Can I run script from .gitlab-ci.yml, which will be editing wiki pages via GitLab REST API?
I am not sure, because I use old version of GitLab, which doesn't have Access Tokens.
Can I use something else to PRIVATE-TOKEN?
You can use a Predefined Variable called CI_JOB_TOKEN which will contain an access token you can use to authenticate against the API. If you need a token with Admin access, you'll have to use an Admin User's personal access token, which you can store as a secret variable in Project's Settings -> CI/CD Settings -> Variables.
Related
Is there a way to use the generated random password while creating the account using Signup Custom policies?.
I understand that this is possible using Graph API but we are looking at the possibilities using the policies.
If you are referring to the password a user would use to login to their account, then no. As detailed here the only thing custom policies can do with user passwords is write them to the directory. You cannot read a user's password from custom policies (or from anywhere as far as I am aware).
I'm not sure which random password specifically is being referred to (if you are following an example, posting it may help), but you would have to store it elsewhere (which obviously carries security issues with it) and then retrieve it using an API of some sort during policy execution
I am working with gitlab rest API, and gitlab is connected to LDAP too.
Now I am facing an issue is that if I add a user to LDAP store, this user need to do at least one sign in via web UI to get access token through API (/oauth/token)
My requirement is any users whose are added directly to LDAP need to generate access token through gitlab API without doing any sign in via web UI, please let me know the possible solution.
Thank you
Good morning Jamsheer,
That makes sense, since otherwise you would automatically create accounts for all the users in your LDAP, with the possibility of running out of licenses.
Currently there is an open issue where this is being discussed, with the possibility of creating all the LDAP users as deactivated and active them after the first login.
Add a way for LDAP users to be created before first login
In any case, this is not in place yet.
I have an Azure DevOps Services Application, the kind which you make at https://app.vsaex.visualstudio.com/me and it has vso.code vso.graph vso.identity vso.project scopes. I have an OAuth2 access token for this application, which I've used to work with the Azure DevOps REST API, and that works fine.
Now I want to use this token to clone a git repository from a private project.
I have tried:
"https://roklenarcic0820:<FORM encoded access token>#dev.azure.com/roklenarcic0820/PrivateProj/_git/PrivateProj"
I've form encoded the access token because it contains characters that cannot be used in URL. This doesn't work.
Is there some way to accomplish this, without PATs?
Yes, the OAuth2 access token will indeed work in this case, the trick is that you should not encode the access token, just pass it in the git command like below.
git clone https://orgname:<access_token>#dev.azure.com/orgname/projectname/_git/reponame
Also have test with an access token with the same permissions as yours, it works fine on my side.:
I have a github bot with a personal access token that some github actions use to make commits during some action runs. I'd like to make a script that can automatically swap out this personal access token, and delete the old one via a cron job. Is this possible with the github API? If it's not possible, is there another mechanism I should be using instead perhaps?
No, not for personal access token, whose API is deprecated, and removed in Nov. 2020.
You could try instead an installation access token for an app, which does have an API for creation.
By default the installation token has access to all repositories that the installation can access.
To restrict the access to specific repositories, you can provide the repository_ids when creating the token. When you omit repository_ids, the response does not contain the repositories key.
But that token, valid only one hour from the time you create them, might not have access to the same kind of action a PAT would have.
I am trying to connect gitlab api from code to download artifacts.
To do so, i'm required to generate a private access token and send it with the request.
I don't want to set a permanent token because it is not secure, so i tried to find some api to delete and generate new token when the old is expired, but i couldn't find anything.
I also tried to use deploy-tokens but it has no permission to gitlab api.
Any suggestions?
I don't want to set a permanent token because it is not secure
Since 13.3 gitlab version there is available Project access tokens, which let you opportunity to issue a token for a specific project and limit it's scope. So it's definitely better than using yourself private token
Project level access tokens allow access to a project without the need to provision a new GitLab user. Project access tokens can be generated by project Maintainers or Owners and be used to authenticate with the GitLab API. Project access tokens will be authorized as Maintainers. This new functionality will make programmatic access to GitLab easier and more secure.
Previous answer:
Probably it would be less insecure if create extra user with permissions only for desired repository (from which we want to download artifacts) and issue personal-token for this user. So even the token will be compromised the offender will be capable only to download artifacts.
It is not possible yet, but they have an issue opened to add it
you can follow the discussion here https://gitlab.com/gitlab-org/gitlab/-/issues/17176