From 3cdc65f0ea9daff09f5843602fee349ef056798c Mon Sep 17 00:00:00 2001 From: Marco Franssen Date: Wed, 20 Jan 2021 20:04:30 +0100 Subject: [PATCH] Utilize an AppInstallation token to get the correct permissions --- README.md | 12 ++++++++++++ cmd/cmd_github.go | 4 +++- lib/github/app.go | 19 +++++++++++++++---- lib/github/app_test.go | 2 +- 4 files changed, 31 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 49bd3a3..92f0fcf 100644 --- a/README.md +++ b/README.md @@ -65,6 +65,18 @@ bin/tabia github --help bin/tabia github repositories --help ``` +#### Authentication + +Please note when using Github Authentication there are 2 options to authenticate. + +1. Authenticate as a Github App (your app will have to be installed in the organization) + - integration-id + - private-key +2. Authenticate using a Personal Access Token + - token + +> :warning: When authenticating as a *GitHub App* please be informed you can only fetch information from **one** organization at a time as the client will be bound to that organizations App installation. To support multiple organizations we require a refactor using a Github client per organization. + ### Output - Grimoirelab To expose the repositories in [Grimoirelab projects.json](https://github.com/chaoss/grimoirelab-sirmordred#projectsjson-) format, you can optionally provide a json file to map repositories to projects. By default the project will be mapped to the owner of the repository. Anything not matching the rules will fall back to this default. diff --git a/cmd/cmd_github.go b/cmd/cmd_github.go index e8497bd..087903a 100644 --- a/cmd/cmd_github.go +++ b/cmd/cmd_github.go @@ -161,7 +161,9 @@ func newGithubClient(c *cli.Context) (*github.Client, error) { if err != nil { return nil, err } - client, err := github.NewClientWithAppAuth(integrationID, string(privateKeyBytes), ghWriter) + org := append(c.StringSlice("owner"), c.StringSlice("organization")...) + + client, err := github.NewClientWithAppAuth(integrationID, string(privateKeyBytes), org[0], ghWriter) return client, nil } diff --git a/lib/github/app.go b/lib/github/app.go index b0db3a3..f1384b5 100644 --- a/lib/github/app.go +++ b/lib/github/app.go @@ -1,6 +1,8 @@ package github import ( + "context" + "fmt" "io" "net/http" "time" @@ -13,7 +15,7 @@ import ( // NewClientWithAppAuth creates a new client that authenticates using an app integration ID // and a app private key -func NewClientWithAppAuth(integrationID int64, privateKey string, writer io.Writer) (*Client, error) { +func NewClientWithAppAuth(integrationID int64, privateKey, organization string, writer io.Writer) (*Client, error) { config := new(githubapp.Config) config.App.IntegrationID = integrationID config.App.PrivateKey = privateKey @@ -23,20 +25,29 @@ func NewClientWithAppAuth(integrationID int64, privateKey string, writer io.Writ cc, err := githubapp.NewDefaultCachingClientCreator( *config, githubapp.WithClientUserAgent("tabia"), - githubapp.WithClientTimeout(3*time.Second), + githubapp.WithClientTimeout(10*time.Second), githubapp.WithClientCaching(false, func() httpcache.Cache { return httpcache.NewMemoryCache() }), githubapp.WithClientMiddleware(ClientLogging(writer)), ) - client, err := cc.NewAppV4Client() + appClient, err := cc.NewAppClient() if err != nil { return nil, err } - restClient, err := cc.NewAppClient() + installation, _, err := appClient.Apps.FindOrganizationInstallation(context.Background(), organization) if err != nil { return nil, err } + fmt.Println(installation) + client, err := cc.NewInstallationV4Client(*installation.ID) + if err != nil { + return nil, err + } + restClient, err := cc.NewInstallationClient(*installation.ID) + if err != nil { + return nil, err + } return &Client{nil, restClient, client}, nil } diff --git a/lib/github/app_test.go b/lib/github/app_test.go index dd905a0..8d7286c 100644 --- a/lib/github/app_test.go +++ b/lib/github/app_test.go @@ -14,7 +14,7 @@ func TestAppClient(t *testing.T) { var buf strings.Builder integrationID := int64(12345) - client, err := github.NewClientWithAppAuth(integrationID, "/path/to/rsa-private-key.pem", &buf) + client, err := github.NewClientWithAppAuth(integrationID, "/path/to/rsa-private-key.pem", "philips-labs", &buf) assert.Error(err) assert.Nil(client) }