-
-
Notifications
You must be signed in to change notification settings - Fork 7
/
type_token_scope.go
105 lines (89 loc) · 4.23 KB
/
type_token_scope.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
package gitlab
import (
"errors"
"fmt"
"slices"
)
type TokenScope string
const (
// TokenScopeApi grants complete read and write access to the scoped group and related project API, including the Package Registry
TokenScopeApi = TokenScope("api")
// TokenScopeReadApi grants read access to the scoped group and related project API, including the Package Registry
TokenScopeReadApi = TokenScope("read_api")
// TokenScopeReadRegistry grants read access (pull) to the Container Registry images if any project within expected group is private and authorization is required.
TokenScopeReadRegistry = TokenScope("read_registry")
// TokenScopeWriteRegistry grants write access (push) to the Container Registry.
TokenScopeWriteRegistry = TokenScope("write_registry")
// TokenScopeReadRepository grants read access (pull) to the Container Registry images if any project within expected group is private and authorization is required
TokenScopeReadRepository = TokenScope("read_repository")
// TokenScopeWriteRepository grants read and write access (pull and push) to all repositories within expected group
TokenScopeWriteRepository = TokenScope("write_repository")
// TokenScopeCreateRunner grants permission to create runners in expected group
TokenScopeCreateRunner = TokenScope("create_runner")
// TokenScopeManageRunner grants permission to manage runners in expected group
TokenScopeManageRunner = TokenScope("manage_runner")
// TokenScopeReadUser grants read-only access to the authenticated user’s profile through the /user API endpoint, which includes username, public email, and full name. Also grants access to read-only API endpoints under /users.
TokenScopeReadUser = TokenScope("read_user")
// TokenScopeSudo grants permission to perform API actions as any user in the system, when authenticated as an administrator.
TokenScopeSudo = TokenScope("sudo")
// TokenScopeAdminMode grants permission to perform API actions as an administrator, when Admin Mode is enabled.
TokenScopeAdminMode = TokenScope("admin_mode")
// TokenScopeAiFeatures grants permission to perform API actions for GitLab Duo. This scope is designed to work with the GitLab Duo Plugin for JetBrains. For all other extensions, see scope requirements.
TokenScopeAiFeatures = TokenScope("ai_features")
// TokenScopeK8SProxy grants permission to perform Kubernetes API calls using the agent for Kubernetes.
TokenScopeK8SProxy = TokenScope("k8s_proxy")
// TokenScopeReadServicePing grant access to download Service Ping payload through the API when authenticated as an admin use.
TokenScopeReadServicePing = TokenScope("read_service_ping")
TokenScopeUnknown = TokenScope("")
)
var (
ErrUnknownTokenScope = errors.New("unknown token scope")
validTokenScopes = []string{
TokenScopeApi.String(),
TokenScopeReadApi.String(),
TokenScopeReadRegistry.String(),
TokenScopeWriteRegistry.String(),
TokenScopeReadRepository.String(),
TokenScopeWriteRepository.String(),
TokenScopeCreateRunner.String(),
TokenScopeManageRunner.String(),
TokenScopeAiFeatures.String(),
TokenScopeK8SProxy.String(),
}
ValidGroupTokenScopes = validTokenScopes
ValidProjectTokenScopes = validTokenScopes
ValidPersonalTokenScopes = []string{
TokenScopeReadServicePing.String(),
TokenScopeReadUser.String(),
TokenScopeSudo.String(),
TokenScopeAdminMode.String(),
}
ValidUserServiceAccountTokenScopes = []string{
TokenScopeReadServicePing.String(),
TokenScopeReadUser.String(),
TokenScopeSudo.String(),
TokenScopeAdminMode.String(),
}
ValidGroupServiceAccountTokenScopes = []string{
TokenScopeReadServicePing.String(),
TokenScopeReadUser.String(),
TokenScopeSudo.String(),
TokenScopeAdminMode.String(),
}
)
func (i TokenScope) String() string {
return string(i)
}
func (i TokenScope) Value() string {
return i.String()
}
func TokenScopeParse(value string) (TokenScope, error) {
if slices.Contains(ValidGroupTokenScopes, value) ||
slices.Contains(ValidPersonalTokenScopes, value) ||
slices.Contains(ValidProjectTokenScopes, value) ||
slices.Contains(ValidUserServiceAccountTokenScopes, value) ||
slices.Contains(ValidGroupServiceAccountTokenScopes, value) {
return TokenScope(value), nil
}
return TokenScopeUnknown, fmt.Errorf("failed to parse '%s': %w", value, ErrUnknownTokenScope)
}