├── .gitignore ├── .travis.yml ├── Dockerfile ├── Gopkg.lock ├── Gopkg.toml ├── LICENSE ├── README.md ├── gitlabclient ├── gitlab_client_common.go ├── gitlab_read_client.go ├── gitlab_read_client_test.go └── gitlab_write_client.go ├── glk8smain └── main.go ├── helm └── gitlab-integrator │ ├── .helmignore │ ├── Chart.yaml │ └── values.yaml ├── k8sclient ├── k8s_client_common.go ├── k8s_client_group_role_bindings.go ├── k8s_client_group_role_bindings_test.go ├── k8s_client_limit_range.go ├── k8s_client_namespaces.go ├── k8s_client_project_role_bindings.go └── k8s_client_service_accounts.go ├── main.go ├── usecases ├── custom_roles_usecase.go ├── custom_roles_usecases_test.go ├── sync_usecase.go ├── util.go └── webhook_usecase.go └── webhooklistener └── rest_controller.go /.gitignore: -------------------------------------------------------------------------------- 1 | # Compiled Object files, Static and Dynamic libs (Shared Objects) 2 | *.o 3 | *.a 4 | *.so 5 | 6 | # Folders 7 | _obj 8 | _test 9 | .vscode 10 | bin 11 | 12 | # Architecture specific extensions/prefixes 13 | *.[568vq] 14 | [568vq].out 15 | 16 | *.cgo1.go 17 | *.cgo2.c 18 | _cgo_defun.c 19 | _cgo_gotypes.go 20 | _cgo_export.* 21 | 22 | _testmain.go 23 | 24 | *.exe 25 | *.test 26 | *.prof 27 | notes.txt 28 | Godeps/Readme 29 | Godeps/_workspace 30 | ### https://raw.github.com/github/gitignore/14b7566ce157ce95b07006466bacee160f242284/Global/Vim.gitignore 31 | 32 | [._]*.s[a-w][a-z] 33 | [._]s[a-w][a-z] 34 | *.un~ 35 | Session.vim 36 | .netrwhist 37 | *~ 38 | 39 | # Glade will recreate this, so don't need in source control 40 | vendor/ 41 | \.idea/ 42 | 43 | signing\.priv 44 | 45 | signing\.pub 46 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/k8s-tamias/gitlab-k8s-integrator/73116f3f4a343e14d3b7e14f54a6a9c18dbe000e/.travis.yml -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.8 2 | 3 | MAINTAINER christianhuening@googlemail.com 4 | 5 | # K8s LDAP Connector runs on 8080 6 | EXPOSE 8080 7 | 8 | RUN apk add --no-cache ca-certificates 9 | 10 | ADD gitlab-k8s-integrator /app/ 11 | 12 | WORKDIR /app 13 | 14 | ENTRYPOINT ["./gitlab-k8s-integrator"] -------------------------------------------------------------------------------- /Gopkg.lock: -------------------------------------------------------------------------------- 1 | # This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'. 2 | 3 | 4 | [[projects]] 5 | name = "github.com/PuerkitoBio/purell" 6 | packages = ["."] 7 | revision = "8a290539e2e8629dbc4e6bad948158f790ec31f4" 8 | version = "v1.0.0" 9 | 10 | [[projects]] 11 | name = "github.com/PuerkitoBio/urlesc" 12 | packages = ["."] 13 | revision = "5bd2802263f21d8788851d5305584c82a5c75d7e" 14 | 15 | [[projects]] 16 | name = "github.com/emicklei/go-restful" 17 | packages = [".","log"] 18 | revision = "ff4f55a206334ef123e4f79bbf348980da81ca46" 19 | 20 | [[projects]] 21 | name = "github.com/ghodss/yaml" 22 | packages = ["."] 23 | revision = "73d445a93680fa1a78ae23a5839bad48f32ba1ee" 24 | 25 | [[projects]] 26 | name = "github.com/go-openapi/jsonpointer" 27 | packages = ["."] 28 | revision = "46af16f9f7b149af66e5d1bd010e3574dc06de98" 29 | 30 | [[projects]] 31 | name = "github.com/go-openapi/jsonreference" 32 | packages = ["."] 33 | revision = "13c6e3589ad90f49bd3e3bbe2c2cb3d7a4142272" 34 | 35 | [[projects]] 36 | name = "github.com/go-openapi/spec" 37 | packages = ["."] 38 | revision = "6aced65f8501fe1217321abf0749d354824ba2ff" 39 | 40 | [[projects]] 41 | name = "github.com/go-openapi/swag" 42 | packages = ["."] 43 | revision = "1d0bd113de87027671077d3c71eb3ac5d7dbba72" 44 | 45 | [[projects]] 46 | name = "github.com/gogo/protobuf" 47 | packages = ["proto","sortkeys"] 48 | revision = "c0656edd0d9eab7c66d1eb0c568f9039345796f7" 49 | 50 | [[projects]] 51 | name = "github.com/golang/glog" 52 | packages = ["."] 53 | revision = "44145f04b68cf362d9c4df2182967c2275eaefed" 54 | 55 | [[projects]] 56 | branch = "master" 57 | name = "github.com/golang/protobuf" 58 | packages = ["proto","ptypes","ptypes/any","ptypes/duration","ptypes/timestamp"] 59 | revision = "1e59b77b52bf8e4b449a57e6f79f21226d571845" 60 | 61 | [[projects]] 62 | branch = "master" 63 | name = "github.com/google/btree" 64 | packages = ["."] 65 | revision = "316fb6d3f031ae8f4d457c6c5186b9e3ded70435" 66 | 67 | [[projects]] 68 | name = "github.com/google/gofuzz" 69 | packages = ["."] 70 | revision = "44d81051d367757e1c7c6a5a86423ece9afcf63c" 71 | 72 | [[projects]] 73 | name = "github.com/googleapis/gnostic" 74 | packages = ["OpenAPIv2","compiler","extensions"] 75 | revision = "ee43cbb60db7bd22502942cccbc39059117352ab" 76 | version = "v0.1.0" 77 | 78 | [[projects]] 79 | branch = "master" 80 | name = "github.com/gregjones/httpcache" 81 | packages = [".","diskcache"] 82 | revision = "2bcd89a1743fd4b373f7370ce8ddc14dfbd18229" 83 | 84 | [[projects]] 85 | name = "github.com/json-iterator/go" 86 | packages = ["."] 87 | revision = "f7279a603edee96fe7764d3de9c6ff8cf9970994" 88 | version = "1.0.4" 89 | 90 | [[projects]] 91 | branch = "master" 92 | name = "github.com/juju/ratelimit" 93 | packages = ["."] 94 | revision = "5b9ff866471762aa2ab2dced63c9fb6f53921342" 95 | 96 | [[projects]] 97 | name = "github.com/mailru/easyjson" 98 | packages = ["buffer","jlexer","jwriter"] 99 | revision = "d5b7844b561a7bc640052f1b935f7b800330d7e0" 100 | 101 | [[projects]] 102 | branch = "master" 103 | name = "github.com/petar/GoLLRB" 104 | packages = ["llrb"] 105 | revision = "53be0d36a84c2a886ca057d34b6aa4468df9ccb4" 106 | 107 | [[projects]] 108 | name = "github.com/peterbourgon/diskv" 109 | packages = ["."] 110 | revision = "5f041e8faa004a95c88a202771f4cc3e991971e6" 111 | version = "v2.0.1" 112 | 113 | [[projects]] 114 | name = "github.com/peterhellberg/link" 115 | packages = ["."] 116 | revision = "d1cebc7ea14a5fc0de7cb4a45acae773161642c6" 117 | version = "v1.0.0" 118 | 119 | [[projects]] 120 | name = "github.com/pkg/errors" 121 | packages = ["."] 122 | revision = "645ef00459ed84a119197bfb8d8205042c6df63d" 123 | version = "v0.8.0" 124 | 125 | [[projects]] 126 | name = "github.com/spf13/pflag" 127 | packages = ["."] 128 | revision = "9ff6c6923cfffbcd502984b8e0c80539a94968b7" 129 | 130 | [[projects]] 131 | name = "golang.org/x/net" 132 | packages = ["http2","http2/hpack","idna","lex/httplex"] 133 | revision = "f2499483f923065a842d38eb4c7f1927e6fc6e6d" 134 | 135 | [[projects]] 136 | name = "golang.org/x/text" 137 | packages = ["cases","internal/gen","internal/tag","internal/triegen","internal/ucd","language","runes","secure/bidirule","secure/precis","transform","unicode/bidi","unicode/cldr","unicode/norm","unicode/rangetable","width"] 138 | revision = "2910a502d2bf9e43193af9d68ca516529614eed3" 139 | 140 | [[projects]] 141 | name = "gopkg.in/inf.v0" 142 | packages = ["."] 143 | revision = "3887ee99ecf07df5b447e9b00d9c0b2adaa9f3e4" 144 | version = "v0.9.0" 145 | 146 | [[projects]] 147 | name = "gopkg.in/yaml.v2" 148 | packages = ["."] 149 | revision = "53feefa2559fb8dfa8d81baad31be332c97d6c77" 150 | 151 | [[projects]] 152 | branch = "release-1.9" 153 | name = "k8s.io/api" 154 | packages = ["admissionregistration/v1alpha1","admissionregistration/v1beta1","apps/v1","apps/v1beta1","apps/v1beta2","authentication/v1","authentication/v1beta1","authorization/v1","authorization/v1beta1","autoscaling/v1","autoscaling/v2beta1","batch/v1","batch/v1beta1","batch/v2alpha1","certificates/v1beta1","core/v1","events/v1beta1","extensions/v1beta1","networking/v1","policy/v1beta1","rbac/v1","rbac/v1alpha1","rbac/v1beta1","scheduling/v1alpha1","settings/v1alpha1","storage/v1","storage/v1alpha1","storage/v1beta1"] 155 | revision = "006a217681ae70cbacdd66a5e2fca1a61a8ff28e" 156 | 157 | [[projects]] 158 | branch = "release-1.9" 159 | name = "k8s.io/apimachinery" 160 | packages = ["pkg/api/errors","pkg/api/meta","pkg/api/resource","pkg/apis/meta/v1","pkg/apis/meta/v1/unstructured","pkg/apis/meta/v1alpha1","pkg/conversion","pkg/conversion/queryparams","pkg/fields","pkg/labels","pkg/runtime","pkg/runtime/schema","pkg/runtime/serializer","pkg/runtime/serializer/json","pkg/runtime/serializer/protobuf","pkg/runtime/serializer/recognizer","pkg/runtime/serializer/streaming","pkg/runtime/serializer/versioning","pkg/selection","pkg/types","pkg/util/clock","pkg/util/errors","pkg/util/framer","pkg/util/intstr","pkg/util/json","pkg/util/net","pkg/util/runtime","pkg/util/sets","pkg/util/validation","pkg/util/validation/field","pkg/util/wait","pkg/util/yaml","pkg/version","pkg/watch","third_party/forked/golang/reflect"] 161 | revision = "68f9c3a1feb3140df59c67ced62d3a5df8e6c9c2" 162 | 163 | [[projects]] 164 | branch = "release-6.0" 165 | name = "k8s.io/client-go" 166 | packages = ["discovery","kubernetes","kubernetes/scheme","kubernetes/typed/admissionregistration/v1alpha1","kubernetes/typed/admissionregistration/v1beta1","kubernetes/typed/apps/v1","kubernetes/typed/apps/v1beta1","kubernetes/typed/apps/v1beta2","kubernetes/typed/authentication/v1","kubernetes/typed/authentication/v1beta1","kubernetes/typed/authorization/v1","kubernetes/typed/authorization/v1beta1","kubernetes/typed/autoscaling/v1","kubernetes/typed/autoscaling/v2beta1","kubernetes/typed/batch/v1","kubernetes/typed/batch/v1beta1","kubernetes/typed/batch/v2alpha1","kubernetes/typed/certificates/v1beta1","kubernetes/typed/core/v1","kubernetes/typed/events/v1beta1","kubernetes/typed/extensions/v1beta1","kubernetes/typed/networking/v1","kubernetes/typed/policy/v1beta1","kubernetes/typed/rbac/v1","kubernetes/typed/rbac/v1alpha1","kubernetes/typed/rbac/v1beta1","kubernetes/typed/scheduling/v1alpha1","kubernetes/typed/settings/v1alpha1","kubernetes/typed/storage/v1","kubernetes/typed/storage/v1alpha1","kubernetes/typed/storage/v1beta1","pkg/version","rest","rest/watch","tools/clientcmd/api","tools/metrics","tools/reference","transport","util/cert","util/flowcontrol","util/integer"] 167 | revision = "9389c055a838d4f208b699b3c7c51b70f2368861" 168 | 169 | [[projects]] 170 | branch = "master" 171 | name = "k8s.io/kube-openapi" 172 | packages = ["pkg/common"] 173 | revision = "39a7bf85c140f972372c2a0d1ee40adbf0c8bfe1" 174 | 175 | [solve-meta] 176 | analyzer-name = "dep" 177 | analyzer-version = 1 178 | inputs-digest = "2c20185b25b6a9478cf64f7c749c86db98f6e575475df8748b0296e2c4542bef" 179 | solver-name = "gps-cdcl" 180 | solver-version = 1 181 | -------------------------------------------------------------------------------- /Gopkg.toml: -------------------------------------------------------------------------------- 1 | # Override the version due to issue: kubernetes/apimachinery#46 2 | [[override]] 3 | name = "github.com/json-iterator/go" 4 | version = "v1.1.5" 5 | 6 | [[constraint]] 7 | name = "github.com/pkg/errors" 8 | version = "0.8.0" 9 | 10 | [[constraint]] 11 | name = "k8s.io/apimachinery" 12 | version = "kubernetes-1.13.1" 13 | 14 | [[override]] 15 | name = "gopkg.in/yaml.v2" 16 | version = "2.2.2" 17 | 18 | [[constraint]] 19 | name = "k8s.io/client-go" 20 | version = "kubernetes-1.13.1" 21 | 22 | [[constraint]] 23 | name = "k8s.io/api" 24 | version = "kubernetes-1.13.1" 25 | 26 | [[constraint]] 27 | name = "github.com/peterhellberg/link" 28 | version = "v1.0.0" -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright {yyyy} {name of copyright owner} 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Kubernetes Gitlab Integrator Service 2 | 3 | [![Go Report Card](https://goreportcard.com/badge/github.com/k8s-tamias/gitlab-k8s-integrator)](https://goreportcard.com/report/github.com/k8s-tamias/gitlab-k8s-integrator) 4 | [![GoDoc](https://godoc.org/github.com/k8s-tamias/gitlab-k8s-integrator?status.svg)](https://godoc.org/github.com/k8s-tamias/gitlab-k8s-integrator) 5 | [![Docker](https://img.shields.io/docker/pulls/chrishuen/gitlab-k8s-integrator.svg)](https://img.shields.io/docker/pulls/chrishuen/gitlab-k8s-integrator.svg) 6 | 7 | This service consumes Gitlab Webhook Calls and translates them into namespaces and roles in Kubernetes. Every Gitlab Group, 8 | Project and User Repository (Private Namespace) is turned into a namespace on Kubernetes. 9 | 10 | Users in Gitlab are then bound to the roles according to their membership in Gitlab. A change has immediate effect to K8s 11 | due to the use of Gitlab Webhooks. Additionally the Integrator has a recurring job which synchronizes the state of Gitlab 12 | with Kubernetes to ensure that the two systems do not drift appart due to lost events. In case of a conflict, Gitlab will act as the authorative system. 13 | 14 | ### Namespaces will be created according to the following scheme: 15 | 16 | 17 | | Gitlab | K8s | Example | 18 | | ------------- |:-------------:|:-------:| 19 | | Personal Repositories| Namespace of the same name | student-Bob -> student-bob 20 | | Groups | Namespace of the same name | Foo-Group -> foo-group 21 | | Sub-Groups | Namespaces of the same name, prefixed with "$GroupName$-". | Foo-Group/bar-subgroup -> foo-group-bar-subgroup 22 | | Projects | Namespace of the same name, prefixed with "$GroupName$-" and "$SubGroupName$-" if applicable | Foo-Group/bar-subgroup/MyProject -> foo-group-bar-subgroup-myproject 23 | 24 | #### Additional Rules: 25 | - All Gitlab Names will be lower cased in K8s 26 | - "_" and "." in Gitlab Names will be swapped for "-" in K8s Namespaces 27 | - If a namespace-name is already taken due to group and sub-group concatenation (e.g. foo-group/bar-project vs. foo-group-bar-project as single group name) 28 | a counter will be added to at the end of the namespace name with a "-" as prefix. I.e.: Gitlab Group "foo_bar" becomes K8s namespace 29 | "foo-bar". A new Gitlab group by the name of "foo.bar" would now become "foo-bar-1". 30 | - To avoid wrong deletion, a label with `gitlab-origin` is added to each namespace which is used to discover the correct 31 | namespace when attempting to delete a namespace. 32 | - If namespace is present by name, but does not have a gitlab-origin label attached AND is not(!) labeled with 33 | 'gitlab-ignored' it get's labeled with its origin name. 34 | 35 | ### Webhook Feature 36 | 37 | This service provides an endpoint which, if registered with [Gitlab for System Hooks](https://docs.gitlab.com/ee/system_hooks/system_hooks.html), provides support for 38 | all the push events which refer to the state of Groups, Projects and Users as well as their respective members. So every 39 | change in Gitlab will be directly and promptly reflected through this webhook. 40 | 41 | The endpoint is: **/hook** 42 | 43 | Note: Renaming Groups or Projects and transferring projects results in the deletion and recreation of the corresponding namespace 44 | in Kubernetes. Thus all contents of the original namespace will be deleted as well. 45 | 46 | In the case that the service is offline of for some other reason misses a webhook call, a sync mechanism is provided (see below). 47 | 48 | ### Sync Feature 49 | 50 | In addition to the webhook feature a recurring sync task is being executed every 3 hours, which 51 | synchronizes Gitlab with the K8s Cluster according to the following algorithm: 52 | 53 | 1. Delete all Namespaces, which are present in the K8s Cluster, but do not correspond to an entity in Gitlab. 54 | (This is ensured by using the "gitlab-origin" label on each created namespace, which contains the original name of the entity from gitlab). 55 | This does not touch namespaces unrelated to Gitlab (i.e. that do not match with a Gitlab name after its transformation) 56 | 2. Iterate all Gitlab entities (Users, Groups and Projects) and for each 57 | 1. Create namespace, if not present 58 | 2. Iterate all Members and for each: 59 | 1. Create a RoleBinding corresponding to the role in Gitlab (see below for details) 60 | 2. Delete RoleBindings for Members which are no longer present in the Gitlab Entity 61 | 3. Adjust RoleBindings for Members whose Role has changed 62 | 3. Create ceph-secret-user in the namespace, if ENV CEPH_USER_KEY has been set 63 | 4. (**Only for Projects**): 64 | 1. For every project create a ServiceAccount and bind it to the role corresponding to the Master role in Gitlab. 65 | 2. Use the token associated with the ServiceAccount and setup the Kubernetes Integration Feature in Gitlab for the given project 66 | 67 | 68 | #### Prevent namespace from being synced 69 | If you don't want a specific namespace to be synced with gitlab, just add a 'gitlab-ignored' label with an arbitrary value to 70 | the namespace. The integrator will then not attempt to sync it. 71 | 72 | #### Create K8s ServiceAccounts and activate K8s Integration in Gitlab 73 | 74 | The Gl-K8s-Integrator automatically creates ServiceAccounts in Kubernetes Namespaces it created. It also takes the access tokens 75 | of these ServiceAccounts and uses them to setup the Gitlab Kubernetes Service Integration for projects. The rules are as follows: 76 | 77 | - A project contains all information to allow itself to auto-deploy 78 | - Integrator sets up K8s service integration in Gitlab with a ServiceAccount by the name "gitlab-serviceaccount" associated to the gitlab-group-master role 79 | - Integrator also creates a Gitlab Environment by the name of "development" 80 | 81 | #### Add custom roles and bindings 82 | Sometimes additional roles and bindings beyond those defined for the gitlab cluster roles are required (i.e. a ServiceAccount 83 | with elevated permissions for some special project in a certain namespace). If you keep the sync feature of this 84 | service enabled for the namespace you want to have custom roles and bindings in, these will be deleted upon every sync run 85 | as they are seen as invalid since they are not present in Gitlab by any means. 86 | 87 | Therefore, if you want to add custom roles and bindings you may add them as a ConfigMap object to your cluster and mount 88 | that object into the /etc/custom-roles folder of the Pod running the Gitlab-K8s-Integrator. 89 | 90 | The ConfigMap must contain at least one key which is a valid YAML file. It may contain as many files as you like. This should help 91 | to structure things. Example: 92 | 93 | ```yaml 94 | apiVersion: v1 95 | kind: ConfigMap 96 | metadata: 97 | name: custom-roles-and-bindings 98 | namespace: integration 99 | labels: 100 | service: gl-k8s-integrator 101 | data: 102 | nodeAdminRBAC.yaml: |- 103 | kind: ClusterRole 104 | apiVersion: rbac.authorization.k8s.io/v1beta1 105 | metadata: 106 | name: nodes-reader 107 | rules: 108 | - apiGroups: 109 | - "" 110 | resources: 111 | - nodes 112 | - events 113 | verbs: 114 | - get 115 | - list 116 | - watch 117 | --- 118 | # This cluster role binding allows anyone in the "manager" group to read secrets in any namespace. 119 | kind: ClusterRoleBinding 120 | apiVersion: rbac.authorization.k8s.io/v1beta1 121 | metadata: 122 | name: bob-read-nodes-global 123 | subjects: 124 | - kind: User 125 | name: bob 126 | apiGroup: rbac.authorization.k8s.io 127 | roleRef: 128 | kind: ClusterRole 129 | name: nodes-reader 130 | apiGroup: rbac.authorization.k8s.io 131 | --- 132 | # This cluster role binding allows anyone in the "manager" group to read secrets in any namespace. 133 | kind: ClusterRoleBinding 134 | apiVersion: rbac.authorization.k8s.io/v1beta1 135 | metadata: 136 | name: john-read-nodes-global 137 | subjects: 138 | - kind: User 139 | name: john 140 | apiGroup: rbac.authorization.k8s.io 141 | roleRef: 142 | kind: ClusterRole 143 | name: nodes-reader 144 | apiGroup: rbac.authorization.k8s.io 145 | loggingAdminRBAC.yaml: |- 146 | kind: Role 147 | apiVersion: rbac.authorization.k8s.io/v1beta1 148 | metadata: 149 | namespace: logging 150 | name: logging-admin 151 | rules: 152 | - apiGroups: 153 | - "*" 154 | resources: 155 | - "*" 156 | verbs: 157 | - "*" 158 | --- 159 | # This cluster role binding allows anyone in the "manager" group to read secrets in any namespace. 160 | kind: RoleBinding 161 | apiVersion: rbac.authorization.k8s.io/v1beta1 162 | metadata: 163 | name: bob-logging-admin-role 164 | namespace: logging 165 | subjects: 166 | - kind: User 167 | name: bob 168 | apiGroup: rbac.authorization.k8s.io 169 | roleRef: 170 | kind: Role 171 | name: logging-admin 172 | apiGroup: rbac.authorization.k8s.io 173 | ``` 174 | 175 | Then mount it like so: 176 | 177 | ```yaml 178 | kind: Deployment 179 | apiVersion: extensions/v1beta1 180 | metadata: 181 | name: gl-k8s-integrator 182 | namespace: icc-integration 183 | spec: 184 | replicas: 1 185 | selector: 186 | matchLabels: 187 | service: gl-k8s-integrator 188 | template: 189 | metadata: 190 | labels: 191 | service: gl-k8s-integrator 192 | spec: 193 | volumes: 194 | - name: custom-roles 195 | configMap: 196 | name: custom-roles-and-bindings 197 | containers: 198 | - name: gl-k8s-integrator 199 | image: yourImage:version 200 | ports: 201 | - containerPort: 8080 202 | volumeMounts: 203 | - name: custom-roles 204 | mountPath: /etc/custom-roles 205 | resources: 206 | requests: 207 | cpu: 100m 208 | memory: 30Mi 209 | env: 210 | - name: ENABLE_GITLAB_HOOKS_DEBUG 211 | value: "false" 212 | - name: ENABLE_GITLAB_SYNC_DEBUG 213 | value: "false" 214 | - name: ENABLE_SYNC_ENDPOINT 215 | value: "false" 216 | - name: CUSTOM_ROLE_DIR 217 | value: "/etc/custom-roles" 218 | - name: GITLAB_HOSTNAME 219 | value: "your.amazing.gitlab.example.com" 220 | - name: GITLAB_API_VERSION 221 | value: "v4" 222 | - name: GITLAB_SERVICEACCOUNT_NAME 223 | value: "gitlab-serviceaccount" 224 | - name: K8S_API_URL 225 | value: "kubernetes" 226 | - name: EXTERNAL_K8S_API_URL 227 | value: "https://awesome.external.k8s.example.com" 228 | - name: K8S_CA_PEM 229 | valueFrom: 230 | configMapKeyRef: 231 | name: cluster-ca-pem 232 | key: ca.pem 233 | - name: GITLAB_SECRET_TOKEN 234 | valueFrom: 235 | secretKeyRef: 236 | name: gitlab-integrator-secret-token 237 | key: token 238 | - name: GITLAB_PRIVATE_TOKEN 239 | valueFrom: 240 | secretKeyRef: 241 | name: gitlab-integrator-private-token 242 | key: token 243 | - name: CEPH_USER_KEY 244 | valueFrom: 245 | secretKeyRef: 246 | name: ceph-user-key 247 | key: key 248 | livenessProbe: 249 | httpGet: 250 | path: /healthz 251 | port: 8080 252 | initialDelaySeconds: 10 253 | periodSeconds: 10 254 | --- 255 | kind: Service 256 | apiVersion: v1 257 | metadata: 258 | name: gl-k8s-integrator 259 | namespace: icc-integration 260 | labels: 261 | service: gl-k8s-integrator 262 | spec: 263 | ports: 264 | - name: http 265 | protocol: TCP 266 | port: 80 267 | targetPort: 8080 268 | selector: 269 | service: gl-k8s-integrator 270 | ``` 271 | 272 | The supported/allowed K8s object types are: Role|ClusterRole|RoleBinding|ClusterRoleBinding|ServiceAccount. 273 | Recursive directory structures are *not* supported! 274 | 275 | ### CEPH Secret User Features 276 | In order to allow for all namespaces to access a DefaultStorageClass of type CEPH, this 277 | service will automatically create a ceph-secret-user Secret in every created namespace if 278 | ENV 'CEPH_USER_KEY' is set. (see below) 279 | 280 | ### Config ENV Variables 281 | 282 | | ENV | Required? | Description | 283 | |:-------------:|:-------------:|:-------------:| 284 | |GITLAB_HOSTNAME | yes | The hostname of the Gitlab server to work with 285 | |GITLAB_API_VERSION| no (default: v4) | The Version of the Gitlab API to use. 286 | |GITLAB_PRIVATE_TOKEN| yes | The private access token from a Gitlab admin user to use when calling the API 287 | |GITLAB_SECRET_TOKEN| no | The secret token which can be set in Gitlab System Hooks to validate the request on our side 288 | |GITLAB_SERVICEACCOUNT_NAME| no | Must be DNS-1123 compliant! If set it will override the name of the default service account created in each namespace 289 | |CEPH_USER_KEY| no (default: gitlab-serviceaccount) | The key of the ceph-secret-user secret. The secret only gets created if this variable is set. 290 | |K8S_API_URL| yes | The URL where the K8s API server is reachable from the gl-k8s-integrator. In-Cluster would be "kubernetes" on a typical setup 291 | |EXTERNAL_K8S_API_URL | no | If set, will be written to the kubernetes service integration for any project 292 | |GITLAB_ENVIRONMENT_NAME | no | If set, results in creation of environment in gitlab-group-guest 293 | |ENABLE_SYNC_ENDPOINT| no|If set to 'true' this will enable a /sync endpoint, which may be triggered with a PUSH REST call to start a sync run. (USE WITH CAUTION, may be abused!) 294 | |ENABLE_GITLAB_HOOKS_DEBUG| no| If set to 'true' the raw hooks messages get printed to stdout upon receiving, Default: no 295 | |ENABLE_GITLAB_SYNC_DEBUG| no| If set to 'true' the sync process will output debug info 296 | |NET_ADMIN_PSP_CLUSTER_ROLE_NAME| no| If set, will enable creation of a net-admin-serviceaccount and a corresponding RoleBinding, which allows to use the PodSecurityPolicy by the name set for the variable. 297 | |ENABLE_LIMITRANGES| no | Default: false. If set to true, the GitlabIntegrator will write LimitRange objects to each namespace 298 | |DEFAULT_CPU_REQ|no| Default: 20m. The default CPU request setting for each namespace. Format is "m" for millicores 299 | |DEFAULT_CPU_LIM|no| Default: 150m. The default CPU limit setting for each namespace. Format is "m" for millicores 300 | |DEFAULT_MEM_REQ|no| Default: 25Mi. The default Memory request setting for each namespace. Format is "Mi" for value*2^20 (BinarySI) 301 | |DEFAULT_MEM_LIM|no| Default: 120Mi. The default Memory limit setting for each namespace. Format is "Mi" for value*2^20 (BinarySI) 302 | 303 | 304 | ### Roles and Permissions 305 | 306 | We came up with a default for Roles and Persmissions as follows: 307 | 308 | | Gitlab | K8s | 309 | | ------------- |:-------------:| 310 | |Guest | nothing 311 | |Reporter | see [Report Role](#reporterrole) 312 | |Developer | same as Reporter 313 | |Master | see [Master Role](#masterrole) 314 | 315 | The names of the ClusterRoles which get bound are defaulting to this scheme: `gitlab--` 316 | However you may change each Role name by setting the following ENV variables as you see fit: 317 | 318 | | ENV | Default | 319 | |:-------------:|:-------------:| 320 | |GROUP_MASTER_ROLENAME | gitlab-group-master 321 | |GROUP_DEVELOPER_ROLENAME| gitlab-group-developer 322 | |GROUP_REPORTER_ROLENAME| gitlab-group-reporter 323 | |GROUP_DEFAULT_ROLENAME| gitlab-group-guest 324 | |PROJECT_MASTER_ROLENAME|gitlab-project-master 325 | |PROJECT_DEVELOPER_ROLENAME|gitlab-project-developer 326 | |PROJECT_REPORTER_ROLENAME|gitlab-project-reporter 327 | |PROJECT_DEFAULT_ROLENAME|gitlab-project-guest 328 | 329 | #### RoleBinding Naming 330 | 331 | The RoleBindings are created inside the affected namespace and are given a name which is created after the following scheme: 332 | `username + rolename + namespace` 333 | 334 | So User "foo" with Role "Master" in Group "bar" would become `foo-gitlab-group-master-bar` 335 | 336 | #### Recommended Reporter Role 337 | ```yaml 338 | apiVersion: rbac.authorization.k8s.io/v1beta1 339 | kind: ClusterRole 340 | metadata: 341 | name: gitlab-group-developer 342 | rules: 343 | - apiGroups: 344 | - "" 345 | resources: 346 | - events 347 | - persistentvolumeclaims 348 | - pods 349 | - pods/status 350 | - pods/logs 351 | - services 352 | - services/proxy 353 | verbs: 354 | - get 355 | - list 356 | - watch 357 | - apiGroups: 358 | - "" 359 | resources: 360 | - pods/portforward 361 | - pods/exec 362 | verbs: 363 | - get 364 | - watch 365 | - list 366 | - create 367 | - update 368 | - patch 369 | - delete 370 | ``` 371 | 372 | #### Recommended Master Role 373 | ```yaml 374 | apiVersion: rbac.authorization.k8s.io/v1beta1 375 | kind: ClusterRole 376 | metadata: 377 | name: gitlab-project-master 378 | rules: 379 | - apiGroups: 380 | - "" 381 | resources: 382 | - configmaps 383 | - pods 384 | - pods/logs 385 | - pods/attach 386 | - pods/exec 387 | - pods/portforward 388 | - persistentvolumeclaims 389 | - secrets 390 | - services 391 | - services/proxy 392 | verbs: 393 | - get 394 | - watch 395 | - list 396 | - create 397 | - update 398 | - patch 399 | - delete 400 | - apiGroups: 401 | - "" 402 | resources: 403 | - events 404 | - persistentvolumes 405 | - pods/status 406 | - pods/log 407 | - pods/proxy 408 | verbs: 409 | - get 410 | - list 411 | - watch 412 | - apiGroups: 413 | - apps 414 | resources: 415 | - statefulsets 416 | - deployments 417 | verbs: 418 | - get 419 | - watch 420 | - list 421 | - create 422 | - update 423 | - patch 424 | - delete 425 | - apiGroups: 426 | - batch 427 | resources: 428 | - cronjobs 429 | - jobs 430 | verbs: 431 | - create 432 | - delete 433 | - deletecollection 434 | - get 435 | - list 436 | - patch 437 | - update 438 | - watch 439 | - apiGroups: 440 | - extensions 441 | resources: 442 | - deployments 443 | - deployments/rollback 444 | - deployments/scale 445 | - ingresses 446 | - replicasets 447 | - replicasets/scale 448 | verbs: 449 | - create 450 | - delete 451 | - deletecollection 452 | - get 453 | - list 454 | - patch 455 | - update 456 | - watch 457 | ``` 458 | -------------------------------------------------------------------------------- /gitlabclient/gitlab_client_common.go: -------------------------------------------------------------------------------- 1 | package gitlabclient 2 | 3 | import ( 4 | "fmt" 5 | "log" 6 | "os" 7 | ) 8 | 9 | const UserStateBlocked = "blocked" 10 | 11 | type GitlabGroup struct { 12 | Id int 13 | FullPath string `json:"full_path"` 14 | Members []Member 15 | } 16 | 17 | type GitlabProject struct { 18 | Id int 19 | PathWithNameSpace string `json:"path_with_namespace"` 20 | Members []Member 21 | Links Links `json:"_links"` 22 | Namespace Namespace `json:"namespace"` 23 | Path string `json:"path"` 24 | } 25 | 26 | type Namespace struct { 27 | Id int 28 | Name string 29 | Path string 30 | Kind string 31 | FullPath string 32 | } 33 | 34 | type Links struct { 35 | Members string 36 | } 37 | 38 | type GitlabUser struct { 39 | Username string `json:"username"` 40 | State string `json:"state"` 41 | } 42 | 43 | type Member struct { 44 | Id int `json:"id"` 45 | Username string `json:"username"` 46 | Name string `json:"name"` 47 | State string `json:"state"` 48 | AccessLevel int `json:"access_level"` 49 | } 50 | 51 | type GitlabContent struct { 52 | Groups []GitlabGroup 53 | Projects []GitlabProject 54 | Users []GitlabUser 55 | } 56 | 57 | func contains(s []Member, e Member) bool { 58 | for _, a := range s { 59 | if a.Id == e.Id { 60 | return true 61 | } 62 | } 63 | return false 64 | } 65 | 66 | func check(err error) bool { 67 | if err != nil { 68 | log.Println("Error : ", err.Error()) 69 | return true 70 | } 71 | return false 72 | } 73 | 74 | func getGitlabBaseUrl() string { 75 | apiVersion := os.Getenv("GITLAB_API_VERSION") 76 | if apiVersion == "" { 77 | apiVersion = "v4" 78 | } 79 | hostName := os.Getenv("GITLAB_HOSTNAME") 80 | if hostName == "" { 81 | log.Fatal("The GITLAB_HOSTNAME ENV has not been set!") 82 | } 83 | return fmt.Sprintf("https://%s/api/%s/", hostName, apiVersion) 84 | } 85 | -------------------------------------------------------------------------------- /gitlabclient/gitlab_read_client.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2017 by Christian Hüning (christianhuening@googlemail.com). 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | */ 15 | package gitlabclient 16 | 17 | import ( 18 | "encoding/json" 19 | "fmt" 20 | "io/ioutil" 21 | "log" 22 | "net/http" 23 | "os" 24 | "strconv" 25 | 26 | "github.com/peterhellberg/link" 27 | "github.com/pkg/errors" 28 | ) 29 | 30 | func GetFullGitlabContent() (*GitlabContent, error) { 31 | groupUrl := getGitlabBaseUrl() + "groups" 32 | foundGroups, err := GetAllGroups(make([]GitlabGroup, 0), groupUrl) 33 | if check(err) { 34 | log.Fatal(err.Error()) 35 | } 36 | projectUrl := getGitlabBaseUrl() + "projects" 37 | foundProjects, err := GetAllProjects(make([]GitlabProject, 0), projectUrl) 38 | if check(err) { 39 | log.Fatal(err.Error()) 40 | } 41 | userUrl := getGitlabBaseUrl() + "users" 42 | foundUsers, err := GetAllUsers(make([]GitlabUser, 0), userUrl) 43 | if check(err) { 44 | log.Fatal(err.Error()) 45 | } 46 | return &GitlabContent{Groups: foundGroups, Projects: foundProjects, Users: foundUsers}, nil 47 | } 48 | 49 | func GetAllGroups(gitlabGroups []GitlabGroup, url string) ([]GitlabGroup, error) { 50 | result, err := performGitlabHTTPRequest(url) 51 | 52 | if check(err) { 53 | log.Println("Error occured while calling Gitlab! Cancelling Sync! Err:" + err.Error()) 54 | return nil, err 55 | } 56 | if result.StatusCode == 401 { 57 | return nil, errors.New("GITLAB_PRIVATE_TOKEN was not set or wrong. Stopping now") 58 | } 59 | content, err := ioutil.ReadAll(result.Body) 60 | 61 | groups := make([]GitlabGroup, 0) 62 | 63 | err = json.Unmarshal(content, &groups) 64 | if check(err) { 65 | return nil, err 66 | } 67 | 68 | for i := range groups { 69 | err := groups[i].getMembers() 70 | check(err) 71 | } 72 | 73 | // DEEP APPEND here 74 | gitlabGroups = append(gitlabGroups, groups...) 75 | 76 | group := link.ParseHeader(result.Header) 77 | next := group["next"] 78 | if next != nil { 79 | finalGroups, err := GetAllGroups(gitlabGroups, next.URI) 80 | if err != nil { 81 | return nil, err 82 | } 83 | gitlabGroups = finalGroups 84 | } 85 | return gitlabGroups, nil 86 | } 87 | 88 | func GetAllProjects(gitlabProjects []GitlabProject, url string) ([]GitlabProject, error) { 89 | result, err := performGitlabHTTPRequest(url) 90 | 91 | if check(err) { 92 | log.Println("Error occured while calling Gitlab! Cancelling Sync! Err:" + err.Error()) 93 | } 94 | if result.StatusCode == 401 { 95 | return nil, errors.New("GITLAB_PRIVATE_TOKEN was not set or wrong. Stopping now.") 96 | } 97 | content, err := ioutil.ReadAll(result.Body) 98 | 99 | projects := make([]GitlabProject, 0) 100 | 101 | err = json.Unmarshal(content, &projects) 102 | 103 | if check(err) { 104 | return nil, err 105 | } 106 | 107 | for i := range projects { 108 | err := projects[i].getMembers() 109 | check(err) 110 | } 111 | 112 | gitlabProjects = append(projects, gitlabProjects...) 113 | 114 | group := link.ParseHeader(result.Header) 115 | next := group["next"] 116 | if next != nil { 117 | finalProjects, err := GetAllProjects(gitlabProjects, next.URI) 118 | if err != nil { 119 | return nil, err 120 | } 121 | gitlabProjects = finalProjects 122 | } 123 | return gitlabProjects, nil 124 | } 125 | 126 | func GetAllUsers(gitlabUsers []GitlabUser, url string) ([]GitlabUser, error) { 127 | result, err := performGitlabHTTPRequest(url) 128 | 129 | if check(err) { 130 | log.Println("Error occured while calling Gitlab! Cancelling Sync! Err:" + err.Error()) 131 | } 132 | if result.StatusCode == 401 { 133 | return nil, errors.New("GITLAB_PRIVATE_TOKEN was not set or wrong. Stopping now.") 134 | } 135 | content, err := ioutil.ReadAll(result.Body) 136 | 137 | Users := make([]GitlabUser, 0) 138 | 139 | err = json.Unmarshal(content, &Users) 140 | if check(err) { 141 | return nil, err 142 | } 143 | 144 | gitlabUsers = append(Users, gitlabUsers...) 145 | 146 | group := link.ParseHeader(result.Header) 147 | next := group["next"] 148 | if next != nil { 149 | finalUsers, err := GetAllUsers(gitlabUsers, next.URI) 150 | if err != nil { 151 | return nil, err 152 | } 153 | gitlabUsers = finalUsers 154 | } 155 | return gitlabUsers, nil 156 | } 157 | 158 | /* 159 | From: https://docs.gitlab.com/ee/api/members.html 160 | 10 => Guest access 161 | 20 => Reporter access 162 | 30 => Developer access 163 | 40 => Maintainer access 164 | 50 => Owner access # Only valid for groups 165 | */ 166 | func TranslateIntAccessLevels(lvl int) string { 167 | level := "default" 168 | switch lvl { 169 | case 20: 170 | level = "Reporter" 171 | case 30: 172 | level = "Developer" 173 | case 40: 174 | level = "Master" 175 | case 50: 176 | level = "Master" // owner has same rights in k8s 177 | } 178 | return level 179 | } 180 | 181 | func (g *GitlabGroup) getMembers() error { 182 | url := getGitlabBaseUrl() + "groups/" + strconv.Itoa(g.Id) + "/members" 183 | result, err := performGitlabHTTPRequest(url) 184 | 185 | if check(err) { 186 | log.Println("Error occured while calling Gitlab! Cancelling Sync! Err:" + err.Error()) 187 | return err 188 | } 189 | if result.StatusCode == 401 { 190 | return errors.New("GITLAB_PRIVATE_TOKEN was not set or wrong. Stopping now.") 191 | } 192 | if result.StatusCode == 404 { 193 | return errors.New("The requested URL was invalid! Stopping now.") 194 | } 195 | 196 | content, err := ioutil.ReadAll(result.Body) 197 | 198 | members := make([]Member, 0) 199 | err = json.Unmarshal(content, &members) 200 | 201 | if check(err) { 202 | return err 203 | } 204 | 205 | g.Members = members 206 | if len(g.Members) == 0 { 207 | log.Println(fmt.Sprintf("WARNING: No Group Members were found for group %s . StatusCode of Request was: %d . This is a potential bug in Gitlab, will continue to sync anyway", g.FullPath, result.StatusCode)) 208 | } 209 | return nil 210 | } 211 | 212 | func (p *GitlabProject) getMembers() error { 213 | url := getGitlabBaseUrl() + "projects/" + strconv.Itoa(p.Id) + "/members" 214 | result, err := performGitlabHTTPRequest(url) 215 | 216 | if check(err) { 217 | log.Println("Error occured while calling Gitlab! Cancelling Sync! Err:" + err.Error()) 218 | return err 219 | } 220 | if result.StatusCode == 401 { 221 | return errors.New("GITLAB_PRIVATE_TOKEN was not set or wrong. Stopping now.") 222 | } 223 | if result.StatusCode == 404 { 224 | return errors.New("The requested URL was invalid! Stopping now. Url was: " + url) 225 | } 226 | 227 | content, err := ioutil.ReadAll(result.Body) 228 | 229 | members := make([]Member, 0) 230 | err = json.Unmarshal(content, &members) 231 | if check(err) { 232 | return err 233 | } 234 | 235 | p.Members = members 236 | 237 | // aggregate with members from parent group(s) 238 | if p.Namespace.Kind == "group" { 239 | glGroup := GitlabGroup{FullPath: p.Namespace.FullPath, Id: p.Namespace.Id} 240 | err := glGroup.getMembers() 241 | if check(err) { 242 | return err 243 | } 244 | // merge with project members 245 | for _, gm := range glGroup.Members { 246 | if !contains(p.Members, gm) { 247 | p.Members = append(p.Members, gm) 248 | } 249 | } 250 | } 251 | 252 | if len(p.Members) == 0 { 253 | log.Println(fmt.Sprintf("WARNING: No Project Members were found for project %s . StatusCode of Request was: %d . This is a potential bug in Gitlab, will continue to sync anyway", p.PathWithNameSpace, result.StatusCode)) 254 | } 255 | 256 | return nil 257 | } 258 | 259 | func performGitlabHTTPRequest(url string) (*http.Response, error) { 260 | req, err := http.NewRequest("GET", url, nil) 261 | if check(err) { 262 | log.Fatal("Fatal Error while creating new HTTP Request! Err:" + err.Error()) 263 | } 264 | 265 | req.Header.Add("PRIVATE-TOKEN", os.Getenv("GITLAB_PRIVATE_TOKEN")) 266 | result, err := http.DefaultClient.Do(req) 267 | return result, err 268 | 269 | } 270 | -------------------------------------------------------------------------------- /gitlabclient/gitlab_read_client_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2017 by Christian Hüning (christianhuening@googlemail.com). 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | */ 15 | 16 | package gitlabclient 17 | 18 | import ( 19 | "fmt" 20 | "net/http" 21 | "net/http/httptest" 22 | "testing" 23 | ) 24 | 25 | /*func TestGetFullContent(t *testing.T) { 26 | _, err := GetFullGitlabContent() 27 | if err != nil { 28 | t.Error(err) 29 | } 30 | }*/ 31 | 32 | func TestGetAllGroups(t *testing.T) { 33 | ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 34 | w.Header().Set("Content-Type", "application/json") 35 | //w.Header().Set("Link", `; rel="next", ; rel="first", ; rel="last"`) 36 | fmt.Fprintln(w, `[ 37 | { 38 | "id": 247, 39 | "name": "AA", 40 | "path": "AA", 41 | "description": "Dies ist eine Platzhalter Gruppe. Wenn Sie diesen Namen benötigen, wenden Sie sich bitte an gitlab-admin@informatik.haw-hamburg.de", 42 | "visibility": "public", 43 | "lfs_enabled": true, 44 | "avatar_url": null, 45 | "web_url": "https://gitlab.informatik.haw-hamburg.de/groups/AA", 46 | "request_access_enabled": false, 47 | "full_name": "AA", 48 | "full_path": "AA", 49 | "parent_id": null 50 | }, 51 | { 52 | "id": 248, 53 | "name": "AAÜ", 54 | "path": "AAUe", 55 | "description": "Dies ist eine Platzhalter Gruppe. Wenn Sie diesen Namen benötigen, wenden Sie sich bitte an gitlab-admin@informatik.haw-hamburg.de", 56 | "visibility": "public", 57 | "lfs_enabled": true, 58 | "avatar_url": null, 59 | "web_url": "https://gitlab.informatik.haw-hamburg.de/groups/AAUe", 60 | "request_access_enabled": false, 61 | "full_name": "AAÜ", 62 | "full_path": "AAUe", 63 | "parent_id": null 64 | }, 65 | { 66 | "id": 407, 67 | "name": "AD", 68 | "path": "AD", 69 | "description": "Dies ist eine Platzhalter Gruppe. Wenn Sie diesen Namen benötigen, wenden Sie sich bitte an gitlab-admin@informatik.haw-hamburg.de", 70 | "visibility": "public", 71 | "lfs_enabled": true, 72 | "avatar_url": null, 73 | "web_url": "https://gitlab.informatik.haw-hamburg.de/groups/AD", 74 | "request_access_enabled": false, 75 | "full_name": "AD", 76 | "full_path": "AD", 77 | "parent_id": null 78 | }, 79 | { 80 | "id": 408, 81 | "name": "ADP", 82 | "path": "ADP", 83 | "description": "Dies ist eine Platzhalter Gruppe. Wenn Sie diesen Namen benötigen, wenden Sie sich bitte an gitlab-admin@informatik.haw-hamburg.de", 84 | "visibility": "public", 85 | "lfs_enabled": true, 86 | "avatar_url": null, 87 | "web_url": "https://gitlab.informatik.haw-hamburg.de/groups/ADP", 88 | "request_access_enabled": false, 89 | "full_name": "ADP", 90 | "full_path": "ADP", 91 | "parent_id": null 92 | }, 93 | { 94 | "id": 16, 95 | "name": "AES-Thesises", 96 | "path": "AES-Thesises", 97 | "description": "Migration von WebTing", 98 | "visibility": "private", 99 | "lfs_enabled": true, 100 | "avatar_url": null, 101 | "web_url": "https://gitlab.informatik.haw-hamburg.de/groups/AES-Thesises", 102 | "request_access_enabled": false, 103 | "full_name": "AES-Thesises", 104 | "full_path": "AES-Thesises", 105 | "parent_id": null 106 | }, 107 | { 108 | "id": 409, 109 | "name": "AF", 110 | "path": "AF", 111 | "description": "Dies ist eine Platzhalter Gruppe. Wenn Sie diesen Namen benötigen, wenden Sie sich bitte an gitlab-admin@informatik.haw-hamburg.de", 112 | "visibility": "public", 113 | "lfs_enabled": true, 114 | "avatar_url": null, 115 | "web_url": "https://gitlab.informatik.haw-hamburg.de/groups/AF", 116 | "request_access_enabled": false, 117 | "full_name": "AF", 118 | "full_path": "AF", 119 | "parent_id": null 120 | }, 121 | { 122 | "id": 410, 123 | "name": "AFÜ", 124 | "path": "AFUe", 125 | "description": "Dies ist eine Platzhalter Gruppe. Wenn Sie diesen Namen benötigen, wenden Sie sich bitte an gitlab-admin@informatik.haw-hamburg.de", 126 | "visibility": "public", 127 | "lfs_enabled": true, 128 | "avatar_url": null, 129 | "web_url": "https://gitlab.informatik.haw-hamburg.de/groups/AFUe", 130 | "request_access_enabled": false, 131 | "full_name": "AFÜ", 132 | "full_path": "AFUe", 133 | "parent_id": null 134 | }, 135 | { 136 | "id": 411, 137 | "name": "AI", 138 | "path": "AI", 139 | "description": "Dies ist eine Platzhalter Gruppe. Wenn Sie diesen Namen benötigen, wenden Sie sich bitte an gitlab-admin@informatik.haw-hamburg.de", 140 | "visibility": "public", 141 | "lfs_enabled": true, 142 | "avatar_url": null, 143 | "web_url": "https://gitlab.informatik.haw-hamburg.de/groups/AI", 144 | "request_access_enabled": false, 145 | "full_name": "AI", 146 | "full_path": "AI", 147 | "parent_id": null 148 | }, 149 | { 150 | "id": 19, 151 | "name": "AI1_MB_AB", 152 | "path": "AI1_MB_AB", 153 | "description": "", 154 | "visibility": "private", 155 | "lfs_enabled": true, 156 | "avatar_url": null, 157 | "web_url": "https://gitlab.informatik.haw-hamburg.de/groups/AI1_MB_AB", 158 | "request_access_enabled": false, 159 | "full_name": "AI1_MB_AB", 160 | "full_path": "AI1_MB_AB", 161 | "parent_id": null 162 | }, 163 | { 164 | "id": 412, 165 | "name": "AIP", 166 | "path": "AIP", 167 | "description": "Dies ist eine Platzhalter Gruppe. Wenn Sie diesen Namen benötigen, wenden Sie sich bitte an gitlab-admin@informatik.haw-hamburg.de", 168 | "visibility": "public", 169 | "lfs_enabled": true, 170 | "avatar_url": null, 171 | "web_url": "https://gitlab.informatik.haw-hamburg.de/groups/AIP", 172 | "request_access_enabled": false, 173 | "full_name": "AIP", 174 | "full_path": "AIP", 175 | "parent_id": null 176 | }, 177 | { 178 | "id": 553, 179 | "name": "AIP-SS17-AEGIS", 180 | "path": "AIP-SS17-AEGIS", 181 | "description": "", 182 | "visibility": "private", 183 | "lfs_enabled": true, 184 | "avatar_url": null, 185 | "web_url": "https://gitlab.informatik.haw-hamburg.de/groups/AIP-SS17-AEGIS", 186 | "request_access_enabled": false, 187 | "full_name": "AIP-SS17-AEGIS", 188 | "full_path": "AIP-SS17-AEGIS", 189 | "parent_id": null 190 | }, 191 | { 192 | "id": 550, 193 | "name": "AIP-SS17-AI-DA", 194 | "path": "AIP-SS17-AI-DA", 195 | "description": "", 196 | "visibility": "private", 197 | "lfs_enabled": true, 198 | "avatar_url": null, 199 | "web_url": "https://gitlab.informatik.haw-hamburg.de/groups/AIP-SS17-AI-DA", 200 | "request_access_enabled": false, 201 | "full_name": "AIP-SS17-AI-DA", 202 | "full_path": "AIP-SS17-AI-DA", 203 | "parent_id": null 204 | }, 205 | { 206 | "id": 213, 207 | "name": "AIP-SS17-AIVengers", 208 | "path": "AIP-SS17-AIVengers", 209 | "description": "", 210 | "visibility": "private", 211 | "lfs_enabled": true, 212 | "avatar_url": null, 213 | "web_url": "https://gitlab.informatik.haw-hamburg.de/groups/AIP-SS17-AIVengers", 214 | "request_access_enabled": false, 215 | "full_name": "AIP-SS17-AIVengers", 216 | "full_path": "AIP-SS17-AIVengers", 217 | "parent_id": null 218 | }, 219 | { 220 | "id": 551, 221 | "name": "AIP-SS17-aibros", 222 | "path": "AIP-SS17-aibros", 223 | "description": "", 224 | "visibility": "private", 225 | "lfs_enabled": true, 226 | "avatar_url": null, 227 | "web_url": "https://gitlab.informatik.haw-hamburg.de/groups/AIP-SS17-aibros", 228 | "request_access_enabled": false, 229 | "full_name": "AIP-SS17-aibros", 230 | "full_path": "AIP-SS17-aibros", 231 | "parent_id": null 232 | }, 233 | { 234 | "id": 549, 235 | "name": "AIP-SS17-gofurther", 236 | "path": "AIP-SS17-gofurther", 237 | "description": "", 238 | "visibility": "private", 239 | "lfs_enabled": true, 240 | "avatar_url": null, 241 | "web_url": "https://gitlab.informatik.haw-hamburg.de/groups/AIP-SS17-gofurther", 242 | "request_access_enabled": false, 243 | "full_name": "AIP-SS17-gofurther", 244 | "full_path": "AIP-SS17-gofurther", 245 | "parent_id": null 246 | }, 247 | { 248 | "id": 20, 249 | "name": "BA-Pro-Quadcopter", 250 | "path": "BA-Pro-Quadcopter", 251 | "description": "Migrated from WebTing", 252 | "visibility": "private", 253 | "lfs_enabled": true, 254 | "avatar_url": null, 255 | "web_url": "https://gitlab.informatik.haw-hamburg.de/groups/BA-Pro-Quadcopter", 256 | "request_access_enabled": false, 257 | "full_name": "BA-Pro-Quadcopter", 258 | "full_path": "BA-Pro-Quadcopter", 259 | "parent_id": null 260 | }, 261 | { 262 | "id": 413, 263 | "name": "BS", 264 | "path": "BS", 265 | "description": "Dies ist eine Platzhalter Gruppe. Wenn Sie diesen Namen benötigen, wenden Sie sich bitte an gitlab-admin@informatik.haw-hamburg.de", 266 | "visibility": "public", 267 | "lfs_enabled": true, 268 | "avatar_url": null, 269 | "web_url": "https://gitlab.informatik.haw-hamburg.de/groups/BS", 270 | "request_access_enabled": false, 271 | "full_name": "BS", 272 | "full_path": "BS", 273 | "parent_id": null 274 | }, 275 | { 276 | "id": 414, 277 | "name": "BSP", 278 | "path": "BSP", 279 | "description": "Dies ist eine Platzhalter Gruppe. Wenn Sie diesen Namen benötigen, wenden Sie sich bitte an gitlab-admin@informatik.haw-hamburg.de", 280 | "visibility": "public", 281 | "lfs_enabled": true, 282 | "avatar_url": null, 283 | "web_url": "https://gitlab.informatik.haw-hamburg.de/groups/BSP", 284 | "request_access_enabled": false, 285 | "full_name": "BSP", 286 | "full_path": "BSP", 287 | "parent_id": null 288 | }, 289 | { 290 | "id": 415, 291 | "name": "BV", 292 | "path": "BV", 293 | "description": "Dies ist eine Platzhalter Gruppe. Wenn Sie diesen Namen benötigen, wenden Sie sich bitte an gitlab-admin@informatik.haw-hamburg.de", 294 | "visibility": "public", 295 | "lfs_enabled": true, 296 | "avatar_url": null, 297 | "web_url": "https://gitlab.informatik.haw-hamburg.de/groups/BV", 298 | "request_access_enabled": false, 299 | "full_name": "BV", 300 | "full_path": "BV", 301 | "parent_id": null 302 | }, 303 | { 304 | "id": 416, 305 | "name": "BVP", 306 | "path": "BVP", 307 | "description": "Dies ist eine Platzhalter Gruppe. Wenn Sie diesen Namen benötigen, wenden Sie sich bitte an gitlab-admin@informatik.haw-hamburg.de", 308 | "visibility": "public", 309 | "lfs_enabled": true, 310 | "avatar_url": null, 311 | "web_url": "https://gitlab.informatik.haw-hamburg.de/groups/BVP", 312 | "request_access_enabled": false, 313 | "full_name": "BVP", 314 | "full_path": "BVP", 315 | "parent_id": null 316 | } 317 | ]`) 318 | })) 319 | defer ts.Close() 320 | url := ts.URL 321 | groups := make([]GitlabGroup, 0) 322 | foundGroups, err := GetAllGroups(groups, url) 323 | if err != nil { 324 | t.Error(err) 325 | } 326 | if len(foundGroups) != 20 { 327 | t.Error("No groups were parsed.") 328 | } 329 | } 330 | 331 | func TestGetAllProjects(t *testing.T) { 332 | ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 333 | w.Header().Set("Content-Type", "application/json") 334 | fmt.Fprintln(w, `[ 335 | { 336 | "id": 643, 337 | "description": "", 338 | "default_branch": "master", 339 | "tag_list": [], 340 | "ssh_url_to_repo": "git@gitlab.informatik.haw-hamburg.de:abq326/kubernetes-cat-application.git", 341 | "http_url_to_repo": "https://gitlab.informatik.haw-hamburg.de/abq326/kubernetes-cat-application.git", 342 | "web_url": "https://gitlab.informatik.haw-hamburg.de/abq326/kubernetes-cat-application", 343 | "name": "kubernetes-cat-application", 344 | "name_with_namespace": "Philip Dakowitz / kubernetes-cat-application", 345 | "path": "kubernetes-cat-application", 346 | "path_with_namespace": "abq326/kubernetes-cat-application", 347 | "star_count": 0, 348 | "forks_count": 0, 349 | "created_at": "2017-09-01T19:17:24.856+02:00", 350 | "last_activity_at": "2017-09-01T19:17:24.856+02:00", 351 | "_links": { 352 | "self": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/643", 353 | "issues": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/643/issues", 354 | "merge_requests": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/643/merge_requests", 355 | "repo_branches": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/643/repository/branches", 356 | "labels": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/643/labels", 357 | "events": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/643/events", 358 | "members": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/643/members" 359 | }, 360 | "archived": false, 361 | "visibility": "private", 362 | "owner": { 363 | "name": "Philip Dakowitz", 364 | "username": "abq326", 365 | "id": 49, 366 | "state": "active", 367 | "avatar_url": "https://gitlab.informatik.haw-hamburg.de/uploads/-/system/user/avatar/49/avatar.png", 368 | "web_url": "https://gitlab.informatik.haw-hamburg.de/abq326" 369 | }, 370 | "container_registry_enabled": true, 371 | "issues_enabled": true, 372 | "merge_requests_enabled": true, 373 | "wiki_enabled": true, 374 | "jobs_enabled": true, 375 | "snippets_enabled": true, 376 | "shared_runners_enabled": false, 377 | "lfs_enabled": true, 378 | "creator_id": 49, 379 | "namespace": { 380 | "id": 74, 381 | "name": "abq326", 382 | "path": "abq326", 383 | "kind": "user", 384 | "full_path": "abq326", 385 | "parent_id": null 386 | }, 387 | "import_status": "none", 388 | "avatar_url": null, 389 | "open_issues_count": 0, 390 | "public_jobs": true, 391 | "ci_config_path": null, 392 | "shared_with_groups": [], 393 | "only_allow_merge_if_pipeline_succeeds": false, 394 | "request_access_enabled": false, 395 | "only_allow_merge_if_all_discussions_are_resolved": false, 396 | "printing_merge_request_link_enabled": true, 397 | "permissions": { 398 | "project_access": null, 399 | "group_access": null 400 | } 401 | }, 402 | { 403 | "id": 642, 404 | "description": "", 405 | "default_branch": "master", 406 | "tag_list": [], 407 | "ssh_url_to_repo": "git@gitlab.informatik.haw-hamburg.de:k8s400/k8s-application-sources.git", 408 | "http_url_to_repo": "https://gitlab.informatik.haw-hamburg.de/k8s400/k8s-application-sources.git", 409 | "web_url": "https://gitlab.informatik.haw-hamburg.de/k8s400/k8s-application-sources", 410 | "name": "k8s-application-sources", 411 | "name_with_namespace": "k8s400 / k8s-application-sources", 412 | "path": "k8s-application-sources", 413 | "path_with_namespace": "k8s400/k8s-application-sources", 414 | "star_count": 0, 415 | "forks_count": 0, 416 | "created_at": "2017-09-01T15:29:50.989+02:00", 417 | "last_activity_at": "2017-09-01T15:29:50.989+02:00", 418 | "_links": { 419 | "self": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/642", 420 | "issues": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/642/issues", 421 | "merge_requests": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/642/merge_requests", 422 | "repo_branches": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/642/repository/branches", 423 | "labels": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/642/labels", 424 | "events": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/642/events", 425 | "members": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/642/members" 426 | }, 427 | "archived": false, 428 | "visibility": "private", 429 | "owner": { 430 | "name": "k8s400", 431 | "username": "k8s400", 432 | "id": 316, 433 | "state": "active", 434 | "avatar_url": "https://secure.gravatar.com/avatar/0325e72d0f5e8370773aac08787293b8?s=80\u0026d=identicon", 435 | "web_url": "https://gitlab.informatik.haw-hamburg.de/k8s400" 436 | }, 437 | "container_registry_enabled": true, 438 | "issues_enabled": true, 439 | "merge_requests_enabled": true, 440 | "wiki_enabled": true, 441 | "jobs_enabled": true, 442 | "snippets_enabled": true, 443 | "shared_runners_enabled": false, 444 | "lfs_enabled": true, 445 | "creator_id": 316, 446 | "namespace": { 447 | "id": 644, 448 | "name": "k8s400", 449 | "path": "k8s400", 450 | "kind": "user", 451 | "full_path": "k8s400", 452 | "parent_id": null 453 | }, 454 | "forked_from_project": { 455 | "id": 641, 456 | "description": "", 457 | "default_branch": "master", 458 | "tag_list": [], 459 | "ssh_url_to_repo": "git@gitlab.informatik.haw-hamburg.de:abb256/k8s-application-sources.git", 460 | "http_url_to_repo": "https://gitlab.informatik.haw-hamburg.de/abb256/k8s-application-sources.git", 461 | "web_url": "https://gitlab.informatik.haw-hamburg.de/abb256/k8s-application-sources", 462 | "name": "k8s-application-sources", 463 | "name_with_namespace": "Lukas Grundmann / k8s-application-sources", 464 | "path": "k8s-application-sources", 465 | "path_with_namespace": "abb256/k8s-application-sources", 466 | "star_count": 0, 467 | "forks_count": 1, 468 | "created_at": "2017-09-01T15:15:52.300+02:00", 469 | "last_activity_at": "2017-09-01T15:15:52.300+02:00" 470 | }, 471 | "import_status": "finished", 472 | "avatar_url": null, 473 | "open_issues_count": 0, 474 | "public_jobs": true, 475 | "ci_config_path": null, 476 | "shared_with_groups": [], 477 | "only_allow_merge_if_pipeline_succeeds": false, 478 | "request_access_enabled": false, 479 | "only_allow_merge_if_all_discussions_are_resolved": false, 480 | "printing_merge_request_link_enabled": true, 481 | "permissions": { 482 | "project_access": null, 483 | "group_access": null 484 | } 485 | }, 486 | { 487 | "id": 641, 488 | "description": "", 489 | "default_branch": "master", 490 | "tag_list": [], 491 | "ssh_url_to_repo": "git@gitlab.informatik.haw-hamburg.de:abb256/k8s-application-sources.git", 492 | "http_url_to_repo": "https://gitlab.informatik.haw-hamburg.de/abb256/k8s-application-sources.git", 493 | "web_url": "https://gitlab.informatik.haw-hamburg.de/abb256/k8s-application-sources", 494 | "name": "k8s-application-sources", 495 | "name_with_namespace": "Lukas Grundmann / k8s-application-sources", 496 | "path": "k8s-application-sources", 497 | "path_with_namespace": "abb256/k8s-application-sources", 498 | "star_count": 0, 499 | "forks_count": 1, 500 | "created_at": "2017-09-01T15:15:52.300+02:00", 501 | "last_activity_at": "2017-09-01T15:15:52.300+02:00", 502 | "_links": { 503 | "self": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/641", 504 | "issues": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/641/issues", 505 | "merge_requests": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/641/merge_requests", 506 | "repo_branches": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/641/repository/branches", 507 | "labels": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/641/labels", 508 | "events": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/641/events", 509 | "members": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/641/members" 510 | }, 511 | "archived": false, 512 | "visibility": "private", 513 | "owner": { 514 | "name": "Lukas Grundmann", 515 | "username": "abb256", 516 | "id": 41, 517 | "state": "active", 518 | "avatar_url": "https://secure.gravatar.com/avatar/b67f609c1119e8f464d32ac99d093300?s=80\u0026d=identicon", 519 | "web_url": "https://gitlab.informatik.haw-hamburg.de/abb256" 520 | }, 521 | "container_registry_enabled": true, 522 | "issues_enabled": true, 523 | "merge_requests_enabled": true, 524 | "wiki_enabled": true, 525 | "jobs_enabled": true, 526 | "snippets_enabled": true, 527 | "shared_runners_enabled": false, 528 | "lfs_enabled": true, 529 | "creator_id": 41, 530 | "namespace": { 531 | "id": 66, 532 | "name": "abb256", 533 | "path": "abb256", 534 | "kind": "user", 535 | "full_path": "abb256", 536 | "parent_id": null 537 | }, 538 | "import_status": "none", 539 | "avatar_url": null, 540 | "open_issues_count": 0, 541 | "public_jobs": true, 542 | "ci_config_path": null, 543 | "shared_with_groups": [], 544 | "only_allow_merge_if_pipeline_succeeds": false, 545 | "request_access_enabled": false, 546 | "only_allow_merge_if_all_discussions_are_resolved": false, 547 | "printing_merge_request_link_enabled": true, 548 | "permissions": { 549 | "project_access": null, 550 | "group_access": null 551 | } 552 | }, 553 | { 554 | "id": 639, 555 | "description": "", 556 | "default_branch": "master", 557 | "tag_list": [], 558 | "ssh_url_to_repo": "git@gitlab.informatik.haw-hamburg.de:sage/kubectl.git", 559 | "http_url_to_repo": "https://gitlab.informatik.haw-hamburg.de/sage/kubectl.git", 560 | "web_url": "https://gitlab.informatik.haw-hamburg.de/sage/kubectl", 561 | "name": "kubectl", 562 | "name_with_namespace": "Lutz Behnke / kubectl", 563 | "path": "kubectl", 564 | "path_with_namespace": "sage/kubectl", 565 | "star_count": 0, 566 | "forks_count": 0, 567 | "created_at": "2017-08-31T10:24:29.542+02:00", 568 | "last_activity_at": "2017-08-31T16:33:40.243+02:00", 569 | "_links": { 570 | "self": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/639", 571 | "issues": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/639/issues", 572 | "merge_requests": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/639/merge_requests", 573 | "repo_branches": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/639/repository/branches", 574 | "labels": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/639/labels", 575 | "events": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/639/events", 576 | "members": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/639/members" 577 | }, 578 | "archived": false, 579 | "visibility": "private", 580 | "owner": { 581 | "name": "Lutz Behnke", 582 | "username": "sage", 583 | "id": 6, 584 | "state": "active", 585 | "avatar_url": "https://gitlab.informatik.haw-hamburg.de/uploads/-/system/user/avatar/6/avatar.png", 586 | "web_url": "https://gitlab.informatik.haw-hamburg.de/sage" 587 | }, 588 | "container_registry_enabled": true, 589 | "issues_enabled": true, 590 | "merge_requests_enabled": true, 591 | "wiki_enabled": true, 592 | "jobs_enabled": true, 593 | "snippets_enabled": true, 594 | "shared_runners_enabled": true, 595 | "lfs_enabled": true, 596 | "creator_id": 6, 597 | "namespace": { 598 | "id": 7, 599 | "name": "sage", 600 | "path": "sage", 601 | "kind": "user", 602 | "full_path": "sage", 603 | "parent_id": null 604 | }, 605 | "forked_from_project": { 606 | "id": 638, 607 | "description": "", 608 | "default_branch": "master", 609 | "tag_list": [], 610 | "ssh_url_to_repo": "git@gitlab.informatik.haw-hamburg.de:icc/kubectl.git", 611 | "http_url_to_repo": "https://gitlab.figo.systems/platform/kubectl.git", 612 | "web_url": "https://gitlab.figo.systems/platform/kubectl", 613 | "name": "kubectl", 614 | "name_with_namespace": "icc / kubectl", 615 | "path": "kubectl", 616 | "path_with_namespace": "icc/kubectl", 617 | "star_count": 0, 618 | "forks_count": 1, 619 | "created_at": "2017-08-30T18:09:34.197+02:00", 620 | "last_activity_at": "2017-08-30T18:09:34.197+02:00" 621 | }, 622 | "import_status": "finished", 623 | "avatar_url": null, 624 | "open_issues_count": 0, 625 | "public_jobs": true, 626 | "ci_config_path": null, 627 | "shared_with_groups": [], 628 | "only_allow_merge_if_pipeline_succeeds": false, 629 | "request_access_enabled": false, 630 | "only_allow_merge_if_all_discussions_are_resolved": false, 631 | "printing_merge_request_link_enabled": true, 632 | "permissions": { 633 | "project_access": null, 634 | "group_access": null 635 | } 636 | }, 637 | { 638 | "id": 638, 639 | "description": "", 640 | "default_branch": "master", 641 | "tag_list": [], 642 | "ssh_url_to_repo": "git@gitlab.informatik.haw-hamburg.de:icc/kubectl.git", 643 | "http_url_to_repo": "https://gitlab.figo.systems/platform/kubectl.git", 644 | "web_url": "https://gitlab.figo.systems/platform/kubectl", 645 | "name": "kubectl", 646 | "name_with_namespace": "icc / kubectl", 647 | "path": "kubectl", 648 | "path_with_namespace": "icc/kubectl", 649 | "star_count": 0, 650 | "forks_count": 1, 651 | "created_at": "2017-08-30T18:09:34.197+02:00", 652 | "last_activity_at": "2017-08-30T18:09:34.197+02:00", 653 | "_links": { 654 | "self": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/638", 655 | "issues": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/638/issues", 656 | "merge_requests": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/638/merge_requests", 657 | "repo_branches": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/638/repository/branches", 658 | "labels": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/638/labels", 659 | "events": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/638/events", 660 | "members": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/638/members" 661 | }, 662 | "archived": false, 663 | "visibility": "private", 664 | "container_registry_enabled": true, 665 | "issues_enabled": true, 666 | "merge_requests_enabled": true, 667 | "wiki_enabled": true, 668 | "jobs_enabled": true, 669 | "snippets_enabled": true, 670 | "shared_runners_enabled": true, 671 | "lfs_enabled": true, 672 | "creator_id": 7, 673 | "namespace": { 674 | "id": 75, 675 | "name": "icc", 676 | "path": "icc", 677 | "kind": "group", 678 | "full_path": "icc", 679 | "parent_id": null, 680 | "members_count_with_descendants": 3 681 | }, 682 | "import_status": "none", 683 | "avatar_url": null, 684 | "open_issues_count": 0, 685 | "public_jobs": true, 686 | "ci_config_path": null, 687 | "shared_with_groups": [], 688 | "only_allow_merge_if_pipeline_succeeds": false, 689 | "request_access_enabled": false, 690 | "only_allow_merge_if_all_discussions_are_resolved": false, 691 | "printing_merge_request_link_enabled": true, 692 | "permissions": { 693 | "project_access": null, 694 | "group_access": null 695 | } 696 | }, 697 | { 698 | "id": 637, 699 | "description": "", 700 | "default_branch": "master", 701 | "tag_list": [], 702 | "ssh_url_to_repo": "git@gitlab.informatik.haw-hamburg.de:aaz343/k8s-job-monitor.git", 703 | "http_url_to_repo": "https://gitlab.informatik.haw-hamburg.de/aaz343/k8s-job-monitor.git", 704 | "web_url": "https://gitlab.informatik.haw-hamburg.de/aaz343/k8s-job-monitor", 705 | "name": "k8s-job-monitor", 706 | "name_with_namespace": "Christian Hüning / k8s-job-monitor", 707 | "path": "k8s-job-monitor", 708 | "path_with_namespace": "aaz343/k8s-job-monitor", 709 | "star_count": 0, 710 | "forks_count": 0, 711 | "created_at": "2017-08-27T11:17:43.538+02:00", 712 | "last_activity_at": "2017-08-29T09:48:10.029+02:00", 713 | "_links": { 714 | "self": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/637", 715 | "issues": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/637/issues", 716 | "merge_requests": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/637/merge_requests", 717 | "repo_branches": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/637/repository/branches", 718 | "labels": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/637/labels", 719 | "events": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/637/events", 720 | "members": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/637/members" 721 | }, 722 | "archived": false, 723 | "visibility": "private", 724 | "owner": { 725 | "name": "Christian Hüning", 726 | "username": "aaz343", 727 | "id": 7, 728 | "state": "active", 729 | "avatar_url": "https://gitlab.informatik.haw-hamburg.de/uploads/-/system/user/avatar/7/avatar.png", 730 | "web_url": "https://gitlab.informatik.haw-hamburg.de/aaz343" 731 | }, 732 | "container_registry_enabled": true, 733 | "issues_enabled": true, 734 | "merge_requests_enabled": true, 735 | "wiki_enabled": true, 736 | "jobs_enabled": true, 737 | "snippets_enabled": true, 738 | "shared_runners_enabled": true, 739 | "lfs_enabled": true, 740 | "creator_id": 7, 741 | "namespace": { 742 | "id": 9, 743 | "name": "aaz343", 744 | "path": "aaz343", 745 | "kind": "user", 746 | "full_path": "aaz343", 747 | "parent_id": null 748 | }, 749 | "forked_from_project": { 750 | "id": 531, 751 | "description": "", 752 | "default_branch": "master", 753 | "tag_list": [], 754 | "ssh_url_to_repo": "git@gitlab.informatik.haw-hamburg.de:timadorus/k8s-job-monitor.git", 755 | "http_url_to_repo": "https://gitlab.informatik.haw-hamburg.de/timadorus/k8s-job-monitor.git", 756 | "web_url": "https://gitlab.informatik.haw-hamburg.de/timadorus/k8s-job-monitor", 757 | "name": "k8s-job-monitor", 758 | "name_with_namespace": "timadorus / k8s-job-monitor", 759 | "path": "k8s-job-monitor", 760 | "path_with_namespace": "timadorus/k8s-job-monitor", 761 | "star_count": 0, 762 | "forks_count": 1, 763 | "created_at": "2017-06-08T10:19:21.349+02:00", 764 | "last_activity_at": "2017-08-30T16:25:01.333+02:00" 765 | }, 766 | "import_status": "finished", 767 | "avatar_url": null, 768 | "open_issues_count": 0, 769 | "public_jobs": true, 770 | "ci_config_path": null, 771 | "shared_with_groups": [], 772 | "only_allow_merge_if_pipeline_succeeds": false, 773 | "request_access_enabled": false, 774 | "only_allow_merge_if_all_discussions_are_resolved": false, 775 | "printing_merge_request_link_enabled": true, 776 | "permissions": { 777 | "project_access": null, 778 | "group_access": null 779 | } 780 | }, 781 | { 782 | "id": 636, 783 | "description": null, 784 | "default_branch": "master", 785 | "tag_list": [], 786 | "ssh_url_to_repo": "git@gitlab.informatik.haw-hamburg.de:abz826/nao-plays.git", 787 | "http_url_to_repo": "https://gitlab.informatik.haw-hamburg.de/abz826/nao-plays.git", 788 | "web_url": "https://gitlab.informatik.haw-hamburg.de/abz826/nao-plays", 789 | "name": "nao-plays", 790 | "name_with_namespace": "abz826 / nao-plays", 791 | "path": "nao-plays", 792 | "path_with_namespace": "abz826/nao-plays", 793 | "star_count": 0, 794 | "forks_count": 0, 795 | "created_at": "2017-08-26T07:10:56.455+02:00", 796 | "last_activity_at": "2017-08-30T21:06:02.306+02:00", 797 | "_links": { 798 | "self": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/636", 799 | "issues": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/636/issues", 800 | "merge_requests": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/636/merge_requests", 801 | "repo_branches": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/636/repository/branches", 802 | "labels": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/636/labels", 803 | "events": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/636/events", 804 | "members": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/636/members" 805 | }, 806 | "archived": false, 807 | "visibility": "private", 808 | "owner": { 809 | "name": "chris", 810 | "username": "abz826", 811 | "id": 317, 812 | "state": "active", 813 | "avatar_url": "https://secure.gravatar.com/avatar/f139b5b140569969070e387ec3cbc83f?s=80\u0026d=identicon", 814 | "web_url": "https://gitlab.informatik.haw-hamburg.de/abz826" 815 | }, 816 | "container_registry_enabled": true, 817 | "issues_enabled": true, 818 | "merge_requests_enabled": true, 819 | "wiki_enabled": true, 820 | "jobs_enabled": true, 821 | "snippets_enabled": true, 822 | "shared_runners_enabled": false, 823 | "lfs_enabled": true, 824 | "creator_id": 317, 825 | "namespace": { 826 | "id": 645, 827 | "name": "abz826", 828 | "path": "abz826", 829 | "kind": "user", 830 | "full_path": "abz826", 831 | "parent_id": null 832 | }, 833 | "import_status": "finished", 834 | "avatar_url": null, 835 | "open_issues_count": 0, 836 | "public_jobs": true, 837 | "ci_config_path": null, 838 | "shared_with_groups": [], 839 | "only_allow_merge_if_pipeline_succeeds": true, 840 | "request_access_enabled": false, 841 | "only_allow_merge_if_all_discussions_are_resolved": false, 842 | "printing_merge_request_link_enabled": true, 843 | "permissions": { 844 | "project_access": null, 845 | "group_access": null 846 | } 847 | }, 848 | { 849 | "id": 635, 850 | "description": "Quellecode zu den Lehrveranstaltungen", 851 | "default_branch": "master", 852 | "tag_list": [], 853 | "ssh_url_to_repo": "git@gitlab.informatik.haw-hamburg.de:abo781/lehre.git", 854 | "http_url_to_repo": "https://gitlab.informatik.haw-hamburg.de/abo781/lehre.git", 855 | "web_url": "https://gitlab.informatik.haw-hamburg.de/abo781/lehre", 856 | "name": "lehre", 857 | "name_with_namespace": "Philipp Jenke / lehre", 858 | "path": "lehre", 859 | "path_with_namespace": "abo781/lehre", 860 | "star_count": 0, 861 | "forks_count": 0, 862 | "created_at": "2017-08-24T16:36:49.104+02:00", 863 | "last_activity_at": "2017-08-24T16:36:49.104+02:00", 864 | "_links": { 865 | "self": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/635", 866 | "issues": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/635/issues", 867 | "merge_requests": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/635/merge_requests", 868 | "repo_branches": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/635/repository/branches", 869 | "labels": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/635/labels", 870 | "events": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/635/events", 871 | "members": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/635/members" 872 | }, 873 | "archived": false, 874 | "visibility": "private", 875 | "owner": { 876 | "name": "Philipp Jenke", 877 | "username": "abo781", 878 | "id": 86, 879 | "state": "active", 880 | "avatar_url": "https://secure.gravatar.com/avatar/a67f78943aa2a5980d6ced6abf1a19f8?s=80\u0026d=identicon", 881 | "web_url": "https://gitlab.informatik.haw-hamburg.de/abo781" 882 | }, 883 | "container_registry_enabled": true, 884 | "issues_enabled": true, 885 | "merge_requests_enabled": true, 886 | "wiki_enabled": true, 887 | "jobs_enabled": true, 888 | "snippets_enabled": true, 889 | "shared_runners_enabled": false, 890 | "lfs_enabled": true, 891 | "creator_id": 86, 892 | "namespace": { 893 | "id": 115, 894 | "name": "abo781", 895 | "path": "abo781", 896 | "kind": "user", 897 | "full_path": "abo781", 898 | "parent_id": null 899 | }, 900 | "import_status": "none", 901 | "avatar_url": null, 902 | "open_issues_count": 0, 903 | "public_jobs": true, 904 | "ci_config_path": null, 905 | "shared_with_groups": [], 906 | "only_allow_merge_if_pipeline_succeeds": false, 907 | "request_access_enabled": false, 908 | "only_allow_merge_if_all_discussions_are_resolved": false, 909 | "printing_merge_request_link_enabled": true, 910 | "permissions": { 911 | "project_access": null, 912 | "group_access": null 913 | } 914 | }, 915 | { 916 | "id": 632, 917 | "description": "", 918 | "default_branch": "master", 919 | "tag_list": [], 920 | "ssh_url_to_repo": "git@gitlab.informatik.haw-hamburg.de:abg657/quperl_admin_client.git", 921 | "http_url_to_repo": "https://gitlab.informatik.haw-hamburg.de/abg657/quperl_admin_client.git", 922 | "web_url": "https://gitlab.informatik.haw-hamburg.de/abg657/quperl_admin_client", 923 | "name": "quperl_admin_client", 924 | "name_with_namespace": "Sven Allers / quperl_admin_client", 925 | "path": "quperl_admin_client", 926 | "path_with_namespace": "abg657/quperl_admin_client", 927 | "star_count": 0, 928 | "forks_count": 0, 929 | "created_at": "2017-08-23T13:07:39.348+02:00", 930 | "last_activity_at": "2017-08-30T15:11:24.243+02:00", 931 | "_links": { 932 | "self": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/632", 933 | "issues": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/632/issues", 934 | "merge_requests": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/632/merge_requests", 935 | "repo_branches": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/632/repository/branches", 936 | "labels": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/632/labels", 937 | "events": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/632/events", 938 | "members": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/632/members" 939 | }, 940 | "archived": false, 941 | "visibility": "private", 942 | "owner": { 943 | "name": "Sven Allers", 944 | "username": "abg657", 945 | "id": 12, 946 | "state": "active", 947 | "avatar_url": "https://secure.gravatar.com/avatar/a20287c7d999ed5c512889b1659225ad?s=80\u0026d=identicon", 948 | "web_url": "https://gitlab.informatik.haw-hamburg.de/abg657" 949 | }, 950 | "container_registry_enabled": true, 951 | "issues_enabled": true, 952 | "merge_requests_enabled": true, 953 | "wiki_enabled": true, 954 | "jobs_enabled": true, 955 | "snippets_enabled": true, 956 | "shared_runners_enabled": false, 957 | "lfs_enabled": true, 958 | "creator_id": 12, 959 | "namespace": { 960 | "id": 15, 961 | "name": "abg657", 962 | "path": "abg657", 963 | "kind": "user", 964 | "full_path": "abg657", 965 | "parent_id": null 966 | }, 967 | "forked_from_project": { 968 | "id": 127, 969 | "description": "", 970 | "default_branch": "master", 971 | "tag_list": [], 972 | "ssh_url_to_repo": "git@gitlab.informatik.haw-hamburg.de:timadorus/quperl_admin_client.git", 973 | "http_url_to_repo": "https://gitlab.informatik.haw-hamburg.de/timadorus/quperl_admin_client.git", 974 | "web_url": "https://gitlab.informatik.haw-hamburg.de/timadorus/quperl_admin_client", 975 | "name": "quperl_admin_client", 976 | "name_with_namespace": "timadorus / quperl_admin_client", 977 | "path": "quperl_admin_client", 978 | "path_with_namespace": "timadorus/quperl_admin_client", 979 | "star_count": 0, 980 | "forks_count": 1, 981 | "created_at": "2017-02-21T14:22:01.860+01:00", 982 | "last_activity_at": "2017-08-30T09:19:48.147+02:00" 983 | }, 984 | "import_status": "finished", 985 | "avatar_url": null, 986 | "open_issues_count": 0, 987 | "public_jobs": true, 988 | "ci_config_path": null, 989 | "shared_with_groups": [], 990 | "only_allow_merge_if_pipeline_succeeds": false, 991 | "request_access_enabled": false, 992 | "only_allow_merge_if_all_discussions_are_resolved": false, 993 | "printing_merge_request_link_enabled": true, 994 | "permissions": { 995 | "project_access": null, 996 | "group_access": null 997 | } 998 | }, 999 | { 1000 | "id": 631, 1001 | "description": "arbitrary spaces in octree", 1002 | "default_branch": "master", 1003 | "tag_list": [], 1004 | "ssh_url_to_repo": "git@gitlab.informatik.haw-hamburg.de:abg657/quperl_octree2.git", 1005 | "http_url_to_repo": "https://gitlab.informatik.haw-hamburg.de/abg657/quperl_octree2.git", 1006 | "web_url": "https://gitlab.informatik.haw-hamburg.de/abg657/quperl_octree2", 1007 | "name": "quperl_octree2", 1008 | "name_with_namespace": "Sven Allers / quperl_octree2", 1009 | "path": "quperl_octree2", 1010 | "path_with_namespace": "abg657/quperl_octree2", 1011 | "star_count": 0, 1012 | "forks_count": 0, 1013 | "created_at": "2017-08-23T13:07:34.860+02:00", 1014 | "last_activity_at": "2017-08-23T13:07:34.860+02:00", 1015 | "_links": { 1016 | "self": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/631", 1017 | "issues": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/631/issues", 1018 | "merge_requests": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/631/merge_requests", 1019 | "repo_branches": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/631/repository/branches", 1020 | "labels": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/631/labels", 1021 | "events": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/631/events", 1022 | "members": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/631/members" 1023 | }, 1024 | "archived": false, 1025 | "visibility": "private", 1026 | "owner": { 1027 | "name": "Sven Allers", 1028 | "username": "abg657", 1029 | "id": 12, 1030 | "state": "active", 1031 | "avatar_url": "https://secure.gravatar.com/avatar/a20287c7d999ed5c512889b1659225ad?s=80\u0026d=identicon", 1032 | "web_url": "https://gitlab.informatik.haw-hamburg.de/abg657" 1033 | }, 1034 | "container_registry_enabled": true, 1035 | "issues_enabled": true, 1036 | "merge_requests_enabled": true, 1037 | "wiki_enabled": true, 1038 | "jobs_enabled": true, 1039 | "snippets_enabled": true, 1040 | "shared_runners_enabled": true, 1041 | "lfs_enabled": true, 1042 | "creator_id": 12, 1043 | "namespace": { 1044 | "id": 15, 1045 | "name": "abg657", 1046 | "path": "abg657", 1047 | "kind": "user", 1048 | "full_path": "abg657", 1049 | "parent_id": null 1050 | }, 1051 | "forked_from_project": { 1052 | "id": 9, 1053 | "description": "arbitrary spaces in octree", 1054 | "default_branch": "master", 1055 | "tag_list": [], 1056 | "ssh_url_to_repo": "git@gitlab.informatik.haw-hamburg.de:timadorus/quperl_octree2.git", 1057 | "http_url_to_repo": "https://gitlab.informatik.haw-hamburg.de/timadorus/quperl_octree2.git", 1058 | "web_url": "https://gitlab.informatik.haw-hamburg.de/timadorus/quperl_octree2", 1059 | "name": "quperl_octree2", 1060 | "name_with_namespace": "timadorus / quperl_octree2", 1061 | "path": "quperl_octree2", 1062 | "path_with_namespace": "timadorus/quperl_octree2", 1063 | "star_count": 0, 1064 | "forks_count": 2, 1065 | "created_at": "2016-12-12T14:56:31.719+01:00", 1066 | "last_activity_at": "2017-09-03T10:42:35.290+02:00" 1067 | }, 1068 | "import_status": "finished", 1069 | "avatar_url": null, 1070 | "open_issues_count": 0, 1071 | "public_jobs": true, 1072 | "ci_config_path": null, 1073 | "shared_with_groups": [], 1074 | "only_allow_merge_if_pipeline_succeeds": false, 1075 | "request_access_enabled": false, 1076 | "only_allow_merge_if_all_discussions_are_resolved": false, 1077 | "printing_merge_request_link_enabled": true, 1078 | "permissions": { 1079 | "project_access": null, 1080 | "group_access": null 1081 | } 1082 | }, 1083 | { 1084 | "id": 630, 1085 | "description": "", 1086 | "default_branch": "master", 1087 | "tag_list": [], 1088 | "ssh_url_to_repo": "git@gitlab.informatik.haw-hamburg.de:abg657/quperl_control.git", 1089 | "http_url_to_repo": "https://gitlab.informatik.haw-hamburg.de/abg657/quperl_control.git", 1090 | "web_url": "https://gitlab.informatik.haw-hamburg.de/abg657/quperl_control", 1091 | "name": "quperl_control", 1092 | "name_with_namespace": "Sven Allers / quperl_control", 1093 | "path": "quperl_control", 1094 | "path_with_namespace": "abg657/quperl_control", 1095 | "star_count": 0, 1096 | "forks_count": 0, 1097 | "created_at": "2017-08-23T13:07:28.659+02:00", 1098 | "last_activity_at": "2017-08-23T13:07:28.659+02:00", 1099 | "_links": { 1100 | "self": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/630", 1101 | "issues": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/630/issues", 1102 | "merge_requests": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/630/merge_requests", 1103 | "repo_branches": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/630/repository/branches", 1104 | "labels": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/630/labels", 1105 | "events": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/630/events", 1106 | "members": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/630/members" 1107 | }, 1108 | "archived": false, 1109 | "visibility": "private", 1110 | "owner": { 1111 | "name": "Sven Allers", 1112 | "username": "abg657", 1113 | "id": 12, 1114 | "state": "active", 1115 | "avatar_url": "https://secure.gravatar.com/avatar/a20287c7d999ed5c512889b1659225ad?s=80\u0026d=identicon", 1116 | "web_url": "https://gitlab.informatik.haw-hamburg.de/abg657" 1117 | }, 1118 | "container_registry_enabled": true, 1119 | "issues_enabled": true, 1120 | "merge_requests_enabled": true, 1121 | "wiki_enabled": true, 1122 | "jobs_enabled": true, 1123 | "snippets_enabled": true, 1124 | "shared_runners_enabled": true, 1125 | "lfs_enabled": true, 1126 | "creator_id": 12, 1127 | "namespace": { 1128 | "id": 15, 1129 | "name": "abg657", 1130 | "path": "abg657", 1131 | "kind": "user", 1132 | "full_path": "abg657", 1133 | "parent_id": null 1134 | }, 1135 | "forked_from_project": { 1136 | "id": 89, 1137 | "description": "", 1138 | "default_branch": "master", 1139 | "tag_list": [], 1140 | "ssh_url_to_repo": "git@gitlab.informatik.haw-hamburg.de:timadorus/quperl_control.git", 1141 | "http_url_to_repo": "https://gitlab.informatik.haw-hamburg.de/timadorus/quperl_control.git", 1142 | "web_url": "https://gitlab.informatik.haw-hamburg.de/timadorus/quperl_control", 1143 | "name": "quperl_control", 1144 | "name_with_namespace": "timadorus / quperl_control", 1145 | "path": "quperl_control", 1146 | "path_with_namespace": "timadorus/quperl_control", 1147 | "star_count": 0, 1148 | "forks_count": 1, 1149 | "created_at": "2017-01-25T12:17:30.026+01:00", 1150 | "last_activity_at": "2017-05-26T10:15:37.924+02:00" 1151 | }, 1152 | "import_status": "finished", 1153 | "avatar_url": null, 1154 | "open_issues_count": 0, 1155 | "public_jobs": true, 1156 | "ci_config_path": null, 1157 | "shared_with_groups": [], 1158 | "only_allow_merge_if_pipeline_succeeds": false, 1159 | "request_access_enabled": false, 1160 | "only_allow_merge_if_all_discussions_are_resolved": false, 1161 | "printing_merge_request_link_enabled": true, 1162 | "permissions": { 1163 | "project_access": null, 1164 | "group_access": null 1165 | } 1166 | }, 1167 | { 1168 | "id": 629, 1169 | "description": "server providing persistent storage for a distributed virtual environment.", 1170 | "default_branch": "master", 1171 | "tag_list": [], 1172 | "ssh_url_to_repo": "git@gitlab.informatik.haw-hamburg.de:abg657/quperl_server.git", 1173 | "http_url_to_repo": "https://gitlab.informatik.haw-hamburg.de/abg657/quperl_server.git", 1174 | "web_url": "https://gitlab.informatik.haw-hamburg.de/abg657/quperl_server", 1175 | "name": "quperl_server", 1176 | "name_with_namespace": "Sven Allers / quperl_server", 1177 | "path": "quperl_server", 1178 | "path_with_namespace": "abg657/quperl_server", 1179 | "star_count": 0, 1180 | "forks_count": 0, 1181 | "created_at": "2017-08-23T13:07:17.524+02:00", 1182 | "last_activity_at": "2017-08-30T15:11:25.509+02:00", 1183 | "_links": { 1184 | "self": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/629", 1185 | "issues": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/629/issues", 1186 | "merge_requests": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/629/merge_requests", 1187 | "repo_branches": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/629/repository/branches", 1188 | "labels": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/629/labels", 1189 | "events": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/629/events", 1190 | "members": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/629/members" 1191 | }, 1192 | "archived": false, 1193 | "visibility": "private", 1194 | "owner": { 1195 | "name": "Sven Allers", 1196 | "username": "abg657", 1197 | "id": 12, 1198 | "state": "active", 1199 | "avatar_url": "https://secure.gravatar.com/avatar/a20287c7d999ed5c512889b1659225ad?s=80\u0026d=identicon", 1200 | "web_url": "https://gitlab.informatik.haw-hamburg.de/abg657" 1201 | }, 1202 | "container_registry_enabled": true, 1203 | "issues_enabled": true, 1204 | "merge_requests_enabled": true, 1205 | "wiki_enabled": true, 1206 | "jobs_enabled": true, 1207 | "snippets_enabled": true, 1208 | "shared_runners_enabled": true, 1209 | "lfs_enabled": true, 1210 | "creator_id": 12, 1211 | "namespace": { 1212 | "id": 15, 1213 | "name": "abg657", 1214 | "path": "abg657", 1215 | "kind": "user", 1216 | "full_path": "abg657", 1217 | "parent_id": null 1218 | }, 1219 | "forked_from_project": { 1220 | "id": 88, 1221 | "description": "server providing persistent storage for a distributed virtual environment.", 1222 | "default_branch": "master", 1223 | "tag_list": [], 1224 | "ssh_url_to_repo": "git@gitlab.informatik.haw-hamburg.de:timadorus/quperl_server.git", 1225 | "http_url_to_repo": "https://gitlab.informatik.haw-hamburg.de/timadorus/quperl_server.git", 1226 | "web_url": "https://gitlab.informatik.haw-hamburg.de/timadorus/quperl_server", 1227 | "name": "quperl_server", 1228 | "name_with_namespace": "timadorus / quperl_server", 1229 | "path": "quperl_server", 1230 | "path_with_namespace": "timadorus/quperl_server", 1231 | "star_count": 0, 1232 | "forks_count": 1, 1233 | "created_at": "2017-01-24T22:01:35.805+01:00", 1234 | "last_activity_at": "2017-06-20T07:49:12.288+02:00" 1235 | }, 1236 | "import_status": "finished", 1237 | "avatar_url": null, 1238 | "open_issues_count": 0, 1239 | "public_jobs": true, 1240 | "ci_config_path": null, 1241 | "shared_with_groups": [], 1242 | "only_allow_merge_if_pipeline_succeeds": false, 1243 | "request_access_enabled": false, 1244 | "only_allow_merge_if_all_discussions_are_resolved": false, 1245 | "printing_merge_request_link_enabled": true, 1246 | "permissions": { 1247 | "project_access": null, 1248 | "group_access": null 1249 | } 1250 | }, 1251 | { 1252 | "id": 628, 1253 | "description": "", 1254 | "default_branch": "master", 1255 | "tag_list": [], 1256 | "ssh_url_to_repo": "git@gitlab.informatik.haw-hamburg.de:abg657/quperl_client.git", 1257 | "http_url_to_repo": "https://gitlab.informatik.haw-hamburg.de/abg657/quperl_client.git", 1258 | "web_url": "https://gitlab.informatik.haw-hamburg.de/abg657/quperl_client", 1259 | "name": "quperl_client", 1260 | "name_with_namespace": "Sven Allers / quperl_client", 1261 | "path": "quperl_client", 1262 | "path_with_namespace": "abg657/quperl_client", 1263 | "star_count": 0, 1264 | "forks_count": 0, 1265 | "created_at": "2017-08-23T13:07:05.175+02:00", 1266 | "last_activity_at": "2017-08-23T13:07:05.175+02:00", 1267 | "_links": { 1268 | "self": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/628", 1269 | "issues": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/628/issues", 1270 | "merge_requests": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/628/merge_requests", 1271 | "repo_branches": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/628/repository/branches", 1272 | "labels": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/628/labels", 1273 | "events": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/628/events", 1274 | "members": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/628/members" 1275 | }, 1276 | "archived": false, 1277 | "visibility": "private", 1278 | "owner": { 1279 | "name": "Sven Allers", 1280 | "username": "abg657", 1281 | "id": 12, 1282 | "state": "active", 1283 | "avatar_url": "https://secure.gravatar.com/avatar/a20287c7d999ed5c512889b1659225ad?s=80\u0026d=identicon", 1284 | "web_url": "https://gitlab.informatik.haw-hamburg.de/abg657" 1285 | }, 1286 | "container_registry_enabled": true, 1287 | "issues_enabled": true, 1288 | "merge_requests_enabled": true, 1289 | "wiki_enabled": true, 1290 | "jobs_enabled": true, 1291 | "snippets_enabled": true, 1292 | "shared_runners_enabled": true, 1293 | "lfs_enabled": true, 1294 | "creator_id": 12, 1295 | "namespace": { 1296 | "id": 15, 1297 | "name": "abg657", 1298 | "path": "abg657", 1299 | "kind": "user", 1300 | "full_path": "abg657", 1301 | "parent_id": null 1302 | }, 1303 | "forked_from_project": { 1304 | "id": 17, 1305 | "description": "", 1306 | "default_branch": "master", 1307 | "tag_list": [], 1308 | "ssh_url_to_repo": "git@gitlab.informatik.haw-hamburg.de:timadorus/quperl_client.git", 1309 | "http_url_to_repo": "https://gitlab.informatik.haw-hamburg.de/timadorus/quperl_client.git", 1310 | "web_url": "https://gitlab.informatik.haw-hamburg.de/timadorus/quperl_client", 1311 | "name": "quperl_client", 1312 | "name_with_namespace": "timadorus / quperl_client", 1313 | "path": "quperl_client", 1314 | "path_with_namespace": "timadorus/quperl_client", 1315 | "star_count": 0, 1316 | "forks_count": 2, 1317 | "created_at": "2016-12-20T10:57:42.029+01:00", 1318 | "last_activity_at": "2017-09-04T19:38:09.632+02:00" 1319 | }, 1320 | "import_status": "finished", 1321 | "avatar_url": null, 1322 | "open_issues_count": 0, 1323 | "public_jobs": true, 1324 | "ci_config_path": null, 1325 | "shared_with_groups": [], 1326 | "only_allow_merge_if_pipeline_succeeds": false, 1327 | "request_access_enabled": false, 1328 | "only_allow_merge_if_all_discussions_are_resolved": false, 1329 | "printing_merge_request_link_enabled": true, 1330 | "permissions": { 1331 | "project_access": null, 1332 | "group_access": null 1333 | } 1334 | }, 1335 | { 1336 | "id": 627, 1337 | "description": "", 1338 | "default_branch": "master", 1339 | "tag_list": [], 1340 | "ssh_url_to_repo": "git@gitlab.informatik.haw-hamburg.de:sarstedt/se1basis.git", 1341 | "http_url_to_repo": "https://gitlab.informatik.haw-hamburg.de/sarstedt/se1basis.git", 1342 | "web_url": "https://gitlab.informatik.haw-hamburg.de/sarstedt/se1basis", 1343 | "name": "se1basis", 1344 | "name_with_namespace": "Stefan Sarstedt / se1basis", 1345 | "path": "se1basis", 1346 | "path_with_namespace": "sarstedt/se1basis", 1347 | "star_count": 1, 1348 | "forks_count": 0, 1349 | "created_at": "2017-08-22T11:10:41.602+02:00", 1350 | "last_activity_at": "2017-08-22T21:39:27.028+02:00", 1351 | "_links": { 1352 | "self": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/627", 1353 | "issues": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/627/issues", 1354 | "merge_requests": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/627/merge_requests", 1355 | "repo_branches": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/627/repository/branches", 1356 | "labels": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/627/labels", 1357 | "events": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/627/events", 1358 | "members": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/627/members" 1359 | }, 1360 | "archived": false, 1361 | "visibility": "private", 1362 | "owner": { 1363 | "name": "Stefan Sarstedt", 1364 | "username": "sarstedt", 1365 | "id": 13, 1366 | "state": "active", 1367 | "avatar_url": "https://gitlab.informatik.haw-hamburg.de/uploads/-/system/user/avatar/13/avatar.png", 1368 | "web_url": "https://gitlab.informatik.haw-hamburg.de/sarstedt" 1369 | }, 1370 | "container_registry_enabled": true, 1371 | "issues_enabled": true, 1372 | "merge_requests_enabled": true, 1373 | "wiki_enabled": true, 1374 | "jobs_enabled": true, 1375 | "snippets_enabled": true, 1376 | "shared_runners_enabled": true, 1377 | "lfs_enabled": true, 1378 | "creator_id": 13, 1379 | "namespace": { 1380 | "id": 37, 1381 | "name": "sarstedt", 1382 | "path": "sarstedt", 1383 | "kind": "user", 1384 | "full_path": "sarstedt", 1385 | "parent_id": null 1386 | }, 1387 | "import_status": "none", 1388 | "avatar_url": null, 1389 | "open_issues_count": 0, 1390 | "public_jobs": true, 1391 | "ci_config_path": null, 1392 | "shared_with_groups": [], 1393 | "only_allow_merge_if_pipeline_succeeds": false, 1394 | "request_access_enabled": false, 1395 | "only_allow_merge_if_all_discussions_are_resolved": false, 1396 | "printing_merge_request_link_enabled": true, 1397 | "permissions": { 1398 | "project_access": null, 1399 | "group_access": null 1400 | } 1401 | }, 1402 | { 1403 | "id": 626, 1404 | "description": "", 1405 | "default_branch": "master", 1406 | "tag_list": [], 1407 | "ssh_url_to_repo": "git@gitlab.informatik.haw-hamburg.de:abb256/k8sworkshop.git", 1408 | "http_url_to_repo": "https://gitlab.informatik.haw-hamburg.de/abb256/k8sworkshop.git", 1409 | "web_url": "https://gitlab.informatik.haw-hamburg.de/abb256/k8sworkshop", 1410 | "name": "k8sworkshop", 1411 | "name_with_namespace": "Lukas Grundmann / k8sworkshop", 1412 | "path": "k8sworkshop", 1413 | "path_with_namespace": "abb256/k8sworkshop", 1414 | "star_count": 0, 1415 | "forks_count": 0, 1416 | "created_at": "2017-08-21T17:08:24.381+02:00", 1417 | "last_activity_at": "2017-09-03T05:32:29.406+02:00", 1418 | "_links": { 1419 | "self": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/626", 1420 | "issues": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/626/issues", 1421 | "merge_requests": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/626/merge_requests", 1422 | "repo_branches": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/626/repository/branches", 1423 | "labels": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/626/labels", 1424 | "events": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/626/events", 1425 | "members": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/626/members" 1426 | }, 1427 | "archived": false, 1428 | "visibility": "private", 1429 | "owner": { 1430 | "name": "Lukas Grundmann", 1431 | "username": "abb256", 1432 | "id": 41, 1433 | "state": "active", 1434 | "avatar_url": "https://secure.gravatar.com/avatar/b67f609c1119e8f464d32ac99d093300?s=80\u0026d=identicon", 1435 | "web_url": "https://gitlab.informatik.haw-hamburg.de/abb256" 1436 | }, 1437 | "container_registry_enabled": true, 1438 | "issues_enabled": true, 1439 | "merge_requests_enabled": true, 1440 | "wiki_enabled": true, 1441 | "jobs_enabled": true, 1442 | "snippets_enabled": true, 1443 | "shared_runners_enabled": false, 1444 | "lfs_enabled": true, 1445 | "creator_id": 41, 1446 | "namespace": { 1447 | "id": 66, 1448 | "name": "abb256", 1449 | "path": "abb256", 1450 | "kind": "user", 1451 | "full_path": "abb256", 1452 | "parent_id": null 1453 | }, 1454 | "import_status": "none", 1455 | "avatar_url": null, 1456 | "open_issues_count": 0, 1457 | "public_jobs": true, 1458 | "ci_config_path": null, 1459 | "shared_with_groups": [], 1460 | "only_allow_merge_if_pipeline_succeeds": false, 1461 | "request_access_enabled": false, 1462 | "only_allow_merge_if_all_discussions_are_resolved": false, 1463 | "printing_merge_request_link_enabled": true, 1464 | "permissions": { 1465 | "project_access": null, 1466 | "group_access": null 1467 | } 1468 | }, 1469 | { 1470 | "id": 625, 1471 | "description": "", 1472 | "default_branch": null, 1473 | "tag_list": [], 1474 | "ssh_url_to_repo": "git@gitlab.informatik.haw-hamburg.de:James-dein-helfer/nao-app.git", 1475 | "http_url_to_repo": "https://gitlab.informatik.haw-hamburg.de/James-dein-helfer/nao-app.git", 1476 | "web_url": "https://gitlab.informatik.haw-hamburg.de/James-dein-helfer/nao-app", 1477 | "name": "nao-app", 1478 | "name_with_namespace": "James-dein-helfer / nao-app", 1479 | "path": "nao-app", 1480 | "path_with_namespace": "James-dein-helfer/nao-app", 1481 | "star_count": 0, 1482 | "forks_count": 0, 1483 | "created_at": "2017-08-18T16:44:20.255+02:00", 1484 | "last_activity_at": "2017-08-18T16:44:20.255+02:00", 1485 | "_links": { 1486 | "self": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/625", 1487 | "issues": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/625/issues", 1488 | "merge_requests": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/625/merge_requests", 1489 | "repo_branches": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/625/repository/branches", 1490 | "labels": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/625/labels", 1491 | "events": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/625/events", 1492 | "members": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/625/members" 1493 | }, 1494 | "archived": false, 1495 | "visibility": "private", 1496 | "container_registry_enabled": true, 1497 | "issues_enabled": true, 1498 | "merge_requests_enabled": true, 1499 | "wiki_enabled": true, 1500 | "jobs_enabled": true, 1501 | "snippets_enabled": true, 1502 | "shared_runners_enabled": false, 1503 | "lfs_enabled": true, 1504 | "creator_id": 265, 1505 | "namespace": { 1506 | "id": 639, 1507 | "name": "James-dein-helfer", 1508 | "path": "James-dein-helfer", 1509 | "kind": "group", 1510 | "full_path": "James-dein-helfer", 1511 | "parent_id": null, 1512 | "members_count_with_descendants": 5 1513 | }, 1514 | "import_status": "none", 1515 | "avatar_url": null, 1516 | "open_issues_count": 0, 1517 | "public_jobs": true, 1518 | "ci_config_path": null, 1519 | "shared_with_groups": [], 1520 | "only_allow_merge_if_pipeline_succeeds": false, 1521 | "request_access_enabled": false, 1522 | "only_allow_merge_if_all_discussions_are_resolved": false, 1523 | "printing_merge_request_link_enabled": true, 1524 | "permissions": { 1525 | "project_access": null, 1526 | "group_access": null 1527 | } 1528 | }, 1529 | { 1530 | "id": 623, 1531 | "description": "", 1532 | "default_branch": null, 1533 | "tag_list": [], 1534 | "ssh_url_to_repo": "git@gitlab.informatik.haw-hamburg.de:James-dein-helfer/server.git", 1535 | "http_url_to_repo": "https://gitlab.informatik.haw-hamburg.de/James-dein-helfer/server.git", 1536 | "web_url": "https://gitlab.informatik.haw-hamburg.de/James-dein-helfer/server", 1537 | "name": "server", 1538 | "name_with_namespace": "James-dein-helfer / server", 1539 | "path": "server", 1540 | "path_with_namespace": "James-dein-helfer/server", 1541 | "star_count": 0, 1542 | "forks_count": 0, 1543 | "created_at": "2017-08-18T16:42:39.926+02:00", 1544 | "last_activity_at": "2017-08-18T16:42:39.926+02:00", 1545 | "_links": { 1546 | "self": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/623", 1547 | "issues": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/623/issues", 1548 | "merge_requests": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/623/merge_requests", 1549 | "repo_branches": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/623/repository/branches", 1550 | "labels": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/623/labels", 1551 | "events": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/623/events", 1552 | "members": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/623/members" 1553 | }, 1554 | "archived": false, 1555 | "visibility": "private", 1556 | "container_registry_enabled": true, 1557 | "issues_enabled": true, 1558 | "merge_requests_enabled": true, 1559 | "wiki_enabled": true, 1560 | "jobs_enabled": true, 1561 | "snippets_enabled": true, 1562 | "shared_runners_enabled": false, 1563 | "lfs_enabled": true, 1564 | "creator_id": 265, 1565 | "namespace": { 1566 | "id": 639, 1567 | "name": "James-dein-helfer", 1568 | "path": "James-dein-helfer", 1569 | "kind": "group", 1570 | "full_path": "James-dein-helfer", 1571 | "parent_id": null, 1572 | "members_count_with_descendants": 5 1573 | }, 1574 | "import_status": "none", 1575 | "avatar_url": null, 1576 | "open_issues_count": 0, 1577 | "public_jobs": true, 1578 | "ci_config_path": null, 1579 | "shared_with_groups": [], 1580 | "only_allow_merge_if_pipeline_succeeds": false, 1581 | "request_access_enabled": false, 1582 | "only_allow_merge_if_all_discussions_are_resolved": false, 1583 | "printing_merge_request_link_enabled": true, 1584 | "permissions": { 1585 | "project_access": null, 1586 | "group_access": null 1587 | } 1588 | }, 1589 | { 1590 | "id": 621, 1591 | "description": "", 1592 | "default_branch": "master", 1593 | "tag_list": [], 1594 | "ssh_url_to_repo": "git@gitlab.informatik.haw-hamburg.de:aca361/aDGVM-vegetation-generator.git", 1595 | "http_url_to_repo": "https://gitlab.informatik.haw-hamburg.de/aca361/aDGVM-vegetation-generator.git", 1596 | "web_url": "https://gitlab.informatik.haw-hamburg.de/aca361/aDGVM-vegetation-generator", 1597 | "name": "aDGVM-vegetation-generator", 1598 | "name_with_namespace": "Julius Weyl / aDGVM-vegetation-generator", 1599 | "path": "aDGVM-vegetation-generator", 1600 | "path_with_namespace": "aca361/aDGVM-vegetation-generator", 1601 | "star_count": 0, 1602 | "forks_count": 0, 1603 | "created_at": "2017-08-18T06:56:55.346+02:00", 1604 | "last_activity_at": "2017-08-19T11:23:14.228+02:00", 1605 | "_links": { 1606 | "self": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/621", 1607 | "issues": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/621/issues", 1608 | "merge_requests": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/621/merge_requests", 1609 | "repo_branches": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/621/repository/branches", 1610 | "labels": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/621/labels", 1611 | "events": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/621/events", 1612 | "members": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/621/members" 1613 | }, 1614 | "archived": false, 1615 | "visibility": "private", 1616 | "owner": { 1617 | "name": "Julius Weyl", 1618 | "username": "aca361", 1619 | "id": 45, 1620 | "state": "active", 1621 | "avatar_url": "https://gitlab.informatik.haw-hamburg.de/uploads/-/system/user/avatar/45/avatar.png", 1622 | "web_url": "https://gitlab.informatik.haw-hamburg.de/aca361" 1623 | }, 1624 | "container_registry_enabled": true, 1625 | "issues_enabled": true, 1626 | "merge_requests_enabled": true, 1627 | "wiki_enabled": true, 1628 | "jobs_enabled": true, 1629 | "snippets_enabled": true, 1630 | "shared_runners_enabled": false, 1631 | "lfs_enabled": true, 1632 | "creator_id": 45, 1633 | "namespace": { 1634 | "id": 70, 1635 | "name": "aca361", 1636 | "path": "aca361", 1637 | "kind": "user", 1638 | "full_path": "aca361", 1639 | "parent_id": null 1640 | }, 1641 | "import_status": "none", 1642 | "avatar_url": null, 1643 | "open_issues_count": 0, 1644 | "public_jobs": true, 1645 | "ci_config_path": null, 1646 | "shared_with_groups": [], 1647 | "only_allow_merge_if_pipeline_succeeds": false, 1648 | "request_access_enabled": false, 1649 | "only_allow_merge_if_all_discussions_are_resolved": false, 1650 | "printing_merge_request_link_enabled": true, 1651 | "permissions": { 1652 | "project_access": null, 1653 | "group_access": null 1654 | } 1655 | }, 1656 | { 1657 | "id": 620, 1658 | "description": "", 1659 | "default_branch": "master", 1660 | "tag_list": [], 1661 | "ssh_url_to_repo": "git@gitlab.informatik.haw-hamburg.de:abf617/thesis.git", 1662 | "http_url_to_repo": "https://gitlab.informatik.haw-hamburg.de/abf617/thesis.git", 1663 | "web_url": "https://gitlab.informatik.haw-hamburg.de/abf617/thesis", 1664 | "name": "thesis", 1665 | "name_with_namespace": "abf617 / thesis", 1666 | "path": "thesis", 1667 | "path_with_namespace": "abf617/thesis", 1668 | "star_count": 0, 1669 | "forks_count": 0, 1670 | "created_at": "2017-08-16T23:27:02.063+02:00", 1671 | "last_activity_at": "2017-08-22T00:10:31.224+02:00", 1672 | "_links": { 1673 | "self": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/620", 1674 | "issues": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/620/issues", 1675 | "merge_requests": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/620/merge_requests", 1676 | "repo_branches": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/620/repository/branches", 1677 | "labels": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/620/labels", 1678 | "events": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/620/events", 1679 | "members": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/620/members" 1680 | }, 1681 | "archived": false, 1682 | "visibility": "private", 1683 | "owner": { 1684 | "name": "abf617", 1685 | "username": "abf617", 1686 | "id": 308, 1687 | "state": "active", 1688 | "avatar_url": "https://secure.gravatar.com/avatar/f93f5c620343be9b9b32820991b38677?s=80\u0026d=identicon", 1689 | "web_url": "https://gitlab.informatik.haw-hamburg.de/abf617" 1690 | }, 1691 | "container_registry_enabled": true, 1692 | "issues_enabled": true, 1693 | "merge_requests_enabled": true, 1694 | "wiki_enabled": true, 1695 | "jobs_enabled": true, 1696 | "snippets_enabled": true, 1697 | "shared_runners_enabled": false, 1698 | "lfs_enabled": true, 1699 | "creator_id": 308, 1700 | "namespace": { 1701 | "id": 635, 1702 | "name": "abf617", 1703 | "path": "abf617", 1704 | "kind": "user", 1705 | "full_path": "abf617", 1706 | "parent_id": null 1707 | }, 1708 | "import_status": "none", 1709 | "avatar_url": null, 1710 | "open_issues_count": 0, 1711 | "public_jobs": true, 1712 | "ci_config_path": null, 1713 | "shared_with_groups": [], 1714 | "only_allow_merge_if_pipeline_succeeds": false, 1715 | "request_access_enabled": false, 1716 | "only_allow_merge_if_all_discussions_are_resolved": false, 1717 | "printing_merge_request_link_enabled": true, 1718 | "permissions": { 1719 | "project_access": null, 1720 | "group_access": null 1721 | } 1722 | }, 1723 | { 1724 | "id": 619, 1725 | "description": "Web-Executor: will run a command from a shell on a linux machine when being called via https. The command can be configured.", 1726 | "default_branch": "master", 1727 | "tag_list": [], 1728 | "ssh_url_to_repo": "git@gitlab.informatik.haw-hamburg.de:sage/wexecutor.git", 1729 | "http_url_to_repo": "https://gitlab.informatik.haw-hamburg.de/sage/wexecutor.git", 1730 | "web_url": "https://gitlab.informatik.haw-hamburg.de/sage/wexecutor", 1731 | "name": "wexecutor", 1732 | "name_with_namespace": "Lutz Behnke / wexecutor", 1733 | "path": "wexecutor", 1734 | "path_with_namespace": "sage/wexecutor", 1735 | "star_count": 0, 1736 | "forks_count": 0, 1737 | "created_at": "2017-08-16T11:08:08.003+02:00", 1738 | "last_activity_at": "2017-08-16T11:08:08.003+02:00", 1739 | "_links": { 1740 | "self": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/619", 1741 | "issues": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/619/issues", 1742 | "merge_requests": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/619/merge_requests", 1743 | "repo_branches": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/619/repository/branches", 1744 | "labels": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/619/labels", 1745 | "events": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/619/events", 1746 | "members": "http://gitlab.informatik.haw-hamburg.de/api/v4/projects/619/members" 1747 | }, 1748 | "archived": false, 1749 | "visibility": "public", 1750 | "owner": { 1751 | "name": "Lutz Behnke", 1752 | "username": "sage", 1753 | "id": 6, 1754 | "state": "active", 1755 | "avatar_url": "https://gitlab.informatik.haw-hamburg.de/uploads/-/system/user/avatar/6/avatar.png", 1756 | "web_url": "https://gitlab.informatik.haw-hamburg.de/sage" 1757 | }, 1758 | "container_registry_enabled": true, 1759 | "issues_enabled": true, 1760 | "merge_requests_enabled": true, 1761 | "wiki_enabled": true, 1762 | "jobs_enabled": true, 1763 | "snippets_enabled": true, 1764 | "shared_runners_enabled": false, 1765 | "lfs_enabled": true, 1766 | "creator_id": 6, 1767 | "namespace": { 1768 | "id": 7, 1769 | "name": "sage", 1770 | "path": "sage", 1771 | "kind": "user", 1772 | "full_path": "sage", 1773 | "parent_id": null 1774 | }, 1775 | "import_status": "none", 1776 | "avatar_url": null, 1777 | "open_issues_count": 0, 1778 | "public_jobs": true, 1779 | "ci_config_path": null, 1780 | "shared_with_groups": [], 1781 | "only_allow_merge_if_pipeline_succeeds": false, 1782 | "request_access_enabled": false, 1783 | "only_allow_merge_if_all_discussions_are_resolved": false, 1784 | "printing_merge_request_link_enabled": true, 1785 | "permissions": { 1786 | "project_access": null, 1787 | "group_access": null 1788 | } 1789 | } 1790 | ]`) 1791 | })) 1792 | defer ts.Close() 1793 | url := ts.URL 1794 | foundProjects, err := GetAllProjects(make([]GitlabProject, 0), url) 1795 | if err != nil { 1796 | t.Error(err) 1797 | } 1798 | if len(foundProjects) != 20 { 1799 | t.Error("No projects were parsed.") 1800 | } 1801 | } 1802 | 1803 | func TestGetAllUsers(t *testing.T) { 1804 | ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 1805 | w.Header().Set("Content-Type", "application/json") 1806 | fmt.Fprintln(w, `[ 1807 | { 1808 | "name": "abt897", 1809 | "username": "abt897", 1810 | "id": 319, 1811 | "state": "active", 1812 | "avatar_url": "https://secure.gravatar.com/avatar/c8576a54f032360762b26c5ba5cb1f0d?s=80\u0026d=identicon", 1813 | "web_url": "https://gitlab.informatik.haw-hamburg.de/abt897", 1814 | "created_at": "2017-08-30T19:52:55.712+02:00", 1815 | "bio": null, 1816 | "location": null, 1817 | "skype": "", 1818 | "linkedin": "", 1819 | "twitter": "", 1820 | "website_url": "", 1821 | "organization": null, 1822 | "last_sign_in_at": "2017-08-30T19:52:55.818+02:00", 1823 | "confirmed_at": "2017-08-30T19:52:55.489+02:00", 1824 | "last_activity_on": "2017-08-30", 1825 | "email": "max.mustermann@test-gl-k8s.com", 1826 | "color_scheme_id": 1, 1827 | "projects_limit": 10, 1828 | "current_sign_in_at": "2017-08-30T19:52:55.818+02:00", 1829 | "identities": [ 1830 | { 1831 | "provider": "ldapmain", 1832 | "extern_uid": "uid=123xyc,ou=Users,ou=dept,o=test-company" 1833 | } 1834 | ], 1835 | "can_create_group": true, 1836 | "can_create_project": true, 1837 | "two_factor_enabled": false, 1838 | "external": false, 1839 | "is_admin": false 1840 | }, 1841 | { 1842 | "name": "acf462", 1843 | "username": "acf462", 1844 | "id": 318, 1845 | "state": "active", 1846 | "avatar_url": "https://secure.gravatar.com/avatar/f973967b954fd7b2e91bd84854bc276e?s=80\u0026d=identicon", 1847 | "web_url": "https://gitlab.informatik.haw-hamburg.de/acf462", 1848 | "created_at": "2017-08-30T16:00:50.425+02:00", 1849 | "bio": null, 1850 | "location": null, 1851 | "skype": "", 1852 | "linkedin": "", 1853 | "twitter": "", 1854 | "website_url": "", 1855 | "organization": null, 1856 | "last_sign_in_at": "2017-08-30T16:00:50.535+02:00", 1857 | "confirmed_at": "2017-08-30T16:00:50.097+02:00", 1858 | "last_activity_on": null, 1859 | "email": "max.mustermann@test-gl-k8s.com", 1860 | "color_scheme_id": 1, 1861 | "projects_limit": 10, 1862 | "current_sign_in_at": "2017-08-30T16:00:50.535+02:00", 1863 | "identities": [ 1864 | { 1865 | "provider": "ldapmain", 1866 | "extern_uid": "uid=123xyc,ou=Users,ou=dept,o=test-company" 1867 | } 1868 | ], 1869 | "can_create_group": true, 1870 | "can_create_project": true, 1871 | "two_factor_enabled": false, 1872 | "external": false, 1873 | "is_admin": false 1874 | }, 1875 | { 1876 | "name": "chris", 1877 | "username": "abz826", 1878 | "id": 317, 1879 | "state": "active", 1880 | "avatar_url": "https://secure.gravatar.com/avatar/f139b5b140569969070e387ec3cbc83f?s=80\u0026d=identicon", 1881 | "web_url": "https://gitlab.informatik.haw-hamburg.de/abz826", 1882 | "created_at": "2017-08-26T06:48:16.347+02:00", 1883 | "bio": "", 1884 | "location": "Hamburg", 1885 | "skype": "", 1886 | "linkedin": "", 1887 | "twitter": "", 1888 | "website_url": "", 1889 | "organization": "", 1890 | "last_sign_in_at": "2017-08-29T10:18:25.828+02:00", 1891 | "confirmed_at": "2017-08-26T06:48:16.331+02:00", 1892 | "last_activity_on": "2017-08-30", 1893 | "email": "chris.thiele@haw-hamburg.de", 1894 | "color_scheme_id": 1, 1895 | "projects_limit": 10, 1896 | "current_sign_in_at": "2017-08-30T19:13:09.218+02:00", 1897 | "identities": [ 1898 | { 1899 | "provider": "ldapmain", 1900 | "extern_uid": "uid=123xyc,ou=Users,ou=dept,o=test-company" 1901 | } 1902 | ], 1903 | "can_create_group": true, 1904 | "can_create_project": true, 1905 | "two_factor_enabled": false, 1906 | "external": false, 1907 | "is_admin": false 1908 | }, 1909 | { 1910 | "name": "k8s400", 1911 | "username": "k8s400", 1912 | "id": 316, 1913 | "state": "active", 1914 | "avatar_url": "https://secure.gravatar.com/avatar/0325e72d0f5e8370773aac08787293b8?s=80\u0026d=identicon", 1915 | "web_url": "https://gitlab.informatik.haw-hamburg.de/k8s400", 1916 | "created_at": "2017-08-25T10:59:49.080+02:00", 1917 | "bio": null, 1918 | "location": null, 1919 | "skype": "", 1920 | "linkedin": "", 1921 | "twitter": "", 1922 | "website_url": "", 1923 | "organization": null, 1924 | "last_sign_in_at": "2017-08-25T10:59:49.161+02:00", 1925 | "confirmed_at": "2017-08-25T10:59:48.841+02:00", 1926 | "last_activity_on": null, 1927 | "email": "students001.k@informatik.haw-hamburg.de", 1928 | "color_scheme_id": 1, 1929 | "projects_limit": 10, 1930 | "current_sign_in_at": "2017-09-01T15:09:06.784+02:00", 1931 | "identities": [ 1932 | { 1933 | "provider": "ldapmain", 1934 | "extern_uid": "uid=123xyc,ou=Users,ou=dept,o=test-company" 1935 | } 1936 | ], 1937 | "can_create_group": true, 1938 | "can_create_project": true, 1939 | "two_factor_enabled": false, 1940 | "external": false, 1941 | "is_admin": false 1942 | }, 1943 | { 1944 | "name": "abv898", 1945 | "username": "abv898", 1946 | "id": 315, 1947 | "state": "active", 1948 | "avatar_url": "https://secure.gravatar.com/avatar/9845c9b279dd6d1017d27edc068af074?s=80\u0026d=identicon", 1949 | "web_url": "https://gitlab.informatik.haw-hamburg.de/abv898", 1950 | "created_at": "2017-08-23T21:51:13.826+02:00", 1951 | "bio": null, 1952 | "location": null, 1953 | "skype": "", 1954 | "linkedin": "", 1955 | "twitter": "", 1956 | "website_url": "", 1957 | "organization": null, 1958 | "last_sign_in_at": "2017-08-23T21:51:13.889+02:00", 1959 | "confirmed_at": "2017-08-23T21:51:13.782+02:00", 1960 | "last_activity_on": null, 1961 | "email": "max.mustermann@test-gl-k8s.com", 1962 | "color_scheme_id": 1, 1963 | "projects_limit": 10, 1964 | "current_sign_in_at": "2017-08-23T21:51:13.889+02:00", 1965 | "identities": [ 1966 | { 1967 | "provider": "ldapmain", 1968 | "extern_uid": "uid=123xyc,ou=Users,ou=dept,o=test-company" 1969 | } 1970 | ], 1971 | "can_create_group": true, 1972 | "can_create_project": true, 1973 | "two_factor_enabled": false, 1974 | "external": false, 1975 | "is_admin": false 1976 | }, 1977 | { 1978 | "name": "acb980", 1979 | "username": "acb980", 1980 | "id": 314, 1981 | "state": "active", 1982 | "avatar_url": "https://secure.gravatar.com/avatar/181abffc7a76c3fced7d569d8efc9676?s=80\u0026d=identicon", 1983 | "web_url": "https://gitlab.informatik.haw-hamburg.de/acb980", 1984 | "created_at": "2017-08-23T21:50:34.014+02:00", 1985 | "bio": null, 1986 | "location": null, 1987 | "skype": "", 1988 | "linkedin": "", 1989 | "twitter": "", 1990 | "website_url": "", 1991 | "organization": null, 1992 | "last_sign_in_at": "2017-08-23T21:50:34.094+02:00", 1993 | "confirmed_at": "2017-08-23T21:50:33.980+02:00", 1994 | "last_activity_on": null, 1995 | "email": "max.mustermann@test-gl-k8s.com", 1996 | "color_scheme_id": 1, 1997 | "projects_limit": 10, 1998 | "current_sign_in_at": "2017-08-23T21:50:34.094+02:00", 1999 | "identities": [ 2000 | { 2001 | "provider": "ldapmain", 2002 | "extern_uid": "uid=123xyc,ou=Users,ou=dept,o=test-company" 2003 | } 2004 | ], 2005 | "can_create_group": true, 2006 | "can_create_project": true, 2007 | "two_factor_enabled": false, 2008 | "external": false, 2009 | "is_admin": false 2010 | }, 2011 | { 2012 | "name": "acc412", 2013 | "username": "acc412", 2014 | "id": 313, 2015 | "state": "active", 2016 | "avatar_url": "https://secure.gravatar.com/avatar/0ee8b8b64f13d45c721394c819150f31?s=80\u0026d=identicon", 2017 | "web_url": "https://gitlab.informatik.haw-hamburg.de/acc412", 2018 | "created_at": "2017-08-22T21:39:43.004+02:00", 2019 | "bio": null, 2020 | "location": null, 2021 | "skype": "", 2022 | "linkedin": "", 2023 | "twitter": "", 2024 | "website_url": "", 2025 | "organization": null, 2026 | "last_sign_in_at": "2017-08-22T21:39:43.064+02:00", 2027 | "confirmed_at": "2017-08-22T21:39:42.490+02:00", 2028 | "last_activity_on": null, 2029 | "email": "max.mustermann@test-gl-k8s.com", 2030 | "color_scheme_id": 1, 2031 | "projects_limit": 10, 2032 | "current_sign_in_at": "2017-08-22T21:39:43.064+02:00", 2033 | "identities": [ 2034 | { 2035 | "provider": "ldapmain", 2036 | "extern_uid": "uid=123xyc,ou=Users,ou=dept,o=test-company" 2037 | } 2038 | ], 2039 | "can_create_group": true, 2040 | "can_create_project": true, 2041 | "two_factor_enabled": false, 2042 | "external": false, 2043 | "is_admin": false 2044 | }, 2045 | { 2046 | "name": "abf159", 2047 | "username": "abf159", 2048 | "id": 312, 2049 | "state": "active", 2050 | "avatar_url": "https://secure.gravatar.com/avatar/1b9b9b6c19e07ea5c2863a512f242b82?s=80\u0026d=identicon", 2051 | "web_url": "https://gitlab.informatik.haw-hamburg.de/abf159", 2052 | "created_at": "2017-08-21T23:21:03.050+02:00", 2053 | "bio": null, 2054 | "location": null, 2055 | "skype": "", 2056 | "linkedin": "", 2057 | "twitter": "", 2058 | "website_url": "", 2059 | "organization": null, 2060 | "last_sign_in_at": "2017-08-21T23:21:03.113+02:00", 2061 | "confirmed_at": "2017-08-21T23:21:02.697+02:00", 2062 | "last_activity_on": null, 2063 | "email": "max.mustermann@test-gl-k8s.com", 2064 | "color_scheme_id": 1, 2065 | "projects_limit": 10, 2066 | "current_sign_in_at": "2017-08-22T09:56:59.416+02:00", 2067 | "identities": [ 2068 | { 2069 | "provider": "ldapmain", 2070 | "extern_uid": "uid=123xyc,ou=Users,ou=dept,o=test-company" 2071 | } 2072 | ], 2073 | "can_create_group": true, 2074 | "can_create_project": true, 2075 | "two_factor_enabled": false, 2076 | "external": false, 2077 | "is_admin": false 2078 | }, 2079 | { 2080 | "name": "acj141", 2081 | "username": "acj141", 2082 | "id": 311, 2083 | "state": "active", 2084 | "avatar_url": "https://secure.gravatar.com/avatar/14311c01b7d60387a4aea8eb01b57d1a?s=80\u0026d=identicon", 2085 | "web_url": "https://gitlab.informatik.haw-hamburg.de/acj141", 2086 | "created_at": "2017-08-16T20:43:42.973+02:00", 2087 | "bio": null, 2088 | "location": null, 2089 | "skype": "", 2090 | "linkedin": "", 2091 | "twitter": "", 2092 | "website_url": "", 2093 | "organization": null, 2094 | "last_sign_in_at": "2017-08-16T20:43:43.044+02:00", 2095 | "confirmed_at": "2017-08-16T20:43:42.123+02:00", 2096 | "last_activity_on": null, 2097 | "email": "max.mustermann@test-gl-k8s.com", 2098 | "color_scheme_id": 1, 2099 | "projects_limit": 10, 2100 | "current_sign_in_at": "2017-08-16T20:43:43.044+02:00", 2101 | "identities": [ 2102 | { 2103 | "provider": "ldapmain", 2104 | "extern_uid": "uid=123xyc,ou=Users,ou=dept,o=test-company" 2105 | } 2106 | ], 2107 | "can_create_group": true, 2108 | "can_create_project": true, 2109 | "two_factor_enabled": false, 2110 | "external": false, 2111 | "is_admin": false 2112 | }, 2113 | { 2114 | "name": "abz908", 2115 | "username": "abz908", 2116 | "id": 310, 2117 | "state": "active", 2118 | "avatar_url": "https://secure.gravatar.com/avatar/065ee13e2c8603b536ef9046e69cb40a?s=80\u0026d=identicon", 2119 | "web_url": "https://gitlab.informatik.haw-hamburg.de/abz908", 2120 | "created_at": "2017-08-15T20:26:51.718+02:00", 2121 | "bio": null, 2122 | "location": null, 2123 | "skype": "", 2124 | "linkedin": "", 2125 | "twitter": "", 2126 | "website_url": "", 2127 | "organization": null, 2128 | "last_sign_in_at": "2017-08-15T20:26:51.792+02:00", 2129 | "confirmed_at": "2017-08-15T20:26:51.704+02:00", 2130 | "last_activity_on": null, 2131 | "email": "max.mustermann@test-gl-k8s.com", 2132 | "color_scheme_id": 1, 2133 | "projects_limit": 10, 2134 | "current_sign_in_at": "2017-08-15T20:26:51.792+02:00", 2135 | "identities": [ 2136 | { 2137 | "provider": "ldapmain", 2138 | "extern_uid": "uid=123xyc,ou=Users,ou=dept,o=test-company" 2139 | } 2140 | ], 2141 | "can_create_group": true, 2142 | "can_create_project": true, 2143 | "two_factor_enabled": false, 2144 | "external": false, 2145 | "is_admin": false 2146 | }, 2147 | { 2148 | "name": "abq335", 2149 | "username": "abq335", 2150 | "id": 309, 2151 | "state": "active", 2152 | "avatar_url": "https://secure.gravatar.com/avatar/406221c71e5ca1729b99fd84737792e3?s=80\u0026d=identicon", 2153 | "web_url": "https://gitlab.informatik.haw-hamburg.de/abq335", 2154 | "created_at": "2017-08-15T19:35:35.871+02:00", 2155 | "bio": null, 2156 | "location": null, 2157 | "skype": "", 2158 | "linkedin": "", 2159 | "twitter": "", 2160 | "website_url": "", 2161 | "organization": null, 2162 | "last_sign_in_at": "2017-08-28T10:06:33.104+02:00", 2163 | "confirmed_at": "2017-08-15T19:35:35.856+02:00", 2164 | "last_activity_on": "2017-08-28", 2165 | "email": "max.mustermann@test-gl-k8s.com", 2166 | "color_scheme_id": 1, 2167 | "projects_limit": 10, 2168 | "current_sign_in_at": "2017-09-05T12:25:14.391+02:00", 2169 | "identities": [ 2170 | { 2171 | "provider": "ldapmain", 2172 | "extern_uid": "uid=123xyc,ou=Users,ou=dept,o=test-company" 2173 | } 2174 | ], 2175 | "can_create_group": true, 2176 | "can_create_project": true, 2177 | "two_factor_enabled": false, 2178 | "external": false, 2179 | "is_admin": false 2180 | }, 2181 | { 2182 | "name": "abf617", 2183 | "username": "abf617", 2184 | "id": 308, 2185 | "state": "active", 2186 | "avatar_url": "https://secure.gravatar.com/avatar/f93f5c620343be9b9b32820991b38677?s=80\u0026d=identicon", 2187 | "web_url": "https://gitlab.informatik.haw-hamburg.de/abf617", 2188 | "created_at": "2017-08-15T17:11:01.938+02:00", 2189 | "bio": null, 2190 | "location": null, 2191 | "skype": "", 2192 | "linkedin": "", 2193 | "twitter": "", 2194 | "website_url": "", 2195 | "organization": null, 2196 | "last_sign_in_at": "2017-08-21T23:33:57.117+02:00", 2197 | "confirmed_at": "2017-08-15T17:11:01.922+02:00", 2198 | "last_activity_on": "2017-08-22", 2199 | "email": "max.mustermann@test-gl-k8s.com", 2200 | "color_scheme_id": 5, 2201 | "projects_limit": 10, 2202 | "current_sign_in_at": "2017-08-22T12:42:17.235+02:00", 2203 | "identities": [ 2204 | { 2205 | "provider": "ldapmain", 2206 | "extern_uid": "uid=123xyc,ou=Users,ou=dept,o=test-company" 2207 | } 2208 | ], 2209 | "can_create_group": true, 2210 | "can_create_project": true, 2211 | "two_factor_enabled": false, 2212 | "external": false, 2213 | "is_admin": false 2214 | }, 2215 | { 2216 | "name": "acj102", 2217 | "username": "acj102", 2218 | "id": 307, 2219 | "state": "active", 2220 | "avatar_url": "https://secure.gravatar.com/avatar/fe86c8a482560eb9d0dff52979448497?s=80\u0026d=identicon", 2221 | "web_url": "https://gitlab.informatik.haw-hamburg.de/acj102", 2222 | "created_at": "2017-08-15T12:27:09.512+02:00", 2223 | "bio": null, 2224 | "location": null, 2225 | "skype": "", 2226 | "linkedin": "", 2227 | "twitter": "", 2228 | "website_url": "", 2229 | "organization": null, 2230 | "last_sign_in_at": "2017-08-15T12:27:09.632+02:00", 2231 | "confirmed_at": "2017-08-15T12:27:09.350+02:00", 2232 | "last_activity_on": null, 2233 | "email": "max.mustermann@test-gl-k8s.com", 2234 | "color_scheme_id": 1, 2235 | "projects_limit": 10, 2236 | "current_sign_in_at": "2017-08-15T12:27:09.632+02:00", 2237 | "identities": [ 2238 | { 2239 | "provider": "ldapmain", 2240 | "extern_uid": "uid=123xyc,ou=Users,ou=dept,o=test-company" 2241 | } 2242 | ], 2243 | "can_create_group": true, 2244 | "can_create_project": true, 2245 | "two_factor_enabled": false, 2246 | "external": false, 2247 | "is_admin": false 2248 | }, 2249 | { 2250 | "name": "aci959", 2251 | "username": "aci959", 2252 | "id": 306, 2253 | "state": "active", 2254 | "avatar_url": "https://secure.gravatar.com/avatar/2150bbc122c3430719391d90c3302524?s=80\u0026d=identicon", 2255 | "web_url": "https://gitlab.informatik.haw-hamburg.de/aci959", 2256 | "created_at": "2017-08-11T21:11:31.062+02:00", 2257 | "bio": null, 2258 | "location": null, 2259 | "skype": "", 2260 | "linkedin": "", 2261 | "twitter": "", 2262 | "website_url": "", 2263 | "organization": null, 2264 | "last_sign_in_at": "2017-08-11T21:11:31.165+02:00", 2265 | "confirmed_at": "2017-08-11T21:11:30.745+02:00", 2266 | "last_activity_on": null, 2267 | "email": "max.mustermann@test-gl-k8s.com", 2268 | "color_scheme_id": 1, 2269 | "projects_limit": 10, 2270 | "current_sign_in_at": "2017-08-11T21:11:31.165+02:00", 2271 | "identities": [ 2272 | { 2273 | "provider": "ldapmain", 2274 | "extern_uid": "uid=123xyc,ou=Users,ou=dept,o=test-company" 2275 | } 2276 | ], 2277 | "can_create_group": true, 2278 | "can_create_project": true, 2279 | "two_factor_enabled": false, 2280 | "external": false, 2281 | "is_admin": false 2282 | }, 2283 | { 2284 | "name": "ach146", 2285 | "username": "ach146", 2286 | "id": 305, 2287 | "state": "active", 2288 | "avatar_url": "https://secure.gravatar.com/avatar/df1ed92a44ac8a67ff4fad0ef107875f?s=80\u0026d=identicon", 2289 | "web_url": "https://gitlab.informatik.haw-hamburg.de/ach146", 2290 | "created_at": "2017-08-10T09:19:44.771+02:00", 2291 | "bio": null, 2292 | "location": null, 2293 | "skype": "", 2294 | "linkedin": "", 2295 | "twitter": "", 2296 | "website_url": "", 2297 | "organization": null, 2298 | "last_sign_in_at": "2017-08-10T09:19:44.828+02:00", 2299 | "confirmed_at": "2017-08-10T09:19:44.754+02:00", 2300 | "last_activity_on": null, 2301 | "email": "max.mustermann@test-gl-k8s.com", 2302 | "color_scheme_id": 1, 2303 | "projects_limit": 10, 2304 | "current_sign_in_at": "2017-08-10T09:19:44.828+02:00", 2305 | "identities": [ 2306 | { 2307 | "provider": "ldapmain", 2308 | "extern_uid": "uid=123xyc,ou=Users,ou=dept,o=test-company" 2309 | } 2310 | ], 2311 | "can_create_group": true, 2312 | "can_create_project": true, 2313 | "two_factor_enabled": false, 2314 | "external": false, 2315 | "is_admin": false 2316 | }, 2317 | { 2318 | "name": "aav300", 2319 | "username": "aav300", 2320 | "id": 304, 2321 | "state": "active", 2322 | "avatar_url": "https://secure.gravatar.com/avatar/ff76518c28711c5c95deaf794034c034?s=80\u0026d=identicon", 2323 | "web_url": "https://gitlab.informatik.haw-hamburg.de/aav300", 2324 | "created_at": "2017-08-09T19:57:00.500+02:00", 2325 | "bio": null, 2326 | "location": null, 2327 | "skype": "", 2328 | "linkedin": "", 2329 | "twitter": "", 2330 | "website_url": "", 2331 | "organization": null, 2332 | "last_sign_in_at": "2017-08-09T19:57:00.553+02:00", 2333 | "confirmed_at": "2017-08-09T19:57:00.486+02:00", 2334 | "last_activity_on": null, 2335 | "email": "max.mustermann@test-gl-k8s.com", 2336 | "color_scheme_id": 1, 2337 | "projects_limit": 10, 2338 | "current_sign_in_at": "2017-08-09T19:57:00.553+02:00", 2339 | "identities": [ 2340 | { 2341 | "provider": "ldapmain", 2342 | "extern_uid": "uid=123xyc,ou=Users,ou=dept,o=test-company" 2343 | } 2344 | ], 2345 | "can_create_group": true, 2346 | "can_create_project": true, 2347 | "two_factor_enabled": false, 2348 | "external": false, 2349 | "is_admin": false 2350 | }, 2351 | { 2352 | "name": "abd260", 2353 | "username": "abd260", 2354 | "id": 303, 2355 | "state": "active", 2356 | "avatar_url": "https://secure.gravatar.com/avatar/974d7fdb9a76fade73d2c56973955dfb?s=80\u0026d=identicon", 2357 | "web_url": "https://gitlab.informatik.haw-hamburg.de/abd260", 2358 | "created_at": "2017-08-09T19:35:13.794+02:00", 2359 | "bio": null, 2360 | "location": null, 2361 | "skype": "", 2362 | "linkedin": "", 2363 | "twitter": "", 2364 | "website_url": "", 2365 | "organization": null, 2366 | "last_sign_in_at": "2017-08-09T19:35:13.863+02:00", 2367 | "confirmed_at": "2017-08-09T19:35:13.531+02:00", 2368 | "last_activity_on": null, 2369 | "email": "max.mustermann@test-gl-k8s.com", 2370 | "color_scheme_id": 1, 2371 | "projects_limit": 10, 2372 | "current_sign_in_at": "2017-08-09T19:35:13.863+02:00", 2373 | "identities": [ 2374 | { 2375 | "provider": "ldapmain", 2376 | "extern_uid": "uid=123xyc,ou=Users,ou=dept,o=test-company" 2377 | } 2378 | ], 2379 | "can_create_group": true, 2380 | "can_create_project": true, 2381 | "two_factor_enabled": false, 2382 | "external": false, 2383 | "is_admin": false 2384 | }, 2385 | { 2386 | "name": "aci829", 2387 | "username": "aci829", 2388 | "id": 302, 2389 | "state": "active", 2390 | "avatar_url": "https://secure.gravatar.com/avatar/d94514dbf168361ce18f150cd6f85590?s=80\u0026d=identicon", 2391 | "web_url": "https://gitlab.informatik.haw-hamburg.de/aci829", 2392 | "created_at": "2017-08-09T16:17:06.553+02:00", 2393 | "bio": null, 2394 | "location": null, 2395 | "skype": "", 2396 | "linkedin": "", 2397 | "twitter": "", 2398 | "website_url": "", 2399 | "organization": null, 2400 | "last_sign_in_at": "2017-08-09T16:17:06.610+02:00", 2401 | "confirmed_at": "2017-08-09T16:17:06.192+02:00", 2402 | "last_activity_on": null, 2403 | "email": "max.mustermann@test-gl-k8s.com", 2404 | "color_scheme_id": 1, 2405 | "projects_limit": 10, 2406 | "current_sign_in_at": "2017-08-09T16:17:06.610+02:00", 2407 | "identities": [ 2408 | { 2409 | "provider": "ldapmain", 2410 | "extern_uid": "uid=123xyc,ou=Users,ou=dept,o=test-company" 2411 | } 2412 | ], 2413 | "can_create_group": true, 2414 | "can_create_project": true, 2415 | "two_factor_enabled": false, 2416 | "external": false, 2417 | "is_admin": false 2418 | }, 2419 | { 2420 | "name": "abr561", 2421 | "username": "abr561", 2422 | "id": 301, 2423 | "state": "active", 2424 | "avatar_url": "https://secure.gravatar.com/avatar/9ec28ae03efebf4f45c18ffd874c3f6a?s=80\u0026d=identicon", 2425 | "web_url": "https://gitlab.informatik.haw-hamburg.de/abr561", 2426 | "created_at": "2017-08-09T14:39:34.700+02:00", 2427 | "bio": null, 2428 | "location": null, 2429 | "skype": "", 2430 | "linkedin": "", 2431 | "twitter": "", 2432 | "website_url": "", 2433 | "organization": null, 2434 | "last_sign_in_at": "2017-08-09T14:39:34.756+02:00", 2435 | "confirmed_at": "2017-08-09T14:39:34.683+02:00", 2436 | "last_activity_on": null, 2437 | "email": "max.mustermann@test-gl-k8s.com", 2438 | "color_scheme_id": 1, 2439 | "projects_limit": 10, 2440 | "current_sign_in_at": "2017-08-09T14:39:34.756+02:00", 2441 | "identities": [ 2442 | { 2443 | "provider": "ldapmain", 2444 | "extern_uid": "uid=123xyc,ou=Users,ou=dept,o=test-company" 2445 | } 2446 | ], 2447 | "can_create_group": true, 2448 | "can_create_project": true, 2449 | "two_factor_enabled": false, 2450 | "external": false, 2451 | "is_admin": false 2452 | }, 2453 | { 2454 | "name": "acc166", 2455 | "username": "acc166", 2456 | "id": 300, 2457 | "state": "active", 2458 | "avatar_url": "https://secure.gravatar.com/avatar/d30f0e7e053bbf3fcc65d5b8aee2f529?s=80\u0026d=identicon", 2459 | "web_url": "https://gitlab.informatik.haw-hamburg.de/acc166", 2460 | "created_at": "2017-08-09T14:13:22.402+02:00", 2461 | "bio": null, 2462 | "location": null, 2463 | "skype": "", 2464 | "linkedin": "", 2465 | "twitter": "", 2466 | "website_url": "", 2467 | "organization": null, 2468 | "last_sign_in_at": "2017-08-09T14:13:22.470+02:00", 2469 | "confirmed_at": "2017-08-09T14:13:22.386+02:00", 2470 | "last_activity_on": null, 2471 | "color_scheme_id": 1, 2472 | "projects_limit": 10, 2473 | "current_sign_in_at": "2017-08-09T14:13:22.470+02:00", 2474 | "identities": [ 2475 | { 2476 | "provider": "ldapmain", 2477 | "extern_uid": "uid=123xyc,ou=Users,ou=dept,o=test-company" 2478 | } 2479 | ], 2480 | "can_create_group": true, 2481 | "can_create_project": true, 2482 | "two_factor_enabled": false, 2483 | "external": false, 2484 | "is_admin": false 2485 | } 2486 | ]`) 2487 | })) 2488 | defer ts.Close() 2489 | url := ts.URL 2490 | foundUsers, err := GetAllUsers(make([]GitlabUser, 0), url) 2491 | if err != nil { 2492 | t.Error(err) 2493 | } 2494 | if len(foundUsers) != 20 { 2495 | t.Error("No users were parsed.") 2496 | } 2497 | 2498 | if foundUsers[0].Username == "" { 2499 | t.Error("deserialization didnt work for Users. Username was empty!") 2500 | } 2501 | } 2502 | -------------------------------------------------------------------------------- /gitlabclient/gitlab_write_client.go: -------------------------------------------------------------------------------- 1 | package gitlabclient 2 | 3 | import ( 4 | "bytes" 5 | "encoding/json" 6 | "fmt" 7 | "io/ioutil" 8 | "log" 9 | "net/http" 10 | "os" 11 | ) 12 | 13 | func SetupK8sIntegrationForGitlabProject(projectId, namespace, token string) { 14 | k8sUrl := os.Getenv("EXTERNAL_K8S_API_URL") 15 | if k8sUrl == "" { 16 | // abort if K8S_API_URL was not set 17 | log.Println("K8S_API_URL was not set, skipping setup of K8s integration in Gitlab...") 18 | return 19 | } 20 | 21 | url := fmt.Sprintf("%sprojects/%s/services/kubernetes", getGitlabBaseUrl(), projectId) 22 | 23 | req, err := http.NewRequest(http.MethodPut, url, nil) 24 | if err != nil { 25 | log.Fatalln(err) 26 | } 27 | 28 | q := req.URL.Query() 29 | q.Add("token", token) 30 | q.Add("namespace", namespace) 31 | q.Add("api_url", k8sUrl) 32 | 33 | caPem := os.Getenv("K8S_CA_PEM") 34 | if caPem != "" { 35 | q.Add("ca_pem", caPem) 36 | } 37 | 38 | req.URL.RawQuery = q.Encode() 39 | 40 | req.Header.Add("Private-Token", os.Getenv("GITLAB_PRIVATE_TOKEN")) 41 | req.Header.Add("Sudo", "root") 42 | 43 | resp, err := http.DefaultClient.Do(req) 44 | 45 | if err != nil { 46 | log.Println(fmt.Sprintf("Could not set up Kubernetes Integration for project %s . Err was: %s ", projectId, err.Error())) 47 | } 48 | 49 | if resp.StatusCode != http.StatusOK { 50 | msg := "" 51 | body, err := ioutil.ReadAll(resp.Body) 52 | if err != nil { 53 | msg = string(body[:]) 54 | 55 | } 56 | log.Println(fmt.Sprintf("Setting up Kubernetes Integration for project %s failed with errorCode %d and message %s", projectId, resp.StatusCode, msg)) 57 | } 58 | 59 | setupEnvironment(projectId) 60 | } 61 | 62 | type ErrorMessage struct { 63 | Message Msg 64 | } 65 | 66 | type Msg struct { 67 | Name []string 68 | Slug []string 69 | } 70 | 71 | func setupEnvironment(projectId string) { 72 | envName := os.Getenv("GITLAB_ENVIRONMENT_NAME") 73 | if envName == "" { 74 | // abort if GITLAB_ENVIRONMENT_NAME was not set 75 | log.Println("GITLAB_ENVIRONMENT_NAME was not set, skipping creation of environment in Gitlab...") 76 | return 77 | } 78 | 79 | url := fmt.Sprintf("%sprojects/%s/environments", getGitlabBaseUrl(), projectId) 80 | values := map[string]string{"id": projectId, "name": envName} 81 | jsonValue, err := json.Marshal(values) 82 | if err != nil { 83 | log.Fatalln(err) 84 | } 85 | 86 | req, err := http.NewRequest(http.MethodPost, url, bytes.NewBuffer(jsonValue)) 87 | req.Header.Add("PRIVATE-TOKEN", os.Getenv("GITLAB_PRIVATE_TOKEN")) 88 | req.Header.Add("Content-Type", "application/json") 89 | req.Header.Add("Accept", "application/json") 90 | 91 | resp, err := http.DefaultClient.Do(req) 92 | if err != nil { 93 | log.Fatalln(err) 94 | } 95 | 96 | switch resp.StatusCode { 97 | case http.StatusCreated: 98 | return 99 | 100 | case http.StatusBadRequest: 101 | var msg ErrorMessage 102 | body, err := ioutil.ReadAll(resp.Body) 103 | if err != nil { 104 | log.Fatal(err) 105 | } 106 | json.Unmarshal(body, &msg) 107 | if len(msg.Message.Name) > 0 && msg.Message.Name[0] == "has already been taken" { 108 | return 109 | } 110 | log.Println(fmt.Sprintf("Creation of environment failed with http error %d, projectID was: %s", resp.StatusCode, projectId)) 111 | default: 112 | log.Println(fmt.Sprintf("Creation of environment failed with http error %d, projectID was: %s", resp.StatusCode, projectId)) 113 | } 114 | } 115 | -------------------------------------------------------------------------------- /glk8smain/main.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2017 by Christian Hüning (christianhuening@googlemail.com). 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | */ 15 | 16 | package glk8smain 17 | 18 | import ( 19 | "fmt" 20 | "log" 21 | "os" 22 | "os/signal" 23 | "syscall" 24 | 25 | "github.com/k8s-tamias/gitlab-k8s-integrator/usecases" 26 | "github.com/k8s-tamias/gitlab-k8s-integrator/webhooklistener" 27 | ) 28 | 29 | func Main() { 30 | log.Println("Gitlab K8s Integrator starting up!") 31 | if os.Getenv("GITLAB_HOSTNAME") == "" { 32 | log.Fatalln("Please provide GITLAB_HOSTNAME env!") 33 | } 34 | if os.Getenv("GITLAB_API_VERSION") == "" { 35 | log.Fatalln("Please provide GITLAB_API_VERSION env!") 36 | } 37 | if os.Getenv("GITLAB_PRIVATE_TOKEN") == "" { 38 | log.Fatalln("Please provide GITLAB_PRIVATE_TOKEN env!") 39 | } 40 | 41 | quit := make(chan int) 42 | 43 | // Handle System signals 44 | sigc := make(chan os.Signal, 1) 45 | signal.Notify(sigc, 46 | syscall.SIGHUP, 47 | syscall.SIGINT, 48 | syscall.SIGTERM, 49 | syscall.SIGQUIT) 50 | go func() { 51 | s := <-sigc 52 | switch s { 53 | case os.Interrupt: 54 | quit <- 0 55 | case syscall.SIGTERM: 56 | quit <- 0 57 | } 58 | }() 59 | 60 | // listen in sep. routine 61 | go webhooklistener.Listen(quit) 62 | go usecases.StartRecurringSyncTimer() 63 | log.Println("Gitlab K8s Integrator listening!") 64 | 65 | // Perform 1st sync now: 66 | go usecases.PerformGlK8sSync() 67 | // Wait until server signals quit 68 | select { 69 | case <-quit: 70 | fmt.Println("Goodbye!") 71 | } 72 | 73 | } 74 | -------------------------------------------------------------------------------- /helm/gitlab-integrator/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /helm/gitlab-integrator/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0.10" 3 | description: A Helm chart for the gitlab-integrator 4 | name: gitlab-integrator 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /helm/gitlab-integrator/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for gitlab-integrator. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | replicaCount: 1 6 | 7 | image: 8 | repository: chrishuen/gitlab-k8s-integrator 9 | tag: v1.0 10 | pullPolicy: IfNotPresent 11 | 12 | nameOverride: "" 13 | fullnameOverride: "" 14 | 15 | service: 16 | type: ClusterIP 17 | port: 80 18 | 19 | ingress: 20 | enabled: true 21 | annotations: 22 | kubernetes.io/ingress.class: nginx 23 | kubernetes.io/tls-acme: "true" 24 | path: / 25 | hosts: [] 26 | tls: 27 | - secretName: gitlab-integration-tls 28 | hosts: [] 29 | 30 | resources: 31 | # We usually recommend not to specify default resources and to leave this as a conscious 32 | # choice for the user. This also increases chances charts run on environments with little 33 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 34 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 35 | # limits: 36 | # cpu: 100m 37 | # memory: 128Mi 38 | requests: 39 | cpu: 100m 40 | memory: 50Mi 41 | 42 | nodeSelector: {} 43 | 44 | tolerations: [] 45 | 46 | affinity: {} 47 | 48 | # The private access token from a Gitlab admin user to use when calling the API 49 | enableGitlabHookDebug: false 50 | enableGitlabSyncDebug: false 51 | enableSyncEndpoint: false 52 | customRoleDir: /etc/custom-roles 53 | gitlabHostname: 54 | gitlabAPIVersion: v4 55 | gitlabServiceAccountName: gitlab-serviceaccount 56 | gitlabPrivateToken: 57 | gitlabSecretToken: 58 | gitlabEnvironmentName: dev 59 | # default: in-cluster config 60 | k8sAPIUrl: kubernetes 61 | k8sExternalK8sAPIUrl: 62 | 63 | k8sCaPem: 64 | imagePullSecretDockerConfig: -------------------------------------------------------------------------------- /k8sclient/k8s_client_common.go: -------------------------------------------------------------------------------- 1 | package k8sclient 2 | 3 | import ( 4 | "fmt" 5 | "log" 6 | "os" 7 | "regexp" 8 | "strings" 9 | 10 | "github.com/pkg/errors" 11 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 12 | "k8s.io/client-go/kubernetes" 13 | "k8s.io/client-go/rest" 14 | ) 15 | 16 | // Utils 17 | 18 | func GetAllGitlabOriginNamesFromNamespacesWithOriginLabel() []string { 19 | nsList, err := getK8sClient().CoreV1().Namespaces().List(metav1.ListOptions{LabelSelector: "gitlab-origin"}) 20 | if check(err) { 21 | log.Fatal(err) 22 | } 23 | vsf := make([]string, 0) 24 | for _, v := range nsList.Items { 25 | if labelName := v.Labels["gitlab-origin"]; labelName != "" { 26 | gitlabName, err := k8sLabelToGitlabName(labelName) 27 | if check(err) { 28 | log.Fatal("Error while transforming labelName back to Gitlab Name. Err: " + err.Error()) 29 | } 30 | vsf = append(vsf, gitlabName) 31 | } 32 | } 33 | return vsf 34 | } 35 | 36 | // GetActualNameSpaceNameByGitlabName looks for the original name from gitlab in the gitlab-origin labels of namespaces 37 | // and returns the given namespace name in the K8s cluster or an empty string if namespace has not been found 38 | func GetActualNameSpaceNameByGitlabName(gitlabOriginName string) string { 39 | correctName := "" 40 | 41 | if gitlabOriginName == "kube-system" { 42 | return correctName 43 | } 44 | 45 | client := getK8sClient() 46 | 47 | k8sName, err := GitlabNameToK8sLabel(gitlabOriginName) 48 | if check(err) { 49 | log.Fatal("Error while transforming gitlab name to k8s label: " + err.Error()) 50 | } 51 | 52 | namespaces, err := client.CoreV1().Namespaces().List(metav1.ListOptions{LabelSelector: "gitlab-origin=" + k8sName}) 53 | if check(err) { 54 | log.Fatal("Error while retrieving namespaces: " + err.Error()) 55 | } 56 | if len(namespaces.Items) > 1 { 57 | log.Println("WARNING: Found mutliple namespaces with gitlab-origin= " + k8sName + ". This is potentially very bad, consult a cloud admin!") 58 | } else if len(namespaces.Items) < 1 { 59 | log.Println("INFO: No namespace has been found with gitlab-origin=" + k8sName + ".") 60 | } else { 61 | correctName = namespaces.Items[0].Name 62 | } 63 | return correctName 64 | } 65 | 66 | /// GetRoleBindingsByNamespace retrieves the rolebindings present in K8s for the provided namespace 67 | /// the namespace parameter is assumed to be the real namespace name in k8s! 68 | func GetRoleBindingsByNamespace(namespace string) map[string]bool { 69 | rbs, err := getK8sClient().RbacV1().RoleBindings(namespace).List(metav1.ListOptions{}) 70 | if check(err) { 71 | log.Fatal(fmt.Sprintf("Error while retrieving rolebindings for namespace %s. Error: %s", namespace, err)) 72 | } 73 | res := map[string]bool{} 74 | 75 | for _, rb := range rbs.Items { 76 | res[rb.Name] = true 77 | } 78 | 79 | return res 80 | } 81 | 82 | func ConstructRoleBindingName(username, rolename, ns string) string { 83 | return username + "-" + rolename + "-" + ns 84 | } 85 | 86 | func GetProjectRoleName(accessLevel string) string { 87 | var rname string 88 | switch accessLevel { 89 | case "Master", "Owner": 90 | rname = os.Getenv("PROJECT_MASTER_ROLENAME") 91 | if rname == "" { 92 | rname = "gitlab-project-master" 93 | } 94 | case "Reporter": 95 | rname = os.Getenv("PROJECT_REPORTER_ROLENAME") 96 | if rname == "" { 97 | rname = "gitlab-project-reporter" 98 | } 99 | case "Developer": 100 | rname = os.Getenv("PROJECT_DEVELOPER_ROLENAME") 101 | if rname == "" { 102 | rname = "gitlab-project-developer" 103 | } 104 | 105 | default: 106 | rname = os.Getenv("PROJECT_DEFAULT_ROLENAME") 107 | if rname == "" { 108 | rname = "gitlab-project-guest" 109 | } 110 | } 111 | return rname 112 | } 113 | 114 | func GetGroupRoleName(accessLevel string) string { 115 | var rname string 116 | switch accessLevel { 117 | case "Master", "Owner": 118 | rname = os.Getenv("GROUP_MASTER_ROLENAME") 119 | if rname == "" { 120 | rname = "gitlab-group-master" 121 | } 122 | case "Reporter": 123 | rname = os.Getenv("GROUP_REPORTER_ROLENAME") 124 | if rname == "" { 125 | rname = "gitlab-group-reporter" 126 | } 127 | case "Developer": 128 | rname = os.Getenv("GROUP_DEVELOPER_ROLENAME") 129 | if rname == "" { 130 | rname = "gitlab-group-developer" 131 | } 132 | 133 | default: 134 | rname = os.Getenv("GROUP_DEFAULT_ROLENAME") 135 | if rname == "" { 136 | rname = "gitlab-group-guest" 137 | } 138 | } 139 | return rname 140 | } 141 | 142 | // Internal Functions 143 | 144 | func GitlabNameToK8sNamespace(givenName string) (string, error) { 145 | nsName := strings.ToLower(givenName) 146 | 147 | replacer := strings.NewReplacer(" ", "", 148 | "ü", "ue", 149 | "ö", "oe", 150 | "ä", "ae", 151 | "ß", "ss", 152 | "_", "-", 153 | ".", "-", 154 | "/", "-") 155 | 156 | nsName = replacer.Replace(nsName) 157 | // regex for checking k8s namespace name 158 | regex, err := regexp.Compile("^[a-z0-9]([-a-z0-9]*[a-z0-9])?$") 159 | 160 | if check(err) { 161 | return "", err 162 | } 163 | 164 | if !regex.MatchString(nsName) { 165 | return "", errors.New("Created Namespace name did not adhere to rules") 166 | } 167 | 168 | return nsName, nil 169 | } 170 | 171 | func GitlabNameToK8sLabel(givenName string) (string, error) { 172 | /* 173 | Rules: 174 | 1) “.” -> “.” 175 | 2) “-” -> “-” 176 | 3) “_” -> “__” 177 | 4) “/” -> “_” 178 | */ 179 | replacer := strings.NewReplacer("_", "__", 180 | "/", "_") 181 | 182 | labelName := replacer.Replace(givenName) 183 | // regex for checking k8s namespace name 184 | // old expression: "(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?" 185 | regex, err := regexp.Compile("(^[A-Za-z0-9]([-A-Za-z0-9_.]*[A-Za-z0-9])?$)") 186 | 187 | if check(err) { 188 | return "", err 189 | } 190 | 191 | if !regex.MatchString(labelName) { 192 | return "", errors.New("Created Label name did not adhere to rules") 193 | } 194 | 195 | return labelName, nil 196 | } 197 | 198 | func k8sLabelToGitlabName(givenName string) (string, error) { 199 | /* 200 | Rules: 201 | 1) “.” <- “.” 202 | 2) “-” <- “-” 203 | 3) “_” <- “__” 204 | 4) “/” <- “_” 205 | */ 206 | // Path can contain only letters, digits, '_', '-' and '.'. Cannot start with '-' or end in '.', '.git' or '.atom'. 207 | replacer := strings.NewReplacer("__", "_", 208 | "_", "/") 209 | 210 | labelName := replacer.Replace(givenName) 211 | // regex for checking gitlab namespace name 212 | regex, err := regexp.Compile("(?:[a-zA-Z0-9_.][a-zA-Z0-9_.]*[a-zA-Z0-9_-]|[a-zA-Z0-9_])") 213 | 214 | if check(err) { 215 | return "", err 216 | } 217 | 218 | if !regex.MatchString(labelName) { 219 | return "", errors.New("Created Gitlab Label name did not adhere to rules") 220 | } 221 | 222 | return labelName, nil 223 | } 224 | 225 | func getK8sClient() *kubernetes.Clientset { 226 | // creates the in-cluster config 227 | config, err := rest.InClusterConfig() 228 | if check(err) { 229 | log.Fatal(err) 230 | } 231 | 232 | // creates the clientset 233 | clientset, err := kubernetes.NewForConfig(config) 234 | 235 | if check(err) { 236 | log.Fatal(err) 237 | } 238 | return clientset 239 | } 240 | 241 | func check(err error) bool { 242 | if err != nil { 243 | return true 244 | } 245 | return false 246 | } 247 | -------------------------------------------------------------------------------- /k8sclient/k8s_client_group_role_bindings.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2017 by Christian Hüning (christianhuening@googlemail.com). 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | */ 15 | 16 | package k8sclient 17 | 18 | import ( 19 | "fmt" 20 | "log" 21 | 22 | rbacv1 "k8s.io/api/rbac/v1" 23 | k8serrors "k8s.io/apimachinery/pkg/api/errors" 24 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 25 | ) 26 | 27 | func CreateGroupRoleBinding(username, path, accessLevel string) { 28 | ns := GetActualNameSpaceNameByGitlabName(path) 29 | if ns == "" { 30 | CreateNamespace(path) 31 | ns = GetActualNameSpaceNameByGitlabName(path) 32 | } 33 | rolename := GetGroupRoleName(accessLevel) 34 | 35 | rB := rbacv1.RoleBinding{ObjectMeta: metav1.ObjectMeta{Name: ConstructRoleBindingName(username, rolename, ns), Namespace: ns}, 36 | Subjects: []rbacv1.Subject{{Name: username, Kind: "User", APIGroup: "rbac.authorization.k8s.io"}}, 37 | RoleRef: rbacv1.RoleRef{Kind: "ClusterRole", Name: GetGroupRoleName(accessLevel), APIGroup: "rbac.authorization.k8s.io"}} 38 | 39 | _, err := getK8sClient().RbacV1().RoleBindings(ns).Create(&rB) 40 | if k8serrors.IsNotFound(err) { 41 | CreateNamespace(path) 42 | _, err = getK8sClient().RbacV1().RoleBindings(ns).Create(&rB) 43 | } 44 | if check(err) { 45 | log.Fatal("Communication with K8s Server threw error, while creating RoleBinding. Err: " + err.Error()) 46 | } 47 | log.Println(fmt.Sprintf("INFO: Created GroupRoleBinding for user %s as %s in namespace %s", username, rolename, ns)) 48 | } 49 | 50 | func DeleteGroupRoleBinding(username, path, accessLevel string) { 51 | 52 | ns, err := GitlabNameToK8sNamespace(path) 53 | if check(err) { 54 | log.Fatal(err) 55 | } 56 | 57 | rolename := GetGroupRoleName(accessLevel) 58 | 59 | if rolename != "" { 60 | roleBindingName := ConstructRoleBindingName(username, rolename, GetActualNameSpaceNameByGitlabName(path)) 61 | DeleteGroupRoleBindingByName(roleBindingName, ns) 62 | } 63 | } 64 | 65 | func DeleteGroupRoleBindingByName(roleBindingName, actualNamespace string) { 66 | ns, errGetNs := getK8sClient().CoreV1().Namespaces().Get(actualNamespace, metav1.GetOptions{}) 67 | if check(errGetNs) { 68 | log.Fatal("Error while retrieving namespace. Error: " + errGetNs.Error()) 69 | } 70 | if ns.Labels["gitlab-ignored"] == "" { 71 | err := getK8sClient().RbacV1().RoleBindings(actualNamespace).Delete(roleBindingName, &metav1.DeleteOptions{}) 72 | if check(err) { 73 | log.Println("WARNING: Communication with K8s Server threw error, while deleting RoleBinding. Err: " + err.Error()) 74 | } 75 | } 76 | } 77 | -------------------------------------------------------------------------------- /k8sclient/k8s_client_group_role_bindings_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2017 by Christian Hüning (christianhuening@googlemail.com). 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | */ 15 | 16 | package k8sclient 17 | 18 | import ( 19 | "fmt" 20 | "testing" 21 | ) 22 | 23 | /* 24 | Rules: 25 | 1) “.” <-> “.” 26 | 2) “-” <-> “-” 27 | 3) “_” <-> “__” 28 | 4) “/” <-> “_” 29 | */ 30 | 31 | func TestGitlabNameToK8sLabel(t *testing.T) { 32 | g1 := "uP/uP-Chief" 33 | k1, err := GitlabNameToK8sLabel(g1) 34 | if err != nil { 35 | t.Error(err) 36 | } 37 | if k1 != "uP_uP-Chief" { 38 | t.Error("Incorrect replacement of '/'") 39 | } 40 | 41 | g2 := "u_P/uP-Chief" 42 | k2, err := GitlabNameToK8sLabel(g2) 43 | if err != nil { 44 | t.Error(err) 45 | } 46 | if k2 != "u__P_uP-Chief" { 47 | t.Error("Incorrect replacement of '/'") 48 | } 49 | 50 | g3 := "u__.P/uP-Chief" 51 | k3, err := GitlabNameToK8sLabel(g3) 52 | if err != nil { 53 | t.Error(err) 54 | } 55 | if k3 != "u____.P_uP-Chief" { 56 | t.Error("Incorrect replacement of '/'. Res: " + k3) 57 | } 58 | 59 | g4 := "uP-uP-Chief" 60 | k4, err := GitlabNameToK8sLabel(g4) 61 | if err != nil { 62 | t.Error(err) 63 | } 64 | if k4 != "uP-uP-Chief" { 65 | t.Error("Incorrect replacement of nothing") 66 | } 67 | } 68 | 69 | func TestK8sLabelToGitlabName(t *testing.T) { 70 | k1 := "uP_uP-Chief" 71 | g1, err := k8sLabelToGitlabName(k1) 72 | if err != nil { 73 | t.Error(err) 74 | } 75 | if g1 != "uP/uP-Chief" { 76 | t.Error("Incorrect replacement of '/'. Res: " + g1) 77 | } 78 | 79 | k2 := "u__P_uP-Chief" 80 | g2, err := k8sLabelToGitlabName(k2) 81 | if err != nil { 82 | t.Error(err) 83 | } 84 | if g2 != "u_P/uP-Chief" { 85 | t.Error("Incorrect replacement of '/'. Res: " + g2) 86 | } 87 | 88 | k3 := "u____.P_uP-Chief" 89 | g3, err := k8sLabelToGitlabName(k3) 90 | if err != nil { 91 | t.Error(err) 92 | } 93 | if g3 != "u__.P/uP-Chief" { 94 | t.Error("Incorrect replacement of '/'. Res: " + g3) 95 | } 96 | 97 | k4 := "uP-uP-Chief" 98 | g4, err := k8sLabelToGitlabName(k4) 99 | if err != nil { 100 | t.Error(err) 101 | } 102 | if g4 != "uP-uP-Chief" { 103 | t.Error("Incorrect replacement of '/'. Res: " + g4) 104 | } 105 | } 106 | 107 | func TestGetGroupRoleName(t *testing.T) { 108 | masterRole := GetGroupRoleName("Master") 109 | if masterRole != "gitlab-group-master" { 110 | t.Error(fmt.Sprintf("Expected gitlab-group-master , but was %s", masterRole)) 111 | } 112 | } 113 | 114 | func TestGetProjectRoleName(t *testing.T) { 115 | masterRole := GetProjectRoleName("Master") 116 | if masterRole != "gitlab-project-master" { 117 | t.Error(fmt.Sprintf("Expected gitlab-project-master , but was %s", masterRole)) 118 | } 119 | } 120 | -------------------------------------------------------------------------------- /k8sclient/k8s_client_limit_range.go: -------------------------------------------------------------------------------- 1 | package k8sclient 2 | 3 | import ( 4 | "os" 5 | "strconv" 6 | "k8s.io/api/core/v1" 7 | "k8s.io/apimachinery/pkg/api/resource" 8 | "log" 9 | k8serrors "k8s.io/apimachinery/pkg/api/errors" 10 | ) 11 | 12 | func CreateLimitRange(namespace string) { 13 | if namespace == "" { 14 | return 15 | } 16 | enableLimitRanges, err := strconv.ParseBool(os.Getenv("ENABLE_LIMITRANGES")) 17 | if err != nil || !enableLimitRanges { 18 | return 19 | } 20 | 21 | defaultCpuReq, err := strconv.Atoi(os.Getenv("DEFAULT_CPU_REQ")) 22 | if err != nil || defaultCpuReq <= 0 { 23 | defaultCpuReq = 20 24 | } 25 | defaultCpuReqQty := resource.NewQuantity(int64(defaultCpuReq), resource.BinarySI) 26 | 27 | defaulCpuLimit, err := strconv.Atoi(os.Getenv("DEFAULT_CPU_LIM")) 28 | if err != nil || defaulCpuLimit <= 0 { 29 | defaulCpuLimit = 150 30 | } 31 | defaultCpuLimitQty := resource.NewQuantity(int64(defaulCpuLimit), resource.BinarySI) 32 | 33 | defaultMemReq, err := strconv.Atoi(os.Getenv("DEFAULT_MEM_REQ")) 34 | if err != nil || defaultMemReq <= 0 { 35 | defaultMemReq = 25 36 | } 37 | defaultMemReqQty := resource.NewQuantity(int64(defaultMemReq), resource.BinarySI) 38 | 39 | defaultMemLimit, err := strconv.Atoi(os.Getenv("DEFAULT_MEM_LIM")) 40 | if err != nil || defaultMemLimit <= 0 { 41 | defaultMemLimit = 120 42 | } 43 | 44 | defaultMemLimitQty := resource.NewQuantity(int64(defaultMemLimit), resource.BinarySI) 45 | 46 | // build LimitRange 47 | lR := &v1.LimitRange{Spec: v1.LimitRangeSpec{ 48 | Limits:[]v1.LimitRangeItem{ 49 | {Type: "Container", 50 | DefaultRequest: v1.ResourceList{v1.ResourceMemory: *defaultMemReqQty, v1.ResourceCPU: *defaultCpuReqQty}, 51 | Default: v1.ResourceList{v1.ResourceMemory: *defaultMemLimitQty, v1.ResourceCPU: *defaultCpuLimitQty}}, 52 | }}} 53 | 54 | // write to Cluster 55 | client := getK8sClient() 56 | _, err = client.CoreV1().LimitRanges(namespace).Create(lR) 57 | if err != nil && !k8serrors.IsAlreadyExists(err) { 58 | log.Fatalf("Error creating LimitRange for Namespace %s. Error was: %s", namespace, err.Error()) 59 | } 60 | } -------------------------------------------------------------------------------- /k8sclient/k8s_client_namespaces.go: -------------------------------------------------------------------------------- 1 | package k8sclient 2 | 3 | import ( 4 | "fmt" 5 | "log" 6 | "os" 7 | "strconv" 8 | 9 | "k8s.io/api/core/v1" 10 | rbacv1 "k8s.io/api/rbac/v1" 11 | k8serrors "k8s.io/apimachinery/pkg/api/errors" 12 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 13 | "k8s.io/apimachinery/pkg/types" 14 | ) 15 | 16 | // DeleteNamespace deletes a namespace by its originalName 17 | func DeleteNamespace(originalName string) string { 18 | 19 | client := getK8sClient() 20 | correctNs := GetActualNameSpaceNameByGitlabName(originalName) 21 | if correctNs == "kube-system" { 22 | return correctNs 23 | } 24 | if correctNs != "" { 25 | err := client.CoreV1().Namespaces().Delete(correctNs, &metav1.DeleteOptions{}) 26 | if check(err) { 27 | log.Fatal("Deletion of Namespace failed with error: " + err.Error()) 28 | } 29 | } 30 | return correctNs 31 | 32 | } 33 | 34 | // CreateNamespace creates a namespace. It 35 | // checks if that namespace has already been created by either CreateProjectRoleBinding or CreateGroupRoleBinding. 36 | // This has been implemented due to the asynchronous manner in which the webhook calls might be received. 37 | // GetActualNameSpaceNameByGitlabName checks for the origin label field, so it only finds the namespace if it's 38 | // the correct one. 39 | func CreateNamespace(name string) string { 40 | if name == "kube-system" { 41 | return name 42 | } 43 | 44 | if actualNs := GetActualNameSpaceNameByGitlabName(name); actualNs != "" { 45 | return actualNs 46 | } 47 | 48 | nsName, err := GitlabNameToK8sNamespace(name) 49 | if check(err) { 50 | log.Fatal(err) 51 | } 52 | 53 | labelName, err := GitlabNameToK8sLabel(name) 54 | if check(err) { 55 | log.Fatal("Error while transforming gitlab name to k8s label: " + err.Error()) 56 | } 57 | client := getK8sClient() 58 | _, err = client.CoreV1().Namespaces().Create(&v1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: nsName, Labels: map[string]string{"gitlab-origin": labelName}}}) 59 | 60 | // if the already present namespace does not have "gitlab-ignored" label, we will update it with a gitlab-origin label 61 | if k8serrors.IsAlreadyExists(err) { 62 | ns, errGetNs := getK8sClient().CoreV1().Namespaces().Get(nsName, metav1.GetOptions{}) 63 | if check(errGetNs) { 64 | log.Fatal("Error while retrieving namespace. Error: " + errGetNs.Error()) 65 | } 66 | if ns.Labels["gitlab-ignored"] == "" { 67 | // add label to already present namespace 68 | patchContent := fmt.Sprintf(`{"metadata":{"labels":{"gitlab-origin":"%s"}}}`, labelName) 69 | patchByteArray := []byte(patchContent) 70 | _, errPatch := client.CoreV1().Namespaces().Patch(nsName, types.MergePatchType, patchByteArray) 71 | if check(errPatch) { 72 | log.Fatal("Error while Updating namespace. Error: " + errPatch.Error()) 73 | } 74 | } 75 | } else { 76 | if err != nil { 77 | log.Println(fmt.Sprintf("Namespace creation caused an error, which was not IsAlreadyExists. Error was: %s", err)) 78 | } 79 | // if error is due to namespace name collision, retry with suffixed number 80 | i := 0 81 | for k8serrors.IsAlreadyExists(err) { 82 | // it has gitlab-ignored label, so create new namespace with suffix counter 83 | i++ 84 | nsName = nsName + "-" + strconv.Itoa(i) 85 | _, err = client.CoreV1().Namespaces().Create(&v1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: nsName, Labels: map[string]string{"gitlab-origin": labelName}}}) 86 | } 87 | } 88 | log.Println(fmt.Sprintf("Succesfully created Namespace %s for Gitlab Ressource %s", nsName, name)) 89 | // deploy CEPH Secret User if specified via ENV var 90 | DeployCEPHSecretUser(nsName) 91 | 92 | // deploy GPU SA and RoleBinding 93 | DeployAdditionalServiceAccounts(nsName) 94 | 95 | CreateLimitRange(nsName) 96 | 97 | check(err) 98 | 99 | return nsName 100 | } 101 | 102 | func DeployCEPHSecretUser(namespace string) { 103 | if userKey := os.Getenv("CEPH_USER_KEY"); userKey != "" { 104 | client := getK8sClient() 105 | _, err := client.CoreV1().Secrets(namespace).Create(&v1.Secret{ 106 | TypeMeta: metav1.TypeMeta{ 107 | Kind: "Secret", 108 | APIVersion: "v1", 109 | }, 110 | ObjectMeta: metav1.ObjectMeta{ 111 | Name: "ceph-secret-user", 112 | Namespace: namespace, 113 | }, 114 | Data: map[string][]byte{"key": []byte(userKey)}, 115 | Type: "kubernetes.io/rbd", 116 | }) 117 | if err != nil && !k8serrors.IsAlreadyExists(err) { 118 | log.Fatalln("Error creating CEPH Secret User. Error was: " + err.Error()) 119 | } 120 | } 121 | } 122 | 123 | func DeployAdditionalServiceAccounts(namespace string) { 124 | netClusterRoleName := os.Getenv("NET_ADMIN_PSP_CLUSTER_ROLE_NAME") 125 | if netClusterRoleName != "" { 126 | deployServiceAccountAndRoleBinding(namespace, netClusterRoleName, "net-admin-serviceaccount", "net-admin-psp-binding") 127 | } 128 | } 129 | 130 | func deployServiceAccountAndRoleBinding(namespace, clusterRoleName, serviceAccountName, bindingName string) { 131 | 132 | client := getK8sClient() 133 | 134 | sa := &v1.ServiceAccount{ObjectMeta: metav1.ObjectMeta{Name: serviceAccountName, Namespace: namespace}} 135 | 136 | _, err := client.CoreV1().ServiceAccounts(namespace).Create(sa) 137 | if err != nil && !k8serrors.IsAlreadyExists(err) { 138 | log.Fatalf("Error creating %s ServiceAccount. Error: %s", serviceAccountName, err.Error()) 139 | } 140 | 141 | rB := rbacv1.RoleBinding{ObjectMeta: metav1.ObjectMeta{Name: bindingName, Namespace: namespace}, 142 | Subjects: []rbacv1.Subject{{Name: sa.Name, Kind: "ServiceAccount"}}, 143 | RoleRef: rbacv1.RoleRef{Kind: "ClusterRole", Name: clusterRoleName, APIGroup: "rbac.authorization.k8s.io"}} 144 | 145 | _, err = client.RbacV1().RoleBindings(namespace).Create(&rB) 146 | if err != nil && !k8serrors.IsAlreadyExists(err) { 147 | log.Fatalf("Error creating %s ServiceAccount. Error: %s", serviceAccountName, err.Error()) 148 | } 149 | } 150 | -------------------------------------------------------------------------------- /k8sclient/k8s_client_project_role_bindings.go: -------------------------------------------------------------------------------- 1 | package k8sclient 2 | 3 | import ( 4 | "log" 5 | 6 | rbacv1 "k8s.io/api/rbac/v1" 7 | k8serrors "k8s.io/apimachinery/pkg/api/errors" 8 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 9 | ) 10 | 11 | func CreateProjectRoleBinding(username, path, accessLevel string) { 12 | ns := GetActualNameSpaceNameByGitlabName(path) 13 | if ns == "" { 14 | CreateNamespace(path) 15 | ns = GetActualNameSpaceNameByGitlabName(path) 16 | } 17 | rolename := GetProjectRoleName(accessLevel) 18 | 19 | rB := rbacv1.RoleBinding{ObjectMeta: metav1.ObjectMeta{Name: ConstructRoleBindingName(username, rolename, ns), Namespace: ns}, 20 | Subjects: []rbacv1.Subject{{Name: username, Kind: "User"}}, 21 | RoleRef: rbacv1.RoleRef{Kind: "ClusterRole", Name: rolename, APIGroup: "rbac.authorization.k8s.io"}} 22 | 23 | _, err := getK8sClient().RbacV1().RoleBindings(ns).Create(&rB) 24 | if k8serrors.IsNotFound(err) { 25 | CreateNamespace(path) 26 | _, err = getK8sClient().RbacV1().RoleBindings(ns).Create(&rB) 27 | } 28 | if check(err) { 29 | log.Fatal("Communication with K8s Server threw error, while creating RoleBinding. Err: " + err.Error()) 30 | } 31 | } 32 | 33 | func DeleteProjectRoleBinding(username, path, accessLevel string) { 34 | ns, err := GitlabNameToK8sNamespace(path) 35 | if check(err) { 36 | log.Fatal(err) 37 | } 38 | 39 | rolename := GetProjectRoleName(accessLevel) 40 | 41 | if rolename != "" { 42 | roleBindingName := ConstructRoleBindingName(username, rolename, GetActualNameSpaceNameByGitlabName(path)) 43 | DeleteProjectRoleBindingByName(roleBindingName, ns) 44 | } 45 | } 46 | 47 | func DeleteProjectRoleBindingByName(roleBindingName, actualNamespace string) { 48 | ns, errGetNs := getK8sClient().CoreV1().Namespaces().Get(actualNamespace, metav1.GetOptions{}) 49 | if check(errGetNs) { 50 | log.Fatal("Error while retrieving namespace. Error: " + errGetNs.Error()) 51 | } 52 | if ns.Labels["gitlab-ignored"] == "" { 53 | err := getK8sClient().RbacV1().RoleBindings(actualNamespace).Delete(roleBindingName, &metav1.DeleteOptions{}) 54 | if check(err) { 55 | log.Println("WARNING: Communication with K8s Server threw error, while deleting RoleBinding. Err: " + err.Error()) 56 | } 57 | } 58 | } 59 | -------------------------------------------------------------------------------- /k8sclient/k8s_client_service_accounts.go: -------------------------------------------------------------------------------- 1 | package k8sclient 2 | 3 | import ( 4 | "github.com/pkg/errors" 5 | "k8s.io/api/core/v1" 6 | rbacv1 "k8s.io/api/rbac/v1" 7 | k8serrors "k8s.io/apimachinery/pkg/api/errors" 8 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 9 | "k8s.io/apimachinery/pkg/util/validation" 10 | "log" 11 | "os" 12 | "time" 13 | ) 14 | 15 | type ServiceAccountInfo struct { 16 | Name string 17 | Namespace string 18 | Token string 19 | } 20 | 21 | // CreateServiceAccountAndRoleBinding creates a ServiceAccount and a RoleBinding for it to use it. 22 | // If either of the two already exists, it will instead return their information to the caller 23 | // returns (InfoAboutServiceAccount, RoleBindingName, error) 24 | func CreateServiceAccountAndRoleBinding(fullProjectPath string) (ServiceAccountInfo, string, error) { 25 | name := getServiceAccountName() 26 | namespace := GetActualNameSpaceNameByGitlabName(fullProjectPath) 27 | 28 | client := getK8sClient() 29 | 30 | sa := &v1.ServiceAccount{ObjectMeta: metav1.ObjectMeta{Name: name, Namespace: namespace}} 31 | 32 | serviceAccount, err := client.CoreV1().ServiceAccounts(namespace).Create(sa) 33 | 34 | if k8serrors.IsAlreadyExists(err) { 35 | // ServiceAccount already exists, so retrieve and use it 36 | serviceAccount, err = client.CoreV1().ServiceAccounts(namespace).Get(name, metav1.GetOptions{}) 37 | if err != nil { 38 | return ServiceAccountInfo{}, "", err 39 | } 40 | } else if err != nil { 41 | return ServiceAccountInfo{}, "", err 42 | } 43 | 44 | // try to retrieve ServiceAccount once as the newly created one won't have the secret set 45 | serviceAccount, err = client.CoreV1().ServiceAccounts(namespace).Get(name, metav1.GetOptions{}) 46 | // The secret in the ServiceAccount is not created and linked immediately, so we have to wait for it 47 | // to not wait indefinitely we use a timeout 48 | timeout := time.After(30 * time.Second) 49 | tick := time.Tick(500 * time.Millisecond) 50 | // Keep trying until we're timed out or got a result or got an error 51 | for k8serrors.IsNotFound(err) || len(serviceAccount.Secrets) < 1 { 52 | select { 53 | // Got a timeout! fail with a timeout error 54 | case <-timeout: 55 | return ServiceAccountInfo{}, "", errors.New("ServiceAccount was created, but Secrets were empty!") 56 | 57 | case <-tick: 58 | serviceAccount, err = client.CoreV1().ServiceAccounts(namespace).Get(name, metav1.GetOptions{}) 59 | if err != nil && !k8serrors.IsNotFound(err) { 60 | return ServiceAccountInfo{}, "", err 61 | } 62 | } 63 | } 64 | 65 | secretName := serviceAccount.Secrets[0].Name 66 | saSecret, err := client.CoreV1().Secrets(namespace).Get(secretName, metav1.GetOptions{}) 67 | token := saSecret.Data["token"] 68 | if len(token) <= 0 { 69 | return ServiceAccountInfo{}, "", errors.New("The token field in the Secret's data was empty!") 70 | } 71 | 72 | tokenAsString := string(token[:]) 73 | 74 | sAI := ServiceAccountInfo{Namespace: namespace, Name: name, Token: tokenAsString} 75 | rbName := createServiceAccountRoleBinding(name, fullProjectPath) 76 | return sAI, rbName, nil 77 | } 78 | 79 | func createServiceAccountRoleBinding(saName, path string) string { 80 | ns := GetActualNameSpaceNameByGitlabName(path) 81 | if ns == "" { 82 | CreateNamespace(path) 83 | ns = GetActualNameSpaceNameByGitlabName(path) 84 | } 85 | // ServiceAccounts are always bound to Master roles 86 | rolename := GetProjectRoleName("Master") 87 | 88 | rB := rbacv1.RoleBinding{ObjectMeta: metav1.ObjectMeta{Name: saName, Namespace: ns}, 89 | Subjects: []rbacv1.Subject{{Name: saName, Kind: "ServiceAccount", Namespace: ns}}, 90 | RoleRef: rbacv1.RoleRef{Kind: "ClusterRole", Name: rolename, APIGroup: "rbac.authorization.k8s.io"}} 91 | 92 | _, err := getK8sClient().RbacV1().RoleBindings(ns).Create(&rB) 93 | if err != nil && k8serrors.IsNotFound(err) { 94 | CreateNamespace(path) 95 | _, err = getK8sClient().RbacV1().RoleBindings(ns).Create(&rB) 96 | } 97 | if err != nil && !k8serrors.IsAlreadyExists(err) { 98 | log.Fatal("Communication with K8s Server threw error, while creating ServiceAccount RoleBinding. Err: " + err.Error()) 99 | } 100 | return rB.Name 101 | } 102 | 103 | func getServiceAccountName() string { 104 | name := os.Getenv("GITLAB_SERVICEACCOUNT_NAME") 105 | if name == "" { 106 | name = "gitlab-serviceaccount" 107 | } else if errs := validation.IsDNS1123Label(name); len(errs) != 0 { 108 | log.Fatalf("The provided value for GITLAB_SERVICEACCOUNT_NAME is not a DNS-1123 compliant name!") 109 | } 110 | return name 111 | } 112 | -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "github.com/k8s-tamias/gitlab-k8s-integrator/glk8smain" 5 | ) 6 | 7 | func main() { 8 | glk8smain.Main() 9 | } 10 | -------------------------------------------------------------------------------- /usecases/custom_roles_usecase.go: -------------------------------------------------------------------------------- 1 | package usecases 2 | 3 | import ( 4 | "io/ioutil" 5 | //_ "k8s.io/api" 6 | //_ "k8s.io/api/extensions/v1" 7 | //_ "k8s.io/client-go/pkg/apis/rbac/install" 8 | "fmt" 9 | "log" 10 | "os" 11 | "regexp" 12 | "strings" 13 | 14 | "k8s.io/api/core/v1" 15 | rbacv1 "k8s.io/api/rbac/v1" 16 | "k8s.io/apimachinery/pkg/runtime" 17 | "k8s.io/client-go/kubernetes" 18 | "k8s.io/client-go/kubernetes/scheme" 19 | "k8s.io/client-go/rest" 20 | ) 21 | 22 | type CustomRolesAndBindings struct { 23 | Roles map[string]bool 24 | RoleBindings map[string]bool 25 | ClusterRoles map[string]bool 26 | ClusterRoleBindings map[string]bool 27 | ServiceAccounts map[string]bool 28 | } 29 | 30 | func ReadAndApplyCustomRolesAndBindings() CustomRolesAndBindings { 31 | res := CustomRolesAndBindings{ 32 | Roles: make(map[string]bool), 33 | RoleBindings: make(map[string]bool), 34 | ClusterRoles: make(map[string]bool), 35 | ClusterRoleBindings: make(map[string]bool), 36 | ServiceAccounts: make(map[string]bool), 37 | } 38 | 39 | customDir := getCustomRoleDir() 40 | customRolesPresent, err := fileExists(customDir) 41 | if err != nil { 42 | log.Printf("An error occurred while trying to read custom roles from directory %s. Err: %s", customDir, err) 43 | return res 44 | } 45 | if !customRolesPresent { 46 | log.Println("No custom-roles directory present, skipping step...") 47 | return res 48 | } 49 | 50 | files, err := ioutil.ReadDir(customDir) 51 | if err != nil { 52 | log.Printf("An error occurred while trying to read custom roles from directory %s. Err: %s", customDir, err) 53 | return res 54 | } 55 | 56 | regExp := regexp.MustCompile(`.*(\.yml|\.yaml)`) 57 | k8sclient := getK8sClient() 58 | for _, f := range files { 59 | isYaml := regExp.MatchString(f.Name()) 60 | 61 | if !f.IsDir() && isYaml { 62 | fileR, err := ioutil.ReadFile(fmt.Sprintf("%s/%s", customDir, f.Name())) 63 | if err != nil { 64 | log.Printf("An error occurred while reading file %s from directory %s. Err: %s", f.Name(), customDir, err) 65 | return res 66 | } 67 | 68 | objects := parseK8sYaml(fileR) 69 | for _, o := range objects { 70 | switch o := o.(type) { 71 | 72 | case *rbacv1.Role: 73 | res.Roles[o.Name] = true 74 | _, err := k8sclient.RbacV1().Roles(o.Namespace).Create(o) 75 | if err != nil { 76 | log.Printf("Error applying Custome Role %s in Namespace %s. Err: %s", o.Name, o.Namespace, err) 77 | } else { 78 | log.Printf("Applied Custom Role %s in Namespace %s", o.Name, o.Namespace) 79 | } 80 | case *rbacv1.RoleBinding: 81 | res.RoleBindings[o.Name] = true 82 | _, err := k8sclient.RbacV1().RoleBindings(o.Namespace).Create(o) 83 | if err != nil { 84 | log.Printf("Error applying Custome RoleBinding %s in Namespace %s. Err: %s", o.Name, o.Namespace, err) 85 | } else { 86 | log.Printf("Applied Custom RoleBinding %s in Namespace %s", o.Name, o.Namespace) 87 | } 88 | case *rbacv1.ClusterRole: 89 | res.ClusterRoles[o.Name] = true 90 | _, err := k8sclient.RbacV1().ClusterRoles().Create(o) 91 | if err != nil { 92 | log.Printf("Error applying Custome ClusterRole %s in Namespace %s. Err: %s", o.Name, o.Namespace, err) 93 | } else { 94 | log.Printf("Applied Custom ClusterRole %s", o.Name) 95 | } 96 | case *rbacv1.ClusterRoleBinding: 97 | res.ClusterRoleBindings[o.Name] = true 98 | _, err := k8sclient.RbacV1().ClusterRoleBindings().Create(o) 99 | if err != nil { 100 | log.Printf("Error applying Custome ClusterRoleBinding %s in Namespace %s. Err: %s", o.Name, o.Namespace, err) 101 | } else { 102 | log.Printf("Applied Custom ClusterRoleBinding %s", o.Name) 103 | } 104 | case *v1.ServiceAccount: 105 | res.ServiceAccounts[o.Name] = true 106 | _, err := k8sclient.CoreV1().ServiceAccounts(o.Namespace).Create(o) 107 | if err != nil { 108 | log.Printf("Error applying Custome ServiceAccount %s in Namespace %s. Err: %s", o.Name, o.Namespace, err) 109 | } else { 110 | log.Printf("Applied Custom ServiceAccount %s in Namespace %s", o.Name, o.Namespace) 111 | } 112 | } 113 | } 114 | } 115 | } 116 | return res 117 | } 118 | 119 | func getK8sClient() *kubernetes.Clientset { 120 | // creates the in-cluster config 121 | config, err := rest.InClusterConfig() 122 | if check(err) { 123 | log.Fatal(err) 124 | } 125 | 126 | // creates the clientset 127 | clientset, err := kubernetes.NewForConfig(config) 128 | 129 | if check(err) { 130 | log.Fatal(err) 131 | } 132 | return clientset 133 | } 134 | 135 | func parseK8sYaml(fileR []byte) []runtime.Object { 136 | 137 | acceptedK8sTypes := regexp.MustCompile(`(Role|ClusterRole|RoleBinding|ClusterRoleBinding|ServiceAccount)`) 138 | fileAsString := string(fileR[:]) 139 | sepYamlfiles := strings.Split(fileAsString, "---") 140 | retVal := make([]runtime.Object, 0, len(sepYamlfiles)) 141 | for _, f := range sepYamlfiles { 142 | if f == "\n" || f == "" { 143 | // ignore empty cases 144 | continue 145 | } 146 | 147 | decode := scheme.Codecs.UniversalDeserializer().Decode 148 | obj, groupVersionKind, err := decode([]byte(f), nil, nil) 149 | 150 | if err != nil { 151 | log.Println(fmt.Sprintf("Error while decoding YAML object. Err was: %s", err)) 152 | continue 153 | } 154 | 155 | if !acceptedK8sTypes.MatchString(groupVersionKind.Kind) { 156 | log.Printf("The custom-roles configMap contained K8s object types which are not supported! Skipping object with type: %s", groupVersionKind.Kind) 157 | } else { 158 | retVal = append(retVal, obj) 159 | } 160 | 161 | } 162 | return retVal 163 | } 164 | 165 | func fileExists(filename string) (bool, error) { 166 | if _, err := os.Stat(filename); os.IsNotExist(err) { 167 | return false, nil 168 | } else if err != nil { 169 | return false, err 170 | } 171 | return true, nil 172 | } 173 | 174 | func getCustomRoleDir() string { 175 | dir := "/etc/custom-roles" 176 | envDir := os.Getenv("CUSTOM_ROLE_DIR") 177 | if envDir != "" { 178 | dir = envDir 179 | } 180 | return dir 181 | } 182 | -------------------------------------------------------------------------------- /usecases/custom_roles_usecases_test.go: -------------------------------------------------------------------------------- 1 | package usecases 2 | 3 | import ( 4 | "testing" 5 | ) 6 | 7 | func TestParseK8sYaml(t *testing.T) { 8 | var deployment = ` 9 | apiVersion: v1 10 | kind: ServiceAccount 11 | metadata: 12 | name: mars-group-serviceaccount 13 | namespace: abb256 14 | 15 | --- 16 | 17 | apiVersion: rbac.authorization.k8s.io/v1 18 | kind: ClusterRoleBinding 19 | metadata: 20 | name: mars-group-sim-runner 21 | roleRef: 22 | apiGroup: rbac.authorization.k8s.io 23 | kind: ClusterRole 24 | name: mars-sim-runner-role 25 | subjects: 26 | - kind: ServiceAccount 27 | name: mars-group-serviceaccount 28 | namespace: abb256 29 | 30 | --- 31 | apiVersion: rbac.authorization.k8s.io/v1 32 | kind: ClusterRole 33 | metadata: 34 | name: mars-sim-runner-role 35 | rules: 36 | - apiGroups: 37 | - "" 38 | resources: 39 | - pods 40 | - pods/logs 41 | - pods/attach 42 | - pods/exec 43 | verbs: 44 | - get 45 | - watch 46 | - list 47 | - create 48 | - update 49 | - patch 50 | - delete 51 | - apiGroups: 52 | - "" 53 | resources: 54 | - events 55 | - nodes 56 | - pods/status 57 | - pods/log 58 | - pods/proxy 59 | verbs: 60 | - get 61 | - list 62 | - watch 63 | - apiGroups: 64 | - batch 65 | resources: 66 | - cronjobs 67 | - jobs 68 | verbs: 69 | - create 70 | - delete 71 | - deletecollection 72 | - get 73 | - list 74 | - patch 75 | - update 76 | - watch 77 | 78 | --- 79 | # Allow the mars group serviceAccount to use the priviliged PSP 80 | apiVersion: rbac.authorization.k8s.io/v1 81 | kind: RoleBinding 82 | metadata: 83 | name: mars-group-serviceaccount-psp 84 | namespace: abb256 85 | roleRef: 86 | apiGroup: rbac.authorization.k8s.io 87 | kind: ClusterRole 88 | name: privileged-psp-user 89 | subjects: 90 | - kind: ServiceAccount 91 | name: mars-group-serviceaccount 92 | namespace: abb256 93 | --- 94 | 95 | kind: ClusterRole 96 | apiVersion: rbac.authorization.k8s.io/v1 97 | metadata: 98 | name: daemon-set-allowance-role 99 | rules: 100 | - apiGroups: 101 | - apps 102 | - extensions 103 | resources: 104 | - daemonset 105 | verbs: 106 | - get 107 | - watch 108 | - list 109 | - create 110 | - update 111 | - patch 112 | - delete 113 | --- 114 | # This cluster role binding allows anyone in the "manager" group to read secrets in any namespace. 115 | kind: RoleBinding 116 | apiVersion: rbac.authorization.k8s.io/v1 117 | metadata: 118 | name: abb256-daemon-set-allowance 119 | namespace: abb256 120 | subjects: 121 | - kind: User 122 | name: abb256 123 | apiGroup: rbac.authorization.k8s.io 124 | roleRef: 125 | kind: ClusterRole 126 | name: daemon-set-allowance-role 127 | apiGroup: rbac.authorization.k8s.io 128 | ` 129 | objects := parseK8sYaml([]byte(deployment)) 130 | if objects == nil { 131 | t.Error("result was nil") 132 | } 133 | if len(objects) != 6 { 134 | t.Error("not enough objects deserialized") 135 | } 136 | 137 | var deployment2 = ` 138 | apiVersion: v1 139 | kind: ServiceAccount 140 | metadata: 141 | name: mars-group-serviceaccount 142 | namespace: abb256 143 | ` 144 | objects = parseK8sYaml([]byte(deployment2)) 145 | if objects == nil { 146 | t.Error("result was nil") 147 | } 148 | if len(objects) != 1 { 149 | t.Error("not enough objects deserialized") 150 | } 151 | 152 | var deployment3 = ` 153 | apiVersion: v1 154 | kind: ServiceAccount 155 | metadata: 156 | name: mars-group-serviceaccount 157 | namespace: abb256 158 | --- 159 | ` 160 | objects = parseK8sYaml([]byte(deployment3)) 161 | if objects == nil { 162 | t.Error("result was nil") 163 | } 164 | if len(objects) != 1 { 165 | t.Error("not enough objects deserialized") 166 | } 167 | 168 | var deployment4 = ` 169 | apiVersion: v1 170 | kind: ServiceAccount 171 | metadata: 172 | name: mars-group-serviceaccount 173 | namespace: mars 174 | 175 | --- 176 | 177 | apiVersion: rbac.authorization.k8s.io/v1 178 | kind: ClusterRoleBinding 179 | metadata: 180 | name: mars-group-sim-runner 181 | roleRef: 182 | apiGroup: rbac.authorization.k8s.io 183 | kind: ClusterRole 184 | name: mars-sim-runner-role 185 | subjects: 186 | - kind: ServiceAccount 187 | name: mars-group-serviceaccount 188 | namespace: mars 189 | 190 | ---` 191 | objects = parseK8sYaml([]byte(deployment4)) 192 | if objects == nil { 193 | t.Error("result was nil") 194 | } 195 | if len(objects) != 2 { 196 | t.Error("not enough objects deserialized") 197 | } 198 | } 199 | -------------------------------------------------------------------------------- /usecases/sync_usecase.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2017 by Christian Hüning (christianhuening@googlemail.com). 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | */ 15 | 16 | package usecases 17 | 18 | import ( 19 | "fmt" 20 | "log" 21 | "os" 22 | "strconv" 23 | "sync" 24 | "time" 25 | 26 | "github.com/k8s-tamias/gitlab-k8s-integrator/gitlabclient" 27 | "github.com/k8s-tamias/gitlab-k8s-integrator/k8sclient" 28 | ) 29 | 30 | /* 31 | What to fetch from k8s api 32 | - Get all namespaces with gitlab-origin field (ns without that field won't be gitlab created) 33 | - Get all rolebindings of these namespaces 34 | 35 | What to get from gitlab 36 | - get all groups 37 | - get all projects 38 | - get all users (private namespace) 39 | 40 | Algo: 41 | 1. Delete all namespaces which are not in the gitlab Set 42 | 2. Iterate all gitlab namespaces 43 | if namespace is present in k8s set: 44 | 2.1 Iterate all rolebindings 45 | 2.2 Compare to rolebindings from k8s set by using the gitlab-origin field as key and 46 | 2.2.1 Delete every rolebinding not present in the gitlab set 47 | 2.2.1 Create every rolebinding not present in the k8s set 48 | else: 49 | 2.1 Create namespace 50 | 2.1.1 If namespace is present by name, but does not have a gitlab-origin label attached 51 | AND is not(!) labeled with 'gitlab-ignored' it get's labeled with its origin name. 52 | Otherwise the naming collision is solved by suffixing the name with a counter 53 | 2.2 Create all rolebindings 54 | 55 | done 56 | 57 | */ 58 | 59 | // TODO : Cache Webhooks while Sync is running and execute them later! 60 | 61 | func PerformGlK8sSync() { 62 | log.Println("Starting new Synchronization run!") 63 | log.Println("Getting Gitlab Contents...") 64 | gitlabContent, err := gitlabclient.GetFullGitlabContent() 65 | if check(err) { 66 | return 67 | } 68 | 69 | // 1. delete all Namespaces which are not in the gitlab set 70 | log.Println("Getting K8s Contents...") 71 | gitlabNamespacesInK8s := k8sclient.GetAllGitlabOriginNamesFromNamespacesWithOriginLabel() 72 | 73 | log.Println("Deleting all namespaces which are no longer in the gitlab namespace...") 74 | for _, originalName := range gitlabNamespacesInK8s { 75 | delete := true 76 | 77 | for _, user := range gitlabContent.Users { 78 | if originalName == user.Username { 79 | delete = false 80 | break 81 | } 82 | } 83 | 84 | if delete { 85 | for _, project := range gitlabContent.Projects { 86 | if originalName == project.PathWithNameSpace { 87 | delete = false 88 | break 89 | } 90 | } 91 | } 92 | 93 | if delete { 94 | for _, group := range gitlabContent.Groups { 95 | if originalName == group.FullPath { 96 | delete = false 97 | break 98 | } 99 | } 100 | } 101 | 102 | if delete { 103 | k8sclient.DeleteNamespace(originalName) 104 | } 105 | } 106 | 107 | log.Println("Reading custom-rolebindings if any...") 108 | 109 | cRaB := ReadAndApplyCustomRolesAndBindings() 110 | 111 | var syncDoneWg sync.WaitGroup 112 | syncDoneWg.Add(3) 113 | 114 | log.Println("Syncing Gitlab Users...") 115 | go syncUsers(gitlabContent, cRaB, &syncDoneWg) 116 | 117 | log.Println("Syncing Gitlab Groups...") 118 | go syncGroups(gitlabContent, cRaB, &syncDoneWg) 119 | 120 | log.Println("Syncing Gitlab Projects...") 121 | go syncProjects(gitlabContent, cRaB, &syncDoneWg) 122 | 123 | syncDoneWg.Wait() 124 | log.Println("Finished Synchronization run.") 125 | } 126 | 127 | func syncUsers(gitlabContent *gitlabclient.GitlabContent, cRaB CustomRolesAndBindings, syncDoneWg *sync.WaitGroup) { 128 | defer syncDoneWg.Done() 129 | for _, user := range gitlabContent.Users { 130 | if user.State != gitlabclient.UserStateBlocked { 131 | actualNamespace := k8sclient.GetActualNameSpaceNameByGitlabName(user.Username) 132 | if actualNamespace != "" { 133 | 134 | // namespace is present, check rolebindings 135 | k8sRoleBindings := k8sclient.GetRoleBindingsByNamespace(actualNamespace) 136 | roleName := k8sclient.GetGroupRoleName("Master") 137 | expectedGitlabRolebindingName := k8sclient.ConstructRoleBindingName(user.Username, roleName, actualNamespace) 138 | 139 | // 2.1 Iterate all roleBindings 140 | for rb := range k8sRoleBindings { 141 | if rb != expectedGitlabRolebindingName && !cRaB.RoleBindings[rb] { 142 | k8sclient.DeleteGroupRoleBindingByName(rb, actualNamespace) 143 | } 144 | } 145 | // make sure the project's role binding is present 146 | if !k8sRoleBindings[expectedGitlabRolebindingName] { 147 | k8sclient.CreateGroupRoleBinding(user.Username, user.Username, "Master") 148 | } 149 | 150 | // finally check if namespace has CEPHSecretUser 151 | k8sclient.DeployCEPHSecretUser(actualNamespace) 152 | k8sclient.DeployAdditionalServiceAccounts(actualNamespace) 153 | k8sclient.CreateLimitRange(actualNamespace) 154 | 155 | } else { 156 | // create Namespace & RoleBinding 157 | k8sclient.CreateNamespace(user.Username) 158 | k8sclient.CreateGroupRoleBinding(user.Username, user.Username, "Master") 159 | } 160 | } 161 | } 162 | } 163 | 164 | func syncGroups(gitlabContent *gitlabclient.GitlabContent, cRaB CustomRolesAndBindings, syncDoneWg *sync.WaitGroup) { 165 | defer syncDoneWg.Done() 166 | // same same for Groups 167 | for _, group := range gitlabContent.Groups { 168 | if group.FullPath == "kube-system" { 169 | continue 170 | } // ignore kube-system group 171 | 172 | if debugSync() { 173 | log.Println("Syncing: " + group.FullPath) 174 | } 175 | 176 | actualNamespace := k8sclient.GetActualNameSpaceNameByGitlabName(group.FullPath) 177 | if debugSync() { 178 | log.Println("ActualNamespace: " + actualNamespace) 179 | } 180 | if actualNamespace != "" { 181 | 182 | // namespace is present, check rolebindings 183 | k8sRoleBindings := k8sclient.GetRoleBindingsByNamespace(actualNamespace) 184 | if debugSync() { 185 | log.Printf("Found %d rolebindings \n", len(k8sRoleBindings)) 186 | } 187 | 188 | // get expectedRoleBindings by retrieved Members 189 | expectedRoleBindings := map[string]bool{} 190 | 191 | // create or get ServiceAccount 192 | _, roleBindingName, err := k8sclient.CreateServiceAccountAndRoleBinding(group.FullPath) 193 | if err != nil { 194 | log.Fatalln(fmt.Sprintf("A fatal error occurred while creating a ServiceAccount for group %s. Err was: %s", group.FullPath, err)) 195 | } 196 | expectedRoleBindings[roleBindingName] = true 197 | 198 | for _, member := range group.Members { 199 | if member.State != gitlabclient.UserStateBlocked { 200 | 201 | if debugSync() { 202 | log.Println("Processing member " + member.Name) 203 | } 204 | accessLevel := gitlabclient.TranslateIntAccessLevels(member.AccessLevel) 205 | roleName := k8sclient.GetGroupRoleName(accessLevel) 206 | rbName := k8sclient.ConstructRoleBindingName(member.Username, roleName, actualNamespace) 207 | expectedRoleBindings[rbName] = true 208 | 209 | if debugSync() { 210 | log.Printf("AccessLevel: %s, roleName: %s, rbName: %s", accessLevel, roleName, rbName) 211 | } 212 | 213 | // make sure the groups's expected rolebindings are present 214 | if !k8sRoleBindings[rbName] { 215 | if debugSync() { 216 | log.Println("Creating RoleBinding " + rbName) 217 | } 218 | k8sclient.CreateGroupRoleBinding(member.Username, group.FullPath, accessLevel) 219 | } 220 | } 221 | } 222 | 223 | // 2.1 Iterate all roleBindings and delete those which are not anymore present in gitlab or in custom roles 224 | for rb := range k8sRoleBindings { 225 | if !expectedRoleBindings[rb] && !cRaB.RoleBindings[rb] { 226 | if debugSync() { 227 | log.Println("Deleting RoleBinding " + rb) 228 | } 229 | k8sclient.DeleteGroupRoleBindingByName(rb, actualNamespace) 230 | } 231 | } 232 | 233 | // finally check if namespace has CEPHSecretUser 234 | k8sclient.DeployCEPHSecretUser(actualNamespace) 235 | k8sclient.DeployAdditionalServiceAccounts(actualNamespace) 236 | k8sclient.CreateLimitRange(actualNamespace) 237 | 238 | } else { 239 | // create Namespace & RoleBinding 240 | k8sclient.CreateNamespace(group.FullPath) 241 | _, _, err := k8sclient.CreateServiceAccountAndRoleBinding(group.FullPath) 242 | if err != nil { 243 | log.Fatalln(fmt.Sprintf("A fatal error occurred while creating a ServiceAccount for group %s. Err was: %s", group.FullPath, err)) 244 | } 245 | if debugSync() { 246 | log.Println("Creating Namespace for " + group.FullPath) 247 | } 248 | for _, member := range group.Members { 249 | if member.State != gitlabclient.UserStateBlocked { 250 | accessLevel := gitlabclient.TranslateIntAccessLevels(member.AccessLevel) 251 | k8sclient.CreateGroupRoleBinding(member.Username, group.FullPath, accessLevel) 252 | } 253 | } 254 | } 255 | } 256 | } 257 | 258 | func syncProjects(gitlabContent *gitlabclient.GitlabContent, cRaB CustomRolesAndBindings, syncDoneWg *sync.WaitGroup) { 259 | defer syncDoneWg.Done() 260 | for _, project := range gitlabContent.Projects { 261 | actualNamespace := k8sclient.GetActualNameSpaceNameByGitlabName(project.PathWithNameSpace) 262 | if actualNamespace != "" { 263 | // get expectedRoleBindings by retrieved Members 264 | expectedRoleBindings := map[string]bool{} 265 | 266 | // create or get ServiceAccount 267 | serviceAccountInfo, roleBindingName, err := k8sclient.CreateServiceAccountAndRoleBinding(project.PathWithNameSpace) 268 | if err != nil { 269 | log.Fatalln(fmt.Sprintf("A fatal error occurred while creating a ServiceAccount. Err was: %s", err)) 270 | } 271 | expectedRoleBindings[roleBindingName] = true 272 | 273 | // configure project in gitlab for K8s integration 274 | go gitlabclient.SetupK8sIntegrationForGitlabProject(strconv.Itoa(project.Id), serviceAccountInfo.Namespace, serviceAccountInfo.Token) 275 | 276 | // namespace is present, check rolebindings 277 | k8sRoleBindings := k8sclient.GetRoleBindingsByNamespace(actualNamespace) 278 | 279 | for _, member := range project.Members { 280 | if member.State != gitlabclient.UserStateBlocked { 281 | 282 | accessLevel := gitlabclient.TranslateIntAccessLevels(member.AccessLevel) 283 | roleName := k8sclient.GetProjectRoleName(accessLevel) 284 | rbName := k8sclient.ConstructRoleBindingName(member.Username, roleName, actualNamespace) 285 | expectedRoleBindings[rbName] = true 286 | 287 | // make sure the project's expected rolebindings are present 288 | if !k8sRoleBindings[rbName] { 289 | k8sclient.CreateProjectRoleBinding(member.Username, project.PathWithNameSpace, accessLevel) 290 | } 291 | } 292 | } 293 | 294 | // 2.1 Iterate all roleBindings and delete those which are not anymore present in gitlab 295 | // or through logic of this service 296 | for rb := range k8sRoleBindings { 297 | if !expectedRoleBindings[rb] && !cRaB.RoleBindings[rb] { 298 | k8sclient.DeleteProjectRoleBindingByName(rb, actualNamespace) 299 | } 300 | } 301 | 302 | // finally check if namespace has CEPHSecretUser 303 | k8sclient.DeployCEPHSecretUser(actualNamespace) 304 | k8sclient.DeployAdditionalServiceAccounts(actualNamespace) 305 | k8sclient.CreateLimitRange(actualNamespace) 306 | } else { 307 | // create Namespace & RoleBinding 308 | k8sclient.CreateNamespace(project.PathWithNameSpace) 309 | serviceAccountInfo, _, err := k8sclient.CreateServiceAccountAndRoleBinding(project.PathWithNameSpace) 310 | if err != nil { 311 | log.Fatalln(fmt.Sprintf("A fatal error occurred while creating a ServiceAccount. Err was: %s", err)) 312 | } 313 | 314 | // configure project in gitlab for K8s integration 315 | go gitlabclient.SetupK8sIntegrationForGitlabProject(strconv.Itoa(project.Id), serviceAccountInfo.Namespace, serviceAccountInfo.Token) 316 | 317 | for _, member := range project.Members { 318 | if member.State != gitlabclient.UserStateBlocked { 319 | accessLevel := gitlabclient.TranslateIntAccessLevels(member.AccessLevel) 320 | k8sclient.CreateProjectRoleBinding(member.Username, project.PathWithNameSpace, accessLevel) 321 | } 322 | } 323 | 324 | } 325 | } 326 | } 327 | 328 | func StartRecurringSyncTimer() { 329 | log.Println("Starting Sync Timer...") 330 | ticker := time.NewTicker(time.Hour * 3) 331 | go func() { 332 | for range ticker.C { 333 | go PerformGlK8sSync() 334 | } 335 | }() 336 | } 337 | 338 | func debugSync() bool { 339 | return os.Getenv("ENABLE_GITLAB_SYNC_DEBUG") == "true" 340 | } 341 | -------------------------------------------------------------------------------- /usecases/util.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2017 by Christian Hüning (christianhuening@googlemail.com). 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | */ 15 | 16 | package usecases 17 | 18 | import "log" 19 | 20 | func check(err error) bool { 21 | if err != nil { 22 | log.Println("Error : ", err.Error()) 23 | return true 24 | } 25 | return false 26 | } 27 | -------------------------------------------------------------------------------- /usecases/webhook_usecase.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2017 by Christian Hüning (christianhuening@googlemail.com). 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | */ 15 | 16 | package usecases 17 | 18 | import ( 19 | "encoding/json" 20 | "fmt" 21 | "log" 22 | "os" 23 | "strconv" 24 | "time" 25 | 26 | "github.com/k8s-tamias/gitlab-k8s-integrator/gitlabclient" 27 | "github.com/k8s-tamias/gitlab-k8s-integrator/k8sclient" 28 | ) 29 | 30 | type GitlabEvent struct { 31 | CreatedAt time.Time `json:"created_at"` 32 | UpdatedAt time.Time `json:"updated_at"` 33 | EventName string `json:"event_name"` 34 | Name string `json:"name"` 35 | OwnerEmail string `json:"owner_email"` 36 | OwnerName string `json:"owner_name"` 37 | Path string `json:"path"` 38 | PathWithNameSpace string `json:"path_with_namespace"` 39 | ProjectPathWithNameSpace string `json:"project_path_with_namespace"` 40 | ProjectId int `json:"project_id"` 41 | ProjectVisibility string `json:"project_visibility"` 42 | OldPathWithNamespace string `json:"old_path_with_namespace"` 43 | ProjectAccess string `json:"access_level"` 44 | GroupAccess string `json:"group_access"` 45 | UserEmail string `json:"user_email"` 46 | UserName string `json:"user_name"` 47 | UserUsername string `json:"user_username"` 48 | UserCreatedUserName string `json:"username"` 49 | UserId int `json:"user_id"` 50 | GroupId int `json:"group_id"` 51 | GroupName string `json:"group_name"` 52 | GroupPath string `json:"group_path"` 53 | } 54 | 55 | func HandleGitlabEvent(body []byte) { 56 | 57 | if os.Getenv("ENABLE_GITLAB_HOOKS_DEBUG") == "true" { 58 | rawMsg := string(body[:]) 59 | log.Println(fmt.Sprintf("DEBUG: Raw Hook Contents Received= %s", rawMsg)) 60 | } 61 | 62 | var event GitlabEvent 63 | err := json.Unmarshal(body, &event) 64 | if check(err) { 65 | return 66 | } 67 | 68 | switch event.EventName { 69 | 70 | // project operations 71 | 72 | case "project_create": 73 | log.Println(fmt.Sprintf("HOOK RECEIVED: Creating Namespace for %s", event.PathWithNameSpace)) 74 | createdNs := k8sclient.CreateNamespace(event.PathWithNameSpace) 75 | sai, _, err := k8sclient.CreateServiceAccountAndRoleBinding(event.PathWithNameSpace) 76 | if err != nil { 77 | log.Printf("Creation of ServiceAccount and RoleBinding failed for project %s", event.Name) 78 | } else { 79 | gitlabclient.SetupK8sIntegrationForGitlabProject(strconv.Itoa(event.ProjectId), createdNs, sai.Token) 80 | } 81 | case "project_destroy": 82 | log.Println(fmt.Sprintf("HOOK RECEIVED: Deleting Namespace for %s", event.PathWithNameSpace)) 83 | k8sclient.DeleteNamespace(event.PathWithNameSpace) 84 | case "project_rename": 85 | log.Println(fmt.Sprintf("HOOK RECEIVED: Rename: Deleting %s and Recreating Namespace for %s", event.OldPathWithNamespace, event.PathWithNameSpace)) 86 | k8sclient.DeleteNamespace(event.OldPathWithNamespace) 87 | createdNs := k8sclient.CreateNamespace(event.PathWithNameSpace) 88 | sai, _, err := k8sclient.CreateServiceAccountAndRoleBinding(event.PathWithNameSpace) 89 | if err != nil { 90 | log.Printf("Creation of ServiceAccount and RoleBinding failed for project %s", event.Name) 91 | } else { 92 | gitlabclient.SetupK8sIntegrationForGitlabProject(strconv.Itoa(event.ProjectId), createdNs, sai.Token) 93 | } 94 | case "project_transfer": 95 | log.Println(fmt.Sprintf("HOOK RECEIVED: Transfer: Deleting %s and Recreating Namespace for %s", event.OldPathWithNamespace, event.PathWithNameSpace)) 96 | k8sclient.DeleteNamespace(event.OldPathWithNamespace) 97 | createdNs := k8sclient.CreateNamespace(event.PathWithNameSpace) 98 | sai, _, err := k8sclient.CreateServiceAccountAndRoleBinding(event.PathWithNameSpace) 99 | if err != nil { 100 | log.Printf("Creation of ServiceAccount and RoleBinding failed for project %s", event.Name) 101 | } else { 102 | gitlabclient.SetupK8sIntegrationForGitlabProject(strconv.Itoa(event.ProjectId), createdNs, sai.Token) 103 | } 104 | // project member operations 105 | 106 | case "user_add_to_team": 107 | log.Println(fmt.Sprintf("HOOK RECEIVED: Create RoleBinding for %s in %s as %s", event.UserUsername, event.ProjectPathWithNameSpace, event.ProjectAccess)) 108 | k8sclient.CreateProjectRoleBinding(event.UserUsername, event.ProjectPathWithNameSpace, event.ProjectAccess) 109 | k8sclient.GetActualNameSpaceNameByGitlabName(event.ProjectPathWithNameSpace) 110 | case "user_remove_from_team": 111 | log.Println(fmt.Sprintf("HOOK RECEIVED: Delete RoleBinding for %s in %s as %s", event.UserUsername, event.ProjectPathWithNameSpace, event.ProjectAccess)) 112 | k8sclient.DeleteProjectRoleBinding(event.UserUsername, event.ProjectPathWithNameSpace, event.ProjectAccess) 113 | k8sclient.GetActualNameSpaceNameByGitlabName(event.ProjectPathWithNameSpace) 114 | 115 | // group operations 116 | case "group_create": 117 | log.Println(fmt.Sprintf("HOOK RECEIVED: Creating Namespace for %s", event.Path)) 118 | k8sclient.CreateNamespace(event.Path) 119 | 120 | case "group_destroy": 121 | log.Println(fmt.Sprintf("HOOK RECEIVED: Deleting Namespace for %s", event.Path)) 122 | k8sclient.DeleteNamespace(event.Path) 123 | 124 | // group member operations 125 | 126 | case "user_add_to_group": 127 | log.Println(fmt.Sprintf("HOOK RECEIVED: Create RoleBinding for %s in %s as %s", event.UserUsername, event.GroupPath, event.GroupAccess)) 128 | k8sclient.CreateGroupRoleBinding(event.UserUsername, event.GroupPath, event.GroupAccess) 129 | k8sclient.GetActualNameSpaceNameByGitlabName(event.GroupPath) 130 | 131 | case "user_remove_from_group": 132 | log.Println(fmt.Sprintf("HOOK RECEIVED: Delete RoleBinding for %s in %s as %s", event.UserUsername, event.GroupPath, event.GroupAccess)) 133 | k8sclient.DeleteGroupRoleBinding(event.UserUsername, event.GroupPath, event.GroupAccess) 134 | k8sclient.GetActualNameSpaceNameByGitlabName(event.GroupPath) 135 | 136 | case "user_create": 137 | log.Println(fmt.Sprintf("HOOK RECEIVED: Create Namespace and RoleBinding for %s in %s as %s", event.UserCreatedUserName, event.UserCreatedUserName, event.ProjectAccess)) 138 | k8sclient.CreateNamespace(event.UserCreatedUserName) 139 | k8sclient.CreateGroupRoleBinding(event.UserCreatedUserName, event.UserCreatedUserName, "Master") 140 | k8sclient.GetActualNameSpaceNameByGitlabName(event.UserCreatedUserName) 141 | 142 | case "user_destroy": 143 | log.Println(fmt.Sprintf("HOOK RECEIVED: Delete Namespace for %s", event.UserCreatedUserName)) 144 | k8sclient.DeleteNamespace(event.UserCreatedUserName) 145 | k8sclient.DeleteGroupRoleBinding(event.UserCreatedUserName, event.UserCreatedUserName, "Master") 146 | k8sclient.GetActualNameSpaceNameByGitlabName(event.UserCreatedUserName) 147 | 148 | default: 149 | log.Println(fmt.Sprintf("HOOK RECEIVED: Unknown Hook Type. Type was: %s", event.EventName)) 150 | } 151 | } 152 | -------------------------------------------------------------------------------- /webhooklistener/rest_controller.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2017 by Christian Hüning (christianhuening@googlemail.com). 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | */ 15 | 16 | package webhooklistener 17 | 18 | import ( 19 | "encoding/json" 20 | "fmt" 21 | "io/ioutil" 22 | "log" 23 | "net/http" 24 | "os" 25 | 26 | "github.com/k8s-tamias/gitlab-k8s-integrator/usecases" 27 | ) 28 | 29 | func Listen(quit chan int) { 30 | router := http.NewServeMux() 31 | router.HandleFunc("/healthz", handleHealthz) 32 | if enableSyncEndpoint := os.Getenv("ENABLE_SYNC_ENDPOINT"); enableSyncEndpoint == "true" { 33 | log.Println("WARNING: Sync Endpoint enabled") 34 | router.HandleFunc("/sync", handleSync) 35 | } 36 | router.HandleFunc("/hook", handleGitlabWebhook) 37 | 38 | log.Fatal(http.ListenAndServe(":8080", router)) 39 | quit <- 0 40 | } 41 | 42 | func handleSync(w http.ResponseWriter, r *http.Request) { 43 | switch r.Method { 44 | case "POST": 45 | go usecases.PerformGlK8sSync() 46 | w.WriteHeader(202) 47 | } 48 | } 49 | 50 | // handleGitlabWebhook listens for the following events from the 51 | // Gitlab System Webhooks Events: https://docs.gitlab.com/ce/system_hooks/system_hooks.html 52 | func handleGitlabWebhook(w http.ResponseWriter, r *http.Request) { 53 | switch r.Method { 54 | 55 | case "POST": 56 | if r.Header.Get("X-Gitlab-Event") != "System Hook" { 57 | w.WriteHeader(http.StatusBadRequest) 58 | fmt.Printf("Received bad request from Gitlab. Problem was: X-Gitlab-Event Header was set to %s", r.Header.Get("X-Gitlab-Event")) 59 | return 60 | } 61 | // if GITLAB_SECRET_TOKEN env is set and is unequal to provided token, deny request 62 | if getGitlabSecretToken() != "" && r.Header.Get("X-Gitlab-Token") != getGitlabSecretToken() { 63 | w.WriteHeader(http.StatusBadRequest) 64 | fmt.Printf("Received bad request from Gitlab. Problem was: X-Gitlab-Token (%s) didn't match stored secret token %s", r.Header.Get("X-Gitlab-Token"), getGitlabSecretToken()) 65 | return 66 | } 67 | 68 | body, err := ioutil.ReadAll(r.Body) 69 | if err != nil { 70 | HandleError(err, w, "Could not read body!", http.StatusBadRequest) 71 | } 72 | go usecases.HandleGitlabEvent(body) 73 | w.WriteHeader(http.StatusOK) 74 | } 75 | } 76 | 77 | func handleHealthz(w http.ResponseWriter, r *http.Request) { 78 | w.WriteHeader(http.StatusOK) 79 | w.Write([]byte("ok")) 80 | } 81 | 82 | type ErrorMessage struct { 83 | Msg string 84 | } 85 | 86 | func HandleError(err error, w http.ResponseWriter, msg string, statusCode int) { 87 | log.Println("Error occurred! Err was: " + err.Error()) 88 | w.WriteHeader(statusCode) 89 | if msg != "" { 90 | answer, _ := json.Marshal(ErrorMessage{msg + err.Error()}) 91 | w.Write(answer) 92 | } 93 | return 94 | } 95 | 96 | func getGitlabSecretToken() string { 97 | return os.Getenv("GITLAB_SECRET_TOKEN") 98 | } 99 | --------------------------------------------------------------------------------