From 01d55f6b7d6b9965d77b4ebcce3bf626f455c55b Mon Sep 17 00:00:00 2001
From: dannydd88 <386542+dannydd88@users.noreply.github.com>
Date: Sun, 20 Aug 2023 17:06:31 +0800
Subject: [PATCH 1/2] feature: add API GetProjectJobTokenAccessSettings and
 PatchProjectJobTokenAccessSettings for JobTokenScopeService

---
 job_token_scope.go      | 61 +++++++++++++++++++++++++++++++++++++++++
 job_token_scope_test.go | 58 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 119 insertions(+)

diff --git a/job_token_scope.go b/job_token_scope.go
index 82dc50819..57e783bb4 100644
--- a/job_token_scope.go
+++ b/job_token_scope.go
@@ -26,6 +26,67 @@ type JobTokenScopeService struct {
 	client *Client
 }
 
+// JobTokenAccessSettings represents job token access attributes for this project.
+//
+// GitLab API docs: https://docs.gitlab.com/ee/api/project_job_token_scopes.html
+type JobTokenAccessSettings struct {
+	InboundEnabled  bool `json:"inbound_enabled"`
+	OutboundEnabled bool `json:"outbound_enabled"`
+}
+
+// GetProjectJobTokenAccessSettings fetch the CI/CD job token access settings (job token scope) of a project.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/project_job_token_scopes.html#get-a-projects-cicd-job-token-access-settings
+func (j *JobTokenScopeService) GetProjectJobTokenAccessSettings(pid interface{}, options ...RequestOptionFunc) (*JobTokenAccessSettings, *Response, error) {
+	project, err := parseID(pid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf(`projects/%s/job_token_scope`, PathEscape(project))
+
+	req, err := j.client.NewRequest(http.MethodGet, u, nil, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var settings *JobTokenAccessSettings
+	resp, err := j.client.Do(req, &settings)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return settings, resp, err
+}
+
+// PatchProjectJobTokenAccessSettingsOptions represents the available
+// PatchProjectJobTokenAccessSettings() options.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/project_job_token_scopes.html#patch-a-projects-cicd-job-token-access-settings
+type PatchProjectJobTokenAccessSettingsOptions struct {
+	Enabled bool `json:"enabled"`
+}
+
+// PatchProjectJobTokenAccessSettings patch the Limit access to this project setting (job token scope) of a project.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/project_job_token_scopes.html#patch-a-projects-cicd-job-token-access-settings
+func (j *JobTokenScopeService) PatchProjectJobTokenAccessSettings(pid interface{}, opt *PatchProjectJobTokenAccessSettingsOptions, options ...RequestOptionFunc) (*Response, error) {
+	project, err := parseID(pid)
+	if err != nil {
+		return nil, err
+	}
+	u := fmt.Sprintf(`projects/%s/job_token_scope`, PathEscape(project))
+
+	req, err := j.client.NewRequest(http.MethodPatch, u, opt, options)
+	if err != nil {
+		return nil, err
+	}
+
+	return j.client.Do(req, nil)
+}
+
 // JobTokenInboundAllowItem represents a single job token inbound allowlist item.
 //
 // GitLab API docs: https://docs.gitlab.com/ee/api/project_job_token_scopes.html
diff --git a/job_token_scope_test.go b/job_token_scope_test.go
index 06e116c34..0e33f73e9 100644
--- a/job_token_scope_test.go
+++ b/job_token_scope_test.go
@@ -23,6 +23,64 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
+func TestGetProjectTokenAccessSettings(t *testing.T) {
+	mux, client := setup(t)
+
+	// Handle project ID 1, and print a result of access settings
+	mux.HandleFunc("/api/v4/projects/1/job_token_scope", func(w http.ResponseWriter, r *http.Request) {
+		testMethod(t, r, http.MethodGet)
+
+		// Print on the response
+		fmt.Fprint(w, `{"inbound_enabled":true,"outbound_enabled":false}`)
+	})
+
+	want := &JobTokenAccessSettings{
+		InboundEnabled:  true,
+		OutboundEnabled: false,
+	}
+
+	settings, _, err := client.JobTokenScope.GetProjectJobTokenAccessSettings(1)
+
+	assert.NoError(t, err)
+	assert.Equal(t, want, settings)
+}
+
+func TestPatchProjectJobTokenAccessSettings(t *testing.T) {
+	mux, client := setup(t)
+
+	mux.HandleFunc("/api/v4/projects/1/job_token_scope", func(w http.ResponseWriter, r *http.Request) {
+		testMethod(t, r, http.MethodPatch)
+
+		// Read the request to determine which target project is passed in
+		body, err := io.ReadAll(r.Body)
+		if err != nil {
+			t.Fatalf("JobTokenScope.PatchProjectJobTokenAccessSettings failed to read body")
+		}
+
+		// Parse to object to ensure it's sent on the request appropriately.
+		var options PatchProjectJobTokenAccessSettingsOptions
+		err = json.Unmarshal(body, &options)
+		if err != nil {
+			t.Fatalf("JobTokenScope.PatchProjectJobTokenAccessSettings failed to unmarshal body: %v", err)
+		}
+
+		// Ensure we provide the proper response
+		w.WriteHeader(http.StatusNoContent)
+
+		// Print an empty body, since that's what the API provides.
+		fmt.Fprint(w, "")
+	})
+
+	resp, err := client.JobTokenScope.PatchProjectJobTokenAccessSettings(
+		1,
+		&PatchProjectJobTokenAccessSettingsOptions{
+			Enabled: false,
+		},
+	)
+	assert.NoError(t, err)
+	assert.Equal(t, 204, resp.StatusCode)
+}
+
 // This tests that when calling the GetProjectJobTokenInboundAllowList, we get a
 // list of projects back properly. There isn't a "deep" test with every attribute
 // specifieid, because the object returned is a *Project object, which is already

From 170162387f8d034ab9daa15bdceb48cb7c66cd3b Mon Sep 17 00:00:00 2001
From: Sander van Harmelen <sander@vanharmelen.nl>
Date: Sat, 2 Sep 2023 14:29:21 +0200
Subject: [PATCH 2/2] =?UTF-8?q?Minor=20tweaks=E2=80=A6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 job_token_scope.go | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/job_token_scope.go b/job_token_scope.go
index 57e783bb4..ff96ba698 100644
--- a/job_token_scope.go
+++ b/job_token_scope.go
@@ -50,13 +50,13 @@ func (j *JobTokenScopeService) GetProjectJobTokenAccessSettings(pid interface{},
 		return nil, nil, err
 	}
 
-	var settings *JobTokenAccessSettings
-	resp, err := j.client.Do(req, &settings)
+	jt := new(JobTokenAccessSettings)
+	resp, err := j.client.Do(req, jt)
 	if err != nil {
 		return nil, resp, err
 	}
 
-	return settings, resp, err
+	return jt, resp, err
 }
 
 // PatchProjectJobTokenAccessSettingsOptions represents the available
@@ -156,13 +156,13 @@ func (j *JobTokenScopeService) AddProjectToJobScopeAllowList(pid interface{}, op
 		return nil, nil, err
 	}
 
-	ai := new(JobTokenInboundAllowItem)
-	resp, err := j.client.Do(req, ai)
+	jt := new(JobTokenInboundAllowItem)
+	resp, err := j.client.Do(req, jt)
 	if err != nil {
 		return nil, resp, err
 	}
 
-	return ai, resp, nil
+	return jt, resp, nil
 }
 
 // RemoveProjectFromJobScopeAllowList removes a project from a project's job