-
Notifications
You must be signed in to change notification settings - Fork 5k
/
repocreds.go
122 lines (107 loc) · 4.1 KB
/
repocreds.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
package repocreds
import (
"reflect"
"github.com/argoproj/argo-cd/v2/util/argo"
"context"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
repocredspkg "github.com/argoproj/argo-cd/v2/pkg/apiclient/repocreds"
appsv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
"github.com/argoproj/argo-cd/v2/reposerver/apiclient"
"github.com/argoproj/argo-cd/v2/server/rbacpolicy"
"github.com/argoproj/argo-cd/v2/util/db"
"github.com/argoproj/argo-cd/v2/util/rbac"
"github.com/argoproj/argo-cd/v2/util/settings"
)
// Server provides a Repository service
type Server struct {
db db.ArgoDB
repoClientset apiclient.Clientset
enf *rbac.Enforcer
settings *settings.SettingsManager
}
// NewServer returns a new instance of the Repository service
func NewServer(
repoClientset apiclient.Clientset,
db db.ArgoDB,
enf *rbac.Enforcer,
settings *settings.SettingsManager,
) *Server {
return &Server{
db: db,
repoClientset: repoClientset,
enf: enf,
settings: settings,
}
}
// ListRepositoryCredentials returns a list of all configured repository credential sets
func (s *Server) ListRepositoryCredentials(ctx context.Context, q *repocredspkg.RepoCredsQuery) (*appsv1.RepoCredsList, error) {
urls, err := s.db.ListRepositoryCredentials(ctx)
if err != nil {
return nil, err
}
items := make([]appsv1.RepoCreds, 0)
for _, url := range urls {
if s.enf.Enforce(ctx.Value("claims"), rbacpolicy.ResourceRepositories, rbacpolicy.ActionGet, url) {
repo, err := s.db.GetRepositoryCredentials(ctx, url)
if err != nil {
return nil, err
}
if repo != nil {
items = append(items, appsv1.RepoCreds{
URL: url,
Username: repo.Username,
})
}
}
}
return &appsv1.RepoCredsList{Items: items}, nil
}
// CreateRepositoryCredentials creates a new credential set in the configuration
func (s *Server) CreateRepositoryCredentials(ctx context.Context, q *repocredspkg.RepoCredsCreateRequest) (*appsv1.RepoCreds, error) {
if q.Creds == nil {
return nil, status.Errorf(codes.InvalidArgument, "missing payload in request")
}
if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceRepositories, rbacpolicy.ActionCreate, q.Creds.URL); err != nil {
return nil, err
}
r := q.Creds
if r.URL == "" {
return nil, status.Errorf(codes.InvalidArgument, "must specify URL")
}
_, err := s.db.CreateRepositoryCredentials(ctx, r)
if status.Convert(err).Code() == codes.AlreadyExists {
// act idempotent if existing spec matches new spec
existing, getErr := s.db.GetRepositoryCredentials(ctx, r.URL)
if getErr != nil {
return nil, status.Errorf(codes.Internal, "unable to check existing repository credentials details: %v", getErr)
}
if reflect.DeepEqual(existing, r) {
err = nil
} else if q.Upsert {
return s.UpdateRepositoryCredentials(ctx, &repocredspkg.RepoCredsUpdateRequest{Creds: r})
} else {
return nil, status.Errorf(codes.InvalidArgument, argo.GenerateSpecIsDifferentErrorMessage("repository credentials", existing, r))
}
}
return &appsv1.RepoCreds{URL: r.URL}, err
}
// UpdateRepositoryCredentials updates a repository credential set
func (s *Server) UpdateRepositoryCredentials(ctx context.Context, q *repocredspkg.RepoCredsUpdateRequest) (*appsv1.RepoCreds, error) {
if q.Creds == nil {
return nil, status.Errorf(codes.InvalidArgument, "missing payload in request")
}
if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceRepositories, rbacpolicy.ActionUpdate, q.Creds.URL); err != nil {
return nil, err
}
_, err := s.db.UpdateRepositoryCredentials(ctx, q.Creds)
return &appsv1.RepoCreds{URL: q.Creds.URL}, err
}
// DeleteRepositoryCredentials removes a credential set from the configuration
func (s *Server) DeleteRepositoryCredentials(ctx context.Context, q *repocredspkg.RepoCredsDeleteRequest) (*repocredspkg.RepoCredsResponse, error) {
if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceRepositories, rbacpolicy.ActionDelete, q.Url); err != nil {
return nil, err
}
err := s.db.DeleteRepositoryCredentials(ctx, q.Url)
return &repocredspkg.RepoCredsResponse{}, err
}