-
Notifications
You must be signed in to change notification settings - Fork 87
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add allowed_to_create support for tag protection #551
Conversation
Codecov Report
Additional details and impacted files@@ Coverage Diff @@
## main #551 +/- ##
==========================================
+ Coverage 82.18% 82.96% +0.78%
==========================================
Files 70 70
Lines 2672 2689 +17
==========================================
+ Hits 2196 2231 +35
+ Misses 476 458 -18
|
@gdubicki - My first time trying to contributing a feature in gitlabform 😊 . I'm not sure how to handle the acceptance test since this is a premium feature. I've worked on it outside of daily work. So, I don't have access to a premium licensed repo. Do you have any suggestions? |
Hi @amimas! Thank you for working on this. :) You can write the acceptance test and run it on GitLab with premium license here, in GitHub actions. It requires an approval for a "deployment" as this is a way to secure the license from being, f.e. send over to some malicious user that would create a PR that would do that. As of now the permissions to approve such "deployment" have: you, @jimisola and me. :) |
Sounds good @gdubicki . I'll try out that approach, when I can look into this again. |
Hi @gdubicki - I'm having some trouble with this and wondering if you have time to help. I don't usually work with python. So, there could be improvements. But, right now I'm getting some unexpected failure from the acceptance test.
It's been time consuming to test out the change since I don't have a local gitlab instance with premium license. I could only try every change/commit in this PR. But, looking at the above error, it doesn't really make sense to me. According to protected tag api doc, the I did try similar data in a project in a gitlab instance I have access to. It worked fine in there. |
Very unfamiliar with this specific API but can you really have multiple user_id with a single allowed_to_create?
It does not say that it can be multiple user_id or? |
Hi @jimisola . yes you can have multiple user id or group id. If you look at the error message snippet I posted above, you'll see the api call that includes the data. I tried the same data in my work gitlab project and the protected tag was created as expected. Now that I think about it, initially it failed with a different error message. I had to add the |
The error is following as far as I can tell:
Just not sure why the API call is responding with |
@gdubicki - I signed up for a gitlab trial. Got a license for 30 days and that helped debug the issues locally. After a lot of trial and error, I was able to get this to work.
Originally the config was being passed to There is still one issues remaining. I'm able to get the test pass intermittently. Most of the time it fails with this error
Not sure why running into the above issue. Unless I missed it, the tests are written similar to branch protection test ( |
I just realized that I run into similar issue locally when I run the
Is it just an isolated local environment issue? Have you run into it before @gdubicki ? If the overall implementation looks good to you, I'll clean things up and add necessary documentations. When you get a chance, please have a look 🙏 . |
Yes, it's some flaky test, don't worry about it.
The PR looks great - the docs, the tests and the implementation! I particularly like how clear and easy to understand the tests are. Great job, thank you for your contribution! |
For GitLab Premium or Ultimate, tag protection can be done by specifying individual user or groups. This change adds support for that configuration by adding 'allowed_to_create' key that takes array of users, groups, and/or specific role.
Thanks for the review @gdubicki 🙏 |
Currently
gitlabform
does not support configuring tag protection using specific user(s) or group(s) as "Allowed to create". Only basic role can be set, such as: developer, maintainer, etc. Selecting individual user or group is a feature of Premium or Ultimate license.This change adds the ability to configure tag protection to be set to individual users or groups. They can be set as a user/group ID or their names. For example with a config like below, a tag named
special-tag-blah
can only be created by either userJane.Doe
, or user whose ID is123
or, users who are member of the groupfoo-bar
.To Dos:
closes #505