Skip to content

Resolve "Pages API"

What does this MR do?

Add's CRUD API end points for Pages Domains.

Are there points in the code the reviewer needs to double check?

Yes! 😄

  • Is it appropriate to expose raw certificate and key? See pages/domains/:domain/details.
  • This introduces ability to edit an existing domain that is not possible in the UI. Primary use cases are:
    • Update expiring certificate
    • Convert existing domain from http to https
  • Is API json schema correctly declared?
    • Should there be a distinction between a single domain response and a list response?
  • Review security policy (probably a separate issue but here for reference)
    • The existing Domain Pages UI controllers only utilize authorize_read_pages and authorize_update_pages.
    • Current policy… (owner,admin: remove_pages), (master: admin_pages,read_pages,update_pages)
  • Are the tests handled in a reasonable way?
    • Does every role need to be tested?
  • Should the endpoints be disabled and return a particular response code if the pages facility is not enabled? See require_pages_enabled.

Why was this MR needed?

Through the API, it is not currently possible to add, update, or remove pages domains with optional certificate on projects. Requested in issue #23000 (moved).

Screenshots (if relevant)

Does this MR meet the acceptance criteria?

What are the relevant issue numbers?

Closes #23000 (moved)

Edited by Grzegorz Bizon

Merge request reports