This repository was archived by the owner on Sep 30, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
/
Copy pathauthz.go
81 lines (70 loc) · 2.71 KB
/
authz.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
package perforce
import (
"strings"
"github.com/sourcegraph/log"
"github.com/sourcegraph/sourcegraph/internal/database"
"github.com/sourcegraph/sourcegraph/internal/gitserver"
"github.com/sourcegraph/sourcegraph/internal/licensing"
"github.com/sourcegraph/sourcegraph/internal/authz"
atypes "github.com/sourcegraph/sourcegraph/internal/authz/types"
"github.com/sourcegraph/sourcegraph/internal/extsvc"
"github.com/sourcegraph/sourcegraph/internal/types"
"github.com/sourcegraph/sourcegraph/schema"
)
// NewAuthzProviders returns the set of Perforce authz providers derived from the connections.
//
// It also returns any simple validation problems with the config, separating these into "serious problems"
// and "warnings". "Serious problems" are those that should make Sourcegraph set authz.allowAccessByDefault
// to false. "Warnings" are all other validation problems.
//
// This constructor does not and should not directly check connectivity to external services - if
// desired, callers should use `(*Provider).ValidateConnection` directly to get warnings related
// to connection issues.
func NewAuthzProviders(db database.DB, conns []*types.PerforceConnection) *atypes.ProviderInitResult {
initResults := &atypes.ProviderInitResult{}
for _, c := range conns {
p, err := newAuthzProvider(c.URN, db, c.Authorization, c.P4Port, c.P4User, c.P4Passwd, c.Depots)
if err != nil {
initResults.InvalidConnections = append(initResults.InvalidConnections, extsvc.TypePerforce)
initResults.Problems = append(initResults.Problems, err.Error())
} else if p != nil {
initResults.Providers = append(initResults.Providers, p)
}
}
return initResults
}
func newAuthzProvider(
urn string,
db database.DB,
a *schema.PerforceAuthorization,
host, user, password string,
depots []string,
) (authz.Provider, error) {
// Call this function from ValidateAuthz if this function starts returning an error.
if a == nil {
return nil, nil
}
logger := log.Scoped("authz")
if err := licensing.Check(licensing.FeatureACLs); err != nil {
return nil, err
}
var depotIDs []extsvc.RepoID
if a.SubRepoPermissions {
depotIDs = make([]extsvc.RepoID, len(depots))
for i, depot := range depots {
// Force depots as directories
if strings.HasSuffix(depot, "/") {
depotIDs[i] = extsvc.RepoID(depot)
} else {
depotIDs[i] = extsvc.RepoID(depot + "/")
}
}
}
return NewProvider(logger, db, gitserver.NewClient("authz.perforce"), urn, host, user, password, depotIDs, a.IgnoreRulesWithHost)
}
// ValidateAuthz validates the authorization fields of the given Perforce
// external service config.
func ValidateAuthz(_ *schema.PerforceConnection) error {
// newAuthzProvider always succeeds, so directly return nil here.
return nil
}