Implement repo register/deregister for gitlab (#4489)

* Implement repo register/deregister for gitlab

This implements the webhook creation and deletion for gitlab.

Signed-off-by: Juan Antonio Osorio <[email protected]>

* Implement webhook cleanup and use correct structs

Signed-off-by: Juan Antonio Osorio <[email protected]>

* Implement unique webhook URL for each entity in gitlab

Signed-off-by: Juan Antonio Osorio <[email protected]>

* Ensure / at the end of provider webhook handlers.

Signed-off-by: Juan Antonio Osorio <[email protected]>

---------

Signed-off-by: Juan Antonio Osorio <[email protected]>

Author: JAORMX

cmd/dev/app/rule_type/rttst.go

@@ -437,7 +437,8 @@ func getProvider(pstr string, token string, providerConfigFile string) (provifv1
 			return nil, fmt.Errorf("error parsing gitlab provider config: %w", err)
 		}
 
-		client, err := gitlab.New(credentials.NewGitLabTokenCredential(token), cfg)
+		// We may pass a "fake" webhook URL here as it is not used in the test
+		client, err := gitlab.New(credentials.NewGitLabTokenCredential(token), cfg, "fake")
 		if err != nil {
 			return nil, fmt.Errorf("error instantiating gitlab provider: %w", err)
 		}

internal/controlplane/server.go

@@ -22,6 +22,7 @@ import (
 	"net/http"
 	"net/url"
 	"runtime/debug"
+	"strings"
 	"time"
 
 	"github.com/gorilla/handlers"
@@ -357,7 +358,12 @@ func (s *Server) StartHTTPServer(ctx context.Context) error {
 	// Register the webhook handlers
 	// Note: The GitHub webhook handler is not registered here.
 	for classpath, handler := range s.providerManager.IterateWebhookHandlers() {
-		path, err := url.JoinPath("/api/v1/webhook/", url.PathEscape(classpath))
+		classpath = url.PathEscape(classpath)
+		if !strings.HasSuffix(classpath, "/") {
+			classpath += "/"
+		}
+
+		path, err := url.JoinPath("/api/v1/webhook/", classpath)
 		if err != nil {
 			return fmt.Errorf("failed to register webhook handler for %s: %w", classpath, err)
 		}

internal/providers/gitlab/gitlab.go

@@ -26,7 +26,6 @@ import (
 
 	config "github.com/stacklok/minder/internal/config/server"
 	"github.com/stacklok/minder/internal/db"
-	"github.com/stacklok/minder/internal/entities/properties"
 	minderv1 "github.com/stacklok/minder/pkg/api/protobuf/go/minder/v1"
 	provifv1 "github.com/stacklok/minder/pkg/providers/v1"
 )
@@ -53,25 +52,32 @@ var _ provifv1.REST = (*gitlabClient)(nil)
 var _ provifv1.RepoLister = (*gitlabClient)(nil)
 
 type gitlabClient struct {
-	cred      provifv1.GitLabCredential
-	cli       *http.Client
-	glcfg     *minderv1.GitLabProviderConfig
-	gitConfig config.GitConfig
+	cred       provifv1.GitLabCredential
+	cli        *http.Client
+	glcfg      *minderv1.GitLabProviderConfig
+	webhookURL string
+	gitConfig  config.GitConfig
 }
 
 // New creates a new GitLab provider
-func New(cred provifv1.GitLabCredential, cfg *minderv1.GitLabProviderConfig) (*gitlabClient, error) {
+// Note that the webhook URL should already contain the provider class in the path
+func New(cred provifv1.GitLabCredential, cfg *minderv1.GitLabProviderConfig, webhookURL string) (*gitlabClient, error) {
 	// TODO: We need a context here.
 	cli := oauth2.NewClient(context.Background(), cred.GetAsOAuth2TokenSource())
 
 	if cfg.Endpoint == "" {
 		cfg.Endpoint = "https://gitlab.com/api/v4/"
 	}
 
+	if webhookURL == "" {
+		return nil, errors.New("webhook URL is required")
+	}
+
 	return &gitlabClient{
-		cred:  cred,
-		cli:   cli,
-		glcfg: cfg,
+		cred:       cred,
+		cli:        cli,
+		glcfg:      cfg,
+		webhookURL: webhookURL,
 		// TODO: Add git config
 	}, nil
 }
@@ -128,22 +134,3 @@ func (c *gitlabClient) GetCredential() provifv1.GitLabCredential {
 func (_ *gitlabClient) SupportsEntity(entType minderv1.Entity) bool {
 	return entType == minderv1.Entity_ENTITY_REPOSITORIES
 }
-
-// RegisterEntity implements the Provider interface
-func (c *gitlabClient) RegisterEntity(
-	_ context.Context, entType minderv1.Entity, props *properties.Properties,
-) (*properties.Properties, error) {
-	if !c.SupportsEntity(entType) {
-		return nil, errors.New("unsupported entity type")
-	}
-
-	// TODO: implement
-
-	return props, nil
-}
-
-// DeregisterEntity implements the Provider interface
-func (_ *gitlabClient) DeregisterEntity(_ context.Context, _ minderv1.Entity, _ *properties.Properties) error {
-	// TODO: implement
-	return nil
-}

internal/providers/gitlab/manager/manager.go

@@ -21,6 +21,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"net/url"
 	"slices"
 
 	"github.com/stacklok/minder/internal/config/server"
@@ -35,16 +36,32 @@ type providerClassManager struct {
 	store    db.Store
 	crypteng crypto.Engine
 	// gitlab provider config
-	glpcfg *server.GitLabConfig
+	glpcfg        *server.GitLabConfig
+	webhookURL    string
+	parentContext context.Context
 }
 
 // NewGitLabProviderClassManager creates a new provider class manager for the dockerhub provider
-func NewGitLabProviderClassManager(crypteng crypto.Engine, store db.Store, cfg *server.GitLabConfig) *providerClassManager {
-	return &providerClassManager{
-		store:    store,
-		crypteng: crypteng,
-		glpcfg:   cfg,
+func NewGitLabProviderClassManager(
+	ctx context.Context, crypteng crypto.Engine, store db.Store, cfg *server.GitLabConfig, wgCfg server.WebhookConfig,
+) (*providerClassManager, error) {
+	webhookURLBase := wgCfg.ExternalWebhookURL
+	if webhookURLBase == "" {
+		return nil, errors.New("webhook URL is required")
+	}
+
+	webhookURL, err := url.JoinPath(webhookURLBase, url.PathEscape(string(db.ProviderClassGitlab)))
+	if err != nil {
+		return nil, fmt.Errorf("error joining webhook URL: %w", err)
 	}
+
+	return &providerClassManager{
+		store:         store,
+		crypteng:      crypteng,
+		glpcfg:        cfg,
+		webhookURL:    webhookURL,
+		parentContext: ctx,
+	}, nil
 }
 
 // GetSupportedClasses implements the ProviderClassManager interface
@@ -74,7 +91,7 @@ func (g *providerClassManager) Build(ctx context.Context, config *db.Provider) (
 		return nil, fmt.Errorf("error parsing gitlab config: %w", err)
 	}
 
-	cli, err := gitlab.New(creds, cfg)
+	cli, err := gitlab.New(creds, cfg, g.webhookURL)
 	if err != nil {
 		return nil, fmt.Errorf("error creating gitlab client: %w", err)
 	}

internal/providers/gitlab/manager/webhook.go

@@ -14,11 +14,28 @@
 
 package manager
 
-import "net/http"
+import (
+	"net/http"
+
+	"github.com/rs/zerolog"
+)
 
 // GetWebhookHandler implements the ProviderManager interface
 // Note that this is where the whole webhook handler is defined and
 // will live.
-func (_ *providerClassManager) GetWebhookHandler() http.Handler {
-	return nil
+func (m *providerClassManager) GetWebhookHandler() http.Handler {
+	return http.HandlerFunc(func(_ http.ResponseWriter, r *http.Request) {
+		l := zerolog.Ctx(m.parentContext).With().
+			Str("webhook", "gitlab").
+			Str("method", r.Method).
+			Str("path", r.URL.Path).
+			Str("remote", r.RemoteAddr).
+			Str("user-agent", r.UserAgent()).
+			Str("content-type", r.Header.Get("Content-Type")).
+			Logger()
+
+		// TODO: Implement webhook handler
+
+		l.Debug().Msg("received webhook")
+	})
 }

internal/providers/gitlab/properties.go

@@ -37,6 +37,10 @@ const (
 	RepoPropertyLicense = "gitlab/license"
 	// RepoPropertyCloneURL represents the gitlab repo clone URL
 	RepoPropertyCloneURL = "gitlab/clone_url"
+	// RepoPropertyHookID represents the gitlab repo hook ID
+	RepoPropertyHookID = "gitlab/hook_id"
+	// RepoPropertyHookURL represents the gitlab repo hook URL
+	RepoPropertyHookURL = "gitlab/hook_url"
 )
 
 // FetchAllProperties implements the provider interface