← 返回首页
feat(api): add full service account support at instance, group, and project level by syphernl · Pull Request #3361 · python-gitlab/python-gitlab · GitHub
Skip to content

Navigation Menu

Toggle navigation
Sign in
Appearance settings
Search or jump to...

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted
Cancel Submit feedback

Saved searches

Use saved searches to filter your results more quickly

Cancel Create saved search
Appearance settings
Resetting focus

feat(api): add full service account support at instance, group, and project level#3361

Merged
JohnVillalovos merged 2 commits into
python-gitlab:mainfrom
syphernl:feat/extend_service_accounts
Apr 21, 2026
Merged

feat(api): add full service account support at instance, group, and project level#3361
JohnVillalovos merged 2 commits into
python-gitlab:mainfrom
syphernl:feat/extend_service_accounts

Conversation

Copy link
Copy Markdown
Contributor

syphernl commented Mar 5, 2026
edited
Loading

Changes

Extends service account support to cover all API levels and adds missing CRUD operations. Closes #2812. Supersedes #3109.

Instance-level service accounts (gl.service_accounts)

  • List: GET /service_accounts
  • Create: POST /service_accounts
  • Update: PATCH /service_accounts/:id (via .update() or .save())

Group-level service accounts (group.service_accounts)

  • Added update support: PATCH /groups/:id/service_accounts/:user_id
  • Added email parameter to create/update
  • Added order_by / sort list filters
  • Added personal access token sub-resource (service_account.access_tokens):
    list, create, delete, rotate — mirrors group access tokens

Project-level service accounts (project.service_accounts)

  • Full CRUD: list, create, update (PATCH), delete
  • Personal access token sub-resource (service_account.access_tokens): list, create, delete, rotate

Usage

# Instance level sa = gl.service_accounts.create({"name": "bot", "username": "my-bot"}) sa.name = "renamed-bot" sa.save() # Group level sa = group.service_accounts.create({"name": "ci-bot"}) token = sa.access_tokens.create({"name": "ci-token", "scopes": ["api"], "expires_at": "2026-01-01"}) token.rotate() sa.delete() # Project level sa = project.service_accounts.create({"name": "deploy-bot"}) token = sa.access_tokens.create({"name": "deploy-bot-token", "scopes": ["read_repository"]}) project.service_accounts.delete(sa.id)

Notes

  • No GetMixin is added at any level. The API exposes list-only, not fetch-by-id.
  • Subgroup-level is covered by the group-level implementation (subgroups are groups in GitLab's data model).

Documentation and testing

syphernl force-pushed the feat/extend_service_accounts branch 3 times, most recently from 154f447 to 358da71 Compare March 5, 2026 08:14
Copy link
Copy Markdown

codecov Bot commented Mar 5, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 95.78%. Comparing base (849301b) to head (2666de0).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files
@@ Coverage Diff @@ ## main #3361 +/- ## ========================================== + Coverage 95.75% 95.78% +0.03% ========================================== Files 100 100 Lines 6125 6170 +45 ========================================== + Hits 5865 5910 +45 Misses 260 260
Flag Coverage Δ
api_func_v4 83.79% <100.00%> (+0.11%) ⬆️
cli_func_v4 78.73% <100.00%> (+0.15%) ⬆️
unit 90.32% <100.00%> (+0.08%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
gitlab/client.py 98.55% <100.00%> (+<0.01%) ⬆️
gitlab/mixins.py 91.50% <ø> (ø)
gitlab/v4/objects/projects.py 98.95% <100.00%> (+<0.01%) ⬆️
gitlab/v4/objects/service_accounts.py 100.00% <100.00%> (ø)
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

syphernl mentioned this pull request Mar 21, 2026
Closed
JohnVillalovos force-pushed the feat/extend_service_accounts branch from b67174c to 611dd0f Compare April 18, 2026 17:13
JohnVillalovos requested a review from Copilot April 18, 2026 17:13
Copilot AI reviewed Apr 18, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Choose a reason Spam Abuse Off Topic Outdated Duplicate Resolved Low Quality Hide comment

Pull request overview

Adds first-class support for GitLab Service Accounts across instance, group, and project scopes in the python-gitlab v4 object model, including personal access token sub-resources for group/project service accounts, plus docs and unit tests to validate the new endpoints.

Changes:

  • Introduces instance-level gl.service_accounts with list/create/update (PATCH) and save() support.
  • Expands group-level service accounts with update (PATCH), delete, and a personal_access_tokens sub-resource (list/create/delete/rotate).
  • Adds project-level service accounts CRUD and a matching personal_access_tokens sub-resource, with docs + unit tests.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated no comments.

Show a summary per file File Description
gitlab/v4/objects/service_accounts.py Implements instance/group/project service account managers + token sub-resources (create/list/update/delete/rotate) using existing mixins.
gitlab/client.py Exposes instance-level service_accounts manager on the GitLab client (gl.service_accounts).
gitlab/v4/objects/projects.py Adds service_accounts manager typing/import so project.service_accounts is available.
tests/unit/objects/test_service_accounts.py Adds unit tests for service account operations and token sub-resource operations across instance/group/project levels.
docs/gl_objects/service_accounts.rst New documentation page covering usage for all scopes and token sub-resources.
docs/api-objects.rst Registers the new service accounts documentation page in the API objects docs index.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

JohnVillalovos approved these changes Apr 19, 2026
View reviewed changes
Copy link
Copy Markdown
Member

JohnVillalovos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Choose a reason Spam Abuse Off Topic Outdated Duplicate Resolved Low Quality Hide comment

Thanks @syphernl

LGTM

I'll give @nejch an opportunity to review this. But if he doesn't have time I'll plan on merging it on Monday. If I forget feel free to update this to remind me.

Copy link
Copy Markdown
Member

JohnVillalovos commented Apr 19, 2026
edited
Loading

Also, I'm okay with this as a follow-up or updating this commit.

It would be good to update gitlab/mixins.py the RotateMixin.rotate() method and the @cli.register_custom_action decorator.

Same for ObjectRotateMixin

Thanks!

syphernl requested a review from JohnVillalovos April 19, 2026 14:36
JohnVillalovos approved these changes Apr 20, 2026
View reviewed changes
Copy link
Copy Markdown
Member

JohnVillalovos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Choose a reason Spam Abuse Off Topic Outdated Duplicate Resolved Low Quality Hide comment

LGTM

Thanks @syphernl

JohnVillalovos force-pushed the feat/extend_service_accounts branch from 444c261 to 6f0f367 Compare April 20, 2026 17:16
syphernl and others added 2 commits April 20, 2026 17:15
feat(api): add full service account support at instance, group, and p…
50fc95a
…roject level
fix(mixins): register service account token classes in RotateMixin CL…
2666de0
…I actions Add GroupServiceAccountAccessTokenManager, ProjectServiceAccountAccessTokenManager, GroupServiceAccountAccessToken, and ProjectServiceAccountAccessToken to the cli.register_custom_action cls_names in RotateMixin and ObjectRotateMixin.
JohnVillalovos force-pushed the feat/extend_service_accounts branch from 6f0f367 to 2666de0 Compare April 21, 2026 00:15
JohnVillalovos enabled auto-merge (rebase) April 21, 2026 00:16
Hide details View details JohnVillalovos merged commit 2cf430b into python-gitlab:main Apr 21, 2026
16 checks passed
syphernl deleted the feat/extend_service_accounts branch April 21, 2026 06:48
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
Show hidden characters
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

JohnVillalovos JohnVillalovos approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Support group-level service-accounts

3 participants

Footer

© 2026 GitHub, Inc.