group-sync-operator icon indicating copy to clipboard operation
group-sync-operator copied to clipboard

Published 20 hours ago verified publisher icon redhat-cop

GitLab credentialsSecret is not working

Open asterioproba opened this issue 2 years ago • 5 comments

I'm trying to use this operator to sync groups with a on-premises GitLab instance using token authentication but I'm getting the following error from the controller-manager pod:

2022-09-12T19:37:18.348Z ERROR controller-runtime.manager.controller.groupsync Reconciler error {"reconciler group": "redhatcop.redhat.io", "reconciler kind": "GroupSync", "name": "gitlab-groupsync", "namespace": "group-sync-operator", "error": "GET https://my.internal.gitlab.domain/api/v4/groups: 401 {message: 401 Unauthorized}"}

GroupSync is configured as follow:

apiVersion: redhatcop.redhat.io/v1alpha1 kind: GroupSync metadata: name: gitlab-groupsync namespace: group-sync-operator spec: providers: - gitlab: credentialsSecret: kind: Secret name: gitlab-group-sync namespace: group-sync-operator insecure: false prune: false url: https://my.internal.gitlab.domain/ name: gitlab

I've tried to access the GitLab api using curl with the same token in gitlab-group-sync secret and got the groups list from GitLab as expected

Group Sync Operator version: 0.0.20 GitLab version: 11.10.4

asterioproba avatar Sep 12 '22 20:09 asterioproba

@asterioproba Just tested this Community Edition 15.7.0 and was able to create a personal access token with API access and was able to synchronize groups.

Is there any additional information that you would be able to proivde?

sabre1041 avatar Dec 26 '22 01:12 sabre1041

personal access token

Hi! Only work with Personal Access Token? I tried to configure it with an Gitlab OAuth application but it didn't work for me.

mbecca avatar Mar 07 '23 12:03 mbecca

@asterioproba @mbecca I took a look into the underlying go-gitlab and there is support for multiple token types (OAuth, Personal and Job). Based on the current codebase, OAuth should be the one that is supported. However, moving forward, it would be good to be able to make use of any of the above types.

Created #261 to track this enhancement

sabre1041 avatar Mar 07 '23 23:03 sabre1041

@sabre1041 thanks for the reply. It's also not clear to me if with an Oauth application token currently, should it work?

Regards,

M.

mbecca avatar Mar 08 '23 02:03 mbecca

@mbecca with som of the recent enhancements to the operator, would you be able to confirm that you are able to define the desired credential to communicate to GitLab?

sabre1041 avatar May 31 '23 10:05 sabre1041