Implement GET APIs for Deploy Tokens

Changelog: added
MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/82467

doc/api/deploy_tokens.md

@@ -94,6 +94,46 @@ Example response:
 ]
 ```
 
+### Get a project deploy token
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/82467) in GitLab 14.9.
+
+Get a single project's deploy token by ID.
+
+```plaintext
+GET /projects/:id/deploy_tokens/:token_id
+```
+
+Parameters:
+
+| Attribute  | Type           | Required               | Description |
+| ---------- | -------------- | ---------------------- | ----------- |
+| `id`       | integer/string | **{check-circle}** Yes | ID or [URL-encoded path of the project](index.md#namespaced-path-encoding) owned by the authenticated user |
+| `token_id` | integer        | **{check-circle}** Yes | ID of the deploy token |
+
+Example request:
+
+```shell
+curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/1/deploy_tokens/1"
+```
+
+Example response:
+
+```json
+{
+  "id": 1,
+  "name": "MyToken",
+  "username": "gitlab+deploy-token-1",
+  "expires_at": "2020-02-14T00:00:00.000Z",
+  "revoked": false,
+  "expired": false,
+  "scopes": [
+    "read_repository",
+    "read_registry"
+  ]
+}
+```
+
 ### Create a project deploy token
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/21811) in GitLab 12.9.
@@ -108,7 +148,7 @@ Parameters:
 
 | Attribute    | Type             | Required               | Description |
 | ------------ | ---------------- | ---------------------- | ----------- |
-| `id`         | integer/string   | **{check-circle}** Yes | The ID or [URL-encoded path of the project](index.md#namespaced-path-encoding) owned by the authenticated user |
+| `id`         | integer/string   | **{check-circle}** Yes | ID or [URL-encoded path of the project](index.md#namespaced-path-encoding) owned by the authenticated user |
 | `name`       | string           | **{check-circle}** Yes | New deploy token's name |
 | `expires_at` | datetime         | **{dotted-circle}** No | Expiration date for the deploy token. Does not expire if no value is provided. Expected in ISO 8601 format (`2019-03-15T08:00:00Z`) |
 | `username`   | string           | **{dotted-circle}** No | Username for deploy token. Default is `gitlab+deploy-token-{n}` |
@@ -153,8 +193,8 @@ Parameters:
 
 | Attribute  | Type           | Required               | Description |
 | ---------- | -------------- | ---------------------- | ----------- |
-| `id`       | integer/string | **{check-circle}** Yes | The ID or [URL-encoded path of the project](index.md#namespaced-path-encoding) owned by the authenticated user |
-| `token_id` | integer        | **{check-circle}** Yes | The ID of the deploy token |
+| `id`       | integer/string | **{check-circle}** Yes | ID or [URL-encoded path of the project](index.md#namespaced-path-encoding) owned by the authenticated user |
+| `token_id` | integer        | **{check-circle}** Yes | ID of the deploy token |
 
 Example request:
 
@@ -210,6 +250,46 @@ Example response:
 ]
 ```
 
+### Get a group deploy token
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/82467) in GitLab 14.9.
+
+Get a single group's deploy token by ID.
+
+```plaintext
+GET /groups/:id/deploy_tokens/:token_id
+```
+
+Parameters:
+
+| Attribute   | Type           | Required               | Description |
+| ----------- | -------------- | ---------------------- | ----------- |
+| `id`        | integer/string | **{check-circle}** Yes | ID or [URL-encoded path of the group](index.md#namespaced-path-encoding) owned by the authenticated user |
+| `token_id`  | integer        | **{check-circle}** Yes | ID of the deploy token |
+
+Example request:
+
+```shell
+curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/1/deploy_tokens/1"
+```
+
+Example response:
+
+```json
+{
+  "id": 1,
+  "name": "MyToken",
+  "username": "gitlab+deploy-token-1",
+  "expires_at": "2020-02-14T00:00:00.000Z",
+  "revoked": false,
+  "expired": false,
+  "scopes": [
+    "read_repository",
+    "read_registry"
+  ]
+}
+```
+
 ### Create a group deploy token
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/21811) in GitLab 12.9.
@@ -224,7 +304,7 @@ Parameters:
 
 | Attribute    | Type | Required  | Description |
 | ------------ | ---- | --------- | ----------- |
-| `id`         | integer/string   | **{check-circle}** Yes | The ID or [URL-encoded path of the group](index.md#namespaced-path-encoding) owned by the authenticated user |
+| `id`         | integer/string   | **{check-circle}** Yes | ID or [URL-encoded path of the group](index.md#namespaced-path-encoding) owned by the authenticated user |
 | `name`       | string           | **{check-circle}** Yes | New deploy token's name |
 | `expires_at` | datetime         | **{dotted-circle}** No | Expiration date for the deploy token. Does not expire if no value is provided. Expected in ISO 8601 format (`2019-03-15T08:00:00Z`) |
 | `username`   | string           | **{dotted-circle}** No | Username for deploy token. Default is `gitlab+deploy-token-{n}` |
@@ -269,8 +349,8 @@ Parameters:
 
 | Attribute   | Type           | Required               | Description |
 | ----------- | -------------- | ---------------------- | ----------- |
-| `id`        | integer/string | **{check-circle}** Yes | The ID or [URL-encoded path of the project](index.md#namespaced-path-encoding) owned by the authenticated user |
-| `token_id`  | integer        | **{check-circle}** Yes | The ID of the deploy token |
+| `id`        | integer/string | **{check-circle}** Yes | ID or [URL-encoded path of the group](index.md#namespaced-path-encoding) owned by the authenticated user |
+| `token_id`  | integer        | **{check-circle}** Yes | ID of the deploy token |
 
 Example request:
 

lib/api/deploy_tokens.rb

@@ -93,6 +93,21 @@ module API
         end
       end
 
+      desc 'Get a project deploy token' do
+        detail 'This feature was introduced in GitLab 14.9'
+        success Entities::DeployToken
+      end
+      params do
+        requires :token_id, type: Integer, desc: 'The deploy token ID'
+      end
+      get ':id/deploy_tokens/:token_id' do
+        authorize!(:read_deploy_token, user_project)
+
+        deploy_token = user_project.deploy_tokens.find(params[:token_id])
+
+        present deploy_token, with: Entities::DeployToken
+      end
+
       desc 'Delete a project deploy token' do
         detail 'This feature was introduced in GitLab 12.9'
       end
@@ -159,6 +174,21 @@ module API
         end
       end
 
+      desc 'Get a group deploy token' do
+        detail 'This feature was introduced in GitLab 14.9'
+        success Entities::DeployToken
+      end
+      params do
+        requires :token_id, type: Integer, desc: 'The deploy token ID'
+      end
+      get ':id/deploy_tokens/:token_id' do
+        authorize!(:read_deploy_token, user_group)
+
+        deploy_token = user_group.deploy_tokens.find(params[:token_id])
+
+        present deploy_token, with: Entities::DeployToken
+      end
+
       desc 'Delete a group deploy token' do
         detail 'This feature was introduced in GitLab 12.9'
       end

spec/fixtures/api/schemas/public_api/v4/deploy_token.json

@@ -5,7 +5,9 @@
     "name",
     "username",
     "expires_at",
-    "scopes"
+    "scopes",
+    "revoked",
+    "expired"
   ],
   "properties": {
     "id": {
@@ -26,6 +28,12 @@
     },
     "token": {
       "type": "string"
+    },
+    "revoked": {
+      "type": "boolean"
+    },
+    "expired": {
+      "type": "boolean"
     }
   }
 }
\ No newline at end of file

spec/requests/api/deploy_tokens_spec.rb

@@ -130,6 +130,55 @@ RSpec.describe API::DeployTokens do
     end
   end
 
+  describe 'GET /projects/:id/deploy_tokens/:token_id' do
+    subject do
+      get api("/projects/#{project.id}/deploy_tokens/#{deploy_token.id}", user)
+      response
+    end
+
+    context 'when unauthenticated' do
+      let(:user) { nil }
+
+      it { is_expected.to have_gitlab_http_status(:not_found) }
+    end
+
+    context 'when authenticated as non-admin user' do
+      before do
+        project.add_developer(user)
+      end
+
+      it { is_expected.to have_gitlab_http_status(:forbidden) }
+    end
+
+    context 'when authenticated as maintainer' do
+      before do
+        project.add_maintainer(user)
+      end
+
+      it { is_expected.to have_gitlab_http_status(:ok) }
+
+      it 'returns specific deploy token for the project' do
+        subject
+
+        expect(response).to match_response_schema('public_api/v4/deploy_token')
+      end
+
+      context 'invalid request' do
+        it 'returns not found with invalid project id' do
+          get api("/projects/bad_id/deploy_tokens/#{deploy_token.id}", user)
+
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+
+        it 'returns not found with invalid token id' do
+          get api("/projects/#{project.id}/deploy_tokens/#{non_existing_record_id}", user)
+
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+      end
+    end
+  end
+
   describe 'GET /groups/:id/deploy_tokens' do
     subject do
       get api("/groups/#{group.id}/deploy_tokens", user)
@@ -188,6 +237,55 @@ RSpec.describe API::DeployTokens do
     end
   end
 
+  describe 'GET /groups/:id/deploy_tokens/:token_id' do
+    subject do
+      get api("/groups/#{group.id}/deploy_tokens/#{group_deploy_token.id}", user)
+      response
+    end
+
+    context 'when unauthenticated' do
+      let(:user) { nil }
+
+      it { is_expected.to have_gitlab_http_status(:forbidden) }
+    end
+
+    context 'when authenticated as non-admin user' do
+      before do
+        group.add_developer(user)
+      end
+
+      it { is_expected.to have_gitlab_http_status(:forbidden) }
+    end
+
+    context 'when authenticated as maintainer' do
+      before do
+        group.add_maintainer(user)
+      end
+
+      it { is_expected.to have_gitlab_http_status(:ok) }
+
+      it 'returns specific deploy token for the group' do
+        subject
+
+        expect(response).to match_response_schema('public_api/v4/deploy_token')
+      end
+
+      context 'invalid request' do
+        it 'returns not found with invalid group id' do
+          get api("/groups/bad_id/deploy_tokens/#{group_deploy_token.id}", user)
+
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+
+        it 'returns not found with invalid token id' do
+          get api("/groups/#{group.id}/deploy_tokens/#{non_existing_record_id}", user)
+
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+      end
+    end
+  end
+
   describe 'DELETE /projects/:id/deploy_tokens/:token_id' do
     subject do
       delete api("/projects/#{project.id}/deploy_tokens/#{deploy_token.id}", user)
@@ -232,10 +330,10 @@ RSpec.describe API::DeployTokens do
 
         it 'returns bad_request with invalid token id' do
           expect(::Projects::DeployTokens::DestroyService).to receive(:new)
-            .with(project, user, token_id: 999)
+            .with(project, user, token_id: non_existing_record_id)
             .and_raise(ActiveRecord::RecordNotFound)
 
-          delete api("/projects/#{project.id}/deploy_tokens/999", user)
+          delete api("/projects/#{project.id}/deploy_tokens/#{non_existing_record_id}", user)
 
           expect(response).to have_gitlab_http_status(:not_found)
         end
@@ -395,10 +493,10 @@ RSpec.describe API::DeployTokens do
 
         it 'returns not found with invalid deploy token id' do
           expect(::Groups::DeployTokens::DestroyService).to receive(:new)
-            .with(group, user, token_id: 999)
+            .with(group, user, token_id: non_existing_record_id)
             .and_raise(ActiveRecord::RecordNotFound)
 
-          delete api("/groups/#{group.id}/deploy_tokens/999", user)
+          delete api("/groups/#{group.id}/deploy_tokens/#{non_existing_record_id}", user)
 
           expect(response).to have_gitlab_http_status(:not_found)
         end