab-foss/lib/api/deploy_tokens.rb

# frozen_string_literal: true

module API
  class DeployTokens < ::API::Base
    include PaginationParams

    feature_category :continuous_delivery
    urgency :low

    helpers do
      def scope_params
        scopes = params.delete(:scopes)

        result_hash = Hashie::Mash.new
        result_hash[:read_registry] = scopes.include?('read_registry')
        result_hash[:write_registry] = scopes.include?('write_registry')
        result_hash[:read_package_registry] = scopes.include?('read_package_registry')
        result_hash[:write_package_registry] = scopes.include?('write_package_registry')
        result_hash[:read_repository] = scopes.include?('read_repository')
        result_hash
      end

      params :filter_params do
        optional :active, type: Boolean, desc: 'Limit by active status'
      end
    end

    desc 'Return all deploy tokens' do
      detail 'This feature was introduced in GitLab 12.9.'
      success Entities::DeployToken
    end
    params do
      use :pagination
      use :filter_params
    end
    get 'deploy_tokens' do
      authenticated_as_admin!

      deploy_tokens = ::DeployTokens::TokensFinder.new(
        current_user,
        :all,
        declared_params
      ).execute

      present paginate(deploy_tokens), with: Entities::DeployToken
    end

    params do
      requires :id, type: String, desc: 'The ID of a project'
    end
    resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
      params do
        use :pagination
        use :filter_params
      end
      desc 'List deploy tokens for a project' do
        detail 'This feature was introduced in GitLab 12.9'
        success Entities::DeployToken
      end
      get ':id/deploy_tokens' do
        authorize!(:read_deploy_token, user_project)

        deploy_tokens = ::DeployTokens::TokensFinder.new(
          current_user,
          user_project,
          declared_params
        ).execute

        present paginate(deploy_tokens), with: Entities::DeployToken
      end

      params do
        requires :name, type: String, desc: "New deploy token's name"
        requires :scopes,
                 type: Array[String],
                 coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce,
                 values: ::DeployToken::AVAILABLE_SCOPES.map(&:to_s),
                 desc: 'Indicates the deploy token scopes. Must be at least one of "read_repository", "read_registry", "write_registry", "read_package_registry", or "write_package_registry".'
        optional :expires_at, type: DateTime, desc: 'Expiration date for the deploy token. Does not expire if no value is provided.'
        optional :username, type: String, desc: 'Username for deploy token. Default is `gitlab+deploy-token-{n}`'
      end
      desc 'Create a project deploy token' do
        detail 'This feature was introduced in GitLab 12.9'
        success Entities::DeployTokenWithToken
      end
      post ':id/deploy_tokens' do
        authorize!(:create_deploy_token, user_project)

        result = ::Projects::DeployTokens::CreateService.new(
          user_project, current_user, scope_params.merge(declared(params, include_missing: false, include_parent_namespaces: false))
        ).execute

        if result[:status] == :success
          present result[:deploy_token], with: Entities::DeployTokenWithToken
        else
          render_api_error!(result[:message], result[:http_status])
        end
      end

      desc 'Get a project deploy token' do
        detail 'This feature was introduced in GitLab 14.9'
        success Entities::DeployToken
      end
      params do
        requires :token_id, type: Integer, desc: 'The deploy token ID'
      end
      get ':id/deploy_tokens/:token_id' do
        authorize!(:read_deploy_token, user_project)

        deploy_token = user_project.deploy_tokens.find(params[:token_id])

        present deploy_token, with: Entities::DeployToken
      end

      desc 'Delete a project deploy token' do
        detail 'This feature was introduced in GitLab 12.9'
      end
      params do
        requires :token_id, type: Integer, desc: 'The deploy token ID'
      end
      delete ':id/deploy_tokens/:token_id' do
        authorize!(:destroy_deploy_token, user_project)

        ::Projects::DeployTokens::DestroyService.new(
          user_project, current_user, token_id: params[:token_id]
        ).execute

        no_content!
      end
    end

    params do
      requires :id, type: String, desc: 'The ID of a group'
    end
    resource :groups, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
      params do
        use :pagination
        use :filter_params
      end
      desc 'List deploy tokens for a group' do
        detail 'This feature was introduced in GitLab 12.9'
        success Entities::DeployToken
      end
      get ':id/deploy_tokens' do
        authorize!(:read_deploy_token, user_group)

        deploy_tokens = ::DeployTokens::TokensFinder.new(
          current_user,
          user_group,
          declared_params
        ).execute

        present paginate(deploy_tokens), with: Entities::DeployToken
      end

      params do
        requires :name, type: String, desc: 'The name of the deploy token'
        requires :scopes,
                 type: Array[String],
                 coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce,
                 values: ::DeployToken::AVAILABLE_SCOPES.map(&:to_s),
                 desc: 'Indicates the deploy token scopes. Must be at least one of "read_repository", "read_registry", "write_registry", "read_package_registry", or "write_package_registry".'
        optional :expires_at, type: DateTime, desc: 'Expiration date for the deploy token. Does not expire if no value is provided.'
        optional :username, type: String, desc: 'Username for deploy token. Default is `gitlab+deploy-token-{n}`'
      end
      desc 'Create a group deploy token' do
        detail 'This feature was introduced in GitLab 12.9'
        success Entities::DeployTokenWithToken
      end
      post ':id/deploy_tokens' do
        authorize!(:create_deploy_token, user_group)

        result = ::Groups::DeployTokens::CreateService.new(
          user_group, current_user, scope_params.merge(declared(params, include_missing: false, include_parent_namespaces: false))
        ).execute

        if result[:status] == :success
          present result[:deploy_token], with: Entities::DeployTokenWithToken
        else
          render_api_error!(result[:message], result[:http_status])
        end
      end

      desc 'Get a group deploy token' do
        detail 'This feature was introduced in GitLab 14.9'
        success Entities::DeployToken
      end
      params do
        requires :token_id, type: Integer, desc: 'The deploy token ID'
      end
      get ':id/deploy_tokens/:token_id' do
        authorize!(:read_deploy_token, user_group)

        deploy_token = user_group.deploy_tokens.find(params[:token_id])

        present deploy_token, with: Entities::DeployToken
      end

      desc 'Delete a group deploy token' do
        detail 'This feature was introduced in GitLab 12.9'
      end
      params do
        requires :token_id, type: Integer, desc: 'The deploy token ID'
      end
      delete ':id/deploy_tokens/:token_id' do
        authorize!(:destroy_deploy_token, user_group)

        ::Groups::DeployTokens::DestroyService.new(
          user_group, current_user, token_id: params[:token_id]
        ).execute

        no_content!
      end
    end
  end
end