Jump to content

Connect SuperML | Leeroopedia MCP: Equip your AI agents with best practices, code verification, and debugging knowledge. Powered by Leeroo — building Organizational Superintelligence. Contact us at founders@leeroo.com.

Implementation:OpenHands OpenHands SaaSGitLabService

From Leeroopedia
Knowledge Sources
Domains Platform_Integration, GitLab
Last Updated 2026-02-11 21:00 GMT

Overview

SaaS-specific extension of the GitLab service that manages API tokens, group/project enumeration, and webhook record storage.

Description

SaaSGitLabService extends the base GitLabService with enterprise token management using a three-fallback strategy (external auth token, token manager refresh, direct token). It provides methods for fetching owned groups and projects with pagination, storing webhook records for groups and projects, and coordinating repository data storage.

Usage

Use this class when the OpenHands SaaS platform needs to interact with a user's GitLab instance, specifically for webhook management, repository enumeration, and token-managed API calls.

Code Reference

Source Location

Signature

class SaaSGitLabService(GitLabService):
    def __init__(
        self,
        user_id: str | None = None,
        external_auth_token: SecretStr | None = None,
        external_auth_id: str | None = None,
        token: SecretStr | None = None,
        external_token_manager: bool = False,
        base_domain: str | None = None,
    ):
        ...

    async def get_latest_token(self) -> SecretStr | None:
        ...

    async def get_owned_groups(self, min_access_level: int = 40) -> list[dict]:
        ...

    async def add_owned_projects_and_groups_to_db(self, owned_personal_projects) -> None:
        ...

    async def store_repository_data(
        self,
        users_personal_projects: list[dict],
        repositories: list[Repository],
    ) -> None:
        ...

Import

from enterprise.integrations.gitlab.gitlab_service import SaaSGitLabService

I/O Contract

Inputs

Name Type Required Description
user_id str No Keycloak user identifier
external_auth_token SecretStr No External authentication token
external_auth_id str No External auth ID (e.g., Keycloak user ID)
token SecretStr No Direct GitLab API token
external_token_manager bool No Whether to use external token management
base_domain str No GitLab instance domain

Outputs

Name Type Description
get_latest_token() SecretStr or None Current valid GitLab API token
get_owned_groups() list[dict] Top-level groups where user has admin access
store_repository_data() None Persists webhook and repository records to database

Usage Examples

from enterprise.integrations.gitlab.gitlab_service import SaaSGitLabService

# Initialize with external token management
service = SaaSGitLabService(
    user_id="user-123",
    external_auth_id="keycloak-456",
    external_token_manager=True,
    base_domain="gitlab.example.com",
)

# Fetch all groups with admin access
groups = await service.get_owned_groups(min_access_level=40)

# Store webhook records for discovered resources
await service.add_owned_projects_and_groups_to_db(owned_personal_projects=projects)

Related Pages

Page Connections

Double-click a node to navigate. Hold to expand connections.
Principle
Implementation
Heuristic
Environment