Hi, did you manage to resolve this issue in any way?
I tried to set up pipelines with gitlab (not self-hosted) in a fresh install of rancher 2.2.0, unfortunately I am in a similar situation.
In our case we have a master group in gitlab where I have an
owner role. This group contains several subgroups to organize projects (created by different accounts), these subgroups might contain more subgroups or projects.
According to gitlabs documentation:
When you add a member to a subgroup, they inherit the membership and permission level from the parent group. This model allows access to nested groups if you have membership in one of its parents.
Thus I have an
owner role for all projects.
Despite this, I can only access repositories created by me / shared with me directly in the rancher pipeline after connecting my gitlab account (I cannot see any of the projects where the role is inherited).
Now the 2 options I am aware of to resolve this would be:
- Create a separate rancher project for each of our gitlab subgroups and set up pipelines independently for each of these projects. This would not be desired by us, since it introduces a level of complexity. I would like to represent these subgroups as namespaces, and configure the pipeline on project level only once.
- Change ownerships for all subgroups. Unfortunately this is not possible in gitlab as far as I know, so we would have to create new subgroups and move all projects which would break the current CI/CD pipelines.
We’ve been able to work around this by creating a new user, assigning a “lower” role on the main group and a higher role on the groups containing repositories, so that the user gets an explicit role for the projects and not an inherited one.