From 1696c8c73a5de2ef29a5031e7e19f615d8a10118 Mon Sep 17 00:00:00 2001
From: Chance Feick <cfeick@gitlab.com>
Date: Wed, 17 Dec 2025 18:01:26 -0800
Subject: [PATCH] Add group credentials inventory tags to REST API

---
 .rubocop_todo/api/description_tags.yml | 1 -
 ee/lib/api/manage/groups.rb            | 8 ++++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/.rubocop_todo/api/description_tags.yml b/.rubocop_todo/api/description_tags.yml
index dd3aaac4cc147e..f2cdb3ca1fe35e 100644
--- a/.rubocop_todo/api/description_tags.yml
+++ b/.rubocop_todo/api/description_tags.yml
@@ -27,7 +27,6 @@ API/DescriptionTags:
     - 'ee/lib/api/internal/ai/x_ray/scan.rb'
     - 'ee/lib/api/internal/search/zoekt.rb'
     - 'ee/lib/api/iterations.rb'
-    - 'ee/lib/api/manage/groups.rb'
     - 'ee/lib/api/project_google_cloud_integration.rb'
     - 'ee/lib/api/project_mirror.rb'
     - 'ee/lib/api/provider_identity.rb'
diff --git a/ee/lib/api/manage/groups.rb b/ee/lib/api/manage/groups.rb
index fae721e9a90b56..25fc1ee240f575 100644
--- a/ee/lib/api/manage/groups.rb
+++ b/ee/lib/api/manage/groups.rb
@@ -61,6 +61,7 @@ def validate_bot_tokens(token, bot_resource)
 
           desc 'Get Personal access tokens' do
             detail 'This feature was introduced in GitLab 17.8.'
+            tags ['group_credentials_inventory']
           end
           get do
             tokens = PersonalAccessTokensFinder.new(
@@ -81,6 +82,7 @@ def validate_bot_tokens(token, bot_resource)
 
           desc 'Revoke a personal access token for the group' do
             detail 'Revoke a personal access token by using the ID of the personal access token.'
+            tags ['group_credentials_inventory']
             success code: 204
             failure [
               { code: 400, message: 'Bad Request' }
@@ -97,6 +99,7 @@ def validate_bot_tokens(token, bot_resource)
 
           desc 'Rotate personal access token' do
             detail 'Rotates a personal access token.'
+            tags ['group_credentials_inventory']
             success Entities::PersonalAccessTokenWithToken
           end
           params do
@@ -128,6 +131,7 @@ def validate_bot_tokens(token, bot_resource)
 
           desc 'Get resource access tokens' do
             detail 'This feature was introduced in GitLab 17.10.'
+            tags ['group_credentials_inventory']
           end
           # rubocop:disable CodeReuse/ActiveRecord -- Specific to this endpoint
           get do
@@ -143,6 +147,7 @@ def validate_bot_tokens(token, bot_resource)
 
           desc 'Revoke a resource access token for the group' do
             detail 'Revoke a resource access token by using the ID of the resource access token.'
+            tags ['group_credentials_inventory']
             success code: 204
             failure [
               { code: 400, message: 'Bad Request' }
@@ -167,6 +172,7 @@ def validate_bot_tokens(token, bot_resource)
 
           desc 'Rotate a resource access token for the group' do
             detail 'Rotate a resource access token by using the ID of the resource access token.'
+            tags ['group_credentials_inventory']
             success code: 204
             failure [
               { code: 400, message: 'Bad Request' }
@@ -208,6 +214,7 @@ def validate_bot_tokens(token, bot_resource)
 
           desc "Get the ssh_keys for the user belonging to group" do
             detail 'This feature was introduced in GitLab 17.9.'
+            tags ['group_credentials_inventory']
             success Entities::SshKeyWithUserId
           end
           get feature_category: :system_access do
@@ -218,6 +225,7 @@ def validate_bot_tokens(token, bot_resource)
 
           desc 'Delete an existing SSH key' do
             detail 'Delete an existing SSH key by using the ID of the key.'
+            tags ['group_credentials_inventory']
             success code: 204
             failure [
               { code: 400, message: 'Bad Request' }
-- 
GitLab