Skip to content

Commit

Permalink
Force refresh valid but not saved token
Browse files Browse the repository at this point in the history
  • Loading branch information
bastjan committed Jul 31, 2024
1 parent dfd7675 commit 0d2f796
Show file tree
Hide file tree
Showing 4 changed files with 16 additions and 11 deletions.
2 changes: 1 addition & 1 deletion controllers/gitrepo/steps.go
Original file line number Diff line number Diff line change
Expand Up @@ -156,7 +156,7 @@ func ensureAccessToken(ctx context.Context, cli client.Client, instance *synv1al
uid := secret.Annotations[LieutenantAccessTokenUIDAnnotation]

pat, err := repo.EnsureProjectAccessToken(ctx, instance.GetName(), manager.EnsureProjectAccessTokenOptions{
UID: uid,
UID: &uid,
})
if err != nil {
return fmt.Errorf("error ensuring project access token: %w", err)
Expand Down
7 changes: 4 additions & 3 deletions git/gitlab/gitlab.go
Original file line number Diff line number Diff line change
Expand Up @@ -497,18 +497,19 @@ func (g *Gitlab) EnsureProjectAccessToken(ctx context.Context, name string, opts
return 0
})

if opts.UID == "" {
if opts.UID == nil {
if len(validATs) > 0 {
return manager.ProjectAccessToken{
UID: strconv.Itoa(validATs[0].ID),
ExpiresAt: time.Time(*validATs[0].ExpiresAt),
}, nil
}
} else {
uid := *opts.UID
for _, token := range validATs {
if strconv.Itoa(token.ID) == opts.UID {
if strconv.Itoa(token.ID) == uid {
return manager.ProjectAccessToken{
UID: opts.UID,
UID: uid,
ExpiresAt: time.Time(*token.ExpiresAt),
}, nil
}
Expand Down
16 changes: 10 additions & 6 deletions git/gitlab/gitlab_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -676,22 +676,26 @@ func TestGitlab_EnsureProjectAccessToken(t *testing.T) {
require.NoError(t, err)
assert.Equal(t, "token101", pat.Token)

for _, uid := range []string{"", pat.UID} {
for _, uid := range []*string{nil, &pat.UID} {
opts := manager.EnsureProjectAccessTokenOptions{UID: uid}
samepat, err := g.EnsureProjectAccessToken(context.Background(), "test", opts)
require.NoError(t, err)
assert.Equal(t, pat.UID, samepat.UID, "Should reuse the same token", "opts", opts)
assert.Equal(t, pat.ExpiresAt, samepat.ExpiresAt)
}

newPat, err := g.EnsureProjectAccessToken(context.Background(), "test", manager.EnsureProjectAccessTokenOptions{UID: "other id"})
require.NoError(t, err)
assert.NotEqual(t, pat.UID, newPat.UID, "Should return new token if UID does not match")
newPat := pat
for _, uid := range []string{"", "other id"} {
p, err := g.EnsureProjectAccessToken(context.Background(), "test", manager.EnsureProjectAccessTokenOptions{UID: &uid})
require.NoError(t, err)
assert.NotEqual(t, p.UID, newPat.UID, "Should return new token if UID does not match")
newPat = p
}

// Access token expiry are floored to the nearest day
// Check that newest token is returned
clock.Advance(24 * time.Hour)
newerPat, err := g.EnsureProjectAccessToken(context.Background(), "test", manager.EnsureProjectAccessTokenOptions{UID: "other id"})
newerPat, err := g.EnsureProjectAccessToken(context.Background(), "test", manager.EnsureProjectAccessTokenOptions{UID: ptr.To("other id")})
require.NoError(t, err)
assert.NotEqual(t, newPat.UID, newerPat.UID, "Should return new token if UID does not match")
newerPat2, err := g.EnsureProjectAccessToken(context.Background(), "test", manager.EnsureProjectAccessTokenOptions{})
Expand All @@ -700,7 +704,7 @@ func TestGitlab_EnsureProjectAccessToken(t *testing.T) {

clock.Advance(time.Hour * 24 * 90)

renewedPat, err := g.EnsureProjectAccessToken(context.Background(), "test", manager.EnsureProjectAccessTokenOptions{UID: pat.UID})
renewedPat, err := g.EnsureProjectAccessToken(context.Background(), "test", manager.EnsureProjectAccessTokenOptions{UID: &pat.UID})
require.NoError(t, err)
assert.NotEmpty(t, renewedPat.Token, "Should return new token if old token is expired")
assert.NotEqual(t, pat.UID, renewedPat.UID, "Should return new token if old token is expired")
Expand Down
2 changes: 1 addition & 1 deletion git/manager/manager.go
Original file line number Diff line number Diff line change
Expand Up @@ -144,7 +144,7 @@ type EnsureProjectAccessTokenOptions struct {
// UID is a unique identifier for the token.
// If set, the given UID will be compared with the UID of the existing token.
// The token will be force updated if the UIDs do not match.
UID string
UID *string
}

type ProjectAccessToken struct {
Expand Down

0 comments on commit 0d2f796

Please sign in to comment.