From 4a893292a9fbbeac95904347063b2436652ef750 Mon Sep 17 00:00:00 2001 From: Joe Kutner Date: Fri, 5 Nov 2021 09:27:57 -0500 Subject: [PATCH 1/2] Consolidate restricted namespace logic Signed-off-by: Joe Kutner --- .../verify_namespace_owner.go | 27 +++++-------------- 1 file changed, 6 insertions(+), 21 deletions(-) diff --git a/registry/verify-namespace-owner/verify_namespace_owner.go b/registry/verify-namespace-owner/verify_namespace_owner.go index 3450e1c..d87acac 100644 --- a/registry/verify-namespace-owner/verify_namespace_owner.go +++ b/registry/verify-namespace-owner/verify_namespace_owner.go @@ -42,15 +42,15 @@ func VerifyNamespaceOwner(tk toolkit.Toolkit, organizations services.Organizatio return toolkit.FailedErrorf("unable to unmarshal user\n%w", err) } + if namespace.IsRestricted(c.Namespace) { + return toolkit.FailedErrorf("The namespace '%s' is restricted.", c.Namespace) + } + n, err := getNamespace(tk, c, user, repositories, strategy) if err != nil { return err } - if isBlockedNamespaces(config{}) { - return toolkit.FailedErrorf("The namespace '%s' is restricted.", c.Namespace) - } - if namespace.IsOwner(n.Owners, namespace.ByUser(*user.ID)) { fmt.Printf("Verified %s is an owner of %s\n", *user.Login, c.Namespace) return nil @@ -75,7 +75,6 @@ type config struct { Repository string Namespace string AddIfMissing bool - blockedNamespaces []string } func parseConfig(tk toolkit.Toolkit) (config, error) { @@ -104,12 +103,6 @@ func parseConfig(tk toolkit.Toolkit) (config, error) { return config{}, toolkit.FailedError("namespace must be set") } - c.blockedNamespaces, ok = tk.GetInputList("blocked_namespaces") - if !ok { - defaultBlockedNamespaces := []string{"cncf", "buildpacks", "cnb", "buildpacksio", "buildpack"} - c.blockedNamespaces = defaultBlockedNamespaces - } - if s, ok := tk.GetInput("add-if-missing"); ok { if t, err := strconv.ParseBool(s); err == nil { c.AddIfMissing = t @@ -143,7 +136,8 @@ func getNamespace(tk toolkit.Toolkit, c config, user github.User, repositories s Message: github.String(fmt.Sprintf("New Namespace: %s", c.Namespace)), Content: b, }); resp != nil && resp.StatusCode == http.StatusConflict { - tk.Warningf("retrying namespace update after conflict: %s", file) + tk.Warningf("retrying namespace update after conflict: %s, %s", file, resp.Body) + tk.Debugf("response: %s", resp.Body) continue } else if err != nil { tk.Errorf("unable to create namespace: %s", file) @@ -195,12 +189,3 @@ func listOrganizations(user string, organizations services.OrganizationsService) return ids, nil } - -func isBlockedNamespaces(c config) bool { - for _, name := range c.blockedNamespaces { - if c.Namespace == name { - return true - } - } - return false -} From ae53da208dddb36356e60709f21453420dab99cd Mon Sep 17 00:00:00 2001 From: Joe Kutner Date: Fri, 5 Nov 2021 09:34:18 -0500 Subject: [PATCH 2/2] Add development instructions to the readme Signed-off-by: Joe Kutner --- README.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/README.md b/README.md index 65e310f..58b4509 100644 --- a/README.md +++ b/README.md @@ -221,6 +221,27 @@ uses: buildpacks/github-actions/setup-pack@v4.1.0 | `pack-version` | Optional version of [`pack`][pack] to install. Defaults to latest release. | `yj-version` | Optional version of [`yj`][yj] to install. Defaults to latest release. +## Development + +Build the image for a given command like this: + +``` +$ docker build --file Dockerfile \ + --build-arg "SOURCE=registry/verify-namespace-owner/cmd" \ + --tag verify-namespace-owner:latest . +``` + +Then run the image, while providing the necessary `INPUT_` vars like this: + +``` +$ docker run -e INPUT_TOKEN="" \ + -e INPUT_USER="{\"id\":1234,\"login\":\"example\"}" \ + -e INPUT_OWNER=example \ + -e INPUT_REPOSITORY=registry-namespaces \ + -e INPUT_NAMESPACE=example \ + verify-namespace-owner:latest +``` + ## License This library is released under version 2.0 of the [Apache License][a].