diff --git a/.changeset/loud-singers-happen.md b/.changeset/loud-singers-happen.md index 7d86f96e62..32dbdb8481 100644 --- a/.changeset/loud-singers-happen.md +++ b/.changeset/loud-singers-happen.md @@ -2,4 +2,4 @@ '@backstage/plugin-catalog-backend-module-gitlab': patch --- -Allow Backstage to mirror GitLab Member Relation behavior by adding the `allowDescendants` and `allowSharedFromGroups` configuration options. +Add the `relations` array to allow Backstage to mirror GitLab's membership behavior, including descendant, inherited, and shared-from-group memberships. diff --git a/docs/integrations/gitlab/org.md b/docs/integrations/gitlab/org.md index 23323bae24..da20af9d4a 100644 --- a/docs/integrations/gitlab/org.md +++ b/docs/integrations/gitlab/org.md @@ -172,9 +172,10 @@ catalog: host: gitlab.com orgEnabled: true group: org/teams # Required for gitlab.com when `orgEnabled: true`. Optional for self managed. Must not end with slash. Accepts only groups under the provided path (which will be stripped) - allowInherited: true # Optional. Members of any ancestor groups will also be considered members of the current group. - allowDescendants: true # Optional. Members of any descendant groups will also be considered members of the current group. - allowSharedFromGroups: true # Optional. Members of any invited groups will also be considered members of the current group. + relations: # Optional + - INHERITED # Optional. Members of any ancestor groups will also be considered members of the current group. + - DESCENDANTS # Optional. Members of any descendant groups will also be considered members of the current group. + - SHARED_FROM_GROUPS # Optional. Members of any invited groups will also be considered members of the current group. groupPattern: '[\s\S]*' # Optional. Filters found groups based on provided pattern. Defaults to `[\s\S]*`, which means to not filter anything schedule: # Same options as in TaskScheduleDefinition. Optional for the Legacy Backend System. # supports cron, ISO duration, "human duration" as used in code @@ -198,14 +199,27 @@ which contain members will be ingested. ### Subgroup Membership -GitLab groups and subgroups provide a hierarchical structure to organize projects and users. Membership in a parent group automatically extends to its subgroups, ensuring consistent permissions across all levels. Additionally, membership can be managed using invited groups, allowing one group to be added to another. For Backstage users integrating with GitLab, understanding this [inheritance model](https://docs.gitlab.co.jp/ee/user/group/subgroups/#subgroup-membership) and the use of invited groups is crucial for accurately mapping and managing group and user entities. +GitLab groups and subgroups provide a hierarchical structure for organizing projects and users. Membership in a parent group extends automatically to its subgroups, ensuring consistent permissions at all levels. Additionally, membership can be managed using invited groups, where one group can be added to another. For Backstage users integrating with GitLab, understanding this [inheritance model](https://docs.gitlab.co.jp/ee/user/group/subgroups/#subgroup-membership) and the concept of invited groups is crucial for accurately mapping and managing group and user entities. The `GitLabOrgDiscoveryEntityProvider` mirrors GitLab's membership behavior as follows: -- by default, every direct member of a GitLab group is also a member of the corresponding group in Backstage; -- to include members of subgroups as members of the parent group, enable the `allowDescendants` option; -- to include members of parent groups as members of their subgroups, enable the `allowInherited` option. This also has the effect that subgroups with no direct members will not be skipped in the group ingestion process and will be added as a group entity in Backstage; -- to include members of invited groups as members of the inviting group, enable the `allowSharedFromGroups` option. +- By default, every direct member of a GitLab group is also a member of the corresponding group in Backstage. +- To include members of subgroups as members of the parent group, configure the `relations` array with the `DESCENDANTS` option. +- To include members of parent groups as members of their subgroups, configure the `relations` array with the `INHERITED` option. This also has the effect that subgroups with no direct members will not be skipped in the group ingestion process and will be added as a group entity in Backstage; +- To include members of invited groups as members of the inviting group, configure the `relations` array with the `SHARED_FROM_GROUPS` option. + +The previous `allowInherited` will be deprecated in future versions. Use the `relations` array with the `INHERITED` option instead. + +```yaml +catalog: + providers: + gitlab: + development: + relations: + - INHERITED + - DESCENDANTS + - SHARED_FROM_GROUPS +``` Refer to the [GitLab Group Member Relation](https://docs.gitlab.com/ee/api/graphql/reference/#groupmemberrelation) documentation for more information. diff --git a/plugins/catalog-backend-module-gitlab/api-report.md b/plugins/catalog-backend-module-gitlab/api-report.md index 5f4f3aa622..47113af957 100644 --- a/plugins/catalog-backend-module-gitlab/api-report.md +++ b/plugins/catalog-backend-module-gitlab/api-report.md @@ -106,8 +106,7 @@ export type GitlabProviderConfig = { userPattern: RegExp; groupPattern: RegExp; allowInherited?: boolean; - allowDescendants?: boolean; - allowSharedFromGroups?: boolean; + relations: string[]; orgEnabled?: boolean; schedule?: TaskScheduleDefinition; skipForkedRepos?: boolean; diff --git a/plugins/catalog-backend-module-gitlab/src/lib/types.ts b/plugins/catalog-backend-module-gitlab/src/lib/types.ts index a674d4c222..829cb27f6d 100644 --- a/plugins/catalog-backend-module-gitlab/src/lib/types.ts +++ b/plugins/catalog-backend-module-gitlab/src/lib/types.ts @@ -184,19 +184,40 @@ export type GitlabProviderConfig = { groupPattern: RegExp; /** - * If true, the provider will also add members of inherited groups (ascendant) to the ingested groups. See: https://docs.gitlab.com/ee/api/graphql/reference/#groupmemberrelation - */ + * If true, the provider will also add inherited (ascendant) users to the ingested groups. + * See: https://docs.gitlab.com/ee/api/graphql/reference/#groupmemberrelation + * + * @deprecated Use the `relations` array to configure group membership relations instead. + **/ allowInherited?: boolean; /** - * If true, the provider will also add members of descendant groups to the ingested groups. See: https://docs.gitlab.com/ee/api/graphql/reference/#groupmemberrelation + * Specifies the types of group membership relations that should be included when ingesting data. + * + * The following values are valid: + * - 'DIRECT': Direct members of the group. This is the default relation and is always included. + * - 'INHERITED': Members inherited from parent (ascendant) groups. + * - 'DESCENDANTS': Members from child (descendant) groups. + * - 'SHARED_FROM_GROUPS': Members shared from other groups. + * + * See: https://docs.gitlab.com/ee/api/graphql/reference/#groupmemberrelation + * + * If the `relations` array is provided in the app-config.yaml, it should contain any combination of the above values. + * The 'DIRECT' relation is automatically included and cannot be excluded, even if not specified. + * Example configuration: + * + * ```yaml + * catalog: + * providers: + * gitlab: + * development: + * relations: + * - INHERITED + * - DESCENDANTS + * - SHARED_FROM_GROUPS + * ``` */ - allowDescendants?: boolean; - - /** - * If true, the provider will also add members of invited groups to the ingested groups. See: https://docs.gitlab.com/ee/api/graphql/reference/#groupmemberrelation - */ - allowSharedFromGroups?: boolean; + relations?: string[]; orgEnabled?: boolean; schedule?: TaskScheduleDefinition; diff --git a/plugins/catalog-backend-module-gitlab/src/providers/GitlabOrgDiscoveryEntityProvider.ts b/plugins/catalog-backend-module-gitlab/src/providers/GitlabOrgDiscoveryEntityProvider.ts index 2c750a2930..3415e01974 100644 --- a/plugins/catalog-backend-module-gitlab/src/providers/GitlabOrgDiscoveryEntityProvider.ts +++ b/plugins/catalog-backend-module-gitlab/src/providers/GitlabOrgDiscoveryEntityProvider.ts @@ -779,11 +779,13 @@ export class GitlabOrgDiscoveryEntityProvider implements EntityProvider { } private getRelations(config: any) { - return [ - 'DIRECT', - ...(config.allowInherited ? ['INHERITED'] : []), - ...(config.allowSharedFromGroups ? ['SHARED_FROM_GROUPS'] : []), - ...(config.allowDescendants ? ['DESCENDANTS'] : []), - ]; + if (Array.isArray(config.relations)) { + // filter out duplicates + const relationsSet = new Set(['DIRECT', ...config.relations]); + return Array.from(relationsSet); + } + + // TODO: remove this fallback in the next major version by ensuring the method returns only `['DIRECT']` if no `relations` array is provided. + return ['DIRECT', ...(config.allowInherited ? ['INHERITED'] : [])]; } } diff --git a/plugins/catalog-backend-module-gitlab/src/providers/config.test.ts b/plugins/catalog-backend-module-gitlab/src/providers/config.test.ts index c2c1fd14f7..1db5e24f01 100644 --- a/plugins/catalog-backend-module-gitlab/src/providers/config.test.ts +++ b/plugins/catalog-backend-module-gitlab/src/providers/config.test.ts @@ -59,8 +59,7 @@ describe('config', () => { userPattern: /[\s\S]*/, orgEnabled: false, allowInherited: false, - allowDescendants: false, - allowSharedFromGroups: false, + relations: [], schedule: undefined, skipForkedRepos: false, }), @@ -99,8 +98,7 @@ describe('config', () => { userPattern: /[\s\S]*/, orgEnabled: false, allowInherited: false, - allowDescendants: false, - allowSharedFromGroups: false, + relations: [], schedule: undefined, skipForkedRepos: false, }), @@ -140,8 +138,7 @@ describe('config', () => { userPattern: /[\s\S]*/, orgEnabled: false, allowInherited: false, - allowDescendants: false, - allowSharedFromGroups: false, + relations: [], schedule: undefined, skipForkedRepos: true, }), @@ -183,8 +180,7 @@ describe('config', () => { userPattern: /[\s\S]*/, orgEnabled: false, allowInherited: false, - allowDescendants: false, - allowSharedFromGroups: false, + relations: [], skipForkedRepos: false, schedule: { frequency: Duration.fromISO('PT30M'), diff --git a/plugins/catalog-backend-module-gitlab/src/providers/config.ts b/plugins/catalog-backend-module-gitlab/src/providers/config.ts index abed6d83c4..32d3ad0cf2 100644 --- a/plugins/catalog-backend-module-gitlab/src/providers/config.ts +++ b/plugins/catalog-backend-module-gitlab/src/providers/config.ts @@ -45,10 +45,7 @@ function readGitlabConfig(id: string, config: Config): GitlabProviderConfig { const orgEnabled: boolean = config.getOptionalBoolean('orgEnabled') ?? false; const allowInherited: boolean = config.getOptionalBoolean('allowInherited') ?? false; - const allowDescendants: boolean = - config.getOptionalBoolean('allowDescendants') ?? false; - const allowSharedFromGroups: boolean = - config.getOptionalBoolean('allowSharedFromGroups') ?? false; + const relations: string[] = config.getOptionalStringArray('relations') ?? []; const skipForkedRepos: boolean = config.getOptionalBoolean('skipForkedRepos') ?? false; @@ -70,8 +67,7 @@ function readGitlabConfig(id: string, config: Config): GitlabProviderConfig { schedule, orgEnabled, allowInherited, - allowDescendants, - allowSharedFromGroups, + relations, skipForkedRepos, }; }