Update deps with:

    go get -u ./...
    go mod tidy

Then fix the msgraphsdkgo breaking change in v0.63.0:

    membership/azure.go:172:26: c.client.GroupsById undefined (type *msgraphsdkgo.GraphServiceClient has no field or method GroupsById)

See https://github.com/microsoftgraph/msgraph-sdk-go/commit/d1f39a780d36d4e

And then fix msgraphsdkgo-core breaking changes in v0.35.0:

    membership/azure.go:123:19: cannot infer T (/go/pkg/mod/github.com/microsoftgraph/msgraph-sdk-go-core@v0.36.1/page_iterator.go:48:1)

See https://github.com/microsoftgraph/msgraph-sdk-go-core/commit/ffd76dc45e



And finally address a deprecation:

    gitlab/gitlab_test.go:361:46: SA1019: ggl.MasterPermissions is deprecated: Renamed to MaintainerPermissions in GitLab 11.0

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

This implementation assumes users are not allowed to change their
usernames.

MS Graph API provides a few different elements to identify users:

 - the oid, which is guaranteed to uniquely map to a single user
   in a tenant, and globally if combined with the tid (tenant id)
 - the userPrincipalName, in the form <username@tenant.domain>
 - the free-form email address

Ideally, all services should use the oid+tid as an internal user
identifier, the userPrincipalName as a username, and the free-form
email for notifications.

When federation of tenants is out of scope, the oid and the
username part of the userPrincipalName would be enough.

Due to various reasons, the services the mediator is used
with on our setup use those elements differently:

* OBS uses <username> for user IDs, but *usually* the free-form email
  for emails.
* GitLab uses integers for user IDs, the free-form email for primary
  emails, <username> as the username and the full userPrincipalName for the
  openid_connect authentication method (which, arguably, should be changed to
  use the oid+tid), but has no easy way to retrieve users by such identifier
  (however, it is exposed in some of the user listing API when using
  administrator’s rights)
* LAVA currently uses the free-form email and should be fixed to use the
  username from the userPrincipalName

Since in our setup the userPrincipalName cannot be changed and
cannot be re-used, and federation is not in scope, using the
username part of the userPrincipalName is enough to reliably identify
users across services, and it is also what users expect.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

The new version exposes more object fields of the GitLab API. In
particular, we need bot: true to be able to filter out bot users.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Use apex/log for logs: this allows less repetition and more context in
the logs.

Wrap HTTP request handlers to log basic request data.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Edmund Smith authored 2 years ago and Andrej Shadura committed 2 years ago

This is considerably simpler than it might be, because LAVA exports
the API we want - set all the groups to which a user belongs.

The main complication here is that LAVA uses basic authentication,
which means we need an XMLRPC library which supports setting this
header. The majority of go XMLRPC libraries I looked at did not seem
to support this.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Supported commands:
 * group list
 * group get <name>
 * group new <name>
 * group delete <name>
 * user get <name>
 * user lookup <email>

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

This patch does not change mediator behaviour. It only makes necessary
changes for the GitLab API client:

- adds predefined GitLab API token (by extending standard healthcheck
  procedure [1][2]),
- passes said token to the mediator for the GitLab client,
- splits service redirection URL to reuse it by the GitLab client,
- adjusts internal tests to all of the changes above.

Passing service URL to the GitLab client requires parsing redirect URL
early (on mediator creation). It is the reason why error handler for
parsing redirect URL in callback handler function is no longer
reachable.

This error handler is intentionally left in place in case future changes
to the code disable parsing redirect URL early. Slight decrease in test
coverage (2% as of this patch) costs less than production deployment
damage.

[1] https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/docker/Dockerfile#L56
[2] https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html#create-a-personal-access-token-programmatically



Signed-off-by: Paweł Wieczorek <pawel.wieczorek@collabora.com>

Signed-off-by: Paweł Wieczorek <pawel.wieczorek@collabora.com>

This patch also adjusts GitLab CI pipeline to lint Go files and run
internal tests.

Signed-off-by: Paweł Wieczorek <pawel.wieczorek@collabora.com>