chore: remove unused cloud team and org sync code

internal/authenticator/helper_test.go

@@ -20,13 +20,13 @@ type (
 	}
 
 	fakeOAuthClient struct {
-		user *cloud.User
+		user cloud.User
 		oauthClient
 		token *oauth2.Token
 	}
 
 	fakeCloudClient struct {
-		user *cloud.User
+		user cloud.User
 		cloud.Client
 	}
 )
@@ -44,7 +44,7 @@ func (f *fakeOAuthClient) NewClient(context.Context, *oauth2.Token) (cloud.Clien
 	return &fakeCloudClient{user: f.user}, nil
 }
 
-func (f *fakeCloudClient) GetUser(context.Context) (*cloud.User, error) {
+func (f *fakeCloudClient) GetCurrentUser(context.Context) (cloud.User, error) {
 	return f.user, nil
 }
 

internal/authenticator/oauth_authenticator.go

@@ -42,7 +42,7 @@ func (a *oauthAuthenticator) ResponseHandler(w http.ResponseWriter, r *http.Requ
 	ctx := internal.AddSubjectToContext(r.Context(), &internal.Superuser{Username: "authenticator"})
 
 	// Get cloud user
-	cuser, err := client.GetUser(ctx)
+	cuser, err := client.GetCurrentUser(ctx)
 	if err != nil {
 		html.Error(w, err.Error(), http.StatusInternalServerError, false)
 		return

internal/authenticator/oauth_authenticator_test.go

@@ -12,20 +12,12 @@ import (
 )
 
 func TestOAuthAuthenticator_ResponseHandler(t *testing.T) {
-	user := cloud.User{
-		Name: "fake-user",
-		Teams: []cloud.Team{
-			{
-				Name:         "fake-team",
-				Organization: "fake-org",
-			},
-		},
-	}
+	user := cloud.User{Name: "fake-user"}
 
 	authenticator := &oauthAuthenticator{
 		TokensService: &fakeAuthenticatorService{},
 		oauthClient: &fakeOAuthClient{
-			user:  &user,
+			user:  user,
 			token: &oauth2.Token{},
 		},
 	}

internal/authenticator/oidc_authenticator.go

@@ -117,28 +117,11 @@ func (o oidcAuthenticator) ResponseHandler(w http.ResponseWriter, r *http.Reques
 		return
 	}
 
-	// Get claims user
-	user, err := o.getUserFromClaims(claims)
-	if err != nil {
-		html.Error(w, err.Error(), http.StatusInternalServerError, false)
-		return
-	}
-
 	err = o.StartSession(w, r, tokens.StartSessionOptions{
-		Username: &user.Name,
+		Username: &claims.Name,
 	})
 	if err != nil {
 		html.Error(w, err.Error(), http.StatusInternalServerError, false)
 		return
 	}
 }
-
-// getUserFromClaims returns a cloud.User given a user's claims.
-func (o oidcAuthenticator) getUserFromClaims(claims oidcClaims) (*cloud.User, error) {
-	var teams []cloud.Team
-
-	return &cloud.User{
-		Name:  claims.Name,
-		Teams: teams,
-	}, nil
-}

internal/cloud/client.go

@@ -6,7 +6,8 @@ import (
 
 type (
 	Client interface {
-		GetUser(ctx context.Context) (*User, error)
+		// GetCurrentUser retrieves the current user
+		GetCurrentUser(ctx context.Context) (User, error)
 		// ListRepositories lists repositories accessible to the current user.
 		ListRepositories(ctx context.Context, opts ListRepositoriesOptions) ([]string, error)
 		GetRepository(ctx context.Context, identifier string) (Repository, error)

internal/cloud/user.go

@@ -3,41 +3,6 @@ package cloud
 type (
 	// User is a user account on a cloud provider.
 	User struct {
-		Name  string
-		Teams []Team // team memberships
-	}
-
-	// Team is a team account on a cloud provider.
-	Team struct {
-		Name         string
-		Organization string // team belongs to an organization
+		Name string
 	}
 )
-
-func (u User) IsOwner(organization string) bool {
-	for _, team := range u.Teams {
-		if team.Organization == organization {
-			if team.IsOwners() {
-				return true
-			}
-		}
-	}
-	return false
-}
-
-func (u User) Organizations() (organizations []string) {
-	// De-dup organizations
-	seen := make(map[string]bool)
-	for _, t := range u.Teams {
-		if _, ok := seen[t.Organization]; ok {
-			continue
-		}
-		organizations = append(organizations, t.Organization)
-		seen[t.Organization] = true
-	}
-	return organizations
-}
-
-func (t Team) IsOwners() bool {
-	return t.Name == "owners"
-}

internal/github/client.go

@@ -68,56 +68,12 @@ func NewEnterpriseClient(hostname string, httpClient *http.Client) (*github.Clie
 		httpClient)
 }
 
-// GetUser retrieves a user from github along with their team memberships.
-// They are determined to be in the owners team if either:
-// (a) they are a member of a github team called 'owners'
-// (b) they are an admin of a github organization.
-func (g *Client) GetUser(ctx context.Context) (*cloud.User, error) {
+func (g *Client) GetCurrentUser(ctx context.Context) (cloud.User, error) {
 	guser, _, err := g.client.Users.Get(ctx, "")
 	if err != nil {
-		return nil, err
-	}
-
-	gteams, _, err := g.client.Teams.ListUserTeams(ctx, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	user := cloud.User{Name: guser.GetLogin()}
-
-	// Convert each github team to a cloud team. Use the github slug rather than
-	// the github name because the latter often contains whitespace, and OTF
-	// names should not contain whitespace.
-	for _, gteam := range gteams {
-		user.Teams = append(user.Teams, cloud.Team{
-			Name:         gteam.GetSlug(),
-			Organization: gteam.GetOrganization().GetLogin(),
-		})
-	}
-
-	// check if they are an admin of any orgs; if so, make them an owner.
-	organizations, _, err := g.client.Organizations.List(ctx, "", nil)
-	if err != nil {
-		return nil, err
-	}
-	for _, org := range organizations {
-		if user.IsOwner(org.GetLogin()) {
-			// user already determined to be an owner, so skip this check.
-			continue
-		}
-		membership, _, err := g.client.Organizations.GetOrgMembership(ctx, "", org.GetLogin())
-		if err != nil {
-			return nil, err
-		}
-		if membership.GetRole() == "admin" {
-			user.Teams = append(user.Teams, cloud.Team{
-				Name:         "owners",
-				Organization: org.GetLogin(),
-			})
-		}
+		return cloud.User{}, err
 	}
-
-	return &user, nil
+	return cloud.User{Name: guser.GetLogin()}, nil
 }
 
 func (g *Client) GetRepository(ctx context.Context, identifier string) (cloud.Repository, error) {

internal/github/client_test.go

@@ -16,25 +16,13 @@ import (
 
 func TestGetUser(t *testing.T) {
 	ctx := context.Background()
-	want := cloud.User{
-		Name: "fake-user",
-		Teams: []cloud.Team{
-			{
-				Name:         "fake-team",
-				Organization: "fake-org",
-			},
-		},
-	}
+	want := cloud.User{Name: "fake-user"}
 	client := newTestServerClient(t, WithUser(&want))
 
-	got, err := client.GetUser(ctx)
+	got, err := client.GetCurrentUser(ctx)
 	require.NoError(t, err)
 
 	assert.Equal(t, want.Name, got.Name)
-	if assert.Equal(t, 1, len(got.Teams)) {
-		assert.Equal(t, "fake-team", got.Teams[0].Name)
-		assert.Equal(t, "fake-org", got.Teams[0].Organization)
-	}
 }
 
 func TestGetRepository(t *testing.T) {

internal/github/test_server.go

@@ -119,41 +119,6 @@ func NewTestServer(t *testing.T, opts ...TestServerOption) (*TestServer, cloud.C
 			w.Header().Add("Content-Type", "application/json")
 			w.Write(out)
 		})
-		mux.HandleFunc("/api/v3/user/orgs", func(w http.ResponseWriter, r *http.Request) {
-			var orgs []*github.Organization
-			for _, org := range srv.user.Organizations() {
-				orgs = append(orgs, &github.Organization{Login: internal.String(org)})
-			}
-			out, err := json.Marshal(orgs)
-			require.NoError(t, err)
-			w.Header().Add("Content-Type", "application/json")
-			w.Write(out)
-		})
-		for _, org := range srv.user.Organizations() {
-			mux.HandleFunc("/api/v3/user/memberships/orgs/"+org, func(w http.ResponseWriter, r *http.Request) {
-				out, err := json.Marshal(&github.Membership{
-					Role: internal.String("member"),
-				})
-				require.NoError(t, err)
-				w.Header().Add("Content-Type", "application/json")
-				w.Write(out)
-			})
-		}
-		mux.HandleFunc("/api/v3/user/teams", func(w http.ResponseWriter, r *http.Request) {
-			var teams []*github.Team
-			for _, team := range srv.user.Teams {
-				teams = append(teams, &github.Team{
-					Slug: internal.String(team.Name),
-					Organization: &github.Organization{
-						Login: internal.String(team.Organization),
-					},
-				})
-			}
-			out, err := json.Marshal(teams)
-			require.NoError(t, err)
-			w.Header().Add("Content-Type", "application/json")
-			w.Write(out)
-		})
 	}
 	mux.HandleFunc("/api/v3/user/repos", func(w http.ResponseWriter, r *http.Request) {
 		repos := []*github.Repository{{FullName: srv.repo}}

internal/gitlab/client.go

@@ -47,50 +47,12 @@ func NewClient(ctx context.Context, cfg cloud.ClientOptions) (*Client, error) {
 	return &Client{client: client}, nil
 }
 
-// GetUser retrieves a user. Their team memberships are determined based on
-// their access level in their gitlab groups, e.g. a user with owners access
-// level on group acme maps to a user in the owners team in the acme
-// organization.
-func (g *Client) GetUser(ctx context.Context) (*cloud.User, error) {
+func (g *Client) GetCurrentUser(ctx context.Context) (cloud.User, error) {
 	guser, _, err := g.client.Users.CurrentUser()
 	if err != nil {
-		return nil, err
-	}
-	groups, _, err := g.client.Groups.ListGroups(&gitlab.ListGroupsOptions{
-		TopLevelOnly: internal.Bool(true),
-	})
-	if err != nil {
-		return nil, err
-	}
-
-	user := cloud.User{Name: guser.Username}
-	for _, group := range groups {
-		// Get group membership info
-		membership, _, err := g.client.GroupMembers.GetGroupMember(group.ID, guser.ID)
-		if err != nil {
-			return nil, err
-		}
-		var team string
-		switch membership.AccessLevel {
-		case gitlab.OwnerPermissions:
-			team = "owners"
-		case gitlab.DeveloperPermissions:
-			team = "developers"
-		case gitlab.MaintainerPermissions:
-			team = "maintainers"
-		case gitlab.ReporterPermissions:
-			team = "reporters"
-		case gitlab.GuestPermissions:
-			team = "guests"
-		default:
-			return nil, fmt.Errorf("unknown gitlab access level: %d", membership.AccessLevel)
-		}
-		user.Teams = append(user.Teams, cloud.Team{
-			Name:         team,
-			Organization: group.Path,
-		})
+		return cloud.User{}, err
 	}
-	return &user, nil
+	return cloud.User{Name: guser.Username}, nil
 }
 
 func (g *Client) GetRepository(ctx context.Context, identifier string) (cloud.Repository, error) {

internal/gitlab/client_test.go

@@ -18,26 +18,14 @@ func TestClient(t *testing.T) {
 	ctx := context.Background()
 
 	t.Run("GetUser", func(t *testing.T) {
-		want := cloud.User{
-			Name: "fake-user",
-			Teams: []cloud.Team{
-				{
-					Name:         "maintainers",
-					Organization: "fake-org",
-				},
-			},
-		}
+		want := cloud.User{Name: "fake-user"}
 
 		provider := newTestClient(t, WithGitlabUser(&want))
 
-		user, err := provider.GetUser(ctx)
+		user, err := provider.GetCurrentUser(ctx)
 		require.NoError(t, err)
 
 		assert.Equal(t, "fake-user", user.Name)
-		if assert.Equal(t, 1, len(user.Teams)) {
-			assert.Equal(t, "maintainers", user.Teams[0].Name)
-			assert.Equal(t, "fake-org", user.Teams[0].Organization)
-		}
 	})
 
 	t.Run("GetRepository", func(t *testing.T) {

internal/gitlab/test_server.go

@@ -120,24 +120,6 @@ type TestGitlabServerOption func(*testServerDB)
 func WithGitlabUser(user *cloud.User) TestGitlabServerOption {
 	return func(db *testServerDB) {
 		db.user = &gitlab.User{Username: user.Name, ID: 1}
-		db.access = make(map[int]gitlab.AccessLevelValue)
-
-		for i, org := range user.Organizations() {
-			db.groups = append(db.groups, &gitlab.Group{
-				ID:   i,
-				Path: org,
-			})
-			// find team belonging to organization and map team name to gitlab
-			// access level
-			for i, team := range user.Teams {
-				if team.Organization == org {
-					switch team.Name {
-					case "maintainers":
-						db.access[i] = gitlab.MaintainerPermissions
-					}
-				}
-			}
-		}
 	}
 }
 

internal/integration/github_login_test.go

@@ -30,15 +30,7 @@ func TestGithubLogin(t *testing.T) {
 			},
 		},
 	}
-	user := cloud.User{
-		Name: "bobby",
-		Teams: []cloud.Team{
-			{
-				Name:         "owners",
-				Organization: "acme-corp",
-			},
-		},
-	}
+	user := cloud.User{Name: "bobby"}
 	svc, _, _ := setup(t, &cfg, github.WithUser(&user))
 
 	browser.Run(t, nil, chromedp.Tasks{