Resolve installation ID when missing (#4427)

#4426

Author: premun

src/ProductConstructionService/ProductConstructionService.Api/Api/GitHubInstallationIdResolver.cs

@@ -0,0 +1,57 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using Microsoft.DotNet.GitHub.Authentication;
+using Octokit;
+
+namespace ProductConstructionService.Api.Api;
+
+public interface IGitHubInstallationIdResolver
+{
+    Task<long?> GetInstallationIdForRepository(string repoUri);
+}
+
+public class GitHubInstallationIdResolver : IGitHubInstallationIdResolver
+{
+    private readonly IGitHubTokenProvider _gitHubTokenProvider;
+    private readonly ILogger<GitHubInstallationIdResolver> _logger;
+
+    public GitHubInstallationIdResolver(
+        IGitHubTokenProvider gitHubTokenProvider,
+        ILogger<GitHubInstallationIdResolver> logger)
+    {
+        _gitHubTokenProvider = gitHubTokenProvider;
+        _logger = logger;
+    }
+
+    public async Task<long?> GetInstallationIdForRepository(string repoUri)
+    {
+        _logger.LogInformation("Getting installation ID for {repoUri}", repoUri);
+
+        var (owner, repo) = Microsoft.DotNet.DarcLib.GitHubClient.ParseRepoUri(repoUri);
+        var token = _gitHubTokenProvider.GetTokenForApp();
+        var client = new GitHubClient(new ProductHeaderValue(nameof(ProductConstructionService)))
+        {
+            Credentials = new Credentials(token, AuthenticationType.Bearer)
+        };
+
+        try
+        {
+            var installation = await client.GitHubApps.GetRepositoryInstallationForCurrent(owner, repo);
+
+            if (installation == null)
+            {
+                _logger.LogInformation("Failed to get installation id for {owner}/{repo}", owner, repo);
+                return null;
+            }
+
+            _logger.LogInformation("Installation id for {owner}/{repo} is {installationId}", owner, repo, installation.Id);
+            return installation.Id;
+        }
+        catch (ApiException e)
+        {
+            _logger.LogInformation("Failed to get installation id for {owner}/{repo} - {statusCode}.", owner, repo, e.StatusCode);
+            return null;
+        }
+    }
+}

src/ProductConstructionService/ProductConstructionService.Api/Api/v2018_07_16/Controllers/SubscriptionsController.cs

@@ -26,15 +26,18 @@ public class SubscriptionsController : ControllerBase
 {
     private readonly BuildAssetRegistryContext _context;
     private readonly IWorkItemProducerFactory _workItemProducerFactory;
+    private readonly IGitHubInstallationIdResolver _installationIdResolver;
     private readonly ILogger<SubscriptionsController> _logger;
 
     public SubscriptionsController(
         BuildAssetRegistryContext context,
         IWorkItemProducerFactory workItemProducerFactory,
+        IGitHubInstallationIdResolver installationIdResolver,
         ILogger<SubscriptionsController> logger)
     {
         _context = context;
         _workItemProducerFactory = workItemProducerFactory;
+        _installationIdResolver = installationIdResolver;
         _logger = logger;
     }
 
@@ -452,6 +455,63 @@ public virtual async Task<IActionResult> Create([FromBody, Required] Subscriptio
             new Subscription(subscriptionModel));
     }
 
+    /// <summary>
+    /// Verifies that the repository is registered in the database (and has a valid installation ID).
+    /// </summary>
+    protected async Task<bool> EnsureRepositoryRegistration(string repoUri)
+    {
+        Maestro.Data.Models.Repository? repo = await _context.Repositories.FindAsync(repoUri);
+
+        // If we have no repository information or an invalid installation ID, we need to register the repository
+        if (repoUri.Contains("github.com"))
+        {
+            if (repo?.InstallationId > 0)
+            {
+                return true;
+            }
+
+            var installationId = await _installationIdResolver.GetInstallationIdForRepository(repoUri);
+
+            if (!installationId.HasValue)
+            {
+                return false;
+            }
+
+            if (repo == null)
+            {
+                _context.Repositories.Add(
+                    new Maestro.Data.Models.Repository
+                    {
+                        RepositoryName = repoUri,
+                        InstallationId = installationId.Value
+                    });
+            }
+            else
+            {
+                repo.InstallationId = installationId.Value;
+            }
+            return true;
+        }
+
+        if (repoUri.Contains("dev.azure.com") && repo == null)
+        {
+            // In the case of a dev.azure.com repository, we don't have an app installation,
+            // but we should add an entry in the repositories table, as this is required when
+            // adding a new subscription policy.
+            // NOTE:
+            // There is a good chance here that we will need to also handle <account>.visualstudio.com
+            // but leaving it out for now as it would be preferred to use the new format
+            _context.Repositories.Add(
+                new Maestro.Data.Models.Repository
+                {
+                    RepositoryName = repoUri,
+                    InstallationId = default
+                });
+        }
+
+        return true;
+    }
+
     /// <summary>
     ///     Find an existing subscription in the database with the same key data as the subscription we are adding/updating
     ///     

src/ProductConstructionService/ProductConstructionService.Api/Api/v2019_01_16/Controllers/SubscriptionsController.cs

@@ -25,19 +25,16 @@ public class SubscriptionsController : v2018_07_16.Controllers.SubscriptionsCont
     public SubscriptionsController(
         BuildAssetRegistryContext context,
         IWorkItemProducerFactory workItemProducerFactory,
+        IGitHubInstallationIdResolver gitHubInstallationRetriever,
         ILogger<SubscriptionsController> logger)
-        : base(context, workItemProducerFactory, logger)
+        : base(context, workItemProducerFactory, gitHubInstallationRetriever, logger)
     {
         _context = context;
     }
 
     /// <summary>
     ///   Gets a list of all <see cref="Subscription"/>s that match the given search criteria.
     /// </summary>
-    /// <param name="sourceRepository"></param>
-    /// <param name="targetRepository"></param>
-    /// <param name="channelId"></param>
-    /// <param name="enabled"></param>
     [HttpGet]
     [SwaggerApiResponse(HttpStatusCode.OK, Type = typeof(List<Subscription>), Description = "The list of Subscriptions")]
     [ValidateModelState]
@@ -233,41 +230,13 @@ public override async Task<IActionResult> Create([FromBody, Required] ProductCon
                     new[] { $"The channel '{subscription.ChannelName}' could not be found." }));
         }
 
-        Maestro.Data.Models.Repository? repo = await _context.Repositories.FindAsync(subscription.TargetRepository);
-
-        if (subscription.TargetRepository.Contains("github.com"))
-        {
-            // If we have no repository information or an invalid installation id
-            // then we will fail when trying to update things, so we fail early.
-            if (repo == null || repo.InstallationId <= 0)
-            {
-                return BadRequest(
-                    new ApiError(
-                        "the request is invalid",
-                        new[]
-                        {
-                            $"The repository '{subscription.TargetRepository}' does not have an associated github installation. " +
-                            "The Maestro github application must be installed by the repository's owner and given access to the repository."
-                        }));
-            }
-        }
-        // In the case of a dev.azure.com repository, we don't have an app installation,
-        // but we should add an entry in the repositories table, as this is required when
-        // adding a new subscription policy.
-        // NOTE:
-        // There is a good chance here that we will need to also handle <account>.visualstudio.com
-        // but leaving it out for now as it would be preferred to use the new format
-        else if (subscription.TargetRepository.Contains("dev.azure.com"))
+        if (!await EnsureRepositoryRegistration(subscription.TargetRepository))
         {
-            if (repo == null)
-            {
-                _context.Repositories.Add(
-                    new Maestro.Data.Models.Repository
-                    {
-                        RepositoryName = subscription.TargetRepository,
-                        InstallationId = default
-                    });
-            }
+            return BadRequest(new ApiError("The request is invalid",
+            [
+                $"No Maestro GitHub application installation found for repository '{subscription.TargetRepository}'. " +
+                "The Maestro github application must be installed by the repository's owner and given access to the repository."
+            ]));
         }
 
         Maestro.Data.Models.Subscription subscriptionModel = subscription.ToDb();

src/ProductConstructionService/ProductConstructionService.Api/Api/v2020_02_20/Controllers/SubscriptionsController.cs

@@ -29,9 +29,10 @@ public class SubscriptionsController : v2019_01_16.Controllers.SubscriptionsCont
     public SubscriptionsController(
         BuildAssetRegistryContext context,
         IGitHubClientFactory gitHubClientFactory,
+        IGitHubInstallationIdResolver gitHubInstallationRetriever,
         IWorkItemProducerFactory workItemProducerFactory,
         ILogger<SubscriptionsController> logger)
-        : base(context, workItemProducerFactory, logger)
+        : base(context, workItemProducerFactory, gitHubInstallationRetriever, logger)
     {
         _context = context;
         _gitHubClientFactory = gitHubClientFactory;
@@ -378,33 +379,22 @@ public override Task<IActionResult> Create([FromBody, Required] ProductConstruct
     [ValidateModelState]
     public async Task<IActionResult> Create([FromBody, Required] SubscriptionData subscription)
     {
-        Maestro.Data.Models.Channel? channel = await _context.Channels.Where(c => c.Name == subscription.ChannelName)
+        Maestro.Data.Models.Channel? channel = await _context.Channels
+            .Where(c => c.Name == subscription.ChannelName)
             .FirstOrDefaultAsync();
+
         if (channel == null)
         {
-            return BadRequest(
-                new ApiError(
-                    "the request is invalid",
-                    new[] { $"The channel '{subscription.ChannelName}' could not be found." }));
+            return BadRequest(new ApiError("The request is invalid", [$"The channel '{subscription.ChannelName}' could not be found."]));
         }
 
-        Maestro.Data.Models.Repository? repo = await _context.Repositories.FindAsync(subscription.TargetRepository);
-
-        if (subscription.TargetRepository.Contains("github.com"))
+        if (!await EnsureRepositoryRegistration(subscription.TargetRepository))
         {
-            // If we have no repository information or an invalid installation id
-            // then we will fail when trying to update things, so we fail early.
-            if (repo == null || repo.InstallationId <= 0)
-            {
-                return BadRequest(
-                    new ApiError(
-                        "the request is invalid",
-                        new[]
-                        {
-                            $"The repository '{subscription.TargetRepository}' does not have an associated github installation. " +
-                            "The Maestro github application must be installed by the repository's owner and given access to the repository."
-                        }));
-            }
+            return BadRequest(new ApiError("The request is invalid",
+            [
+                $"No Maestro GitHub application installation found for repository '{subscription.TargetRepository}'. " +
+                "The Maestro github application must be installed by the repository's owner and given access to the repository."
+            ]));
         }
 
         if (subscription.SourceEnabled.HasValue)
@@ -430,25 +420,6 @@ public async Task<IActionResult> Create([FromBody, Required] SubscriptionData su
             }
         }
 
-        // In the case of a dev.azure.com repository, we don't have an app installation,
-        // but we should add an entry in the repositories table, as this is required when
-        // adding a new subscription policy.
-        // NOTE:
-        // There is a good chance here that we will need to also handle <account>.visualstudio.com
-        // but leaving it out for now as it would be preferred to use the new format
-        else if (subscription.TargetRepository.Contains("dev.azure.com"))
-        {
-            if (repo == null)
-            {
-                _context.Repositories.Add(
-                    new Maestro.Data.Models.Repository
-                    {
-                        RepositoryName = subscription.TargetRepository,
-                        InstallationId = default
-                    });
-            }
-        }
-
         Maestro.Data.Models.Subscription subscriptionModel = subscription.ToDb();
         subscriptionModel.Channel = channel;
         subscriptionModel.Id = Guid.NewGuid();
@@ -459,19 +430,19 @@ public async Task<IActionResult> Create([FromBody, Required] SubscriptionData su
         {
             return BadRequest(
                 new ApiError(
-                    "the request is invalid",
+                    "The request is invalid",
                     new[]
                     {
                         $"The subscription '{equivalentSubscription.Id}' already performs the same update."
                     }));
         }
 
-        if (!string.IsNullOrEmpty(subscriptionModel.PullRequestFailureNotificationTags))
+        if (!string.IsNullOrEmpty(subscriptionModel.PullRequestFailureNotificationTags)
+            && !await AllNotificationTagsValid(subscriptionModel.PullRequestFailureNotificationTags))
         {
-            if (!await AllNotificationTagsValid(subscriptionModel.PullRequestFailureNotificationTags))
-            {
-                return BadRequest(new ApiError("Invalid value(s) provided in Pull Request Failure Notification Tags; is everyone listed publicly a member of the Microsoft github org?"));
-            }
+            return BadRequest(new ApiError(
+                "Invalid value(s) provided in Pull Request Failure Notification Tags; " +
+                "is everyone listed publicly a member of the Microsoft github org?"));
         }
 
         await _context.Subscriptions.AddAsync(subscriptionModel);

src/ProductConstructionService/ProductConstructionService.Api/PcsStartup.cs

@@ -187,6 +187,7 @@ internal static async Task ConfigurePcs(
             builder.Configuration[ConfigurationKeys.GitHubClientSecret]);
         builder.Services.AddGitHubTokenProvider();
         builder.Services.AddScoped<IRemoteFactory, RemoteFactory>();
+        builder.Services.AddTransient<IGitHubInstallationIdResolver, GitHubInstallationIdResolver>();
         builder.Services.AddSingleton<Microsoft.Extensions.Internal.ISystemClock, Microsoft.Extensions.Internal.SystemClock>();
         builder.Services.AddSingleton<ExponentialRetry>();
         builder.Services.Configure<ExponentialRetryOptions>(_ => { });