diff options
Diffstat (limited to 'lib/api/terraform/state.rb')
-rw-r--r-- | lib/api/terraform/state.rb | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/lib/api/terraform/state.rb b/lib/api/terraform/state.rb index e7c9627c753..f6e966defce 100644 --- a/lib/api/terraform/state.rb +++ b/lib/api/terraform/state.rb @@ -4,14 +4,14 @@ require_dependency 'api/validations/validators/limit' module API module Terraform - class State < Grape::API + class State < Grape::API::Instance include ::Gitlab::Utils::StrongMemoize default_format :json before do authenticate! - authorize! :admin_terraform_state, user_project + authorize! :read_terraform_state, user_project end params do @@ -46,6 +46,8 @@ module API desc 'Add a new terraform state or update an existing one' route_setting :authentication, basic_auth_personal_access_token: true, job_token_allowed: :basic_auth post do + authorize! :admin_terraform_state, user_project + data = request.body.read no_content! if data.empty? @@ -59,6 +61,8 @@ module API desc 'Delete a terraform state of a certain name' route_setting :authentication, basic_auth_personal_access_token: true, job_token_allowed: :basic_auth delete do + authorize! :admin_terraform_state, user_project + remote_state_handler.handle_with_lock do |state| state.destroy! status :ok @@ -77,6 +81,8 @@ module API requires :Path, type: String, desc: 'Terraform path' end post '/lock' do + authorize! :admin_terraform_state, user_project + status_code = :ok lock_info = { 'Operation' => params[:Operation], @@ -108,6 +114,8 @@ module API optional :ID, type: String, limit: 255, desc: 'Terraform state lock ID' end delete '/lock' do + authorize! :admin_terraform_state, user_project + remote_state_handler.unlock! status :ok rescue ::Terraform::RemoteStateHandler::StateLockedError |