def test__protect_single_tag(self, gitlab, group, project, tags): group_and_project = f"{group}/{project}" config = f""" projects_and_groups: {group_and_project}: tags: tag1: protected: true create_access_level: {MAINTAINER_ACCESS} """ run_gitlabform(config, group_and_project) tags = gitlab.get_tags(group_and_project) for tag in tags: if tag["name"] == "tag1": assert tag["protected"] else: assert not tag["protected"] protected_tags = gitlab.get_protected_tags(group_and_project) assert len(protected_tags) == 1 assert protected_tags[0]["name"] == "tag1" assert (protected_tags[0]["create_access_levels"][0]["access_level"] == MAINTAINER_ACCESS)
def test__change_owner(self, gitlab, group, users, one_owner_and_two_developers): change_owner = f""" projects_and_groups: {group}/*: group_members: {users[0]}: access_level: 30 # only developer now {users[1]}: access_level: 50 # new owner {users[2]}: access_level: 30 """ run_gitlabform(change_owner, group) members = gitlab.get_group_members(group) assert len(members) == 3 for member in members: if member["username"] == f"{users[0]}": assert member["access_level"] == 30 # only developer now if member["username"] == f"{users[1]}": assert member["access_level"] == 50 # new owner if member["username"] == f"{users[2]}": assert member["access_level"] == 30
def test_set_file_protected_branches_new_api(self, gitlab, group, project): group_and_project_name = f"{group}/{project}" test_config = f""" projects_and_groups: {group_and_project_name}: branches: main: protected: true push_access_level: {AccessLevel.MAINTAINER.value} merge_access_level: {AccessLevel.MAINTAINER.value} unprotect_access_level: {AccessLevel.MAINTAINER.value} files: anyfile1: overwrite: true branches: - main skip_ci: true content: foobar """ run_gitlabform(test_config, group_and_project_name) file_content = gitlab.get_file(group_and_project_name, "main", "anyfile1") assert file_content == "foobar" ( push_access_level, merge_access_level, unprotect_access_level, ) = gitlab.get_only_branch_access_levels(group_and_project_name, "main") assert push_access_level is AccessLevel.MAINTAINER.value assert merge_access_level is AccessLevel.MAINTAINER.value assert unprotect_access_level is AccessLevel.MAINTAINER.value
def test__change_some_users_access(self, gitlab, group, users, one_owner_and_two_developers): new_access_level = 40 change_some_users_access = f""" projects_and_groups: {group}/*: group_members: {users[0]}: access_level: 50 {users[1]}: access_level: {new_access_level} # changed level {users[2]}: access_level: {new_access_level} # changed level """ run_gitlabform(change_some_users_access, group) members = gitlab.get_group_members(group) for member in members: if member["username"] == f"{users[0]}": assert member["access_level"] == 50 if member["username"] == f"{users[1]}": assert member["access_level"] == new_access_level if member["username"] == f"{users[2]}": assert member["access_level"] == new_access_level
def test__add_user(self, gitlab, group, project, users, one_maintainer_and_two_developers): group_and_project = f"{group}/{project}" members_before = gitlab.get_project_members(group_and_project) no_of_members_before = len(members_before) members_usernames_before = [ member["username"] for member in members_before ] user_to_add = users[3] assert user_to_add not in members_usernames_before add_users = f""" projects_and_groups: {group}/{project}: members: users: {user_to_add}: # new user access_level: 30 """ run_gitlabform(add_users, group_and_project) members = gitlab.get_project_members(group_and_project) assert len(members) == no_of_members_before + 1 members_usernames = [member["username"] for member in members] assert user_to_add in members_usernames
def test__set_file_all_branches(self, gitlab, group, project, branches): group_and_project_name = f"{group}/{project}" set_file_all_branches = f""" projects_and_groups: {group_and_project_name}: files: "README.md": overwrite: true branches: all content: "Content for all branches" """ run_gitlabform(set_file_all_branches, group_and_project_name) for branch in [ "main", "protected_branch1", "protected_branch2", "protected_branch3", "regular_branch1", "regular_branch2", ]: file_content = gitlab.get_file(group_and_project_name, branch, "README.md") assert file_content == "Content for all branches" # check if these remain unprotected # (main branch is protected by default) for branch in [ "regular_branch1", "regular_branch2", ]: branch = gitlab.get_branch(group_and_project_name, branch) assert branch["protected"] is False
def test__set_file_specific_branch(self, gitlab, group, project, branches): group_and_project_name = f"{group}/{project}" # main branch is protected by default branch = gitlab.get_branch(group_and_project_name, "main") assert branch["protected"] is True set_file_specific_branch = f""" projects_and_groups: {group_and_project_name}: files: "README.md": overwrite: true branches: - main content: "Content for main only" """ run_gitlabform(set_file_specific_branch, group_and_project_name) file_content = gitlab.get_file(group_and_project_name, "main", "README.md") assert file_content == "Content for main only" other_branch_file_content = gitlab.get_file( group_and_project_name, "protected_branch1", "README.md" ) assert other_branch_file_content == DEFAULT_README # check if main stays protected branch = gitlab.get_branch(group_and_project_name, "main") assert branch["protected"] is True
def test__dont_edit_archived_project(self, gitlab, group, project): group_and_project = f"{group}/{project}" archive_project = f""" projects_and_groups: {group_and_project}: project: archive: true """ run_gitlabform(archive_project, group_and_project) project = gitlab.get_project(group_and_project) assert project["archived"] is True edit_archived_project = f""" # the project has to be configured as archived # for other configs for it to be ignored projects_and_groups: {group_and_project}: project: archive: true {group}/*: files: README.md: overwrite: true branches: - main content: | Some other content that the default one """ run_gitlabform(edit_archived_project, group_and_project)
def test__remove_group(self, gitlab, group, users, groups, one_owner): gitlab.add_share_to_group(group, groups[0], 50) gitlab.add_share_to_group(group, groups[1], 50) no_of_members_before = len(gitlab.get_group_members(group)) no_of_shared_with_before = len(gitlab.get_group_shared_with(group)) remove_group = f""" projects_and_groups: {group}/*: enforce_group_members: true group_members: {users[0]}: access_level: 50 group_shared_with: {groups[0]}: group_access_level: 30 """ run_gitlabform(remove_group, group) members = gitlab.get_group_members(group) assert len(members) == no_of_members_before shared_with = gitlab.get_group_shared_with(group) assert len(shared_with) == no_of_shared_with_before - 1 assert [sw["group_name"] for sw in shared_with] == [groups[0]]
def test__add_user(self, gitlab, group, users, one_owner_and_two_developers): no_of_members_before = len(gitlab.get_group_members(group)) user_to_add = f"{users[3]}" add_users = f""" projects_and_groups: {group}/*: group_members: {users[0]}: access_level: 50 {users[1]}: access_level: 30 {users[2]}: access_level: 30 {user_to_add}: # new user 1 access_level: 30 """ run_gitlabform(add_users, group) members = gitlab.get_group_members(group) assert len(members) == no_of_members_before + 1 members_usernames = [member["username"] for member in members] assert members_usernames.count(user_to_add) == 1
def test_unprotect_when_the_rest_of_the_parameters_are_still_specified_new_api( self, gitlab, group, project, branches): group_and_project_name = f"{group}/{project}" config_protect_branch_with_new_api = f""" projects_and_groups: {group_and_project_name}: branches: protect_branch: protected: true push_access_level: {AccessLevel.NO_ACCESS.value} merge_access_level: {AccessLevel.MAINTAINER.value} unprotect_access_level: {AccessLevel.MAINTAINER.value} """ run_gitlabform(config_protect_branch_with_new_api, group_and_project_name) ( push_access_level, merge_access_level, unprotect_access_level, ) = gitlab.get_only_branch_access_levels(group_and_project_name, "protect_branch") assert push_access_level is AccessLevel.NO_ACCESS.value assert merge_access_level is AccessLevel.MAINTAINER.value assert unprotect_access_level is AccessLevel.MAINTAINER.value config_unprotect_branch_with_new_api = f""" projects_and_groups: {group_and_project_name}: branches: protect_branch: protected: false push_access_level: {AccessLevel.NO_ACCESS.value} merge_access_level: {AccessLevel.MAINTAINER.value} unprotect_access_level: {AccessLevel.MAINTAINER.value} """ run_gitlabform(config_unprotect_branch_with_new_api, group_and_project_name) # old API branch = gitlab.get_branch(group_and_project_name, "protect_branch") assert branch["protected"] is False # new API ( push_access_level, merge_access_level, unprotect_access_level, ) = gitlab.get_only_branch_access_levels(group_and_project_name, "protect_branch") assert push_access_level is None assert merge_access_level is None assert unprotect_access_level is None
def test__zero_users(self, gitlab, group): zero_users = f""" projects_and_groups: {group}/*: enforce_group_members: true group_members: {{}} """ with pytest.raises(SystemExit): run_gitlabform(zero_users, group)
def test__zero_owners(self, gitlab, group, users): zero_owners = f""" projects_and_groups: {group}/*: enforce_group_members: true group_members: {users[3]}: access_level: 40 """ with pytest.raises(SystemExit): run_gitlabform(zero_owners, group)
def test__archive_project(self, gitlab, group, project): group_and_project = f"{group}/{project}" config = f""" projects_and_groups: {group_and_project}: project: archive: true """ run_gitlabform(config, group_and_project) project = gitlab.get_project(group_and_project) assert project["archived"] is True
def test__no_groups_and_no_users(self, gitlab, group, project): group_and_project = f"{group}/{project}" config_with_error = f""" projects_and_groups: {group}/{project}: members: # there should be a sub-key 'users' here, not directly a user {project}_user1: access_level: 30 """ with pytest.raises(SystemExit): run_gitlabform(config_with_error, group_and_project)
def test__remove_all(self, gitlab, group, users, one_owner): no_shared_with = f""" projects_and_groups: {group}/*: enforce_group_members: true group_members: {users[0]}: access_level: 50 group_shared_with: [] """ run_gitlabform(no_shared_with, group) shared_with = gitlab.get_group_shared_with(group) assert len(shared_with) == 0
def test__add_group( self, gitlab, group, project, one_maintainer_and_two_developers, other_group_with_users, ): group_and_project = f"{group}/{project}" other_group, other_group_users = other_group_with_users no_of_members_before = len( gitlab.get_project_members(group_and_project)) no_of_members_of_group = len(other_group_users) # print(f"members before = {gitlab.get_project_members(group_and_project)}") # print(f"members of the group = {other_group_users}") no_of_groups_shared_before = len( gitlab.get_shared_with_groups(group_and_project)) assert no_of_groups_shared_before == 0 add_group = f""" projects_and_groups: {group}/{project}: members: groups: {other_group}: group_access: 40 """ run_gitlabform(add_group, group_and_project) members = gitlab.get_project_members(group_and_project, all=True) # TODO: the +1 is for root, but actually why is that user inherited here? assert len( members) == no_of_members_before + no_of_members_of_group + 1 for member in members: if member["username"] in other_group_users: # "group_access" is the *maximum* access level, # see https://docs.gitlab.com/ee/user/project/members/share_project_with_groups.html#maximum-access-level assert member["access_level"] <= 40 no_of_groups_shared = len( gitlab.get_shared_with_groups(group_and_project)) assert no_of_groups_shared == 1
def test__mixed_config(self, gitlab, group, project, branches): group_and_project_name = f"{group}/{project}" mixed_config = f""" projects_and_groups: {group_and_project_name}: branches: protect_branch_and_allow_merges: protected: true developers_can_push: false developers_can_merge: true protect_branch_and_allow_pushes: protected: true developers_can_push: true developers_can_merge: false """ run_gitlabform(mixed_config, group_and_project_name) branch = gitlab.get_branch(group_and_project_name, "protect_branch_and_allow_merges") assert branch["protected"] is True assert branch["developers_can_push"] is False assert branch["developers_can_merge"] is True branch = gitlab.get_branch(group_and_project_name, "protect_branch_and_allow_pushes") assert branch["protected"] is True assert branch["developers_can_push"] is True assert branch["developers_can_merge"] is False unprotect_branches = f""" projects_and_groups: {group_and_project_name}: branches: protect_branch_and_allow_merges: protected: false protect_branch_and_allow_pushes: protected: false """ run_gitlabform(unprotect_branches, group_and_project_name) for branch in [ "protect_branch_and_allow_merges", "protect_branch_and_allow_pushes", ]: branch = gitlab.get_branch(group_and_project_name, branch) assert branch["protected"] is False
def test__deploy_key_to_all_projects(self, gitlab, group, project, other_project): deploy_key_to_all_projects = """ projects_and_groups: "*": deploy_keys: foobar: key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC6OxCCViSjh8QUKNOoGqhUqs4LLDMyq/7DYuvMJu5lXwECWp0wFGoLXzYWCT6WOAP+vccncOrlVfsr9VJzXxR1QZq+p3joW25nWgjEw/HCPI6fnU1vROImzxnvwLS3EEJpy64Jq0FFwjt8vKSuQshPysEBSUTf5t3omb166MGlZ+Y6/tOf/8/3zqmvb8OqNmhUtfwxfE5oX8Z8bBaGrkxHlmYyJ9UBpfeEcFt1GqfiONPgchJJ4OqCJKqd7H4DZOosT64kTqPXhca44EOxiKQviCthv7bO+r7VSFo5TVo60ikq/sTR9ifXnd3B9x3LV1qzHHLlmnP//xkKHIZGxfyhgwtdGNWhEtKPiXUzZv4/48WUJMmtpjznhuEgjnpiJL3x0+vJCStA6WG0MiozBlS80Y4XHbt3X3bvlNSqSo/GpnxlPTUx+Lj/ASI75JDym14+C8RdSFN4iKl5Qjz5xFq4eXke00AahFvjAAV5BT8Qrlyg/cbt1pfWKND1T5Fqh6c= title: foobar_key can_push: false """ run_gitlabform(deploy_key_to_all_projects, group) deploy_keys1 = gitlab.get_deploy_keys(f"{group}/{project}") assert len(deploy_keys1) == 1 deploy_keys2 = gitlab.get_deploy_keys(f"{group}/{other_project}") assert len(deploy_keys2) == 1
def test__set_file_protected_branches(self, gitlab, group, project, branches): group_and_project_name = f"{group}/{project}" set_file_protected_branches = f""" projects_and_groups: {group_and_project_name}: branches: protected_branch1: protected: true developers_can_push: true developers_can_merge: true protected_branch2: protected: true developers_can_push: true developers_can_merge: true protected_branch3: protected: true developers_can_push: true developers_can_merge: true files: "README.md": overwrite: true branches: protected content: "Content for protected branches only" """ run_gitlabform(set_file_protected_branches, group_and_project_name) for branch in [ "main", # main branch is protected by default "protected_branch1", "protected_branch2", "protected_branch3", ]: file_content = gitlab.get_file(group_and_project_name, branch, "README.md") assert file_content == "Content for protected branches only" branch = gitlab.get_branch(group_and_project_name, branch) assert branch["protected"] is True for branch in ["regular_branch1", "regular_branch2"]: file_content = gitlab.get_file(group_and_project_name, branch, "README.md") assert file_content == DEFAULT_README branch = gitlab.get_branch(group_and_project_name, branch) assert branch["protected"] is False
def test__protect_branch_and_disallow_all(self, gitlab, group, project, branches): group_and_project_name = f"{group}/{project}" protect_branch_and_disallow_all = f""" projects_and_groups: {group_and_project_name}: branches: protect_branch_and_disallow_all: protected: true developers_can_push: false developers_can_merge: false """ run_gitlabform(protect_branch_and_disallow_all, group_and_project_name) branch = gitlab.get_branch(group_and_project_name, "protect_branch_and_disallow_all") assert branch["protected"] is True assert branch["developers_can_push"] is False assert branch["developers_can_merge"] is False
def test_set_file_protected_branches_new_api_not_all_levels( self, gitlab, group, project, branches ): group_and_project_name = f"{group}/{project}" test_config = f""" projects_and_groups: {group_and_project_name}: branches: regular_branch1: protected: true push_access_level: {AccessLevel.DEVELOPER.value} merge_access_level: {AccessLevel.DEVELOPER.value} files: anyfile2: overwrite: true branches: - regular_branch1 content: barfoo """ run_gitlabform(test_config, group_and_project_name) file_content = gitlab.get_file( group_and_project_name, "regular_branch1", "anyfile2" ) assert file_content == "barfoo" ( push_access_level, merge_access_level, unprotect_access_level, ) = gitlab.get_only_branch_access_levels( group_and_project_name, "regular_branch1" ) assert push_access_level is AccessLevel.DEVELOPER.value assert merge_access_level is AccessLevel.DEVELOPER.value # the default value # according to https://docs.gitlab.com/ee/api/protected_branches.html#protect-repository-branches assert unprotect_access_level is AccessLevel.MAINTAINER.value
def test__not_remove_groups_with_enforce_false( self, gitlab, group, users, groups, one_owner ): no_of_members_before = len(gitlab.get_group_members(group)) no_of_shared_with_before = len(gitlab.get_group_shared_with(group)) setups = [ # flag explicitly set to false f""" projects_and_groups: {group}/*: enforce_group_members: false group_members: {users[0]}: access_level: 50 group_shared_with: [] """, # flag not set at all (but the default is false) f""" projects_and_groups: {group}/*: group_members: {users[0]}: access_level: 50 group_shared_with: [] """, ] for setup in setups: run_gitlabform(setup, group) members = gitlab.get_group_members(group) assert len(members) == no_of_members_before members_usernames = {member["username"] for member in members} assert members_usernames == { f"{users[0]}", } shared_with = gitlab.get_group_shared_with(group) assert len(shared_with) == no_of_shared_with_before
def test_unprotect_when_the_rest_of_the_parameters_are_still_specified_old_api( self, gitlab, group, project, branches): group_and_project_name = f"{group}/{project}" config_protect_branch_with_old_api = f""" projects_and_groups: {group_and_project_name}: branches: protect_branch: protected: true developers_can_push: true developers_can_merge: true """ run_gitlabform(config_protect_branch_with_old_api, group_and_project_name) branch = gitlab.get_branch(group_and_project_name, "protect_branch") assert branch["protected"] is True assert branch["developers_can_push"] is True assert branch["developers_can_merge"] is True config_unprotect_branch_with_old_api = f""" gitlab: api_version: 4 projects_and_groups: {group_and_project_name}: branches: protect_branch: protected: false developers_can_push: true developers_can_merge: true """ run_gitlabform(config_unprotect_branch_with_old_api, group_and_project_name) branch = gitlab.get_branch(group_and_project_name, "protect_branch") assert branch["protected"] is False
def test_protect_branch_with_new_api_next_update_with_old_api_and_unprotect( self, gitlab, group, project, branches): group_and_project_name = f"{group}/{project}" config_protect_branch_with_new_api = f""" projects_and_groups: {group_and_project_name}: branches: protect_branch: protected: true push_access_level: {AccessLevel.NO_ACCESS.value} merge_access_level: {AccessLevel.MAINTAINER.value} unprotect_access_level: {AccessLevel.MAINTAINER.value} """ run_gitlabform(config_protect_branch_with_new_api, group_and_project_name) ( push_access_level, merge_access_level, unprotect_access_level, ) = gitlab.get_only_branch_access_levels(group_and_project_name, "protect_branch") assert push_access_level is AccessLevel.NO_ACCESS.value assert merge_access_level is AccessLevel.MAINTAINER.value assert unprotect_access_level is AccessLevel.MAINTAINER.value config_protect_branch_with_old_api = f""" projects_and_groups: {group_and_project_name}: branches: protect_branch: protected: true developers_can_push: true developers_can_merge: true """ run_gitlabform(config_protect_branch_with_old_api, group_and_project_name) branch = gitlab.get_branch(group_and_project_name, "protect_branch") assert branch["protected"] is True assert branch["developers_can_push"] is True assert branch["developers_can_merge"] is True config_protect_branch_unprotect = f""" projects_and_groups: {group_and_project_name}: branches: protect_branch: protected: false """ run_gitlabform(config_protect_branch_unprotect, group_and_project_name) branch = gitlab.get_branch(group_and_project_name, "protect_branch") assert branch["protected"] is False
def test__change_group_access(self, gitlab, group, groups, users, one_owner): change_some_users_access = f""" projects_and_groups: {group}/*: group_members: {users[0]}: access_level: 50 group_shared_with: {groups[0]}: group_access_level: 30 {groups[1]}: group_access_level: 50 """ run_gitlabform(change_some_users_access, group) shared_with = gitlab.get_group_shared_with(group) for shared_with_group in shared_with: if shared_with_group["group_name"] == f"{groups[0]}": assert shared_with_group["group_access_level"] == 30 if shared_with_group["group_name"] == f"{groups[1]}": assert shared_with_group["group_access_level"] == 50
def test__add_group(self, gitlab, group, users, groups, one_owner): no_of_members_before = len(gitlab.get_group_members(group)) add_shared_with = f""" projects_and_groups: {group}/*: group_members: {users[0]}: access_level: 50 group_shared_with: {groups[0]}: group_access_level: 30 {groups[1]}: group_access_level: 30 """ run_gitlabform(add_shared_with, group) members = gitlab.get_group_members(group) assert len(members) == no_of_members_before, members shared_with = gitlab.get_group_shared_with(group) assert len(shared_with) == 2
def test__unarchive_project(self, gitlab, group, project): group_and_project = f"{group}/{project}" archive_project = f""" projects_and_groups: {group_and_project}: project: archive: true """ unarchive_project = f""" projects_and_groups: {group_and_project}: project: archive: false """ run_gitlabform(archive_project, group_and_project) project = gitlab.get_project(group_and_project) assert project["archived"] is True run_gitlabform(unarchive_project, group_and_project) project = gitlab.get_project(group_and_project) assert project["archived"] is False
def test__remove_user(self, gitlab, group, users, one_owner_and_two_developers): no_of_members_before = len(gitlab.get_group_members(group)) user_to_remove = f"{users[2]}" remove_users = f""" projects_and_groups: {group}/*: enforce_group_members: true group_members: {users[0]}: access_level: 50 {users[1]}: access_level: 30 """ run_gitlabform(remove_users, group) members = gitlab.get_group_members(group) assert len(members) == no_of_members_before - 1 members_usernames = [member["username"] for member in members] assert user_to_remove not in members_usernames
def test__mixed_config_with_new_api(self, gitlab, group, project, branches): group_and_project_name = f"{group}/{project}" mixed_config_with_access_levels = f""" projects_and_groups: {group_and_project_name}: branches: protect_branch_and_allow_merges_access_levels: protected: true push_access_level: {AccessLevel.NO_ACCESS.value} merge_access_level: {AccessLevel.DEVELOPER.value} unprotect_access_level: {AccessLevel.MAINTAINER.value} '*_allow_pushes_access_levels': protected: true push_access_level: {AccessLevel.DEVELOPER.value} merge_access_level: {AccessLevel.DEVELOPER.value} unprotect_access_level: {AccessLevel.MAINTAINER.value} """ run_gitlabform(mixed_config_with_access_levels, group_and_project_name) ( push_access_level, merge_access_level, unprotect_access_level, ) = gitlab.get_only_branch_access_levels( group_and_project_name, "protect_branch_and_allow_merges_access_levels") assert push_access_level is AccessLevel.NO_ACCESS.value assert merge_access_level is AccessLevel.DEVELOPER.value assert unprotect_access_level is AccessLevel.MAINTAINER.value ( push_access_level, merge_access_level, unprotect_access_level, ) = gitlab.get_only_branch_access_levels( group_and_project_name, "*_allow_pushes_access_levels") assert push_access_level is AccessLevel.DEVELOPER.value assert merge_access_level is AccessLevel.DEVELOPER.value assert unprotect_access_level is AccessLevel.MAINTAINER.value mixed_config_with_access_levels_update = f""" projects_and_groups: {group_and_project_name}: branches: protect_branch_and_allow_merges_access_levels: protected: true push_access_level: {AccessLevel.NO_ACCESS.value} merge_access_level: {AccessLevel.MAINTAINER.value} unprotect_access_level: {AccessLevel.MAINTAINER.value} '*_allow_pushes_access_levels': protected: true push_access_level: {AccessLevel.MAINTAINER.value} merge_access_level: {AccessLevel.MAINTAINER.value} unprotect_access_level: {AccessLevel.MAINTAINER.value} """ run_gitlabform(mixed_config_with_access_levels_update, group_and_project_name) ( push_access_level, merge_access_level, unprotect_access_level, ) = gitlab.get_only_branch_access_levels( group_and_project_name, "protect_branch_and_allow_merges_access_levels") assert push_access_level is AccessLevel.NO_ACCESS.value assert merge_access_level is AccessLevel.MAINTAINER.value assert unprotect_access_level is AccessLevel.MAINTAINER.value ( push_access_level, merge_access_level, unprotect_access_level, ) = gitlab.get_only_branch_access_levels( group_and_project_name, "*_allow_pushes_access_levels") assert push_access_level is AccessLevel.MAINTAINER.value assert merge_access_level is AccessLevel.MAINTAINER.value assert unprotect_access_level is AccessLevel.MAINTAINER.value mixed_config_with_access_levels_unprotect_branches = f""" projects_and_groups: {group_and_project_name}: branches: protect_branch_and_allow_merges_access_levels: protected: false '*_allow_pushes_access_levels': protected: false """ run_gitlabform(mixed_config_with_access_levels_unprotect_branches, group_and_project_name) for branch in [ "protect_branch_and_allow_merges_access_levels", "protect_branch_and_allow_pushes_access_levels", ]: branch = gitlab.get_branch(group_and_project_name, branch) assert branch["protected"] is False