feat: Allow multiple versions of Gitlab

.goreleaser.yaml

@@ -6,28 +6,60 @@ builds:
     mod_timestamp: '{{ .CommitTimestamp }}'
     flags:
       - -trimpath
+    goos:
+      - windows
+      - linux
+      - darwin
+      - illumos
+    goarch:
+      - amd64
+      - "386"
+      - arm
+      - arm64
+    ignore:
+      - goos: darwin
+        goarch: "386"
+    id: g16x
+    binary: '{{ .ProjectName }}16x_v{{ .Version }}'
     ldflags:
-      - '-s -w'
-      - "-X 'github.com/ilijamt/vault-plugin-secrets-gitlab.Version=v{{ .Version }}'"
-      - "-X 'github.com/ilijamt/vault-plugin-secrets-gitlab.FullCommit={{ .FullCommit }}'"
-      - "-X 'github.com/ilijamt/vault-plugin-secrets-gitlab.BuildDate={{ .Date }}'"
+      - -s -w
+      - -X 'github.com/ilijamt/vault-plugin-secrets-gitlab.Version=v{{ .Version }}'
+      - -X 'github.com/ilijamt/vault-plugin-secrets-gitlab.FullCommit={{ .FullCommit }}'
+      - -X 'github.com/ilijamt/vault-plugin-secrets-gitlab.BuildDate={{ .Date }}'
+      - -X 'github.com/ilijamt/vault-plugin-secrets-gitlab.VersionTarget=g16x'
+    tags:
+      - g16x
+  - env:
+      - CGO_ENABLED=0
+    main: ./cmd/vault-plugin-secrets-gitlab/main.go
+    mod_timestamp: '{{ .CommitTimestamp }}'
+    flags:
+      - -trimpath
     goos:
       - windows
       - linux
       - darwin
       - illumos
     goarch:
       - amd64
-      - '386'
+      - "386"
       - arm
       - arm64
     ignore:
       - goos: darwin
-        goarch: '386'
-    binary: '{{ .ProjectName }}_v{{ .Version }}'
+        goarch: "386"
+    id: g17x
+    binary: '{{ .ProjectName }}17x_v{{ .Version }}'
+    ldflags:
+      - -s -w
+      - -X 'github.com/ilijamt/vault-plugin-secrets-gitlab.Version=v{{ .Version }}'
+      - -X 'github.com/ilijamt/vault-plugin-secrets-gitlab.FullCommit={{ .FullCommit }}'
+      - -X 'github.com/ilijamt/vault-plugin-secrets-gitlab.BuildDate={{ .Date }}'
+      - -X 'github.com/ilijamt/vault-plugin-secrets-gitlab.VersionTarget=g17x'
 archives:
-  - formats: [ 'tar.gz' ]
-    name_template: >-
+  - formats:
+      - tar.gz
+    name_template: |-
       {{ .ProjectName }}_
       {{- .Os }}_
       {{- if eq .Arch "amd64" }}x86_64
@@ -36,7 +68,8 @@ archives:
       {{- if .Arm }}v{{ .Arm }}{{ end }}
     format_overrides:
       - goos: windows
-        formats: [ 'zip' ]
+        formats:
+          - zip
 report_sizes: true
 sboms:
   - artifacts: archive
@@ -50,7 +83,7 @@ changelog:
     exclude:
       - '^docs:'
       - '^test:'
-      - "merge conflict"
+      - merge conflict
       - Merge pull request
       - Merge remote-tracking branch
       - Merge branch

entry_role.go

@@ -6,18 +6,20 @@ import (
 	"time"
 
 	"github.com/hashicorp/vault/sdk/logical"
+
+	"github.com/ilijamt/vault-plugin-secrets-gitlab/internal/access"
 )
 
 type EntryRole struct {
-	RoleName            string        `json:"role_name" structs:"role_name" mapstructure:"role_name"`
-	TTL                 time.Duration `json:"ttl" structs:"ttl" mapstructure:"ttl"`
-	Path                string        `json:"path" structs:"path" mapstructure:"path"`
-	Name                string        `json:"name" structs:"name" mapstructure:"name"`
-	Scopes              []string      `json:"scopes" structs:"scopes" mapstructure:"scopes"`
-	AccessLevel         AccessLevel   `json:"access_level" structs:"access_level" mapstructure:"access_level,omitempty"`
-	TokenType           TokenType     `json:"token_type" structs:"token_type" mapstructure:"token_type"`
-	GitlabRevokesTokens bool          `json:"gitlab_revokes_token" structs:"gitlab_revokes_token" mapstructure:"gitlab_revokes_token"`
-	ConfigName          string        `json:"config_name" structs:"config_name" mapstructure:"config_name"`
+	RoleName            string             `json:"role_name" structs:"role_name" mapstructure:"role_name"`
+	TTL                 time.Duration      `json:"ttl" structs:"ttl" mapstructure:"ttl"`
+	Path                string             `json:"path" structs:"path" mapstructure:"path"`
+	Name                string             `json:"name" structs:"name" mapstructure:"name"`
+	Scopes              []string           `json:"scopes" structs:"scopes" mapstructure:"scopes"`
+	AccessLevel         access.AccessLevel `json:"access_level" structs:"access_level" mapstructure:"access_level,omitempty"`
+	TokenType           TokenType          `json:"token_type" structs:"token_type" mapstructure:"token_type"`
+	GitlabRevokesTokens bool               `json:"gitlab_revokes_token" structs:"gitlab_revokes_token" mapstructure:"gitlab_revokes_token"`
+	ConfigName          string             `json:"config_name" structs:"config_name" mapstructure:"config_name"`
 }
 
 func (e EntryRole) LogicalResponseData() map[string]any {

gitlab_client.go

@@ -14,6 +14,8 @@ import (
 	"github.com/hashicorp/vault/sdk/helper/logging"
 	g "gitlab.com/gitlab-org/api/client-go"
 	"golang.org/x/time/rate"
+
+	"github.com/ilijamt/vault-plugin-secrets-gitlab/internal/access"
 )
 
 var (
@@ -28,8 +30,8 @@ type Client interface {
 	CurrentTokenInfo(ctx context.Context) (*TokenConfig, error)
 	RotateCurrentToken(ctx context.Context) (newToken *TokenConfig, oldToken *TokenConfig, err error)
 	CreatePersonalAccessToken(ctx context.Context, username string, userId int, name string, expiresAt time.Time, scopes []string) (*TokenPersonal, error)
-	CreateGroupAccessToken(ctx context.Context, groupId string, name string, expiresAt time.Time, scopes []string, accessLevel AccessLevel) (*TokenGroup, error)
-	CreateProjectAccessToken(ctx context.Context, projectId string, name string, expiresAt time.Time, scopes []string, accessLevel AccessLevel) (*TokenProject, error)
+	CreateGroupAccessToken(ctx context.Context, groupId string, name string, expiresAt time.Time, scopes []string, accessLevel access.AccessLevel) (*TokenGroup, error)
+	CreateProjectAccessToken(ctx context.Context, projectId string, name string, expiresAt time.Time, scopes []string, accessLevel access.AccessLevel) (*TokenProject, error)
 	RevokePersonalAccessToken(ctx context.Context, tokenId int) error
 	RevokeProjectAccessToken(ctx context.Context, tokenId int, projectId string) error
 	RevokeGroupAccessToken(ctx context.Context, tokenId int, groupId string) error
@@ -449,7 +451,7 @@ func (gc *gitlabClient) CreatePersonalAccessToken(ctx context.Context, username
 	return et, err
 }
 
-func (gc *gitlabClient) CreateGroupAccessToken(ctx context.Context, groupId string, name string, expiresAt time.Time, scopes []string, accessLevel AccessLevel) (et *TokenGroup, err error) {
+func (gc *gitlabClient) CreateGroupAccessToken(ctx context.Context, groupId string, name string, expiresAt time.Time, scopes []string, accessLevel access.AccessLevel) (et *TokenGroup, err error) {
 	var at *g.GroupAccessToken
 	defer func() {
 		gc.logger.Debug("Create group access token", "gat", at, "et", et, "groupId", groupId, "name", name, "expiresAt", expiresAt, "scopes", scopes, "accessLevel", accessLevel, "error", err)
@@ -482,7 +484,7 @@ func (gc *gitlabClient) CreateGroupAccessToken(ctx context.Context, groupId stri
 	return et, err
 }
 
-func (gc *gitlabClient) CreateProjectAccessToken(ctx context.Context, projectId string, name string, expiresAt time.Time, scopes []string, accessLevel AccessLevel) (et *TokenProject, err error) {
+func (gc *gitlabClient) CreateProjectAccessToken(ctx context.Context, projectId string, name string, expiresAt time.Time, scopes []string, accessLevel access.AccessLevel) (et *TokenProject, err error) {
 	var at *g.ProjectAccessToken
 	defer func() {
 		gc.logger.Debug("Create project access token", "gat", at, "et", et, "projectId", projectId, "name", name, "expiresAt", expiresAt, "scopes", scopes, "accessLevel", accessLevel, "error", err)

gitlab_client_test.go

@@ -13,6 +13,8 @@ import (
 	"github.com/stretchr/testify/require"
 
 	gitlab "github.com/ilijamt/vault-plugin-secrets-gitlab"
+	"github.com/ilijamt/vault-plugin-secrets-gitlab/internal/access"
+	"github.com/ilijamt/vault-plugin-secrets-gitlab/internal/token"
 )
 
 func TestGitlabClient(t *testing.T) {
@@ -87,11 +89,11 @@ func TestGitlabClient_InvalidToken(t *testing.T) {
 	_, err = client.GetUserIdByUsername(ctx, "username")
 	require.Error(t, err)
 
-	gatToken, err := client.CreateGroupAccessToken(ctx, "groupId", "name", timeExpiresAt, []string{"scope"}, gitlab.AccessLevelUnknown)
+	gatToken, err := client.CreateGroupAccessToken(ctx, "groupId", "name", timeExpiresAt, []string{"scope"}, access.AccessLevelUnknown)
 	require.Error(t, err)
 	require.Nil(t, gatToken)
 
-	prjAtToken, err := client.CreateProjectAccessToken(ctx, "projectId", "name", timeExpiresAt, []string{"scope"}, gitlab.AccessLevelUnknown)
+	prjAtToken, err := client.CreateProjectAccessToken(ctx, "projectId", "name", timeExpiresAt, []string{"scope"}, access.AccessLevelUnknown)
 	require.Error(t, err)
 	require.Nil(t, prjAtToken)
 
@@ -255,8 +257,8 @@ func TestGitlabClient_CreateAccessToken_And_Revoke(t *testing.T) {
 		"example",
 		"name",
 		timeExpiresAt,
-		[]string{gitlab.TokenScopeReadApi.String()},
-		gitlab.AccessLevelGuestPermissions,
+		[]string{token.TokenScopeReadApi.String()},
+		access.AccessLevelGuestPermissions,
 	)
 	require.NoError(t, err)
 	require.NotNil(t, gatToken)
@@ -269,8 +271,8 @@ func TestGitlabClient_CreateAccessToken_And_Revoke(t *testing.T) {
 		"example/example",
 		"name",
 		timeExpiresAt,
-		[]string{gitlab.TokenScopeReadApi.String()},
-		gitlab.AccessLevelDeveloperPermissions,
+		[]string{token.TokenScopeReadApi.String()},
+		access.AccessLevelDeveloperPermissions,
 	)
 	require.NoError(t, err)
 	require.NotNil(t, prjatToken)
@@ -284,7 +286,7 @@ func TestGitlabClient_CreateAccessToken_And_Revoke(t *testing.T) {
 		1,
 		"name",
 		timeExpiresAt,
-		[]string{gitlab.TokenScopeReadApi.String()},
+		[]string{token.TokenScopeReadApi.String()},
 	)
 	require.NoError(t, err)
 	require.NotNil(t, patToken)

goreleaser.cue

@@ -0,0 +1,114 @@
+package goreleaser
+
+import "list"
+
+_base: {
+    env: [
+        "CGO_ENABLED=0",
+    ]
+    main:         "./cmd/vault-plugin-secrets-gitlab/main.go"
+    mod_timestamp: "{{ .CommitTimestamp }}"
+    flags: [
+        "-trimpath",
+    ]
+    goos: [
+        "windows",
+        "linux",
+        "darwin",
+        "illumos",
+    ]
+    goarch: [
+        "amd64",
+        "386",
+        "arm",
+        "arm64",
+    ]
+    ignore: [
+        {
+            goos:   "darwin"
+            goarch: "386"
+        },
+    ]
+}
+
+_commonLdflags: [
+    "-s -w",
+    "-X 'github.com/ilijamt/vault-plugin-secrets-gitlab.Version=v{{ .Version }}'",
+    "-X 'github.com/ilijamt/vault-plugin-secrets-gitlab.FullCommit={{ .FullCommit }}'",
+    "-X 'github.com/ilijamt/vault-plugin-secrets-gitlab.BuildDate={{ .Date }}'",
+]
+
+version: 2
+
+builds: [
+    {
+        _base
+        id:     "g16x"
+        binary: "{{ .ProjectName }}16x_v{{ .Version }}"
+        ldflags: list.Concat([
+            _commonLdflags,
+            ["-X 'github.com/ilijamt/vault-plugin-secrets-gitlab.VersionTarget=g16x'"]
+        ])
+        tags: [
+            "g16x"
+        ]
+    },
+    {
+        _base
+        id:     "g17x"
+        binary: "{{ .ProjectName }}17x_v{{ .Version }}"
+        ldflags: list.Concat([
+            _commonLdflags,
+            ["-X 'github.com/ilijamt/vault-plugin-secrets-gitlab.VersionTarget=g17x'"]
+        ])
+    },
+]
+
+archives: [
+    {
+        formats: ["tar.gz"]
+        name_template: """
+            {{ .ProjectName }}_
+            {{- .Os }}_
+            {{- if eq .Arch "amd64" }}x86_64
+            {{- else if eq .Arch "386" }}i386
+            {{- else }}{{ .Arch }}{{ end }}
+            {{- if .Arm }}v{{ .Arm }}{{ end }}
+            """
+        format_overrides: [
+            {
+                goos:    "windows"
+                formats: ["zip"]
+            },
+        ]
+    },
+]
+
+report_sizes: true
+
+sboms: [
+    {
+        artifacts: "archive"
+    },
+]
+
+checksum: {
+    name_template: "{{ .ProjectName }}_{{ .Version }}_SHA256SUMS"
+    algorithm:     "sha256"
+}
+
+changelog: {
+    sort: "asc"
+    use:  "github"
+    filters: {
+        exclude: [
+            "^docs:",
+            "^test:",
+            "merge conflict",
+            "Merge pull request",
+            "Merge remote-tracking branch",
+            "Merge branch",
+            "go mod tidy",
+        ]
+    }
+}

helpers_test.go

@@ -27,6 +27,7 @@ import (
 	g "gitlab.com/gitlab-org/api/client-go"
 
 	gitlab "github.com/ilijamt/vault-plugin-secrets-gitlab"
+	"github.com/ilijamt/vault-plugin-secrets-gitlab/internal/access"
 )
 
 var _ gitlab.Client = new(inMemoryClient)
@@ -465,7 +466,7 @@ func (i *inMemoryClient) CreatePersonalAccessToken(ctx context.Context, username
 	return entryToken, nil
 }
 
-func (i *inMemoryClient) CreateGroupAccessToken(ctx context.Context, groupId string, name string, expiresAt time.Time, scopes []string, accessLevel gitlab.AccessLevel) (*gitlab.TokenGroup, error) {
+func (i *inMemoryClient) CreateGroupAccessToken(ctx context.Context, groupId string, name string, expiresAt time.Time, scopes []string, accessLevel access.AccessLevel) (*gitlab.TokenGroup, error) {
 	i.muLock.Lock()
 	defer i.muLock.Unlock()
 	if i.groupAccessTokenCreateError {
@@ -493,7 +494,7 @@ func (i *inMemoryClient) CreateGroupAccessToken(ctx context.Context, groupId str
 	return entryToken, nil
 }
 
-func (i *inMemoryClient) CreateProjectAccessToken(ctx context.Context, projectId string, name string, expiresAt time.Time, scopes []string, accessLevel gitlab.AccessLevel) (*gitlab.TokenProject, error) {
+func (i *inMemoryClient) CreateProjectAccessToken(ctx context.Context, projectId string, name string, expiresAt time.Time, scopes []string, accessLevel access.AccessLevel) (*gitlab.TokenProject, error) {
 	i.muLock.Lock()
 	defer i.muLock.Unlock()
 	if i.projectAccessTokenCreateError {

type_access_level.go → internal/access/level.go

@@ -1,4 +1,4 @@
-package gitlab
+package access
 
 import (
 	"errors"

internal/access/level_g16x.go

@@ -0,0 +1,3 @@
+//go:build g16x
+
+package access

internal/access/level_g17x.go

@@ -0,0 +1,3 @@
+//go:build !g16x
+
+package access