Updating GitLab personal access token not possible

Hi,

We previously had issues with setting our organizations GitLab PAT, when user was not “Owner” (what GitLab calls the Admin Role).
We tried to rotate our Token currently working token using our previously described workaround. But this time we found not way to successfully update the Token.

The steps we tried:

  1. Gave the GitLab user Owner permissions
  2. Created PAT with scope API on that user
  3. Entering the token in SonarCloud GitLab connectivity management

However with every try, we where told that the token was not valid.
Any idea why this is happening now?
Thanks

Hello @nc-tobi ,

Welcome back to the community!

In order to reproduce your issue precisely, could you be more specific when you write

What did you try and what error do you get?

Please consider including screenshots, logs and/or command line reproducers.

thank you

Sorry for my late reply, we just tried it again to make sure we can report the issue as accurately as possible.

Status Quo

What we did

There we saw the following
SonarCloud01
“Status of your current token” does not bother us, as everything seems to work fine.

Updating the token with “Reporter” permissions

Now we tried to update this token with a new one
For this we:

  • Created a new token with API permission on our existing “technical user” (Access Level “Reporter”)
  • Tried to update the token in Sonar Cloud

Result:
SonarCloud02

“You need to have admin access on the group”
:white_check_mark: is expected

:information_source: But like detailed in the before mentioned issue, “Owner”(=Admin) permissions should not be required for what SonarCloud is trying to do in GitLab
GitLab user for organisation and GitLab users permissions, does it really have to be Owner and why?

Updating to “Owner” permission and reusing token

Next we changed to User to have Admin rights (GitLab calls that “Owner”).
For this we:

  • Switched the rights of the “technical user” to “Owner”(=Admin)
  • Tried to apply the same token as before in Sonar Cloud

Result:
SonarCloud03

“You need to have admin access on the group”
:x: This is not expected and the new token should be accepted

Updating the token with “Owner” permissions

Not sure if this might be a caching issue, we generated a new token, with the “technical user” having “Owner” (=Admin) rights throughout.
For this we:

  • Revoked token which was used for previous attempt
  • Created a new token with API permission on our existing “technical user” (Access Level “Owner”)
  • Tried to update the token in Sonar Cloud

Result:
SonarCloud04

“You need to have admin access on the group”
:x: This is not expected and the new token should be accepted

Conclusion

At the Moment Sonar is working for us with GitLab. :white_check_mark:
We cannot update our GitLab token. :x:
If our token would have an expiry date, SonarCloud integration would break for us.

We tried this on 22-09-2022 between 12:00 and 12:10 UTC if that helps with debugging.

Hello @nc-tobi ,

Thanks for the detailed reply.

I’m looking into your case.

I’ve found the logs of your attempts and will look deeper.

Cheers,

2 Likes

Hello @nc-tobi ,

Took me a while, but I figured what’s wrong.

Turns out that we are checking the admin permission of the authenticated user instead of the one of the owner of the PAT.

I opened a bug ticket on our side. I can’t commit at this stage on when it is going to be fixed.

To work around that problem, temporarily grant owner membership to the authenticated user.

Cheers!

2 Likes