Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Group CI/CD Variables (group_secret_variables) not honoring protected and masked values #384

Closed
rossbeehler opened this issue Jun 8, 2022 · 6 comments
Closed

Group CI/CD Variables (group_secret_variables) not honoring protected and masked values #384

rossbeehler opened this issue Jun 8, 2022 · 6 comments
Labels
🐛bug 🦊gitlab issue

Comments

@rossbeehler
Copy link

Describe the bug

When adding a group_secret_variable like this:

    group_secret_variables:
      variable1:
        key: VARIABLE1
        value: VALUE1
        protected: false
        masked: false

The variable will be created with protected and masked as true.

Successive runs shows that the difference is understood:

Editing VARIABLE1 of group_secret_variables in group1

But it still doesn't update their values.

Only when you manually change the values to both false in the GitLab UI, will you get the following verbose output from gitlabform:

VARIABLE1 of group_secret_variables in group1 doesn't need an update.

GitLabForm version

GitLabForm version: 2.11.1.post3 = the latest stable

GitLab version

GitLab.com SaaS Premium Subscription on 15.1-pre
@amimas
Copy link
Collaborator

amimas commented Jun 10, 2022

Interesting. I have the same issue. The workaround is to double quote the boolean values of those keys ("false").

For CI CD variables, I'm still using gitlabform v1. Haven't had time to upgrade to v2. I was curious if the issue exists in v2. Sounds like it probably does.

Not sure if it's an issue with gitlabform or gitlab api. Didn't get time to investigate.

@gdubicki
Copy link
Member

gdubicki commented Jun 10, 2022
edited

Debug output shows that it seems to be a GitLab API bug as the request looks as in the GitLab API docs:

@ (1/1) Processing group: gitlabform_test_group
Processing section 'group_secret_variables'
https://git.company.com:443 "GET /api/v4/groups/gitlabform_test_group/variables?per_page=100 HTTP/1.1" 200 2
<--- json = (empty))
group_secret_variables BEFORE: ^^^
Adding variable1 of group_secret_variables in gitlabform_test_group
https://git.company.com:443 "POST /api/v4/groups/gitlabform_test_group/variables HTTP/1.1" 201 119
===> data = {"key": "VARIABLE1", "masked": false, "protected": false, "value": "VALUE123"}
<--- json = {"environment_scope": "*", "key": "VARIABLE1", "masked": true, "protected": true, "value": "VALUE123", "variable_type": "env_var"}
group_secret_variables AFTER: ^^^

Notably the project-level variables API does not behave like this.

gdubicki added a commit that referenced this issue Jun 10, 2022
@gdubicki
Workaround for #384 + test
70f9ac5
@amimas
Copy link
Collaborator

amimas commented Jun 11, 2022

Notably the project-level variables API does not behave like this.

That's right. For project level variables, those values can be boolean type.

gdubicki added a commit that referenced this issue Jun 15, 2022
@gdubicki
Workaround for #384 + test
dbf130b
@gdubicki
Copy link
Member

I have merged the workaround and released v2.12.0 with it. I will remove the workaround when/if GitLab will fix the bug in their code.

I reported the bug to GitLab here https://gitlab.com/gitlab-org/gitlab/-/issues/365317.

@rossbeehler, @amimas : can you please share your GitLab versions in case GitLab Devs will need this info?

@gdubicki
Copy link
Member

Closing as v2.12.0 effectively resolves the issue for the GitLabForm users.

@amimas
Copy link
Collaborator

amimas commented Jun 15, 2022

I'm currently using GitLab EE version 14.10. Can't recall how far in previous versions this bug exists. It's probably in 13.x.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
🐛bug 🦊gitlab issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gdubicki @rossbeehler @amimas