feat(job_token_scope): support Groups in job token allowlist API

[TimKnight-DWP]

Builds ontop of: #2767 and #2790

Closes #2762

Adds support for adding Group to job_token_allowlist: https://docs.gitlab.com/ee/api/project_job_token_scopes.html#add-a-group-to-a-cicd-job-token-allowlist

[TimKnight-DWP]

NOTE: Group allowlist functionality is due in 16.10 eta: March 21st

I will develop tests using the nightly builds image, and leave in draft until 16.10 is released

[TimKnight-DWP]

Ready for Review
Marked ready to review, tests are passing against the nightly build which includes the Group allowlist changes

For merge in will need to mark as XFail or have a feature flag based on if 16.10+ is active or no?

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 96.50%. Comparing base (7ec3189) to head (ee826ad).
Report is 48 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2816      +/-   ##
==========================================
- Coverage   96.52%   96.50%   -0.03%     
==========================================
  Files          90       90              
  Lines        5872     5889      +17     
==========================================
+ Hits         5668     5683      +15     
- Misses        204      206       +2     

Flag	Coverage Δ
api_func_v4	82.37% <70.37%> (+0.13%)	⬆️
cli_func_v4	83.59% <70.37%> (+0.01%)	⬆️
unit	88.30% <100.00%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files	Coverage Δ
gitlab/v4/objects/job_token_scope.py	100.00% <100.00%> (ø)

... and 1 file with indirect coverage changes

[TimKnight-DWP]

@nejch built on the work you started and some of the discussions we had a few months back, this adds support for managing the CI Job Token via python-gitlab.

[TimKnight-DWP]

Hi @nejch , @JohnVillalovos , @max-wittig , @bufferoverflow

Myself and @SachinKSingh28 among others will be working on a project to migrate from Gitlab-SAAS to Dedicate, alongside our work on GitLabForm project we will be adding in Enterprise feature sets to python-gitlab.

Would there be a good way to discuss a ways of working that is useful for the demands on your time, and if it would be helpful for us to also take on Maintainership of the project? As it's a key part of our infrastructure here at the DWP (a UK Gov public sector department)

[JohnVillalovos]

Would there be a good way to discuss a ways of working that is useful for the demands on your time, and if it would be helpful for us to also take on Maintainership of the project? As it's a key part of our infrastructure here at the DWP (a UK Gov public sector department)

Nothing personal but after what happened to XZ project [1]. Having people asking to become maintainers is looked warily by me.

https://news.ycombinator.com/item?id=39865810

But I would be up for a video-conference if @nejch would like to do it. Doing a hackathon or something along those lines could be fun.

[JohnVillalovos]

Overall this is looking pretty good to me. My suggestions are mostly minor.

[TimKnight-DWP]

Would there be a good way to discuss a ways of working that is useful for the demands on your time, and if it would be helpful for us to also take on Maintainership of the project? As it's a key part of our infrastructure here at the DWP (a UK Gov public sector department)

Nothing personal but after what happened to XZ project [1]. Having people asking to become maintainers is looked warily by me.

https://news.ycombinator.com/item?id=39865810

But I would be up for a video-conference if @nejch would like to do it. Doing a hackathon or something along those lines could be fun.

@JohnVillalovos -> Oh absolutely! We work in Security here, and having seen what happen with XZ is why I've not wanted to be too pushy 👍

We would be up for having a video-conference call etc. We're on BST

[TimKnight-DWP]

Updated PR

[JohnVillalovos]

This is looking good to me. Left a couple of comments about trying to get the code coverage test to pass.

Hopefully @nejch can do a review on this too.

[TimKnight-DWP]

@JohnVillalovos updated once more, I certainly intended to have already covered those paths, but clearly hadn't so done now 👍

[TimKnight-DWP]

Thanks for the merge @JohnVillalovos

If you wanted to have a chat, we can talk through what we're doing with GitLab on our end and how that'll interface with python-gitlab.

Hopefully this calendly link should work: https://calendly.com/tim-knight1/30min

[JohnVillalovos]

Thanks for the merge @JohnVillalovos

If you wanted to have a chat, we can talk through what we're doing with GitLab on our end and how that'll interface with python-gitlab.

Hopefully this calendly link should work: https://calendly.com/tim-knight1/30min

Meeting sounds great to me, but I would like to wait for @nejch to join. I'm assuming that he is on vacation or something as I haven't heard from him for a bit.