From bff641885b28a525105f943e88c6c3222cb682eb Mon Sep 17 00:00:00 2001
From: Ilija Matoski <ilijamt@gmail.com>
Date: Thu, 12 Dec 2024 02:22:23 +0100
Subject: [PATCH] Update README and token access and types

---
 README.md               |  1 +
 helpers_test.go         |  6 +++---
 path_role.go            | 23 +++++++++++++++--------
 type_access_level.go    |  7 ++++---
 type_token_type.go      | 22 +++++++++++-----------
 type_token_type_test.go | 12 ++++++------
 6 files changed, 40 insertions(+), 31 deletions(-)

diff --git a/README.md b/README.md
index 88c6205..d1426a5 100644
--- a/README.md
+++ b/README.md
@@ -170,6 +170,7 @@ Depending on the type of token you have different scopes:
 * `Project` - https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html#scopes-for-a-project-access-token
 * `Group` - https://docs.gitlab.com/ee/user/group/settings/group_access_tokens.html#scopes-for-a-group-access-token
 * `Deploy` - https://docs.gitlab.com/ee/user/project/deploy_tokens/#scope
+
 #### token_types
 
 Can be 
diff --git a/helpers_test.go b/helpers_test.go
index 9c58f18..474db6d 100644
--- a/helpers_test.go
+++ b/helpers_test.go
@@ -187,7 +187,7 @@ func (i *inMemoryClient) CreatePipelineProjectTriggerAccessToken(ctx context.Con
 	}
 	i.internalCounter++
 	var tokenId = i.internalCounter
-	key := fmt.Sprintf("%s_%v_%v", gitlab.TokenPipelineProjectTrigger.String(), projectId, tokenId)
+	key := fmt.Sprintf("%s_%v_%v", gitlab.TokenTypePipelineProjectTrigger.String(), projectId, tokenId)
 	var entryToken = gitlab.EntryToken{
 		TokenID:   tokenId,
 		UserID:    projectId,
@@ -195,7 +195,7 @@ func (i *inMemoryClient) CreatePipelineProjectTriggerAccessToken(ctx context.Con
 		Path:      strconv.Itoa(projectId),
 		Name:      name,
 		Token:     fmt.Sprintf("glptt-%s", uuid.New().String()),
-		TokenType: gitlab.TokenPipelineProjectTrigger,
+		TokenType: gitlab.TokenTypePipelineProjectTrigger,
 		CreatedAt: g.Ptr(time.Now()),
 	}
 	i.accessTokens[key] = entryToken
@@ -208,7 +208,7 @@ func (i *inMemoryClient) RevokePipelineProjectTriggerAccessToken(ctx context.Con
 	if i.revokePipelineProjectTriggerAccessTokenError {
 		return fmt.Errorf("RevokePipelineProjectTriggerAccessToken")
 	}
-	key := fmt.Sprintf("%s_%v_%v", gitlab.TokenPipelineProjectTrigger.String(), projectId, tokenId)
+	key := fmt.Sprintf("%s_%v_%v", gitlab.TokenTypePipelineProjectTrigger.String(), projectId, tokenId)
 	delete(i.accessTokens, key)
 	return nil
 }
diff --git a/path_role.go b/path_role.go
index be05d3c..89fc355 100644
--- a/path_role.go
+++ b/path_role.go
@@ -266,11 +266,14 @@ func (b *Backend) pathRolesWrite(ctx context.Context, req *logical.Request, data
 	case TokenTypeGroupServiceAccount:
 		validAccessLevels = ValidGroupServiceAccountAccessLevels
 		skipFields = append(skipFields, "access_level")
-	case TokenPipelineProjectTrigger:
+	case TokenTypePipelineProjectTrigger:
 		validAccessLevels = ValidPipelineProjectTriggerAccessLevels
 		skipFields = append(skipFields, "access_level", "scopes")
-	case TokenDeploy:
-		validAccessLevels = ValidDeployTokenScopes
+	case TokenTypeProjectDeploy:
+		validAccessLevels = ValidProjectDeployAccessLevels
+		skipFields = append(skipFields, "access_level")
+	case TokenTypeGroupDeploy:
+		validAccessLevels = ValidGroupDeployAccessLevels
 		skipFields = append(skipFields, "access_level")
 	}
 
@@ -313,14 +316,18 @@ func (b *Backend) pathRolesWrite(ctx context.Context, req *logical.Request, data
 	if tokenType == TokenTypePersonal || tokenType == TokenTypeUserServiceAccount || tokenType == TokenTypeGroupServiceAccount {
 		validScopes = append(validScopes, ValidPersonalTokenScopes...)
 	}
-	if tokenType == TokenTypeUserServiceAccount {
+
+	switch tokenType {
+	case TokenTypeUserServiceAccount:
 		validScopes = append(validScopes, ValidUserServiceAccountTokenScopes...)
-	}
-	if tokenType == TokenTypeGroupServiceAccount {
+	case TokenTypeGroupServiceAccount:
 		validScopes = append(validScopes, ValidGroupServiceAccountTokenScopes...)
-	}
-	if tokenType == TokenPipelineProjectTrigger {
+	case TokenTypePipelineProjectTrigger:
 		validScopes = []string{}
+	case TokenTypeProjectDeploy:
+		validScopes = ValidProjectDeployTokenScopes
+	case TokenTypeGroupDeploy:
+		validScopes = ValidGroupDeployTokenScopes
 	}
 
 	for _, scope := range role.Scopes {
diff --git a/type_access_level.go b/type_access_level.go
index 5d31791..53e1d18 100644
--- a/type_access_level.go
+++ b/type_access_level.go
@@ -57,9 +57,10 @@ var (
 		AccessLevelMaintainerPermissions.String(),
 		AccessLevelOwnerPermissions.String(),
 	}
-	ValidPipelineProjectTriggerAccessLevels = []string{
-		AccessLevelUnknown.String(),
-	}
+
+	ValidPipelineProjectTriggerAccessLevels = []string{AccessLevelUnknown.String()}
+	ValidProjectDeployAccessLevels          = []string{AccessLevelUnknown.String()}
+	ValidGroupDeployAccessLevels            = []string{AccessLevelUnknown.String()}
 )
 
 func (i AccessLevel) String() string {
diff --git a/type_token_type.go b/type_token_type.go
index c19433e..315e029 100644
--- a/type_token_type.go
+++ b/type_token_type.go
@@ -9,14 +9,14 @@ import (
 type TokenType string
 
 const (
-	TokenTypePersonal            = TokenType("personal")
-	TokenTypeProject             = TokenType("project")
-	TokenTypeGroup               = TokenType("group")
-	TokenTypeUserServiceAccount  = TokenType("user-service-account")
-	TokenTypeGroupServiceAccount = TokenType("group-service-account")
-	TokenPipelineProjectTrigger  = TokenType("pipeline-project-trigger")
-	TokenProjectDeploy           = TokenType("project-deploy")
-	TokenGroupDeploy             = TokenType("group-deploy")
+	TokenTypePersonal               = TokenType("personal")
+	TokenTypeProject                = TokenType("project")
+	TokenTypeGroup                  = TokenType("group")
+	TokenTypeUserServiceAccount     = TokenType("user-service-account")
+	TokenTypeGroupServiceAccount    = TokenType("group-service-account")
+	TokenTypePipelineProjectTrigger = TokenType("pipeline-project-trigger")
+	TokenTypeProjectDeploy          = TokenType("project-deploy")
+	TokenTypeGroupDeploy            = TokenType("group-deploy")
 
 	TokenTypeUnknown = TokenType("")
 )
@@ -30,9 +30,9 @@ var (
 		TokenTypeGroup.String(),
 		TokenTypeUserServiceAccount.String(),
 		TokenTypeGroupServiceAccount.String(),
-		TokenPipelineProjectTrigger.String(),
-		TokenProjectDeploy.String(),
-		TokenGroupDeploy.String(),
+		TokenTypePipelineProjectTrigger.String(),
+		TokenTypeProjectDeploy.String(),
+		TokenTypeGroupDeploy.String(),
 	}
 )
 
diff --git a/type_token_type_test.go b/type_token_type_test.go
index 355120e..46cb8a4 100644
--- a/type_token_type_test.go
+++ b/type_token_type_test.go
@@ -35,16 +35,16 @@ func TestTokenType(t *testing.T) {
 			input:    gitlab.TokenTypeGroupServiceAccount.String(),
 		},
 		{
-			expected: gitlab.TokenPipelineProjectTrigger,
-			input:    gitlab.TokenPipelineProjectTrigger.String(),
+			expected: gitlab.TokenTypePipelineProjectTrigger,
+			input:    gitlab.TokenTypePipelineProjectTrigger.String(),
 		},
 		{
-			expected: gitlab.TokenProjectDeploy,
-			input:    gitlab.TokenProjectDeploy.String(),
+			expected: gitlab.TokenTypeProjectDeploy,
+			input:    gitlab.TokenTypeProjectDeploy.String(),
 		},
 		{
-			expected: gitlab.TokenGroupDeploy,
-			input:    gitlab.TokenGroupDeploy.String(),
+			expected: gitlab.TokenTypeGroupDeploy,
+			input:    gitlab.TokenTypeGroupDeploy.String(),
 		},
 		{
 			expected: gitlab.TokenTypeUnknown,