File: job_token_scope.rst

package info (click to toggle)
python-gitlab 1%3A8.0.0-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 2,884 kB
  • sloc: python: 25,823; makefile: 171; ruby: 27; javascript: 3
file content (99 lines) | stat: -rw-r--r-- 2,950 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
 
#####################
CI/CD job token scope
#####################

Reference
---------

* v4 API:

  + :class:`gitlab.v4.objects.ProjectJobTokenScope`
  + :class:`gitlab.v4.objects.ProjectJobTokenScopeManager`
  + :attr:`gitlab.v4.objects.Project.job_token_scope`

* GitLab API: https://docs.gitlab.com/api/project_job_token_scopes

Examples
--------

.. warning::

   The GitLab API does **not** return any data when saving or updating
   the job token scope settings. You need to call ``refresh()`` (or ``get()``
   a new object) as shown below to get the latest state.

Get a project's CI/CD job token access settings::

    scope = project.job_token_scope.get()
    print(scope.inbound_enabled)
    # True

Update the job token scope settings::

    scope.enabled = False
    scope.save()

.. warning::

   As you can see above, the attributes you receive from and send to the GitLab API
   are not consistent. GitLab returns ``inbound_enabled`` and ``outbound_enabled``,
   but expects ``enabled``, which only refers to the inbound scope. This is important
   when accessing and updating these attributes.

Or update the job token scope settings directly::

    project.job_token_scope.update(new_data={"enabled": True})

Refresh the current state of job token scope::

    scope.refresh()
    print(scope.inbound_enabled)
    # False

Get a project's CI/CD job token inbound allowlist::

    allowlist = scope.allowlist.list(get_all=True)

Add a project to the project's inbound allowlist::

    allowed_project = scope.allowlist.create({"target_project_id": 42})

Remove a project from the project's inbound allowlist::

    allowed_project.delete()
    # or directly using a project ID
    scope.allowlist.delete(42)

.. warning::

   Similar to above, the ID attributes you receive from the create and list
   APIs are not consistent (in create() the id is returned as ``source_project_id`` whereas list() returns as ``id``). To safely retrieve the ID of the allowlisted project
   regardless of how the object was created, always use its ``.get_id()`` method.

Using ``.get_id()``::

    resp = allowlist.create({"target_project_id": 2})
    allowlist_id = resp.get_id()

    for allowlist in project.allowlist.list(iterator=True):
      allowlist_id == allowlist.get_id()

Get a project's CI/CD job token inbound groups allowlist::

    allowlist = scope.groups_allowlist.list(get_all=True)

Add a group to the project's inbound groups allowlist::

    allowed_group = scope.groups_allowlist.create({"target_group_id": 42})

Remove a group from the project's inbound groups allowlist::

    allowed_group.delete()
    # or directly using a Group ID
    scope.groups_allowlist.delete(42)

.. warning::

   Similar to above, the ID attributes you receive from the create and list
   APIs are not consistent. To safely retrieve the ID of the allowlisted group
   regardless of how the object was created, always use its ``.get_id()`` method.