Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Apply Approvals on Gitlab are not being recognized - Applys are being let through despite the MR not being approved #114

Closed
mechastorm opened this issue Apr 26, 2018 · 3 comments
Closed

Apply Approvals on Gitlab are not being recognized - Applys are being let through despite the MR not being approved #114

mechastorm opened this issue Apr 26, 2018 · 3 comments
Labels
provider/gitlab

Comments

@mechastorm
Copy link

mechastorm commented Apr 26, 2018
edited
Loading

Issue

I have submitted a Merge Request (MR) in Gitlab Enterprise. The Merge Request shows that it "Requires 1 more approval by X" before it can be merged.

Yet the creator of the MR was able to still run atlantis apply.

Repro Steps

  • Set up an MR that requires an approval
  • Run atlantis plan
  • Do not approve/reject the MR yet
  • Run atlantis apply

Expected Behaviour

atlantis apply should be denied since the MR is not yet approved for merging.

Logs

2018/04/25 23:42:25 [INFO] server: 200 | POST /events
2018/04/25 23:42:26 [INFO] mygroup/myproject#6: Cleaning clone directory "/myuser/.atlantis/repos/mygroup/myproject/6/d$
2018/04/25 23:42:26 [INFO] mygroup/myproject#6: Creating dir "/myuser/.atlantis/repos/mygroup/myproject/6/default"
2018/04/25 23:42:26 [INFO] mygroup/myproject#6: Git cloning "https://mygithost.example/mygroup/myproject.git" into "/$
2018/04/25 23:42:27 [INFO] server: 200 | GET /
2018/04/25 23:42:29 [INFO] mygroup/myproject#6: Checking out branch "patch-1"
2018/04/25 23:42:29 [INFO] mygroup/myproject#6: Running plan for project at path "env_a"
2018/04/25 23:42:32 [INFO] server: 200 | POST /events
2018/04/25 23:42:44 [INFO] server: 200 | GET /
2018/04/25 23:42:57 [INFO] server: 200 | GET /
2018/04/25 23:43:14 [INFO] server: 200 | GET /lock?id=mygroup%252Fmyproject%252Fenv_a%252Fdefault
2018/04/25 23:43:14 [INFO] server: 200 | GET /
2018/04/25 23:43:18 [INFO] server: Deleted lock id mygroup/myproject/env_a/default
2018/04/25 23:43:18 [INFO] server: 200 | DELETE /locks?id=mygroup%2Fmyproject%2Fenv_a%2Fdefault
2018/04/25 23:43:18 [INFO] server: 200 | GET /?discard=true
2018/04/25 23:43:24 [INFO] server: 200 | POST /events
2018/04/25 23:43:25 [INFO] mygroup/myproject#6: Cleaning clone directory "/myuser/.atlantis/repos/mygroup/myproject/6/d$
2018/04/25 23:43:25 [INFO] mygroup/myproject#6: Creating dir "/myuser/.atlantis/repos/mygroup/myproject/6/default"
2018/04/25 23:43:25 [INFO] mygroup/myproject#6: Git cloning "https://mygithost.example/mygroup/myproject.git" into "/$
2018/04/25 23:43:27 [INFO] server: 200 | GET /
2018/04/25 23:43:29 [INFO] mygroup/myproject#6: Checking out branch "patch-1"
2018/04/25 23:43:29 [INFO] mygroup/myproject#6: Running plan for project at path "env_a"
2018/04/25 23:43:29 [INFO] mygroup/myproject#6: Acquired lock with id "mygroup/myproject/env_a/default"
2018/04/25 23:43:29 [INFO] mygroup/myproject#6: Determined that we are running terraform with version >= 0.9.0. Running version 0.11$
2018/04/25 23:43:37 [INFO] mygroup/myproject#6: Successfully ran "sh -c terraform init -no-color" in "/myuser/.atlantis/repos/atlantis$
2018/04/25 23:43:37 [INFO] mygroup/myproject#6: Successfully ran "sh -c terraform workspace show" in "/myuser/.atlantis/repos/atlantis$
2018/04/25 23:43:39 [INFO] mygroup/myproject#6: Successfully ran "sh -c terraform plan -refresh -no-color -out /myuser/.atlantis/repos$
2018/04/25 23:43:39 [INFO] mygroup/myproject#6: Plan succeeded
2018/04/25 23:43:40 [INFO] server: 200 | POST /events
2018/04/25 23:43:44 [INFO] server: 200 | GET /
2018/04/25 23:43:57 [INFO] server: 200 | GET /
2018/04/25 23:44:02 [INFO] server: 200 | POST /events
2018/04/25 23:44:03 [INFO] mygroup/myproject#6: Confirmed pull request was approved
2018/04/25 23:44:03 [INFO] mygroup/myproject#6: Found workspace in "/myuser/.atlantis/repos/mygroup/myproject/6/default"
2018/04/25 23:44:03 [INFO] mygroup/myproject#6: Found 1 plan(s) in our workspace: [/myuser/.atlantis/repos/mygroup/sandbox-iotde$
2018/04/25 23:44:03 [INFO] mygroup/myproject#6: Running apply for project at path "env_a"
2018/04/25 23:44:03 [INFO] mygroup/myproject#6: Acquired lock with id "mygroup/myproject/env_a/default"
2018/04/25 23:44:03 [INFO] mygroup/myproject#6: Determined that we are running terraform with version >= 0.9.0. Running version 0.11$
2018/04/25 23:44:03 [INFO] mygroup/myproject#6: Successfully ran "sh -c terraform init -no-color" in "/myuser/.atlantis/repos/atlantis$
2018/04/25 23:44:04 [INFO] mygroup/myproject#6: Successfully ran "sh -c terraform workspace show" in "/myuser/.atlantis/repos/atlantis$
2018/04/25 23:44:04 [INFO] mygroup/myproject#6: Successfully ran "sh -c terraform apply -no-color /myuser/.atlantis/repos/atlantis-tes$
2018/04/25 23:44:04 [INFO] mygroup/myproject#6: Apply succeeded
2018/04/25 23:44:06 [INFO] server: 200 | POST /events

API JSON

JSON Sample of MR approval from api/v4/projects/:id/merge_requests/:iid/approvals

{
  id: 99999,
  iid: 6,
  project_id: 123,
  title: "My Merge Request Title",
  description: "",
  state: "opened",
  created_at: "2018-04-25T23:41:59.998Z",
  updated_at: "2018-04-25T23:43:24.049Z",
  merge_status: "can_be_merged",
  approvals_required: 1,
  approvals_left: 1,
  approved_by: [ ],
  suggested_approvers: [
    {
      id: 146,
      name: "user 1",
      username: "u.1",
      state: "active",
      avatar_url: "https://secure.gravatar.com/avatar/",
      web_url: "https://git.vandevlab.com/u.1"
    },
    {
      id: 33,
      name: "User 2",
      username: "u.2",
      state: "active",
      avatar_url: "https://git.vandevlab.com/uploads/-/system/user/avatar/",
      web_url: "https://git.vandevlab.com/u.2"
    }
  ],
  user_has_approved: false,
  user_can_approve: false
}

Environment

  • atlantis 0.3.8
  • GitLab 10.5.4-ee
  • GitLab API v4

Possible Solution

It may seem that the the Gitlab Client Code might be looking at the wrong API property to determine if the MR is approved at

atlantis/server/events/vcs/gitlab_client.go

Line 75 in 566febe

if approvals.ApprovalsMissing > 0 {

It seems to be checking for the ApprovalsMissing or in the JSON equivalent the approvals_missing property which does not exist in the API endpoint that is being pulled from the client

https://github.com/lkysow/go-gitlab/blob/master/merge_requests.go#L261

It would seem that property approvals_missing was a mistake in the documentation that Gitlab has now fixed - https://gitlab.com/gitlab-org/gitlab-ee/issues/1118#note_17875041

The suggestion is instead fo checking ApprovalsMissing to instead check for ApprovalsLeft == 0 to determine if an MR is approved.
@lkysow lkysow mentioned this issue Apr 26, 2018
Merged
@lkysow
Copy link
Member

lkysow commented Apr 26, 2018

Thanks for the great bug report! Fixed in 0.3.9.

@mechastorm
Copy link
Author

Thanks for the quick fix! Just tested this and it works as expected!

@lkysow
Copy link
Member

lkysow commented Apr 26, 2018

awesome!

jamengual pushed a commit that referenced this issue Nov 23, 2022
@Aayyush @msarvar
Log Streaming Metrics Refactor (#114)
df78401
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
provider/gitlab
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lkysow @mechastorm @nitrocode