Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cater for gitlab.com service accounts #102

Closed
GavinCS opened this issue Jul 19, 2024 · 12 comments
Closed

Cater for gitlab.com service accounts #102

GavinCS opened this issue Jul 19, 2024 · 12 comments

Comments

@GavinCS
Copy link

GavinCS commented Jul 19, 2024

Currently service accounts are being treated as users as per self hosted.
However this does not allow for managing service account tokens on gitlab.com where the path is /groups/:id/service_accounts/:user_id/personal_access_tokens/

This results in 403's

"POST https://gitlab.com/api/v4/users/:id/personal_access_tokens: 403 {message: 403 Forbidden}"

Would it be possible to add a new token type for service accounts?
@GavinCS
Copy link
Author

GavinCS commented Jul 19, 2024
edited
Loading

Also noted that I can't use a service account token without an expiry date, which is allowed by gitlab

2024-07-19T17:35:36.511+0100 [DEBUG] secrets.gitlab.gitlab_3d07d388.gitlab.vault-plugin-secrets-gitlab: Current token info: error=<nil> token="map[access_level: created_at:2024-07-19T16:33:24.213Z expires_at:<nil> gitlab_revokes_token:false name:GITLAB AUTO ROTATE TOKEN parent_id: path: role_name: scopes:[api] token: token_id:+07 token_type:personal user_id:+07]" timestamp="2024-07-19T17:35:36.510+0100"
2024-07-19T17:35:36.513+0100 [DEBUG] secrets.gitlab.gitlab_3d07d388.gitlab.vault-plugin-secrets-gitlab: panic: runtime error: invalid memory address or nil pointer dereference

@ilijamt
Copy link
Owner

ilijamt commented Jul 22, 2024

I'll have to take a look. Currently, have limited time due to the summer holidays.

@GavinCS
Copy link
Author

GavinCS commented Jul 22, 2024
edited
Loading

@ilijamt thank you. I am currently working on a POC fix for non entry token. Are you happy for me to submit an MR?

@GavinCS
Copy link
Author

GavinCS commented Jul 31, 2024

#105

@ilijamt
Copy link
Owner

ilijamt commented Aug 16, 2024

Hey @GavinCS should look at this in the next couple of weeks.

@GavinCS
Copy link
Author

GavinCS commented Aug 16, 2024

Thanks @ilijamt I am using the forked version for now. We have had it running in our staging environment now for a week or so, will be able to confirm stability with hosted gitlab soon

@ilijamt
Copy link
Owner

ilijamt commented Aug 31, 2024

#110

@ilijamt
Copy link
Owner

ilijamt commented Oct 10, 2024
edited
Loading

@GavinCS sorry for the delay. Can you try #110 and let me know how it works for you?
You can now specify the type of service account you use. If you want it to be a group or a user service account.
Should make it more clear.

I've also added type to config so we can specify the type of Gitlab we run.

Let me know if you run into some problems?

@ilijamt
Copy link
Owner

ilijamt commented Oct 11, 2024

It's merged into main.

@ilijamt
Copy link
Owner

ilijamt commented Oct 12, 2024

Released under v0.5.0

@ilijamt ilijamt closed this as completed Oct 12, 2024
@ilijamt
Copy link
Owner

ilijamt commented Oct 12, 2024

Please reopen or create a new issues for any new found bugs or not working functionality.

@ilijamt
Copy link
Owner

ilijamt commented Oct 15, 2024

@GavinCS did you have some time to try it out? Everything worked out?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ilijamt @GavinCS