Unmet prerequisite: premium, but premium license is used
rndmh3ro opened this issue · 6 comments
TL;DR
Some checks are skipped because of Unmet prerequisite: premium
.
We use Gitlab self-hosted and have a premium license. However the project I'm using legitify at, shows a default
-plan.
Here's the namespace output (redacted):
> glab api /namespaces/34 | jq .
{
"id": 34,
"kind": "group",
"parent_id": null,
"plan": "default",
"trial_ends_on": null,
"trial": false
}
If I remove the premium
-check from the rego-files, the checks work and show the correct result.
Expected behavior
The checks should not be skipped.
Observed behavior
No response
Version
from main branch
On which operating system are you using legitify?
Linux
Relevant log output
"missing_permissions": {},
"skipped_policies": {
"code_review_by_two_members_not_required": {
"foo": "Unmet prerequisite: premium"
},
Legitify Findings Summary:
+----+------------+--------------------------------+----------+--------+--------+---------+
| # | Namespace | Policy | Severity | Passed | Failed | Skipped |
+----+------------+--------------------------------+----------+--------+--------+---------+
| 1 | repository | Default Branch Should Require | HIGH | 0 | 0 | 1 |
| | | Code Review | | | | |
+----+------------+--------------------------------+----------+--------+--------+---------+
Additional information
No response
Hi @rndmh3ro, thank you for opening this issue.
The test to check if the group is premium checks that the plan is not free, so it shouldn't be the reason for the results you see:
func (c *Client) IsGroupPremium(group *gitlab.Group) bool {
plan, err := c.GroupPlan(group)
if err != nil {
log.Printf("failed to get namespace for group %s %v", group.FullPath, err)
return false
}
return plan != "free"
}
Please provide the error.log and permission.log from the legitify run
Sure, here they are:
{
"missing_permissions": {},
"skipped_policies": {
"code_review_by_two_members_not_required": {
"repo-azure": "Unmet prerequisite: premium"
},
"code_review_not_required": {
"repo-azure": "Unmet prerequisite: premium"
},
"missing_default_branch_protection": {
"repo-azure": "Unmet prerequisite: premium"
},
"missing_default_branch_protection_force_push": {
"repo-azure": "Unmet prerequisite: premium"
},
"no_signed_commits": {
"repo-azure": "Unmet prerequisite: premium"
},
"repository_allows_committer_approvals_policy": {
"repo-azure": "Unmet prerequisite: premium"
},
"repository_allows_overriding_approvers": {
"repo-azure": "Unmet prerequisite: premium"
},
"repository_dismiss_stale_reviews": {
"repo-azure": "Unmet prerequisite: premium"
},
"repository_require_code_owner_reviews_policy": {
"repo-azure": "Unmet prerequisite: premium"
}
}
}{
"missing_permissions": {},
"skipped_policies": {
"code_review_by_two_members_not_required": {
"repo-azure": "Unmet prerequisite: premium"
},
"code_review_not_required": {
"repo-azure": "Unmet prerequisite: premium"
},
"missing_default_branch_protection": {
"repo-azure": "Unmet prerequisite: premium"
},
"missing_default_branch_protection_force_push": {
"repo-azure": "Unmet prerequisite: premium"
},
"no_signed_commits": {
"repo-azure": "Unmet prerequisite: premium"
},
"repository_allows_committer_approvals_policy": {
"repo-azure": "Unmet prerequisite: premium"
},
"repository_allows_overriding_approvers": {
"repo-azure": "Unmet prerequisite: premium"
},
"repository_dismiss_stale_reviews": {
"repo-azure": "Unmet prerequisite: premium"
},
"repository_require_code_owner_reviews_policy": {
"repo-azure": "Unmet prerequisite: premium"
}
}
2024/01/08 08:57:24 2024/01/08 08:57:24 total entities for namespace repository: 1
2024/01/08 08:57:25 2024/01/08 08:57:25 couldn't find group example-group/subgroup
Thanks!
The error log captures the problem. Since we can find the group, we cant determine if it is premium or not (by default, it is not)
Are you the admin of this group?
Could you add the output this API call:
gitlab_api_endpoint.XX/groups?owned=true
This is the relevant group. I'm not admin as far as I know. :)
{
"id": 34,
"web_url": "https://git.example.com/groups/example-group",
"name": "example-group",
"path": "example-group",
"description": "",
"visibility": "private",
"share_with_group_lock": false,
"require_two_factor_authentication": false,
"two_factor_grace_period": 48,
"project_creation_level": "developer",
"auto_devops_enabled": null,
"subgroup_creation_level": "owner",
"emails_disabled": false,
"emails_enabled": true,
"mentions_disabled": null,
"lfs_enabled": true,
"default_branch_protection": 2,
"default_branch_protection_defaults": {
"allowed_to_push": [
{
"access_level": 30
}
],
"allow_force_push": true,
"allowed_to_merge": [
{
"access_level": 30
}
]
},
"avatar_url": "https://git.example.com/uploads/-/system/group/avatar/34/example-group.png",
"request_access_enabled": false,
"full_name": "example-group",
"full_path": "example-group",
"created_at": "2019-07-09T10:33:41.438Z",
"parent_id": null,
"shared_runners_setting": "enabled",
"ldap_cn": "----",
"ldap_access": 50,
"ldap_group_links": [
{
"cn": "----",
"group_access": 50,
"provider": "ldapmain",
"filter": null
},
{
"cn": "grp.example-group",
"group_access": 50,
"provider": "ldapmain",
"filter": null
},
{
"cn": "6008-all",
"group_access": 20,
"provider": "ldapmain",
"filter": null
},
{
"cn": null,
"group_access": 20,
"provider": "ldapmain",
"filter": "(cn=fnu-cred-scan)"
},
],
"marked_for_deletion_on": null,
"wiki_access_level": "enabled"
},
``
Thanks. It should be fixed in the main branch :)
Indeed it is, thanks! :)