CR-13257-git-token-validation (#532)

Author: ATGardner

Makefile

@@ -1,4 +1,4 @@
-VERSION=v0.0.478
+VERSION=v0.0.479
 
 OUT_DIR=dist
 YEAR?=$(shell date +"%Y")
@@ -129,7 +129,7 @@ test:
 	@./hack/test.sh
 
 .PHONY: codegen
-codegen: $(GOBIN)/mockery
+codegen: $(GOBIN)/mockgen
 	rm -f ./docs/commands/*
 	go generate ./...
 	go run ./hack/license.go --license ./hack/boilerplate.txt --year $(YEAR) .
@@ -165,16 +165,9 @@ tidy:
 check-worktree:
 	@./hack/check_worktree.sh
 
-$(GOBIN)/mockery:
-	@mkdir dist || true
-	@echo installing: mockery
-	@curl -L -o dist/mockery.tar.gz -- https://github.com/vektra/mockery/releases/download/v1.1.1/mockery_1.1.1_$(shell uname -s)_$(shell uname -m).tar.gz
-	@tar zxvf dist/mockery.tar.gz mockery
-	@rm dist/mockery.tar.gz
-	@chmod +x mockery
-	@mkdir -p $(GOBIN)
-	@mv mockery $(GOBIN)/mockery
-	@mockery -version
+$(GOBIN)/mockgen:
+	@go install github.com/golang/mock/[email protected]
+	@mockgen -version
 
 $(GOBIN)/golangci-lint:
 	@mkdir dist || true

cmd/commands/common.go

@@ -281,8 +281,8 @@ func getIngressClassFromUserSelect(ingressClassNames []string) (string, error) {
 	return result, nil
 }
 
-// ensureGitToken gets the runtime token from the user (if !silent), and verifys it witht he provider (if available)
-func ensureGitToken(cmd *cobra.Command, gitProvider cfgit.Provider, cloneOpts *apgit.CloneOptions) error {
+// ensureGitRuntimeToken gets the runtime token from the user (if !silent), and verifys it with he provider (if available)
+func ensureGitRuntimeToken(cmd *cobra.Command, gitProvider cfgit.Provider, cloneOpts *apgit.CloneOptions) error {
 	ctx := cmd.Context()
 	errMessage := "Value stored in environment variable GIT_TOKEN is invalid; enter a valid runtime token: %w"
 	if cloneOpts.Auth.Password == "" && !store.Get().Silent {
@@ -294,7 +294,7 @@ func ensureGitToken(cmd *cobra.Command, gitProvider cfgit.Provider, cloneOpts *a
 	}
 
 	if gitProvider != nil {
-		err := gitProvider.VerifyToken(ctx, cfgit.RuntimeToken, cloneOpts.Auth.Password)
+		err := gitProvider.VerifyRuntimeToken(ctx, cloneOpts.Auth.Password)
 		if err != nil {
 			// in case when we get invalid value from env variable TOKEN we clean
 			cloneOpts.Auth.Password = ""
@@ -307,8 +307,8 @@ func ensureGitToken(cmd *cobra.Command, gitProvider cfgit.Provider, cloneOpts *a
 	return nil
 }
 
-// ensureGitPAT verifys the user's Personal Access Token (if it is different from the Runtime Token)
-func ensureGitPAT(ctx context.Context, opts *RuntimeInstallOptions) error {
+// ensureGitUserToken verifys the user's Personal Access Token (if it is different from the Runtime Token)
+func ensureGitUserToken(ctx context.Context, opts *RuntimeInstallOptions) error {
 	if opts.GitIntegrationRegistrationOpts.Token == "" {
 		opts.GitIntegrationRegistrationOpts.Token = opts.InsCloneOpts.Auth.Password
 		currentUser, err := cfConfig.NewClient().Users().GetCurrent(ctx)
@@ -321,7 +321,7 @@ func ensureGitPAT(ctx context.Context, opts *RuntimeInstallOptions) error {
 	}
 
 	if opts.gitProvider != nil {
-		return opts.gitProvider.VerifyToken(ctx, cfgit.PersonalToken, opts.InsCloneOpts.Auth.Password)
+		return opts.gitProvider.VerifyUserToken(ctx, opts.GitIntegrationRegistrationOpts.Token)
 	}
 
 	return nil
@@ -566,7 +566,7 @@ func checkIngressHostWithInsecure(ingress string) bool {
 	customTransport := http.DefaultTransport.(*http.Transport).Clone()
 	customTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
 	httpClient.Transport = customTransport
-	req, err := http.NewRequest("GET", ingress, nil)
+	req, err := http.NewRequest(http.MethodGet, ingress, nil)
 	if err != nil {
 		return false
 	}

cmd/commands/runtime.go

@@ -179,7 +179,7 @@ func runtimeUninstallCommandPreRunHandler(cmd *cobra.Command, args []string, opt
 	}
 
 	if !opts.Managed {
-		err = ensureGitToken(cmd, nil, opts.CloneOpts)
+		err = ensureGitRuntimeToken(cmd, nil, opts.CloneOpts)
 	}
 	handleCliStep(reporter.UninstallStepPreCheckEnsureGitToken, "Getting git token", err, true, false)
 	if err != nil {
@@ -217,7 +217,7 @@ func runtimeUpgradeCommandPreRunHandler(cmd *cobra.Command, args []string, opts
 		return err
 	}
 
-	err = ensureGitToken(cmd, nil, opts.CloneOpts)
+	err = ensureGitRuntimeToken(cmd, nil, opts.CloneOpts)
 	handleCliStep(reporter.UpgradeStepPreCheckEnsureGitToken, "Getting git token", err, true, false)
 	if err != nil {
 		return err

cmd/commands/runtime_install.go

@@ -340,7 +340,7 @@ func ensureGitData(cmd *cobra.Command, opts *RuntimeInstallOptions) error {
 		return err
 	}
 
-	err = ensureGitPAT(ctx, opts)
+	err = ensureGitUserToken(ctx, opts)
 	handleCliStep(reporter.InstallStepPreCheckEnsureGitPAT, "Getting git personal access token", err, true, false)
 	if err != nil {
 		return err
@@ -371,10 +371,10 @@ func getGitToken(cmd *cobra.Command, opts *RuntimeInstallOptions) error {
 	var err error
 
 	if store.Get().Silent {
-		err = ensureGitToken(cmd, opts.gitProvider, opts.InsCloneOpts)
+		err = ensureGitRuntimeToken(cmd, opts.gitProvider, opts.InsCloneOpts)
 	} else {
 		handleValidationFailsWithRepeat(func() error {
-			err = ensureGitToken(cmd, opts.gitProvider, opts.InsCloneOpts)
+			err = ensureGitRuntimeToken(cmd, opts.gitProvider, opts.InsCloneOpts)
 			if isValidationError(err) {
 				fmt.Println(err)
 				return err

docs/releases/release_notes.md

@@ -23,7 +23,7 @@ cf version
 
 ```bash
 # download and extract the binary
-curl -L --output - https://github.com/codefresh-io/cli-v2/releases/download/v0.0.478/cf-linux-amd64.tar.gz | tar zx
+curl -L --output - https://github.com/codefresh-io/cli-v2/releases/download/v0.0.479/cf-linux-amd64.tar.gz | tar zx
 
 # move the binary to your $PATH
 mv ./cf-linux-amd64 /usr/local/bin/cf
@@ -36,7 +36,7 @@ cf version
 
 ```bash
 # download and extract the binary
-curl -L --output - https://github.com/codefresh-io/cli-v2/releases/download/v0.0.478/cf-darwin-amd64.tar.gz | tar zx
+curl -L --output - https://github.com/codefresh-io/cli-v2/releases/download/v0.0.479/cf-darwin-amd64.tar.gz | tar zx
 
 # move the binary to your $PATH
 mv ./cf-darwin-amd64 /usr/local/bin/cf

go.mod

@@ -16,6 +16,7 @@ require (
 	github.com/go-git/go-billy/v5 v5.3.1
 	github.com/go-git/go-git/v5 v5.4.2
 	github.com/gobuffalo/packr v1.30.1
+	github.com/golang/mock v1.6.0
 	github.com/google/uuid v1.3.0
 	github.com/juju/ansiterm v0.0.0-20210929141451-8b71cc96ebdc
 	github.com/manifoldco/promptui v0.8.0

manifests/runtime.yaml

@@ -5,7 +5,7 @@ metadata:
   namespace: "{{ namespace }}"
 spec:
   defVersion: 1.0.1
-  version: 0.0.478
+  version: 0.0.479
   bootstrapSpecifier: github.com/codefresh-io/cli-v2/manifests/argo-cd
   components:
     - name: events

pkg/git/mocks/roundTripper.go

@@ -17,50 +17,49 @@ package git
 import (
 	"context"
 	"fmt"
+	"net/http"
 	"strings"
 )
 
+//go:generate mockgen -destination=./mocks/roundTripper.go -package=mocks net/http RoundTripper
+
 type (
-	TokenType    string
 	ProviderType string
 
 	// Provider represents a git provider
 	Provider interface {
-		Type() ProviderType
 		BaseURL() string
-		VerifyToken(ctx context.Context, tokenType TokenType, token string) error
 		SupportsMarketplace() bool
+		Type() ProviderType
+		VerifyRuntimeToken(ctx context.Context, token string) error
+		VerifyUserToken(ctx context.Context, token string) error
 	}
 )
 
-const (
-	RuntimeToken  TokenType = "runtime token"
-	PersonalToken TokenType = "personal token"
-)
-
-var providers = map[ProviderType]func(string) (Provider, error){
+var providers = map[ProviderType]func(string, *http.Client) (Provider, error){
 	BITBUCKET_SERVER: NewBitbucketServerProvider,
 	GITHUB:           NewGithubProvider,
 	GITHUB_ENT:       NewGithubProvider, // for backward compatability
 	GITLAB:           NewGitlabProvider,
 }
 
 func GetProvider(providerType ProviderType, baseURL string) (Provider, error) {
+	client := &http.Client{}
 	if providerType != "" {
 		fn := providers[providerType]
 		if fn == nil {
 			return nil, fmt.Errorf("invalid git provider %s", providerType)
 		}
 
-		return fn(baseURL)
+		return fn(baseURL, client)
 	}
 
 	if strings.Contains(baseURL, GITHUB_CLOUD_DOMAIN) {
-		return NewGithubProvider(baseURL)
+		return NewGithubProvider(baseURL, client)
 	}
 
 	if strings.Contains(baseURL, GITLAB_CLOUD_DOMAIN) {
-		return NewGitlabProvider(baseURL)
+		return NewGitlabProvider(baseURL, client)
 	}
 
 	return nil, fmt.Errorf("failed getting provider for clone url %s", baseURL)