Consolidate restricted namespace logic

README.md

@@ -232,6 +232,27 @@ uses: buildpacks/github-actions/[email protected]
 | `crane-version` | Optional version of [`crane`][crane] to install. Defaults to `0.12.1`.
 | `yj-version` | Optional version of [`yj`][yj] to install. Defaults to `5.1.0`.
 
+## Development
+
+Build the image for a given command like this:
+
+```
+$ docker build --file Dockerfile \
+    --build-arg "SOURCE=registry/verify-namespace-owner/cmd" \
+    --tag verify-namespace-owner:latest .
+```
+
+Then run the image, while providing the necessary `INPUT_` vars like this:
+
+```
+$ docker run -e INPUT_TOKEN="<your-token>" \
+    -e INPUT_USER="{\"id\":1234,\"login\":\"example\"}" \
+    -e INPUT_OWNER=example \
+    -e INPUT_REPOSITORY=registry-namespaces \
+    -e INPUT_NAMESPACE=example \
+    verify-namespace-owner:latest
+```
+
 ## License
 This library is released under version 2.0 of the [Apache License][a].
 

registry/verify-namespace-owner/verify_namespace_owner.go

@@ -42,15 +42,15 @@ func VerifyNamespaceOwner(tk toolkit.Toolkit, organizations services.Organizatio
 		return toolkit.FailedErrorf("unable to unmarshal user\n%w", err)
 	}
 
+	if namespace.IsRestricted(c.Namespace) {
+		return toolkit.FailedErrorf("The namespace '%s' is restricted.", c.Namespace)
+	}
+
 	n, err := getNamespace(tk, c, user, repositories, strategy)
 	if err != nil {
 		return err
 	}
 
-	if isBlockedNamespaces(config{}) {
-		return toolkit.FailedErrorf("The namespace '%s' is restricted.", c.Namespace)
-	}
-
 	if namespace.IsOwner(n.Owners, namespace.ByUser(*user.ID)) {
 		fmt.Printf("Verified %s is an owner of %s\n", *user.Login, c.Namespace)
 		return nil
@@ -75,7 +75,6 @@ type config struct {
 	Repository        string
 	Namespace         string
 	AddIfMissing      bool
-	blockedNamespaces []string
 }
 
 func parseConfig(tk toolkit.Toolkit) (config, error) {
@@ -104,12 +103,6 @@ func parseConfig(tk toolkit.Toolkit) (config, error) {
 		return config{}, toolkit.FailedError("namespace must be set")
 	}
 
-	c.blockedNamespaces, ok = tk.GetInputList("blocked_namespaces")
-	if !ok {
-		defaultBlockedNamespaces := []string{"cncf", "buildpacks", "cnb", "buildpacksio", "buildpack"}
-		c.blockedNamespaces = defaultBlockedNamespaces
-	}
-
 	if s, ok := tk.GetInput("add-if-missing"); ok {
 		if t, err := strconv.ParseBool(s); err == nil {
 			c.AddIfMissing = t
@@ -143,7 +136,8 @@ func getNamespace(tk toolkit.Toolkit, c config, user github.User, repositories s
 				Message: github.String(fmt.Sprintf("New Namespace: %s", c.Namespace)),
 				Content: b,
 			}); resp != nil && resp.StatusCode == http.StatusConflict {
-				tk.Warningf("retrying namespace update after conflict: %s", file)
+				tk.Warningf("retrying namespace update after conflict: %s, %s", file, resp.Body)
+				tk.Debugf("response: %s", resp.Body)
 				continue
 			} else if err != nil {
 				tk.Errorf("unable to create namespace: %s", file)
@@ -195,12 +189,3 @@ func listOrganizations(user string, organizations services.OrganizationsService)
 
 	return ids, nil
 }
-
-func isBlockedNamespaces(c config) bool {
-	for _, name := range c.blockedNamespaces {
-		if c.Namespace == name {
-			return true
-		}
-	}
-	return false
-}