Skip to content

fix: return a codes.NotFound error when trying to get a non-existent repository #7548

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 30, 2021
Merged

fix: return a codes.NotFound error when trying to get a non-existent repository #7548

merged 3 commits into from
Oct 30, 2021

Conversation

Cylix
Copy link
Contributor

@Cylix Cylix commented Oct 26, 2021
edited
Loading

Context

Addressing #5951. More details can be found in the issue discussion, but as a quick summary:

  • argo repo get <repo> and /api/v1/repositories/{repo} are documented as Get a **configured** repository by URL.
  • However, Get() Repository does not return an error when querying a repo that is not configured in Argo.
  • Instead, it initializes an empty repository object, and tests the connectivity: errors returned to the user only come from the connectivity test.

In particular, Get() Repository relies on this db.getRepository. However, this function returns a valid repository object when no configured repository is found, rather than nil with an error. This contrasts with db.DeleteRepository that does return an error for unconfigured repositories

Change

db.GetRepository is called in different places, so I decided to avoid touching it, and instead implement a new db.RepositoryExists function that returns whether a repository matching the query is configured in Argo.

I then called this function from Get() Repository and propagated a codes.NotFound error as appropriate.

Alternatives

I thought about a couple of alternative implementations, let me know if an approach is preferred:

  • Modifying db.GetRepository to return an error when a repository is not found, rather than an empty repository object. This would need to be done carefully to avoid breaking things for logic that relies on that current behavior of db.GetRepository. A few approaches I can think about:
    • Adding a default parameter to db.GetRepository that would be the default return value if no repository is found
    • Moving the default empty repository initialization outside of db.GetRepository to every call site when repo == nil && err == nil
  • Keep the existing logic, but add a new field in the repository object to identify whether a repository is configured in Argo
  • Keep the existing logic without any change, but update the documentation to correctly reflect the expectation (basically, change the Get a **configured** repository by URL).

Testing

Manual Testing

Configured Repo (API):

$ curl -s -H "Authorization: Bearer $ARGOCD_TOKEN" -k http://localhost:8080/api/v1/repositories/https%3A%2F%2Fgithub.com%2Fcylix%2Fcpp_redis | jq

{
  "repo": "https://github.com/cylix/cpp_redis",
  "connectionState": {
    "status": "Successful",
    "message": "",
    "attemptedAt": "2021-10-26T05:41:17Z"
  },
  "type": "git",
  "project": "default"
}

Configured Repo (CLI):

$ argocd --server localhost:8080 --plaintext --grpc-web repo get https://github.com/cylix/cpp_redis
TYPE  NAME  REPO                                INSECURE  OCI    LFS    CREDS  STATUS      MESSAGE
git         https://github.com/cylix/cpp_redis  false     false  false  false  Successful

Unconfigured Repo (API):

$ curl -s -H "Authorization: Bearer $ARGOCD_TOKEN" -k http://localhost:8080/api/v1/repositories/https%3A%2F%2Fgithub.com%2Ffoo%2Fexample-project.git | jq

{
  "error": "repo 'https://github.com/foo/example-project.git' not found",
  "code": 5,
  "message": "repo 'https://github.com/foo/example-project.git' not found"
}
$ curl -s -H "Authorization: Bearer $ARGOCD_TOKEN" -k http://localhost:8080/api/v1/repositories/https%3A%2F%2Fgitlab.com%2Ffoo%2Fexample-project.git | jq

{
  "error": "repo 'https://gitlab.com/foo/example-project.git' not found",
  "code": 5,
  "message": "repo 'https://gitlab.com/foo/example-project.git' not found"
}
curl -s -H "Authorization: Bearer $ARGOCD_TOKEN" -k http://localhost:8080/api/v1/repositories/git%40gitlab.com%3Afoo%2Fexample-project.git | jq

{
  "error": "repo 'git@gitlab.com:foo/example-project.git' not found",
  "code": 5,
  "message": "repo 'git@gitlab.com:foo/example-project.git' not found"
}

Unconfigured Repo (CLI):

$ argocd --server localhost:8080 --plaintext --grpc-web repo get https://github.com/foo/example-project.git
FATA[0000] rpc error: code = NotFound desc = repo 'https://github.com/foo/example-project.git' not found

Unit Tests

Added unit tests coverage ✅

Checklist

  • Either (a) I've created an enhancement proposal and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes.
  • The title of the PR states what changed and the related issues number (used for the release note).
  • I've included "Closes [ISSUE #]" or "Fixes [ISSUE #]" in the description to automatically close the associated issue.
  • I've updated both the CLI and UI to expose my feature, or I plan to submit a second PR with them.
  • Does this PR require documentation updates?
  • I've updated documentation as required by this PR.
  • Optional. My organization is added to USERS.md.
  • I have signed off all my commits as required by DCO
  • I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
  • My build is green (troubleshooting builds).

Misc.

Fixes #5951

@Cylix Cylix force-pushed the 5951-fix-confusing-reply-for-non-existing-repositories branch from 6ef5e6c to fdb4e32 Compare October 26, 2021 05:15
@Cylix
fix: return a codes.NotFound error when trying to get a non-existent …
45e2985 
…repository

Signed-off-by: Simon Ninon <simon.ninon@gmail.com>
@Cylix Cylix force-pushed the 5951-fix-confusing-reply-for-non-existing-repositories branch from fdb4e32 to 45e2985 Compare October 26, 2021 06:00
@Cylix Cylix marked this pull request as ready for review October 26, 2021 06:01
jannfis
jannfis requested changes Oct 26, 2021
View reviewed changes
Copy link
Member

@jannfis jannfis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this PR @Cylix and also for the detailed description into your train of thoughts. That is much appreciated!

I have a change request, please see below.

server/repository/repository.go Outdated
Comment on lines 114 to 118
exists, err := s.db.RepositoryExists(ctx, q.Repo)
if !exists {
return nil, status.Errorf(codes.NotFound, "repo '%s' not found", q.Repo)
}

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This needs to be moved to after the permission check (EnforceErr) below, otherwise, configuration guessing would be possible by an unauthorized party. The behavior must be to return a permission denied if the user does not have access to a certain repository, regardless of whether the repository is actually configured or not.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the review @jannfis!

That's a good catch, I haven't thought about that! I moved the logic after the permission check as suggested, and I retested

Feel free to let me know if you'd like me to adjust anything else 👀

@Cylix
move s.db.RepositoryExists call after the permission check
9eb1059 
Signed-off-by: Simon Ninon <simon.ninon@gmail.com>
@Cylix Cylix force-pushed the 5951-fix-confusing-reply-for-non-existing-repositories branch from 6382514 to 9eb1059 Compare October 27, 2021 05:09
@Cylix
update ArgoDB mock and add unit tests
483f733 
Signed-off-by: Simon Ninon <simon.ninon@gmail.com>
@Cylix Cylix force-pushed the 5951-fix-confusing-reply-for-non-existing-repositories branch from 3fd97ca to 483f733 Compare October 27, 2021 22:08
@Cylix
Copy link
Contributor Author

Cylix commented Oct 28, 2021

Hey @jannfis: just to let you know that I also updated the unit tests to add proper coverage/ Took me a bit to get my local environment properly configured to run the unit tests, but it seems to be passing locally.

Do you know what's the way to trigger the pending workflows? Thanks!

@jannfis
Copy link
Member

jannfis commented Oct 29, 2021

Do you know what's the way to trigger the pending workflows? Thanks!

The pending CI workflows need to be triggered manually by someone with write permissions by the repo. This is a GitHub actions security feature and applied for first-time contributors to a given repository. I have triggered the workflow.

@codecov
Copy link

codecov bot commented Oct 29, 2021

Codecov Report

Merging #7548 (483f733) into master (872eff2) will increase coverage by 0.03%.
The diff coverage is 27.27%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #7548      +/-   ##
==========================================
+ Coverage   41.35%   41.39%   +0.03%     
==========================================
  Files         161      161              
  Lines       21606    21633      +27     
==========================================
+ Hits         8936     8955      +19     
- Misses      11407    11415       +8     
  Partials     1263     1263
Impacted Files Coverage Δ
util/db/db.go 84.61% <ø> (ø)
util/db/repository.go 38.46% <0.00%> (-1.54%) ⬇️
server/repository/repository.go 36.14% <60.00%> (+0.48%) ⬆️
server/application/application.go 32.18% <0.00%> (-0.12%) ⬇️
controller/appcontroller.go 53.09% <0.00%> (-0.06%) ⬇️
util/http/http.go 62.31% <0.00%> (ø)
util/argo/normalizers/corev1_known_types.go 100.00% <0.00%> (ø)
reposerver/repository/repository.go 60.69% <0.00%> (+0.04%) ⬆️
util/settings/settings.go 46.83% <0.00%> (+0.06%) ⬆️
util/argo/argo.go 64.51% <0.00%> (+0.87%) ⬆️
... and 1 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 872eff2...483f733. Read the comment docs.

@Cylix
Copy link
Contributor Author

Cylix commented Oct 29, 2021

The pending CI workflows need to be triggered manually by someone with write permissions by the repo. This is a GitHub actions security feature and applied for first-time contributors to a given repository. I have triggered the workflow.

Got it, thanks for the explanation and for triggering the pipeline!

It seems the CI passed this time around 🎉 Let me know if there is anything I should adjust (code logic, unit tests, whatever...) 🙃

@jannfis jannfis added group:hacktoberfest-2023 Hacktoberfest 2023 group:hacktoberfest-accepted Accepted Hacktoberfest contribution labels Oct 30, 2021
jannfis
jannfis approved these changes Oct 30, 2021
View reviewed changes
Copy link
Member

@jannfis jannfis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thank you @Cylix !

@jannfis jannfis merged commit f4fd836 into argoproj:master Oct 30, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jannfis jannfis jannfis approved these changes

Assignees
No one assigned
Labels
group:hacktoberfest-2023 Hacktoberfest 2023 group:hacktoberfest-accepted Accepted Hacktoberfest contribution
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Get() Repository returning confusing reply for non-existing repositories
2 participants
@Cylix @jannfis