From 9021eafd296d9567cfa5540849b581ca0cab7e8b Mon Sep 17 00:00:00 2001
From: Sebastian Widmer <sebastian.widmer@vshn.net>
Date: Wed, 31 Jul 2024 10:56:24 +0200
Subject: [PATCH] Force refresh valid but not saved token (#300)

---
 controllers/gitrepo/steps.go |  2 +-
 git/gitlab/gitlab.go         |  7 ++++---
 git/gitlab/gitlab_test.go    | 16 ++++++++++------
 git/manager/manager.go       |  2 +-
 4 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/controllers/gitrepo/steps.go b/controllers/gitrepo/steps.go
index b8c777e0..f77efc13 100644
--- a/controllers/gitrepo/steps.go
+++ b/controllers/gitrepo/steps.go
@@ -156,7 +156,7 @@ func ensureAccessToken(ctx context.Context, cli client.Client, instance *synv1al
 		uid := secret.Annotations[LieutenantAccessTokenUIDAnnotation]
 
 		pat, err := repo.EnsureProjectAccessToken(ctx, instance.GetName(), manager.EnsureProjectAccessTokenOptions{
-			UID: uid,
+			UID: &uid,
 		})
 		if err != nil {
 			return fmt.Errorf("error ensuring project access token: %w", err)
diff --git a/git/gitlab/gitlab.go b/git/gitlab/gitlab.go
index 51e664d5..2ffa2bbe 100644
--- a/git/gitlab/gitlab.go
+++ b/git/gitlab/gitlab.go
@@ -497,7 +497,7 @@ func (g *Gitlab) EnsureProjectAccessToken(ctx context.Context, name string, opts
 		return 0
 	})
 
-	if opts.UID == "" {
+	if opts.UID == nil {
 		if len(validATs) > 0 {
 			return manager.ProjectAccessToken{
 				UID:       strconv.Itoa(validATs[0].ID),
@@ -505,10 +505,11 @@ func (g *Gitlab) EnsureProjectAccessToken(ctx context.Context, name string, opts
 			}, nil
 		}
 	} else {
+		uid := *opts.UID
 		for _, token := range validATs {
-			if strconv.Itoa(token.ID) == opts.UID {
+			if strconv.Itoa(token.ID) == uid {
 				return manager.ProjectAccessToken{
-					UID:       opts.UID,
+					UID:       uid,
 					ExpiresAt: time.Time(*token.ExpiresAt),
 				}, nil
 			}
diff --git a/git/gitlab/gitlab_test.go b/git/gitlab/gitlab_test.go
index bda121de..e9d96362 100644
--- a/git/gitlab/gitlab_test.go
+++ b/git/gitlab/gitlab_test.go
@@ -676,7 +676,7 @@ func TestGitlab_EnsureProjectAccessToken(t *testing.T) {
 	require.NoError(t, err)
 	assert.Equal(t, "token101", pat.Token)
 
-	for _, uid := range []string{"", pat.UID} {
+	for _, uid := range []*string{nil, &pat.UID} {
 		opts := manager.EnsureProjectAccessTokenOptions{UID: uid}
 		samepat, err := g.EnsureProjectAccessToken(context.Background(), "test", opts)
 		require.NoError(t, err)
@@ -684,14 +684,18 @@ func TestGitlab_EnsureProjectAccessToken(t *testing.T) {
 		assert.Equal(t, pat.ExpiresAt, samepat.ExpiresAt)
 	}
 
-	newPat, err := g.EnsureProjectAccessToken(context.Background(), "test", manager.EnsureProjectAccessTokenOptions{UID: "other id"})
-	require.NoError(t, err)
-	assert.NotEqual(t, pat.UID, newPat.UID, "Should return new token if UID does not match")
+	newPat := pat
+	for _, uid := range []string{"", "other id"} {
+		p, err := g.EnsureProjectAccessToken(context.Background(), "test", manager.EnsureProjectAccessTokenOptions{UID: &uid})
+		require.NoError(t, err)
+		assert.NotEqual(t, p.UID, newPat.UID, "Should return new token if UID does not match")
+		newPat = p
+	}
 
 	// Access token expiry are floored to the nearest day
 	// Check that newest token is returned
 	clock.Advance(24 * time.Hour)
-	newerPat, err := g.EnsureProjectAccessToken(context.Background(), "test", manager.EnsureProjectAccessTokenOptions{UID: "other id"})
+	newerPat, err := g.EnsureProjectAccessToken(context.Background(), "test", manager.EnsureProjectAccessTokenOptions{UID: ptr.To("other id")})
 	require.NoError(t, err)
 	assert.NotEqual(t, newPat.UID, newerPat.UID, "Should return new token if UID does not match")
 	newerPat2, err := g.EnsureProjectAccessToken(context.Background(), "test", manager.EnsureProjectAccessTokenOptions{})
@@ -700,7 +704,7 @@ func TestGitlab_EnsureProjectAccessToken(t *testing.T) {
 
 	clock.Advance(time.Hour * 24 * 90)
 
-	renewedPat, err := g.EnsureProjectAccessToken(context.Background(), "test", manager.EnsureProjectAccessTokenOptions{UID: pat.UID})
+	renewedPat, err := g.EnsureProjectAccessToken(context.Background(), "test", manager.EnsureProjectAccessTokenOptions{UID: &pat.UID})
 	require.NoError(t, err)
 	assert.NotEmpty(t, renewedPat.Token, "Should return new token if old token is expired")
 	assert.NotEqual(t, pat.UID, renewedPat.UID, "Should return new token if old token is expired")
diff --git a/git/manager/manager.go b/git/manager/manager.go
index 21e496d5..b16dd704 100644
--- a/git/manager/manager.go
+++ b/git/manager/manager.go
@@ -144,7 +144,7 @@ type EnsureProjectAccessTokenOptions struct {
 	// UID is a unique identifier for the token.
 	// If set, the given UID will be compared with the UID of the existing token.
 	// The token will be force updated if the UIDs do not match.
-	UID string
+	UID *string
 }
 
 type ProjectAccessToken struct {