gitlab: small documentation updates (#1747)

Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>

Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>

docs/introduction/stability-support.md

@@ -21,16 +21,16 @@ We are currently in beta and support **only the latest release** for the time be
 The following table describes the stability level of each provider and who's responsible.
 
 | Provider                                                                                                   | Stability |                                                                                                                                     Maintainer |
-|------------------------------------------------------------------------------------------------------------| :-------: |-----------------------------------------------------------------------------------------------------------------------------------------------:|
+|------------------------------------------------------------------------------------------------------------|:---------:|-----------------------------------------------------------------------------------------------------------------------------------------------:|
 | [AWS Secrets Manager](https://external-secrets.io/latest/provider/aws-secrets-manager/)                    |  stable   |                                                                                        [external-secrets](https://github.com/external-secrets) |
 | [AWS Parameter Store](https://external-secrets.io/latest/provider/aws-parameter-store/)                    |  stable   |                                                                                        [external-secrets](https://github.com/external-secrets) |
 | [Hashicorp Vault](https://external-secrets.io/latest/provider/hashicorp-vault/)                            |  stable   |                                                                                        [external-secrets](https://github.com/external-secrets) |
 | [GCP Secret Manager](https://external-secrets.io/latest/provider/google-secrets-manager/)                  |  stable   |                                                                                        [external-secrets](https://github.com/external-secrets) |
 | [Azure Keyvault](https://external-secrets.io/latest/provider/azure-key-vault/)                             |  stable   |                                                                                        [external-secrets](https://github.com/external-secrets) |
-| [IBM Cloud Secrets Manager](https://external-secrets.io/latest/provider/ibm-secrets-manager/)                    |   stable   | [@knelasevero](https://github.com/knelasevero) [@sebagomez](https://github.com/sebagomez) [@ricardoptcosta](https://github.com/ricardoptcosta) [@IdanAdar](https://github.com/IdanAdar) |
+| [IBM Cloud Secrets Manager](https://external-secrets.io/latest/provider/ibm-secrets-manager/)              |  stable   | [@knelasevero](https://github.com/knelasevero) [@sebagomez](https://github.com/sebagomez) [@ricardoptcosta](https://github.com/ricardoptcosta) [@IdanAdar](https://github.com/IdanAdar) |
 | [Kubernetes](https://external-secrets.io/latest/provider/kubernetes)                                       |   alpha   |                                                                                        [external-secrets](https://github.com/external-secrets) |
 | [Yandex Lockbox](https://external-secrets.io/latest/provider/yandex-lockbox/)                              |   alpha   |                                            [@AndreyZamyslov](https://github.com/AndreyZamyslov) [@knelasevero](https://github.com/knelasevero) |
-| [Gitlab Project Variables](https://external-secrets.io/latest/provider/gitlab-project-variables/)          |   alpha   |                                                                                                         [@Jabray5](https://github.com/Jabray5) |
+| [Gitlab Variables](https://external-secrets.io/latest/provider/gitlab-variables/)                          |   alpha   |                                                                                                         [@Jabray5](https://github.com/Jabray5) |
 | Alibaba Cloud KMS                                                                                          |   alpha   |                                                                                                 [@ElsaChelala](https://github.com/ElsaChelala) |
 | [Oracle Vault](https://external-secrets.io/latest/provider/oracle-vault)                                   |   alpha   |                                                        [@KianTigger](https://github.com/KianTigger) [@EladGabay](https://github.com/EladGabay) |
 | [Akeyless](https://external-secrets.io/latest/provider/akeyless)                                           |   alpha   |                                                                                           [@renanaAkeyless](https://github.com/renanaAkeyless) |
@@ -44,7 +44,7 @@ The following table describes the stability level of each provider and who's res
 The following table show the support for features across different providers.
 
 | Provider                  | find by name | find by tags | metadataPolicy Fetch | referent authentication | store validation | push secret |
-|---------------------------|:------------:| :----------: | :------------------: | :---------------------: | :--------------: | :---------: |
+|---------------------------|:------------:|:------------:| :------------------: | :---------------------: | :--------------: | :---------: |
 | AWS Secrets Manager       |      x       |      x       |                      |                         |        x         |             |
 | AWS Parameter Store       |      x       |      x       |                      |                         |        x         |             |
 | Hashicorp Vault           |      x       |      x       |                      |                         |        x         |             |
@@ -53,7 +53,7 @@ The following table show the support for features across different providers.
 | Kubernetes                |      x       |      x       |                      |            x            |        x         |             |
 | IBM Cloud Secrets Manager |              |              |                      |                         |        x         |             |
 | Yandex Lockbox            |              |              |                      |                         |        x         |             |
-| Gitlab Project Variables  |              |              |                      |                         |        x         |             |
+| Gitlab Variables          |      x       |      x       |                      |                         |        x         |             |
 | Alibaba Cloud KMS         |              |              |                      |                         |        x         |             |
 | Oracle Vault              |              |              |                      |                         |        x         |             |
 | Akeyless                  |              |              |                      |                         |        x         |             |

docs/provider/gitlab-variables.md

@@ -1,10 +1,12 @@
-## Gitlab Project and Group Variables
+## Gitlab Variables
 
 External Secrets Operator integrates with Gitlab to sync [Gitlab Project Variables API](https://docs.gitlab.com/ee/api/project_level_variables.html) and/or [Gitlab Group Variables API](https://docs.gitlab.com/ee/api/group_level_variables.html) to secrets held on the Kubernetes cluster.
 
-### Authentication
+### Configuring Gitlab
 
-The API requires an access token and project ID/groupIDs. To create a new access token, go to your user settings and select 'access tokens'. Give your token a name, expiration date, and select the permissions required (Note 'api' is required).
+The Gitlab API requires an access token, project ID and/or groupIDs.
+
+To create a new access token, go to your user settings and select 'access tokens'. Give your token a name, expiration date, and select the permissions required (Note 'api' is required).
 
 ![token-details](../pictures/screenshot_gitlab_token.png)
 
@@ -20,9 +22,13 @@ Create a secret containing your access token:
 {% include 'gitlab-credentials-secret.yaml' %}
 ```
 
-### Update secret store
+### Configuring the secret store
 Be sure the `gitlab` provider is listed in the `Kind=SecretStore` and the ProjectID is set. If you are not using `https://gitlab.com`, you must set the `url` field as well.
 
+In order to sync group variables `inheritFromGroups` must be true or `groupIDs` have to be defined.
+
+In case you have defined multiple environments in Gitlab, the secret store should be constrained to a specific `environment_scope`.
+
 ```yaml
 {% include 'gitlab-secret-store.yaml' %}
 ```

hack/api-docs/mkdocs.yml

@@ -86,7 +86,7 @@ nav:
     - HashiCorp Vault: provider/hashicorp-vault.md
     - Yandex Certificate Manager: provider/yandex-certificate-manager.md
     - Yandex Lockbox: provider/yandex-lockbox.md
-    - Gitlab Project Variables: provider/gitlab-variables.md
+    - Gitlab Variables: provider/gitlab-variables.md
     - Oracle Vault: provider/oracle-vault.md
     - 1Password Secrets Automation: provider/1password-automation.md
     - Webhook: provider/webhook.md

pkg/provider/gitlab/gitlab.go

@@ -169,7 +169,7 @@ func (g *Gitlab) NewClient(ctx context.Context, store esv1beta1.GenericStore, ku
 	// ClientOptionFunc from the gitlab package can be mapped with the CRD
 	// in a similar way to extend functionality of the provider
 
-	// Create a new Gitlab projectVariablesClient using credentials and options
+	// Create a new Gitlab Client using credentials and options
 	gitlabClient, err := gitlab.NewClient(string(cliStore.credentials), opts...)
 	if err != nil {
 		return nil, err
@@ -187,7 +187,7 @@ func (g *Gitlab) NewClient(ctx context.Context, store esv1beta1.GenericStore, ku
 	return g, nil
 }
 
-// GetAllSecrets syncs all gitlab project variables into a single Kubernetes Secret.
+// GetAllSecrets syncs all gitlab project and group variables into a single Kubernetes Secret.
 func (g *Gitlab) GetAllSecrets(ctx context.Context, ref esv1beta1.ExternalSecretFind) (map[string][]byte, error) {
 	if utils.IsNil(g.projectVariablesClient) {
 		return nil, fmt.Errorf(errUninitializedGitlabProvider)