[BB-1128] Add uhttp client by aldevv · Pull Request #44 · ConductorOne/baton-gitlab

aldevv · 2025-07-21T15:34:49Z

Description

Bug fix
New feature

Useful links:

pkg/connector/gitlab/groups_endpoints.go

pkg/connector/users_onprem.go

cursor

Bug: LogBody Function Causes Panics and Data Loss

The logBody function reads the HTTP response body for logging. This introduces two issues: it does not check if response.Body is nil, which can cause a panic; and it consumes the body, making it unavailable for subsequent reads by other components (e.g., client.go, uhttp framework) that expect to process it.

pkg/onprem/helpers.go#L12-L25

baton-gitlab/pkg/onprem/helpers.go

Lines 12 to 25 in 10fa8a8

    
           func logBody(ctx context.Context, response *http.Response) { 
        
           	if response == nil { 
        
           		return 
        
           	} 
        
           	l := ctxzap.Extract(ctx) 
        
           	body := make([]byte, 10000) 
        
           	n, err := response.Body.Read(body) 
        
           	if err != nil { 
        
           		l.Error("error reading response body", zap.Error(err)) 
        
           		return 
        
           	} 
        
           	l.Info("response body: ", zap.String("body", string(body[:n]))) 
        
           }

Fix in Cursor • Fix in Web

Bug: API Error Masked as Success

The ListExternalGroupMembers function incorrectly returns a nil error and potentially invalid users data when the GitLab API responds with a 403 Forbidden status code. This misrepresents an API error as a successful operation, leading to consumers receiving corrupted or incomplete data.

pkg/connector/gitlab/groups_endpoints.go#L59-L76

baton-gitlab/pkg/connector/gitlab/groups_endpoints.go

Lines 59 to 76 in 10fa8a8

    
           func (o *Client) ListExternalGroupMembers(ctx context.Context, groupId string) ([]*gitlabSDK.PendingInvite, *gitlabSDK.Response, error) { 
        
           	users, res, err := o.Invites.ListPendingGroupInvitations(groupId, &gitlabSDK.ListPendingInvitationsOptions{ 
        
           		ListOptions: gitlabSDK.ListOptions{}, 
        
           	}, 
        
           		gitlabSDK.WithContext(ctx), 
        
           	) 
        
           	if err != nil { 
        
           		if res == nil { 
        
           			return nil, nil, fmt.Errorf("gitlab-connector: error listing external group members: %w", err) 
        
           		} 
        
           		// handle the case where the user does not have permissions to the external group 
        
           		if res.StatusCode != http.StatusForbidden { 
        
           			return nil, res, err 
        
           		} 
        
           	} 
        
           	return users, res, nil 
        
           }

Fix in Cursor • Fix in Web

Was this report helpful? Give feedback by reacting with 👍 or 👎

luisina-santos

we should remove gitlabSDK usages for all versions as part of this change

luisina-santos

I think it's okay as initial PR, we could remove the sdk in a next PR?

aldevv added 6 commits July 17, 2025 16:25

add uhttp client for onprem calls

d6ecdf3

add skeleton for onprem users

c976fc6

add onprem users and cloud users

8f54c57

fix edge case listing external group members

58b6080

fix account provisioning for onprem users

24655e5

improve error message

a3b9a15

aldevv requested review from a team and btipling July 21, 2025 15:35

This comment was marked as outdated.

Sign in to view

btipling reviewed Jul 21, 2025

View reviewed changes

pkg/connector/gitlab/groups_endpoints.go Show resolved Hide resolved

pkg/connector/users_onprem.go Show resolved Hide resolved

pkg/connector/users_onprem.go Outdated Show resolved Hide resolved

add suggestions

10fa8a8

cursor bot reviewed Jul 21, 2025

View reviewed changes

btipling approved these changes Jul 21, 2025

View reviewed changes

luisina-santos requested changes Jul 21, 2025

View reviewed changes

luisina-santos self-requested a review July 21, 2025 20:01

luisina-santos approved these changes Jul 21, 2025

View reviewed changes

btipling merged commit abc0bc9 into main Jul 22, 2025
5 checks passed

btipling deleted the add_uhttp_client branch July 22, 2025 15:41

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[BB-1128] Add uhttp client#44

[BB-1128] Add uhttp client#44
btipling merged 7 commits intomainfrom
add_uhttp_client

aldevv commented Jul 21, 2025

Uh oh!

This comment was marked as outdated.

Uh oh!

Uh oh!

Uh oh!

Uh oh!

cursor bot left a comment

Uh oh!

luisina-santos left a comment

Uh oh!

luisina-santos left a comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants


	func logBody(ctx context.Context, response *http.Response) {
	if response == nil {
	return
	}
	l := ctxzap.Extract(ctx)
	body := make([]byte, 10000)
	n, err := response.Body.Read(body)
	if err != nil {
	l.Error("error reading response body", zap.Error(err))
	return
	}
	l.Info("response body: ", zap.String("body", string(body[:n])))
	}


	func (o Client) ListExternalGroupMembers(ctx context.Context, groupId string) ([]gitlabSDK.PendingInvite, *gitlabSDK.Response, error) {
	users, res, err := o.Invites.ListPendingGroupInvitations(groupId, &gitlabSDK.ListPendingInvitationsOptions{
	ListOptions: gitlabSDK.ListOptions{},
	},
	gitlabSDK.WithContext(ctx),
	)
	if err != nil {
	if res == nil {
	return nil, nil, fmt.Errorf("gitlab-connector: error listing external group members: %w", err)
	}
	// handle the case where the user does not have permissions to the external group
	if res.StatusCode != http.StatusForbidden {
	return nil, res, err
	}
	}
	return users, res, nil
	}

Conversation

aldevv commented Jul 21, 2025

Description

Useful links:

Uh oh!

This comment was marked as outdated.

Uh oh!

Uh oh!

Uh oh!

Uh oh!

cursor bot left a comment

Choose a reason for hiding this comment

Bug: LogBody Function Causes Panics and Data Loss

Bug: API Error Masked as Success

Uh oh!

luisina-santos left a comment

Choose a reason for hiding this comment

Uh oh!

luisina-santos left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants