Skip to content

Commit

Permalink
fix(gitlab): fix gitlab access & revoke behaviour (#158)
Browse files Browse the repository at this point in the history
* fix(gitlab): reset expires_at value on edit membership

* fix(gitlab): skip sub-resources revoke on group revoke

* chore: fixed go releaser version

---------

Co-authored-by: Ayushi Sharma <[email protected]>
  • Loading branch information
rahmatrhd and Ayushi Sharma authored Jun 6, 2024
1 parent b443fc2 commit be81a3b
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 2 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ jobs:
uses: goreleaser/[email protected]
with:
distribution: goreleaser
version: latest
version: v1.26.2
args: --rm-dist
env:
GITHUB_TOKEN: ${{ secrets.GO_RELEASER_TOKEN }}
6 changes: 5 additions & 1 deletion plugins/providers/gitlab/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -162,6 +162,7 @@ func (p *provider) GrantAccess(ctx context.Context, pc *domain.ProviderConfig, g
return fmt.Errorf("invalid grant permission: %q", g.Permissions[0])
}

empty := ""
switch g.Resource.Type {
case resourceTypeGroup:
_, res, err := client.GroupMembers.AddGroupMember(g.Resource.URN, &gitlab.AddGroupMemberOptions{
Expand All @@ -171,6 +172,7 @@ func (p *provider) GrantAccess(ctx context.Context, pc *domain.ProviderConfig, g
if res != nil && res.StatusCode == http.StatusConflict {
_, _, err = client.GroupMembers.EditGroupMember(g.Resource.URN, userID, &gitlab.EditGroupMemberOptions{
AccessLevel: &accessLevel,
ExpiresAt: &empty,
})
}
if err != nil {
Expand All @@ -184,6 +186,7 @@ func (p *provider) GrantAccess(ctx context.Context, pc *domain.ProviderConfig, g
if res != nil && res.StatusCode == http.StatusConflict {
_, _, err = client.ProjectMembers.EditProjectMember(g.Resource.URN, userID, &gitlab.EditProjectMemberOptions{
AccessLevel: &accessLevel,
ExpiresAt: &empty,
})
}
if err != nil {
Expand Down Expand Up @@ -221,7 +224,8 @@ func (p *provider) RevokeAccess(ctx context.Context, pc *domain.ProviderConfig,
var member *gitlab.GroupMember
member, res, err = client.GroupMembers.GetGroupMember(g.Resource.URN, userID, gitlab.WithContext(ctx))
if member != nil && member.AccessLevel == accessLevel {
res, err = client.GroupMembers.RemoveGroupMember(g.Resource.URN, userID, &gitlab.RemoveGroupMemberOptions{}, gitlab.WithContext(ctx))
trueBool := true
res, err = client.GroupMembers.RemoveGroupMember(g.Resource.URN, userID, &gitlab.RemoveGroupMemberOptions{SkipSubresources: &trueBool}, gitlab.WithContext(ctx))
}
case resourceTypeProject:
var member *gitlab.ProjectMember
Expand Down
26 changes: 26 additions & 0 deletions plugins/providers/gitlab/provider_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -278,6 +278,15 @@ func TestGrantAcccess(t *testing.T) {
groupMemberDetailsEndpoint("1", "99"): func(w http.ResponseWriter, r *http.Request) {
switch r.Method {
case http.MethodPut:
t.Run("should reset expires_at", func(t *testing.T) {
var reqBody map[string]any
err := json.NewDecoder(r.Body).Decode(&reqBody)
require.NoError(t, err)
expAt, keyExists := reqBody["expires_at"]

assert.True(t, keyExists)
assert.Empty(t, expAt)
})
w.WriteHeader(http.StatusOK)
w.Write([]byte("{}"))
default:
Expand Down Expand Up @@ -330,6 +339,16 @@ func TestGrantAcccess(t *testing.T) {
projectMemberDetailsEndpoint("1", "99"): func(w http.ResponseWriter, r *http.Request) {
switch r.Method {
case http.MethodPut:
t.Run("should reset expires_at", func(t *testing.T) {
var reqBody map[string]any
err := json.NewDecoder(r.Body).Decode(&reqBody)
require.NoError(t, err)
expAt, keyExists := reqBody["expires_at"]

assert.True(t, keyExists)
assert.Empty(t, expAt)
})

w.WriteHeader(http.StatusOK)
w.Write([]byte("{}"))
return
Expand Down Expand Up @@ -414,6 +433,13 @@ func TestRevokeAccess(t *testing.T) {
}`))
return
case http.MethodDelete: // remove member
t.Run("should pass skip_subresources=true", func(t *testing.T) {
q := r.URL.Query()
skipSubresources, keyExists := q["skip_subresources"]
assert.True(t, keyExists)
assert.Equal(t, []string{"true"}, skipSubresources)
})

w.WriteHeader(http.StatusNoContent)
w.Write([]byte(""))
return
Expand Down

0 comments on commit be81a3b

Please sign in to comment.