gitlab4j · jmini · Nov 16, 2023 · Sep 28, 2023
diff --git a/src/main/java/org/gitlab4j/api/GroupApi.java b/src/main/java/org/gitlab4j/api/GroupApi.java
@@ -1,6 +1,7 @@
 package org.gitlab4j.api;
 
 import java.io.File;
+import java.util.Arrays;
 import java.util.Date;
 import java.util.List;
 import java.util.Objects;
@@ -20,9 +21,12 @@
 import org.gitlab4j.api.models.Badge;
 import org.gitlab4j.api.models.CustomAttribute;
 import org.gitlab4j.api.models.Group;
+import org.gitlab4j.api.models.GroupAccessToken;
 import org.gitlab4j.api.models.GroupFilter;
 import org.gitlab4j.api.models.GroupParams;
 import org.gitlab4j.api.models.GroupProjectsFilter;
+import org.gitlab4j.api.models.ImpersonationToken;
+import org.gitlab4j.api.models.ImpersonationToken.Scope;
 import org.gitlab4j.api.models.Iteration;
 import org.gitlab4j.api.models.IterationFilter;
 import org.gitlab4j.api.models.LdapGroupLink;
@@ -1977,4 +1981,89 @@ public List<Iteration> listGroupIterations(Object groupIdOrPath, IterationFilter
         Response response = get(Response.Status.OK, queryParams, "groups", getGroupIdOrPath(groupIdOrPath), "iterations");
         return (response.readEntity(new GenericType<List<Iteration>>() { }));
     }
+
+    /**
+     * Get a list of group access tokens.
+     *
+     * <pre><code>GitLab Endpoint: GET /groups/:id/access_tokens</code></pre>
+     *
+     * @param groupIdOrPath the group in the form of an Long(ID), String(path), or Group instance
+     * @return the list of GroupAccessToken instances
+     * @throws GitLabApiException if any exception occurs
+     */
+    public List<GroupAccessToken> getGroupAccessTokens(Object groupIdOrPath) throws GitLabApiException {
+        Response response = get(Response.Status.OK, null, "groups", getGroupIdOrPath(groupIdOrPath), "access_tokens");
+        return (response.readEntity(new GenericType<List<GroupAccessToken>>() { }));
+    }
+
+    /**
+     * Get a group access token by ID.
+     *
+     * <pre><code>GitLab Endpoint: GET /groups/:id/access_tokens/:token_id</code></pre>
+     *
+     * @param groupIdOrPath the group in the form of an Long(ID), String(path), or Group instance
+     * @param tokenId ID of the group access token
+     * @return the GroupAccessToken instance
+     * @throws GitLabApiException if any exception occurs
+     */
+    public GroupAccessToken getGroupAccessToken(Object groupIdOrPath, Long tokenId) throws GitLabApiException {
+        Response response = get(Response.Status.OK, null, "groups", getGroupIdOrPath(groupIdOrPath), "access_tokens", tokenId);
+        return (response.readEntity(GroupAccessToken.class));
+    }
+
+    /**
+     * Create a group access token. You must have the Owner role for the group to create group access tokens.
+     *
+     * <pre><code>GitLab Endpoint: POST /groups/:id/access_tokens</code></pre>
+     *
+     * @param groupIdOrPath the group in the form of an Long(ID), String(path), or Group instance
+     * @param name the name of the group access token, required
+     * @param expiresAt the expiration date of the group access token, optional
+     * @param scopes an array of scopes of the group access token
+     * @param accessLevel Access level. Valid values are {@link AccessLevel#GUEST}, {@link AccessLevel#REPORTER}, {@link AccessLevel#DEVELOPER}, {@link AccessLevel#MAINTAINER}, and {@link AccessLevel#OWNER}.
+     * @return the created GroupAccessToken instance
+     * @throws GitLabApiException if any exception occurs
+     */
+    public GroupAccessToken createGroupAccessToken(Object groupIdOrPath, String name, Date expiresAt, Scope[] scopes, AccessLevel accessLevel) throws GitLabApiException {
+        if (scopes == null || scopes.length == 0) {
+            throw new RuntimeException("scopes cannot be null or empty");
+        }
+
+        GitLabApiForm formData = new GitLabApiForm()
+                .withParam("name", name, true)
+                .withParam("scopes", Arrays.asList(scopes))
+                .withParam("expires_at", expiresAt)
+                .withParam("access_level", accessLevel);
+
+        Response response = post(Response.Status.CREATED, formData, "groups", getGroupIdOrPath(groupIdOrPath), "access_tokens");
+        return (response.readEntity(GroupAccessToken.class));
+    }
+
+    /**
+     * Rotate a group access token. Revokes the previous token and creates a new token that expires in one week.
+     *
+     * <pre><code>GitLab Endpoint: POST /groups/:id/access_tokens/:token_id/rotate</code></pre>
+     *
+     * @param groupIdOrPath the group in the form of an Long(ID), String(path), or Group instance
+     * @param tokenId ID of the group access token
+     * @return the updated GroupAccessToken instance
+     * @throws GitLabApiException if any exception occurs
+     */
+    public GroupAccessToken rotateGroupAccessToken(Object groupIdOrPath, Long tokenId) throws GitLabApiException {
+        Response response = post(Response.Status.OK, (Form)null, "groups", getGroupIdOrPath(groupIdOrPath), "access_tokens", tokenId, "rotate");
+        return (response.readEntity(GroupAccessToken.class));
+    }
+
+    /**
+     * Revoke a group access token.
+     *
+     * <pre><code>GitLab Endpoint: DELETE /groups/:id/access_tokens/:token_id</code></pre>
+     *
+     * @param groupIdOrPath the group in the form of an Long(ID), String(path), or Group instance
+     * @param tokenId ID of the group access token
+     * @throws GitLabApiException if any exception occurs
+     */
+    public void revokeGroupAccessToken(Object groupIdOrPath, Long tokenId) throws GitLabApiException {
+        delete(Response.Status.NO_CONTENT, null, "groups", getGroupIdOrPath(groupIdOrPath), "access_tokens", tokenId);
+    }
 }
diff --git a/src/main/java/org/gitlab4j/api/models/GroupAccessToken.java b/src/main/java/org/gitlab4j/api/models/GroupAccessToken.java
@@ -0,0 +1,20 @@
+package org.gitlab4j.api.models;
+
+import org.gitlab4j.api.utils.JacksonJson;
+
+public class GroupAccessToken extends ImpersonationToken {
+    private AccessLevel accessLevel;
+
+    public AccessLevel getAccessLevel() {
+        return accessLevel;
+    }
+
+    public void setAccessLevel(AccessLevel accessLevel) {
+        this.accessLevel = accessLevel;
+    }
+
+    @Override
+    public String toString() {
+        return (JacksonJson.toJsonString(this));
+    }
+}
diff --git a/src/main/java/org/gitlab4j/api/models/ImpersonationToken.java b/src/main/java/org/gitlab4j/api/models/ImpersonationToken.java
@@ -37,10 +37,12 @@ public String toString() {
     private Boolean active;
     private String token;
     private List<Scope> scopes;
+    private Long userId;
     private Boolean revoked;
     private String name;
     private Long id;
     private Date createdAt;
+    private Date lastUsedAt;
     private Boolean impersonation;
     private Date expiresAt;
 
@@ -68,6 +70,14 @@ public void setScopes(List<Scope> scopes) {
         this.scopes = scopes;
     }
 
+    public Long getUserId() {
+        return userId;
+    }
+
+    public void setUserId(Long userId) {
+        this.userId = userId;
+    }
+
     public Boolean getRevoked() {
         return revoked;
     }
@@ -100,6 +110,14 @@ public void setCreatedAt(Date createdAt) {
         this.createdAt = createdAt;
     }
 
+    public Date getLastUsedAt() {
+        return lastUsedAt;
+    }
+
+    public void setLastUsedAt(Date lastUsedAt) {
+        this.lastUsedAt = lastUsedAt;
+    }
+
     public Boolean getImpersonation() {
         return impersonation;
     }

diff --git a/src/test/java/org/gitlab4j/api/TestGitLabApiBeans.java b/src/test/java/org/gitlab4j/api/TestGitLabApiBeans.java
@@ -73,6 +73,7 @@
 import org.gitlab4j.api.models.FileUpload;
 import org.gitlab4j.api.models.GpgSignature;
 import org.gitlab4j.api.models.Group;
+import org.gitlab4j.api.models.GroupAccessToken;
 import org.gitlab4j.api.models.HealthCheckInfo;
 import org.gitlab4j.api.models.ImpersonationToken;
 import org.gitlab4j.api.models.ImportStatus;
@@ -784,6 +785,12 @@ public void testImpersonationToken() throws Exception {
         assertTrue(compareJson(token, "impersonation-token.json"));
     }
 
+    @Test
+    public void testGroupAccessToken() throws Exception {
+        ImpersonationToken token = unmarshalResource(GroupAccessToken.class, "group-access-token.json");
+        assertTrue(compareJson(token, "group-access-token.json"));
+    }
+
     @Test
     public void testIteration() throws Exception {
         Iteration token = unmarshalResource(Iteration.class, "iteration.json");

diff --git a/src/test/resources/org/gitlab4j/api/group-access-token.json b/src/test/resources/org/gitlab4j/api/group-access-token.json
@@ -0,0 +1,16 @@
+{
+    "id": 81,
+    "name": "jenkins",
+    "revoked": false,
+    "created_at": "2022-10-12T08:01:02.719Z",
+    "scopes": [
+        "api",
+        "read_repository",
+        "write_repository"
+    ],
+    "user_id": 79,
+    "last_used_at": "2023-09-28T19:26:26.675Z",
+    "active": true,
+    "expires_at": "2024-06-18T00:00:00Z",
+    "access_level": 40
+}
diff --git a/src/test/resources/org/gitlab4j/api/impersonation-token.json b/src/test/resources/org/gitlab4j/api/impersonation-token.json
@@ -1,4 +1,5 @@
 {
+  "user_id" : 141,
   "active" : false,
   "scopes" : [
      "read_user", "api"
@@ -7,7 +8,8 @@
   "token" : "ZcZRpLeEuQRprkRjYydY",
   "name" : "mytoken2",
   "created_at" : "2017-03-17T17:19:28.697Z",
+  "last_used_at": "2018-03-17T17:19:28.697Z",
   "id" : 3,
   "impersonation" : true,
   "expires_at" : "2017-04-14T00:00:00Z"
-}
+}