Merge branch 'main' into codecov/unit-tests

rohitvinnakota-codecov · web-flow · commit de74bf3398ca · 2024-10-29T17:16:42.000-04:00
diff --git a/api/public/v2/tests/test_test_results_view.py b/api/public/v2/tests/test_test_results_view.py
@@ -53,10 +53,6 @@ def test_list(self):
                     "outcome": self.test_instances[0].outcome,
                     "branch": self.test_instances[0].branch,
                     "repoid": self.test_instances[0].repoid,
-                    "failure_rate": self.test_instances[0].test.failure_rate,
-                    "commits_where_fail": self.test_instances[
-                        0
-                    ].test.commits_where_fail,
                 },
                 {
                     "id": self.test_instances[1].id,
@@ -68,10 +64,6 @@ def test_list(self):
                     "outcome": self.test_instances[1].outcome,
                     "branch": self.test_instances[1].branch,
                     "repoid": self.test_instances[1].repoid,
-                    "failure_rate": self.test_instances[1].test.failure_rate,
-                    "commits_where_fail": self.test_instances[
-                        1
-                    ].test.commits_where_fail,
                 },
             ],
             "total_pages": 1,
@@ -103,10 +95,6 @@ def test_list_filters(self):
                     "outcome": self.test_instances[0].outcome,
                     "branch": self.test_instances[0].branch,
                     "repoid": self.test_instances[0].repoid,
-                    "failure_rate": self.test_instances[0].test.failure_rate,
-                    "commits_where_fail": self.test_instances[
-                        0
-                    ].test.commits_where_fail,
                 },
             ],
             "total_pages": 1,
@@ -137,8 +125,6 @@ def test_retrieve(self, get_repo_permissions):
             "outcome": self.test_instances[0].outcome,
             "branch": self.test_instances[0].branch,
             "repoid": self.test_instances[0].repoid,
-            "failure_rate": self.test_instances[0].test.failure_rate,
-            "commits_where_fail": self.test_instances[0].test.commits_where_fail,
         }
 
     @patch("api.shared.permissions.RepositoryArtifactPermissions.has_permission")
@@ -240,6 +226,4 @@ def test_result_with_valid_super_token(
             "outcome": self.test_instances[0].outcome,
             "branch": self.test_instances[0].branch,
             "repoid": self.test_instances[0].repoid,
-            "failure_rate": self.test_instances[0].test.failure_rate,
-            "commits_where_fail": self.test_instances[0].test.commits_where_fail,
         }
diff --git a/codecov/settings_base.py b/codecov/settings_base.py
@@ -350,12 +350,19 @@
 )
 CORS_ALLOWED_ORIGINS: list[str] = []
 
-GRAPHQL_PLAYGROUND = True
+GRAPHQL_PLAYGROUND = get_settings_module() in [
+    SettingsModule.DEV.value,
+    SettingsModule.STAGING.value,
+    SettingsModule.TESTING.value,
+]
 
 UPLOAD_THROTTLING_ENABLED = get_config(
     "setup", "upload_throttling_enabled", default=True
 )
 
+HIDE_ALL_CODECOV_TOKENS = get_config("setup", "hide_all_codecov_tokens", default=False)
+
+
 SENTRY_JWT_SHARED_SECRET = get_config(
     "sentry", "jwt_shared_secret", default=None
 ) or get_config("setup", "sentry", "jwt_shared_secret", default=None)
diff --git a/graphql_api/tests/test_owner.py b/graphql_api/tests/test_owner.py
@@ -27,6 +27,7 @@
     UnauthorizedGuestAccess,
 )
 from codecov_auth.models import GithubAppInstallation, OwnerProfile
+from graphql_api.types.repository.repository import TOKEN_UNAVAILABLE
 from plan.constants import PlanName, TrialStatus
 from reports.tests.factories import CommitReportFactory, UploadFactory
 
@@ -426,6 +427,28 @@ def test_get_org_upload_token(self, mocker):
         data = self.gql_request(query, owner=self.owner)
         assert data["owner"]["orgUploadToken"] == "upload_token"
 
+    @override_settings(HIDE_ALL_CODECOV_TOKENS=True)
+    def test_get_org_upload_token_hide_tokens_setting_owner_not_admin(self):
+        random_owner = OwnerFactory()
+        query = """{
+            owner(username: "%s") {
+               orgUploadToken
+            }
+        }
+        """ % (self.owner.username)
+        random_owner.organizations = [self.owner.ownerid]
+        random_owner.save()
+        data = self.gql_request(query, owner=random_owner)
+        assert data["owner"]["orgUploadToken"] == TOKEN_UNAVAILABLE
+
+    @patch("codecov_auth.commands.owner.owner.OwnerCommands.get_org_upload_token")
+    @override_settings(HIDE_ALL_CODECOV_TOKENS=True)
+    def test_get_org_upload_token_hide_tokens_setting_owner_is_admin(self, mocker):
+        mocker.return_value = "upload_token"
+        query = query_repositories % (self.owner.username, "", "")
+        data = self.gql_request(query, owner=self.owner)
+        assert data["owner"]["orgUploadToken"] == "upload_token"
+
     # Applies for old users that didn't get their owner profiles created w/ their owner
     def test_when_owner_profile_doesnt_exist(self):
         owner = OwnerFactory(username="no-profile-user")
diff --git a/graphql_api/tests/test_repository.py b/graphql_api/tests/test_repository.py
@@ -11,6 +11,7 @@
     RepositoryTokenFactory,
 )
 
+from graphql_api.types.repository.repository import TOKEN_UNAVAILABLE
 from services.profiling import CriticalFile
 
 from .helper import GraphQLTestHelper
@@ -73,6 +74,11 @@
 """
 
 
+def mock_get_config_global_upload_tokens(*args):
+    if args == ("setup", "hide_all_codecov_tokens"):
+        return True
+
+
 class TestFetchRepository(GraphQLTestHelper, TransactionTestCase):
     def fetch_repository(self, name, fields=None):
         data = self.gql_request(
@@ -683,6 +689,68 @@ def test_fetch_is_github_rate_limited_not_on_gh_service(self):
 
         assert data["me"]["owner"]["repository"]["isGithubRateLimited"] == False
 
+    @override_settings(HIDE_ALL_CODECOV_TOKENS=True)
+    def test_repo_upload_token_not_available_config_setting_owner_not_admin(self):
+        owner = OwnerFactory(service="gitlab")
+
+        repo = RepositoryFactory(
+            author=owner,
+            author__service="gitlab",
+            service_id=12345,
+            active=True,
+        )
+        new_owner = OwnerFactory(service="gitlab", organizations=[owner.ownerid])
+        new_owner.permission = [repo.repoid]
+        new_owner.save()
+        owner.admins = []
+
+        query = """
+            query {
+                owner(username: "%s") {
+                    repository(name: "%s") {
+                                    ... on Repository {
+                            uploadToken
+                            }
+                    }
+                }
+            }
+        """ % (
+            owner.username,
+            repo.name,
+        )
+
+        data = self.gql_request(
+            query,
+            owner=new_owner,
+            variables={"name": repo.name},
+            provider="gitlab",
+        )
+
+        assert data["owner"]["repository"]["uploadToken"] == TOKEN_UNAVAILABLE
+
+    @override_settings(HIDE_ALL_CODECOV_TOKENS=True)
+    def test_repo_upload_token_not_available_config_setting_owner_is_admin(self):
+        owner = OwnerFactory(service="gitlab")
+        repo = RepositoryFactory(
+            author=owner,
+            author__service="gitlab",
+            service_id=12345,
+            active=True,
+        )
+        owner.admins = [owner.ownerid]
+
+        data = self.gql_request(
+            query_repository
+            % """
+                uploadToken
+            """,
+            owner=owner,
+            variables={"name": repo.name},
+            provider="gitlab",
+        )
+
+        assert data["me"]["owner"]["repository"]["uploadToken"] != TOKEN_UNAVAILABLE
+
     @patch("shared.rate_limits.determine_entity_redis_key")
     @patch("shared.rate_limits.determine_if_entity_is_rate_limited")
     @patch("logging.Logger.warning")
diff --git a/graphql_api/types/owner/owner.py b/graphql_api/types/owner/owner.py
@@ -6,6 +6,7 @@
 import stripe
 import yaml
 from ariadne import ObjectType
+from django.conf import settings
 from graphql import GraphQLResolveInfo
 
 import services.activation as activation
@@ -37,6 +38,7 @@
 )
 from graphql_api.types.enums import OrderingDirection, RepositoryOrdering
 from graphql_api.types.errors.errors import NotFoundError, OwnerNotActivatedError
+from graphql_api.types.repository.repository import TOKEN_UNAVAILABLE
 from plan.constants import FREE_PLAN_REPRESENTATIONS, PlanData, PlanName
 from plan.service import PlanService
 from services.billing import BillingService
@@ -205,7 +207,16 @@ def resolve_hash_ownerid(owner: Owner, info: GraphQLResolveInfo) -> str:
 def resolve_org_upload_token(
     owner: Owner, info: GraphQLResolveInfo, **kwargs: Any
 ) -> str:
+    should_hide_tokens = settings.HIDE_ALL_CODECOV_TOKENS
+    current_owner = info.context["request"].current_owner
     command = info.context["executor"].get_command("owner")
+    if not current_owner:
+        is_owner_admin = False
+    else:
+        is_owner_admin = current_owner.is_admin(owner)
+    if should_hide_tokens and not is_owner_admin:
+        return TOKEN_UNAVAILABLE
+
     return command.get_org_upload_token(owner)
 
 
diff --git a/graphql_api/types/repository/repository.py b/graphql_api/types/repository/repository.py
@@ -5,6 +5,7 @@
 import shared.rate_limits as rate_limits
 import yaml
 from ariadne import ObjectType, UnionType
+from django.conf import settings
 from graphql.type.definition import GraphQLResolveInfo
 
 from codecov.db import sync_to_async
@@ -24,6 +25,8 @@
 from services.profiling import CriticalFile, ProfilingSummary
 from services.redis_configuration import get_redis_connection
 
+TOKEN_UNAVAILABLE = "Token Unavailable. Please contact your admin."
+
 log = logging.getLogger(__name__)
 
 repository_bindable = ObjectType("Repository")
@@ -68,6 +71,16 @@ def resolve_commit(repository: Repository, info: GraphQLResolveInfo, id):
 
 @repository_bindable.field("uploadToken")
 def resolve_upload_token(repository: Repository, info: GraphQLResolveInfo):
+    should_hide_tokens = settings.HIDE_ALL_CODECOV_TOKENS
+
+    current_owner = info.context["request"].current_owner
+    if not current_owner:
+        is_current_user_admin = False
+    else:
+        is_current_user_admin = current_owner.is_admin(repository.author)
+
+    if should_hide_tokens and not is_current_user_admin:
+        return TOKEN_UNAVAILABLE
     command = info.context["executor"].get_command("repository")
     return command.get_upload_token(repository)
 
diff --git a/requirements.in b/requirements.in
@@ -1,10 +1,10 @@
 aiodataloader
-ariadne
-ariadne_django
+ariadne==0.23
+ariadne_django==0.3.0
 celery>=5.3.6
 cerberus
 ddtrace
-Django>=4.2.15
+Django>=4.2.16
 django-cors-headers
 django-csp
 django-dynamic-fixture
@@ -20,7 +20,7 @@ factory-boy
 fakeredis
 freezegun
 https://github.com/codecov/opentelem-python/archive/refs/tags/v0.0.4a1.tar.gz#egg=codecovopentelem
-https://github.com/codecov/shared/archive/4e2792779e3efc65f876ab8ac38ffd244189e34d.tar.gz#egg=shared
+https://github.com/codecov/shared/archive/067b2e4ec72cdf1b3213306ea8aaaccbb374aecc.tar.gz#egg=shared
 google-cloud-pubsub
 gunicorn>=22.0.0
 https://github.com/photocrowd/django-cursor-pagination/archive/f560902696b0c8509e4d95c10ba0d62700181d84.tar.gz
@@ -49,6 +49,7 @@ sentry-sdk>=2.13.0
 sentry-sdk[celery]
 setproctitle
 simplejson
+starlette==0.40.0
 stripe>=9.6.0
 urllib3>=1.26.19
 vcrpy
diff --git a/requirements.txt b/requirements.txt
@@ -18,11 +18,11 @@ anyio==3.6.1
     #   starlette
 appdirs==1.4.4
     # via virtualenv
-ariadne==0.19.1
+ariadne==0.23.0
     # via
     #   -r requirements.in
     #   ariadne-django
-ariadne-django==0.2.0
+ariadne-django==0.3.0
     # via -r requirements.in
 asgiref==3.6.0
     # via django
@@ -109,7 +109,7 @@ deprecated==1.2.12
     # via opentelemetry-api
 distlib==0.3.1
     # via virtualenv
-django==4.2.15
+django==4.2.16
     # via
     #   -r requirements.in
     #   ariadne-django
@@ -205,8 +205,6 @@ googleapis-common-protos[grpc]==1.59.1
     #   grpcio-status
 graphql-core==3.2.3
     # via ariadne
-greenlet==3.1.1
-    # via sqlalchemy
 grpc-google-iam-v1==0.12.6
     # via google-cloud-pubsub
 grpcio==1.62.1
@@ -421,7 +419,7 @@ sentry-sdk[celery]==2.13.0
     #   shared
 setproctitle==1.1.10
     # via -r requirements.in
-shared @ https://github.com/codecov/shared/archive/4e2792779e3efc65f876ab8ac38ffd244189e34d.tar.gz
+shared @ https://github.com/codecov/shared/archive/067b2e4ec72cdf1b3213306ea8aaaccbb374aecc.tar.gz
     # via -r requirements.in
 simplejson==3.17.2
     # via -r requirements.in
@@ -449,8 +447,10 @@ sqlparse==0.5.0
     # via
     #   ddtrace
     #   django
-starlette==0.36.2
-    # via ariadne
+starlette==0.40.0
+    # via
+    #   -r requirements.in
+    #   ariadne
 stripe==9.6.0
     # via -r requirements.in
 text-unidecode==1.3
