Cater for gitlab.com service accounts

[GavinCS]

Currently service accounts are being treated as users as per self hosted. However this does not allow for managing service account tokens on gitlab.com where the path is /groups/:id/service_accounts/:user_id/personal_access_tokens/

This results in 403's

"POST https://gitlab.com/api/v4/users/:id/personal_access_tokens: 403 {message: 403 Forbidden}"

Would it be possible to add a new token type for service accounts?

[GavinCS]

Also noted that I can't use a service account token without an expiry date, which is allowed by gitlab

2024-07-19T17:35:36.511+0100 [DEBUG] secrets.gitlab.gitlab_3d07d388.gitlab.vault-plugin-secrets-gitlab: Current token info: error=<nil> token="map[access_level: created_at:2024-07-19T16:33:24.213Z expires_at:<nil> gitlab_revokes_token:false name:GITLAB AUTO ROTATE TOKEN parent_id: path: role_name: scopes:[api] token: token_id:+07 token_type:personal user_id:+07]" timestamp="2024-07-19T17:35:36.510+0100"
2024-07-19T17:35:36.513+0100 [DEBUG] secrets.gitlab.gitlab_3d07d388.gitlab.vault-plugin-secrets-gitlab: panic: runtime error: invalid memory address or nil pointer dereference

[ilijamt]

I'll have to take a look. Currently, have limited time due to the summer holidays.

[GavinCS]

@ilijamt thank you. I am currently working on a POC fix for non entry token. Are you happy for me to submit an MR?

[GavinCS]

https://github.com/ilijamt/vault-plugin-secrets-gitlab/pull/105

[ilijamt]

Hey @GavinCS should look at this in the next couple of weeks.

[GavinCS]

Thanks @ilijamt I am using the forked version for now. We have had it running in our staging environment now for a week or so, will be able to confirm stability with hosted gitlab soon

[ilijamt]

110