{{< details >}}

  1. Tier: 专业版, 旗舰版
  2. Offering: JihuLab.com, 私有化部署

{{< /details >}}

有效的访问级别

访问级别在 ProtectedEnvironments::DeployAccessLevel::ALLOWED_ACCESS_LEVELS 方法中定义。目前,这些级别被识别:

30 => Developer access
40 => Maintainer access
60 => Admin access

群组继承类型

群组继承允许部署访问级别和访问规则考虑继承的群组成员资格。群组继承类型由 ProtectedEnvironments::Authorizable::GROUP_INHERITANCE_TYPE 定义。以下类型被识别:

0 => Direct group membership only (default)
1 => All inherited groups

列出受保护的环境

从一个项目中获取受保护环境的列表:

GET /projects/:id/protected_environments
属性 类型 必需 描述
id integer/string 项目的 ID 或 URL 编码的路径
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/5/protected_environments/"

示例响应:

[
   {
      "name":"production",
      "deploy_access_levels":[
         {
            "id": 12,
            "access_level":40,
            "access_level_description":"Maintainers",
            "user_id":null,
            "group_id":null,
            "group_inheritance_type": 0
         }
      ],
      "required_approval_count": 0
   }
]

获取单个受保护的环境

获取一个单个受保护的环境:

GET /projects/:id/protected_environments/:name
属性 类型 必需 描述
id integer/string 项目的 ID 或 URL 编码的路径
name string 受保护环境的名称
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/5/protected_environments/production"

示例响应:

{
   "name":"production",
   "deploy_access_levels":[
      {
         "id": 12,
         "access_level": 40,
         "access_level_description": "Maintainers",
         "user_id": null,
         "group_id": null,
         "group_inheritance_type": 0
      }
   ],
   "required_approval_count": 0
}

保护单个环境

保护一个单个环境:

POST /projects/:id/protected_environments
属性 类型 必需 描述
id integer/string 项目的 ID 或 URL 编码的路径
name string 环境的名称。
deploy_access_levels array 允许部署的访问级别数组,每个由哈希描述。
approval_rules array 允许批准的访问级别数组,每个由哈希描述。参见 多个批准规则

deploy_access_levelsapproval_rules 数组中的元素应为 user_idgroup_idaccess_level 之一,并采用 {user_id: integer}{group_id: integer}{access_level: integer} 的形式。可以选择在每个上指定 group_inheritance_type,作为有效的群组继承类型之一。每个用户必须对项目有访问权限,每个群组必须共享此项目

curl --header 'Content-Type: application/json' --request POST \
     --data '{"name": "production", "deploy_access_levels": [{"group_id": 9899826}], "approval_rules": [{"group_id": 134}, {"group_id": 135, "required_approvals": 2}]}' \
     --header "PRIVATE-TOKEN: <your_access_token>" \
     "https://gitlab.example.com/api/v4/projects/22034114/protected_environments"

示例响应:

{
   "name": "production",
   "deploy_access_levels": [
      {
         "id": 12,
         "access_level": 40,
         "access_level_description": "protected-access-group",
         "user_id": null,
         "group_id": 9899826,
         "group_inheritance_type": 0
      }
   ],
   "required_approval_count": 0,
   "approval_rules": [
      {
         "id": 38,
         "user_id": null,
         "group_id": 134,
         "access_level": null,
         "access_level_description": "qa-group",
         "required_approvals": 1,
         "group_inheritance_type": 0
      },
      {
         "id": 39,
         "user_id": null,
         "group_id": 135,
         "access_level": null,
         "access_level_description": "security-group",
         "required_approvals": 2,
         "group_inheritance_type": 0
      }
   ]
}

更新受保护的环境

{{< history >}}

  • 引入于极狐GitLab 15.4。

{{< /history >}}

更新单个环境。

PUT /projects/:id/protected_environments/:name
属性 类型 必需 描述
id integer/string 项目的 ID 或 URL 编码的路径
name string 环境的名称。
deploy_access_levels array 允许部署的访问级别数组,每个由哈希描述。
approval_rules array 允许批准的访问级别数组,每个由哈希描述。参见 多个批准规则 以获取更多信息。

deploy_access_levelsapproval_rules 数组中的元素应为 user_idgroup_idaccess_level 之一,并采用 {user_id: integer}{group_id: integer}{access_level: integer} 的形式。可以选择在每个上指定 group_inheritance_type,作为有效的群组继承类型之一。

更新:

  1. user_id: 确保更新的用户对项目有访问权限。您还必须在相应的哈希中传递 deploy_access_levelapproval_ruleid
  2. group_id: 确保更新的群组共享此项目。您还必须在相应的哈希中传递 deploy_access_levelapproval_ruleid

删除:

  1. 您必须传递 _destroy 设置为 true。请参见以下示例。

示例:创建一个 deploy_access_level 记录

curl --header 'Content-Type: application/json' --request PUT \
     --data '{"deploy_access_levels": [{"group_id": 9899829, access_level: 40}]' \
     --header "PRIVATE-TOKEN: <your_access_token>" \
     "https://gitlab.example.com/api/v4/projects/22034114/protected_environments/production"

示例响应:

{
   "name": "production",
   "deploy_access_levels": [
      {
         "id": 12,
         "access_level": 40,
         "access_level_description": "protected-access-group",
         "user_id": null,
         "group_id": 9899829,
         "group_inheritance_type": 1
      }
   ],
   "required_approval_count": 0
}

示例:更新一个 deploy_access_level 记录

curl --header 'Content-Type: application/json' --request PUT \
     --data '{"deploy_access_levels": [{"id": 12, "group_id": 22034120}]}' \
     --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/22034114/protected_environments/production"
{
   "name": "production",
   "deploy_access_levels": [
      {
         "id": 12,
         "access_level": 40,
         "access_level_description": "protected-access-group",
         "user_id": null,
         "group_id": 22034120,
         "group_inheritance_type": 0
      }
   ],
   "required_approval_count": 2
}

示例:删除一个 deploy_access_level 记录

curl --header 'Content-Type: application/json' --request PUT \
     --data '{"deploy_access_levels": [{"id": 12, "_destroy": true}]}' \
     --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/22034114/protected_environments/production"

示例响应:

{
   "name": "production",
   "deploy_access_levels": [],
   "required_approval_count": 0
}

示例:创建一个 approval_rule 记录

curl --header 'Content-Type: application/json' --request PUT \
     --data '{"approval_rules": [{"group_id": 134, "required_approvals": 1}]}' \
     --header "PRIVATE-TOKEN: <your_access_token>" \
     "https://gitlab.example.com/api/v4/projects/22034114/protected_environments/production"

示例响应:

{
   "name": "production",
   "approval_rules": [
      {
         "id": 38,
         "user_id": null,
         "group_id": 134,
         "access_level": null,
         "access_level_description": "qa-group",
         "required_approvals": 1,
         "group_inheritance_type": 0
      }
   ]
}

示例:更新一个 approval_rule 记录

curl --header 'Content-Type: application/json' --request PUT \
     --data '{"approval_rules": [{"id": 38, "group_id": 135, "required_approvals": 2}]}' \
     --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/22034114/protected_environments/production"
{
   "name": "production",
   "approval_rules": [
      {
         "id": 38,
         "user_id": null,
         "group_id": 135,
         "access_level": null,
         "access_level_description": "security-group",
         "required_approvals": 2,
         "group_inheritance_type": 0
      }
   ]
}

示例:删除一个 approval_rule 记录

curl --header 'Content-Type: application/json' --request PUT \
     --data '{"approval_rules": [{"id": 38, "_destroy": true}]}' \
     --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/22034114/protected_environments/production"

示例响应:

{
   "name": "production",
   "approval_rules": []
}

取消保护单个环境

取消保护给定的受保护环境:

DELETE /projects/:id/protected_environments/:name
属性 类型 必需 描述
id integer/string 项目的 ID 或 URL 编码的路径
name string 受保护环境的名称。
curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/5/protected_environments/staging"