Allow registering private repos specified in github.allowed_private_r…

…epos (#1316) Allow registering private repos if the corresponding feature is enabled for the project
stacklok · Oct 30, 2023 · 973f103 · 973f103
1 parent c8c340c
commit 973f103
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 13 deletions.
diff --git a/internal/controlplane/handlers_githubwebhooks.go b/internal/controlplane/handlers_githubwebhooks.go
@@ -238,6 +238,7 @@ func handleParseError(typ string, parseErr error) webhookEventState {
 func (s *Server) registerWebhookForRepository(
 	ctx context.Context,
 	pbuild *providers.ProviderBuilder,
+	projectID uuid.UUID,
 	repositories []UpstreamRepositoryReference,
 	ghEvents []string,
 ) ([]*pb.RegisterRepoResult, error) {
@@ -279,7 +280,7 @@ func (s *Server) registerWebhookForRepository(
 		}
 
 		// skip if we try to register a private repository
-		if repoGet.GetPrivate() {
+		if repoGet.GetPrivate() && !projectAllowsPrivateRepos(ctx, s.store, projectID) {
 			errorStr := "repository is private"
 			regResult.Status.Error = &errorStr
 			registerData = append(registerData, regResult)
@@ -997,21 +998,11 @@ func getRepoInformationFromPayload(
 		return db.Repository{}, fmt.Errorf("unable to determine repository for event: %w", errRepoNotFound)
 	}
 
-	// ignore processing webhooks for private repositories
-	isPrivate, ok := repoInfo["private"].(bool)
-	if ok {
-		if isPrivate {
-			return db.Repository{}, errRepoIsPrivate
-		}
-	}
-
 	id, err := parseRepoID(repoInfo["id"])
 	if err != nil {
 		return db.Repository{}, fmt.Errorf("error parsing repository ID: %w", err)
 	}
 
-	log.Printf("handling event for repository %d", id)
-
 	// At this point, we're unsure what the group ID is, so we need to look it up.
 	// It's the same case for the provider. We can gather this information from the
 	// repository ID.
@@ -1030,6 +1021,16 @@ func getRepoInformationFromPayload(
 			dbrepo.RepoOwner, dbrepo.RepoName, errRepoNotFound)
 	}
 
+	// ignore processing webhooks for private repositories
+	isPrivate, ok := repoInfo["private"].(bool)
+	if ok {
+		if isPrivate && !projectAllowsPrivateRepos(ctx, store, dbrepo.ProjectID) {
+			return db.Repository{}, errRepoIsPrivate
+		}
+	}
+
+	log.Printf("handling event for repository %d", id)
+
 	return dbrepo, nil
 }
 
@@ -1050,3 +1051,19 @@ func parseRepoID(repoID any) (int32, error) {
 		return 0, fmt.Errorf("unknown type for repoID: %T", v)
 	}
 }
+
+func projectAllowsPrivateRepos(ctx context.Context, store db.Store, projectID uuid.UUID) bool {
+	// we're throwing away the result because we're really not interested in what the feature
+	// sets, just that it's enabled
+	_, err := store.GetFeatureInProject(ctx, db.GetFeatureInProjectParams{
+		ProjectID: projectID,
+		Feature:   "private_repositories_enabled",
+	})
+	if errors.Is(err, sql.ErrNoRows) {
+		return false
+	} else if err != nil {
+		log.Printf("error getting features for project %s: %v", projectID, err)
+		return false
+	}
+	return true
+}
diff --git a/internal/controlplane/handlers_repositories.go b/internal/controlplane/handlers_repositories.go
@@ -91,7 +91,7 @@ func (s *Server) RegisterRepository(ctx context.Context,
 
 	allEvents := []string{"*"}
 	resultData, err := s.registerWebhookForRepository(
-		ctx, p, upstreamRepos, allEvents)
+		ctx, p, projectID, upstreamRepos, allEvents)
 	if err != nil {
 		return nil, err
 	}
@@ -400,7 +400,7 @@ func (s *Server) ListRemoteRepositoriesFromProvider(
 
 	for idx, rem := range remoteRepos {
 		// Skip private repositories
-		if rem.IsPrivate {
+		if rem.IsPrivate && !projectAllowsPrivateRepos(ctx, s.store, projectID) {
 			continue
 		}
 		remoteRepo := remoteRepos[idx]