token

package
v0.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 17, 2025 License: MIT Imports: 6 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	AccessLevelNoPermissions            = AccessLevel("no_permissions")
	AccessLevelMinimalAccessPermissions = AccessLevel("minimal_access")
	AccessLevelGuestPermissions         = AccessLevel("guest")
	AccessLevelReporterPermissions      = AccessLevel("reporter")
	AccessLevelDeveloperPermissions     = AccessLevel("developer")
	AccessLevelMaintainerPermissions    = AccessLevel("maintainer")
	AccessLevelOwnerPermissions         = AccessLevel("owner")

	AccessLevelUnknown = AccessLevel("")
)
View Source 
const (
	// ScopeApi grants complete read/write access to the API, including all groups and projects, the container registry, the dependency proxy, and the package registry. Also grants complete read/write access to the registry and repository using Git over HTTP
	ScopeApi = Scope("api")
	// ScopeReadApi grants read access to the scoped group and related project API, including the Package Registry
	ScopeReadApi = Scope("read_api")
	// ScopeReadRegistry grants read access (pull) to the Container Registry images if any project within expected group is private and authorization is required.
	ScopeReadRegistry = Scope("read_registry")
	// ScopeWriteRegistry grants write access (push) to the Container Registry.
	ScopeWriteRegistry = Scope("write_registry")
	// ScopeReadRepository grants read access (pull) to the Container Registry images if any project within expected group is private and authorization is required
	ScopeReadRepository = Scope("read_repository")
	// ScopeWriteRepository grants read and write access (pull and push) to all repositories within expected group
	ScopeWriteRepository = Scope("write_repository")

	// ScopeReadPackageRegistry Allows read-only access to the package registry.
	ScopeReadPackageRegistry = Scope("read_package_registry")
	// ScopeWritePackageRegistry Allows read and write access to the package registry.
	ScopeWritePackageRegistry = Scope("write_package_registry")

	// ScopeCreateRunner grants permission to create runners in expected group
	ScopeCreateRunner = Scope("create_runner")
	// ScopeManageRunner grants permission to manage runners in expected group
	ScopeManageRunner = Scope("manage_runner")

	// ScopeReadUser grants read-only access to the authenticated user’s profile through the /user API endpoint, which includes username, public email, and full name. Also grants access to read-only API endpoints under /users.
	ScopeReadUser = Scope("read_user")
	// ScopeSudo grants permission to perform API actions as any user in the system, when authenticated as an administrator.
	ScopeSudo = Scope("sudo")
	// ScopeAdminMode grants permission to perform API actions as an administrator, when Admin Mode is enabled.
	ScopeAdminMode = Scope("admin_mode")

	// ScopeAiFeatures grants permission to perform API actions for GitLab Duo. This scope is designed to work with the GitLab Duo Plugin for JetBrains. For all other extensions, see scope requirements.
	ScopeAiFeatures = Scope("ai_features")
	// ScopeK8SProxy grants permission to perform Kubernetes API calls using the agent for Kubernetes.
	ScopeK8SProxy = Scope("k8s_proxy")
	// ScopeReadServicePing grant access to download Service Ping payload through the API when authenticated as an admin use.
	ScopeReadServicePing = Scope("read_service_ping")

	// ScopeSelfRotate grants permission to rotate this token using the personal access token API. Does not allow rotation of other tokens.
	ScopeSelfRotate = Scope("self_rotate")
	// ScopeReadVirtualRegistry if a project is private and authorization is required, grants read-only (pull) access to container images through the dependency proxy. Available only when the dependency proxy is enabled.
	ScopeReadVirtualRegistry = Scope("read_virtual_registry")
	// ScopeWriteVirtualRegistry if a project is private and authorization is required, grants read (pull), write (push), and delete access to container images through the dependency proxy. Available only when the dependency proxy is enabled.
	ScopeWriteVirtualRegistry = Scope("write_virtual_registry")

	ScopeUnknown = Scope("")
)
View Source 
const (
	TypePersonal               = Type("personal")
	TypeProject                = Type("project")
	TypeGroup                  = Type("group")
	TypeUserServiceAccount     = Type("user-service-account")
	TypeGroupServiceAccount    = Type("group-service-account")
	TypePipelineProjectTrigger = Type("pipeline-project-trigger")
	TypeProjectDeploy          = Type("project-deploy")
	TypeGroupDeploy            = Type("group-deploy")

	TypeUnknown = Type("")
)

Variables

View Source 
var (
	ErrUnknownAccessLevel = errors.New("unknown access level")

	ValidAccessLevels = []string{
		AccessLevelNoPermissions.String(),
		AccessLevelMinimalAccessPermissions.String(),
		AccessLevelGuestPermissions.String(),
		AccessLevelReporterPermissions.String(),
		AccessLevelDeveloperPermissions.String(),
		AccessLevelMaintainerPermissions.String(),
		AccessLevelOwnerPermissions.String(),
	}
	ValidPersonalAccessLevels = []string{
		AccessLevelUnknown.String(),
	}
	ValidUserServiceAccountAccessLevels = []string{
		AccessLevelUnknown.String(),
	}
	ValidGroupServiceAccountAccessLevels = []string{
		AccessLevelUnknown.String(),
	}
	ValidProjectAccessLevels = []string{
		AccessLevelGuestPermissions.String(),
		AccessLevelReporterPermissions.String(),
		AccessLevelDeveloperPermissions.String(),
		AccessLevelMaintainerPermissions.String(),
		AccessLevelOwnerPermissions.String(),
	}
	ValidGroupAccessLevels = []string{
		AccessLevelGuestPermissions.String(),
		AccessLevelReporterPermissions.String(),
		AccessLevelDeveloperPermissions.String(),
		AccessLevelMaintainerPermissions.String(),
		AccessLevelOwnerPermissions.String(),
	}

	ValidPipelineProjectTriggerAccessLevels = []string{AccessLevelUnknown.String()}
	ValidProjectDeployAccessLevels          = []string{AccessLevelUnknown.String()}
	ValidGroupDeployAccessLevels            = []string{AccessLevelUnknown.String()}
)
View Source 
var (

	// ValidPersonalTokenScopes defines the actions you can perform when you authenticate with a project access token.
	ValidPersonalTokenScopes = []string{
		ScopeApi.String(),
		ScopeReadUser.String(),
		ScopeReadApi.String(),
		ScopeReadRepository.String(),
		ScopeWriteRepository.String(),
		ScopeReadRegistry.String(),
		ScopeWriteRegistry.String(),
		ScopeReadVirtualRegistry.String(),
		ScopeWriteVirtualRegistry.String(),
		ScopeSudo.String(),
		ScopeAdminMode.String(),
		ScopeCreateRunner.String(),
		ScopeManageRunner.String(),
		ScopeAiFeatures.String(),
		ScopeK8SProxy.String(),
		ScopeSelfRotate.String(),
		ScopeReadServicePing.String(),
	}

	ValidProjectTokenScopes = []string{
		ScopeApi.String(),
		ScopeReadApi.String(),
		ScopeReadRegistry.String(),
		ScopeWriteRegistry.String(),
		ScopeReadRepository.String(),
		ScopeWriteRepository.String(),
		ScopeCreateRunner.String(),
		ScopeManageRunner.String(),
		ScopeAiFeatures.String(),
		ScopeK8SProxy.String(),
		ScopeSelfRotate.String(),
	}

	ValidGroupTokenScopes = []string{
		ScopeApi.String(),
		ScopeReadApi.String(),
		ScopeReadRegistry.String(),
		ScopeWriteRegistry.String(),
		ScopeReadVirtualRegistry.String(),
		ScopeWriteVirtualRegistry.String(),
		ScopeReadRepository.String(),
		ScopeWriteRepository.String(),
		ScopeCreateRunner.String(),
		ScopeManageRunner.String(),
		ScopeAiFeatures.String(),
		ScopeK8SProxy.String(),
		ScopeSelfRotate.String(),
	}

	ValidUserServiceAccountTokenScopes = ValidPersonalTokenScopes

	ValidGroupServiceAccountTokenScopes = ValidGroupTokenScopes

	ValidPipelineProjectTokenScopes []string

	ValidProjectDeployTokenScopes = []string{
		ScopeReadRepository.String(),
		ScopeReadRegistry.String(),
		ScopeWriteRegistry.String(),
		ScopeReadVirtualRegistry.String(),
		ScopeWriteVirtualRegistry.String(),
		ScopeReadPackageRegistry.String(),
		ScopeWritePackageRegistry.String(),
	}

	ValidGroupDeployTokenScopes = []string{
		ScopeReadRepository.String(),
		ScopeReadRegistry.String(),
		ScopeWriteRegistry.String(),
		ScopeReadVirtualRegistry.String(),
		ScopeWriteVirtualRegistry.String(),
		ScopeReadPackageRegistry.String(),
		ScopeWritePackageRegistry.String(),
	}
)
View Source 
var (
	ValidTokenTypes = []string{
		TypePersonal.String(),
		TypeProject.String(),
		TypeGroup.String(),
		TypeUserServiceAccount.String(),
		TypeGroupServiceAccount.String(),
		TypePipelineProjectTrigger.String(),
		TypeProjectDeploy.String(),
		TypeGroupDeploy.String(),
	}
)

Functions

This section is empty.

Types

type AccessLevel 

type AccessLevel string

func AccessLevelParse 

func AccessLevelParse(value string) (AccessLevel, error)

func (AccessLevel) String 

func (i AccessLevel) String() string

func (AccessLevel) Value 

func (i AccessLevel) Value() int

type Scope 

type Scope string

func ParseScope 

func ParseScope(value string) (Scope, error)

func (Scope) String 

func (i Scope) String() string

func (Scope) Value 

func (i Scope) Value() string

type Token 

type Token interface {
	Internal() map[string]any
	Data() map[string]any
	Event(map[string]string) map[string]string
	Type() Type
	SetConfigName(string)
	SetRoleName(string)
	SetGitlabRevokesToken(bool)
	SetExpiresAt(*time.Time)
	GetExpiresAt() time.Time
	GetCreatedAt() time.Time
	TTL() time.Duration
}

type Type 

type Type string

func ParseType 

func ParseType(value string) (Type, error)

func (Type) String 

func (i Type) String() string

func (Type) Value 

func (i Type) Value() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.