Jenkins Pipeline Groovy script - Part 2 Add a User to a Gitlab Group

My earlier post on Jenkins Pipeline Groovy script - Part 1 , discusses about how to create Gitlab group using Jenkins Pipeline Groovy script. In this post, I am discussing about how to add list of Users to newly created Gitlab group or existing group with specific permission granted to them. In companies while handling big projects and maintaining enormous code repositories, it is very much important to know what permissions supposed to be given to each member in the team. 

Because giving wrong permission to team member, opens big path for problems if the team member really unaware about how efficiently the permission can be used for good purpose. Hence giving right permissions to the team member is very serious business for quick and reliable delivery. And yes, this also avoids team member intervening unnecessarily to the projects where they do not actually belong.

1. Gitlab User Restful API

Gitlab exposes it's functionality via Restful APIs which can be consumed via curl script or any programming language like Groovy and Python., etc. To add user to Gitlab group, Gitlab Project members Restful APIs are consumed in this tutorial. 

So who are Users in Gitlab Project, Users are team members who work on code level changes as developer or owner to the specific Gitlab project repositories or can even play any role(mentioned section 1.1) depending on the project requirement. 

1.1 Gitlab User Permission Level

Based on the responsibility and the role of the team members assigned in the project level, Gitlab offers following member permissions level.

• Guest (10)
• Reporter (20)
• Developer (30)
• Maintainer (40)
• Owner (50)

Though the permission level varies for different role, all the users have permission to clone or download the project code, leave the comments and create the issues in Gitlab Project where they belong. suppose, if any of the team member leaves the project,  merge request and created issues will be unassigned automatically.

2. Pipeline Groovy script to add user to Gitlab group

So how to add users to Gitlab group, my earlier post on Jenkins Pipeline Groovy script - Part 1, discusses on how to create Gitlab group using Pipeline Groovy script. Here I am explaining about how to add team members to a newly created Gitlab group or existing group. Let's create groovy class with name addUserToGitlabGroup.groovy

What is this groovy class does:

• Checks whether the user has access to Gitlab URL instance or not
• Only if the user has access, then adds the user to mentioned Gitlab group with given access level

xxxxxxxxxx

import groovy.transform.Field

@Field gitlabUrl

@Field gitlabToken

@NonCPS

def jsonParseData(jsonObj) {

    def slurObj=new groovy.json.JsonSlurper().parseText(jsonObj)

    return slurObj

}             

def addUserToGroup(gitlabUrl, gitlabToken, subgrpId, userIds, userAccessLevel)  {

  addUserDetails(userIds, userAccessLevel, subgrpId)

}

// Add team member to Gitlab group

def addUserDetails(userIds, userAccessLevel, subgrpId){

 stage("Add Users in Gitlab"){

   script{

     for(usrcnt=0; usrcnt<userIds.size(); usrcnt++)

     {

      def usrGitlabId=sh script: """curl --request GET --header "PRIVATE-TOKEN: ${gitlabToken}" ${gitlabUrl}users?username=${userIds[usrcnt].split("@")[0]}""", returnStdout: true

      if (jsonParseData(usrGitlabId).id.size().equals(1)){

             sh """curl -X POST -H "PRIVATE-TOKEN: ${gitlabToken}" -H "Content-Type: application/json" \

       ${gitlabUrl}groups/${subgrpId}/members \

       -d '{"id":${subgrpId}, 

             "user_id":${jsonParseData(usrGitlabId).id[0]},

             "access_level": ${userAccessLevel[usrcnt]}

            }'"""

      }      

    }

   }

 }

}

The variable subgrpId is Gitlab group or subgroup Id under which the list of users(userIds) will be added with specified access level defined in the variable userAccessLevel . In Jenkinsfile,  the Groovy function adduserToGroup() is invoked using object instance of addUserToGitlabGroup.groovy by supplying input arguments such as gitlab token,  gitlab URL , group(Id),  list of users and access level.

xxxxxxxxxx

pipeline{

    node('slave') {

        def userIds = ["joel@dp.abc.com", "joshu@dp.abc.com", "nithu@kr.abc.com"]

        def userAccessLevel = [30, 50, 20]

        def subgrpId

        gitlabObj = load 'addUserToGitlabGroup.groovy'

        gitlabObj.addUserToGroup(gitlabURL, gitlabToken, subgrpId, userIds, userAccessLevel)

    }

}

2.1 Limitation

The limitation of adding user automatically to Gitlab group using Jenkins Pipeline Groovy script by consuming Gitlab Member Restful APIs is,  that the team-member should have access to Gitlab URL instance. Team member who is not having access to the Gitlab instance can not be added to the Gitlab group.

Summary

Gitlab is an open-source distributed version control system, widely used in DevOps Continuous Integration(CI) and Continuous Delivery(CD) culture to maintain the project codes in well organized structure with version control mechanism. In my earlier post on  Jenkins Pipeline Groovy script - Part 1, I have discussed about how to automatically create Gitlab groups. In this post I have explained about how to add users to Gitlab group automatically using Jenkins Pipeline groovy script. I hope this post is useful to a scenario, where big projects, on boarding multiple team members to multiple Gitlab groups with specific permission granted to them. Adding users to Gitlab group manually is a time consuming process and it may lead to manual error either. But using above Pipeline Groovy script this can be simplified by passing user information and permission as an array argument to the Pipeline Groovy function.