Merge pull request #1095 from timofurrer/gitlab-15.0

Support Gitlab 15.0

Author: timofurrer

.github/workflows/pr-acceptance-ce.yml

@@ -12,7 +12,7 @@ on:
       - 'CHANGELOG.md'
       - 'CONTRIBUTING.md'
 
-concurrency: 
+concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
   cancel-in-progress: true
 
@@ -31,6 +31,10 @@ jobs:
     timeout-minutes: 60
     runs-on: ubuntu-latest
     needs: [go-version]
+    strategy:
+      fail-fast: false
+      matrix:
+        gitlab-version: ["14.9.4-ce.0", "14.10.3-ce.0", "15.0.0-ce.0"]
     steps:
       - uses: actions/setup-go@v3
         with:
@@ -41,5 +45,5 @@ jobs:
         with:
           path: ~/go/pkg/mod
           key: ${{ github.job }}-${{ runner.os }}-go${{ env.GO_VERSION }}-${{ hashFiles('**/go.sum', 'GNUMakefile') }}
-      - run: make testacc-up
+      - run: make testacc-up GITLAB_CE_VERSION=${{ matrix.gitlab-version }}
       - run: make testacc

.github/workflows/pr-acceptance-ee.yml

@@ -26,7 +26,7 @@ on:
 # Disable permissions on the GITHUB_TOKEN for all scopes.
 permissions: {}
 
-concurrency: 
+concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
   cancel-in-progress: true
 
@@ -65,6 +65,10 @@ jobs:
     timeout-minutes: 60
     runs-on: ubuntu-latest
     needs: [go-version, license-encryption-password]
+    strategy:
+      fail-fast: false
+      matrix:
+        gitlab-version: ["14.9.4-ee.0", "14.10.3-ee.0", "15.0.0-ee.0"]
     steps:
       - uses: actions/setup-go@v3
         with:
@@ -79,7 +83,7 @@ jobs:
         run: |
           openssl version
           openssl enc -d -aes-256-cbc -pbkdf2 -iter 20000 -in Gitlab-license.encrypted -out Gitlab-license.txt -pass "pass:${{ secrets.LICENSE_ENCRYPTION_PASSWORD }}"
-      - run: make testacc-up SERVICE=gitlab-ee
+      - run: make testacc-up SERVICE=gitlab-ee GITLAB_EE_VERSION=${{ matrix.gitlab-version }}
       # Check out the pull request code (as opposed to the target project).
       # This overwrites the entire directory and deleted the unencrypted GitLab license file. The
       # service has already started and continues using the license even though the file is deleted.
@@ -96,4 +100,3 @@ jobs:
       # This is made safe because we have already cleaned up the unencrypted GitLab license file,
       # we have no other secrets, and we are not using GitHub tokens.
       - run: make testacc
-

.github/workflows/push.yml

@@ -94,6 +94,10 @@ jobs:
     timeout-minutes: 60
     runs-on: ubuntu-latest
     needs: [go-version]
+    strategy:
+      fail-fast: false
+      matrix:
+        gitlab-version: ["14.9.4-ce.0", "14.10.3-ce.0", "15.0.0-ce.0"]
     steps:
       - uses: actions/setup-go@v3
         with:
@@ -104,7 +108,7 @@ jobs:
         with:
           path: ~/go/pkg/mod
           key: ${{ github.job }}-${{ runner.os }}-go${{ env.GO_VERSION }}-${{ hashFiles('**/go.sum', 'GNUMakefile') }}
-      - run: make testacc-up
+      - run: make testacc-up GITLAB_CE_VERSION=${{ matrix.gitlab-version }}
       - run: make testacc
 
   acceptance-ee:
@@ -114,6 +118,10 @@ jobs:
     timeout-minutes: 60
     runs-on: ubuntu-latest
     needs: [go-version, license-encryption-password]
+    strategy:
+      fail-fast: false
+      matrix:
+        gitlab-version: ["14.9.4-ee.0", "14.10.3-ee.0", "15.0.0-ee.0"]
     steps:
       - uses: actions/setup-go@v3
         with:
@@ -129,5 +137,5 @@ jobs:
           openssl version
           openssl enc -d -aes-256-cbc -pbkdf2 -iter 20000 -in Gitlab-license.encrypted -out Gitlab-license.txt -pass "pass:${{ secrets.LICENSE_ENCRYPTION_PASSWORD }}"
       # Note we specifically launch the gitlab-ee service.
-      - run: make testacc-up SERVICE=gitlab-ee
+      - run: make testacc-up SERVICE=gitlab-ee GITLAB_EE_VERSION=${{ matrix.gitlab-version }}
       - run: make testacc

CONTRIBUTING.md

@@ -108,6 +108,8 @@ Your workspace will automatically open the repository and branch that you select
 
 The acceptance tests can run against a Gitlab instance where you have a token with administrator permissions (likely not gitlab.com).
 
+The GitHub Actions test against the three latest GitLab releases.
+
 #### Option 1: Run tests against a local Gitlab container with docker-compose
 
 This option is the easiest and requires [docker-compose](https://docs.docker.com/compose/install/) (version 1.13+) to be installed on your machine.
@@ -162,6 +164,14 @@ $ make testacc GITLAB_TOKEN=example123 GITLAB_BASE_URL=https://example.com/api/v
   $ make testacc-up SERVICE=gitlab-ee
   ```
 
+* **Run tests against specific GitLab version:**
+
+  Specify the GitLab release in the `GITLAB_CE_VERSION` or `GITLAB_EE_VERSION`, e.g.:
+
+  ```sh
+  $ make testacc-up GITLAB_CE_VERSION=15.0.0-ce.0
+  ```
+
 * **Run a single test:**
 
   You can pass a pattern to the `RUN` variable to run a reduced number of tests. For example:

docker-compose.yml

@@ -4,7 +4,7 @@ version: '3'
 # Only one of these services should be run at a time.
 services:
   gitlab-ce:
-    image: gitlab/gitlab-ce
+    image: gitlab/gitlab-ce:${GITLAB_CE_VERSION:-latest}
     restart: always
     ports:
       - 8080:80
@@ -25,7 +25,7 @@ services:
       timeout: 2m
 
   gitlab-ee:
-    image: gitlab/gitlab-ee
+    image: gitlab/gitlab-ee:${GITLAB_EE_VERSION:-latest}
     restart: always
     ports:
       - 8080:80

docs/resources/managed_license.md

@@ -37,8 +37,8 @@ resource "gitlab_managed_license" "mit" {
 
 ### Required
 
-- `approval_status` (String) The approval status of the license. Valid values are: `approved`, `blacklisted`, `allowed`, `denied`. "approved" and "blacklisted" 
-				have been deprecated in favor of "allowed" and "denied"; use "allowed" and "denied" for GitLab versions 15.0 and higher. 
+- `approval_status` (String) The approval status of the license. Valid values are: `approved`, `blacklisted`, `allowed`, `denied`. "approved" and "blacklisted"
+				have been deprecated in favor of "allowed" and "denied"; use "allowed" and "denied" for GitLab versions 15.0 and higher.
 				Prior to version 15.0 and after 14.6, the values are equivalent.
 - `name` (String) The name of the managed license (I.e., 'Apache License 2.0' or 'MIT license')
 - `project` (String) The ID of the project under which the managed license will be created.

docs/resources/topic.md

@@ -23,7 +23,8 @@ The `gitlab_topic` resource allows to manage the lifecycle of topics that are th
 
 ```terraform
 resource "gitlab_topic" "functional_programming" {
-  name        = "Functional Programming"
+  name        = "functional-programming"
+  title       = "Functional Programming"
   description = "In computer science, functional programming is a programming paradigm where programs are constructed by applying and composing functions."
   avatar      = "${path.module}/avatar.png"
   avatar_hash = filesha256("${path.module}/avatar.png")
@@ -43,6 +44,7 @@ resource "gitlab_topic" "functional_programming" {
 - `avatar_hash` (String) The hash of the avatar image. Use `filesha256("path/to/avatar.png")` whenever possible. **Note**: this is used to trigger an update of the avatar. If it's not given, but an avatar is given, the avatar will be updated each time.
 - `description` (String) A text describing the topic.
 - `soft_destroy` (Boolean, Deprecated) Empty the topics fields instead of deleting it.
+- `title` (String) The topic's description. Requires at least GitLab 15.0 for which it's a required argument.
 
 ### Read-Only
 

examples/resources/gitlab_topic/resource.tf

@@ -1,5 +1,6 @@
 resource "gitlab_topic" "functional_programming" {
-  name        = "Functional Programming"
+  name        = "functional-programming"
+  title       = "Functional Programming"
   description = "In computer science, functional programming is a programming paradigm where programs are constructed by applying and composing functions."
   avatar      = "${path.module}/avatar.png"
   avatar_hash = filesha256("${path.module}/avatar.png")

internal/provider/data_source_gitlab_repository_file_test.go

@@ -66,7 +66,6 @@ resource "gitlab_repository_file" "foo" {
 	branch = "main"
 	content = base64encode("Meow goes the cat")
 	commit_message = "feat: Meow"
-	execute_filemode = true
 }
 
 data "gitlab_repository_file" "foo" {

internal/provider/helper_test.go

@@ -4,6 +4,7 @@
 package provider
 
 import (
+	"context"
 	"fmt"
 	"io"
 	"os"
@@ -67,22 +68,6 @@ func isRunningInCE() (bool, error) {
 	return !isEE, err
 }
 
-// orSkipFunc accepts many skipFunc and returns "true" if any returns true.
-func orSkipFunc(input ...SkipFunc) SkipFunc {
-	return func() (bool, error) {
-		for _, item := range input {
-			result, err := item()
-			if err != nil {
-				return false, err
-			}
-			if result {
-				return result, nil
-			}
-		}
-		return false, nil
-	}
-}
-
 // testAccCheckEE is a test helper that skips the current test if the GitLab version is not GitLab Enterprise.
 // This is useful when the version needs to be checked during setup, before the Terraform acceptance test starts.
 func testAccCheckEE(t *testing.T) {
@@ -98,6 +83,37 @@ func testAccCheckEE(t *testing.T) {
 	}
 }
 
+func testAccRequiresLessThan(t *testing.T, requiredMaxVersion string) {
+	isLessThan, err := isGitLabVersionLessThan(context.TODO(), testGitlabClient, requiredMaxVersion)()
+	if err != nil {
+		t.Fatalf("Failed to fetch GitLab version: %+v", err)
+	}
+
+	if !isLessThan {
+		t.Skipf("This test is only valid for GitLab versions less than %s", requiredMaxVersion)
+	}
+}
+
+func testAccRequiresAtLeast(t *testing.T, requiredMinVersion string) {
+	isAtLeast, err := isGitLabVersionAtLeast(context.TODO(), testGitlabClient, requiredMinVersion)()
+	if err != nil {
+		t.Fatalf("Failed to fetch GitLab version: %+v", err)
+	}
+
+	if !isAtLeast {
+		t.Skipf("This test is only valid for GitLab versions newer than %s", requiredMinVersion)
+	}
+}
+
+func testAccIsRunningAtLeast(t *testing.T, requiredMinVersion string) bool {
+	isAtLeast, err := isGitLabVersionAtLeast(context.TODO(), testGitlabClient, requiredMinVersion)()
+	if err != nil {
+		t.Fatalf("Failed to fetch GitLab version: %+v", err)
+	}
+
+	return isAtLeast
+}
+
 // testAccCurrentUser is a test helper for getting the current user of the provided client.
 func testAccCurrentUser(t *testing.T) *gitlab.User {
 	t.Helper()

internal/provider/resource_gitlab_group_cluster_test.go

@@ -18,6 +18,7 @@ func TestAccGitlabGroupCluster_basic(t *testing.T) {
 	rInt := acctest.RandInt()
 
 	resource.Test(t, resource.TestCase{
+		PreCheck:          func() { testAccRequiresLessThan(t, "15.0") },
 		ProviderFactories: providerFactories,
 		CheckDestroy:      testAccCheckGitlabGroupClusterDestroy,
 		Steps: []resource.TestStep{
@@ -105,6 +106,7 @@ func TestAccGitlabGroupCluster_import(t *testing.T) {
 	rInt := acctest.RandInt()
 
 	resource.Test(t, resource.TestCase{
+		PreCheck:          func() { testAccRequiresLessThan(t, "15.0") },
 		ProviderFactories: providerFactories,
 		CheckDestroy:      testAccCheckGitlabGroupClusterDestroy,
 		Steps: []resource.TestStep{

internal/provider/resource_gitlab_instance_cluster_test.go

@@ -19,6 +19,7 @@ func TestAccGitlabInstanceCluster_basic(t *testing.T) {
 	rInt := acctest.RandInt()
 
 	resource.Test(t, resource.TestCase{
+		PreCheck:          func() { testAccRequiresLessThan(t, "15.0") },
 		ProviderFactories: providerFactories,
 		CheckDestroy:      testAccCheckGitlabInstanceClusterDestroy,
 		Steps: []resource.TestStep{
@@ -107,6 +108,7 @@ func TestAccGitlabInstanceCluster_import(t *testing.T) {
 	rInt := acctest.RandInt()
 
 	resource.Test(t, resource.TestCase{
+		PreCheck:          func() { testAccRequiresLessThan(t, "15.0") },
 		ProviderFactories: providerFactories,
 		CheckDestroy:      testAccCheckGitlabInstanceClusterDestroy,
 		Steps: []resource.TestStep{

internal/provider/resource_gitlab_managed_license.go

@@ -53,8 +53,8 @@ var _ = registerResource("gitlab_managed_license", func() *schema.Resource {
 				ForceNew:         false,
 				ValidateFunc:     validation.StringInSlice(managedLicenseAllowedValues, true),
 				DiffSuppressFunc: checkDeprecatedValuesForDiff,
-				Description: fmt.Sprintf(`The approval status of the license. Valid values are: %s. "approved" and "blacklisted" 
-				have been deprecated in favor of "allowed" and "denied"; use "allowed" and "denied" for GitLab versions 15.0 and higher. 
+				Description: fmt.Sprintf(`The approval status of the license. Valid values are: %s. "approved" and "blacklisted"
+				have been deprecated in favor of "allowed" and "denied"; use "allowed" and "denied" for GitLab versions 15.0 and higher.
 				Prior to version 15.0 and after 14.6, the values are equivalent.`, renderValueListForDocs(managedLicenseAllowedValues)),
 			},
 		},
@@ -65,9 +65,14 @@ func resourceGitlabManagedLicenseCreate(ctx context.Context, d *schema.ResourceD
 	client := meta.(*gitlab.Client)
 	project := d.Get("project").(string)
 
+	approvalStatus, err := stringToApprovalStatus(ctx, client, d.Get("approval_status").(string))
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
 	options := &gitlab.AddManagedLicenseOptions{
 		Name:           gitlab.String(d.Get("name").(string)),
-		ApprovalStatus: stringToApprovalStatus(d.Get("approval_status").(string)),
+		ApprovalStatus: approvalStatus,
 	}
 
 	log.Printf("[DEBUG] create gitlab Managed License on Project %s, with Name %s", project, *options.Name)
@@ -131,12 +136,13 @@ func resourceGitlabManagedLicenseUpdate(ctx context.Context, d *schema.ResourceD
 		return diag.FromErr(err)
 	}
 
-	opts := &gitlab.EditManagedLicenceOptions{
-		ApprovalStatus: stringToApprovalStatus(d.Get("approval_status").(string)),
+	approvalStatus, err := stringToApprovalStatus(ctx, client, d.Get("approval_status").(string))
+	if err != nil {
+		return diag.FromErr(err)
 	}
 
-	if d.HasChange("approval_status") {
-		opts.ApprovalStatus = stringToApprovalStatus(d.Get("approval_status").(string))
+	opts := &gitlab.EditManagedLicenceOptions{
+		ApprovalStatus: approvalStatus,
 	}
 
 	log.Printf("[DEBUG] update gitlab Managed License %s", d.Id())
@@ -152,22 +158,32 @@ func resourceGitlabManagedLicenseUpdate(ctx context.Context, d *schema.ResourceD
 }
 
 // Convert the incoming string into the proper constant value for passing into the API.
-func stringToApprovalStatus(s string) *gitlab.LicenseApprovalStatusValue {
-	lookup := map[string]gitlab.LicenseApprovalStatusValue{
-		"approved":    gitlab.LicenseApproved,
-		"blacklisted": gitlab.LicenseBlacklisted,
-
-		// This is counter-intuitive, but currently the API response from the non-deprecated
-		// values is the deprecated values. So we have to map them here.
-		"allowed": gitlab.LicenseApproved,
-		"denied":  gitlab.LicenseBlacklisted,
-	}
+func stringToApprovalStatus(ctx context.Context, client *gitlab.Client, s string) (*gitlab.LicenseApprovalStatusValue, error) {
+	var value gitlab.LicenseApprovalStatusValue
+	notSupported, err := isGitLabVersionAtLeast(ctx, client, "15.0")()
+	if err != nil {
+		return nil, fmt.Errorf("failed to fetch GitLab version: %+v", err)
+	}
+	if notSupported {
+		value = gitlab.LicenseApprovalStatusValue(s)
+	} else {
+		lookup := map[string]gitlab.LicenseApprovalStatusValue{
+			"approved":    gitlab.LicenseApproved,
+			"blacklisted": gitlab.LicenseBlacklisted,
+
+			// This is counter-intuitive, but currently the API response from the non-deprecated
+			// values is the deprecated values. So we have to map them here.
+			"allowed": gitlab.LicenseApproved,
+			"denied":  gitlab.LicenseBlacklisted,
+		}
 
-	value, ok := lookup[s]
-	if !ok {
-		return nil
+		v, ok := lookup[s]
+		if !ok {
+			return nil, fmt.Errorf("invalid approval status value %q", s)
+		}
+		value = v
 	}
-	return &value
+	return &value, nil
 }
 
 func projectIdAndLicenseIdFromId(id string) (string, int, error) {