(ctx context.Context, db database.Store)
| 2064 | } |
| 2065 | |
| 2066 | func isDeploymentEligibleForGithubDefaultProvider(ctx context.Context, db database.Store) (bool, error) { |
| 2067 | // We want to enable the default provider only for new deployments, and avoid |
| 2068 | // enabling it if a deployment was upgraded from an older version. |
| 2069 | // nolint:gocritic // Requires system privileges |
| 2070 | defaultEligible, err := db.GetOAuth2GithubDefaultEligible(dbauthz.AsSystemRestricted(ctx)) |
| 2071 | if err != nil && !errors.Is(err, sql.ErrNoRows) { |
| 2072 | return false, xerrors.Errorf("get github default eligible: %w", err) |
| 2073 | } |
| 2074 | defaultEligibleNotSet := errors.Is(err, sql.ErrNoRows) |
| 2075 | |
| 2076 | if defaultEligibleNotSet { |
| 2077 | // nolint:gocritic // User count requires system privileges |
| 2078 | userCount, err := db.GetUserCount(dbauthz.AsSystemRestricted(ctx), false) |
| 2079 | if err != nil { |
| 2080 | return false, xerrors.Errorf("get user count: %w", err) |
| 2081 | } |
| 2082 | // We check if a deployment is new by checking if it has any users. |
| 2083 | defaultEligible = userCount == 0 |
| 2084 | // nolint:gocritic // Requires system privileges |
| 2085 | if err := db.UpsertOAuth2GithubDefaultEligible(dbauthz.AsSystemRestricted(ctx), defaultEligible); err != nil { |
| 2086 | return false, xerrors.Errorf("upsert github default eligible: %w", err) |
| 2087 | } |
| 2088 | } |
| 2089 | |
| 2090 | return defaultEligible, nil |
| 2091 | } |
| 2092 | |
| 2093 | func maybeAppendDefaultGithubExternalAuthProvider( |
| 2094 | ctx context.Context, |
no test coverage detected