Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unmet prerequisite: premium, but premium license is used #287

Closed
rndmh3ro opened this issue Jan 5, 2024 · 6 comments
Closed

Unmet prerequisite: premium, but premium license is used #287

rndmh3ro opened this issue Jan 5, 2024 · 6 comments
Labels
bug Something isn't working

Comments

@rndmh3ro
Copy link

rndmh3ro commented Jan 5, 2024
edited
Loading

TL;DR

Some checks are skipped because of Unmet prerequisite: premium.

We use Gitlab self-hosted and have a premium license. However the project I'm using legitify at, shows a default-plan.

Here's the namespace output (redacted):

> glab api /namespaces/34 | jq .
{
  "id": 34,
  "kind": "group",
  "parent_id": null,
  "plan": "default",
  "trial_ends_on": null,
  "trial": false
}

If I remove the premium-check from the rego-files, the checks work and show the correct result.

Expected behavior

The checks should not be skipped.

Observed behavior

No response

Version

from main branch

On which operating system are you using legitify?

Linux

Relevant log output

"missing_permissions": {},
  "skipped_policies": {
    "code_review_by_two_members_not_required": {
      "foo": "Unmet prerequisite: premium"
    },

Legitify Findings Summary:
+----+------------+--------------------------------+----------+--------+--------+---------+
| #  | Namespace  |             Policy             | Severity | Passed | Failed | Skipped |
+----+------------+--------------------------------+----------+--------+--------+---------+
| 1  | repository | Default Branch Should Require  | HIGH     | 0      | 0      | 1       |
|    |            | Code Review                    |          |        |        |         |
+----+------------+--------------------------------+----------+--------+--------+---------+

Additional information

No response
@rndmh3ro rndmh3ro added the bug Something isn't working label Jan 5, 2024
@noamd-legit
Copy link
Contributor

Hi @rndmh3ro, thank you for opening this issue.

The test to check if the group is premium checks that the plan is not free, so it shouldn't be the reason for the results you see:

func (c *Client) IsGroupPremium(group *gitlab.Group) bool {
	plan, err := c.GroupPlan(group)
	if err != nil {
		log.Printf("failed to get namespace for group %s %v", group.FullPath, err)
		return false
	}

	return plan != "free"
}

Please provide the error.log and permission.log from the legitify run

@rndmh3ro
Copy link
Author

rndmh3ro commented Jan 8, 2024

Sure, here they are:

{
  "missing_permissions": {},
  "skipped_policies": {
    "code_review_by_two_members_not_required": {
      "repo-azure": "Unmet prerequisite: premium"
    },
    "code_review_not_required": {
      "repo-azure": "Unmet prerequisite: premium"
    },
    "missing_default_branch_protection": {
      "repo-azure": "Unmet prerequisite: premium"
    },
    "missing_default_branch_protection_force_push": {
      "repo-azure": "Unmet prerequisite: premium"
    },
    "no_signed_commits": {
      "repo-azure": "Unmet prerequisite: premium"
    },
    "repository_allows_committer_approvals_policy": {
      "repo-azure": "Unmet prerequisite: premium"
    },
    "repository_allows_overriding_approvers": {
      "repo-azure": "Unmet prerequisite: premium"
    },
    "repository_dismiss_stale_reviews": {
      "repo-azure": "Unmet prerequisite: premium"
    },
    "repository_require_code_owner_reviews_policy": {
      "repo-azure": "Unmet prerequisite: premium"
    }
  }
}{
  "missing_permissions": {},
  "skipped_policies": {
    "code_review_by_two_members_not_required": {
      "repo-azure": "Unmet prerequisite: premium"
    },
    "code_review_not_required": {
      "repo-azure": "Unmet prerequisite: premium"
    },
    "missing_default_branch_protection": {
      "repo-azure": "Unmet prerequisite: premium"
    },
    "missing_default_branch_protection_force_push": {
      "repo-azure": "Unmet prerequisite: premium"
    },
    "no_signed_commits": {
      "repo-azure": "Unmet prerequisite: premium"
    },
    "repository_allows_committer_approvals_policy": {
      "repo-azure": "Unmet prerequisite: premium"
    },
    "repository_allows_overriding_approvers": {
      "repo-azure": "Unmet prerequisite: premium"
    },
    "repository_dismiss_stale_reviews": {
      "repo-azure": "Unmet prerequisite: premium"
    },
    "repository_require_code_owner_reviews_policy": {
      "repo-azure": "Unmet prerequisite: premium"
    }
  }


2024/01/08 08:57:24 2024/01/08 08:57:24 total entities for namespace repository: 1
2024/01/08 08:57:25 2024/01/08 08:57:25 couldn't find group example-group/subgroup

@noamd-legit
Copy link
Contributor

Thanks!
The error log captures the problem. Since we can find the group, we cant determine if it is premium or not (by default, it is not)

Are you the admin of this group?

Could you add the output this API call:

gitlab_api_endpoint.XX/groups?owned=true

@rndmh3ro
Copy link
Author

rndmh3ro commented Jan 9, 2024

This is the relevant group. I'm not admin as far as I know. :)

  {
    "id": 34,
    "web_url": "https://git.example.com/groups/example-group",
    "name": "example-group",
    "path": "example-group",
    "description": "",
    "visibility": "private",
    "share_with_group_lock": false,
    "require_two_factor_authentication": false,
    "two_factor_grace_period": 48,
    "project_creation_level": "developer",
    "auto_devops_enabled": null,
    "subgroup_creation_level": "owner",
    "emails_disabled": false,
    "emails_enabled": true,
    "mentions_disabled": null,
    "lfs_enabled": true,
    "default_branch_protection": 2,
    "default_branch_protection_defaults": {
      "allowed_to_push": [
        {
          "access_level": 30
        }
      ],
      "allow_force_push": true,
      "allowed_to_merge": [
        {
          "access_level": 30
        }
      ]
    },
    "avatar_url": "https://git.example.com/uploads/-/system/group/avatar/34/example-group.png",
    "request_access_enabled": false,
    "full_name": "example-group",
    "full_path": "example-group",
    "created_at": "2019-07-09T10:33:41.438Z",
    "parent_id": null,
    "shared_runners_setting": "enabled",
    "ldap_cn": "----",
    "ldap_access": 50,
    "ldap_group_links": [
      {
        "cn": "----",
        "group_access": 50,
        "provider": "ldapmain",
        "filter": null
      },
      {
        "cn": "grp.example-group",
        "group_access": 50,
        "provider": "ldapmain",
        "filter": null
      },
      {
        "cn": "6008-all",
        "group_access": 20,
        "provider": "ldapmain",
        "filter": null
      },
      {
        "cn": null,
        "group_access": 20,
        "provider": "ldapmain",
        "filter": "(cn=fnu-cred-scan)"
      },
    ],
    "marked_for_deletion_on": null,
    "wiki_access_level": "enabled"
  },
``

@noamd-legit noamd-legit mentioned this issue Jan 14, 2024
Merged
2 tasks
@noamd-legit
Copy link
Contributor

Thanks. It should be fixed in the main branch :)

@rndmh3ro
Copy link
Author

Indeed it is, thanks! :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rndmh3ro @noamd-legit