Project Permissions can't be configured for GitLab imported projects

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    SonarQube 10.4 - with Developer License
  • how is SonarQube deployed: zip, Docker, Helm
    Helm
  • what are you trying to achieve
    I am trying to provide Project (not Server) administration rights to groups that are created by the “Automatic user and group provisioning” feature of the Gitlab authentication feature.
  • what have you tried so far to achieve this
    I configured the “Automatic user and group provisioning” feature with allowed groups for our Gitlab instance. This worked fine.
    I also configured the DevOps Platform Integration for Gitlab (same, private instance with [v16.9.2-ee]) that also worked fine.

I then created a Project via the integration, configured a Gitlab-CI pipeline and executed the first scans. That all works.

After that, I wanted to hand over the permissions to configure their projects to the corresponding teams (groups). Those groups are available, I see the user accounts and the members can login and see the project.

This is where I fail. The users are of type Owner on the imported GitLab groups, so it can’t be configured differently.

  • I can’t configure permissions on the project settings (Project → Settings → Permissions). I get a red popup with “Operation not allowed when the project is externally managed”
  • I can’t attach a Permission Template to a Project (Project → Settings → Permissions) with the same error message.
  • I can create a new Permission Template, but when I want to apply it via Administration → Projects → Projects Management it fails with You can't apply permission templates to GitHub projects.
  • What I can do is assigning Global Permissions to groups through Administration → Security → Global Permissions, but that’s not working for project permissions.

There are no log entries on the Server that would be helpful.

Is this a bug, because the feature is so new or am I doing something wrong? The documentation states that group permissions are only handled by GitHub, and I see an error that states I am trying to change the permissions for a GitHub project, but I only used GitLab integrations (Auth and DevOps).

I’m doing some testing with Sonarqube and Gitlab integration.

I’ve setup Gitlab Authentication (with Automatic user and group provisioning) and Gitlab Devops Platform Integration on a Sonarqube test server.

Both instances are on premises and with theses versions :

  • Sonarqube 10.4 enterprise
  • Gitlab 16.8.5 community edition

Sonarqube has correctly imported my users and my groups.

I’ve created several projects by the devops platform integration. But all the created projects are Public and with no permissions mapping from the group they come from on gitlab.

Moreover I can’t change the permissions by the Permission menu of the project or by applying a permission model.

I can’t seem to find the documentation on this precise functionnality. Is it possible to import the project as private with the correct group persmission mapping ?

Notice that the originating groups and projects on gitlab are private.

@FredericS I’ve moved your post to a very similar topic. Somebody from the right team should be along to take a look.

1 Like

@Alexander_Zerbe @FredericS ,

Thanks for your reports.

We acknowledge there is a bug. I could reproduce it and I have opened a ticket to fix it.

In the meantime, as a workaround, you can disable temporarily auto-provisioning on GitLab and set permissions manually. Then you can re-enable GitLab provisioning and permissions will be kept.

We will communicate on when the fix will be delivered.

Cheers,
Aurélien

1 Like

Same problem here…

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.