USEFULL
/
drone
mirror of https://github.com/harness/drone.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

code cleaning, address pr comments

gitness-public-repo-testing
atefeh 2024-05-07 00:06:26 -07:00
parent 1f410581af
commit 0ff77052f7
84 changed files with 536 additions and 637 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
app/api/auth/repo.go
View File

@ -58,18 +58,7 @@ func CheckRepoIsPublic(
publicAccess publicaccess.PublicAccess,
repo *types.Repository,
) (bool, error) {
parentSpace, name, err := paths.DisectLeaf(repo.Path)
if err != nil {
return false, fmt.Errorf("failed to disect path '%s': %w", repo.Path, err)
}
scope := &types.Scope{SpacePath: parentSpace}
resource := &types.Resource{
Type: enum.ResourceTypeRepo,
Identifier: name,
}
return publicAccess.Get(ctx, scope, resource)
return publicAccess.Get(ctx, enum.PublicResourceTypeRepo, repo.Path)
}
func IsRepoOwner(

13
app/api/auth/space.go
View File

@ -75,16 +75,5 @@ func CheckSpaceIsPublic(
publicAccess publicaccess.PublicAccess,
space *types.Space,
) (bool, error) {
parentSpace, name, err := paths.DisectLeaf(space.Path)
if err != nil {
return false, fmt.Errorf("failed to disect path '%s': %w", space.Path, err)
}
scope := &types.Scope{SpacePath: parentSpace}
resource := &types.Resource{
Type: enum.ResourceTypeSpace,
Identifier: name,
}
return publicAccess.Get(ctx, scope, resource)
return publicAccess.Get(ctx, enum.PublicResourceTypeSpace, space.Path)
}

2
app/api/controller/pullreq/reviewer_add.go
View File

@ -43,7 +43,7 @@ func (c *Controller) ReviewerAdd(
prNum int64,
in *ReviewerAddInput,
) (*types.PullReqReviewer, error) {
repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoPush)
repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoReview)
if err != nil {
return nil, fmt.Errorf("failed to acquire access to repo: %w", err)
}

2
app/api/controller/pullreq/reviewer_delete.go
View File

@ -25,7 +25,7 @@ import (
// ReviewerDelete deletes reviewer from the reviewerlist for the given PR.
func (c *Controller) ReviewerDelete(ctx context.Context, session *auth.Session,
repoRef string, prNum, reviewerID int64) error {
repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoPush)
repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoReview)
if err != nil {
return fmt.Errorf("failed to acquire access to repo: %w", err)
}

2
app/api/controller/repo/archive.go
View File

@ -37,7 +37,7 @@ func (c *Controller) Archive(
}
return c.git.Archive(ctx, git.ArchiveParams{
ReadParams: git.CreateReadParams(repo.Repository),
ReadParams: git.CreateReadParams(repo),
ArchiveParams: params,
}, w)
}

4
app/api/controller/repo/blame.go
View File

@ -45,12 +45,12 @@ func (c *Controller) Blame(ctx context.Context,
}
if gitRef == "" {
gitRef = repo.Repository.DefaultBranch
gitRef = repo.DefaultBranch
}
reader := git.NewStreamReader(
c.git.Blame(ctx, &git.BlameParams{
ReadParams: git.CreateReadParams(repo.Repository),
ReadParams: git.CreateReadParams(repo),
GitRef: gitRef,
Path: path,
LineFrom: lineFrom,

4
app/api/controller/repo/codeowner_validate.go
View File

@ -34,10 +34,10 @@ func (c *Controller) CodeOwnersValidate(
}
if ref == "" {
ref = repo.Repository.DefaultBranch
ref = repo.DefaultBranch
}
violations, err := c.codeOwners.Validate(ctx, &repo.Repository, ref)
violations, err := c.codeOwners.Validate(ctx, repo, ref)
if err != nil {
return nil, err
}

6
app/api/controller/repo/commit.go
View File

@ -67,7 +67,7 @@ func (c *Controller) CommitFiles(ctx context.Context,
return types.CommitFilesResponse{}, nil, err
}
rules, isRepoOwner, err := c.fetchRules(ctx, session, &repo.Repository)
rules, isRepoOwner, err := c.fetchRules(ctx, session, repo)
if err != nil {
return types.CommitFilesResponse{}, nil, err
}
@ -86,7 +86,7 @@ func (c *Controller) CommitFiles(ctx context.Context,
Actor: &session.Principal,
AllowBypass: in.BypassRules,
IsRepoOwner: isRepoOwner,
Repo: &repo.Repository,
Repo: repo,
RefAction: refAction,
RefType: protection.RefTypeBranch,
RefNames: []string{branchName},
@ -131,7 +131,7 @@ func (c *Controller) CommitFiles(ctx context.Context,
}
// Create internal write params. Note: This will skip the pre-commit protection rules check.
writeParams, err := controller.CreateRPCInternalWriteParams(ctx, c.urlProvider, session, &repo.Repository)
writeParams, err := controller.CreateRPCInternalWriteParams(ctx, c.urlProvider, session, repo)
if err != nil {
return types.CommitFilesResponse{}, nil, fmt.Errorf("failed to create RPC write params: %w", err)
}

4
app/api/controller/repo/content_get.go
View File

@ -108,11 +108,11 @@ func (c *Controller) GetContent(ctx context.Context,
// set gitRef to default branch in case an empty reference was provided
if gitRef == "" {
gitRef = repo.Repository.DefaultBranch
gitRef = repo.DefaultBranch
}
// create read params once
readParams := git.CreateReadParams(repo.Repository)
readParams := git.CreateReadParams(repo)
treeNodeOutput, err := c.git.GetTreeNode(ctx, &git.GetTreeNodeParams{
ReadParams: readParams,

4
app/api/controller/repo/content_paths_details.go
View File

@ -56,11 +56,11 @@ func (c *Controller) PathsDetails(ctx context.Context,
// set gitRef to default branch in case an empty reference was provided
if gitRef == "" {
gitRef = repo.Repository.DefaultBranch
gitRef = repo.DefaultBranch
}
result, err := c.git.PathsDetails(ctx, git.PathsDetailsParams{
ReadParams: git.CreateReadParams(repo.Repository),
ReadParams: git.CreateReadParams(repo),
GitREF: gitRef,
Paths: input.Paths,
})

18
app/api/controller/repo/controller.go
View File

@ -53,18 +53,6 @@ type Repository struct {
IsPublic bool `json:"is_public" yaml:"is_public"`
}
// Clone makes deep copy of repository object.
func (r Repository) Clone() Repository {
var deleted *int64
if r.Repository.Deleted != nil {
id := *r.Repository.Deleted
deleted = &id
}
r.Repository.Deleted = deleted
return r
}
type Controller struct {
defaultBranch string
publicResourceCreationEnabled bool
@ -153,10 +141,9 @@ func NewController(
func (c *Controller) getRepo(
ctx context.Context,
repoRef string,
) (*Repository, error) {
) (*types.Repository, error) {
return GetRepo(
ctx,
c.publicAccess,
c.repoStore,
repoRef,
)
@ -169,12 +156,11 @@ func (c *Controller) getRepoCheckAccess(
session *auth.Session,
repoRef string,
reqPermission enum.Permission,
) (*Repository, error) {
) (*types.Repository, error) {
return GetRepoCheckAccess(
ctx,
c.repoStore,
c.authorizer,
c.publicAccess,
session,
repoRef,
reqPermission,

44
app/api/controller/repo/create.go
View File

@ -109,28 +109,21 @@ func (c *Controller) Create(ctx context.Context, session *auth.Session, in *Crea
IsEmpty: isEmpty,
}
err = c.repoStore.Create(ctx, repo)
if err != nil {
if dErr := c.DeleteGitRepository(ctx, session, repo); dErr != nil {
log.Ctx(ctx).Warn().Err(dErr).Msg("failed to delete repo for cleanup")
}
return fmt.Errorf("failed to create repository in storage: %w", err)
}
return nil
return c.repoStore.Create(ctx, repo)
}, sql.TxOptions{Isolation: sql.LevelSerializable})
if err != nil {
// best effort cleanup
if dErr := c.DeleteGitRepository(ctx, session, repo); dErr != nil {
log.Ctx(ctx).Warn().Err(dErr).Msg("failed to delete repo for cleanup")
}
return nil, err
}
if in.IsPublic && c.publicResourceCreationEnabled {
err = c.SetPublicRepo(ctx, repo)
if err != nil {
if dErr := c.PurgeNoAuth(ctx, session, repo); dErr != nil {
log.Ctx(ctx).Warn().Err(dErr).Msg("failed to purge repo for cleanup")
}
return nil, fmt.Errorf("failed to set a public resource: %w", err)
if err = c.SetRepoPublicAccess(ctx, repo, in.IsPublic); err != nil {
if dErr := c.PurgeNoAuth(ctx, session, repo); dErr != nil {
log.Ctx(ctx).Warn().Err(dErr).Msg("failed to purge repo for cleanup")
}
return nil, fmt.Errorf("failed to set repo public access: %w", err)
}
// backfil GitURL
@ -287,19 +280,16 @@ func (c *Controller) createGitRepository(ctx context.Context, session *auth.Sess
return resp, len(files) == 0, nil
}
func (c *Controller) SetPublicRepo(ctx context.Context, repo *types.Repository) error {
parentSpace, name, err := paths.DisectLeaf(repo.Path)
if err != nil {
return fmt.Errorf("failed to disect path '%s': %w", repo.Path, err)
func (c *Controller) SetRepoPublicAccess(
ctx context.Context,
repo *types.Repository,
isPublic bool,
) error {
if isPublic && !c.publicResourceCreationEnabled {
return errPublicRepoCreationDisabled
}
scope := &types.Scope{SpacePath: parentSpace}
resource := &types.Resource{
Type: enum.ResourceTypeRepo,
Identifier: name,
}
return c.publicAccess.Set(ctx, scope, resource, true)
return c.publicAccess.Set(ctx, enum.PublicResourceTypeRepo, repo.Path, isPublic)
}
func createReadme(name, description string) []byte {

8
app/api/controller/repo/create_branch.go
View File

@ -50,10 +50,10 @@ func (c *Controller) CreateBranch(ctx context.Context,
// set target to default branch in case no target was provided
if in.Target == "" {
in.Target = repo.Repository.DefaultBranch
in.Target = repo.DefaultBranch
}
rules, isRepoOwner, err := c.fetchRules(ctx, session, &repo.Repository)
rules, isRepoOwner, err := c.fetchRules(ctx, session, repo)
if err != nil {
return nil, nil, err
}
@ -62,7 +62,7 @@ func (c *Controller) CreateBranch(ctx context.Context,
Actor: &session.Principal,
AllowBypass: in.BypassRules,
IsRepoOwner: isRepoOwner,
Repo: &repo.Repository,
Repo: repo,
RefAction: protection.RefActionCreate,
RefType: protection.RefTypeBranch,
RefNames: []string{in.Name},
@ -74,7 +74,7 @@ func (c *Controller) CreateBranch(ctx context.Context,
return nil, violations, nil
}
writeParams, err := controller.CreateRPCInternalWriteParams(ctx, c.urlProvider, session, &repo.Repository)
writeParams, err := controller.CreateRPCInternalWriteParams(ctx, c.urlProvider, session, repo)
if err != nil {
return nil, nil, fmt.Errorf("failed to create RPC write params: %w", err)
}

8
app/api/controller/repo/create_commit_tag.go
View File

@ -54,10 +54,10 @@ func (c *Controller) CreateCommitTag(ctx context.Context,
// set target to default branch in case no branch or commit was provided
if in.Target == "" {
in.Target = repo.Repository.DefaultBranch
in.Target = repo.DefaultBranch
}
rules, isRepoOwner, err := c.fetchRules(ctx, session, &repo.Repository)
rules, isRepoOwner, err := c.fetchRules(ctx, session, repo)
if err != nil {
return nil, nil, err
}
@ -66,7 +66,7 @@ func (c *Controller) CreateCommitTag(ctx context.Context,
Actor: &session.Principal,
AllowBypass: in.BypassRules,
IsRepoOwner: isRepoOwner,
Repo: &repo.Repository,
Repo: repo,
RefAction: protection.RefActionCreate,
RefType: protection.RefTypeTag,
RefNames: []string{in.Name},
@ -78,7 +78,7 @@ func (c *Controller) CreateCommitTag(ctx context.Context,
return nil, violations, nil
}
writeParams, err := controller.CreateRPCInternalWriteParams(ctx, c.urlProvider, session, &repo.Repository)
writeParams, err := controller.CreateRPCInternalWriteParams(ctx, c.urlProvider, session, repo)
if err != nil {
return nil, nil, fmt.Errorf("failed to create RPC write params: %w", err)
}

23
app/api/controller/repo/default_branch.go
View File

@ -57,7 +57,7 @@ func (c *Controller) UpdateDefaultBranch(
// requests will wait for previous ones to compelete before proceed
unlock, err := c.locker.LockDefaultBranch(
ctx,
repo.Repository.ID,
repo.ID,
in.Name, // branch name only used for logging (lock is on repo)
timeout+30*time.Second, // add 30s to the lock to give enough time for updating default branch
)
@ -66,7 +66,7 @@ func (c *Controller) UpdateDefaultBranch(
}
defer unlock()
writeParams, err := controller.CreateRPCInternalWriteParams(ctx, c.urlProvider, session, &repo.Repository)
writeParams, err := controller.CreateRPCInternalWriteParams(ctx, c.urlProvider, session, repo)
if err != nil {
return nil, fmt.Errorf("failed to create RPC write params: %w", err)
}
@ -87,8 +87,8 @@ func (c *Controller) UpdateDefaultBranch(
return nil, fmt.Errorf("failed to update the repo default branch: %w", err)
}
oldName := repo.Repository.DefaultBranch
repoBase, err := c.repoStore.UpdateOptLock(ctx, &repo.Repository, func(r *types.Repository) error {
oldName := repo.DefaultBranch
repo, err = c.repoStore.UpdateOptLock(ctx, repo, func(r *types.Repository) error {
r.DefaultBranch = in.Name
return nil
})
@ -96,16 +96,11 @@ func (c *Controller) UpdateDefaultBranch(
return nil, fmt.Errorf("failed to update the repo default branch on db:%w", err)
}
repo = &Repository{
Repository: *repoBase,
IsPublic: repo.IsPublic,
}
err = c.auditService.Log(ctx,
session.Principal,
audit.NewResource(audit.ResourceTypeRepository, repo.Repository.Identifier),
audit.NewResource(audit.ResourceTypeRepository, repo.Identifier),
audit.ActionUpdated,
paths.Parent(repo.Repository.Path),
paths.Parent(repo.Path),
audit.WithOldObject(repoClone),
audit.WithNewObject(repo),
)
@ -114,11 +109,11 @@ func (c *Controller) UpdateDefaultBranch(
}
c.eventReporter.DefaultBranchUpdated(ctx, &repoevents.DefaultBranchUpdatedPayload{
RepoID: repoBase.ID,
RepoID: repo.ID,
PrincipalID: bootstrap.NewSystemServiceSession().Principal.ID,
OldName: oldName,
NewName: repoBase.DefaultBranch,
NewName: repo.DefaultBranch,
})
return repo, nil
return GetRepoOutput(ctx, c.publicAccess, repo)
}

8
app/api/controller/repo/delete_branch.go
View File

@ -43,11 +43,11 @@ func (c *Controller) DeleteBranch(ctx context.Context,
// ASSUMPTION: lower layer calls explicit branch api
// and 'refs/heads/branch1' would fail if 'branch1' exists.
// TODO: Add functional test to ensure the scenario is covered!
if branchName == repo.Repository.DefaultBranch {
if branchName == repo.DefaultBranch {
return nil, usererror.ErrDefaultBranchCantBeDeleted
}
rules, isRepoOwner, err := c.fetchRules(ctx, session, &repo.Repository)
rules, isRepoOwner, err := c.fetchRules(ctx, session, repo)
if err != nil {
return nil, err
}
@ -56,7 +56,7 @@ func (c *Controller) DeleteBranch(ctx context.Context,
Actor: &session.Principal,
AllowBypass: bypassRules,
IsRepoOwner: isRepoOwner,
Repo: &repo.Repository,
Repo: repo,
RefAction: protection.RefActionDelete,
RefType: protection.RefTypeBranch,
RefNames: []string{branchName},
@ -68,7 +68,7 @@ func (c *Controller) DeleteBranch(ctx context.Context,
return violations, nil
}
writeParams, err := controller.CreateRPCInternalWriteParams(ctx, c.urlProvider, session, &repo.Repository)
writeParams, err := controller.CreateRPCInternalWriteParams(ctx, c.urlProvider, session, repo)
if err != nil {
return nil, fmt.Errorf("failed to create RPC write params: %w", err)
}

6
app/api/controller/repo/delete_tag.go
View File

@ -38,7 +38,7 @@ func (c *Controller) DeleteTag(ctx context.Context,
return nil, err
}
rules, isRepoOwner, err := c.fetchRules(ctx, session, &repo.Repository)
rules, isRepoOwner, err := c.fetchRules(ctx, session, repo)
if err != nil {
return nil, err
}
@ -47,7 +47,7 @@ func (c *Controller) DeleteTag(ctx context.Context,
Actor: &session.Principal,
AllowBypass: bypassRules,
IsRepoOwner: isRepoOwner,
Repo: &repo.Repository,
Repo: repo,
RefAction: protection.RefActionDelete,
RefType: protection.RefTypeTag,
RefNames: []string{tagName},
@ -59,7 +59,7 @@ func (c *Controller) DeleteTag(ctx context.Context,
return violations, nil
}
writeParams, err := controller.CreateRPCInternalWriteParams(ctx, c.urlProvider, session, &repo.Repository)
writeParams, err := controller.CreateRPCInternalWriteParams(ctx, c.urlProvider, session, repo)
if err != nil {
return nil, fmt.Errorf("failed to create RPC write params: %w", err)
}

4
app/api/controller/repo/diff.go
View File

@ -47,7 +47,7 @@ func (c *Controller) RawDiff(
}
return c.git.RawDiff(ctx, w, &git.DiffParams{
ReadParams: git.CreateReadParams(&repo.Repository),
ReadParams: git.CreateReadParams(repo),
BaseRef: info.BaseRef,
HeadRef: info.HeadRef,
MergeBase: info.MergeBase,
@ -67,7 +67,7 @@ func (c *Controller) CommitDiff(
}
return c.git.CommitDiff(ctx, &git.GetCommitParams{
ReadParams: git.CreateReadParams(&repo.Repository),
ReadParams: git.CreateReadParams(repo),
Revision: rev,
}, w)
}

2
app/api/controller/repo/get_branch.go
View File

@ -35,7 +35,7 @@ func (c *Controller) GetBranch(ctx context.Context,
}
rpcOut, err := c.git.GetBranch(ctx, &git.GetBranchParams{
ReadParams: git.CreateReadParams(repo.Repository),
ReadParams: git.CreateReadParams(repo),
BranchName: branchName,
})
if err != nil {

2
app/api/controller/repo/get_commit.go
View File

@ -37,7 +37,7 @@ func (c *Controller) GetCommit(ctx context.Context,
}
rpcOut, err := c.git.GetCommit(ctx, &git.GetCommitParams{
ReadParams: git.CreateReadParams(repo.Repository),
ReadParams: git.CreateReadParams(repo),
Revision: sha,
})
if err != nil {

4
app/api/controller/repo/get_commit_divergences.go
View File

@ -71,7 +71,7 @@ func (c *Controller) GetCommitDivergences(ctx context.Context,
// map to rpc params
options := &git.GetCommitDivergencesParams{
ReadParams: git.CreateReadParams(repo.Repository),
ReadParams: git.CreateReadParams(repo),
MaxCount: in.MaxCount,
Requests: make([]git.CommitDivergenceRequest, len(in.Requests)),
}
@ -80,7 +80,7 @@ func (c *Controller) GetCommitDivergences(ctx context.Context,
options.Requests[i].To = in.Requests[i].To
// backfil default branch if no 'to' was provided
if len(options.Requests[i].To) == 0 {
options.Requests[i].To = repo.Repository.DefaultBranch
options.Requests[i].To = repo.DefaultBranch
}
}

2
app/api/controller/repo/git_info_refs.go
View File

@ -39,7 +39,7 @@ func (c *Controller) GitInfoRefs(
}
if err = c.git.GetInfoRefs(ctx, w, &git.InfoRefsParams{
ReadParams: git.CreateReadParams(repo.Repository),
ReadParams: git.CreateReadParams(repo),
// TODO: git shouldn't take a random string here, but instead have accepted enum values.
Service: string(service),
Options: nil,

4
app/api/controller/repo/git_service_pack.go
View File

@ -59,13 +59,13 @@ func (c *Controller) GitServicePack(
// setup read/writeparams depending on whether it's a write operation
if isWriteOperation {
var writeParams git.WriteParams
writeParams, err = controller.CreateRPCExternalWriteParams(ctx, c.urlProvider, session, &repo.Repository)
writeParams, err = controller.CreateRPCExternalWriteParams(ctx, c.urlProvider, session, repo)
if err != nil {
return fmt.Errorf("failed to create RPC write params: %w", err)
}
params.WriteParams = &writeParams
} else {
readParams := git.CreateReadParams(repo.Repository)
readParams := git.CreateReadParams(repo)
params.ReadParams = &readParams
}

57
app/api/controller/repo/helper.go
View File

@ -24,16 +24,16 @@ import (
"github.com/harness/gitness/app/auth/authz"
"github.com/harness/gitness/app/services/publicaccess"
"github.com/harness/gitness/app/store"
"github.com/harness/gitness/types"
"github.com/harness/gitness/types/enum"
)
// GetRepo fetches an active repo (not one that is currently being imported).
func GetRepo(
ctx context.Context,
publicAccess publicaccess.PublicAccess,
repoStore store.RepoStore,
repoRef string,
) (*Repository, error) {
) (*types.Repository, error) {
if repoRef == "" {
return nil, usererror.BadRequest("A valid repository reference must be provided.")
}
@ -47,6 +47,36 @@ func GetRepo(
return nil, usererror.BadRequest("Repository import is in progress.")
}
return repo, nil
}
// GetRepoCheckAccess fetches an active repo (not one that is currently being imported)
// and checks if the current user has permission to access it.
func GetRepoCheckAccess(
ctx context.Context,
repoStore store.RepoStore,
authorizer authz.Authorizer,
session *auth.Session,
repoRef string,
reqPermission enum.Permission,
) (*types.Repository, error) {
repo, err := GetRepo(ctx, repoStore, repoRef)
if err != nil {
return nil, fmt.Errorf("failed to find repo: %w", err)
}
if err = apiauth.CheckRepo(ctx, authorizer, session, repo, reqPermission); err != nil {
return nil, fmt.Errorf("access check failed: %w", err)
}
return repo, nil
}
func GetRepoOutput(
ctx context.Context,
publicAccess publicaccess.PublicAccess,
repo *types.Repository,
) (*Repository, error) {
isPublic, err := apiauth.CheckRepoIsPublic(ctx, publicAccess, repo)
if err != nil {
return nil, fmt.Errorf("failed to check if repo is public: %w", err)
@ -57,26 +87,3 @@ func GetRepo(
IsPublic: isPublic,
}, nil
}
// GetRepoCheckAccess fetches an active repo (not one that is currently being imported)
// and checks if the current user has permission to access it.
func GetRepoCheckAccess(
ctx context.Context,
repoStore store.RepoStore,
authorizer authz.Authorizer,
publicAccess publicaccess.PublicAccess,
session *auth.Session,
repoRef string,
reqPermission enum.Permission,
) (*Repository, error) {
repo, err := GetRepo(ctx, publicAccess, repoStore, repoRef)
if err != nil {
return nil, fmt.Errorf("failed to find repo: %w", err)
}
if err = apiauth.CheckRepo(ctx, authorizer, session, &repo.Repository, reqPermission); err != nil {
return nil, fmt.Errorf("access check failed: %w", err)
}
return repo, nil
}

7
app/api/controller/repo/import.go
View File

@ -82,11 +82,8 @@ func (c *Controller) Import(ctx context.Context, session *auth.Session, in *Impo
return fmt.Errorf("failed to create repository in storage: %w", err)
}
// update public resources
if isPublic && c.publicResourceCreationEnabled {
if err = c.SetPublicRepo(ctx, repo); err != nil {
return fmt.Errorf("failed to set a public repo: %w", err)
}
if err = c.SetRepoPublicAccess(ctx, repo, isPublic); err != nil {
return fmt.Errorf("failed to set repo public access: %w", err)
}
err = c.importer.Run(ctx,

2
app/api/controller/repo/list_branches.go
View File

@ -44,7 +44,7 @@ func (c *Controller) ListBranches(ctx context.Context,
}
rpcOut, err := c.git.ListBranches(ctx, &git.ListBranchesParams{
ReadParams: git.CreateReadParams(repo.Repository),
ReadParams: git.CreateReadParams(repo),
IncludeCommit: includeCommit,
Query: filter.Query,
Sort: mapToRPCBranchSortOption(filter.Sort),

2
app/api/controller/repo/list_commit_tags.go
View File

@ -48,7 +48,7 @@ func (c *Controller) ListCommitTags(ctx context.Context,
}
rpcOut, err := c.git.ListCommitTags(ctx, &git.ListCommitTagsParams{
ReadParams: git.CreateReadParams(repo.Repository),
ReadParams: git.CreateReadParams(repo),
IncludeCommit: includeCommit,
Query: filter.Query,
Sort: mapToRPCTagSortOption(filter.Sort),

4
app/api/controller/repo/list_commits.go
View File

@ -39,11 +39,11 @@ func (c *Controller) ListCommits(ctx context.Context,
// set gitRef to default branch in case an empty reference was provided
if gitRef == "" {
gitRef = repo.Repository.DefaultBranch
gitRef = repo.DefaultBranch
}
rpcOut, err := c.git.ListCommits(ctx, &git.ListCommitsParams{
ReadParams: git.CreateReadParams(repo.Repository),
ReadParams: git.CreateReadParams(repo),
GitREF: gitRef,
After: filter.After,
Page: int32(filter.Page),

4
app/api/controller/repo/list_paths.go
View File

@ -42,11 +42,11 @@ func (c *Controller) ListPaths(ctx context.Context,
// set gitRef to default branch in case an empty reference was provided
if gitRef == "" {
gitRef = repo.Repository.DefaultBranch
gitRef = repo.DefaultBranch
}
rpcOut, err := c.git.ListPaths(ctx, &git.ListPathsParams{
ReadParams: git.CreateReadParams(repo.Repository),
ReadParams: git.CreateReadParams(repo),
GitREF: gitRef,
IncludeDirectories: includeDirectories,
})

8
app/api/controller/repo/list_pipelines.go
View File

@ -37,7 +37,7 @@ func (c *Controller) ListPipelines(
if err != nil {
return nil, 0, fmt.Errorf("failed to find repo: %w", err)
}
if err := apiauth.CheckPipeline(ctx, c.authorizer, session, repo.Repository.Path, "", enum.PermissionPipelineView); err != nil {
if err := apiauth.CheckPipeline(ctx, c.authorizer, session, repo.Path, "", enum.PermissionPipelineView); err != nil {
return nil, 0, fmt.Errorf("access check failed: %w", err)
}
@ -45,18 +45,18 @@ func (c *Controller) ListPipelines(
var pipelines []*types.Pipeline
err = c.tx.WithTx(ctx, func(ctx context.Context) (err error) {
count, err = c.pipelineStore.Count(ctx, repo.Repository.ID, filter)
count, err = c.pipelineStore.Count(ctx, repo.ID, filter)
if err != nil {
return fmt.Errorf("failed to count child executions: %w", err)
}
if !latest {
pipelines, err = c.pipelineStore.List(ctx, repo.Repository.ID, filter)
pipelines, err = c.pipelineStore.List(ctx, repo.ID, filter)
if err != nil {
return fmt.Errorf("failed to list pipelines: %w", err)
}
} else {
pipelines, err = c.pipelineStore.ListLatest(ctx, repo.Repository.ID, filter)
pipelines, err = c.pipelineStore.ListLatest(ctx, repo.ID, filter)
if err != nil {
return fmt.Errorf("failed to list latest pipelines: %w", err)
}

4
app/api/controller/repo/list_service_accounts.go
View File

@ -42,12 +42,12 @@ func (c *Controller) ListServiceAccounts(
c.spaceStore,
c.repoStore,
enum.ParentResourceTypeRepo,
repo.Repository.ID,
repo.ID,
"",
enum.PermissionServiceAccountView,
); err != nil {
return nil, fmt.Errorf("access check failed: %w", err)
}
return c.principalStore.ListServiceAccounts(ctx, enum.ParentResourceTypeRepo, repo.Repository.ID)
return c.principalStore.ListServiceAccounts(ctx, enum.ParentResourceTypeRepo, repo.ID)
}

2
app/api/controller/repo/merge_check.go
View File

@ -45,7 +45,7 @@ func (c *Controller) MergeCheck(
return MergeCheck{}, err
}
writeParams, err := controller.CreateRPCInternalWriteParams(ctx, c.urlProvider, session, &repo.Repository)
writeParams, err := controller.CreateRPCInternalWriteParams(ctx, c.urlProvider, session, repo)
if err != nil {
return MergeCheck{}, fmt.Errorf("failed to create rpc write params: %w", err)
}

2
app/api/controller/repo/pipeline_generate.go
View File

@ -35,7 +35,7 @@ func (c *Controller) PipelineGenerate(
}
result, err := c.git.GeneratePipeline(ctx, &git.GeneratePipelineParams{
ReadParams: git.CreateReadParams(repo.Repository),
ReadParams: git.CreateReadParams(repo),
})
if err != nil {
return nil, fmt.Errorf("failed to generate pipeline: %w", err)

41
app/api/controller/repo/public_access_update.go
View File

@ -18,10 +18,10 @@ import (
"context"
"fmt"
apiauth "github.com/harness/gitness/app/api/auth"
"github.com/harness/gitness/app/auth"
"github.com/harness/gitness/app/paths"
"github.com/harness/gitness/audit"
"github.com/harness/gitness/types"
"github.com/harness/gitness/types/enum"
"github.com/rs/zerolog/log"
@ -31,49 +31,48 @@ type PublicAccessUpdateInput struct {
EnablePublic bool `json:"enable_public"`
}
type PublicAccessUpdateOutput struct {
IsPublic bool `json:"is_public"`
}
func (c *Controller) PublicAccessUpdate(ctx context.Context,
session *auth.Session,
repoRef string,
in *PublicAccessUpdateInput,
) (*PublicAccessUpdateOutput, error) {
) (*Repository, error) {
repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoEdit)
if err != nil {
return nil, err
}
repoClone := repo.Clone()
if err = c.sanitizeVisibilityInput(in); err != nil {
return nil, fmt.Errorf("failed to sanitize input: %w", err)
}
parentSpace, name, err := paths.DisectLeaf(repo.Repository.Path)
repoClone := repo.Clone()
// get current public access vale for audit
isPublic, err := apiauth.CheckRepoIsPublic(ctx, c.publicAccess, repo)
if err != nil {
return nil, fmt.Errorf("failed to disect path '%s': %w", repo.Repository.Path, err)
return nil, fmt.Errorf("failed to check current public access status: %w", err)
}
scope := &types.Scope{SpacePath: parentSpace}
resource := &types.Resource{
Type: enum.ResourceTypeRepo,
Identifier: name,
// no op
if isPublic == in.EnablePublic {
return GetRepoOutput(ctx, c.publicAccess, repo)
}
if err = c.publicAccess.Set(ctx, scope, resource, in.EnablePublic); err != nil {
if err = c.publicAccess.Set(ctx, enum.PublicResourceTypeRepo, repo.Path, in.EnablePublic); err != nil {
return nil, fmt.Errorf("failed to update repo public access: %w", err)
}
err = c.auditService.Log(ctx,
session.Principal,
audit.NewResource(audit.ResourceTypeRepository, repo.Repository.Identifier),
audit.NewResource(audit.ResourceTypeRepository, repo.Identifier),
audit.ActionUpdated,
paths.Parent(repo.Repository.Path),
audit.WithOldObject(repoClone),
paths.Parent(repo.Path),
audit.WithOldObject(&Repository{
Repository: repoClone,
IsPublic: isPublic,
}),
audit.WithNewObject(&Repository{
Repository: repo.Repository,
Repository: *repo,
IsPublic: in.EnablePublic,
}),
)
@ -81,9 +80,7 @@ func (c *Controller) PublicAccessUpdate(ctx context.Context,
log.Ctx(ctx).Warn().Msgf("failed to insert audit log for update repository operation: %s", err)
}
return &PublicAccessUpdateOutput{
in.EnablePublic,
}, nil
return GetRepoOutput(ctx, c.publicAccess, repo)
}

18
app/api/controller/repo/purge.go
View File

@ -23,7 +23,6 @@ import (
"github.com/harness/gitness/app/api/usererror"
"github.com/harness/gitness/app/auth"
repoevents "github.com/harness/gitness/app/events/repo"
"github.com/harness/gitness/app/paths"
"github.com/harness/gitness/errors"
"github.com/harness/gitness/git"
"github.com/harness/gitness/types"
@ -79,7 +78,7 @@ func (c *Controller) PurgeNoAuth(
}
if isPublic {
if err := c.disablePublicRepo(ctx, repo); err != nil {
if err := c.SetRepoPublicAccess(ctx, repo, false); err != nil {
log.Ctx(ctx).Err(err).Msg("failed to disable repo public access")
}
}
@ -124,18 +123,3 @@ func (c *Controller) DeleteGitRepository(
}
return nil
}
func (c *Controller) disablePublicRepo(ctx context.Context, repo *types.Repository) error {
parentSpace, name, err := paths.DisectLeaf(repo.Path)
if err != nil {
return fmt.Errorf("failed to disect path '%s': %w", repo.Path, err)
}
scope := &types.Scope{SpacePath: parentSpace}
resource := &types.Resource{
Type: enum.ResourceTypeRepo,
Identifier: name,
}
return c.publicAccess.Set(ctx, scope, resource, false)
}

4
app/api/controller/repo/raw.go
View File

@ -40,11 +40,11 @@ func (c *Controller) Raw(ctx context.Context,
// set gitRef to default branch in case an empty reference was provided
if gitRef == "" {
gitRef = repo.Repository.DefaultBranch
gitRef = repo.DefaultBranch
}
// create read params once
readParams := git.CreateReadParams(repo.Repository)
readParams := git.CreateReadParams(repo)
treeNodeOutput, err := c.git.GetTreeNode(ctx, &git.GetTreeNodeParams{
ReadParams: readParams,
GitREF: gitRef,

4
app/api/controller/repo/rule_create.go
View File

@ -100,7 +100,7 @@ func (c *Controller) RuleCreate(ctx context.Context,
CreatedBy: session.Principal.ID,
Created: now,
Updated: now,
RepoID: &repo.Repository.ID,
RepoID: &repo.ID,
SpaceID: nil,
Type: in.Type,
State: in.State,
@ -120,7 +120,7 @@ func (c *Controller) RuleCreate(ctx context.Context,
session.Principal,
audit.NewResource(audit.ResourceTypeBranchRule, r.Identifier),
audit.ActionCreated,
paths.Parent(repo.Repository.Path),
paths.Parent(repo.Path),
audit.WithNewObject(r),
)
if err != nil {

4
app/api/controller/repo/rule_delete.go
View File

@ -37,7 +37,7 @@ func (c *Controller) RuleDelete(ctx context.Context,
return err
}
r, err := c.ruleStore.FindByIdentifier(ctx, nil, &repo.Repository.ID, identifier)
r, err := c.ruleStore.FindByIdentifier(ctx, nil, &repo.ID, identifier)
if err != nil {
return fmt.Errorf("failed to find repository-level protection rule by identifier: %w", err)
}
@ -51,7 +51,7 @@ func (c *Controller) RuleDelete(ctx context.Context,
session.Principal,
audit.NewResource(audit.ResourceTypeBranchRule, r.Identifier),
audit.ActionDeleted,
paths.Parent(repo.Repository.Path),
paths.Parent(repo.Path),
audit.WithOldObject(r),
)
if err != nil {

2
app/api/controller/repo/rule_find.go
View File

@ -34,7 +34,7 @@ func (c *Controller) RuleFind(ctx context.Context,
return nil, err
}
r, err := c.ruleStore.FindByIdentifier(ctx, nil, &repo.Repository.ID, identifier)
r, err := c.ruleStore.FindByIdentifier(ctx, nil, &repo.ID, identifier)
if err != nil {
return nil, fmt.Errorf("failed to find repository-level protection rule by identifier: %w", err)
}

4
app/api/controller/repo/rule_list.go
View File

@ -39,7 +39,7 @@ func (c *Controller) RuleList(ctx context.Context,
var count int64
err = c.tx.WithTx(ctx, func(ctx context.Context) error {
list, err = c.ruleStore.List(ctx, nil, &repo.Repository.ID, filter)
list, err = c.ruleStore.List(ctx, nil, &repo.ID, filter)
if err != nil {
return fmt.Errorf("failed to list repository-level protection rules: %w", err)
}
@ -49,7 +49,7 @@ func (c *Controller) RuleList(ctx context.Context,
return nil
}
count, err = c.ruleStore.Count(ctx, nil, &repo.Repository.ID, filter)
count, err = c.ruleStore.Count(ctx, nil, &repo.ID, filter)
if err != nil {
return fmt.Errorf("failed to count repository-level protection rules: %w", err)
}

4
app/api/controller/repo/rule_update.go
View File

@ -96,7 +96,7 @@ func (c *Controller) RuleUpdate(ctx context.Context,
return nil, err
}
r, err := c.ruleStore.FindByIdentifier(ctx, nil, &repo.Repository.ID, identifier)
r, err := c.ruleStore.FindByIdentifier(ctx, nil, &repo.ID, identifier)
if err != nil {
return nil, fmt.Errorf("failed to get a repository rule by its identifier: %w", err)
}
@ -142,7 +142,7 @@ func (c *Controller) RuleUpdate(ctx context.Context,
session.Principal,
audit.NewResource(audit.ResourceTypeBranchRule, r.Identifier),
audit.ActionUpdated,
paths.Parent(repo.Repository.Path),
paths.Parent(repo.Path),
audit.WithOldObject(oldRule),
audit.WithNewObject(r),
)

25
app/api/controller/repo/update.go
View File

@ -19,7 +19,6 @@ import (
"fmt"
"strings"
apiauth "github.com/harness/gitness/app/api/auth"
"github.com/harness/gitness/app/auth"
"github.com/harness/gitness/app/paths"
"github.com/harness/gitness/audit"
@ -52,15 +51,15 @@ func (c *Controller) Update(ctx context.Context,
repoClone := repo.Clone()
if !in.hasChanges(&repo.Repository) {
return repo, nil
if !in.hasChanges(repo) {
return GetRepoOutput(ctx, c.publicAccess, repo)
}
if err = c.sanitizeUpdateInput(in); err != nil {
return nil, fmt.Errorf("failed to sanitize input: %w", err)
}
repoBase, err := c.repoStore.UpdateOptLock(ctx, &repo.Repository, func(repo *types.Repository) error {
repo, err = c.repoStore.UpdateOptLock(ctx, repo, func(repo *types.Repository) error {
// update values only if provided
if in.Description != nil {
repo.Description = *in.Description
@ -72,21 +71,11 @@ func (c *Controller) Update(ctx context.Context,
return nil, err
}
isPublic, err := apiauth.CheckRepoIsPublic(ctx, c.publicAccess, repoBase)
if err != nil {
return nil, fmt.Errorf("failed to get resource public access mode: %w", err)
}
repo = &Repository{
Repository: *repoBase,
IsPublic: isPublic,
}
err = c.auditService.Log(ctx,
session.Principal,
audit.NewResource(audit.ResourceTypeRepository, repo.Repository.Identifier),
audit.NewResource(audit.ResourceTypeRepository, repo.Identifier),
audit.ActionUpdated,
paths.Parent(repo.Repository.Path),
paths.Parent(repo.Path),
audit.WithOldObject(repoClone),
audit.WithNewObject(repo),
)
@ -95,9 +84,9 @@ func (c *Controller) Update(ctx context.Context,
}
// backfill repo url
repo.Repository.GitURL = c.urlProvider.GenerateGITCloneURL(repo.Repository.Path)
repo.GitURL = c.urlProvider.GenerateGITCloneURL(repo.Path)
return repo, nil
return GetRepoOutput(ctx, c.publicAccess, repo)
}
func (c *Controller) sanitizeUpdateInput(in *UpdateInput) error {

8
app/api/controller/reposettings/controller.go
View File

@ -20,10 +20,10 @@ import (
"github.com/harness/gitness/app/api/controller/repo"
"github.com/harness/gitness/app/auth"
"github.com/harness/gitness/app/auth/authz"
"github.com/harness/gitness/app/services/publicaccess"
"github.com/harness/gitness/app/services/settings"
"github.com/harness/gitness/app/store"
"github.com/harness/gitness/audit"
"github.com/harness/gitness/types"
"github.com/harness/gitness/types/enum"
)
@ -31,7 +31,6 @@ type Controller struct {
authorizer authz.Authorizer
repoStore store.RepoStore
settings *settings.Service
publicAccess publicaccess.PublicAccess
auditService audit.Service
}
@ -39,14 +38,12 @@ func NewController(
authorizer authz.Authorizer,
repoStore store.RepoStore,
settings *settings.Service,
publicAccess publicaccess.PublicAccess,
auditService audit.Service,
) *Controller {
return &Controller{
authorizer: authorizer,
repoStore: repoStore,
settings: settings,
publicAccess: publicAccess,
auditService: auditService,
}
}
@ -58,12 +55,11 @@ func (c *Controller) getRepoCheckAccess(
session *auth.Session,
repoRef string,
reqPermission enum.Permission,
) (*repo.Repository, error) {
) (*types.Repository, error) {
return repo.GetRepoCheckAccess(
ctx,
c.repoStore,
c.authorizer,
c.publicAccess,
session,
repoRef,
reqPermission,

2
app/api/controller/reposettings/general_find.go
View File

@ -35,7 +35,7 @@ func (c *Controller) GeneralFind(
out := GetDefaultGeneralSettings()
mappings := GetGeneralSettingsMappings(out)
err = c.settings.RepoMap(ctx, repo.Repository.ID, mappings...)
err = c.settings.RepoMap(ctx, repo.ID, mappings...)
if err != nil {
return nil, fmt.Errorf("failed to map settings: %w", err)
}

10
app/api/controller/reposettings/general_update.go
View File

@ -41,12 +41,12 @@ func (c *Controller) GeneralUpdate(
// read old settings values
old := GetDefaultGeneralSettings()
oldMappings := GetGeneralSettingsMappings(old)
err = c.settings.RepoMap(ctx, repo.Repository.ID, oldMappings...)
err = c.settings.RepoMap(ctx, repo.ID, oldMappings...)
if err != nil {
return nil, fmt.Errorf("failed to map settings (old): %w", err)
}
err = c.settings.RepoSetMany(ctx, repo.Repository.ID, GetGeneralSettingsAsKeyValues(in)...)
err = c.settings.RepoSetMany(ctx, repo.ID, GetGeneralSettingsAsKeyValues(in)...)
if err != nil {
return nil, fmt.Errorf("failed to set settings: %w", err)
}
@ -54,16 +54,16 @@ func (c *Controller) GeneralUpdate(
// read all settings and return complete config
out := GetDefaultGeneralSettings()
mappings := GetGeneralSettingsMappings(out)
err = c.settings.RepoMap(ctx, repo.Repository.ID, mappings...)
err = c.settings.RepoMap(ctx, repo.ID, mappings...)
if err != nil {
return nil, fmt.Errorf("failed to map settings: %w", err)
}
err = c.auditService.Log(ctx,
session.Principal,
audit.NewResource(audit.ResourceTypeRepositorySettings, repo.Repository.Identifier),
audit.NewResource(audit.ResourceTypeRepositorySettings, repo.Identifier),
audit.ActionUpdated,
paths.Parent(repo.Repository.Path),
paths.Parent(repo.Path),
audit.WithOldObject(old),
audit.WithNewObject(out),
)

4
app/api/controller/reposettings/wire.go
View File

@ -16,7 +16,6 @@ package reposettings
import (
"github.com/harness/gitness/app/auth/authz"
"github.com/harness/gitness/app/services/publicaccess"
"github.com/harness/gitness/app/services/settings"
"github.com/harness/gitness/app/store"
"github.com/harness/gitness/audit"
@ -33,8 +32,7 @@ func ProvideController(
authorizer authz.Authorizer,
repoStore store.RepoStore,
settings *settings.Service,
publicAccess publicaccess.PublicAccess,
auditService audit.Service,
) *Controller {
return NewController(authorizer, repoStore, settings, publicAccess, auditService)
return NewController(authorizer, repoStore, settings, auditService)
}

25
app/api/controller/space/create.go
View File

@ -146,10 +146,8 @@ func (c *Controller) createSpaceInnerInTX(
}
}
if in.IsPublic {
if err := c.setPublicSpace(ctx, space); err != nil {
return nil, fmt.Errorf("failed to insert a public resource: %w", err)
}
if err := c.setSpacePublicAccess(ctx, space, in.IsPublic); err != nil {
return nil, fmt.Errorf("failed to set a space public: %w", err)
}
return space, nil
@ -189,19 +187,16 @@ func (c *Controller) getSpaceCheckAuthSpaceCreation(
return parentSpace, nil
}
func (c *Controller) setPublicSpace(ctx context.Context, space *types.Space) error {
parentSpace, name, err := paths.DisectLeaf(space.Path)
if err != nil {
return fmt.Errorf("failed to disect path '%s': %w", space.Path, err)
func (c *Controller) setSpacePublicAccess(
ctx context.Context,
space *types.Space,
isPublic bool,
) error {
if isPublic && !c.publicResourceCreationEnabled {
return errPublicSpaceCreationDisabled
}
scope := &types.Scope{SpacePath: parentSpace}
resource := &types.Resource{
Type: enum.ResourceTypeSpace,
Identifier: name,
}
return c.publicAccess.Set(ctx, scope, resource, true)
return c.publicAccess.Set(ctx, enum.PublicResourceTypeSpace, space.Path, isPublic)
}
func (c *Controller) sanitizeCreateInput(in *CreateInput) error {

29
types/public_resource.go → app/api/controller/space/helper.go
View File

@ -12,12 +12,29 @@
// See the License for the specific language governing permissions and
// limitations under the License.
package types
package space
import "github.com/harness/gitness/types/enum"
import (
"context"
"fmt"
// PublicResource defines a public resource info.
type PublicResource struct {
Type enum.PublicResourceType
ID int64
apiauth "github.com/harness/gitness/app/api/auth"
"github.com/harness/gitness/app/services/publicaccess"
"github.com/harness/gitness/types"
)
func GetSpaceOutput(
ctx context.Context,
publicAccess publicaccess.PublicAccess,
space *types.Space,
) (*Space, error) {
isPublic, err := apiauth.CheckSpaceIsPublic(ctx, publicAccess, space)
if err != nil {
return nil, fmt.Errorf("failed to get resource public access mode: %w", err)
}
return &Space{
Space: *space,
IsPublic: isPublic,
}, nil
}

8
app/api/controller/space/import.go
View File

@ -98,12 +98,10 @@ func (c *Controller) Import(ctx context.Context, session *auth.Session, in *Impo
repoIDs[i] = repo.ID
cloneURLs[i] = remoteRepository.CloneURL
// update public resources
if isPublic && c.publicResourceCreationEnabled {
if err := c.repoCtrl.SetPublicRepo(ctx, repo); err != nil {
return fmt.Errorf("failed to set a public repo: %w", err)
}
if err := c.repoCtrl.SetRepoPublicAccess(ctx, repo, isPublic); err != nil {
return fmt.Errorf("failed to set repo public access: %w", err)
}
}
jobGroupID := fmt.Sprintf("space-import-%d", space.ID)

7
app/api/controller/space/import_repositories.go
View File

@ -126,11 +126,8 @@ func (c *Controller) ImportRepositories(
return fmt.Errorf("failed to create repository in storage: %w", err)
}
// update public resources
if isPublic && c.publicResourceCreationEnabled {
if err := c.repoCtrl.SetPublicRepo(ctx, repo); err != nil {
return fmt.Errorf("failed to set a public repo: %w", err)
}
if err := c.repoCtrl.SetRepoPublicAccess(ctx, repo, isPublic); err != nil {
return fmt.Errorf("failed to set repo public access: %w", err)
}
repos = append(repos, repo)

17
app/api/controller/space/update.go
View File

@ -47,18 +47,8 @@ func (c *Controller) Update(ctx context.Context, session *auth.Session,
return nil, err
}
isPublic, err := apiauth.CheckSpaceIsPublic(ctx, c.publicAccess, space)
if err != nil {
return nil, fmt.Errorf("failed to get resource public access mode: %w", err)
}
spaceData := &Space{
Space: *space,
IsPublic: isPublic,
}
if !in.hasChanges(space) {
return spaceData, nil
return GetSpaceOutput(ctx, c.publicAccess, space)
}
if err = c.sanitizeUpdateInput(in); err != nil {
@ -77,10 +67,7 @@ func (c *Controller) Update(ctx context.Context, session *auth.Session,
return nil, err
}
return &Space{
Space: *space,
IsPublic: isPublic,
}, nil
return GetSpaceOutput(ctx, c.publicAccess, space)
}
func (c *Controller) sanitizeUpdateInput(in *UpdateInput) error {

4
app/api/controller/webhook/controller.go
View File

@ -22,7 +22,6 @@ import (
"github.com/harness/gitness/app/api/usererror"
"github.com/harness/gitness/app/auth"
"github.com/harness/gitness/app/auth/authz"
"github.com/harness/gitness/app/services/publicaccess"
"github.com/harness/gitness/app/services/webhook"
"github.com/harness/gitness/app/store"
"github.com/harness/gitness/encrypt"
@ -40,7 +39,6 @@ type Controller struct {
repoStore store.RepoStore
webhookService *webhook.Service
encrypter encrypt.Encrypter
publicAccess publicaccess.PublicAccess
}
func NewController(
@ -52,7 +50,6 @@ func NewController(
repoStore store.RepoStore,
webhookService *webhook.Service,
encrypter encrypt.Encrypter,
publicAccess publicaccess.PublicAccess,
) *Controller {
return &Controller{
allowLoopback: allowLoopback,
@ -63,7 +60,6 @@ func NewController(
repoStore: repoStore,
webhookService: webhookService,
encrypter: encrypter,
publicAccess: publicAccess,
}
}

5
app/api/controller/webhook/wire.go
View File

@ -16,7 +16,6 @@ package webhook
import (
"github.com/harness/gitness/app/auth/authz"
"github.com/harness/gitness/app/services/publicaccess"
"github.com/harness/gitness/app/services/webhook"
"github.com/harness/gitness/app/store"
"github.com/harness/gitness/encrypt"
@ -31,10 +30,10 @@ var WireSet = wire.NewSet(
func ProvideController(config webhook.Config, authorizer authz.Authorizer,
webhookStore store.WebhookStore, webhookExecutionStore store.WebhookExecutionStore,
repoStore store.RepoStore, webhookService *webhook.Service, encrypter encrypt.Encrypter, publicAccess publicaccess.PublicAccess,
repoStore store.RepoStore, webhookService *webhook.Service, encrypter encrypt.Encrypter,
) *Controller {
return NewController(
config.AllowLoopback, config.AllowPrivateNetwork, authorizer,
webhookStore, webhookExecutionStore,
repoStore, webhookService, encrypter, publicAccess)
repoStore, webhookService, encrypter)
}

14
app/auth/anonymous.go → app/auth/anonymouse.go
View File

@ -19,12 +19,10 @@ import (
"github.com/harness/gitness/types/enum"
)
// Anonymous is an in-memory principal for users with no auth data.
// Authorizer is in charge of handling public access.
func Anonymous() *types.Principal {
return &types.Principal{
ID: -1,
UID: "ALL_USERS",
Type: enum.PrincipalTypeUser,
}
// anonymousPrincipal is an in-memory principal for users with no auth data.
// Authorizer is in charge of handling anonymouse access.
var AnonymousPrincipal = types.Principal{
ID: -1,
UID: "anonymous",
Type: enum.PrincipalTypeUser,
}

2
app/auth/authn/jwt.go
View File

@ -57,7 +57,7 @@ func (a *JWTAuthenticator) Authenticate(r *http.Request) (*auth.Session, error)
if len(str) == 0 {
return &auth.Session{
Principal: *auth.Anonymous(),
Principal: auth.AnonymousPrincipal,
}, nil
}

4
app/auth/authz/membership.go
View File

@ -55,12 +55,12 @@ func (a *MembershipAuthorizer) Check(
resource *types.Resource,
permission enum.Permission,
) (bool, error) {
isPublic, err := a.CheckPublicAccess(ctx, scope, resource, permission)
publicAccessAllowed, err := a.CheckPublicAccess(ctx, scope, resource, permission)
if err != nil {
return false, fmt.Errorf("failed to check public access: %w", err)
}
if isPublic {
if publicAccessAllowed {
return true, nil
}

19
app/auth/authz/public_access.go
View File

@ -17,6 +17,7 @@ package authz
import (
"context"
"github.com/harness/gitness/app/paths"
"github.com/harness/gitness/types"
"github.com/harness/gitness/types/enum"
)
@ -33,11 +34,19 @@ func (a *MembershipAuthorizer) CheckPublicAccess(
return false, nil
}
// public access is enabled on these resource types.
if resource.Type != enum.ResourceTypeRepo &&
resource.Type != enum.ResourceTypeSpace {
return false, nil
pubResType, pubResPath := mapResource(scope, resource)
return a.publicAccess.Get(ctx, pubResType, pubResPath)
}
func mapResource(scope *types.Scope, resource *types.Resource,
) (enum.PublicResourceType, string) {
pubResType := enum.PublicResourceTypeSpace
if resource.Type == enum.ResourceTypeRepo &&
resource.Identifier != "" {
pubResType = enum.PublicResourceTypeRepo
}
return a.publicAccess.Get(ctx, scope, resource)
return pubResType, paths.Concatenate(scope.SpacePath, resource.Identifier)
}

15
app/pipeline/converter/converter.go
View File

@ -21,6 +21,8 @@ import (
"github.com/harness/gitness/app/pipeline/converter/jsonnet"
"github.com/harness/gitness/app/pipeline/converter/starlark"
"github.com/harness/gitness/app/pipeline/file"
"github.com/harness/gitness/app/services/publicaccess"
"github.com/harness/gitness/types/enum"
)
const (
@ -30,7 +32,8 @@ const (
)
type converter struct {
fileService file.Service
fileService file.Service
publicaccess publicaccess.PublicAccess
}
func newConverter(fileService file.Service) Service {
@ -40,14 +43,20 @@ func newConverter(fileService file.Service) Service {
func (c *converter) Convert(_ context.Context, args *ConvertArgs) (*file.File, error) {
path := args.Pipeline.ConfigPath
// get public access visibility of the repo
repoIsPublic, err := c.publicaccess.Get(context.Background(), enum.PublicResourceTypeRepo, args.Repo.Path)
if err != nil {
return nil, err
}
if isJSONNet(path) {
str, err := jsonnet.Parse(args.Repo, args.Pipeline, args.Execution, args.File, c.fileService, jsonnetImportLimit)
str, err := jsonnet.Parse(args.Repo, repoIsPublic, args.Pipeline, args.Execution, args.File, c.fileService, jsonnetImportLimit)
if err != nil {
return nil, err
}
return &file.File{Data: []byte(str)}, nil
} else if isStarlark(path) {
str, err := starlark.Parse(args.Repo, args.Pipeline, args.Execution, args.File, starlarkStepLimit, starlarkSizeLimit)
str, err := starlark.Parse(args.Repo, repoIsPublic, args.Pipeline, args.Execution, args.File, starlarkStepLimit, starlarkSizeLimit)
if err != nil {
return nil, err
}

28
app/pipeline/converter/jsonnet/jsonnet.go
View File

@ -23,7 +23,6 @@ import (
"strconv"
"strings"
repoCtrl "github.com/harness/gitness/app/api/controller/repo"
"github.com/harness/gitness/app/pipeline/file"
"github.com/harness/gitness/types"
@ -37,7 +36,7 @@ const param = "param."
var noContext = context.Background()
type importer struct {
repo *repoCtrl.Repository
repo *types.Repository
execution *types.Execution
// jsonnet does not cache file imports and may request
@ -104,7 +103,8 @@ func (i *importer) Import(importedFrom, importedPath string) (contents jsonnet.C
}
func Parse(
repo *repoCtrl.Repository,
repo *types.Repository,
repoIsPublic bool,
pipeline *types.Pipeline,
execution *types.Execution,
file *file.File,
@ -131,7 +131,7 @@ func Parse(
mapBuild(execution, vm)
}
if repo != nil {
mapRepo(repo, pipeline, vm)
mapRepo(repo, pipeline, vm, repoIsPublic)
}
jsonnetFile := file
@ -189,24 +189,24 @@ func mapBuild(v *types.Execution, vm *jsonnet.VM) {
// mapBuild populates repo level variables available to jsonnet templates.
// Since we want to maintain compatibility with drone 2.x, the older format
// needs to be maintained (even if the variables do not exist in gitness).
func mapRepo(v *repoCtrl.Repository, p *types.Pipeline, vm *jsonnet.VM) {
func mapRepo(v *types.Repository, p *types.Pipeline, vm *jsonnet.VM, publicRepo bool) {
namespace := v.Path
idx := strings.LastIndex(v.Path, "/")
if idx != -1 {
namespace = v.Path[:idx]
}
// TODO [CODE-1363]: remove after identifier migration.
vm.ExtVar(repo+"uid", v.Repository.Identifier)
vm.ExtVar(repo+"identifier", v.Repository.Identifier)
vm.ExtVar(repo+"name", v.Repository.Identifier)
vm.ExtVar(repo+"uid", v.Identifier)
vm.ExtVar(repo+"identifier", v.Identifier)
vm.ExtVar(repo+"name", v.Identifier)
vm.ExtVar(repo+"namespace", namespace)
vm.ExtVar(repo+"slug", v.Repository.Path)
vm.ExtVar(repo+"git_http_url", v.Repository.GitURL)
vm.ExtVar(repo+"git_ssh_url", v.Repository.GitURL)
vm.ExtVar(repo+"link", v.Repository.GitURL)
vm.ExtVar(repo+"branch", v.Repository.DefaultBranch)
vm.ExtVar(repo+"slug", v.Path)
vm.ExtVar(repo+"git_http_url", v.GitURL)
vm.ExtVar(repo+"git_ssh_url", v.GitURL)
vm.ExtVar(repo+"link", v.GitURL)
vm.ExtVar(repo+"branch", v.DefaultBranch)
vm.ExtVar(repo+"config", p.ConfigPath)
vm.ExtVar(repo+"private", strconv.FormatBool(!v.IsPublic))
vm.ExtVar(repo+"private", strconv.FormatBool(!publicRepo))
vm.ExtVar(repo+"visibility", "internal")
vm.ExtVar(repo+"active", strconv.FormatBool(true))
vm.ExtVar(repo+"trusted", strconv.FormatBool(true))

10
app/pipeline/converter/service.go
View File

@ -17,7 +17,6 @@ package converter
import (
"context"
"github.com/harness/gitness/app/api/controller/repo"
"github.com/harness/gitness/app/pipeline/file"
"github.com/harness/gitness/types"
)
@ -26,10 +25,11 @@ type (
// ConvertArgs represents a request to the pipeline
// conversion service.
ConvertArgs struct {
Repo *repo.Repository `json:"repository,omitempty"`
Pipeline *types.Pipeline `json:"pipeline,omitempty"`
Execution *types.Execution `json:"execution,omitempty"`
File *file.File `json:"config,omitempty"`
Repo *types.Repository `json:"repository,omitempty"`
Pipeline *types.Pipeline `json:"pipeline,omitempty"`
Execution *types.Execution `json:"execution,omitempty"`
File *file.File `json:"config,omitempty"`
RepoIsPublic bool `json:"repo_is_public,omitempty"`
}
// Service converts a file which is in starlark/jsonnet form by looking

26
app/pipeline/converter/starlark/args.go
View File

@ -17,7 +17,6 @@ package starlark
import (
"strings"
"github.com/harness/gitness/app/api/controller/repo"
"github.com/harness/gitness/types"
"go.starlark.net/starlark"
@ -25,15 +24,16 @@ import (
)
func createArgs(
repo *repo.Repository,
repo *types.Repository,
pipeline *types.Pipeline,
execution *types.Execution,
repoIsPublic bool,
) []starlark.Value {
args := []starlark.Value{
starlarkstruct.FromStringDict(
starlark.String("context"),
starlark.StringDict{
"repo": starlarkstruct.FromStringDict(starlark.String("repo"), fromRepo(repo, pipeline)),
"repo": starlarkstruct.FromStringDict(starlark.String("repo"), fromRepo(repo, pipeline, repoIsPublic)),
"build": starlarkstruct.FromStringDict(starlark.String("build"), fromBuild(execution)),
},
),
@ -67,7 +67,7 @@ func fromBuild(v *types.Execution) starlark.StringDict {
}
}
func fromRepo(v *repo.Repository, p *types.Pipeline) starlark.StringDict {
func fromRepo(v *types.Repository, p *types.Pipeline, publicRepo bool) starlark.StringDict {
namespace := v.Path
idx := strings.LastIndex(v.Path, "/")
if idx != -1 {
@ -76,17 +76,17 @@ func fromRepo(v *repo.Repository, p *types.Pipeline) starlark.StringDict {
return starlark.StringDict{
// TODO [CODE-1363]: remove after identifier migration?
"uid": starlark.String(v.Repository.Identifier),
"identifier": starlark.String(v.Repository.Identifier),
"name": starlark.String(v.Repository.Identifier),
"uid": starlark.String(v.Identifier),
"identifier": starlark.String(v.Identifier),
"name": starlark.String(v.Identifier),
"namespace": starlark.String(namespace),
"slug": starlark.String(v.Repository.Path),
"git_http_url": starlark.String(v.Repository.GitURL),
"git_ssh_url": starlark.String(v.Repository.GitURL),
"link": starlark.String(v.Repository.GitURL),
"branch": starlark.String(v.Repository.DefaultBranch),
"slug": starlark.String(v.Path),
"git_http_url": starlark.String(v.GitURL),
"git_ssh_url": starlark.String(v.GitURL),
"link": starlark.String(v.GitURL),
"branch": starlark.String(v.DefaultBranch),
"config": starlark.String(p.ConfigPath),
"private": !starlark.Bool(v.IsPublic),
"private": !starlark.Bool(publicRepo),
"visibility": starlark.String("internal"),
"active": starlark.Bool(true),
"trusted": starlark.Bool(true),

10
app/pipeline/converter/starlark/starlark.go
View File

@ -18,7 +18,6 @@ import (
"bytes"
"errors"
"github.com/harness/gitness/app/api/controller/repo"
"github.com/harness/gitness/app/pipeline/file"
"github.com/harness/gitness/types"
@ -57,7 +56,8 @@ var (
)
func Parse(
repo *repo.Repository,
repo *types.Repository,
repoIsPublic bool,
pipeline *types.Pipeline,
execution *types.Execution,
file *file.File,
@ -69,8 +69,8 @@ func Parse(
Load: noLoad,
Print: func(_ *starlark.Thread, msg string) {
logrus.WithFields(logrus.Fields{
"namespace": repo.Repository.Path, // TODO: update to just be the space
"name": repo.Repository.Identifier,
"namespace": repo.Path, // TODO: update to just be the space
"name": repo.Identifier,
}).Traceln(msg)
},
}
@ -96,7 +96,7 @@ func Parse(
// create the input args and invoke the main method
// using the input args.
args := createArgs(repo, pipeline, execution)
args := createArgs(repo, pipeline, execution, repoIsPublic)
// set the maximum number of operations in the script. this
// mitigates long running scripts.

6
app/pipeline/file/gitness.go
View File

@ -19,8 +19,8 @@ import (
"fmt"
"io"
"github.com/harness/gitness/app/api/controller/repo"
"github.com/harness/gitness/git"
"github.com/harness/gitness/types"
"github.com/rs/zerolog/log"
)
@ -35,12 +35,12 @@ func newService(git git.Interface) Service {
func (f *service) Get(
ctx context.Context,
repo *repo.Repository,
repo *types.Repository,
path string,
ref string,
) (*File, error) {
readParams := git.ReadParams{
RepoUID: repo.Repository.GitUID,
RepoUID: repo.GitUID,
}
treeNodeOutput, err := f.git.GetTreeNode(ctx, &git.GetTreeNodeParams{
ReadParams: readParams,

4
app/pipeline/file/service.go
View File

@ -17,7 +17,7 @@ package file
import (
"context"
"github.com/harness/gitness/app/api/controller/repo"
"github.com/harness/gitness/types"
)
type (
@ -36,6 +36,6 @@ type (
Service interface {
// path is the path in the repo to read
// ref is the git ref for the repository e.g. refs/heads/master
Get(ctx context.Context, repo *repo.Repository, path, ref string) (*File, error)
Get(ctx context.Context, repo *types.Repository, path, ref string) (*File, error)
}
)

2
app/pipeline/manager/client.go
View File

@ -103,7 +103,7 @@ func (e *embedded) Detail(ctx context.Context, stage *drone.Stage) (*client.Cont
return &client.Context{
Build: ConvertToDroneBuild(details.Execution),
Repo: ConvertToDroneRepo(details.Repo),
Repo: ConvertToDroneRepo(details.Repo, details.RepoIsPublic),
Stage: ConvertToDroneStage(details.Stage),
Secrets: ConvertToDroneSecrets(details.Secrets),
Config: ConvertToDroneFile(details.Config),

27
app/pipeline/manager/convert.go
View File

@ -17,7 +17,6 @@ package manager
import (
"time"
"github.com/harness/gitness/app/api/controller/repo"
"github.com/harness/gitness/app/pipeline/file"
"github.com/harness/gitness/livelog"
"github.com/harness/gitness/types"
@ -208,21 +207,21 @@ func ConvertToDroneBuild(execution *types.Execution) *drone.Build {
}
}
func ConvertToDroneRepo(repo *repo.Repository) *drone.Repo {
func ConvertToDroneRepo(repo *types.Repository, repoIsPublic bool) *drone.Repo {
return &drone.Repo{
ID: repo.Repository.ID,
ID: repo.ID,
Trusted: true, // as builds are running on user machines, the repo is marked trusted.
UID: repo.Repository.Identifier,
UserID: repo.Repository.CreatedBy,
Namespace: repo.Repository.Path,
Name: repo.Repository.Identifier,
HTTPURL: repo.Repository.GitURL,
Link: repo.Repository.GitURL,
Private: !repo.IsPublic,
Created: repo.Repository.Created,
Updated: repo.Repository.Updated,
Version: repo.Repository.Version,
Branch: repo.Repository.DefaultBranch,
UID: repo.Identifier,
UserID: repo.CreatedBy,
Namespace: repo.Path,
Name: repo.Identifier,
HTTPURL: repo.GitURL,
Link: repo.GitURL,
Private: !repoIsPublic,
Created: repo.Created,
Updated: repo.Updated,
Version: repo.Version,
Branch: repo.DefaultBranch,
// TODO: We can get this from configuration once we start populating it.
// If this is not set drone runner cancels the build.
Timeout: int64((10 * time.Hour).Seconds()),

67
app/pipeline/manager/manager.go
View File

@ -23,7 +23,6 @@ import (
"time"
apiauth "github.com/harness/gitness/app/api/auth"
"github.com/harness/gitness/app/api/controller/repo"
"github.com/harness/gitness/app/bootstrap"
"github.com/harness/gitness/app/jwt"
"github.com/harness/gitness/app/pipeline/converter"
@ -83,12 +82,13 @@ type (
// ExecutionContext represents the minimum amount of information
// required by the runner to execute a build.
ExecutionContext struct {
Repo *repo.Repository `json:"repository"`
Execution *types.Execution `json:"build"`
Stage *types.Stage `json:"stage"`
Secrets []*types.Secret `json:"secrets"`
Config *file.File `json:"config"`
Netrc *Netrc `json:"netrc"`
Repo *types.Repository `json:"repository"`
RepoIsPublic bool `json:"repository_is_public,omitempty"`
Execution *types.Execution `json:"build"`
Stage *types.Stage `json:"stage"`
Secrets []*types.Secret `json:"secrets"`
Config *file.File `json:"config"`
Netrc *Netrc `json:"netrc"`
}
// ExecutionManager encapsulates complex build operations and provides
@ -302,24 +302,14 @@ func (m *Manager) Details(_ context.Context, stageID int64) (*ExecutionContext,
log.Warn().Err(err).Msg("manager: cannot find pipeline")
return nil, err
}
repoBase, err := m.Repos.Find(noContext, execution.RepoID)
repo, err := m.Repos.Find(noContext, execution.RepoID)
if err != nil {
log.Warn().Err(err).Msg("manager: cannot find repo")
return nil, err
}
isPublic, err := apiauth.CheckRepoIsPublic(noContext, m.publicAccess, repoBase)
if err != nil {
return nil, fmt.Errorf("failed to check if repo is public: %w", err)
}
repo := &repo.Repository{
Repository: *repoBase,
IsPublic: isPublic,
}
// Backfill clone URL
repo.Repository.GitURL = m.urlProvider.GenerateContainerGITCloneURL(repo.Repository.Path)
repo.GitURL = m.urlProvider.GenerateContainerGITCloneURL(repo.Path)
stages, err := m.Stages.List(noContext, stage.ExecutionID)
if err != nil {
@ -329,12 +319,12 @@ func (m *Manager) Details(_ context.Context, stageID int64) (*ExecutionContext,
execution.Stages = stages
log = log.With().
Int64("build", execution.Number).
Str("repo", repo.Repository.GetGitUID()).
Str("repo", repo.GetGitUID()).
Logger()
// TODO: Currently we fetch all the secrets from the same space.
// This logic can be updated when needed.
secrets, err := m.Secrets.ListAll(noContext, repo.Repository.ParentID)
secrets, err := m.Secrets.ListAll(noContext, repo.ParentID)
if err != nil {
log.Warn().Err(err).Msg("manager: cannot list secrets")
return nil, err
@ -347,12 +337,20 @@ func (m *Manager) Details(_ context.Context, stageID int64) (*ExecutionContext,
return nil, err
}
// Get public access settings of the repo
repoIsPublic, err := apiauth.CheckRepoIsPublic(noContext, m.publicAccess, repo)
if err != nil {
log.Warn().Err(err).Msg("manager: cannot check if repo is public")
return nil, err
}
// Convert file contents in case templates are being used.
args := &converter.ConvertArgs{
Repo: repo,
Pipeline: pipeline,
Execution: execution,
File: file,
Repo: repo,
Pipeline: pipeline,
Execution: execution,
File: file,
RepoIsPublic: repoIsPublic,
}
file, err = m.ConverterService.Convert(noContext, args)
if err != nil {
@ -367,20 +365,21 @@ func (m *Manager) Details(_ context.Context, stageID int64) (*ExecutionContext,
}
return &ExecutionContext{
Repo: repo,
Execution: execution,
Stage: stage,
Secrets: secrets,
Config: file,
Netrc: netrc,
Repo: repo,
RepoIsPublic: repoIsPublic,
Execution: execution,
Stage: stage,
Secrets: secrets,
Config: file,
Netrc: netrc,
}, nil
}
func (m *Manager) createNetrc(repo *repo.Repository) (*Netrc, error) {
func (m *Manager) createNetrc(repo *types.Repository) (*Netrc, error) {
pipelinePrincipal := bootstrap.NewPipelineServiceSession().Principal
jwt, err := jwt.GenerateWithMembership(
pipelinePrincipal.ID,
repo.Repository.ParentID,
repo.ParentID,
pipelineJWTRole,
pipelineJWTLifetime,
pipelinePrincipal.Salt,
@ -389,7 +388,7 @@ func (m *Manager) createNetrc(repo *repo.Repository) (*Netrc, error) {
return nil, fmt.Errorf("failed to create jwt: %w", err)
}
cloneURL, err := url.Parse(repo.Repository.GitURL)
cloneURL, err := url.Parse(repo.GitURL)
if err != nil {
return nil, fmt.Errorf("failed to parse clone url '%s': %w", cloneURL, err)
}

5
app/pipeline/triggerer/env.go
View File

@ -15,7 +15,6 @@
package triggerer
import (
"github.com/harness/gitness/app/api/controller/repo"
"github.com/harness/gitness/app/url"
"github.com/harness/gitness/types"
@ -33,11 +32,11 @@ func combine(env ...map[string]string) map[string]string {
}
func Envs(
repo *repo.Repository,
repo *types.Repository,
pipeline *types.Pipeline,
urlProvider url.Provider,
) map[string]string {
return map[string]string{
"DRONE_BUILD_LINK": urlProvider.GenerateUIBuildURL(repo.Repository.Path, pipeline.Identifier, pipeline.Seq),
"DRONE_BUILD_LINK": urlProvider.GenerateUIBuildURL(repo.Path, pipeline.Identifier, pipeline.Seq),
}
}

43
app/pipeline/triggerer/trigger.go
View File

@ -22,7 +22,6 @@ import (
"time"
apiauth "github.com/harness/gitness/app/api/auth"
"github.com/harness/gitness/app/api/controller/repo"
"github.com/harness/gitness/app/pipeline/checks"
"github.com/harness/gitness/app/pipeline/converter"
"github.com/harness/gitness/app/pipeline/file"
@ -154,19 +153,15 @@ func (t *triggerer) Trigger(
event := string(base.Action.GetTriggerEvent())
repoBase, err := t.repoStore.Find(ctx, pipeline.RepoID)
repo, err := t.repoStore.Find(ctx, pipeline.RepoID)
if err != nil {
log.Error().Err(err).Msg("could not find repo")
return nil, err
}
isPublic, err := apiauth.CheckRepoIsPublic(ctx, t.publicAccess, repoBase)
if err != nil {
return nil, fmt.Errorf("failed to check if repo is public: %w", err)
}
repo := &repo.Repository{
Repository: *repoBase,
IsPublic: isPublic,
repoIsPublic, err := apiauth.CheckRepoIsPublic(ctx, t.publicAccess, repo)
if err != nil {
return nil, fmt.Errorf("could not check if repo is public: %w", err)
}
file, err := t.fileService.Get(ctx, repo, pipeline.ConfigPath, base.After)
@ -177,7 +172,7 @@ func (t *triggerer) Trigger(
now := time.Now().UnixMilli()
execution := &types.Execution{
RepoID: repo.Repository.ID,
RepoID: repo.ID,
PipelineID: pipeline.ID,
Trigger: base.Trigger,
CreatedBy: base.TriggeredBy,
@ -215,10 +210,11 @@ func (t *triggerer) Trigger(
if !isV1Yaml(file.Data) {
// Convert from jsonnet/starlark to drone yaml
args := &converter.ConvertArgs{
Repo: repo,
Pipeline: pipeline,
Execution: execution,
File: file,
Repo: repo,
Pipeline: pipeline,
Execution: execution,
File: file,
RepoIsPublic: repoIsPublic,
}
file, err = t.converterService.Convert(ctx, args)
if err != nil {
@ -265,7 +261,7 @@ func (t *triggerer) Trigger(
log.Info().Str("pipeline", name).Msg("trigger: skipping pipeline, does not match action")
case skipRef(pipeline, base.Ref):
log.Info().Str("pipeline", name).Msg("trigger: skipping pipeline, does not match ref")
case skipRepo(pipeline, repo.Repository.Path):
case skipRepo(pipeline, repo.Path):
log.Info().Str("pipeline", name).Msg("trigger: skipping pipeline, does not match repo")
case skipCron(pipeline, base.Cron):
log.Info().Str("pipeline", name).Msg("trigger: skipping pipeline, does not match cron job")
@ -293,7 +289,7 @@ func (t *triggerer) Trigger(
}
stage := &types.Stage{
RepoID: repo.Repository.ID,
RepoID: repo.ID,
Number: int64(i + 1),
Name: match.Name,
Kind: match.Kind,
@ -346,7 +342,7 @@ func (t *triggerer) Trigger(
}
} else {
stages, err = parseV1Stages(
ctx, file.Data, repo, execution, t.templateStore, t.pluginStore)
ctx, file.Data, repo, execution, t.templateStore, t.pluginStore, t.publicAccess)
if err != nil {
return nil, fmt.Errorf("could not parse v1 YAML into stages: %w", err)
}
@ -406,10 +402,11 @@ func trunc(s string, i int) string {
func parseV1Stages(
ctx context.Context,
data []byte,
repo *repo.Repository,
repo *types.Repository,
execution *types.Execution,
templateStore store.TemplateStore,
pluginStore store.PluginStore,
publicaccess publicaccess.PublicAccess,
) ([]*types.Stage, error) {
stages := []*types.Stage{}
// For V1 YAML, just go through the YAML and create stages serially for now
@ -428,8 +425,14 @@ func parseV1Stages(
return nil, fmt.Errorf("cannot support non-pipeline kinds in v1 at the moment: %w", err)
}
// get repo public access
repoIsPublic, err := publicaccess.Get(ctx, enum.PublicResourceTypeRepo, repo.Path)
if err != nil {
return nil, fmt.Errorf("could not check repo public access: %w", err)
}
inputParams := map[string]interface{}{}
inputParams["repo"] = inputs.Repo(manager.ConvertToDroneRepo(repo))
inputParams["repo"] = inputs.Repo(manager.ConvertToDroneRepo(repo, repoIsPublic))
inputParams["build"] = inputs.Build(manager.ConvertToDroneBuild(execution))
var prevStage string
@ -476,7 +479,7 @@ func parseV1Stages(
status = enum.CIStatusPending
}
temp := &types.Stage{
RepoID: repo.Repository.ID,
RepoID: repo.ID,
Number: int64(idx + 1),
Name: stage.Id, // for v1, ID is the unique identifier per stage
Created: now,

15
app/services/exporter/repository.go
View File

@ -35,7 +35,6 @@ import (
"github.com/harness/gitness/types"
"github.com/harness/gitness/types/enum"
apiauth "github.com/harness/gitness/app/api/auth"
"github.com/rs/zerolog/log"
)
@ -117,16 +116,11 @@ func (r *Repository) RunManyForSpace(
jobDefinitions := make([]job.Definition, len(repos))
for i, repository := range repos {
isPublic, err := apiauth.CheckRepoIsPublic(ctx, r.publicAccess, repository)
if err != nil {
return fmt.Errorf("failed to check repo public visibility: %w", err)
}
repoJobData := Input{
Identifier: repository.Identifier,
ID: repository.ID,
Description: repository.Description,
IsPublic: isPublic,
IsPublic: false, // todo: use repository.IsPublic once public is available.
HarnessCodeInfo: *harnessCodeInfo,
}
@ -193,16 +187,11 @@ func (r *Repository) Handle(ctx context.Context, data string, _ job.ProgressRepo
return "", err
}
isPublic, err := apiauth.CheckRepoIsPublic(ctx, r.publicAccess, repository)
if err != nil {
return "", fmt.Errorf("failed to check if repo is public: %w", err)
}
remoteRepo, err := client.CreateRepo(ctx, repo.CreateInput{
Identifier: repository.Identifier,
DefaultBranch: repository.DefaultBranch,
Description: repository.Description,
IsPublic: isPublic,
IsPublic: false, // TODO: use apiauth.CheckRepoIsPublic once public access is deployed on HC.
Readme: false,
License: "",
GitIgnore: "",

10
app/services/publicaccess/public_access.go
View File

@ -17,7 +17,7 @@ package publicaccess
import (
"context"
"github.com/harness/gitness/types"
"github.com/harness/gitness/types/enum"
)
// PublicAccess is an abstraction of an entity responsible for managing public access to resources.
@ -31,8 +31,8 @@ type PublicAccess interface {
*/
Get(
ctx context.Context,
scope *types.Scope,
resource *types.Resource,
resourceType enum.PublicResourceType,
resourcePath string,
) (bool, error)
/*
@ -43,8 +43,8 @@ type PublicAccess interface {
*/
Set(
ctx context.Context,
scope *types.Scope,
resource *types.Resource,
resourceType enum.PublicResourceType,
resourcePath string,
enable bool,
) error
}

62
app/services/publicaccess/resources.go
View File

@ -18,70 +18,52 @@ import (
"context"
"fmt"
"github.com/harness/gitness/app/paths"
"github.com/harness/gitness/types"
"github.com/harness/gitness/types/enum"
)
func (s *Service) getPublicResource(
ctx context.Context,
scope *types.Scope,
resource *types.Resource,
) (*types.PublicResource, error) {
resType := resource.Type
// set scope type to space for checks within space scope.
if resource.Identifier == "" {
resType = enum.ResourceTypeSpace
}
var pubRes *types.PublicResource
resourceType enum.PublicResourceType,
resourcePath string,
) (int64, error) {
var id int64
var err error
switch resType {
case enum.ResourceTypeRepo:
pubRes, err = s.getResourceRepo(ctx, scope, resource)
case enum.ResourceTypeSpace:
pubRes, err = s.getResourceSpace(ctx, scope, resource)
switch resourceType {
case enum.PublicResourceTypeRepo:
id, err = s.getResourceRepo(ctx, resourcePath)
case enum.PublicResourceTypeSpace:
id, err = s.getResourceSpace(ctx, resourcePath)
default:
return nil, fmt.Errorf("invalid public resource type")
return 0, fmt.Errorf("invalid public resource type")
}
if err != nil {
return nil, fmt.Errorf("failed to get public resource: %w", err)
return 0, fmt.Errorf("failed to get public resource: %w", err)
}
return pubRes, nil
return id, nil
}
func (s *Service) getResourceRepo(
ctx context.Context,
scope *types.Scope,
resource *types.Resource,
) (*types.PublicResource, error) {
repoRef := paths.Concatenate(scope.SpacePath, resource.Identifier)
repo, err := s.repoStore.FindByRef(ctx, repoRef)
path string,
) (int64, error) {
repo, err := s.repoStore.FindByRef(ctx, path)
if err != nil {
return nil, fmt.Errorf("failed to find repo: %w", err)
return 0, fmt.Errorf("failed to find repo: %w", err)
}
return &types.PublicResource{
Type: enum.PublicResourceTypeRepo,
ID: repo.ID,
}, nil
return repo.ID, nil
}
func (s *Service) getResourceSpace(
ctx context.Context,
scope *types.Scope,
resource *types.Resource,
) (*types.PublicResource, error) {
spaceRef := paths.Concatenate(scope.SpacePath, resource.Identifier)
space, err := s.spaceStore.FindByRef(ctx, spaceRef)
path string,
) (int64, error) {
space, err := s.spaceStore.FindByRef(ctx, path)
if err != nil {
return nil, fmt.Errorf("failed to find space: %w", err)
return 0, fmt.Errorf("failed to find space: %w", err)
}
return &types.PublicResource{
Type: enum.PublicResourceTypeSpace,
ID: space.ID,
}, nil
return space.ID, nil
}

34
app/services/publicaccess/service.go
View File

@ -21,38 +21,38 @@ import (
"github.com/harness/gitness/app/store"
gitness_store "github.com/harness/gitness/store"
"github.com/harness/gitness/types"
"github.com/harness/gitness/types/enum"
)
type Service struct {
publicResourceStore store.PublicResource
repoStore store.RepoStore
spaceStore store.SpaceStore
publicAccessStore store.PublicAccessStore
repoStore store.RepoStore
spaceStore store.SpaceStore
}
func NewService(
publicResourceStore store.PublicResource,
publicAccessStore store.PublicAccessStore,
repoStore store.RepoStore,
spaceStore store.SpaceStore,
) PublicAccess {
return &Service{
publicResourceStore: publicResourceStore,
repoStore: repoStore,
spaceStore: spaceStore,
publicAccessStore: publicAccessStore,
repoStore: repoStore,
spaceStore: spaceStore,
}
}
func (s *Service) Get(
ctx context.Context,
scope *types.Scope,
resource *types.Resource,
resourceType enum.PublicResourceType,
resourcePath string,
) (bool, error) {
pubRes, err := s.getPublicResource(ctx, scope, resource)
pubResID, err := s.getPublicResource(ctx, resourceType, resourcePath)
if err != nil {
return false, err
}
err = s.publicResourceStore.Find(ctx, pubRes)
err = s.publicAccessStore.Find(ctx, resourceType, pubResID)
if errors.Is(err, gitness_store.ErrResourceNotFound) {
return false, nil
}
@ -65,22 +65,22 @@ func (s *Service) Get(
func (s *Service) Set(
ctx context.Context,
scope *types.Scope,
resource *types.Resource,
resourceType enum.PublicResourceType,
resourcePath string,
enable bool,
) error {
pubRes, err := s.getPublicResource(ctx, scope, resource)
pubResID, err := s.getPublicResource(ctx, resourceType, resourcePath)
if err != nil {
return err
}
if enable {
err := s.publicResourceStore.Create(ctx, pubRes)
err := s.publicAccessStore.Create(ctx, resourceType, pubResID)
if errors.Is(err, gitness_store.ErrDuplicate) {
return nil
}
return err
} else {
return s.publicResourceStore.Delete(ctx, pubRes)
return s.publicAccessStore.Delete(ctx, resourceType, pubResID)
}
}

4
app/services/publicaccess/wire.go
View File

@ -25,9 +25,9 @@ var WireSet = wire.NewSet(
)
func ProvidePublicAccess(
publicResources store.PublicResource,
publicAccessStore store.PublicAccessStore,
repoStore store.RepoStore,
spaceStore store.SpaceStore,
) PublicAccess {
return NewService(publicResources, repoStore, spaceStore)
return NewService(publicAccessStore, repoStore, spaceStore)
}

10
app/store/database.go
View File

@ -290,11 +290,11 @@ type (
ListSpaces(ctx context.Context, userID int64, filter types.MembershipSpaceFilter) ([]types.MembershipSpace, error)
}
// PublicResource defines the publicly accessible resources data storage.
PublicResource interface {
Find(ctx context.Context, pubRes *types.PublicResource) error
Create(ctx context.Context, pubRes *types.PublicResource) error
Delete(ctx context.Context, pubRes *types.PublicResource) error
// PublicAccessStore defines the publicly accessible resources data storage.
PublicAccessStore interface {
Find(ctx context.Context, typ enum.PublicResourceType, id int64) error
Create(ctx context.Context, typ enum.PublicResourceType, id int64) error
Delete(ctx context.Context, typ enum.PublicResourceType, id int64) error
}
// TokenStore defines the token data storage.

28
app/store/database/migrate/postgres/0051_create_table_public_resources.down.sql
View File

@ -1,28 +1,28 @@
-- copy public repositories
ALTER TABLE repositories ADD COLUMN repo_is_public;
ALTER TABLE repositories ADD COLUMN repo_is_public BOOLEAN;
UPDATE repositories
WHERE repo_id IN (
SELECT public_resource_repo_id
FROM public_resources
WHERE public_resource_repo_id IS NOT NULL;
SELECT public_access_repo_id
FROM public_access
WHERE public_access_repo_id IS NOT NULL;
) SET
repo_is_public = TRUE;
-- copy public spaces
ALTER TABLE spaces ADD COLUMN space_is_public;
ALTER TABLE spaces ADD COLUMN space_is_public BOOLEAN;
-- update public resources
-- update public access
UPDATE spaces
WHERE space_id IN (
SELECT public_resource_space_id
FROM public_resources
WHERE public_resource_space_id IS NOT NULL;
SELECT public_access_space_id
FROM public_access
WHERE public_access_space_id IS NOT NULL;
) SET
sapce_is_public = TRUE;
space_is_public = TRUE;
-- clear public_resoureces
DROP INDEX public_resource_space_id_key;
DROP INDEX public_resource_repo_id_key;
DROP TABLE public_resources;
-- clear public access
DROP INDEX public_access_space_id_key;
DROP INDEX public_access_repo_id_key;
DROP TABLE public_access;

42
app/store/database/migrate/postgres/0051_create_table_public_resources.up.sql
View File

@ -1,48 +1,44 @@
CREATE TABLE public_resources (
public_resource_id SERIAL PRIMARY KEY
,public_resource_space_id INTEGER
,public_resource_repo_id INTEGER
CREATE TABLE public_access (
public_access_id SERIAL PRIMARY KEY
,public_access_space_id INTEGER
,public_access_repo_id INTEGER
,CONSTRAINT fk_public_resource_space_id FOREIGN KEY (public_resource_space_id)
,CONSTRAINT fk_public_access_space_id FOREIGN KEY (public_access_space_id)
REFERENCES spaces (space_id) MATCH SIMPLE
ON UPDATE NO ACTION
ON DELETE CASCADE
,CONSTRAINT fk_public_resource_repo_id FOREIGN KEY (public_resource_repo_id)
,CONSTRAINT fk_public_access_repo_id FOREIGN KEY (public_access_repo_id)
REFERENCES repositories (repo_id) MATCH SIMPLE
ON UPDATE NO ACTION
ON DELETE CASCADE
);
CREATE UNIQUE INDEX public_resource_space_id_key
ON public_resources(public_resource_space_id)
WHERE public_resource_space_id IS NOT NULL;
CREATE UNIQUE INDEX public_access_space_id_key
ON public_access(public_access_space_id)
WHERE public_access_space_id IS NOT NULL;
CREATE UNIQUE INDEX public_resource_repo_id_key
ON public_resources(public_resource_repo_id)
WHERE public_resource_repo_id IS NOT NULL;
CREATE UNIQUE INDEX public_access_repo_id_key
ON public_access(public_access_repo_id)
WHERE public_access_repo_id IS NOT NULL;
-- move public repos into public_resource
INSERT INTO public_resources (
public_resource_space_id
,public_resource_repo_id
-- move public repos into public_access
INSERT INTO public_access (
public_access_repo_id
)
SELECT
NULL
,repo_id
repo_id
FROM repositories
WHERE repo_is_public = TRUE;
-- alter repo table
ALTER TABLE repositories DROP COLUMN repo_is_public;
-- move public spaces into public_resource
INSERT INTO public_resources (
public_resource_space_id
,public_resource_repo_id
-- move public spaces into public_access
INSERT INTO public_access (
public_access_space_id
)
SELECT
space_id
,NULL
FROM spaces
WHERE space_is_public = TRUE;

28
app/store/database/migrate/sqlite/0051_create_table_public_resources.down.sql
View File

@ -1,28 +1,28 @@
-- copy public repositories
ALTER TABLE repositories ADD COLUMN repo_is_public;
ALTER TABLE repositories ADD COLUMN repo_is_public BOOLEAN;
UPDATE repositories
WHERE repo_id IN (
SELECT public_resource_repo_id
FROM public_resources
WHERE public_resource_repo_id IS NOT NULL;
SELECT public_access_repo_id
FROM public_access
WHERE public_access_repo_id IS NOT NULL;
) SET
repo_is_public = TRUE;
-- copy public spaces
ALTER TABLE spaces ADD COLUMN space_is_public;
ALTER TABLE spaces ADD COLUMN space_is_public BOOLEAN;
-- update public resources
-- update public access
UPDATE spaces
WHERE space_id IN (
SELECT public_resource_space_id
FROM public_resources
WHERE public_resource_space_id IS NOT NULL;
SELECT public_access_space_id
FROM public_access
WHERE public_access_space_id IS NOT NULL;
) SET
sapce_is_public = TRUE;
space_is_public = TRUE;
-- clear public_resoureces
DROP INDEX public_resource_space_id_key;
DROP INDEX public_resource_repo_id_key;
DROP TABLE public_resources;
-- clear public_access
DROP INDEX public_access_space_id_key;
DROP INDEX public_access_repo_id_key;
DROP TABLE public_access;

42
app/store/database/migrate/sqlite/0051_create_table_public_resources.up.sql
View File

@ -1,48 +1,44 @@
CREATE TABLE public_resources (
public_resource_id INTEGER PRIMARY KEY AUTOINCREMENT
,public_resource_space_id INTEGER
,public_resource_repo_id INTEGER
CREATE TABLE public_access (
public_access_id INTEGER PRIMARY KEY AUTOINCREMENT
,public_access_space_id INTEGER
,public_access_repo_id INTEGER
,CONSTRAINT fk_public_resource_space_id FOREIGN KEY (public_resource_space_id)
,CONSTRAINT fk_public_access_space_id FOREIGN KEY (public_access_space_id)
REFERENCES spaces (space_id) MATCH SIMPLE
ON UPDATE NO ACTION
ON DELETE CASCADE
,CONSTRAINT fk_public_resource_repo_id FOREIGN KEY (public_resource_repo_id)
,CONSTRAINT fk_public_access_repo_id FOREIGN KEY (public_access_repo_id)
REFERENCES repositories (repo_id) MATCH SIMPLE
ON UPDATE NO ACTION
ON DELETE CASCADE
);
CREATE UNIQUE INDEX public_resource_space_id_key
ON public_resources(public_resource_space_id)
WHERE public_resource_space_id IS NOT NULL;
CREATE UNIQUE INDEX public_access_space_id_key
ON public_access(public_access_space_id)
WHERE public_access_space_id IS NOT NULL;
CREATE UNIQUE INDEX public_resource_repo_id_key
ON public_resources(public_resource_repo_id)
WHERE public_resource_repo_id IS NOT NULL;
CREATE UNIQUE INDEX public_access_repo_id_key
ON public_access(public_access_repo_id)
WHERE public_access_repo_id IS NOT NULL;
-- move public repos into public_resource
INSERT INTO public_resources (
public_resource_space_id
,public_resource_repo_id
-- move public repos into public_access
INSERT INTO public_access (
public_access_repo_id
)
SELECT
NULL
,repo_id
repo_id
FROM repositories
WHERE repo_is_public = TRUE;
-- alter repo table
ALTER TABLE repositories DROP COLUMN repo_is_public;
-- move public spaces into public_resource
INSERT INTO public_resources (
public_resource_space_id
,public_resource_repo_id
-- move public spaces into public_access
INSERT INTO public_access (
public_access_space_id
)
SELECT
space_id
,NULL
FROM spaces
WHERE space_is_public = TRUE;

82
app/store/database/public_resource.go → app/store/database/public_access.go
View File

@ -21,56 +21,56 @@ import (
"github.com/harness/gitness/app/store"
"github.com/harness/gitness/store/database"
"github.com/harness/gitness/store/database/dbtx"
"github.com/harness/gitness/types"
"github.com/harness/gitness/types/enum"
"github.com/guregu/null"
"github.com/jmoiron/sqlx"
)
var _ store.PublicResource = (*PublicResourcesStore)(nil)
var _ store.PublicAccessStore = (*PublicAccessStore)(nil)
// NewPublicResourcesStore returns a new PublicResourcesStore.
func NewPublicResourcesStore(db *sqlx.DB) *PublicResourcesStore {
return &PublicResourcesStore{
// NewPublicAccessStore returns a new PublicAccessStore.
func NewPublicAccessStore(db *sqlx.DB) *PublicAccessStore {
return &PublicAccessStore{
db: db,
}
}
// PublicResourcesStore implements store.SettingsStore backed by a relational database.
type PublicResourcesStore struct {
// PublicAccessStore implements store.PublicAccessStore backed by a relational database.
type PublicAccessStore struct {
db *sqlx.DB
}
type publicResource struct {
ID int64 `db:"public_resource_id"`
SpaceID null.Int `db:"public_resource_space_id"`
RepoID null.Int `db:"public_resource_repo_id"`
type publicAccess struct {
ID int64 `db:"public_access_id"`
SpaceID null.Int `db:"public_access_space_id"`
RepoID null.Int `db:"public_access_repo_id"`
}
const (
publicResourceColumns = `
public_resource_id
,public_resource_space_id
,public_resource_repo_id
publicAccessColumns = `
public_access_id
,public_access_space_id
,public_access_repo_id
`
)
func (p *PublicResourcesStore) Find(
func (p *PublicAccessStore) Find(
ctx context.Context,
pubRes *types.PublicResource,
typ enum.PublicResourceType,
id int64,
) error {
stmt := database.Builder.
Select(publicResourceColumns).
From("public_resources")
Select(publicAccessColumns).
From("public_access")
switch pubRes.Type {
switch typ {
case enum.PublicResourceTypeRepo:
stmt = stmt.Where("public_resource_repo_id = ?", pubRes.ID)
stmt = stmt.Where("public_access_repo_id = ?", id)
case enum.PublicResourceTypeSpace:
stmt = stmt.Where("public_resource_space_id = ?", pubRes.ID)
stmt = stmt.Where("public_access_space_id = ?", id)
default:
return fmt.Errorf("public resource type %q is not supported", pubRes.Type)
return fmt.Errorf("public resource type %q is not supported", typ)
}
sql, args, err := stmt.ToSql()
@ -80,7 +80,7 @@ func (p *PublicResourcesStore) Find(
db := dbtx.GetAccessor(ctx, p.db)
dst := &publicResource{}
dst := &publicAccess{}
if err = db.GetContext(ctx, dst, sql, args...); err != nil {
return database.ProcessSQLErrorf(ctx, err, "Select query failed")
}
@ -88,25 +88,26 @@ func (p *PublicResourcesStore) Find(
return nil
}
func (p *PublicResourcesStore) Create(
func (p *PublicAccessStore) Create(
ctx context.Context,
pubRes *types.PublicResource,
typ enum.PublicResourceType,
id int64,
) error {
stmt := database.Builder.
Insert("").
Into("public_resources").
Into("public_access").
Columns(
"public_resource_space_id",
"public_resource_repo_id",
"public_access_space_id",
"public_access_repo_id",
)
switch pubRes.Type {
switch typ {
case enum.PublicResourceTypeRepo:
stmt = stmt.Values(null.Int{}, null.IntFrom(pubRes.ID))
stmt = stmt.Values(null.Int{}, null.IntFrom(id))
case enum.PublicResourceTypeSpace:
stmt = stmt.Values(null.IntFrom(pubRes.ID), null.Int{})
stmt = stmt.Values(null.IntFrom(id), null.Int{})
default:
return fmt.Errorf("public resource type %q is not supported", pubRes.Type)
return fmt.Errorf("public resource type %q is not supported", typ)
}
sql, args, err := stmt.ToSql()
@ -123,20 +124,21 @@ func (p *PublicResourcesStore) Create(
return nil
}
func (p *PublicResourcesStore) Delete(
func (p *PublicAccessStore) Delete(
ctx context.Context,
pubRes *types.PublicResource,
typ enum.PublicResourceType,
id int64,
) error {
stmt := database.Builder.
Delete("public_resources")
Delete("public_access")
switch pubRes.Type {
switch typ {
case enum.PublicResourceTypeRepo:
stmt = stmt.Where("public_resource_repo_id = ?", pubRes.ID)
stmt = stmt.Where("public_access_repo_id = ?", id)
case enum.PublicResourceTypeSpace:
stmt = stmt.Where("public_resource_space_id = ?", pubRes.ID)
stmt = stmt.Where("public_access_space_id = ?", id)
default:
return fmt.Errorf("public resource type %q is not supported", pubRes.Type)
return fmt.Errorf("public resource type %q is not supported", typ)
}
sql, args, err := stmt.ToSql()

8
app/store/database/wire.go
View File

@ -53,7 +53,7 @@ var WireSet = wire.NewSet(
ProvideWebhookStore,
ProvideWebhookExecutionStore,
ProvideSettingsStore,
ProvidePublicResourcesStore,
ProvidePublicPublicAccessStore,
ProvideCheckStore,
ProvideConnectorStore,
ProvideTemplateStore,
@ -249,7 +249,7 @@ func ProvideSettingsStore(db *sqlx.DB) store.SettingsStore {
return NewSettingsStore(db)
}
// ProvidePublicResourcesStore provides a pulic resources store.
func ProvidePublicResourcesStore(db *sqlx.DB) store.PublicResource {
return NewPublicResourcesStore(db)
// ProvidePublicPublicAccessStore provides a pulic access store.
func ProvidePublicPublicAccessStore(db *sqlx.DB) store.PublicAccessStore {
return NewPublicAccessStore(db)
}

8
cmd/gitness/wire_gen.go
View File

@ -115,9 +115,9 @@ func initSystem(ctx context.Context, config *types.Config) (*server.System, erro
principalInfoCache := cache.ProvidePrincipalInfoCache(principalInfoView)
membershipStore := database.ProvideMembershipStore(db, principalInfoCache, spacePathStore, spaceStore)
permissionCache := authz.ProvidePermissionCache(spaceStore, membershipStore)
publicResource := database.ProvidePublicResourcesStore(db)
publicAccessStore := database.ProvidePublicPublicAccessStore(db)
repoStore := database.ProvideRepoStore(db, spacePathCache, spacePathStore, spaceStore)
publicAccess := publicaccess.ProvidePublicAccess(publicResource, repoStore, spaceStore)
publicAccess := publicaccess.ProvidePublicAccess(publicAccessStore, repoStore, spaceStore)
authorizer := authz.ProvideAuthorizer(permissionCache, spaceStore, publicAccess)
principalUIDTransformation := store.ProvidePrincipalUIDTransformation()
principalStore := database.ProvidePrincipalStore(db, principalUIDTransformation)
@ -201,7 +201,7 @@ func initSystem(ctx context.Context, config *types.Config) (*server.System, erro
repoIdentifier := check.ProvideRepoIdentifierCheck()
repoCheck := repo.ProvideRepoCheck()
repoController := repo.ProvideController(config, transactor, provider, authorizer, repoStore, spaceStore, pipelineStore, principalStore, ruleStore, settingsService, principalInfoCache, protectionManager, gitInterface, repository, codeownersService, reporter, indexer, resourceLimiter, lockerLocker, auditService, mutexManager, repoIdentifier, repoCheck, publicAccess)
reposettingsController := reposettings.ProvideController(authorizer, repoStore, settingsService, publicAccess, auditService)
reposettingsController := reposettings.ProvideController(authorizer, repoStore, settingsService, auditService)
executionStore := database.ProvideExecutionStore(db)
checkStore := database.ProvideCheckStore(db, principalInfoCache)
stageStore := database.ProvideStageStore(db)
@ -268,7 +268,7 @@ func initSystem(ctx context.Context, config *types.Config) (*server.System, erro
if err != nil {
return nil, err
}
webhookController := webhook2.ProvideController(webhookConfig, authorizer, webhookStore, webhookExecutionStore, repoStore, webhookService, encrypter, publicAccess)
webhookController := webhook2.ProvideController(webhookConfig, authorizer, webhookStore, webhookExecutionStore, repoStore, webhookService, encrypter)
reporter2, err := events4.ProvideReporter(eventsSystem)
if err != nil {
return nil, err

2
types/enum/public_resource.go
View File

@ -20,7 +20,7 @@ func (PublicResourceType) Enum() []interface{} {
return toInterfaceSlice(GetAllPublicResourceTypes())
}
var (
const (
PublicResourceTypeRepo PublicResourceType = "repository"
PublicResourceTypeSpace PublicResourceType = "space"
)

12
types/repo.go
View File

@ -70,6 +70,18 @@ func (r Repository) MarshalJSON() ([]byte, error) {
})
}
// Clone makes deep copy of repository object.
func (r Repository) Clone() Repository {
var deleted *int64
if r.Deleted != nil {
id := *r.Deleted
deleted = &id
}
r.Deleted = deleted
return r
}
type RepositorySizeInfo struct {
ID int64 `json:"id"`
GitUID string `json:"git_uid"`