Skip to content

enterprise: Allow all org members to access internal repos when groupsCache is enabled

Administrator requested to merge ig/internal-repo-integration-tests into main

Created by: indradhanush

This PR gets us close towards resolution of #25904.

What are the changes in this PR

In this PR, we leverage the previously added GitHub client method ListOrganizations to fetch all members of all organizations during repo permissions syncing iff groupsCacheTTL is enabled in the provider's config. This ensures that internal repo ids are added to the permissions bitmap when a full repo permissions sync is complete.

Limitations

After adding integration tests for a full permissions sync for internal repos, user permissions sync overwrites the repo permissions sync because the GitHub repos API does not return any internal repos that belong to an organization that the user is not a part of. This means, with this PR, repo permissions sync will write the correct permissions bit but it will be overwritten as soon as the user permissions sync step runs again. I have a test case to validate this (commented out to make the build pass).

This PR will not completely resolve #25904 yet.

Note to reviewers

I would like to get this merged provided there are no big blockers. I will follow up with successive PRs to address the limitation summarized above. For now, it will be safe to merge this since all of this code is guarded behind a feature flag.

Test plan

Added integration tests.

Merge request reports

Loading