728x90
반응형
Group Access Toekn
What is Group Access Token?
GitLab 그룹 레벨에서 인증을 수행할 수 있는 토큰이다.
특정 그룹에 속한 리포지토리나 기타 리소스에 대한 액세스를 제어할 수 있다.
GitLab API를 사용하기 위해 발급되는 토큰이다.
Group Access Token(이하 GAT)의 특징
- GAT는 Group에서 role:50인 User만 발급할 수 있다.
- GAT생성 API의 expires_at속성(만료일자/UTC)이 필수값이 된 것은 GitLab 16.0에서 도입되었다.(최대 365일이후까지 지정 가능)
- 그룹멤버추가는 Owner만 가능하다.
- 프로젝트 및 하위그룹생성은 권한 설정에 따라 다르다.
Group Access Token API
#그룹액세스토큰 생성
[root@]$
curl \
--request POST \
--header "Authorization: Bearer {Personal Access Token}" \
--header "Content-Type:application/json" \
--data '{
"name":"{Group Access Token 이름}",
"scopes":["api", "read_repository"], #권한
"expires_at":"2025-01-31", #만료일자
"access_level": 50 #접근권한
}' \
"http://{GitLab Url:port}/api/v4/groups/3/access_tokens"
{"id":2,"name":"50_GROUP_ACCESS_TOKEN_3_Technical Support","revoked":false,"created_at":"2024-10-23T06:29:10.245Z","scopes":["api","read_repository"],"user_id":3,"last_used_at":null,"active":true,"expires_at":"2025-01-31","access_level":50,"token":"glpat-4P4a31cWgS7iC837VwwN"}
#프로젝트 생성
[root@]$
curl \
--request POST \
--header "PRIVATE-TOKEN: {GAT}" \
--header "Content-Type: application/json" \
--data '{
"name": "group-token-project", #프로젝트명
"path": "group-token-project", #경로명(프로젝트명과 일치시키는게 좋음)
"namespace_id": 2 #특정 그룹에게 프로젝트 권한을 주고 싶다면 생성된 그룹ID를 입력
}' \
"http://{GitLab uri:port}/api/v4/projects"
#그룹 내의 프로젝트 목록 조회
[root@]$
curl \
"http://localhost:1980/api/v4/groups/3/projects?access_token={GAT}"
[{"id":2,"description":null,"name":"group-token-project","name_with_namespace":"SD Unit / Technical Support / group-token-project","path":"group-token-project","path_with_namespace":"sd-unit/technical-support/group-token-project","created_at":"2024-10-23T06:54:40.656Z","default_branch":"main","tag_list":[],"topics":[],"ssh_url_to_repo":"git@gitlab.example.com:sd-unit/technical-support/group-token-project.git","http_url_to_repo":"http://gitlab.example.com/sd-unit/technical-support/group-token-project.git","web_url":"http://gitlab.example.com/sd-unit/technical-support/group-token-project","readme_url":null,"forks_count":0,"avatar_url":null,"star_count":0,"last_activity_at":"2024-10-23T06:54:40.615Z","namespace":{"id":3,"name":"Technical Support","path":"technical-support","kind":"group","full_path":"sd-unit/technical-support","parent_id":2,"avatar_url":null,"web_url":"http://gitlab.example.com/groups/sd-unit/technical-support"},"repository_storage":"default","_links":{"self":"http://gitlab.example.com/api/v4/projects/2","issues":"http://gitlab.example.com/api/v4/projects/2/issues","merge_requests":"http://gitlab.example.com/api/v4/projects/2/merge_requests","repo_branches":"http://gitlab.example.com/api/v4/projects/2/repository/branches","labels":"http://gitlab.example.com/api/v4/projects/2/labels","events":"http://gitlab.example.com/api/v4/projects/2/events","members":"http://gitlab.example.com/api/v4/projects/2/members","cluster_agents":"http://gitlab.example.com/api/v4/projects/2/cluster_agents"},"packages_enabled":true,"empty_repo":true,"archived":false,"visibility":"private","resolve_outdated_diff_discussions":false,"container_expiration_policy":{"cadence":"1d","enabled":false,"keep_n":10,"older_than":"90d","name_regex":".*","name_regex_keep":null,"next_run_at":"2024-10-24T06:54:40.676Z"},"repository_object_format":"sha1","issues_enabled":true,"merge_requests_enabled":true,"wiki_enabled":true,"jobs_enabled":true,"snippets_enabled":true,"container_registry_enabled":true,"service_desk_enabled":false,"service_desk_address":null,"can_create_merge_request_in":true,"issues_access_level":"enabled","repository_access_level":"enabled","merge_requests_access_level":"enabled","forking_access_level":"enabled","wiki_access_level":"enabled","builds_access_level":"enabled","snippets_access_level":"enabled","pages_access_level":"private","analytics_access_level":"enabled","container_registry_access_level":"enabled","security_and_compliance_access_level":"private","releases_access_level":"enabled","environments_access_level":"enabled","feature_flags_access_level":"enabled","infrastructure_access_level":"enabled","monitor_access_level":"enabled","model_experiments_access_level":"enabled","model_registry_access_level":"enabled","emails_disabled":false,"emails_enabled":true,"shared_runners_enabled":true,"lfs_enabled":true,"creator_id":4,"import_url":null,"import_type":null,"import_status":"none","open_issues_count":0,"description_html":"","updated_at":"2024-10-23T06:54:40.656Z","ci_default_git_depth":20,"ci_forward_deployment_enabled":true,"ci_forward_deployment_rollback_allowed":true,"ci_job_token_scope_enabled":false,"ci_separated_caches":true,"ci_allow_fork_pipelines_to_run_in_parent_project":true,"ci_id_token_sub_claim_components":["project_path","ref_type","ref"],"build_git_strategy":"fetch","keep_latest_artifact":true,"restrict_user_defined_variables":false,"ci_pipeline_variables_minimum_override_role":"maintainer","runners_token":"GR1348941UJyybNR-GExzfZ6hFA8p","runner_token_expiration_interval":null,"group_runners_enabled":true,"auto_cancel_pending_pipelines":"enabled","build_timeout":3600,"auto_devops_enabled":true,"auto_devops_deploy_strategy":"continuous","ci_push_repository_for_job_token_allowed":false,"ci_config_path":null,"public_jobs":true,"shared_with_groups":[],"only_allow_merge_if_pipeline_succeeds":false,"allow_merge_on_skipped_pipeline":null,"request_access_enabled":true,"only_allow_merge_if_all_discussions_are_resolved":false,"remove_source_branch_after_merge":true,"printing_merge_request_link_enabled":true,"merge_method":"merge","squash_option":"default_off","enforce_auth_checks_on_uploads":true,"suggestion_commit_message":null,"merge_commit_template":null,"squash_commit_template":null,"issue_branch_template":null,"warn_about_potentially_unwanted_characters":true,"autoclose_referenced_issues":true}]
#사용자 그룹 추가
[root@]$
curl --request POST \
--header "Authorization: Bearer {GAT}" \
--header "Content-Type: application/json" \
--data '{
"user_id": 2, #생성된 사용자ID
"access_level": 30, #그룹 내 권한
"expires_at": "2025-12-31T23:59:59Z" # 만료일 (UTC 형식) #만료일자(생략가능)
}' \
"http://{GitLab uri:port}/api/v4/groups/3/members" #groups/ 뒤에 GroupId를 입력해야 한다
#하위그룹 생성
[root@]$
curl --request POST \
--header "Authorization: Bearer {GAT}" \
--header "Content-Type: application/json" \
--data '{
"name": "solution-engineer", #하위그룹 이름
"path": "solution-engineer", #하위그룹 경로(하위그룹 이름과 맞추는게 좋음)
"description": "솔루션수행팀", #하위그룹 설명
"visibility": "private",
"parent_id": 2 #상위그룹의 그룹ID
}' \
"http://{GitLab uri:port}/api/v4/groups"728x90
반응형
'형상관리' 카테고리의 다른 글
| [Git] Svn To Git 마이그레이션 샘플소스 (1) | 2024.10.10 |
|---|---|
| [SCM/GIT] 폐쇄망/내부망 GitLab Jenkins CICD 파이프라인 구축 (0) | 2024.08.08 |
| [SCM/GIT] GitHub Personal Access Token (0) | 2023.06.17 |
댓글