Force refresh valid but not saved token (#300)

controllers/gitrepo/steps.go

@@ -156,7 +156,7 @@ func ensureAccessToken(ctx context.Context, cli client.Client, instance *synv1al
 		uid := secret.Annotations[LieutenantAccessTokenUIDAnnotation]
 
 		pat, err := repo.EnsureProjectAccessToken(ctx, instance.GetName(), manager.EnsureProjectAccessTokenOptions{
-			UID: uid,
+			UID: &uid,
 		})
 		if err != nil {
 			return fmt.Errorf("error ensuring project access token: %w", err)

git/gitlab/gitlab.go

@@ -497,18 +497,19 @@ func (g *Gitlab) EnsureProjectAccessToken(ctx context.Context, name string, opts
 		return 0
 	})
 
-	if opts.UID == "" {
+	if opts.UID == nil {
 		if len(validATs) > 0 {
 			return manager.ProjectAccessToken{
 				UID:       strconv.Itoa(validATs[0].ID),
 				ExpiresAt: time.Time(*validATs[0].ExpiresAt),
 			}, nil
 		}
 	} else {
+		uid := *opts.UID
 		for _, token := range validATs {
-			if strconv.Itoa(token.ID) == opts.UID {
+			if strconv.Itoa(token.ID) == uid {
 				return manager.ProjectAccessToken{
-					UID:       opts.UID,
+					UID:       uid,
 					ExpiresAt: time.Time(*token.ExpiresAt),
 				}, nil
 			}

git/gitlab/gitlab_test.go

@@ -676,22 +676,26 @@ func TestGitlab_EnsureProjectAccessToken(t *testing.T) {
 	require.NoError(t, err)
 	assert.Equal(t, "token101", pat.Token)
 
-	for _, uid := range []string{"", pat.UID} {
+	for _, uid := range []*string{nil, &pat.UID} {
 		opts := manager.EnsureProjectAccessTokenOptions{UID: uid}
 		samepat, err := g.EnsureProjectAccessToken(context.Background(), "test", opts)
 		require.NoError(t, err)
 		assert.Equal(t, pat.UID, samepat.UID, "Should reuse the same token", "opts", opts)
 		assert.Equal(t, pat.ExpiresAt, samepat.ExpiresAt)
 	}
 
-	newPat, err := g.EnsureProjectAccessToken(context.Background(), "test", manager.EnsureProjectAccessTokenOptions{UID: "other id"})
-	require.NoError(t, err)
-	assert.NotEqual(t, pat.UID, newPat.UID, "Should return new token if UID does not match")
+	newPat := pat
+	for _, uid := range []string{"", "other id"} {
+		p, err := g.EnsureProjectAccessToken(context.Background(), "test", manager.EnsureProjectAccessTokenOptions{UID: &uid})
+		require.NoError(t, err)
+		assert.NotEqual(t, p.UID, newPat.UID, "Should return new token if UID does not match")
+		newPat = p
+	}
 
 	// Access token expiry are floored to the nearest day
 	// Check that newest token is returned
 	clock.Advance(24 * time.Hour)
-	newerPat, err := g.EnsureProjectAccessToken(context.Background(), "test", manager.EnsureProjectAccessTokenOptions{UID: "other id"})
+	newerPat, err := g.EnsureProjectAccessToken(context.Background(), "test", manager.EnsureProjectAccessTokenOptions{UID: ptr.To("other id")})
 	require.NoError(t, err)
 	assert.NotEqual(t, newPat.UID, newerPat.UID, "Should return new token if UID does not match")
 	newerPat2, err := g.EnsureProjectAccessToken(context.Background(), "test", manager.EnsureProjectAccessTokenOptions{})
@@ -700,7 +704,7 @@ func TestGitlab_EnsureProjectAccessToken(t *testing.T) {
 
 	clock.Advance(time.Hour * 24 * 90)
 
-	renewedPat, err := g.EnsureProjectAccessToken(context.Background(), "test", manager.EnsureProjectAccessTokenOptions{UID: pat.UID})
+	renewedPat, err := g.EnsureProjectAccessToken(context.Background(), "test", manager.EnsureProjectAccessTokenOptions{UID: &pat.UID})
 	require.NoError(t, err)
 	assert.NotEmpty(t, renewedPat.Token, "Should return new token if old token is expired")
 	assert.NotEqual(t, pat.UID, renewedPat.UID, "Should return new token if old token is expired")

git/manager/manager.go

@@ -144,7 +144,7 @@ type EnsureProjectAccessTokenOptions struct {
 	// UID is a unique identifier for the token.
 	// If set, the given UID will be compared with the UID of the existing token.
 	// The token will be force updated if the UIDs do not match.
-	UID string
+	UID *string
 }
 
 type ProjectAccessToken struct {