PersonalAccessTokens.psm1
# https://docs.gitlab.com/ee/api/personal_access_tokens.html function Get-GitlabPersonalAccessToken { [CmdletBinding(DefaultParameterSetName='Default')] param( [Parameter(Position=0, ParameterSetName='Default')] [string] $TokenId, [Parameter(ValueFromPipelineByPropertyName, ParameterSetName='Default')] [Alias('Username')] [Alias('EmailAddress')] [string] $UserId, [Parameter(ParameterSetName='Mine')] [switch] $Mine, [Parameter(ParameterSetName='Token')] [string] $Token, [Parameter(ParameterSetName='Self')] [switch] $Self, [Parameter(ParameterSetName='Default')] [ValidateScript({ValidateGitlabDateFormat $_})] [string] $CreatedAfter, [Parameter(ParameterSetName='Default')] [ValidateScript({ValidateGitlabDateFormat $_})] [string] $CreatedBefore, [Parameter(ParameterSetName='Default')] [ValidateScript({ValidateGitlabDateFormat $_})] [string] $LastUsedAfter, [Parameter(ParameterSetName='Default')] [ValidateScript({ValidateGitlabDateFormat $_})] [string] $LastUsedBefore, [Parameter(ParameterSetName='Default')] [string] [ValidateSet($null, 'active', 'inactive')] $State = 'active', [Parameter(ParameterSetName='Default')] [ValidateSet($null, 'true', 'false')] [string] $Revoked = 'false', [Parameter()] [uint] $MaxPages, [switch] [Parameter()] $All, [Parameter()] [string] $SiteUrl ) # https://docs.gitlab.com/ee/api/personal_access_tokens.html#list-personal-access-tokens $Request = @{ Method = 'GET' Path = "personal_access_tokens" Query = @{ state = $State revoked = $Revoked } MaxPages = Get-GitlabMaxPages -MaxPages:$MaxPages -All:$All SiteUrl = $SiteUrl } if ($TokenId) { # https://docs.gitlab.com/ee/api/personal_access_tokens.html#get-single-personal-access-token $Request.Path += "/$TokenId" } elseif ($Token -or $Self) { $Request.Path += "/self" # https://docs.gitlab.com/ee/api/personal_access_tokens.html#using-a-request-header if ($Token) { $Request.AccessToken = $Token } } if ($Mine) { $UserId = Get-GitlabUser -Me | Select-Object -ExpandProperty Id } if ($UserId) { $User = Get-GitlabUser $UserId $Request.Query.user_id = $User.Id } if ($CreatedAfter) { $Request.Query.created_after = $CreatedAfter } if ($CreatedBefore) { $Request.Query.created_before = $CreatedBefore } if ($LastUsedAfter) { $Request.Query.last_used_after = $LastUsedAfter } if ($LastUsedBefore) { $Request.Query.last_used_before = $LastUsedBefore } Invoke-GitlabApi @Request | New-WrapperObject 'Gitlab.PersonalAccessToken' | ForEach-Object { $ExpiresAt = [datetime]::Parse($_.ExpiresAt) $_.PSObject.Properties.Remove('ExpiresAt') $_ | Add-Member -PassThru -NotePropertyMembers @{ ExpiresAt = $ExpiresAt } } | Sort-Object LastUsedAtSortable -Descending } function New-GitlabPersonalAccessToken { [CmdletBinding(SupportsShouldProcess)] param ( [Parameter()] [Alias('Username')] [string] $UserId, [Parameter(Mandatory)] [string] $Name, [Parameter(Mandatory, ValueFromPipelineByPropertyName)] [ValidateSet('api', 'read_user', 'read_api', 'read_repository', 'write_repository', 'read_registry', 'write_registry', 'sudo', 'admin_mode', 'create_runner', 'manage_runner', 'ai_features', 'k8s_proxy', 'read_service_ping')] [string []] $Scope, [Parameter()] [ValidateScript({ValidateGitlabDateFormat $_})] [string] $ExpiresAt, [Parameter()] [string] $SiteUrl ) if ($UserId) { $User = Get-GitlabUser $UserId } else { $User = Get-GitlabUser -Me } $Request = @{ # https://docs.gitlab.com/ee/api/users.html#create-a-personal-access-token Method = 'POST' Path = "users/$($User.Id)/personal_access_tokens" Body = @{ name = $Name scopes = $Scope } SiteUrl = $SiteUrl } if ($ExpiresAt) { $Request.Body.expires_at = $ExpiresAt } if ($PSCmdlet.ShouldProcess("$($Request.Path)", "create personal access token $($Request | ConvertTo-Json)")) { $Response = Invoke-GitlabApi @Request | New-WrapperObject 'Gitlab.NewPersonalAccessToken' Set-Clipboard -Value $Response.Token Write-Warning "New personal access token copied to clipboard" $Response } } function Invoke-GitlabPersonalAccessTokenRotation { [CmdletBinding(SupportsShouldProcess)] [Alias('Rotate-GitlabPersonalAccessToken')] param ( [Parameter(Mandatory, ValueFromPipelineByPropertyName, Position=0)] [Alias('Id')] [string] $TokenId, [Parameter()] [string] [ValidateScript({ValidateGitlabDateFormat $_})] $ExpiresAt, [Parameter()] [string] $SiteUrl ) $Request = @{ # https://docs.gitlab.com/ee/api/users.html#rotate-a-personal-access-token Method = 'POST' Path = "personal_access_tokens/$($TokenId)/rotate" Body = @{} SiteUrl = $SiteUrl } if ($ExpiresAt) { $Request.Body.expires_at = $ExpiresAt } if ($PSCmdlet.ShouldProcess("$($Request.Path)", "rotate personal access token")) { $Response = Invoke-GitlabApi @Request | New-WrapperObject 'Gitlab.NewPersonalAccessToken' Set-Clipboard -Value $Response.Token Write-Warning "Updated personal access token copied to clipboard" $Response } } function Revoke-GitlabPersonalAccessToken { [CmdletBinding(SupportsShouldProcess)] param ( [Parameter(Mandatory, ValueFromPipelineByPropertyName, Position=0)] [Alias('Id')] [string] $TokenId, [Parameter()] [string] $SiteUrl ) $Request = @{ # https://docs.gitlab.com/ee/api/personal_access_tokens.html#revoke-a-personal-access-token Method = 'DELETE' Path = "personal_access_tokens/$($TokenId)" SiteUrl = $SiteUrl } if ($PSCmdlet.ShouldProcess("$($Request.Path)", "revoke personal access token")) { Invoke-GitlabApi @Request | Out-Null Write-Host "Revoked personal access token $TokenId" } } |