gabriel-samfira
commented
7 months ago Pfu. The generated code is really bumping up the line count :sweat_smile:
Closed gabriel-samfira closed 6 months ago
gabriel-samfira
commented
7 months ago Pfu. The generated code is really bumping up the line count :sweat_smile:
This change is part of a larger effort to allow GARM to eventually scale out to multiple instances. The goal is to move as much of the config as possible to the database, allowing a single source of truth for state among multiple instances.
This change also allows us to properly enforce relations between entities (repos, orgs, enterprises), github installations (GHES/github.com) and credentials. This way, we don't end up in an inconsistent state if the credentials are removed from the config, but they're still referenced for an entity in the database.
As part of this change, we aim to maintain as much of the existing user facing API as possible, and also automatically migrate the existing config credentials to the database. The migration is done once, when GARM detects that the needed DB tables are not there. After that, migration is skipped and any credential handling will need to be done using the CLI.
Credentials are scoped to users, and must have a unique name. Different users will be able to create credentials with the same name. The same user will not be able to create multiple credentials with the same name. Although GARM doesn't support multiple users (yet), it may do so in the future. Given the pain of moving the credentials to the DB, this was a decision that was meant to spare us the pain of refactoring later.
Credentials are still referenced by name when assigning them to the entity, but internally we query the DB for a user/credentials combo, given that we have the user ID already stored for the authenticated user, in the context we pass along throughout the code base.
A few more commits are needed to expose an API for handling credentials and to add tests for all the new bits.