fix: resolved gitlab integration creation issue regarding groups

2025-08-02 08:27:38 +00:00 · 2024-05-28 19:43:00 +08:00
9 changed files with 24 additions and 71 deletions
--- a/backend/src/server/routes/v1/integration-auth-router.ts
+++ b/backend/src/server/routes/v1/integration-auth-router.ts
@@ -330,7 +330,7 @@ export const registerIntegrationAuthRouter = async (server: FastifyZodProvider)
          teams: z
            .object({
              name: z.string(),
-              id: z.string().optional()
+              id: z.string()
            })
            .array()
        })
--- a/backend/src/server/routes/v1/project-router.ts
+++ b/backend/src/server/routes/v1/project-router.ts
@@ -8,7 +8,6 @@ import {
  UsersSchema
 } from "@app/db/schemas";
 import { PROJECTS } from "@app/lib/api-docs";
-import { BadRequestError } from "@app/lib/errors";
 import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";
@@ -193,19 +192,18 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
      }
    },
    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    handler: async () => {
-      // const workspace = await server.services.project.deleteProject({
-      //   filter: {
-      //     type: ProjectFilterType.ID,
-      //     projectId: req.params.workspaceId
-      //   },
-      //   actorId: req.permission.id,
-      //   actorAuthMethod: req.permission.authMethod,
-      //   actor: req.permission.type,
-      //   actorOrgId: req.permission.orgId
-      // });
-      // return { workspace };
-      throw new BadRequestError({ message: "Project delete has been paused temporarily, please try again later" });
+    handler: async (req) => {
+      const workspace = await server.services.project.deleteProject({
+        filter: {
+          type: ProjectFilterType.ID,
+          projectId: req.params.workspaceId
+        },
+        actorId: req.permission.id,
+        actorAuthMethod: req.permission.authMethod,
+        actor: req.permission.type,
+        actorOrgId: req.permission.orgId
+      });
+      return { workspace };
    }
  });

--- a/backend/src/services/integration-auth/integration-team.ts
+++ b/backend/src/services/integration-auth/integration-team.ts
@@ -5,7 +5,7 @@ import { Integrations, IntegrationUrls } from "./integration-list";

 type Team = {
  name: string;
-  teamId: string;
+  id: string;
 };
 const getTeamsGitLab = async ({ url, accessToken }: { url: string; accessToken: string }) => {
  const gitLabApiUrl = url ? `${url}/api` : IntegrationUrls.GITLAB_API_URL;
@@ -22,7 +22,7 @@ const getTeamsGitLab = async ({ url, accessToken }: { url: string; accessToken:

  teams = res.map((t) => ({
    name: t.name,
-    teamId: t.id
+    id: t.id.toString()
  }));

  return teams;
--- a/backend/src/services/integration/integration-service.ts
+++ b/backend/src/services/integration/integration-service.ts
@@ -1,4 +1,4 @@
-import { ForbiddenError, subject } from "@casl/ability";
+import { ForbiddenError } from "@casl/ability";

 import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service";
 import { ProjectPermissionActions, ProjectPermissionSub } from "@app/ee/services/permission/project-permission";
@@ -66,11 +66,6 @@ export const integrationServiceFactory = ({
    );
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Create, ProjectPermissionSub.Integrations);

-    ForbiddenError.from(permission).throwUnlessCan(
-      ProjectPermissionActions.Read,
-      subject(ProjectPermissionSub.Secrets, { environment: sourceEnvironment, secretPath })
-    );
-
    const folder = await folderDAL.findBySecretPath(integrationAuth.projectId, sourceEnvironment, secretPath);
    if (!folder) throw new BadRequestError({ message: "Folder path not found" });

@@ -128,11 +123,6 @@ export const integrationServiceFactory = ({
    );
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Edit, ProjectPermissionSub.Integrations);

-    ForbiddenError.from(permission).throwUnlessCan(
-      ProjectPermissionActions.Read,
-      subject(ProjectPermissionSub.Secrets, { environment, secretPath })
-    );
-
    const folder = await folderDAL.findBySecretPath(integration.projectId, environment, secretPath);
    if (!folder) throw new BadRequestError({ message: "Folder path not found" });

--- a/cli/packages/cmd/secrets.go
+++ b/cli/packages/cmd/secrets.go
@@ -170,11 +170,6 @@ var secretsSetCmd = &cobra.Command{
 			util.HandleError(err, "Unable to get your local config details")
 		}

-		secretType, err := cmd.Flags().GetString("type")
-		if err != nil || (secretType != util.SECRET_TYPE_SHARED && secretType != util.SECRET_TYPE_PERSONAL) {
-			util.HandleError(err, "Unable to parse secret type")
-		}
-
 		loggedInUserDetails, err := util.GetCurrentLoggedInUserDetails()
 		if err != nil {
 			util.HandleError(err, "Unable to authenticate")
@@ -184,7 +179,6 @@ var secretsSetCmd = &cobra.Command{
 			util.PrintErrorMessageAndExit("Your login session has expired, please run [infisical login] and try again")
 		}

-
 		httpClient := resty.New().
 			SetAuthToken(loggedInUserDetails.UserCredentials.JTWToken).
 			SetHeader("Accept", "application/json")
@@ -229,16 +223,7 @@ var secretsSetCmd = &cobra.Command{
 		secretsToModify := []api.Secret{}
 		secretOperations := []SecretSetOperation{}

-		sharedSecretMapByName := make(map[string]models.SingleEnvironmentVariable, len(secrets))
-		personalSecretMapByName := make(map[string]models.SingleEnvironmentVariable, len(secrets))
-	
-		for _, secret := range secrets {
-			if secret.Type == util.SECRET_TYPE_PERSONAL {
-				personalSecretMapByName[secret.Key] = secret
-			} else {
-				sharedSecretMapByName[secret.Key] = secret
-			}
-		}
+		secretByKey := getSecretsByKeys(secrets)

 		for _, arg := range args {
 			splitKeyValueFromArg := strings.SplitN(arg, "=", 2)
@@ -266,16 +251,7 @@ var secretsSetCmd = &cobra.Command{
 				util.HandleError(err, "unable to encrypt your secrets")
 			}

-			var existingSecret models.SingleEnvironmentVariable
-			var doesSecretExist bool
-
-			if secretType == util.SECRET_TYPE_SHARED {
-				existingSecret, doesSecretExist = sharedSecretMapByName[key]
-			} else {
-				existingSecret, doesSecretExist = personalSecretMapByName[key]
-			}
-
-			if doesSecretExist {
+			if existingSecret, ok := secretByKey[key]; ok {
 				// case: secret exists in project so it needs to be modified
 				encryptedSecretDetails := api.Secret{
 					ID:                    existingSecret.ID,
@@ -315,7 +291,7 @@ var secretsSetCmd = &cobra.Command{
 					SecretValueIV:         base64.StdEncoding.EncodeToString(encryptedValue.Nonce),
 					SecretValueTag:        base64.StdEncoding.EncodeToString(encryptedValue.AuthTag),
 					SecretValueHash:       hashedValue,
-					Type:                  secretType,
+					Type:                  util.SECRET_TYPE_SHARED,
 					PlainTextKey:          key,
 				}
 				secretsToCreate = append(secretsToCreate, encryptedSecretDetails)
@@ -805,7 +781,6 @@ func init() {
 	secretsCmd.Flags().Bool("secret-overriding", true, "Prioritizes personal secrets, if any, with the same name over shared secrets")
 	secretsCmd.AddCommand(secretsSetCmd)
 	secretsSetCmd.Flags().String("path", "/", "set secrets within a folder path")
-	secretsSetCmd.Flags().String("type", util.SECRET_TYPE_SHARED, "the type of secret to create: personal or shared")

 	// Only supports logged in users (JWT auth)
 	secretsSetCmd.PersistentPreRun = func(cmd *cobra.Command, args []string) {
--- a/docs/cli/commands/secrets.mdx
+++ b/docs/cli/commands/secrets.mdx
@@ -153,16 +153,6 @@ $ infisical secrets set STRIPE_API_KEY=sjdgwkeudyjwe DOMAIN=example.com HASH=jeb
    ```

  </Accordion>
-
-  <Accordion title="--type">
-    Used to select the type of secret to create. This could be either personal or shared (defaults to shared)
-
-    ```bash
-    # Example
-    infisical secrets set DOMAIN=example.com --type=personal
-    ```
-
-  </Accordion>
 </Accordion>

 <Accordion title="infisical secrets delete">
--- a/frontend/src/hooks/api/integrationAuth/types.ts
+++ b/frontend/src/hooks/api/integrationAuth/types.ts
@@ -30,7 +30,7 @@ export type HerokuPipelineCoupling = {

 export type Team = {
  name: string;
-  teamId: string;
+  id: string;
 };

 export type Environment = {
--- a/frontend/src/pages/integrations/aws-secret-manager/create.tsx
+++ b/frontend/src/pages/integrations/aws-secret-manager/create.tsx
@@ -169,12 +169,12 @@ export default function AWSSecretManagerCreateIntegrationPage() {
          mappingBehavior: selectedMappingBehavior
        }
      });
+
      setIsLoading(false);
      setTargetSecretNameErrorText("");

      router.push(`/integrations/${localStorage.getItem("projectData.id")}`);
    } catch (err) {
-      setIsLoading(false);
      console.error(err);
    }
  };
--- a/frontend/src/pages/integrations/gitlab/create.tsx
+++ b/frontend/src/pages/integrations/gitlab/create.tsx
@@ -121,7 +121,7 @@ export default function GitLabCreateIntegrationPage() {
      if (integrationAuthTeams) {
        if (integrationAuthTeams.length > 0) {
          // case: user is part of at least 1 group in GitLab
-          setValue("targetTeamId", String(integrationAuthTeams[0].teamId));
+          setValue("targetTeamId", String(integrationAuthTeams[0].id));
        } else {
          // case: user is not part of any groups in GitLab
          setValue("targetTeamId", "none");
@@ -312,8 +312,8 @@ export default function GitLabCreateIntegrationPage() {
                        {integrationAuthTeams.length > 0 ? (
                          integrationAuthTeams.map((integrationAuthTeam) => (
                            <SelectItem
-                              value={String(integrationAuthTeam.teamId as string)}
-                              key={`target-team-${String(integrationAuthTeam.teamId)}`}
+                              value={String(integrationAuthTeam.id as string)}
+                              key={`target-team-${String(integrationAuthTeam.id)}`}
                            >
                              {integrationAuthTeam.name}
                            </SelectItem>