diff --git a/app/graphql/mutations/ci/project_ci_cd_settings_update.rb b/app/graphql/mutations/ci/project_ci_cd_settings_update.rb
index 934d62e92cf3d7ead4f84f0e852568a55baec95b..d214aa46cfc8aadeceb9967a0f7b97bb41633ff1 100644
--- a/app/graphql/mutations/ci/project_ci_cd_settings_update.rb
+++ b/app/graphql/mutations/ci/project_ci_cd_settings_update.rb
@@ -27,6 +27,10 @@ class ProjectCiCdSettingsUpdate < BaseMutation
description: 'Indicates CI/CD job tokens generated in other projects ' \
'have restricted access to this project.'
+ argument :opt_in_jwt, GraphQL::Types::Boolean,
+ required: false,
+ description: 'When disabled, the JSON Web Token is always available in all jobs in the pipeline.'
+
field :ci_cd_settings,
Types::Ci::CiCdSettingType,
null: false,
diff --git a/app/graphql/types/ci/ci_cd_setting_type.rb b/app/graphql/types/ci/ci_cd_setting_type.rb
index 574791b79e6b7f6654b1da30b3286fdbf7c6760f..dd6647b749dc1b5ecb15fddbdc6765b842975755 100644
--- a/app/graphql/types/ci/ci_cd_setting_type.rb
+++ b/app/graphql/types/ci/ci_cd_setting_type.rb
@@ -30,6 +30,11 @@ class CiCdSettingType < BaseObject
field :merge_trains_enabled, GraphQL::Types::Boolean, null: true,
description: 'Whether merge trains are enabled.',
method: :merge_trains_enabled?
+ field :opt_in_jwt,
+ GraphQL::Types::Boolean,
+ null: true,
+ description: 'When disabled, the JSON Web Token is always available in all jobs in the pipeline.',
+ method: :opt_in_jwt?
field :project, Types::ProjectType, null: true,
description: 'Project the CI/CD settings belong to.'
end
diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md
index 4bd7702474f8dca39084b7c96ea1f42534c5aa5b..01096eeb04b85b92ee71c097ecfe9c5256952dda 100644
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -1148,6 +1148,7 @@ Input type: `CiCdSettingsUpdateInput`
| `keepLatestArtifact` | [`Boolean`](#boolean) | Indicates if the latest artifact should be kept for the project. |
| `mergePipelinesEnabled` | [`Boolean`](#boolean) | Indicates if merge pipelines are enabled for the project. |
| `mergeTrainsEnabled` | [`Boolean`](#boolean) | Indicates if merge trains are enabled for the project. |
+| `optInJwt` | [`Boolean`](#boolean) | When disabled, the JSON Web Token is always available in all jobs in the pipeline. |
#### Fields
@@ -4458,6 +4459,7 @@ Input type: `ProjectCiCdSettingsUpdateInput`
| `keepLatestArtifact` | [`Boolean`](#boolean) | Indicates if the latest artifact should be kept for the project. |
| `mergePipelinesEnabled` | [`Boolean`](#boolean) | Indicates if merge pipelines are enabled for the project. |
| `mergeTrainsEnabled` | [`Boolean`](#boolean) | Indicates if merge trains are enabled for the project. |
+| `optInJwt` | [`Boolean`](#boolean) | When disabled, the JSON Web Token is always available in all jobs in the pipeline. |
#### Fields
@@ -18702,6 +18704,7 @@ four standard [pagination arguments](#connection-pagination-arguments):
| `keepLatestArtifact` | [`Boolean`](#boolean) | Whether to keep the latest builds artifacts. |
| `mergePipelinesEnabled` | [`Boolean`](#boolean) | Whether merge pipelines are enabled. |
| `mergeTrainsEnabled` | [`Boolean`](#boolean) | Whether merge trains are enabled. |
+| `optInJwt` | [`Boolean`](#boolean) | When disabled, the JSON Web Token is always available in all jobs in the pipeline. |
| `project` | [`Project`](#project) | Project the CI/CD settings belong to. |
### `ProjectMember`
diff --git a/spec/requests/api/graphql/ci/ci_cd_setting_spec.rb b/spec/requests/api/graphql/ci/ci_cd_setting_spec.rb
index 0437a30eccd95c0eadb2584eb2d35f4e879d3660..95cabfea2fc9d8f053837800e48dd97e3261f00a 100644
--- a/spec/requests/api/graphql/ci/ci_cd_setting_spec.rb
+++ b/spec/requests/api/graphql/ci/ci_cd_setting_spec.rb
@@ -50,6 +50,7 @@
expect(settings_data['jobTokenScopeEnabled']).to eql project.ci_cd_settings.job_token_scope_enabled?
expect(settings_data['inboundJobTokenScopeEnabled']).to eql(
project.ci_cd_settings.inbound_job_token_scope_enabled?)
+ expect(settings_data['optInJwt']).to eql project.ci_cd_settings.opt_in_jwt?
end
end
end
diff --git a/spec/requests/api/graphql/mutations/ci/project_ci_cd_settings_update_spec.rb b/spec/requests/api/graphql/mutations/ci/project_ci_cd_settings_update_spec.rb
index 7a6ee7c2ecca4815a16b8d9fa14329f3774b6148..99e55c44773ce90c4c51cd2b97b27599ffeea21a 100644
--- a/spec/requests/api/graphql/mutations/ci/project_ci_cd_settings_update_spec.rb
+++ b/spec/requests/api/graphql/mutations/ci/project_ci_cd_settings_update_spec.rb
@@ -18,7 +18,8 @@
full_path: project.full_path,
keep_latest_artifact: false,
job_token_scope_enabled: false,
- inbound_job_token_scope_enabled: false
+ inbound_job_token_scope_enabled: false,
+ opt_in_jwt: true
}
end
@@ -117,6 +118,15 @@
end
end
+ it 'updates ci_opt_in_jwt' do
+ post_graphql_mutation(mutation, current_user: user)
+
+ project.reload
+
+ expect(response).to have_gitlab_http_status(:success)
+ expect(project.ci_opt_in_jwt).to eq(true)
+ end
+
context 'when bad arguments are provided' do
let(:variables) { { full_path: '', keep_latest_artifact: false } }