diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 74e294401..b19c36dbe 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -27,7 +27,7 @@ jobs: uses: goreleaser/goreleaser-action@v2.6.1 with: distribution: goreleaser - version: latest + version: v1.26.2 args: --rm-dist env: GITHUB_TOKEN: ${{ secrets.GO_RELEASER_TOKEN }} diff --git a/plugins/providers/gitlab/provider.go b/plugins/providers/gitlab/provider.go index d077eae64..42e4b32a8 100644 --- a/plugins/providers/gitlab/provider.go +++ b/plugins/providers/gitlab/provider.go @@ -162,6 +162,7 @@ func (p *provider) GrantAccess(ctx context.Context, pc *domain.ProviderConfig, g return fmt.Errorf("invalid grant permission: %q", g.Permissions[0]) } + empty := "" switch g.Resource.Type { case resourceTypeGroup: _, res, err := client.GroupMembers.AddGroupMember(g.Resource.URN, &gitlab.AddGroupMemberOptions{ @@ -171,6 +172,7 @@ func (p *provider) GrantAccess(ctx context.Context, pc *domain.ProviderConfig, g if res != nil && res.StatusCode == http.StatusConflict { _, _, err = client.GroupMembers.EditGroupMember(g.Resource.URN, userID, &gitlab.EditGroupMemberOptions{ AccessLevel: &accessLevel, + ExpiresAt: &empty, }) } if err != nil { @@ -184,6 +186,7 @@ func (p *provider) GrantAccess(ctx context.Context, pc *domain.ProviderConfig, g if res != nil && res.StatusCode == http.StatusConflict { _, _, err = client.ProjectMembers.EditProjectMember(g.Resource.URN, userID, &gitlab.EditProjectMemberOptions{ AccessLevel: &accessLevel, + ExpiresAt: &empty, }) } if err != nil { @@ -221,7 +224,8 @@ func (p *provider) RevokeAccess(ctx context.Context, pc *domain.ProviderConfig, var member *gitlab.GroupMember member, res, err = client.GroupMembers.GetGroupMember(g.Resource.URN, userID, gitlab.WithContext(ctx)) if member != nil && member.AccessLevel == accessLevel { - res, err = client.GroupMembers.RemoveGroupMember(g.Resource.URN, userID, &gitlab.RemoveGroupMemberOptions{}, gitlab.WithContext(ctx)) + trueBool := true + res, err = client.GroupMembers.RemoveGroupMember(g.Resource.URN, userID, &gitlab.RemoveGroupMemberOptions{SkipSubresources: &trueBool}, gitlab.WithContext(ctx)) } case resourceTypeProject: var member *gitlab.ProjectMember diff --git a/plugins/providers/gitlab/provider_test.go b/plugins/providers/gitlab/provider_test.go index d72fa7bca..a2bcc5c6f 100644 --- a/plugins/providers/gitlab/provider_test.go +++ b/plugins/providers/gitlab/provider_test.go @@ -278,6 +278,15 @@ func TestGrantAcccess(t *testing.T) { groupMemberDetailsEndpoint("1", "99"): func(w http.ResponseWriter, r *http.Request) { switch r.Method { case http.MethodPut: + t.Run("should reset expires_at", func(t *testing.T) { + var reqBody map[string]any + err := json.NewDecoder(r.Body).Decode(&reqBody) + require.NoError(t, err) + expAt, keyExists := reqBody["expires_at"] + + assert.True(t, keyExists) + assert.Empty(t, expAt) + }) w.WriteHeader(http.StatusOK) w.Write([]byte("{}")) default: @@ -330,6 +339,16 @@ func TestGrantAcccess(t *testing.T) { projectMemberDetailsEndpoint("1", "99"): func(w http.ResponseWriter, r *http.Request) { switch r.Method { case http.MethodPut: + t.Run("should reset expires_at", func(t *testing.T) { + var reqBody map[string]any + err := json.NewDecoder(r.Body).Decode(&reqBody) + require.NoError(t, err) + expAt, keyExists := reqBody["expires_at"] + + assert.True(t, keyExists) + assert.Empty(t, expAt) + }) + w.WriteHeader(http.StatusOK) w.Write([]byte("{}")) return @@ -414,6 +433,13 @@ func TestRevokeAccess(t *testing.T) { }`)) return case http.MethodDelete: // remove member + t.Run("should pass skip_subresources=true", func(t *testing.T) { + q := r.URL.Query() + skipSubresources, keyExists := q["skip_subresources"] + assert.True(t, keyExists) + assert.Equal(t, []string{"true"}, skipSubresources) + }) + w.WriteHeader(http.StatusNoContent) w.Write([]byte("")) return