New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add options to configure internal repo handling for GitLab #57858
Add options to configure internal repo handling for GitLab #57858
Conversation
Codenotify: Notifying subscribers in CODENOTIFY files for diff 17e8f2d...114d762.
|
doc/admin/external_service/gitlab.md
Outdated
} | ||
``` | ||
|
||
If you would like internal repositories to remain private, but you're experiencing issues where user permission syncs aren't granting access to internal repositories, you can add the following field instead: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
when would I experience these issues and how do I notice that I do?
repoVisibility := []string{"private"} | ||
if listInternalRepos { | ||
repoVisibility = append(repoVisibility, "internal") | ||
} | ||
|
||
// This method is meant to return only private or internal projects | ||
for _, visibility := range []string{"private", "internal"} { | ||
for _, visibility := range repoVisibility { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This changes the default here, correct? Would this cause any trouble to existing instances?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah I'm still thinking about this a bit. I'm flip-flopping a bit between what would be the better option.
I don't mind changing the default behaviour too much, as long as we mention it in the changelog. And the behavioural change won't be particularly destructive.
I'd just like to settle on a default behaviour that would work for most cases. Which might be: private internal repos with syncing enabled 🤔 will let it stew a bit
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We could probably just condense the settings to the single markInternalReposAsPublic
one? Since if they're public, you don't need permission syncs 🤔
internal/repos/gitlab.go
Outdated
provider: provider, | ||
client: client, | ||
logger: logger, | ||
markInternalReposAsPublic: (c.Authorization != nil) && c.Authorization.MarkInternalReposAsPublic, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hmm do we need that c.Authorization check here?
Is it to cover the case where someone sets it to false, but auth is off?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Authorization can be nil here if it is completely unset, so accessing .MarkInternalReposAsPublic
would throw a nil pointer exception
4b0c373
to
66f946d
Compare
(cherry picked from commit 2ea61e5)
Closes #57804
This PR adds an option to GitLab code host connections called
markInternalReposAsPublic
, which sets the visibility of all internal repos added by this code host connection totrue
, and an option to the GitLab auth provider calledsyncInternalRepoPermissions
.syncInternalRepoPermissions
are true by default, and can be set to false to optimise systems wheremarkInternalReposAsPublic
is set to true.Test plan
Unit tests updated. Set up and tested locally as well.