From cc773cd151c34e02b5dd99b099e5b4a52636410f Mon Sep 17 00:00:00 2001 From: Luke Massa Date: Mon, 11 Dec 2023 22:24:38 -0500 Subject: [PATCH] feat: Remove flag for allow repo config (#3911) * Remove option to allow repo * Fix internal test * Fix fmt * Fmt * Fix rebase --------- Co-authored-by: PePe Amengual Co-authored-by: Dylan Page --- cmd/server.go | 13 - cmd/server_test.go | 1 - .../events/events_controller_e2e_test.go | 10 +- server/core/config/parser_validator_test.go | 33 +- server/core/config/valid/global_cfg.go | 48 +-- server/core/config/valid/global_cfg_test.go | 324 +++++++++--------- .../project_command_builder_internal_test.go | 18 +- server/events/project_command_builder_test.go | 92 +++-- server/events/repo_branch_test.go | 1 - server/server.go | 1 - server/user_config.go | 1 - 11 files changed, 246 insertions(+), 296 deletions(-) diff --git a/cmd/server.go b/cmd/server.go index f8d24c9e77..8d9ebd2a54 100644 --- a/cmd/server.go +++ b/cmd/server.go @@ -51,7 +51,6 @@ const ( ADHostnameFlag = "azuredevops-hostname" AllowCommandsFlag = "allow-commands" AllowForkPRsFlag = "allow-fork-prs" - AllowRepoConfigFlag = "allow-repo-config" AtlantisURLFlag = "atlantis-url" AutoDiscoverModeFlag = "autodiscover-mode" AutomergeFlag = "automerge" @@ -422,13 +421,6 @@ var boolFlags = map[string]boolFlag{ description: "Allow Atlantis to run on pull requests from forks. A security issue for public repos.", defaultValue: false, }, - AllowRepoConfigFlag: { - description: "Allow repositories to use atlantis.yaml files to customize the commands Atlantis runs." + - " Should only be enabled in a trusted environment since it enables a pull request to run arbitrary commands" + - " on the Atlantis server.", - defaultValue: false, - hidden: true, - }, AutoplanModules: { description: "Automatically plan projects that have a changed module from the local repository.", defaultValue: false, @@ -1091,11 +1083,6 @@ func (s *ServerCmd) deprecationWarnings(userConfig *server.UserConfig) error { jsonCfg += fmt.Sprintf(`, "apply_requirements":["%s"]`, strings.Join(commandReqs, "\", \"")) jsonCfg += fmt.Sprintf(`, "import_requirements":["%s"]`, strings.Join(commandReqs, "\", \"")) } - if userConfig.AllowRepoConfig { - deprecatedFlags = append(deprecatedFlags, AllowRepoConfigFlag) - yamlCfg += "\n allowed_overrides: [plan_requirements, apply_requirements, import_requirements, workflow, policy_check]\n allow_custom_workflows: true" - jsonCfg += `, "allowed_overrides":["plan_requirements","apply_requirements","import_requirements","workflow", "policy_check"], "allow_custom_workflows":true` - } jsonCfg += "}]}" if len(deprecatedFlags) > 0 { diff --git a/cmd/server_test.go b/cmd/server_test.go index 6b7cbbbbbd..e410d816b1 100644 --- a/cmd/server_test.go +++ b/cmd/server_test.go @@ -59,7 +59,6 @@ var testFlags = map[string]interface{}{ AtlantisURLFlag: "url", AllowCommandsFlag: "version,plan,apply,unlock,import,approve_policies", AllowForkPRsFlag: true, - AllowRepoConfigFlag: true, AutoDiscoverModeFlag: "auto", AutomergeFlag: true, AutoplanFileListFlag: "**/*.tf,**/*.yml", diff --git a/server/controllers/events/events_controller_e2e_test.go b/server/controllers/events/events_controller_e2e_test.go index 5dbf6089ec..fa40b764b3 100644 --- a/server/controllers/events/events_controller_e2e_test.go +++ b/server/controllers/events/events_controller_e2e_test.go @@ -1340,11 +1340,11 @@ func setupE2E(t *testing.T, repoDir string, opt setupOption) (events_controllers parser := &config.ParserValidator{} globalCfgArgs := valid.GlobalCfgArgs{ - RepoConfigFile: opt.repoConfigFile, - AllowRepoCfg: true, - MergeableReq: false, - ApprovedReq: false, - PreWorkflowHooks: preWorkflowHooks, + RepoConfigFile: opt.repoConfigFile, + AllowAllRepoSettings: true, + MergeableReq: false, + ApprovedReq: false, + PreWorkflowHooks: preWorkflowHooks, PostWorkflowHooks: []*valid.WorkflowHook{ { StepName: "global_hook", diff --git a/server/core/config/parser_validator_test.go b/server/core/config/parser_validator_test.go index 3b269695da..a70de501d8 100644 --- a/server/core/config/parser_validator_test.go +++ b/server/core/config/parser_validator_test.go @@ -16,10 +16,10 @@ import ( ) var globalCfgArgs = valid.GlobalCfgArgs{ - AllowRepoCfg: true, - MergeableReq: false, - ApprovedReq: false, - UnDivergedReq: false, + AllowAllRepoSettings: true, + MergeableReq: false, + ApprovedReq: false, + UnDivergedReq: false, } var globalCfg = valid.NewGlobalCfgFromArgs(globalCfgArgs) @@ -105,7 +105,6 @@ func TestParseCfgs_InvalidYAML(t *testing.T) { _, err = r.ParseRepoCfg(tmpDir, globalCfg, "", "") ErrContains(t, c.expErr, err) globalCfgArgs := valid.GlobalCfgArgs{ - AllowRepoCfg: false, MergeableReq: false, ApprovedReq: false, UnDivergedReq: false, @@ -1146,7 +1145,6 @@ workflows: r := config.ParserValidator{} globalCfgArgs := valid.GlobalCfgArgs{ - AllowRepoCfg: false, MergeableReq: false, ApprovedReq: false, UnDivergedReq: false, @@ -1159,7 +1157,6 @@ workflows: func TestParseGlobalCfg_NotExist(t *testing.T) { r := config.ParserValidator{} globalCfgArgs := valid.GlobalCfgArgs{ - AllowRepoCfg: false, MergeableReq: false, ApprovedReq: false, UnDivergedReq: false, @@ -1170,7 +1167,6 @@ func TestParseGlobalCfg_NotExist(t *testing.T) { func TestParseGlobalCfg(t *testing.T) { globalCfgArgs := valid.GlobalCfgArgs{ - AllowRepoCfg: false, MergeableReq: false, ApprovedReq: false, UnDivergedReq: false, @@ -1627,7 +1623,6 @@ workflows: Ok(t, os.WriteFile(path, []byte(c.input), 0600)) globalCfgArgs := valid.GlobalCfgArgs{ - AllowRepoCfg: false, MergeableReq: false, ApprovedReq: false, UnDivergedReq: false, @@ -1734,7 +1729,6 @@ func TestParserValidator_ParseGlobalCfgJSON(t *testing.T) { "empty object": { json: "{}", exp: valid.NewGlobalCfgFromArgs(valid.GlobalCfgArgs{ - AllowRepoCfg: false, MergeableReq: false, ApprovedReq: false, UnDivergedReq: false, @@ -1806,7 +1800,6 @@ func TestParserValidator_ParseGlobalCfgJSON(t *testing.T) { exp: valid.GlobalCfg{ Repos: []valid.Repo{ valid.NewGlobalCfgFromArgs(valid.GlobalCfgArgs{ - AllowRepoCfg: false, MergeableReq: false, ApprovedReq: false, UnDivergedReq: false, @@ -1831,7 +1824,6 @@ func TestParserValidator_ParseGlobalCfgJSON(t *testing.T) { }, Workflows: map[string]valid.Workflow{ "default": valid.NewGlobalCfgFromArgs(valid.GlobalCfgArgs{ - AllowRepoCfg: false, MergeableReq: false, ApprovedReq: false, UnDivergedReq: false, @@ -1857,7 +1849,6 @@ func TestParserValidator_ParseGlobalCfgJSON(t *testing.T) { t.Run(name, func(t *testing.T) { pv := &config.ParserValidator{} globalCfgArgs := valid.GlobalCfgArgs{ - AllowRepoCfg: false, MergeableReq: false, ApprovedReq: false, UnDivergedReq: false, @@ -1922,10 +1913,10 @@ func TestParseRepoCfg_V2ShellParsing(t *testing.T) { p := &config.ParserValidator{} globalCfgArgs := valid.GlobalCfgArgs{ - AllowRepoCfg: true, - MergeableReq: false, - ApprovedReq: false, - UnDivergedReq: false, + AllowAllRepoSettings: true, + MergeableReq: false, + ApprovedReq: false, + UnDivergedReq: false, } v2Cfg, err := p.ParseRepoCfg(v2Dir, valid.NewGlobalCfgFromArgs(globalCfgArgs), "", "") if c.expV2Err != "" { @@ -1936,10 +1927,10 @@ func TestParseRepoCfg_V2ShellParsing(t *testing.T) { Equals(t, c.expV2, v2Cfg.Workflows["custom"].Apply.Steps[0].RunCommand) } globalCfgArgs = valid.GlobalCfgArgs{ - AllowRepoCfg: true, - MergeableReq: false, - ApprovedReq: false, - UnDivergedReq: false, + AllowAllRepoSettings: true, + MergeableReq: false, + ApprovedReq: false, + UnDivergedReq: false, } v3Cfg, err := p.ParseRepoCfg(v3Dir, valid.NewGlobalCfgFromArgs(globalCfgArgs), "", "") Ok(t, err) diff --git a/server/core/config/valid/global_cfg.go b/server/core/config/valid/global_cfg.go index d2dabd2f89..951491256c 100644 --- a/server/core/config/valid/global_cfg.go +++ b/server/core/config/valid/global_cfg.go @@ -174,42 +174,18 @@ var DefaultStateRmStage = Stage{ }, } -// Deprecated: use NewGlobalCfgFromArgs -func NewGlobalCfgWithHooks(allowRepoCfg bool, mergeableReq bool, approvedReq bool, unDivergedReq bool, preWorkflowHooks []*WorkflowHook, postWorkflowHooks []*WorkflowHook) GlobalCfg { - return NewGlobalCfgFromArgs(GlobalCfgArgs{ - AllowRepoCfg: allowRepoCfg, - MergeableReq: mergeableReq, - ApprovedReq: approvedReq, - UnDivergedReq: unDivergedReq, - PreWorkflowHooks: preWorkflowHooks, - PostWorkflowHooks: postWorkflowHooks, - }) -} - -// NewGlobalCfg returns a global config that respects the parameters. -// allowRepoCfg is true if users want to allow repos full config functionality. -// mergeableReq is true if users want to set the mergeable apply requirement -// for all repos. -// approvedReq is true if users want to set the approved apply requirement -// for all repos. -// Deprecated: use NewGlobalCfgFromArgs -func NewGlobalCfg(allowRepoCfg bool, mergeableReq bool, approvedReq bool) GlobalCfg { - return NewGlobalCfgFromArgs(GlobalCfgArgs{ - AllowRepoCfg: allowRepoCfg, - MergeableReq: mergeableReq, - ApprovedReq: approvedReq, - }) -} - type GlobalCfgArgs struct { - RepoConfigFile string - AllowRepoCfg bool - MergeableReq bool - ApprovedReq bool - UnDivergedReq bool - PolicyCheckEnabled bool - PreWorkflowHooks []*WorkflowHook - PostWorkflowHooks []*WorkflowHook + RepoConfigFile string + // No longer a user option as of https://github.com/runatlantis/atlantis/pull/3911, + // but useful for tests to set to true to not require enumeration of allowed settings + // on the repo side + AllowAllRepoSettings bool + MergeableReq bool + ApprovedReq bool + UnDivergedReq bool + PolicyCheckEnabled bool + PreWorkflowHooks []*WorkflowHook + PostWorkflowHooks []*WorkflowHook } func NewGlobalCfgFromArgs(args GlobalCfgArgs) GlobalCfg { @@ -246,7 +222,7 @@ func NewGlobalCfgFromArgs(args GlobalCfgArgs) GlobalCfg { repoLockingKey := true customPolicyCheck := false autoDiscover := AutoDiscover{Mode: AutoDiscoverAutoMode} - if args.AllowRepoCfg { + if args.AllowAllRepoSettings { allowedOverrides = []string{PlanRequirementsKey, ApplyRequirementsKey, ImportRequirementsKey, WorkflowKey, DeleteSourceBranchOnMergeKey, RepoLockingKey, PolicyCheckKey} allowCustomWorkflows = true } diff --git a/server/core/config/valid/global_cfg_test.go b/server/core/config/valid/global_cfg_test.go index e0c7d1ec6b..a69e86143a 100644 --- a/server/core/config/valid/global_cfg_test.go +++ b/server/core/config/valid/global_cfg_test.go @@ -92,115 +92,115 @@ func TestNewGlobalCfg(t *testing.T) { } cases := []struct { - allowRepoCfg bool - approvedReq bool - mergeableReq bool - unDivergedReq bool - policyCheckEnabled bool + allowAllRepoSettings bool + approvedReq bool + mergeableReq bool + unDivergedReq bool + policyCheckEnabled bool }{ { - allowRepoCfg: false, - approvedReq: false, - mergeableReq: false, - unDivergedReq: false, - policyCheckEnabled: false, + allowAllRepoSettings: false, + approvedReq: false, + mergeableReq: false, + unDivergedReq: false, + policyCheckEnabled: false, }, { - allowRepoCfg: true, - approvedReq: false, - mergeableReq: false, - unDivergedReq: false, - policyCheckEnabled: false, + allowAllRepoSettings: true, + approvedReq: false, + mergeableReq: false, + unDivergedReq: false, + policyCheckEnabled: false, }, { - allowRepoCfg: false, - approvedReq: true, - mergeableReq: false, - unDivergedReq: false, - policyCheckEnabled: false, + allowAllRepoSettings: false, + approvedReq: true, + mergeableReq: false, + unDivergedReq: false, + policyCheckEnabled: false, }, { - allowRepoCfg: false, - approvedReq: false, - mergeableReq: true, - unDivergedReq: false, - policyCheckEnabled: false, + allowAllRepoSettings: false, + approvedReq: false, + mergeableReq: true, + unDivergedReq: false, + policyCheckEnabled: false, }, { - allowRepoCfg: false, - approvedReq: true, - mergeableReq: true, - unDivergedReq: false, - policyCheckEnabled: false, + allowAllRepoSettings: false, + approvedReq: true, + mergeableReq: true, + unDivergedReq: false, + policyCheckEnabled: false, }, { - allowRepoCfg: true, - approvedReq: true, - mergeableReq: true, - unDivergedReq: false, - policyCheckEnabled: false, + allowAllRepoSettings: true, + approvedReq: true, + mergeableReq: true, + unDivergedReq: false, + policyCheckEnabled: false, }, { - allowRepoCfg: false, - approvedReq: false, - mergeableReq: false, - unDivergedReq: true, - policyCheckEnabled: false, + allowAllRepoSettings: false, + approvedReq: false, + mergeableReq: false, + unDivergedReq: true, + policyCheckEnabled: false, }, { - allowRepoCfg: true, - approvedReq: false, - mergeableReq: false, - unDivergedReq: true, - policyCheckEnabled: false, + allowAllRepoSettings: true, + approvedReq: false, + mergeableReq: false, + unDivergedReq: true, + policyCheckEnabled: false, }, { - allowRepoCfg: false, - approvedReq: true, - mergeableReq: false, - unDivergedReq: true, - policyCheckEnabled: false, + allowAllRepoSettings: false, + approvedReq: true, + mergeableReq: false, + unDivergedReq: true, + policyCheckEnabled: false, }, { - allowRepoCfg: false, - approvedReq: false, - mergeableReq: true, - unDivergedReq: true, - policyCheckEnabled: false, + allowAllRepoSettings: false, + approvedReq: false, + mergeableReq: true, + unDivergedReq: true, + policyCheckEnabled: false, }, { - allowRepoCfg: false, - approvedReq: true, - mergeableReq: true, - unDivergedReq: true, - policyCheckEnabled: false, + allowAllRepoSettings: false, + approvedReq: true, + mergeableReq: true, + unDivergedReq: true, + policyCheckEnabled: false, }, { - allowRepoCfg: true, - approvedReq: true, - mergeableReq: true, - unDivergedReq: true, - policyCheckEnabled: false, + allowAllRepoSettings: true, + approvedReq: true, + mergeableReq: true, + unDivergedReq: true, + policyCheckEnabled: false, }, { - allowRepoCfg: true, - approvedReq: true, - mergeableReq: true, - unDivergedReq: true, - policyCheckEnabled: true, + allowAllRepoSettings: true, + approvedReq: true, + mergeableReq: true, + unDivergedReq: true, + policyCheckEnabled: true, }, } for _, c := range cases { caseName := fmt.Sprintf("allow_repo: %t, approved: %t, mergeable: %t, undiverged: %t, policy_check: %t", - c.allowRepoCfg, c.approvedReq, c.mergeableReq, c.unDivergedReq, c.policyCheckEnabled) + c.allowAllRepoSettings, c.approvedReq, c.mergeableReq, c.unDivergedReq, c.policyCheckEnabled) t.Run(caseName, func(t *testing.T) { globalCfgArgs := valid.GlobalCfgArgs{ - AllowRepoCfg: c.allowRepoCfg, - MergeableReq: c.mergeableReq, - ApprovedReq: c.approvedReq, - UnDivergedReq: c.unDivergedReq, - PolicyCheckEnabled: c.policyCheckEnabled, + AllowAllRepoSettings: c.allowAllRepoSettings, + MergeableReq: c.mergeableReq, + ApprovedReq: c.approvedReq, + UnDivergedReq: c.unDivergedReq, + PolicyCheckEnabled: c.policyCheckEnabled, } act := valid.NewGlobalCfgFromArgs(globalCfgArgs) @@ -209,7 +209,7 @@ func TestNewGlobalCfg(t *testing.T) { exp.Repos[0].IDRegex = regexp.MustCompile(".*") // deepcopy doesn't copy the regex. exp.Repos[0].BranchRegex = regexp.MustCompile(".*") - if c.allowRepoCfg { + if c.allowAllRepoSettings { exp.Repos[0].AllowCustomWorkflows = Bool(true) exp.Repos[0].AllowedOverrides = []string{"plan_requirements", "apply_requirements", "import_requirements", "workflow", "delete_source_branch_on_merge", "repo_locking", "policy_check"} } @@ -264,10 +264,10 @@ func TestGlobalCfg_ValidateRepoCfg(t *testing.T) { gCfg: valid.GlobalCfg{ Repos: []valid.Repo{ valid.NewGlobalCfgFromArgs(valid.GlobalCfgArgs{ - AllowRepoCfg: true, - MergeableReq: false, - ApprovedReq: false, - UnDivergedReq: false, + AllowAllRepoSettings: true, + MergeableReq: false, + ApprovedReq: false, + UnDivergedReq: false, }).Repos[0], { ID: "github.com/owner/repo", @@ -297,10 +297,10 @@ func TestGlobalCfg_ValidateRepoCfg(t *testing.T) { gCfg: valid.GlobalCfg{ Repos: []valid.Repo{ valid.NewGlobalCfgFromArgs(valid.GlobalCfgArgs{ - AllowRepoCfg: true, - MergeableReq: false, - ApprovedReq: false, - UnDivergedReq: false, + AllowAllRepoSettings: true, + MergeableReq: false, + ApprovedReq: false, + UnDivergedReq: false, }).Repos[0], { ID: "github.com/owner/repo", @@ -330,10 +330,10 @@ func TestGlobalCfg_ValidateRepoCfg(t *testing.T) { gCfg: valid.GlobalCfg{ Repos: []valid.Repo{ valid.NewGlobalCfgFromArgs(valid.GlobalCfgArgs{ - AllowRepoCfg: true, - MergeableReq: false, - ApprovedReq: false, - UnDivergedReq: false, + AllowAllRepoSettings: true, + MergeableReq: false, + ApprovedReq: false, + UnDivergedReq: false, }).Repos[0], { ID: "github.com/owner/repo", @@ -365,10 +365,10 @@ func TestGlobalCfg_ValidateRepoCfg(t *testing.T) { gCfg: valid.GlobalCfg{ Repos: []valid.Repo{ valid.NewGlobalCfgFromArgs(valid.GlobalCfgArgs{ - AllowRepoCfg: true, - MergeableReq: false, - ApprovedReq: false, - UnDivergedReq: false, + AllowAllRepoSettings: true, + MergeableReq: false, + ApprovedReq: false, + UnDivergedReq: false, }).Repos[0], { ID: "github.com/owner/repo", @@ -400,10 +400,10 @@ func TestGlobalCfg_ValidateRepoCfg(t *testing.T) { gCfg: valid.GlobalCfg{ Repos: []valid.Repo{ valid.NewGlobalCfgFromArgs(valid.GlobalCfgArgs{ - AllowRepoCfg: true, - MergeableReq: false, - ApprovedReq: false, - UnDivergedReq: false, + AllowAllRepoSettings: true, + MergeableReq: false, + ApprovedReq: false, + UnDivergedReq: false, }).Repos[0], { ID: "github.com/owner/repo", @@ -433,10 +433,10 @@ func TestGlobalCfg_ValidateRepoCfg(t *testing.T) { gCfg: valid.GlobalCfg{ Repos: []valid.Repo{ valid.NewGlobalCfgFromArgs(valid.GlobalCfgArgs{ - AllowRepoCfg: true, - MergeableReq: false, - ApprovedReq: false, - UnDivergedReq: false, + AllowAllRepoSettings: true, + MergeableReq: false, + ApprovedReq: false, + UnDivergedReq: false, }).Repos[0], { ID: "github.com/owner/repo", @@ -464,10 +464,10 @@ func TestGlobalCfg_ValidateRepoCfg(t *testing.T) { }, "workflow not allowed": { gCfg: valid.NewGlobalCfgFromArgs(valid.GlobalCfgArgs{ - AllowRepoCfg: false, - MergeableReq: false, - ApprovedReq: false, - UnDivergedReq: false, + AllowAllRepoSettings: false, + MergeableReq: false, + ApprovedReq: false, + UnDivergedReq: false, }), rCfg: valid.RepoCfg{ Projects: []valid.Project{ @@ -481,10 +481,10 @@ func TestGlobalCfg_ValidateRepoCfg(t *testing.T) { }, "custom workflows not allowed": { gCfg: valid.NewGlobalCfgFromArgs(valid.GlobalCfgArgs{ - AllowRepoCfg: false, - MergeableReq: false, - ApprovedReq: false, - UnDivergedReq: false, + AllowAllRepoSettings: false, + MergeableReq: false, + ApprovedReq: false, + UnDivergedReq: false, }), rCfg: valid.RepoCfg{ Workflows: map[string]valid.Workflow{ @@ -496,10 +496,10 @@ func TestGlobalCfg_ValidateRepoCfg(t *testing.T) { }, "custom workflows allowed": { gCfg: valid.NewGlobalCfgFromArgs(valid.GlobalCfgArgs{ - AllowRepoCfg: true, - MergeableReq: false, - ApprovedReq: false, - UnDivergedReq: false, + AllowAllRepoSettings: true, + MergeableReq: false, + ApprovedReq: false, + UnDivergedReq: false, }), rCfg: valid.RepoCfg{ Workflows: map[string]valid.Workflow{ @@ -511,10 +511,10 @@ func TestGlobalCfg_ValidateRepoCfg(t *testing.T) { }, "repo uses custom workflow defined on repo": { gCfg: valid.NewGlobalCfgFromArgs(valid.GlobalCfgArgs{ - AllowRepoCfg: true, - MergeableReq: false, - ApprovedReq: false, - UnDivergedReq: false, + AllowAllRepoSettings: true, + MergeableReq: false, + ApprovedReq: false, + UnDivergedReq: false, }), rCfg: valid.RepoCfg{ Projects: []valid.Project{ @@ -535,10 +535,10 @@ func TestGlobalCfg_ValidateRepoCfg(t *testing.T) { gCfg: valid.GlobalCfg{ Repos: []valid.Repo{ valid.NewGlobalCfgFromArgs(valid.GlobalCfgArgs{ - AllowRepoCfg: false, - MergeableReq: false, - ApprovedReq: false, - UnDivergedReq: false, + AllowAllRepoSettings: false, + MergeableReq: false, + ApprovedReq: false, + UnDivergedReq: false, }).Repos[0], { ID: "github.com/owner/repo", @@ -556,10 +556,10 @@ func TestGlobalCfg_ValidateRepoCfg(t *testing.T) { }, "repo uses global workflow": { gCfg: valid.NewGlobalCfgFromArgs(valid.GlobalCfgArgs{ - AllowRepoCfg: true, - MergeableReq: false, - ApprovedReq: false, - UnDivergedReq: false, + AllowAllRepoSettings: true, + MergeableReq: false, + ApprovedReq: false, + UnDivergedReq: false, }), rCfg: valid.RepoCfg{ Projects: []valid.Project{ @@ -575,10 +575,10 @@ func TestGlobalCfg_ValidateRepoCfg(t *testing.T) { }, "plan_reqs not allowed": { gCfg: valid.NewGlobalCfgFromArgs(valid.GlobalCfgArgs{ - AllowRepoCfg: false, - MergeableReq: false, - ApprovedReq: false, - UnDivergedReq: false, + AllowAllRepoSettings: false, + MergeableReq: false, + ApprovedReq: false, + UnDivergedReq: false, }), rCfg: valid.RepoCfg{ Projects: []valid.Project{ @@ -594,10 +594,10 @@ func TestGlobalCfg_ValidateRepoCfg(t *testing.T) { }, "apply_reqs not allowed": { gCfg: valid.NewGlobalCfgFromArgs(valid.GlobalCfgArgs{ - AllowRepoCfg: false, - MergeableReq: false, - ApprovedReq: false, - UnDivergedReq: false, + AllowAllRepoSettings: false, + MergeableReq: false, + ApprovedReq: false, + UnDivergedReq: false, }), rCfg: valid.RepoCfg{ Projects: []valid.Project{ @@ -613,10 +613,10 @@ func TestGlobalCfg_ValidateRepoCfg(t *testing.T) { }, "import_reqs not allowed": { gCfg: valid.NewGlobalCfgFromArgs(valid.GlobalCfgArgs{ - AllowRepoCfg: false, - MergeableReq: false, - ApprovedReq: false, - UnDivergedReq: false, + AllowAllRepoSettings: false, + MergeableReq: false, + ApprovedReq: false, + UnDivergedReq: false, }), rCfg: valid.RepoCfg{ Projects: []valid.Project{ @@ -632,10 +632,10 @@ func TestGlobalCfg_ValidateRepoCfg(t *testing.T) { }, "repo workflow doesn't exist": { gCfg: valid.NewGlobalCfgFromArgs(valid.GlobalCfgArgs{ - AllowRepoCfg: true, - MergeableReq: false, - ApprovedReq: false, - UnDivergedReq: false, + AllowAllRepoSettings: true, + MergeableReq: false, + ApprovedReq: false, + UnDivergedReq: false, }), rCfg: valid.RepoCfg{ Projects: []valid.Project{ @@ -777,19 +777,19 @@ policies: Ok(t, os.WriteFile(path, []byte(c.gCfg), 0600)) var err error globalCfgArgs := valid.GlobalCfgArgs{ - AllowRepoCfg: false, - MergeableReq: false, - ApprovedReq: false, - UnDivergedReq: false, + AllowAllRepoSettings: false, + MergeableReq: false, + ApprovedReq: false, + UnDivergedReq: false, } global, err = (&config.ParserValidator{}).ParseGlobalCfg(path, valid.NewGlobalCfgFromArgs(globalCfgArgs)) Ok(t, err) } else { globalCfgArgs := valid.GlobalCfgArgs{ - AllowRepoCfg: false, - MergeableReq: false, - ApprovedReq: false, - UnDivergedReq: false, + AllowAllRepoSettings: false, + MergeableReq: false, + ApprovedReq: false, + UnDivergedReq: false, } global = valid.NewGlobalCfgFromArgs(globalCfgArgs) } @@ -1149,20 +1149,20 @@ repos: Ok(t, os.WriteFile(path, []byte(c.gCfg), 0600)) var err error globalCfgArgs := valid.GlobalCfgArgs{ - AllowRepoCfg: false, - MergeableReq: false, - ApprovedReq: false, - UnDivergedReq: false, + AllowAllRepoSettings: false, + MergeableReq: false, + ApprovedReq: false, + UnDivergedReq: false, } global, err = (&config.ParserValidator{}).ParseGlobalCfg(path, valid.NewGlobalCfgFromArgs(globalCfgArgs)) Ok(t, err) } else { globalCfgArgs := valid.GlobalCfgArgs{ - AllowRepoCfg: false, - MergeableReq: false, - ApprovedReq: false, - UnDivergedReq: false, + AllowAllRepoSettings: false, + MergeableReq: false, + ApprovedReq: false, + UnDivergedReq: false, } global = valid.NewGlobalCfgFromArgs(globalCfgArgs) } @@ -1506,11 +1506,11 @@ repos: Ok(t, os.WriteFile(path, []byte(c.gCfg), 0600)) var err error globalCfgArgs := valid.GlobalCfgArgs{ - AllowRepoCfg: false, - MergeableReq: false, - ApprovedReq: false, - UnDivergedReq: false, - PolicyCheckEnabled: c.gPolicyCheck, + AllowAllRepoSettings: false, + MergeableReq: false, + ApprovedReq: false, + UnDivergedReq: false, + PolicyCheckEnabled: c.gPolicyCheck, } global, err = (&config.ParserValidator{}).ParseGlobalCfg(path, valid.NewGlobalCfgFromArgs(globalCfgArgs)) diff --git a/server/events/project_command_builder_internal_test.go b/server/events/project_command_builder_internal_test.go index 0b5f6c62eb..7fab0360aa 100644 --- a/server/events/project_command_builder_internal_test.go +++ b/server/events/project_command_builder_internal_test.go @@ -639,7 +639,6 @@ projects: Ok(t, os.WriteFile(globalCfgPath, []byte(c.globalCfg), 0600)) parser := &config.ParserValidator{} globalCfgArgs := valid.GlobalCfgArgs{ - AllowRepoCfg: false, MergeableReq: false, ApprovedReq: false, UnDivergedReq: false, @@ -857,7 +856,12 @@ projects: globalCfgPath := filepath.Join(tmp, "global.yaml") Ok(t, os.WriteFile(globalCfgPath, []byte(c.globalCfg), 0600)) parser := &config.ParserValidator{} - globalCfg, err := parser.ParseGlobalCfg(globalCfgPath, valid.NewGlobalCfg(false, false, false)) + globalCfgArgs := valid.GlobalCfgArgs{ + MergeableReq: false, + ApprovedReq: false, + UnDivergedReq: false, + } + globalCfg, err := parser.ParseGlobalCfg(globalCfgPath, valid.NewGlobalCfgFromArgs(globalCfgArgs)) Ok(t, err) if c.repoCfg != "" { @@ -1102,7 +1106,6 @@ workflows: Ok(t, os.WriteFile(globalCfgPath, []byte(c.globalCfg), 0600)) parser := &config.ParserValidator{} globalCfgArgs := valid.GlobalCfgArgs{ - AllowRepoCfg: false, MergeableReq: false, ApprovedReq: false, UnDivergedReq: false, @@ -1260,7 +1263,6 @@ projects: Ok(t, os.WriteFile(globalCfgPath, []byte(globalCfg), 0600)) parser := &config.ParserValidator{} globalCfgArgs := valid.GlobalCfgArgs{ - AllowRepoCfg: false, MergeableReq: false, ApprovedReq: false, UnDivergedReq: false, @@ -1404,10 +1406,10 @@ projects: Ok(t, os.WriteFile(globalCfgPath, []byte(c.globalCfg), 0600)) parser := &config.ParserValidator{} globalCfgArgs := valid.GlobalCfgArgs{ - AllowRepoCfg: false, - MergeableReq: false, - ApprovedReq: false, - UnDivergedReq: false, + AllowAllRepoSettings: false, + MergeableReq: false, + ApprovedReq: false, + UnDivergedReq: false, } globalCfg, err := parser.ParseGlobalCfg(globalCfgPath, valid.NewGlobalCfgFromArgs(globalCfgArgs)) diff --git a/server/events/project_command_builder_test.go b/server/events/project_command_builder_test.go index 2100c4a6cf..054774dd23 100644 --- a/server/events/project_command_builder_test.go +++ b/server/events/project_command_builder_test.go @@ -170,7 +170,6 @@ projects: } globalCfgArgs := valid.GlobalCfgArgs{ - AllowRepoCfg: false, MergeableReq: false, ApprovedReq: false, UnDivergedReq: false, @@ -525,10 +524,10 @@ projects: } globalCfgArgs := valid.GlobalCfgArgs{ - AllowRepoCfg: true, - MergeableReq: false, - ApprovedReq: false, - UnDivergedReq: false, + AllowAllRepoSettings: true, + MergeableReq: false, + ApprovedReq: false, + UnDivergedReq: false, } terraformClient := terraform_mocks.NewMockClient() @@ -716,10 +715,10 @@ projects: } globalCfgArgs := valid.GlobalCfgArgs{ - AllowRepoCfg: true, - MergeableReq: false, - ApprovedReq: false, - UnDivergedReq: false, + AllowAllRepoSettings: true, + MergeableReq: false, + ApprovedReq: false, + UnDivergedReq: false, } terraformClient := terraform_mocks.NewMockClient() @@ -1048,10 +1047,10 @@ projects: } globalCfgArgs := valid.GlobalCfgArgs{ - AllowRepoCfg: true, - MergeableReq: false, - ApprovedReq: false, - UnDivergedReq: false, + AllowAllRepoSettings: true, + MergeableReq: false, + ApprovedReq: false, + UnDivergedReq: false, } terraformClient := terraform_mocks.NewMockClient() @@ -1152,7 +1151,6 @@ func TestDefaultProjectCommandBuilder_BuildMultiApply(t *testing.T) { userConfig := defaultUserConfig globalCfgArgs := valid.GlobalCfgArgs{ - AllowRepoCfg: false, MergeableReq: false, ApprovedReq: false, UnDivergedReq: false, @@ -1246,10 +1244,10 @@ projects: Any[string]())).ThenReturn(repoDir, nil) globalCfgArgs := valid.GlobalCfgArgs{ - AllowRepoCfg: true, - MergeableReq: false, - ApprovedReq: false, - UnDivergedReq: false, + AllowAllRepoSettings: true, + MergeableReq: false, + ApprovedReq: false, + UnDivergedReq: false, } logger := logging.NewNoopLogger(t) scope, _, _ := metrics.NewLoggingScope(logger, "atlantis") @@ -1340,10 +1338,10 @@ func TestDefaultProjectCommandBuilder_EscapeArgs(t *testing.T) { When(vcsClient.GetModifiedFiles(Any[models.Repo](), Any[models.PullRequest]())).ThenReturn([]string{"main.tf"}, nil) globalCfgArgs := valid.GlobalCfgArgs{ - AllowRepoCfg: true, - MergeableReq: false, - ApprovedReq: false, - UnDivergedReq: false, + AllowAllRepoSettings: true, + MergeableReq: false, + ApprovedReq: false, + UnDivergedReq: false, } terraformClient := terraform_mocks.NewMockClient() @@ -1504,10 +1502,10 @@ projects: Any[string]())).ThenReturn(tmpDir, nil) globalCfgArgs := valid.GlobalCfgArgs{ - AllowRepoCfg: true, - MergeableReq: false, - ApprovedReq: false, - UnDivergedReq: false, + AllowAllRepoSettings: true, + MergeableReq: false, + ApprovedReq: false, + UnDivergedReq: false, } terraformClient := terraform_mocks.NewMockClient() @@ -1625,10 +1623,10 @@ projects: logger := logging.NewNoopLogger(t) globalCfgArgs := valid.GlobalCfgArgs{ - AllowRepoCfg: true, - MergeableReq: false, - ApprovedReq: false, - UnDivergedReq: false, + AllowAllRepoSettings: true, + MergeableReq: false, + ApprovedReq: false, + UnDivergedReq: false, } scope, _, _ := metrics.NewLoggingScope(logger, "atlantis") terraformClient := terraform_mocks.NewMockClient() @@ -1694,11 +1692,11 @@ func TestDefaultProjectCommandBuilder_WithPolicyCheckEnabled_BuildAutoplanComman When(vcsClient.GetModifiedFiles(Any[models.Repo](), Any[models.PullRequest]())).ThenReturn([]string{"main.tf"}, nil) globalCfgArgs := valid.GlobalCfgArgs{ - AllowRepoCfg: false, - MergeableReq: false, - ApprovedReq: false, - UnDivergedReq: false, - PolicyCheckEnabled: true, + AllowAllRepoSettings: false, + MergeableReq: false, + ApprovedReq: false, + UnDivergedReq: false, + PolicyCheckEnabled: true, } globalCfg := valid.NewGlobalCfgFromArgs(globalCfgArgs) @@ -1790,10 +1788,10 @@ func TestDefaultProjectCommandBuilder_BuildVersionCommand(t *testing.T) { userConfig := defaultUserConfig globalCfgArgs := valid.GlobalCfgArgs{ - AllowRepoCfg: false, - MergeableReq: false, - ApprovedReq: false, - UnDivergedReq: false, + AllowAllRepoSettings: false, + MergeableReq: false, + ApprovedReq: false, + UnDivergedReq: false, } terraformClient := terraform_mocks.NewMockClient() When(terraformClient.ListAvailableVersions(Any[logging.SimpleLogging]())).ThenReturn([]string{}, nil) @@ -1899,10 +1897,10 @@ func TestDefaultProjectCommandBuilder_BuildPlanCommands_Single_With_RestrictFile } globalCfgArgs := valid.GlobalCfgArgs{ - AllowRepoCfg: true, - MergeableReq: false, - ApprovedReq: false, - UnDivergedReq: false, + AllowAllRepoSettings: true, + MergeableReq: false, + ApprovedReq: false, + UnDivergedReq: false, } logger := logging.NewNoopLogger(t) @@ -2012,10 +2010,10 @@ func TestDefaultProjectCommandBuilder_BuildPlanCommands_with_IncludeGitUntracked } globalCfgArgs := valid.GlobalCfgArgs{ - AllowRepoCfg: true, - MergeableReq: false, - ApprovedReq: false, - UnDivergedReq: false, + AllowAllRepoSettings: true, + MergeableReq: false, + ApprovedReq: false, + UnDivergedReq: false, } logger := logging.NewNoopLogger(t) diff --git a/server/events/repo_branch_test.go b/server/events/repo_branch_test.go index 88cb02aea1..b3ceff16ea 100644 --- a/server/events/repo_branch_test.go +++ b/server/events/repo_branch_test.go @@ -68,7 +68,6 @@ projects: require.NoError(t, err) globalCfgArgs := valid.GlobalCfgArgs{ - AllowRepoCfg: false, MergeableReq: false, ApprovedReq: false, UnDivergedReq: false, diff --git a/server/server.go b/server/server.go index abe07b76f2..8d05a4633b 100644 --- a/server/server.go +++ b/server/server.go @@ -198,7 +198,6 @@ func NewServer(userConfig UserConfig, config Config) (*Server, error) { globalCfg := valid.NewGlobalCfgFromArgs( valid.GlobalCfgArgs{ - AllowRepoCfg: userConfig.AllowRepoConfig, MergeableReq: userConfig.RequireMergeable, ApprovedReq: userConfig.RequireApproval, UnDivergedReq: userConfig.RequireUnDiverged, diff --git a/server/user_config.go b/server/user_config.go index 219730c571..3c533d1b83 100644 --- a/server/user_config.go +++ b/server/user_config.go @@ -12,7 +12,6 @@ import ( // the config is parsed from a YAML file. type UserConfig struct { AllowForkPRs bool `mapstructure:"allow-fork-prs"` - AllowRepoConfig bool `mapstructure:"allow-repo-config"` AllowCommands string `mapstructure:"allow-commands"` AtlantisURL string `mapstructure:"atlantis-url"` AutoDiscoverModeFlag string `mapstructure:"autodiscover-mode"`