I am querying Gitlab group API using curl. The result I get when I use my PAT token is different than when I use the CI_JOB_TOKEN. The PAT token returns all the groups I have access to but using the CI_JOB_TOKEN returns a weird response. I read the CI_JOB_TOKEN has the same permission as the user running the pipeline.
'curl --header "--header "JOB-TOKEN: $CI_JOB_TOKEN" https://gitlab.com/api/v4/groups"'
Returns the below response which I have no idea what it is. It is not one of my groups:
teur-territoires/france-relance/","visibility":"public","share_with_group_lock":false,"require_two_factor_authentication":false,"two_factor_grace_period":48,"project_creation_level":"developer","auto_devops_enabled":null,"subgroup_creation_level":"maintainer","emails_disabled":null,"mentions_disabled":null,"lfs_enabled":true,"default_branch_protection":2,"avatar_url":"https://gitlab.com/uploads/-/system/group/avatar/16026247/france-relance-vert.png","request_access_enabled":true,"full_name":"🇫🇷 France Relance","full_path":"france-relance","created_at":"2022-02-05T20:55:13.007Z","parent_id":null,"ldap_cn":null,"ldap_access":null}]
While running with my PAT token, it returns the right results and in the right format:
curl --silent --header "PRIVATE-TOKEN: $MY_PAT_TOKEN" "https://gitlab.com/api/v4/groups"
[
{
"id": xxxxxx,
"web_url": "https://gitlab.com/groups/txxxxest",
"name": "xxxx",
"path": "xxxxx",
"description": "",
"visibility": "private",
"share_with_group_lock": false,
"require_two_factor_authentication": false,
"two_factor_grace_period": 48,
"project_creation_level": "developer",
"auto_devops_enabled": null,
"subgroup_creation_level": "maintainer",
"emails_disabled": null,
"mentions_disabled": null,
"lfs_enabled": true,
"default_branch_protection": 2,
"avatar_url": null,
"request_access_enabled": true,
"full_name": "xxxx",
"full_path": "xxxxx",
"created_at": "2023-01-29T08:41:38.696Z",
"parent_id": null,
"ldap_cn": null,
"ldap_access": null,
"marked_for_deletion_on": null
},
{
"id": xxxxxx,
"web_url": "https://gitlab.com/groups/xxxx",
"name": "xxx",
"path": "xxx",
"description": "",
"visibility": "private",
"share_with_group_lock": false,
"require_two_factor_authentication": false,
"two_factor_grace_period": 48,
"project_creation_level": "developer",
"auto_devops_enabled": null,
"subgroup_creation_level": "maintainer",
"emails_disabled": null,
"mentions_disabled": null,
"lfs_enabled": true,
"default_branch_protection": 2,
"avatar_url": null,
"request_access_enabled": true,
"full_name": "xxxxxn",
"full_path": "xxxxxx",
"created_at": "2023-01-29T13:58:49.800Z",
"parent_id": null,
"ldap_cn": null,
"ldap_access": null
}
I am not sure why it is exhibiting this behaviour. I dont want to manage a PAT token if I can use the CI_JOB_TOKEN