Remove Internal from gh repo create prompt when owner is not an o…

…rg (cli#9465) * Remove `Internal` from `gh repo create` prompt when owner is not an org Closes cli#9464 Internal repos only exist for organizations, so when a user selects their personal namespace to create a repo using `gh repo create`, `Internal` should not be an option in the `Visibility` prompt. This should avoid the additional quirk where if the user selects `Internal` while creating a personal repo and then proceeds to add any of the README, .gitignore, or LICENSE files prompted for later, the repo will not error and instead get created as a `Public` repo. This has the potential for a user to unknowingly leak sensitive info intended to go into a non-public repo. * Refactor prompter with test coverage By extracting the repo visibility options to its own function, getRepoVisibilityOptions, we're able to directly test the behavior introduced with this change. This breaks the testing pattern established here thus far, but may be a good example of the direction we should explore for a future refactor. * Add failing tests to check for error with internal vis in non-org repos There is a bug in the code, currently, where a user repo can attempt to be created as with `--internal` visibility flag when that is not an option for non-org repos. It fails at the API level if the --gitignore, --license, or --add-readme flags are not included, but silently falls back to Public visibility if one of them is included. Because this bug already existed, this commit adds the tests to ensure that both scenarios described above are captured accurately by the test suite. A fix for the latter scenario will be coming in a future commit * Add Exclude to httpmock registry and implement in Test_repoCreate Upon attempting to make the previous commit pass, I realized that it was actually impossible to test what I wanted to. The tests in the previous commit were behaving as expected given the bug that commit described, but upon attempting to implement a solution I realized that the tests were only testing the mocks and not the code functionality itself. Essentially, when the code to fix the bug was implemented, the tests were failing because the mocks required to test the buggy behavior were no longer being called. To make the tests pass, I'd have to rewrite them, but were I to remove the bug fix, the tests would no longer fail. This pointed me to a gap in our httpmocks - the ability to intentionally exclude api calls. The behavior I'm trying to test, here, is that we stop executing when a certain condition is met, and therefore won't make any subsequent api calls down the chain. This implements the Exclude method on the registry such that it will fail if an excluded api pattern is called. I have refactored the tests in Test_repoCreate to use the Exclude mock for testing. * Add error if user attempts to create repo with --internal flag This was previously failing at either the API if no other flags were included or falling back to creating a public repo if one of gitignore, license, or add-readme were included. * Add testing for error messages in gh repo create In the previous commits, we've introduced a new error when a user tries to create an Internal repo not owned by an organization. This adds tests to verify that the error we are getting is, in fact, the one associated with this use case and not some random error.
Hoteld · Aug 22, 2024 · 91eb340 · 91eb340
1 parent ef9069a
commit 91eb340
Show file tree

Hide file tree

Showing 6 changed files with 106 additions and 2 deletions.
diff --git a/pkg/cmd/repo/create/create.go b/pkg/cmd/repo/create/create.go
@@ -855,7 +855,7 @@ func interactiveRepoInfo(client *http.Client, hostname string, prompter iprompte
 		return "", "", "", err
 	}
 
-	visibilityOptions := []string{"Public", "Private", "Internal"}
+	visibilityOptions := getRepoVisibilityOptions(owner)
 	selected, err := prompter.Select("Visibility", "Public", visibilityOptions)
 	if err != nil {
 		return "", "", "", err
@@ -864,6 +864,15 @@ func interactiveRepoInfo(client *http.Client, hostname string, prompter iprompte
 	return name, description, strings.ToUpper(visibilityOptions[selected]), nil
 }
 
+func getRepoVisibilityOptions(owner string) []string {
+	visibilityOptions := []string{"Public", "Private"}
+	// orgs can also create internal repos
+	if owner != "" {
+		visibilityOptions = append(visibilityOptions, "Internal")
+	}
+	return visibilityOptions
+}
+
 func interactiveRepoNameAndOwner(client *http.Client, hostname string, prompter iprompter, defaultName string) (string, string, error) {
 	name, err := prompter.Input("Repository name", defaultName)
 	if err != nil {

diff --git a/pkg/cmd/repo/create/create_test.go b/pkg/cmd/repo/create/create_test.go
@@ -866,3 +866,27 @@ func Test_createRun(t *testing.T) {
 		})
 	}
 }
+
+func Test_getRepoVisibilityOptions(t *testing.T) {
+	tests := []struct {
+		name  string
+		owner string
+		want  []string
+	}{
+		{
+			name:  "user repo",
+			owner: "",
+			want:  []string{"Public", "Private"},
+		},
+		{
+			name:  "org repo",
+			owner: "fooOrg",
+			want:  []string{"Public", "Private", "Internal"},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			assert.Equal(t, tt.want, getRepoVisibilityOptions(tt.owner))
+		})
+	}
+}
diff --git a/pkg/cmd/repo/create/http.go b/pkg/cmd/repo/create/http.go
@@ -99,6 +99,11 @@ func repoCreate(client *http.Client, hostname string, input repoCreateInput) (*a
 		isOrg = owner.IsOrganization()
 	}
 
+	isInternal := strings.ToLower(input.Visibility) == "internal"
+	if isInternal && !isOrg {
+		return nil, fmt.Errorf("internal repositories can only be created within an organization")
+	}
+
 	if input.TemplateRepositoryID != "" {
 		var response struct {
 			CloneTemplateRepository struct {

diff --git a/pkg/cmd/repo/create/http_test.go b/pkg/cmd/repo/create/http_test.go
@@ -16,6 +16,7 @@ func Test_repoCreate(t *testing.T) {
 		input    repoCreateInput
 		stubs    func(t *testing.T, r *httpmock.Registry)
 		wantErr  bool
+		errMsg   string
 		wantRepo string
 	}{
 		{
@@ -681,6 +682,51 @@ func Test_repoCreate(t *testing.T) {
 			},
 			wantRepo: "https://github.com/snacks-inc/crisps",
 		},
+		{
+			name:     "create personal repository but try to set it as 'internal'",
+			hostname: "github.com",
+			input: repoCreateInput{
+				Name:        "winter-foods",
+				Description: "roasted chestnuts",
+				HomepageURL: "http://example.com",
+				Visibility:  "internal",
+				OwnerLogin:  "OWNER",
+			},
+			wantErr: true,
+			errMsg:  "internal repositories can only be created within an organization",
+			stubs: func(t *testing.T, r *httpmock.Registry) {
+				r.Register(
+					httpmock.REST("GET", "users/OWNER"),
+					httpmock.StringResponse(`{ "node_id": "1234", "type": "Not-Org" }`))
+				r.Exclude(
+					t,
+					httpmock.GraphQL(`mutation RepositoryCreate\b`),
+				)
+			},
+		},
+		{
+			name:     "create personal repository with README but try to set it as 'internal'",
+			hostname: "github.com",
+			input: repoCreateInput{
+				Name:        "winter-foods",
+				Description: "roasted chestnuts",
+				HomepageURL: "http://example.com",
+				Visibility:  "internal",
+				OwnerLogin:  "OWNER",
+				InitReadme:  true,
+			},
+			wantErr: true,
+			errMsg:  "internal repositories can only be created within an organization",
+			stubs: func(t *testing.T, r *httpmock.Registry) {
+				r.Register(
+					httpmock.REST("GET", "users/OWNER"),
+					httpmock.StringResponse(`{ "node_id": "1234", "type": "Not-Org" }`))
+				r.Exclude(
+					t,
+					httpmock.REST("POST", "user/repos"),
+				)
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -691,6 +737,9 @@ func Test_repoCreate(t *testing.T) {
 			r, err := repoCreate(httpClient, tt.hostname, tt.input)
 			if tt.wantErr {
 				assert.Error(t, err)
+				if tt.errMsg != "" {
+					assert.ErrorContains(t, err, tt.errMsg)
+				}
 				return
 			} else {
 				assert.NoError(t, err)

diff --git a/pkg/httpmock/registry.go b/pkg/httpmock/registry.go
@@ -4,6 +4,9 @@ import (
 	"fmt"
 	"net/http"
 	"sync"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
 )
 
 // Replace http.Client transport layer with registry so all requests get
@@ -25,6 +28,18 @@ func (r *Registry) Register(m Matcher, resp Responder) {
 	})
 }
 
+func (r *Registry) Exclude(t *testing.T, m Matcher) {
+	excludedStub := &Stub{
+		Matcher: m,
+		Responder: func(req *http.Request) (*http.Response, error) {
+			assert.FailNowf(t, "Exclude error", "API called when excluded: %v", req.URL)
+			return nil, nil
+		},
+		exclude: true,
+	}
+	r.stubs = append(r.stubs, excludedStub)
+}
+
 type Testing interface {
 	Errorf(string, ...interface{})
 	Helper()
@@ -33,7 +48,7 @@ type Testing interface {
 func (r *Registry) Verify(t Testing) {
 	n := 0
 	for _, s := range r.stubs {
-		if !s.matched {
+		if !s.matched && !s.exclude {
 			n++
 		}
 	}
@@ -62,6 +77,7 @@ func (r *Registry) RoundTrip(req *http.Request) (*http.Response, error) {
 		stub = s
 		break // TODO: remove
 	}
+
 	if stub != nil {
 		stub.matched = true
 	}

diff --git a/pkg/httpmock/stub.go b/pkg/httpmock/stub.go
@@ -18,6 +18,7 @@ type Stub struct {
 	matched   bool
 	Matcher   Matcher
 	Responder Responder
+	exclude   bool
 }
 
 func MatchAny(*http.Request) bool {