Allow admins to list all external remote repositories mirrored in Gitlab via a REST API

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Problem to solve

Development teams are mirroring to Gitlab several projects externally (ie GitHub, Bitbucket, ...) thanks to the repository mirroring feature. In order to get more control on an increasing list of mirrors, particularly for security/legal reasons but also to have an overview of these mirrors, we should have a REST API to list all (pull and push) remotely mirrored upstreams of a GitLab instance (ie filterable by internal or external) and their URL.

Currently, it's possible to crawl every project, and then for each of them get the mirrors' list; but having it natively implemented in Gitlab would be much more convenient (especially for large instances with very many projects).

	user story
who	as a Systems Administrator,
what	I want to get the list of all project mirrored with GitHub
why	so I can check easily/quickly if some sensitive data are exposed

Intended users

• Cameron (Compliance Manager)
• Sidney (Systems Administrator)
• Sam (Security Analyst)
• Alex (Security Operations Engineer)

Proposal

Add a REST endpoint that allows an administrator to list all projects with mirrors and their related mirrors.

[
  {
    "id": 4, 1️⃣
    "ssh_url_to_repo": "git@example.com:diaspora/diaspora-client.git",
    "http_url_to_repo": "http://example.com/diaspora/diaspora-client.git",
    "web_url": "http://example.com/diaspora/diaspora-client",
    "path": "diaspora-client",
    "path_with_namespace": "diaspora/diaspora-client"
    "remote_mirrors": [ 2️⃣
      {
        "enabled": true,
        "id": 101486,
        "last_error": null,
        "last_successful_update_at": "2020-01-06T17:32:02.823Z",
        "last_update_at": "2020-01-06T17:32:02.823Z",
        "last_update_started_at": "2020-01-06T17:31:55.864Z",
        "only_protected_branches": true,
        "keep_divergent_refs": true,
        "update_status": "finished",
        "url": "https://*****:*****@gitlab.com/gitlab-org/security/gitlab.git"
      },
      {
        "enabled": true,
        "id": 101489,
        ...
      }
    ]
  },
  {
    "id": 6, 1️⃣

  },
  ...
}

• the list of project's fields is not exhaustive (we should get the same fields as the "list all projects" API)
• 1️⃣ this is a project
• 2️⃣ this is a mirrors' list

Availability & Testing

🚧

What is the type of buyer?

• Skyler - the Chief Information Security Officer
• GitLab Premium