Run Access check only with a Token (#43)

fmenezes · web-flow · commit 69cc216f884c · 2020-08-31T13:00:07.000+01:00
diff --git a/.gitignore b/.gitignore
@@ -1 +1,2 @@
 .DS_Store
+profile.cov
diff --git a/checkers/access.go b/checkers/access.go
@@ -31,6 +31,10 @@ type accessValidator struct {
 
 // ValidateLine runs this NoOwner's check against each line
 func (v accessValidator) ValidateLine(lineNo int, line string) []codeowners.CheckResult {
+	if len(v.options.GithubToken) == 0 {
+		return nil
+	}
+
 	results := []codeowners.CheckResult{}
 
 	_, owners := codeowners.ParseLine(line)
diff --git a/checkers/access_test.go b/checkers/access_test.go
@@ -35,6 +35,7 @@ func TestAccessCheck(t *testing.T) {
 	validator := checker.NewValidator(codeowners.ValidatorOptions{
 		Directory:              ".",
 		CodeownersFileLocation: "CODEOWNERS",
+		GithubToken:            "token",
 	})
 	got := validator.ValidateLine(input.lineNo, input.line)
 	if !reflect.DeepEqual(got, want) {
@@ -69,6 +70,7 @@ func TestAccessCheckError(t *testing.T) {
 	validator := checker.NewValidator(codeowners.ValidatorOptions{
 		Directory:              ".",
 		CodeownersFileLocation: "CODEOWNERS",
+		GithubToken:            "token",
 	})
 	got := validator.ValidateLine(input.lineNo, input.line)
 	if !reflect.DeepEqual(got, want) {
@@ -88,6 +90,7 @@ func TestAccessCheckPass(t *testing.T) {
 	validator := checker.NewValidator(codeowners.ValidatorOptions{
 		Directory:              ".",
 		CodeownersFileLocation: "CODEOWNERS",
+		GithubToken:            "token",
 	})
 	got := validator.ValidateLine(input.lineNo, input.line)
 	if got != nil {
@@ -107,6 +110,7 @@ func TestAccessCheckPassInvalidOwners(t *testing.T) {
 	validator := checker.NewValidator(codeowners.ValidatorOptions{
 		Directory:              ".",
 		CodeownersFileLocation: "CODEOWNERS",
+		GithubToken:            "token",
 	})
 	got := validator.ValidateLine(input.lineNo, input.line)
 	if got != nil {
@@ -126,6 +130,26 @@ func TestAccessCheckPassNoOwners(t *testing.T) {
 	validator := checker.NewValidator(codeowners.ValidatorOptions{
 		Directory:              ".",
 		CodeownersFileLocation: "CODEOWNERS",
+		GithubToken:            "token",
+	})
+	got := validator.ValidateLine(input.lineNo, input.line)
+	if got != nil {
+		t.Errorf("Input: %v, Want: %v, Got: %v", input, nil, got)
+	}
+}
+
+func TestAccessCheckNoTokenPass(t *testing.T) {
+	input := struct {
+		lineNo int
+		line   string
+	}{
+		lineNo: 1,
+		line:   "filepattern @ownerWithAccess",
+	}
+	checker := checkers.Access{}
+	validator := checker.NewValidator(codeowners.ValidatorOptions{
+		Directory:              "bad",
+		CodeownersFileLocation: "bad",
 	})
 	got := validator.ValidateLine(input.lineNo, input.line)
 	if got != nil {
@@ -159,6 +183,7 @@ func TestAccessCheckInvalidDir(t *testing.T) {
 	validator := checker.NewValidator(codeowners.ValidatorOptions{
 		Directory:              "bad",
 		CodeownersFileLocation: "bad",
+		GithubToken:            "token",
 	})
 	got := validator.ValidateLine(input.lineNo, input.line)
 	if !reflect.DeepEqual(got, want) {
@@ -192,6 +217,7 @@ func TestAccessCheckNoCollaborator(t *testing.T) {
 	validator := checker.NewValidator(codeowners.ValidatorOptions{
 		Directory:              ".",
 		CodeownersFileLocation: "CODEOWNERS",
+		GithubToken:            "token",
 	})
 	got := validator.ValidateLine(input.lineNo, input.line)
 	if !reflect.DeepEqual(got, want) {
@@ -225,6 +251,7 @@ func TestAccessCheckIsCollaboratorError(t *testing.T) {
 	validator := checker.NewValidator(codeowners.ValidatorOptions{
 		Directory:              ".",
 		CodeownersFileLocation: "CODEOWNERS",
+		GithubToken:            "token",
 	})
 	got := validator.ValidateLine(input.lineNo, input.line)
 	if !reflect.DeepEqual(got, want) {
@@ -244,6 +271,7 @@ func TestAccessCheckTeamPass(t *testing.T) {
 	validator := checker.NewValidator(codeowners.ValidatorOptions{
 		Directory:              ".",
 		CodeownersFileLocation: "CODEOWNERS",
+		GithubToken:            "token",
 	})
 	got := validator.ValidateLine(input.lineNo, input.line)
 	if got != nil {
@@ -257,7 +285,7 @@ func TestAccessCheckTeamDeny(t *testing.T) {
 		line   string
 	}{
 		lineNo: 1,
-		line:   "filepattern @org/team",
+		line:   "filepattern @org/denyTeam",
 	}
 	want := []codeowners.CheckResult{
 		{
@@ -266,9 +294,9 @@ func TestAccessCheckTeamDeny(t *testing.T) {
 				StartLine:   1,
 				StartColumn: 13,
 				EndLine:     1,
-				EndColumn:   22,
+				EndColumn:   26,
 			},
-			Message:   "Owner '@org/team' has no write access",
+			Message:   "Owner '@org/denyTeam' has no write access",
 			Severity:  codeowners.Error,
 			CheckName: "Access",
 		},
@@ -277,6 +305,7 @@ func TestAccessCheckTeamDeny(t *testing.T) {
 	validator := checker.NewValidator(codeowners.ValidatorOptions{
 		Directory:              ".",
 		CodeownersFileLocation: "CODEOWNERS",
+		GithubToken:            "token",
 	})
 	got := validator.ValidateLine(input.lineNo, input.line)
 	if !reflect.DeepEqual(got, want) {
@@ -296,6 +325,7 @@ func TestAccessCheckEmailPass(t *testing.T) {
 	validator := checker.NewValidator(codeowners.ValidatorOptions{
 		Directory:              ".",
 		CodeownersFileLocation: "CODEOWNERS",
+		GithubToken:            "token",
 	})
 	got := validator.ValidateLine(input.lineNo, input.line)
 	if got != nil {
@@ -328,6 +358,7 @@ func TestAccessCheckEmailDeny(t *testing.T) {
 	validator := checker.NewValidator(codeowners.ValidatorOptions{
 		Directory:              ".",
 		CodeownersFileLocation: "CODEOWNERS",
+		GithubToken:            "token",
 	})
 	got := validator.ValidateLine(input.lineNo, input.line)
 	if !reflect.DeepEqual(got, want) {
@@ -342,11 +373,11 @@ func TestAccessCheckDenyMemo(t *testing.T) {
 	}{
 		{
 			lineNo: 1,
-			line:   "filepattern @org/team",
+			line:   "filepattern @org/denyTeam",
 		},
 		{
 			lineNo: 2,
-			line:   "filepattern2 @org/team",
+			line:   "filepattern2 @org/denyTeam",
 		},
 	}
 	want := []codeowners.CheckResult{
@@ -356,9 +387,9 @@ func TestAccessCheckDenyMemo(t *testing.T) {
 				StartLine:   1,
 				StartColumn: 13,
 				EndLine:     1,
-				EndColumn:   22,
+				EndColumn:   26,
 			},
-			Message:   "Owner '@org/team' has no write access",
+			Message:   "Owner '@org/denyTeam' has no write access",
 			Severity:  codeowners.Error,
 			CheckName: "Access",
 		},
@@ -368,9 +399,9 @@ func TestAccessCheckDenyMemo(t *testing.T) {
 				StartLine:   2,
 				StartColumn: 14,
 				EndLine:     2,
-				EndColumn:   23,
+				EndColumn:   27,
 			},
-			Message:   "Owner '@org/team' has no write access",
+			Message:   "Owner '@org/denyTeam' has no write access",
 			Severity:  codeowners.Error,
 			CheckName: "Access",
 		},
@@ -379,6 +410,7 @@ func TestAccessCheckDenyMemo(t *testing.T) {
 	validator := checker.NewValidator(codeowners.ValidatorOptions{
 		Directory:              ".",
 		CodeownersFileLocation: "CODEOWNERS",
+		GithubToken:            "token",
 	})
 	got := []codeowners.CheckResult{}
 	for _, inputLine := range input {
diff --git a/checkers/github.go b/checkers/github.go
@@ -7,10 +7,10 @@ import (
 	"strings"
 
 	"github.com/fmenezes/codeowners"
-	"github.com/google/go-github/github"
+	"github.com/google/go-github/v32/github"
 )
 
-type accessApi struct {
+type accessAPI struct {
 	directory   string
 	tokenType   string
 	token       string
@@ -23,35 +23,40 @@ type accessApi struct {
 	ctx    context.Context
 }
 
-func (a *accessApi) extractRepoData() {
+func (a *accessAPI) extractRepoData() {
 	r := regexp.MustCompile(`github.com[\:\/]([A-Za-z0-9-]+)\/([A-Za-z0-9-]+)\.git`)
 	data := r.FindStringSubmatch(a.repoURL)
 	a.repoOwner = data[1]
 	a.repoName = data[2]
 }
 
-func (a accessApi) fetchTeamAccess(org, team string) (string, error) {
-	teams, _, err := a.client.Repositories.ListTeams(a.ctx, a.repoOwner, a.repoName, nil)
+func (a accessAPI) fetchTeamAccess(org, team string) (string, error) {
+	repo, _, err := a.client.Teams.IsTeamRepoBySlug(a.ctx, org, team, a.repoOwner, a.repoName)
 	if err != nil {
 		return "", err
 	}
-	for _, t := range teams {
-		if t.GetOrganization().GetLogin() == org && t.GetSlug() == team {
-			return t.GetPermission(), nil
-		}
+	data := repo.GetPermissions()
+	if data["admin"] {
+		return "admin", nil
+	}
+	if data["maintain"] {
+		return "maintain", nil
+	}
+	if data["push"] {
+		return "push", nil
 	}
 	return "none", nil
 }
 
-func (a accessApi) hasWriteAccess() bool {
+func (a accessAPI) hasWriteAccess() bool {
 	switch a.accessLevel {
 	case "admin", "push", "maintain", "write", "email": // allowing emails to pass
 		return true
 	}
 	return false
 }
 
-func (a accessApi) fetchUserAccess(user string) (string, error) {
+func (a accessAPI) fetchUserAccess(user string) (string, error) {
 	isCollaborator, _, err := a.client.Repositories.IsCollaborator(a.ctx, a.repoOwner, a.repoName, user)
 	if err != nil {
 		return "", err
@@ -66,7 +71,7 @@ func (a accessApi) fetchUserAccess(user string) (string, error) {
 	return permissionLevel.GetPermission(), nil
 }
 
-func (a accessApi) findUserFromEmail(email string) (string, error) {
+func (a accessAPI) findUserFromEmail(email string) (string, error) {
 	res, _, err := a.client.Search.Users(a.ctx, fmt.Sprintf("%s in:email type:user", email), nil)
 	if err != nil {
 		return "", err
@@ -77,7 +82,7 @@ func (a accessApi) findUserFromEmail(email string) (string, error) {
 	return "", nil
 }
 
-func (a *accessApi) fetchAccess(user string) error {
+func (a *accessAPI) fetchAccess(user string) error {
 	var err error
 	login := ""
 	if string(user[0]) == "@" {
@@ -113,7 +118,7 @@ func (a *accessApi) fetchAccess(user string) error {
 }
 
 func ownerHasWriteAccess(options codeowners.ValidatorOptions, user string) (bool, error) {
-	a := accessApi{
+	a := accessAPI{
 		ctx:       context.Background(),
 		directory: options.Directory,
 		token:     options.GithubToken,
diff --git a/checkers/github_api.go b/checkers/github_api.go
@@ -6,11 +6,11 @@ import (
 	"os/exec"
 	"strings"
 
-	"github.com/google/go-github/github"
+	"github.com/google/go-github/v32/github"
 	"golang.org/x/oauth2"
 )
 
-func (a *accessApi) extractRepoURL() error {
+func (a *accessAPI) extractRepoURL() error {
 	cmd := exec.Command("git", "config", "--get", "remote.origin.url")
 	cmd.Dir = a.directory
 	out, err := cmd.Output()
@@ -21,12 +21,12 @@ func (a *accessApi) extractRepoURL() error {
 	return nil
 }
 
-func (a *accessApi) initiateClient() {
+func (a *accessAPI) initiateClient() {
 	tokenSource := oauth2.StaticTokenSource(
 		&oauth2.Token{AccessToken: a.token, TokenType: a.tokenType},
 	)
 	oauthClient := oauth2.NewClient(a.ctx, tokenSource)
 	a.client = github.NewClient(oauthClient)
 }
 
-func (a *accessApi) terminateClient() {}
+func (a *accessAPI) terminateClient() {}
diff --git a/checkers/github_mock.go b/checkers/github_mock.go
@@ -11,10 +11,10 @@ import (
 	"regexp"
 	"strings"
 
-	"github.com/google/go-github/github"
+	"github.com/google/go-github/v32/github"
 )
 
-func (a *accessApi) extractRepoURL() error {
+func (a *accessAPI) extractRepoURL() error {
 	if a.directory == "bad" {
 		return errors.New("Mocked error")
 	}
@@ -71,9 +71,14 @@ func mockedServer(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
-	teamUrlRegex := regexp.MustCompile(`/repos/([^/]+)/([^/]+)/teams$`)
+	teamUrlRegex := regexp.MustCompile(`/orgs/([^/]+)/teams/([^/]+)/repos/([^/]+)/([^/]+)$`)
 	parts = teamUrlRegex.FindStringSubmatch(r.URL.String())
+
 	if len(parts) > 0 {
+		if parts[2] == "denyTeam" {
+			w.WriteHeader(404)
+			return
+		}
 		h.Add("Content-Type", "application/json")
 		w.WriteHeader(200)
 		c, _ := ioutil.ReadFile(filepath.Join("..", "test", "fixtures", "team", "pass.json"))
@@ -94,12 +99,12 @@ func mockedServer(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
-func (a *accessApi) initiateClient() {
+func (a *accessAPI) initiateClient() {
 	server = httptest.NewServer(http.HandlerFunc(mockedServer))
 	client, _ := github.NewEnterpriseClient(server.URL, server.URL, nil)
 	a.client = client
 }
 
-func (a *accessApi) terminateClient() {
+func (a *accessAPI) terminateClient() {
 	server.Close()
 }
diff --git a/go.mod b/go.mod
@@ -3,8 +3,6 @@ module github.com/fmenezes/codeowners
 go 1.14
 
 require (
-	github.com/google/go-github v17.0.0+incompatible
-	github.com/google/go-querystring v1.0.0 // indirect
-	golang.org/x/net v0.0.0-20150619012842-d375fa34084f // indirect
-	golang.org/x/oauth2 v0.0.0-20160428204544-9ef2eddcc677
+	github.com/google/go-github/v32 v32.1.0
+	golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be
 )
diff --git a/go.sum b/go.sum
@@ -1,8 +1,16 @@
-github.com/google/go-github v17.0.0+incompatible h1:N0LgJ1j65A7kfXrZnUDaYCs/Sf4rEjNlfyDHW9dolSY=
-github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ=
+github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs=
+github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/google/go-github/v32 v32.1.0 h1:GWkQOdXqviCPx7Q7Fj+KyPoGm4SwHRh8rheoPhd27II=
+github.com/google/go-github/v32 v32.1.0/go.mod h1:rIEpZD9CTDQwDK9GDrtMTycQNA4JU3qBsCizh3q2WCI=
 github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk=
 github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
-golang.org/x/net v0.0.0-20150619012842-d375fa34084f h1:SCcQHcQHdI84d6MaqitXLnqMCHCY3JRWg9vpeKF9S4U=
-golang.org/x/net v0.0.0-20150619012842-d375fa34084f/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/oauth2 v0.0.0-20160428204544-9ef2eddcc677 h1:zl0Z/AlDr4BNyCx+hax5ViLj7eiwDqE3YhKJ1MfVV34=
-golang.org/x/oauth2 v0.0.0-20160428204544-9ef2eddcc677/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 h1:VklqNMn3ovrHsnt90PveolxSbWFaJdECFbxSq0Mqo2M=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a h1:oWX7TPOiFAMXLq8o0ikBYfCJVlRHBcsciT5bXOrH628=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be h1:vEDujvNQGv4jgYKudGeI/+DAX4Jffq6hpD55MmoEvKs=
+golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+google.golang.org/appengine v1.1.0 h1:igQkv0AAhEIvTEpD5LIpAfav2eeVO9HBTjvKHVJPRSs=
+google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
diff --git a/test/fixtures/team/pass.json b/test/fixtures/team/pass.json

Original file line number	Diff line number	Diff line change
`@@ -6,11 +6,11 @@ import (`
`6`	`6`	`"os/exec"`
`7`	`7`	`"strings"`
`8`	`8`
`9`		`- "github.com/google/go-github/github"`
	`9`	`+ "github.com/google/go-github/v32/github"`
`10`	`10`	`"golang.org/x/oauth2"`
`11`	`11`	`)`
`12`	`12`
`13`		`-func (a *accessApi) extractRepoURL() error {`
	`13`	`+func (a *accessAPI) extractRepoURL() error {`
`14`	`14`	`cmd := exec.Command("git", "config", "--get", "remote.origin.url")`
`15`	`15`	`cmd.Dir = a.directory`
`16`	`16`	`out, err := cmd.Output()`
`@@ -21,12 +21,12 @@ func (a *accessApi) extractRepoURL() error {`
`21`	`21`	`return nil`
`22`	`22`	`}`
`23`	`23`
`24`		`-func (a *accessApi) initiateClient() {`
	`24`	`+func (a *accessAPI) initiateClient() {`
`25`	`25`	`tokenSource := oauth2.StaticTokenSource(`
`26`	`26`	`&oauth2.Token{AccessToken: a.token, TokenType: a.tokenType},`
`27`	`27`	`)`
`28`	`28`	`oauthClient := oauth2.NewClient(a.ctx, tokenSource)`
`29`	`29`	`a.client = github.NewClient(oauthClient)`
`30`	`30`	`}`
`31`	`31`
`32`		`-func (a *accessApi) terminateClient() {}`
	`32`	`+func (a *accessAPI) terminateClient() {}`
Original file line number	Diff line number	Diff line change
`@@ -11,10 +11,10 @@ import (`
`11`	`11`	`"regexp"`
`12`	`12`	`"strings"`
`13`	`13`
`14`		`- "github.com/google/go-github/github"`
	`14`	`+ "github.com/google/go-github/v32/github"`
`15`	`15`	`)`
`16`	`16`
`17`		`-func (a *accessApi) extractRepoURL() error {`
	`17`	`+func (a *accessAPI) extractRepoURL() error {`
`18`	`18`	`if a.directory == "bad" {`
`19`	`19`	`return errors.New("Mocked error")`
`20`	`20`	`}`
`@@ -71,9 +71,14 @@ func mockedServer(w http.ResponseWriter, r *http.Request) {`
`71`	`71`	`}`
`72`	`72`	`}`
`73`	`73`
`74`		- teamUrlRegex := regexp.MustCompile(`/repos/([^/]+)/([^/]+)/teams$`)
	`74`	+ teamUrlRegex := regexp.MustCompile(`/orgs/([^/]+)/teams/([^/]+)/repos/([^/]+)/([^/]+)$`)
`75`	`75`	`parts = teamUrlRegex.FindStringSubmatch(r.URL.String())`
	`76`	`+`
`76`	`77`	`if len(parts) > 0 {`
	`78`	`+ if parts[2] == "denyTeam" {`
	`79`	`+ w.WriteHeader(404)`
	`80`	`+ return`
	`81`	`+ }`
`77`	`82`	`h.Add("Content-Type", "application/json")`
`78`	`83`	`w.WriteHeader(200)`
`79`	`84`	`c, _ := ioutil.ReadFile(filepath.Join("..", "test", "fixtures", "team", "pass.json"))`
`@@ -94,12 +99,12 @@ func mockedServer(w http.ResponseWriter, r *http.Request) {`
`94`	`99`	`}`
`95`	`100`	`}`
`96`	`101`
`97`		`-func (a *accessApi) initiateClient() {`
	`102`	`+func (a *accessAPI) initiateClient() {`
`98`	`103`	`server = httptest.NewServer(http.HandlerFunc(mockedServer))`
`99`	`104`	`client, _ := github.NewEnterpriseClient(server.URL, server.URL, nil)`
`100`	`105`	`a.client = client`
`101`	`106`	`}`
`102`	`107`
`103`		`-func (a *accessApi) terminateClient() {`
	`108`	`+func (a *accessAPI) terminateClient() {`
`104`	`109`	`server.Close()`
`105`	`110`	`}`