new api for service account and personal access tokens handler.

Greyeye · Greyeye · commit 038237c09b86 · 2023-12-05T13:53:16.000+10:00
diff --git a/group_serviceaccounts.go b/group_serviceaccounts.go
@@ -0,0 +1,131 @@
+//
+// Copyright 2023, James Hong
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package gitlab
+
+import (
+	"fmt"
+	"net/http"
+	"time"
+)
+
+// GroupServiceAccount represents a GitLab service account user.
+//
+// GitLab API docs: https://docs.gitlab.com/ee/api/groups.html#create-service-account-user
+type GroupServiceAccount struct {
+	ID       int    `json:"id"`
+	Name     string `json:"name"`
+	UserName string `json:"username"`
+}
+
+// CreateServiceAccount create a new service account user for a group.
+//
+// GitLab API docs: https://docs.gitlab.com/ee/api/groups.html#create-service-account-user
+func (s *GroupsService) CreateServiceAccount(gid interface{}, options ...RequestOptionFunc) (*GroupServiceAccount, *Response, error) {
+	group, err := parseID(gid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("groups/%s/service_accounts", PathEscape(group))
+
+	req, err := s.client.NewRequest(http.MethodPost, u, nil, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	sa := new(GroupServiceAccount)
+	resp, err := s.client.Do(req, sa)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return sa, resp, nil
+}
+
+// GroupServiceAccountPAT represents a GitLab service account Personal Access Token.
+//
+// GitLab API docs: https://docs.gitlab.com/ee/api/groups.html#create-personal-access-token-for-service-account-user
+type GroupServiceAccountPAT struct {
+	ID         int         `json:"id"`
+	Name       string      `json:"name"`
+	Revoked    bool        `json:"revoked"`
+	CreatedAt  *time.Time  `json:"created_at"`
+	Scopes     []string    `json:"scopes"`
+	UserID     int         `json:"user_id"`
+	LastUsedAt interface{} `json:"last_used_at"`
+	Active     bool        `json:"active"`
+	ExpiresAt  string      `json:"expires_at"`
+	Token      string      `json:"token"`
+}
+
+// AddServiceAccountsPATOptions represents the available AddServiceAccountsPAT() options.
+//
+// GitLab API docs: https://docs.gitlab.com/ee/api/groups.html#create-personal-access-token-for-service-account-user
+type AddServiceAccountsPATOptions struct {
+	// Scopes cover the ranges of permission sets.
+	// https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html#personal-access-token-scopes
+	// e.g. api, read_user, read_api, read_repository, read_registry
+	Scopes []string `json:"scopes,omitempty"`
+	Name   string   `json:"name,omitempty"`
+}
+
+// AddServiceAccountsPAT add a new PAT for a service account user for a group.
+//
+// GitLab API docs: https://docs.gitlab.com/ee/api/groups.html#add-group-hook
+func (s *GroupsService) AddServiceAccountsPAT(gid interface{}, saID int, opt *AddServiceAccountsPATOptions, options ...RequestOptionFunc) (*GroupServiceAccountPAT, *Response, error) {
+	group, err := parseID(gid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("groups/%s/service_accounts/%d/personal_access_tokens", PathEscape(group), saID)
+
+	req, err := s.client.NewRequest(http.MethodPost, u, opt, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	pat := new(GroupServiceAccountPAT)
+	resp, err := s.client.Do(req, pat)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return pat, resp, nil
+}
+
+// RotateServiceAccountsPAT rotate a PAT for a service account user for a group.
+//
+// GitLab API docs: https://docs.gitlab.com/ee/api/groups.html#create-personal-access-token-for-service-account-user
+func (s *GroupsService) RotateServiceAccountsPAT(gid interface{}, saID, tokenID int, options ...RequestOptionFunc) (*GroupServiceAccountPAT, *Response, error) {
+	group, err := parseID(gid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("groups/%s/service_accounts/%d/personal_access_tokens/%d/rotate", PathEscape(group), saID, tokenID)
+
+	req, err := s.client.NewRequest(http.MethodPost, u, nil, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	pat := new(GroupServiceAccountPAT)
+	resp, err := s.client.Do(req, pat)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return pat, resp, nil
+}
diff --git a/group_serviceaccounts_test.go b/group_serviceaccounts_test.go
@@ -0,0 +1,140 @@
+//
+// Copyright 2023, James Hong
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package gitlab
+
+import (
+	"fmt"
+	"net/http"
+	"reflect"
+	"testing"
+	"time"
+)
+
+func TestCreateServiceAccount(t *testing.T) {
+	mux, client := setup(t)
+
+	mux.HandleFunc("/api/v4/groups/1/service_accounts", func(w http.ResponseWriter, r *http.Request) {
+		testMethod(t, r, http.MethodPost)
+		fmt.Fprint(w, `
+{
+	"id": 57,
+	"username": "service_account_group_345_6018816a18e515214e0c34c2b33523fc",
+	"name": "Service account user"
+}`)
+	})
+
+	sa, _, err := client.Groups.CreateServiceAccount(1)
+	if err != nil {
+		t.Error(err)
+	}
+
+	want := &GroupServiceAccount{
+		ID:       57,
+		UserName: "service_account_group_345_6018816a18e515214e0c34c2b33523fc",
+		Name:     "Service account user",
+	}
+
+	if !reflect.DeepEqual(sa, want) {
+		t.Errorf("CreateServiceAccount returned \ngot:\n%v\nwant:\n%v", Stringify(sa), Stringify(want))
+	}
+}
+
+func TestAddServiceAccountsPATServiceAccount(t *testing.T) {
+	mux, client := setup(t)
+
+	mux.HandleFunc("/api/v4/groups/1/service_accounts/57/personal_access_tokens", func(w http.ResponseWriter, r *http.Request) {
+		testMethod(t, r, http.MethodPost)
+		fmt.Fprint(w, `
+{
+	"id":6,
+	"name":"service_accounts_token",
+	"revoked":false,
+	"created_at":"2023-06-13T07:47:13.000Z",
+	"scopes":["api"],
+	"user_id":71,
+	"last_used_at":null,
+	"active":true,
+	"expires_at":"2024-06-12",
+	"token":"random_token"
+}`)
+	})
+	datePointer := time.Date(2023, 06, 13, 07, 47, 13, 0, time.UTC)
+	saPAT, _, err := client.Groups.AddServiceAccountsPAT(1, 57, &AddServiceAccountsPATOptions{Scopes: []string{"api"}, Name: "service_accounts_token"})
+	if err != nil {
+		t.Error(err)
+	}
+
+	want := &GroupServiceAccountPAT{
+		ID:         6,
+		Name:       "service_accounts_token",
+		Revoked:    false,
+		CreatedAt:  &datePointer,
+		Scopes:     []string{"api"},
+		UserID:     71,
+		LastUsedAt: nil,
+		Active:     true,
+		ExpiresAt:  "2024-06-12",
+		Token:      "random_token",
+	}
+
+	if !reflect.DeepEqual(saPAT, want) {
+		t.Errorf("AddServiceAccountsPAT returned \ngot:\n%v\nwant:\n%v", Stringify(saPAT), Stringify(want))
+	}
+}
+
+func TestRotateServiceAccountsPATServiceAccount(t *testing.T) {
+	mux, client := setup(t)
+
+	mux.HandleFunc("/api/v4/groups/1/service_accounts/57/personal_access_tokens/6/rotate", func(w http.ResponseWriter, r *http.Request) {
+		testMethod(t, r, http.MethodPost)
+		fmt.Fprint(w, `
+{
+	"id":7,
+	"name":"service_accounts_token",
+	"revoked":false,
+	"created_at":"2023-06-13T07:54:49.000Z",
+	"scopes":["api"],
+	"user_id":71,
+	"last_used_at":null,
+	"active":true,
+	"expires_at":"2025-06-20",
+	"token":"random_token_2"
+}`)
+	})
+	datePointer := time.Date(2023, 06, 13, 07, 54, 49, 0, time.UTC)
+	saPAT, _, err := client.Groups.RotateServiceAccountsPAT(1, 57, 6)
+	if err != nil {
+		t.Error(err)
+	}
+
+	want := &GroupServiceAccountPAT{
+		ID:         7,
+		Name:       "service_accounts_token",
+		Revoked:    false,
+		CreatedAt:  &datePointer,
+		Scopes:     []string{"api"},
+		UserID:     71,
+		LastUsedAt: nil,
+		Active:     true,
+		ExpiresAt:  "2025-06-20",
+		Token:      "random_token_2",
+	}
+
+	if !reflect.DeepEqual(saPAT, want) {
+		t.Errorf("RotateServiceAccountsPAT returned \ngot:\n%v\nwant:\n%v", Stringify(saPAT), Stringify(want))
+	}
+}
