230 lines
8.3 KiB
Ruby
230 lines
8.3 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
module API
|
|
class DeployKeys < ::API::Base
|
|
include PaginationParams
|
|
|
|
deploy_keys_tags = %w[deploy_keys]
|
|
|
|
before { authenticate! }
|
|
|
|
feature_category :continuous_delivery
|
|
urgency :low
|
|
|
|
helpers do
|
|
def add_deploy_keys_project(project, attrs = {})
|
|
project.deploy_keys_projects.create(attrs)
|
|
end
|
|
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
|
def find_by_deploy_key(project, key_id)
|
|
project.deploy_keys_projects.find_by!(deploy_key: key_id)
|
|
end
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
|
end
|
|
|
|
desc 'List all deploy keys' do
|
|
detail 'Get a list of all deploy keys across all projects of the GitLab instance. This endpoint requires administrator access and is not available on GitLab.com.'
|
|
success Entities::DeployKey
|
|
failure [
|
|
{ code: 401, message: 'Unauthorized' },
|
|
{ code: 403, message: 'Forbidden' }
|
|
]
|
|
is_array true
|
|
tags deploy_keys_tags
|
|
end
|
|
params do
|
|
use :pagination
|
|
optional :public, type: Boolean, default: false, desc: "Only return deploy keys that are public"
|
|
end
|
|
get "deploy_keys" do
|
|
authenticated_as_admin!
|
|
|
|
deploy_keys = params[:public] ? DeployKey.are_public : DeployKey.all
|
|
|
|
present paginate(deploy_keys.including_projects_with_write_access), with: Entities::DeployKey, include_projects_with_write_access: true
|
|
end
|
|
|
|
params do
|
|
requires :id, types: [String, Integer], desc: 'The ID or URL-encoded path of the project owned by the authenticated user'
|
|
end
|
|
resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
|
|
before { authorize_admin_project }
|
|
|
|
desc 'List deploy keys for project' do
|
|
detail "Get a list of a project's deploy keys."
|
|
success Entities::DeployKeysProject
|
|
failure [
|
|
{ code: 401, message: 'Unauthorized' },
|
|
{ code: 404, message: 'Not found' }
|
|
]
|
|
is_array true
|
|
tags deploy_keys_tags
|
|
end
|
|
params do
|
|
use :pagination
|
|
end
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
|
get ":id/deploy_keys" do
|
|
keys = user_project.deploy_keys_projects.preload(deploy_key: :user)
|
|
|
|
present paginate(keys), with: Entities::DeployKeysProject
|
|
end
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
|
|
|
desc 'Get a single deploy key' do
|
|
detail 'Get a single key.'
|
|
success Entities::DeployKeysProject
|
|
failure [
|
|
{ code: 401, message: 'Unauthorized' },
|
|
{ code: 404, message: 'Not found' }
|
|
]
|
|
tags deploy_keys_tags
|
|
end
|
|
params do
|
|
requires :key_id, type: Integer, desc: 'The ID of the deploy key'
|
|
end
|
|
get ":id/deploy_keys/:key_id" do
|
|
key = find_by_deploy_key(user_project, params[:key_id])
|
|
|
|
present key, with: Entities::DeployKeysProject
|
|
end
|
|
|
|
desc 'Add deploy key' do
|
|
detail "Creates a new deploy key for a project. If the deploy key already exists in another project, it's joined to the current project only if the original one is accessible by the same user."
|
|
success Entities::DeployKeysProject
|
|
failure [
|
|
{ code: 400, message: 'Bad request' },
|
|
{ code: 401, message: 'Unauthorized' },
|
|
{ code: 404, message: 'Not found' }
|
|
]
|
|
tags deploy_keys_tags
|
|
end
|
|
params do
|
|
requires :key, type: String, desc: 'New deploy key'
|
|
requires :title, type: String, desc: "New deploy key's title"
|
|
optional :can_push, type: Boolean, desc: "Can deploy key push to the project's repository"
|
|
optional :expires_at, type: DateTime, desc: 'The expiration date of the SSH key in ISO 8601 format (YYYY-MM-DDTHH:MM:SSZ)'
|
|
end
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
|
post ":id/deploy_keys" do
|
|
params[:key].strip!
|
|
|
|
# Check for an existing key joined to this project
|
|
deploy_key_project = user_project.deploy_keys_projects
|
|
.joins(:deploy_key)
|
|
.find_by(keys: { key: params[:key] })
|
|
|
|
if deploy_key_project
|
|
present deploy_key_project, with: Entities::DeployKeysProject
|
|
break
|
|
end
|
|
|
|
# Check for available deploy keys in other projects
|
|
key = current_user.accessible_deploy_keys.find_by(key: params[:key])
|
|
if key
|
|
deploy_key_project = add_deploy_keys_project(user_project, deploy_key: key, can_push: !!params[:can_push])
|
|
|
|
present deploy_key_project, with: Entities::DeployKeysProject
|
|
break
|
|
end
|
|
|
|
# Create a new deploy key
|
|
deploy_key_attributes = declared_params.except(:can_push).merge(user: current_user)
|
|
deploy_key_project = add_deploy_keys_project(user_project, deploy_key_attributes: deploy_key_attributes, can_push: !!params[:can_push])
|
|
|
|
if deploy_key_project.valid?
|
|
present deploy_key_project, with: Entities::DeployKeysProject
|
|
else
|
|
render_validation_error!(deploy_key_project)
|
|
end
|
|
end
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
|
|
|
desc 'Update deploy key' do
|
|
detail 'Updates a deploy key for a project.'
|
|
success Entities::DeployKey
|
|
failure [
|
|
{ code: 400, message: 'Bad request' },
|
|
{ code: 401, message: 'Unauthorized' },
|
|
{ code: 403, message: 'Forbidden' },
|
|
{ code: 404, message: 'Not found' }
|
|
]
|
|
tags deploy_keys_tags
|
|
end
|
|
params do
|
|
requires :key_id, type: Integer, desc: 'The ID of the deploy key'
|
|
optional :title, type: String, desc: "New deploy key's title"
|
|
optional :can_push, type: Boolean, desc: "Can deploy key push to the project's repository"
|
|
at_least_one_of :title, :can_push
|
|
end
|
|
put ":id/deploy_keys/:key_id" do
|
|
deploy_keys_project = find_by_deploy_key(user_project, params[:key_id])
|
|
|
|
if !can?(current_user, :update_deploy_key, deploy_keys_project.deploy_key) &&
|
|
!can?(current_user, :update_deploy_keys_project, deploy_keys_project)
|
|
forbidden!(nil)
|
|
end
|
|
|
|
update_params = {}
|
|
update_params[:can_push] = params[:can_push] if params.key?(:can_push)
|
|
update_params[:deploy_key_attributes] = { id: params[:key_id] }
|
|
|
|
if can?(current_user, :update_deploy_key, deploy_keys_project.deploy_key)
|
|
update_params[:deploy_key_attributes][:title] = params[:title] if params.key?(:title)
|
|
end
|
|
|
|
result = deploy_keys_project.update(update_params)
|
|
|
|
if result
|
|
present deploy_keys_project, with: Entities::DeployKeysProject
|
|
else
|
|
render_validation_error!(deploy_keys_project)
|
|
end
|
|
end
|
|
|
|
desc 'Enable a deploy key' do
|
|
detail 'Enables a deploy key for a project so this can be used. Returns the enabled key, with a status code 201 when successful. This feature was added in GitLab 8.11.'
|
|
success Entities::DeployKey
|
|
failure [
|
|
{ code: 401, message: 'Unauthorized' },
|
|
{ code: 404, message: 'Not found' }
|
|
]
|
|
tags deploy_keys_tags
|
|
end
|
|
params do
|
|
requires :key_id, type: Integer, desc: 'The ID of the deploy key'
|
|
end
|
|
post ":id/deploy_keys/:key_id/enable" do
|
|
key = ::Projects::EnableDeployKeyService.new(user_project,
|
|
current_user, declared_params).execute
|
|
|
|
if key
|
|
present key, with: Entities::DeployKey
|
|
else
|
|
not_found!('Deploy Key')
|
|
end
|
|
end
|
|
|
|
desc 'Delete deploy key' do
|
|
detail "Removes a deploy key from the project. If the deploy key is used only for this project, it's deleted from the system."
|
|
failure [
|
|
{ code: 401, message: 'Unauthorized' },
|
|
{ code: 404, message: 'Not found' }
|
|
]
|
|
tags deploy_keys_tags
|
|
end
|
|
params do
|
|
requires :key_id, type: Integer, desc: 'The ID of the deploy key'
|
|
end
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
|
delete ":id/deploy_keys/:key_id" do
|
|
deploy_key_project = user_project.deploy_keys_projects.find_by(deploy_key_id: params[:key_id])
|
|
not_found!('Deploy Key') unless deploy_key_project
|
|
|
|
destroy_conditionally!(deploy_key_project)
|
|
end
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
|
end
|
|
end
|
|
end
|