极狐 GitLab

受保护环境 API

Tier: 专业版,旗舰版

Offering: JihuLab.com,私有化部署

使用此 API 与受保护环境进行交互。

对于群组级别的受保护环境,请参见群组级受保护环境 API

有效的访问级别#

访问级别在 ProtectedEnvironments::DeployAccessLevel::ALLOWED_ACCESS_LEVELS 方法中定义。 目前,系统识别的级别如下:

plaintext
30 => 开发者访问
40 => 维护者访问
60 => 管理员访问

群组继承类型#

群组继承允许部署访问级别和访问规则将继承的群组成员资格考虑在内。群组继承类型由 ProtectedEnvironments::Authorizable::GROUP_INHERITANCE_TYPE 定义。 系统识别的类型如下:

plaintext
0 => 仅直接群组成员(默认)
1 => 所有继承的群组

列出受保护环境#

从项目中获取受保护环境列表:

plaintext
GET /projects/:id/protected_environments
属性类型是否必需描述
id整数或字符串项目的 ID 或 URL 编码路径
shell
curl --header "PRIVATE-TOKEN: <your_access_token>" \
  --url "https://gitlab.example.com/api/v4/projects/5/protected_environments/"

响应示例:

json
1[
2   {
3      "name":"production",
4      "deploy_access_levels":[
5         {
6            "id": 12,
7            "access_level":40,
8            "access_level_description":"Maintainers",
9            "user_id":null,
10            "group_id":null,
11            "group_inheritance_type": 0
12         }
13      ],
14      "required_approval_count": 0
15   }
16]

获取单个受保护环境#

获取单个受保护环境:

plaintext
GET /projects/:id/protected_environments/:name
属性类型是否必需描述
id整数或字符串项目的 ID 或 URL 编码路径
name字符串受保护环境的名称
shell
curl --header "PRIVATE-TOKEN: <your_access_token>" \
  --url "https://gitlab.example.com/api/v4/projects/5/protected_environments/production"

响应示例:

json
1{
2   "name":"production",
3   "deploy_access_levels":[
4      {
5         "id": 12,
6         "access_level": 40,
7         "access_level_description": "Maintainers",
8         "user_id": null,
9         "group_id": null,
10         "group_inheritance_type": 0
11      }
12   ],
13   "required_approval_count": 0
14}

保护单个环境#

保护单个环境:

plaintext
POST /projects/:id/protected_environments
属性类型是否必需描述
id整数或字符串项目的 ID 或 URL 编码路径
name字符串环境的名称。
deploy_access_levels数组允许部署的访问级别数组,每个都用一个散列来描述。
approval_rules数组允许审批的访问级别数组,每个都用一个散列来描述。请参见多审批规则

deploy_access_levelsapproval_rules 数组中的元素应为 user_idgroup_idaccess_level 之一,并采用 {user_id: integer}{group_id: integer}{access_level: integer} 的形式。你可以选择在每个元素上指定 group_inheritance_type,其值应为有效的群组继承类型之一。

每个用户都必须拥有项目的访问权限,并且每个群组必须此项目已共享给该群组

shell
curl --header 'Content-Type: application/json' \
     --request POST \
     --data '{"name": "production", "deploy_access_levels": [{"group_id": 9899826}], "approval_rules": [{"group_id": 134}, {"group_id": 135, "required_approvals": 2}]}' \
     --header "PRIVATE-TOKEN: <your_access_token>" \
     --url "https://gitlab.example.com/api/v4/projects/22034114/protected_environments"

响应示例:

json
1{
2   "name": "production",
3   "deploy_access_levels": [
4      {
5         "id": 12,
6         "access_level": 40,
7         "access_level_description": "protected-access-group",
8         "user_id": null,
9         "group_id": 9899826,
10         "group_inheritance_type": 0
11      }
12   ],
13   "required_approval_count": 0,
14   "approval_rules": [
15      {
16         "id": 38,
17         "user_id": null,
18         "group_id": 134,
19         "access_level": null,
20         "access_level_description": "qa-group",
21         "required_approvals": 1,
22         "group_inheritance_type": 0
23      },
24      {
25         "id": 39,
26         "user_id": null,
27         "group_id": 135,
28         "access_level": null,
29         "access_level_description": "security-group",
30         "required_approvals": 2,
31         "group_inheritance_type": 0
32      }
33   ]
34}

更新受保护环境#

版本历史
  • 已在 极狐GitLab 15.4 中引入。

更新单个环境。

plaintext
PUT /projects/:id/protected_environments/:name
属性类型是否必需描述
id整数或字符串项目的 ID 或 URL 编码路径
name字符串环境的名称。
deploy_access_levels数组允许部署的访问级别数组,每个都用一个散列来描述。
approval_rules数组允许审批的访问级别数组,每个都用一个散列来描述。有关更多信息,请参见多审批规则

deploy_access_levelsapproval_rules 数组中的元素应为 user_idgroup_idaccess_level 之一,并采用 {user_id: integer}{group_id: integer}{access_level: integer} 的形式。你可以选择在每个元素上指定 group_inheritance_type,其值应为有效的群组继承类型之一。

更新要求:

  • user_id:确保更新后的用户拥有项目的访问权限。你还必须在相应的散列中传递 deploy_access_levelapproval_ruleid
  • group_id:确保更新后的群组已共享该项目。你还必须在相应的散列中传递 deploy_access_levelapproval_ruleid

删除操作:

  • 你必须将 _destroy 设置为 true。参见以下示例。

示例:创建 deploy_access_level 记录#

shell
curl --header 'Content-Type: application/json' \
     --request PUT \
     --data '{"deploy_access_levels": [{"group_id": 9899829, access_level: 40}]' \
     --header "PRIVATE-TOKEN: <your_access_token>" \
     --url "https://gitlab.example.com/api/v4/projects/22034114/protected_environments/production"

响应示例:

json
1{
2   "name": "production",
3   "deploy_access_levels": [
4      {
5         "id": 12,
6         "access_level": 40,
7         "access_level_description": "protected-access-group",
8         "user_id": null,
9         "group_id": 9899829,
10         "group_inheritance_type": 1
11      }
12   ],
13   "required_approval_count": 0
14}

示例:更新 deploy_access_level 记录#

shell
curl --header 'Content-Type: application/json' \
     --request PUT \
     --data '{"deploy_access_levels": [{"id": 12, "group_id": 22034120}]}' \
     --header "PRIVATE-TOKEN: <your_access_token>" \
     --url "https://gitlab.example.com/api/v4/projects/22034114/protected_environments/production"
json
1{
2   "name": "production",
3   "deploy_access_levels": [
4      {
5         "id": 12,
6         "access_level": 40,
7         "access_level_description": "protected-access-group",
8         "user_id": null,
9         "group_id": 22034120,
10         "group_inheritance_type": 0
11      }
12   ],
13   "required_approval_count": 2
14}

示例:删除 deploy_access_level 记录#

shell
curl --header 'Content-Type: application/json' \
     --request PUT \
     --data '{"deploy_access_levels": [{"id": 12, "_destroy": true}]}' \
     --header "PRIVATE-TOKEN: <your_access_token>" \
     --url "https://gitlab.example.com/api/v4/projects/22034114/protected_environments/production"

响应示例:

json
{
   "name": "production",
   "deploy_access_levels": [],
   "required_approval_count": 0
}

示例:创建 approval_rule 记录#

shell
curl --header 'Content-Type: application/json' \
     --request PUT \
     --data '{"approval_rules": [{"group_id": 134, "required_approvals": 1}]}' \
     --header "PRIVATE-TOKEN: <your_access_token>" \
     --url "https://gitlab.example.com/api/v4/projects/22034114/protected_environments/production"

响应示例:

json
1{
2   "name": "production",
3   "approval_rules": [
4      {
5         "id": 38,
6         "user_id": null,
7         "group_id": 134,
8         "access_level": null,
9         "access_level_description": "qa-group",
10         "required_approvals": 1,
11         "group_inheritance_type": 0
12      }
13   ]
14}

示例:更新 approval_rule 记录#

shell
curl --header 'Content-Type: application/json' \
     --request PUT \
     --data '{"approval_rules": [{"id": 38, "group_id": 135, "required_approvals": 2}]}' \
     --header "PRIVATE-TOKEN: <your_access_token>" \
     --url "https://gitlab.example.com/api/v4/projects/22034114/protected_environments/production"
json
1{
2   "name": "production",
3   "approval_rules": [
4      {
5         "id": 38,
6         "user_id": null,
7         "group_id": 135,
8         "access_level": null,
9         "access_level_description": "security-group",
10         "required_approvals": 2,
11         "group_inheritance_type": 0
12      }
13   ]
14}

示例:删除 approval_rule 记录#

shell
curl --header 'Content-Type: application/json' \
     --request PUT \
     --data '{"approval_rules": [{"id": 38, "_destroy": true}]}' \
     --header "PRIVATE-TOKEN: <your_access_token>" \
     --url "https://gitlab.example.com/api/v4/projects/22034114/protected_environments/production"

响应示例:

json
{
   "name": "production",
   "approval_rules": []
}

解除对单个环境的保护#

解除对指定受保护环境的保护:

plaintext
DELETE /projects/:id/protected_environments/:name
属性类型是否必需描述
id整数或字符串项目的 ID 或 URL 编码路径
name字符串受保护环境的名称。
shell
curl --request DELETE \
  --header "PRIVATE-TOKEN: <your_access_token>" \
  --url "https://gitlab.example.com/api/v4/projects/5/protected_environments/staging"