Make the default github.com endpoint mutable

The k8s operator seems to want to define its own endpoint. This change allows the removal of the default gh endpoint if no credentials are tied to it. Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
2025-05-23 17:15:42 +00:00 · 2025-05-23 17:15:42 +00:00 · 750446acec
commit 750446acec
parent 1e0cb72aa3
92 changed files with 2568 additions and 1159 deletions
--- a/database/sql/github.go
+++ b/database/sql/github.go
@ -28,10 +28,6 @@ import (
 	"github.com/cloudbase/garm/params"
 )

-const (
-	defaultGithubEndpoint string = "github.com"
-)
-
 func (s *sqlDatabase) sqlToCommonGithubCredentials(creds GithubCredentials) (params.GithubCredentials, error) {
 	if len(creds.Payload) == 0 {
 		return params.GithubCredentials{}, errors.New("empty credentials payload")
@ -168,10 +164,6 @@ func (s *sqlDatabase) ListGithubEndpoints(_ context.Context) ([]params.GithubEnd
 }

 func (s *sqlDatabase) UpdateGithubEndpoint(_ context.Context, name string, param params.UpdateGithubEndpointParams) (ghEndpoint params.GithubEndpoint, err error) {
-	if name == defaultGithubEndpoint {
-		return params.GithubEndpoint{}, errors.Wrap(runnerErrors.ErrBadRequest, "cannot update default github endpoint")
-	}
-
 	defer func() {
 		if err == nil {
 			s.sendNotify(common.GithubEndpointEntityType, common.UpdateOperation, ghEndpoint)
@ -185,6 +177,16 @@ func (s *sqlDatabase) UpdateGithubEndpoint(_ context.Context, name string, param
 			}
 			return errors.Wrap(err, "fetching github endpoint")
 		}
+
+		var credsCount int64
+		if err := tx.Model(&GithubCredentials{}).Where("endpoint_name = ?", endpoint.Name).Count(&credsCount).Error; err != nil {
+			if !errors.Is(err, gorm.ErrRecordNotFound) {
+				return errors.Wrap(err, "fetching github credentials")
+			}
+		}
+		if credsCount > 0 && (param.APIBaseURL != nil || param.BaseURL != nil || param.UploadBaseURL != nil) {
+			return errors.Wrap(runnerErrors.ErrBadRequest, "cannot update endpoint URLs with existing credentials")
+		}
 		if param.APIBaseURL != nil {
 			endpoint.APIBaseURL = *param.APIBaseURL
 		}
@ -236,10 +238,6 @@ func (s *sqlDatabase) GetGithubEndpoint(_ context.Context, name string) (params.
 }

 func (s *sqlDatabase) DeleteGithubEndpoint(_ context.Context, name string) (err error) {
-	if name == defaultGithubEndpoint {
-		return errors.Wrap(runnerErrors.ErrBadRequest, "cannot delete default github endpoint")
-	}
-
 	defer func() {
 		if err == nil {
 			s.sendNotify(common.GithubEndpointEntityType, common.DeleteOperation, params.GithubEndpoint{Name: name})
@ -283,7 +281,7 @@ func (s *sqlDatabase) DeleteGithubEndpoint(_ context.Context, name string) (err
 		}

 		if credsCount > 0 || repoCnt > 0 || orgCnt > 0 || entCnt > 0 {
-			return errors.New("cannot delete endpoint with associated entities")
+			return errors.Wrap(runnerErrors.ErrBadRequest, "cannot delete endpoint with associated entities")
 		}

 		if err := tx.Unscoped().Delete(&endpoint).Error; err != nil {
--- a/database/sql/github_test.go
+++ b/database/sql/github_test.go
@ -40,6 +40,7 @@ const (
 	testEndpointDescription string = "test description"
 	testCredsName           string = "test-creds"
 	testCredsDescription    string = "test creds"
+	defaultGithubEndpoint   string = "github.com"
 )

 type GithubTestSuite struct {
@ -56,20 +57,13 @@ func (s *GithubTestSuite) SetupTest() {
 	s.db = db
 }

-func (s *GithubTestSuite) TestDefaultEndpointGetsCreatedAutomatically() {
+func (s *GithubTestSuite) TestDefaultEndpointGetsCreatedAutomaticallyIfNoOtherEndpointExists() {
 	ctx := garmTesting.ImpersonateAdminContext(context.Background(), s.db, s.T())
 	endpoint, err := s.db.GetGithubEndpoint(ctx, defaultGithubEndpoint)
 	s.Require().NoError(err)
 	s.Require().NotNil(endpoint)
 }

-func (s *GithubTestSuite) TestDeletingDefaultEndpointFails() {
-	ctx := garmTesting.ImpersonateAdminContext(context.Background(), s.db, s.T())
-	err := s.db.DeleteGithubEndpoint(ctx, defaultGithubEndpoint)
-	s.Require().Error(err)
-	s.Require().ErrorIs(err, runnerErrors.ErrBadRequest)
-}
-
 func (s *GithubTestSuite) TestCreatingEndpoint() {
 	ctx := garmTesting.ImpersonateAdminContext(context.Background(), s.db, s.T())

@ -153,6 +147,39 @@ func (s *GithubTestSuite) TestDeletingEndpoint() {
 	s.Require().ErrorIs(err, runnerErrors.ErrNotFound)
 }

+func (s *GithubTestSuite) TestDeleteGithubEndpointFailsWhenCredentialsExist() {
+	ctx := garmTesting.ImpersonateAdminContext(context.Background(), s.db, s.T())
+
+	createEpParams := params.CreateGithubEndpointParams{
+		Name:          testEndpointName,
+		Description:   testEndpointDescription,
+		APIBaseURL:    testAPIBaseURL,
+		UploadBaseURL: testUploadBaseURL,
+		BaseURL:       testBaseURL,
+	}
+
+	endpoint, err := s.db.CreateGithubEndpoint(ctx, createEpParams)
+	s.Require().NoError(err)
+	s.Require().NotNil(endpoint)
+
+	credParams := params.CreateGithubCredentialsParams{
+		Name:        testCredsName,
+		Description: testCredsDescription,
+		Endpoint:    testEndpointName,
+		AuthType:    params.GithubAuthTypePAT,
+		PAT: params.GithubPAT{
+			OAuth2Token: "test",
+		},
+	}
+
+	_, err = s.db.CreateGithubCredentials(ctx, credParams)
+	s.Require().NoError(err)
+
+	err = s.db.DeleteGithubEndpoint(ctx, testEndpointName)
+	s.Require().Error(err)
+	s.Require().ErrorIs(err, runnerErrors.ErrBadRequest)
+}
+
 func (s *GithubTestSuite) TestUpdateEndpoint() {
 	ctx := garmTesting.ImpersonateAdminContext(context.Background(), s.db, s.T())

@ -168,7 +195,7 @@ func (s *GithubTestSuite) TestUpdateEndpoint() {
 	s.Require().NoError(err)
 	s.Require().NotNil(endpoint)

-	newDescription := "new description"
+	newDescription := "the new description"
 	newAPIBaseURL := "https://new-api.example.com"
 	newUploadBaseURL := "https://new-uploads.example.com"
 	newBaseURL := "https://new.example.com"
@ -192,6 +219,72 @@ func (s *GithubTestSuite) TestUpdateEndpoint() {
 	s.Require().Equal(caCertBundle, updatedEndpoint.CACertBundle)
 }

+func (s *GithubTestSuite) TestUpdateEndpointUDLsFailsIfCredentialsAreAssociated() {
+	ctx := garmTesting.ImpersonateAdminContext(context.Background(), s.db, s.T())
+
+	createEpParams := params.CreateGithubEndpointParams{
+		Name:          testEndpointName,
+		Description:   testEndpointDescription,
+		APIBaseURL:    testAPIBaseURL,
+		UploadBaseURL: testUploadBaseURL,
+		BaseURL:       testBaseURL,
+	}
+
+	endpoint, err := s.db.CreateGithubEndpoint(ctx, createEpParams)
+	s.Require().NoError(err)
+	s.Require().NotNil(endpoint)
+
+	credParams := params.CreateGithubCredentialsParams{
+		Name:        testCredsName,
+		Description: testCredsDescription,
+		Endpoint:    testEndpointName,
+		AuthType:    params.GithubAuthTypePAT,
+		PAT: params.GithubPAT{
+			OAuth2Token: "test",
+		},
+	}
+
+	_, err = s.db.CreateGithubCredentials(ctx, credParams)
+	s.Require().NoError(err)
+
+	newDescription := "new description"
+	newBaseURL := "https://new.example.com"
+	newAPIBaseURL := "https://new-api.example.com"
+	newUploadBaseURL := "https://new-uploads.example.com"
+	updateEpParams := params.UpdateGithubEndpointParams{
+		BaseURL: &newBaseURL,
+	}
+
+	_, err = s.db.UpdateGithubEndpoint(ctx, testEndpointName, updateEpParams)
+	s.Require().Error(err)
+	s.Require().ErrorIs(err, runnerErrors.ErrBadRequest)
+	s.Require().EqualError(err, "updating github endpoint: cannot update endpoint URLs with existing credentials: invalid request")
+
+	updateEpParams = params.UpdateGithubEndpointParams{
+		UploadBaseURL: &newUploadBaseURL,
+	}
+
+	_, err = s.db.UpdateGithubEndpoint(ctx, testEndpointName, updateEpParams)
+	s.Require().Error(err)
+	s.Require().ErrorIs(err, runnerErrors.ErrBadRequest)
+	s.Require().EqualError(err, "updating github endpoint: cannot update endpoint URLs with existing credentials: invalid request")
+
+	updateEpParams = params.UpdateGithubEndpointParams{
+		APIBaseURL: &newAPIBaseURL,
+	}
+	_, err = s.db.UpdateGithubEndpoint(ctx, testEndpointName, updateEpParams)
+	s.Require().Error(err)
+	s.Require().ErrorIs(err, runnerErrors.ErrBadRequest)
+	s.Require().EqualError(err, "updating github endpoint: cannot update endpoint URLs with existing credentials: invalid request")
+
+	updateEpParams = params.UpdateGithubEndpointParams{
+		Description: &newDescription,
+	}
+	ret, err := s.db.UpdateGithubEndpoint(ctx, testEndpointName, updateEpParams)
+	s.Require().NoError(err)
+	s.Require().Equal(newDescription, ret.Description)
+}
+
 func (s *GithubTestSuite) TestUpdatingNonExistingEndpointReturnsNotFoundError() {
 	ctx := garmTesting.ImpersonateAdminContext(context.Background(), s.db, s.T())

--- a/database/sql/sql.go
+++ b/database/sql/sql.go
@ -212,9 +212,18 @@ func (s *sqlDatabase) ensureGithubEndpoint() error {
 		UploadBaseURL: appdefaults.GithubDefaultUploadBaseURL,
 	}

-	if _, err := s.CreateGithubEndpoint(context.Background(), createEndpointParams); err != nil {
-		if !errors.Is(err, runnerErrors.ErrDuplicateEntity) {
-			return errors.Wrap(err, "creating default github endpoint")
+	var epCount int64
+	if err := s.conn.Model(&GithubEndpoint{}).Count(&epCount).Error; err != nil {
+		if !errors.Is(err, gorm.ErrRecordNotFound) {
+			return errors.Wrap(err, "counting github endpoints")
+		}
+	}
+
+	if epCount == 0 {
+		if _, err := s.CreateGithubEndpoint(context.Background(), createEndpointParams); err != nil {
+			if !errors.Is(err, runnerErrors.ErrDuplicateEntity) {
+				return errors.Wrap(err, "creating default github endpoint")
+			}
 		}
 	}