[wip] removed pointers to repository interface, added authn and authn testing suite

api/server/authn/handler.go

@@ -0,0 +1,148 @@
+package authn
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"strings"
+
+	"github.com/porter-dev/porter/api/server/shared"
+	"github.com/porter-dev/porter/api/server/shared/apierrors"
+	"github.com/porter-dev/porter/api/types"
+	"github.com/porter-dev/porter/internal/auth/token"
+)
+
+// AuthNFactory generates a middleware handler `AuthN`
+type AuthNFactory struct {
+	config *shared.Config
+}
+
+// NewAuthNFactory returns an `AuthNFactory` that uses the passed-in server
+// config
+func NewAuthNFactory(
+	config *shared.Config,
+) *AuthNFactory {
+	return &AuthNFactory{config}
+}
+
+// NewAuthenticated creates a new instance of `AuthN` that implements the http.Handler
+// interface.
+func (f *AuthNFactory) NewAuthenticated(next http.Handler) http.Handler {
+	return &AuthN{next, f.config}
+}
+
+// AuthN implements the authentication middleware
+type AuthN struct {
+	next   http.Handler
+	config *shared.Config
+}
+
+// ServeHTTP attaches an authenticated subject to the request context,
+// or serves a forbidden error. If authenticated, it calls the next handler.
+//
+// A token can either be issued for a specific project id or for a user. In the case
+// of a project id, we attach a service account to the context. In the case of a
+// user, we attach that user to the context.
+func (authn *AuthN) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	// first check for a bearer token
+	tok, err := authn.getTokenFromRequest(r)
+
+	// if the error is not an invalid auth error, the token was invalid, and we throw error
+	// forbidden. If the error was an invalid auth error, we look for a cookie.
+	if err != nil && err != errInvalidAuthHeader {
+		authn.sendForbiddenError(err, w)
+		return
+	} else if err == nil && tok != nil {
+		authn.nextWithToken(w, r, tok)
+		return
+	}
+
+	// if the bearer token is not found, look for a request cookie
+	session, err := authn.config.Store.Get(r, authn.config.CookieName)
+
+	if err != nil {
+		session.Values["authenticated"] = false
+
+		// we attempt to save the session, but do not catch the error since we send the
+		// forbidden error regardless
+		session.Save(r, w)
+
+		authn.sendForbiddenError(err, w)
+		return
+	}
+
+	if auth, ok := session.Values["authenticated"].(bool); !auth || !ok {
+		authn.sendForbiddenError(fmt.Errorf("stored cookie was not authenticated"), w)
+		return
+	}
+
+	// read the user id in the token
+	userID, ok := session.Values["user_id"].(uint)
+
+	if !ok {
+		authn.sendForbiddenError(fmt.Errorf("could not cast user_id to uint"), w)
+		return
+	}
+
+	authn.nextWithUserID(w, r, userID)
+}
+
+// nextWithToken calls the next handler with either the service account or user corresponding
+// to the token set in context.
+func (authn *AuthN) nextWithToken(w http.ResponseWriter, r *http.Request, tok *token.Token) {
+	// TODO: add section to get service account for server-side token
+
+	// for now, we just use nextWithUser using the `iby` field for the token
+	authn.nextWithUserID(w, r, tok.IBy)
+}
+
+// nextWithUserID calls the next handler with the user set in the context with key
+// `types.UserScope`.
+func (authn *AuthN) nextWithUserID(w http.ResponseWriter, r *http.Request, userID uint) {
+	// search for the user
+	user, err := authn.config.Repo.User().ReadUser(userID)
+
+	if err != nil {
+		authn.sendForbiddenError(fmt.Errorf("user with id %d not found in database", userID), w)
+		return
+	}
+
+	// add the user to the context
+	ctx := r.Context()
+	ctx = context.WithValue(ctx, types.UserScope, user)
+
+	r = r.WithContext(ctx)
+	authn.next.ServeHTTP(w, r)
+}
+
+// sendForbiddenError sends a 403 Forbidden error to the end user while logging a
+// specific error
+func (authn *AuthN) sendForbiddenError(err error, w http.ResponseWriter) {
+	reqErr := apierrors.NewErrForbidden(err)
+
+	apierrors.HandleAPIError(w, authn.config.Logger, reqErr)
+}
+
+var errInvalidToken = fmt.Errorf("authorization header exists, but token is not valid")
+var errInvalidAuthHeader = fmt.Errorf("invalid authorization header in request")
+
+// getTokenFromRequest finds an `Authorization` header of the form `Bearer <token>`,
+// and returns a valid token if it exists.
+func (authn *AuthN) getTokenFromRequest(r *http.Request) (*token.Token, error) {
+	reqToken := r.Header.Get("Authorization")
+	splitToken := strings.Split(reqToken, "Bearer")
+
+	if len(splitToken) != 2 {
+		return nil, errInvalidAuthHeader
+	}
+
+	reqToken = strings.TrimSpace(splitToken[1])
+
+	tok, err := token.GetTokenFromEncoded(reqToken, authn.config.TokenConf)
+
+	if err != nil {
+		return nil, errInvalidToken
+	}
+
+	return tok, nil
+}

api/server/authn/handler_test.go

@@ -0,0 +1,345 @@
+package authn_test
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/porter-dev/porter/api/server/authn"
+	"github.com/porter-dev/porter/api/server/shared"
+	"github.com/porter-dev/porter/api/server/shared/test"
+	"github.com/porter-dev/porter/api/types"
+	"github.com/porter-dev/porter/internal/auth/token"
+	"github.com/porter-dev/porter/internal/models"
+	"github.com/stretchr/testify/assert"
+	"gorm.io/gorm"
+)
+
+func TestAuthenticatedUserWithCookie(t *testing.T) {
+	config, handler, next := loadHandlers(t)
+
+	req, err := http.NewRequest("GET", "/auth-endpoint", nil)
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	rr := httptest.NewRecorder()
+
+	// create a new user and a cookie for them
+	user, err := config.Repo.User().CreateUser(&models.User{
+		Email:         "test@test.it",
+		Password:      "hello",
+		EmailVerified: true,
+	})
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	cookie := authenticateUserWithCookie(t, config, user, false)
+	req.AddCookie(cookie)
+
+	handler.ServeHTTP(rr, req)
+
+	assertNextHandlerCalled(t, next, rr, user)
+}
+
+func TestUnauthenticatedUserWithCookie(t *testing.T) {
+	_, handler, next := loadHandlers(t)
+
+	req, err := http.NewRequest("GET", "/auth-endpoint", nil)
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	rr := httptest.NewRecorder()
+
+	// make the request without a cookie set
+	handler.ServeHTTP(rr, req)
+
+	assertForbiddenError(t, next, rr)
+}
+
+func TestAuthenticatedUserWithToken(t *testing.T) {
+	config, handler, next := loadHandlers(t)
+
+	req, err := http.NewRequest("GET", "/auth-endpoint", nil)
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	rr := httptest.NewRecorder()
+
+	// create a new user for the token to reference
+	user, err := config.Repo.User().CreateUser(&models.User{
+		Email:         "test@test.it",
+		Password:      "hello",
+		EmailVerified: true,
+	})
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	tokenStr := authenticateUserWithToken(t, config, user.ID)
+	req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", tokenStr))
+
+	handler.ServeHTTP(rr, req)
+
+	assertNextHandlerCalled(t, next, rr, user)
+}
+
+func TestUnauthenticatedUserWithToken(t *testing.T) {
+	_, handler, next := loadHandlers(t)
+
+	req, err := http.NewRequest("GET", "/auth-endpoint", nil)
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	rr := httptest.NewRecorder()
+
+	// create a new user and a cookie for them
+	tokenStr := "badtokenstring"
+	req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", tokenStr))
+
+	handler.ServeHTTP(rr, req)
+
+	assertForbiddenError(t, next, rr)
+}
+
+func TestAuthBadDatabaseRead(t *testing.T) {
+	config, handler, next := loadHandlers(t)
+
+	req, err := http.NewRequest("GET", "/auth-endpoint", nil)
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	rr := httptest.NewRecorder()
+
+	// create a new user and a cookie for them
+	user, err := config.Repo.User().CreateUser(&models.User{
+		Email:         "test@test.it",
+		Password:      "hello",
+		EmailVerified: true,
+	})
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	cookie := authenticateUserWithCookie(t, config, user, false)
+	req.AddCookie(cookie)
+
+	// set the repository interface to one that can't query from the db
+	configLoader := test.NewTestConfigLoader(false)
+	config, err = configLoader.LoadConfig()
+	factory := authn.NewAuthNFactory(config)
+	handler = factory.NewAuthenticated(next)
+
+	handler.ServeHTTP(rr, req)
+
+	assertForbiddenError(t, next, rr)
+}
+
+func TestAuthBadSessionUserWrite(t *testing.T) {
+	config, handler, next := loadHandlers(t)
+
+	req, err := http.NewRequest("GET", "/auth-endpoint", nil)
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	rr := httptest.NewRecorder()
+
+	// create a new user and a cookie for them
+	_, err = config.Repo.User().CreateUser(&models.User{
+		Email:         "test@test.it",
+		Password:      "hello",
+		EmailVerified: true,
+	})
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// create cookie where session values are incorrect
+	// i.e. written for a user that doesn't exist (id 500)
+	cookie := authenticateUserWithCookie(t, config, &models.User{
+		Model: gorm.Model{
+			ID: 500,
+		},
+	}, false)
+
+	req.AddCookie(cookie)
+	handler.ServeHTTP(rr, req)
+
+	assertForbiddenError(t, next, rr)
+}
+
+func TestAuthBadSessionUserIDType(t *testing.T) {
+	config, handler, next := loadHandlers(t)
+
+	req, err := http.NewRequest("GET", "/auth-endpoint", nil)
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	rr := httptest.NewRecorder()
+
+	// create a new user and a cookie for them
+	user, err := config.Repo.User().CreateUser(&models.User{
+		Email:         "test@test.it",
+		Password:      "hello",
+		EmailVerified: true,
+	})
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// create cookie where session values are incorrect
+	// i.e. written for a user that doesn't exist (id 500)
+	cookie := authenticateUserWithCookie(t, config, user, true)
+
+	req.AddCookie(cookie)
+	handler.ServeHTTP(rr, req)
+
+	assertForbiddenError(t, next, rr)
+}
+
+type testHandler struct {
+	WasCalled bool
+	User      *models.User
+}
+
+func (t *testHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	t.WasCalled = true
+
+	user, _ := r.Context().Value(types.UserScope).(*models.User)
+
+	t.User = user
+}
+
+func loadHandlers(t *testing.T) (*shared.Config, http.Handler, *testHandler) {
+	configLoader := test.NewTestConfigLoader(true)
+
+	config, err := configLoader.LoadConfig()
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	factory := authn.NewAuthNFactory(config)
+
+	next := &testHandler{}
+	handler := factory.NewAuthenticated(next)
+
+	return config, handler, next
+}
+
+// authenticateUserWithCookie uses the session store to create a cookie for a user
+func authenticateUserWithCookie(
+	t *testing.T,
+	config *shared.Config,
+	user *models.User,
+	badUserIDType bool,
+) *http.Cookie {
+	rr2 := httptest.NewRecorder()
+	req2, err := http.NewRequest("GET", "/login", nil)
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// set the user as authenticated
+	session, err := config.Store.Get(req2, config.CookieName)
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	session.Values["authenticated"] = true
+	session.Values["user_id"] = user.ID
+	session.Values["email"] = user.Email
+
+	if badUserIDType {
+		session.Values["user_id"] = "badtype"
+	}
+
+	if err := session.Save(req2, rr2); err != nil {
+		t.Fatal(err)
+	}
+
+	var cookie *http.Cookie
+
+	if cookies := rr2.Result().Cookies(); len(cookies) > 0 {
+		cookie = cookies[0]
+	} else {
+		t.Fatal(fmt.Errorf("no cookie in response"))
+	}
+
+	return cookie
+}
+
+// authenticateUserWithToken uses the JWT token generator to create a token for a user
+func authenticateUserWithToken(t *testing.T, config *shared.Config, userID uint) string {
+	issToken, err := token.GetTokenForUser(userID)
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	res, err := issToken.EncodeToken(config.TokenConf)
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	return res
+}
+
+func assertForbiddenError(t *testing.T, next *testHandler, rr *httptest.ResponseRecorder) {
+	assert := assert.New(t)
+
+	assert.False(next.WasCalled, "next handler should not have been called")
+	assert.Equal(http.StatusForbidden, rr.Result().StatusCode, "status code should be forbidden")
+
+	// json error should be forbidden
+	reqErr := &types.ExternalError{}
+	err := json.NewDecoder(rr.Result().Body).Decode(reqErr)
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	expReqErr := &types.ExternalError{
+		Error: "Forbidden",
+	}
+
+	assert.Equal(expReqErr, reqErr, "body should be forbidden error")
+}
+
+func assertNextHandlerCalled(
+	t *testing.T,
+	next *testHandler,
+	rr *httptest.ResponseRecorder,
+	expUser *models.User,
+) {
+	// make sure the handler was called with the expected user, and resulted in 200 OK
+	assert := assert.New(t)
+
+	assert.True(next.WasCalled, "next handler should have been called")
+	assert.Equal(expUser, next.User, "user should be equal")
+	assert.Equal(http.StatusOK, rr.Result().StatusCode, "status code should be ok")
+}

api/server/auth/param.go → api/server/authz/param.go

@@ -1,4 +1,4 @@
-package auth
+package authz
 
 import (
 	"fmt"

api/server/auth/param_test.go → api/server/authz/param_test.go

@@ -1,4 +1,4 @@
-package auth_test
+package authz_test
 
 import (
 	"context"
@@ -7,7 +7,7 @@ import (
 	"testing"
 
 	"github.com/go-chi/chi"
-	"github.com/porter-dev/porter/api/server/auth"
+	"github.com/porter-dev/porter/api/server/authz"
 	"github.com/porter-dev/porter/api/server/shared/apierrors"
 	"github.com/stretchr/testify/assert"
 )
@@ -66,7 +66,7 @@ func TestGetURLUintParamsErrors(t *testing.T) {
 
 		r = r.WithContext(context.WithValue(r.Context(), chi.RouteCtxKey, rctx))
 
-		_, err := auth.GetURLParamUint(r, test.paramReq)
+		_, err := authz.GetURLParamUint(r, test.paramReq)
 
 		if err == nil {
 			t.Fatalf("[ %s ] did not return an error when error was expected", test.description)
@@ -97,7 +97,7 @@ func TestGetURLParamString(t *testing.T) {
 
 	r = r.WithContext(context.WithValue(r.Context(), chi.RouteCtxKey, rctx))
 
-	res, err := auth.GetURLParamString(r, "name")
+	res, err := authz.GetURLParamString(r, "name")
 
 	if err != nil {
 		t.Fatalf("[ GetURLParamString ] returneed an error when no error was expected, %v", err.Error())
@@ -119,7 +119,7 @@ func TestGetURLParamUint(t *testing.T) {
 
 	r = r.WithContext(context.WithValue(r.Context(), chi.RouteCtxKey, rctx))
 
-	res, err := auth.GetURLParamUint(r, "name")
+	res, err := authz.GetURLParamUint(r, "name")
 
 	if err != nil {
 		t.Fatalf("[ GetURLParamUint ] returneed an error when no error was expected, %v", err.Error())

api/server/auth/policy/loader_test.go → api/server/authz/policy/loader_test.go

@@ -6,7 +6,7 @@ import (
 	"testing"
 
 	"github.com/go-test/deep"
-	"github.com/porter-dev/porter/api/server/auth/policy"
+	"github.com/porter-dev/porter/api/server/authz/policy"
 	"github.com/porter-dev/porter/api/types"
 	"github.com/porter-dev/porter/internal/models"
 	"github.com/porter-dev/porter/internal/repository/test"

api/server/auth/policy/policy_test.go → api/server/authz/policy/policy_test.go

@@ -3,7 +3,7 @@ package policy_test
 import (
 	"testing"
 
-	"github.com/porter-dev/porter/api/server/auth/policy"
+	"github.com/porter-dev/porter/api/server/authz/policy"
 	"github.com/porter-dev/porter/api/types"
 	"github.com/stretchr/testify/assert"
 )

api/server/auth/project.go → api/server/authz/project.go

@@ -1,8 +1,7 @@
-package auth
+package authz
 
 import (
 	"context"
-	"fmt"
 	"net/http"
 
 	"github.com/porter-dev/porter/api/server/shared"
@@ -35,15 +34,13 @@ type ProjectScoped struct {
 
 func (scope *ProjectScoped) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	// read the project id from the request
-	projID, reqErr := GetURLParamUint(r, "project_id")
+	_, reqErr := GetURLParamUint(r, "project_id")
 
 	if reqErr != nil {
 		apierrors.HandleAPIError(w, scope.config.Logger, reqErr)
 		return
 	}
 
-	fmt.Println("PROJECT ID IS", projID)
-
 	// find a set of roles for this user and compute a policy document
 
 	// determine if policy document allows for project scope
@@ -51,8 +48,8 @@ func (scope *ProjectScoped) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	project := types.Project{}
 
 	// create a new project-scoped context and serve
-	req := r.Clone(NewProjectContext(r.Context(), project))
-	scope.next.ServeHTTP(w, req)
+	r = r.WithContext(NewProjectContext(r.Context(), project))
+	scope.next.ServeHTTP(w, r)
 }
 
 func NewProjectContext(ctx context.Context, project types.Project) context.Context {

api/server/router/project.go

@@ -1,43 +1,38 @@
-package server
+package router
 
 import (
 	"github.com/go-chi/chi"
-	"github.com/porter-dev/porter/api/server/auth"
+	"github.com/porter-dev/porter/api/server/authz"
 	"github.com/porter-dev/porter/api/server/handlers/project"
 	"github.com/porter-dev/porter/api/server/shared"
 	"github.com/porter-dev/porter/api/types"
 )
 
-func NewProjectRouter(
+func RegisterProjectScopedRoutes(
+	r chi.Router,
 	config *shared.Config,
 	basePath *types.Path,
 	factory shared.APIEndpointFactory,
-) *shared.Router {
-	router := chi.NewRouter()
-
+) chi.Router {
 	// Create a new "project-scoped" factory which will create a new project-scoped request
 	// after authorization. Each subsequent http.Handler can lookup the project in context.
-	authFactory := auth.NewProjectScopedFactory(config.Repo.Project, config)
+	projFactory := authz.NewProjectScopedFactory(config.Repo.Project(), config)
 
 	// attach middleware to router
-	router.Use(authFactory.NewProjectScoped)
+	r.Use(projFactory.NewProjectScoped)
 
-	routes := registerProjectEndpoints(config, basePath, factory, router)
+	registerProjectEndpoints(r, config, basePath, factory)
 
-	return &shared.Router{
-		Router: router,
-		Routes: routes,
-		Config: config,
-	}
+	return r
 }
 
 func registerProjectEndpoints(
+	r chi.Router,
 	config *shared.Config,
 	basePath *types.Path,
 	factory shared.APIEndpointFactory,
-	router *chi.Mux,
-) (routes []*shared.Route) {
-	routes = make([]*shared.Route, 0)
+) {
+	routes := make([]*Route, 0)
 
 	projectPath := &types.Path{
 		Parent:       basePath,
@@ -57,10 +52,10 @@ func registerProjectEndpoints(
 
 	createHandler := project.NewProjectCreateHandler(config, createEndpoint)
 
-	routes = append(routes, &shared.Route{
+	routes = append(routes, &Route{
 		Endpoint: createEndpoint,
 		Handler:  createHandler,
 	})
 
-	return routes
+	registerRoutes(r, routes)
 }

api/server/router/router.go

@@ -0,0 +1,51 @@
+package router
+
+import (
+	"net/http"
+
+	"github.com/go-chi/chi"
+	"github.com/porter-dev/porter/api/server/authn"
+	"github.com/porter-dev/porter/api/server/shared"
+	"github.com/porter-dev/porter/api/types"
+)
+
+func NewAPIRouter(config *shared.Config) *chi.Mux {
+	r := chi.NewRouter()
+	endpointFactory := shared.NewAPIObjectEndpointFactory(config)
+	authNFactory := authn.NewAuthNFactory(config)
+
+	r.Route("/api", func(r chi.Router) {
+		// create a group of authenticated endpoints
+		r.Group(func(r chi.Router) {
+			// all authenticated endpoints use the authn middleware
+			r.Use(authNFactory.NewAuthenticated)
+
+			// register all project-scoped routes
+			RegisterProjectScopedRoutes(
+				r,
+				config,
+				&types.Path{
+					RelativePath: "/projects",
+				},
+				endpointFactory,
+			)
+		})
+	})
+
+	return r
+}
+
+type Route struct {
+	Endpoint *shared.APIEndpoint
+	Handler  http.Handler
+}
+
+func registerRoutes(r chi.Router, routes []*Route) {
+	for _, route := range routes {
+		r.Method(
+			string(route.Endpoint.Metadata.Method),
+			route.Endpoint.Metadata.Path.RelativePath,
+			route.Handler,
+		)
+	}
+}

api/server/shared/apierrors/errors.go

@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"net/http"
 
+	"github.com/porter-dev/porter/api/types"
 	"github.com/porter-dev/porter/internal/logger"
 )
 
@@ -88,10 +89,6 @@ func (e *ErrPassThroughToClient) GetStatusCode() int {
 	return e.statusCode
 }
 
-type externalError struct {
-	Error string `json:"error"`
-}
-
 func HandleAPIError(
 	w http.ResponseWriter,
 	logger *logger.Logger,
@@ -106,7 +103,9 @@ func HandleAPIError(
 		Msg("")
 
 	// send the external error
-	resp := &externalError{extErrorStr}
+	resp := &types.ExternalError{
+		Error: extErrorStr,
+	}
 
 	// write the status code
 	w.WriteHeader(err.GetStatusCode())

api/server/shared/config.go

@@ -1,6 +1,8 @@
 package shared
 
 import (
+	"github.com/gorilla/sessions"
+	"github.com/porter-dev/porter/internal/auth/token"
 	"github.com/porter-dev/porter/internal/logger"
 	"github.com/porter-dev/porter/internal/repository"
 )
@@ -10,9 +12,22 @@ type Config struct {
 	Logger *logger.Logger
 
 	// Repo implements a query repository
-	Repo *repository.Repository
+	Repo repository.Repository
 
 	// Capabilities is a description object for the server capabilities, used
 	// to determine which endpoints to register
 	Capabilities *Capabilities
+
+	// Store implements a session store for session-based cookies
+	Store sessions.Store
+
+	// CookieName is the name of the Porter cookie used for authn
+	CookieName string
+
+	// TokenConf contains the config for generating and validating JWT tokens
+	TokenConf *token.TokenGeneratorConf
+}
+
+type ConfigLoader interface {
+	LoadConfig() (*Config, error)
 }

api/server/shared/endpoints.go

@@ -1,9 +1,6 @@
 package shared
 
 import (
-	"encoding/json"
-	"net/http"
-
 	"github.com/porter-dev/porter/api/server/requestutils"
 	"github.com/porter-dev/porter/api/types"
 )
@@ -45,15 +42,3 @@ func (factory *APIObjectEndpointFactory) NewAPIEndpoint(
 		Writer:           factory.resultWriter,
 	}
 }
-
-type JSONResponseWriter struct {
-	config *Config
-}
-
-func NewJSONResponseWriter(config *Config) *JSONResponseWriter {
-	return &JSONResponseWriter{config}
-}
-
-func (j *JSONResponseWriter) Write(w http.ResponseWriter, v interface{}) {
-	json.NewEncoder(w).Encode(v)
-}

api/server/shared/router.go

@@ -1,28 +0,0 @@
-package shared
-
-import (
-	"net/http"
-
-	"github.com/go-chi/chi"
-)
-
-type Route struct {
-	Endpoint *APIEndpoint
-	Handler  http.Handler
-}
-
-type Router struct {
-	Router *chi.Mux
-	Routes []*Route
-	Config *Config
-}
-
-func (r *Router) RegisterRoutes() {
-	for _, route := range r.Routes {
-		r.Router.Method(
-			string(route.Endpoint.Metadata.Method),
-			route.Endpoint.Metadata.Path.RelativePath,
-			route.Handler,
-		)
-	}
-}

api/server/shared/test/config.go

@@ -0,0 +1,43 @@
+package test
+
+import (
+	"os"
+
+	"github.com/porter-dev/porter/api/server/shared"
+	"github.com/porter-dev/porter/internal/auth/sessionstore"
+	"github.com/porter-dev/porter/internal/auth/token"
+	"github.com/porter-dev/porter/internal/config"
+	"github.com/porter-dev/porter/internal/logger"
+	"github.com/porter-dev/porter/internal/repository/test"
+)
+
+type TestConfigLoader struct {
+	canQuery bool
+}
+
+func NewTestConfigLoader(canQuery bool) shared.ConfigLoader {
+	return &TestConfigLoader{canQuery}
+}
+
+func (t *TestConfigLoader) LoadConfig() (*shared.Config, error) {
+	l := logger.New(true, os.Stdout)
+	repo := test.NewRepository(t.canQuery)
+	configFromEnv := config.FromEnv()
+	store, err := sessionstore.NewStore(repo, configFromEnv.Server)
+
+	if err != nil {
+		return nil, err
+	}
+
+	tokenConf := &token.TokenGeneratorConf{
+		TokenSecret: configFromEnv.Server.TokenGeneratorSecret,
+	}
+
+	return &shared.Config{
+		Logger:     l,
+		Repo:       repo,
+		Store:      store,
+		CookieName: configFromEnv.Server.CookieName,
+		TokenConf:  tokenConf,
+	}, nil
+}

api/types/error.go

@@ -0,0 +1,5 @@
+package types
+
+type ExternalError struct {
+	Error string `json:"error"`
+}

cmd/migrate/keyrotate/helpers_test.go

@@ -20,7 +20,7 @@ type tester struct {
 	Key *[32]byte
 	DB  *_gorm.DB
 
-	repo         *repository.Repository
+	repo         repository.Repository
 	dbFileName   string
 	key          *[32]byte
 	initUsers    []*models.User
@@ -110,7 +110,7 @@ func initUser(tester *tester, t *testing.T) {
 		Password: "hello1234",
 	}
 
-	user, err := tester.repo.User.CreateUser(user)
+	user, err := tester.repo.User().CreateUser(user)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -126,7 +126,7 @@ func initProject(tester *tester, t *testing.T) {
 		Name: "project-test",
 	}
 
-	proj, err := tester.repo.Project.CreateProject(proj)
+	proj, err := tester.repo.Project().CreateProject(proj)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -146,7 +146,7 @@ func initProjectRole(tester *tester, t *testing.T) {
 		},
 	}
 
-	role, err := tester.repo.Project.CreateProjectRole(tester.initProjects[0], role)
+	role, err := tester.repo.Project().CreateProjectRole(tester.initProjects[0], role)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -176,7 +176,7 @@ func initKubeIntegration(tester *tester, t *testing.T) {
 		Password:              []byte("password"),
 	}
 
-	ki, err := tester.repo.KubeIntegration.CreateKubeIntegration(ki)
+	ki, err := tester.repo.KubeIntegration().CreateKubeIntegration(ki)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -203,7 +203,7 @@ func initBasicIntegration(tester *tester, t *testing.T) {
 		Password:  []byte("password"),
 	}
 
-	basic, err := tester.repo.BasicIntegration.CreateBasicIntegration(basic)
+	basic, err := tester.repo.BasicIntegration().CreateBasicIntegration(basic)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -235,7 +235,7 @@ func initOIDCIntegration(tester *tester, t *testing.T) {
 		RefreshToken:             []byte("refreshtoken"),
 	}
 
-	oidc, err := tester.repo.OIDCIntegration.CreateOIDCIntegration(oidc)
+	oidc, err := tester.repo.OIDCIntegration().CreateOIDCIntegration(oidc)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -264,7 +264,7 @@ func initOAuthIntegration(tester *tester, t *testing.T) {
 		RefreshToken: []byte("refreshtoken"),
 	}
 
-	oauth, err := tester.repo.OAuthIntegration.CreateOAuthIntegration(oauth)
+	oauth, err := tester.repo.OAuthIntegration().CreateOAuthIntegration(oauth)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -292,7 +292,7 @@ func initGCPIntegration(tester *tester, t *testing.T) {
 		GCPKeyData:   []byte("{\"test\":\"key\"}"),
 	}
 
-	gcp, err := tester.repo.GCPIntegration.CreateGCPIntegration(gcp)
+	gcp, err := tester.repo.GCPIntegration().CreateGCPIntegration(gcp)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -321,7 +321,7 @@ func initAWSIntegration(tester *tester, t *testing.T) {
 		AWSSessionToken:    []byte("optional"),
 	}
 
-	aws, err := tester.repo.AWSIntegration.CreateAWSIntegration(aws)
+	aws, err := tester.repo.AWSIntegration().CreateAWSIntegration(aws)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -349,7 +349,7 @@ func initClusterCandidate(tester *tester, t *testing.T) {
 		Kubeconfig:        []byte("current-context: testing\n"),
 	}
 
-	cc, err := tester.repo.Cluster.CreateClusterCandidate(cc)
+	cc, err := tester.repo.Cluster().CreateClusterCandidate(cc)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -383,7 +383,7 @@ func initCluster(tester *tester, t *testing.T) {
 		},
 	}
 
-	cluster, err := tester.repo.Cluster.CreateCluster(cluster)
+	cluster, err := tester.repo.Cluster().CreateCluster(cluster)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -409,7 +409,7 @@ func initGitRepo(tester *tester, t *testing.T) {
 		OAuthIntegrationID: tester.initOAuths[0].ID,
 	}
 
-	gr, err := tester.repo.GitRepo.CreateGitRepo(gr)
+	gr, err := tester.repo.GitRepo().CreateGitRepo(gr)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -436,7 +436,7 @@ func initRegistry(tester *tester, t *testing.T) {
 		},
 	}
 
-	reg, err := tester.repo.Registry.CreateRegistry(reg)
+	reg, err := tester.repo.Registry().CreateRegistry(reg)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -464,7 +464,7 @@ func initHelmRepo(tester *tester, t *testing.T) {
 		},
 	}
 
-	hr, err := tester.repo.HelmRepo.CreateHelmRepo(hr)
+	hr, err := tester.repo.HelmRepo().CreateHelmRepo(hr)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -487,7 +487,7 @@ func initInfra(tester *tester, t *testing.T) {
 		LastApplied: []byte("testing"),
 	}
 
-	infra, err := tester.repo.Infra.CreateInfra(infra)
+	infra, err := tester.repo.Infra().CreateInfra(infra)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -511,7 +511,7 @@ func initRelease(tester *tester, t *testing.T) {
 		WebhookToken: "abcdefgh",
 	}
 
-	release, err := tester.repo.Release.CreateRelease(release)
+	release, err := tester.repo.Release().CreateRelease(release)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)

helm/templates/NOTES.txt

@@ -6,16 +6,16 @@
   {{- end }}
 {{- end }}
 {{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "porter-prod.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  export NODE_PORT=$(kubectl get --namespace {{ .Release().Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "porter-prod.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release().Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
   echo http://$NODE_IP:$NODE_PORT
 {{- else if contains "LoadBalancer" .Values.service.type }}
      NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "porter-prod.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "porter-prod.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+           You can watch the status of by running 'kubectl get --namespace {{ .Release().Namespace }} svc -w {{ include "porter-prod.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release().Namespace }} {{ include "porter-prod.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
   echo http://$SERVICE_IP:{{ .Values.service.port }}
 {{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "porter-prod.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release().Namespace }} -l "app.kubernetes.io/name={{ include "porter-prod.name" . }},app.kubernetes.io/instance={{ .Release().Name }}" -o jsonpath="{.items[0].metadata.name}")
   echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
+  kubectl --namespace {{ .Release().Namespace }} port-forward $POD_NAME 8080:80
 {{- end }}

helm/templates/_helpers.tpl

@@ -16,10 +16,10 @@ If release name contains chart name it will be used as a full name.
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- if contains $name .Release().Name }}
+{{- .Release().Name | trunc 63 | trimSuffix "-" }}
 {{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- printf "%s-%s" .Release().Name $name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{- end }}
 {{- end }}
@@ -40,7 +40,7 @@ helm.sh/chart: {{ include "porter-prod.chart" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/managed-by: {{ .Release().Service }}
 {{- end }}
 
 {{/*
@@ -48,7 +48,7 @@ Selector labels
 */}}
 {{- define "porter-prod.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "porter-prod.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/instance: {{ .Release().Name }}
 {{- end }}
 
 {{/*

internal/auth/sessionstore/sessionstore.go

@@ -26,7 +26,7 @@ type PGStore struct {
 	Codecs  []securecookie.Codec
 	Options *sessions.Options
 	Path    string
-	Repo    *repository.Repository
+	Repo    repository.Repository
 }
 
 // Helpers
@@ -60,7 +60,7 @@ func (store *PGStore) MaxAge(age int) {
 // load fetches a session by ID from the database and decodes its content
 // into session.Values.
 func (store *PGStore) load(session *sessions.Session) error {
-	res, err := store.Repo.Session.SelectSession(&models.Session{Key: session.ID})
+	res, err := store.Repo.Session().SelectSession(&models.Session{Key: session.ID})
 
 	if err != nil {
 		return err
@@ -99,18 +99,18 @@ func (store *PGStore) save(session *sessions.Session) error {
 	repo := store.Repo
 
 	if session.IsNew {
-		_, createErr := repo.Session.CreateSession(s)
+		_, createErr := repo.Session().CreateSession(s)
 		return createErr
 	}
 
-	_, updateErr := repo.Session.UpdateSession(s)
+	_, updateErr := repo.Session().UpdateSession(s)
 	return updateErr
 }
 
 // Implementation of the interface (Get, New, Save)
 
 // NewStore takes an initialized db and session key pairs to create a session-store in postgres db.
-func NewStore(repo *repository.Repository, conf config.ServerConf) (*PGStore, error) {
+func NewStore(repo repository.Repository, conf config.ServerConf) (*PGStore, error) {
 	keyPairs := [][]byte{}
 
 	for _, key := range conf.CookieSecrets {
@@ -190,7 +190,7 @@ func (store *PGStore) Save(r *http.Request, w http.ResponseWriter, session *sess
 
 	// Set delete if max-age is < 0
 	if session.Options.MaxAge < 0 {
-		if _, err := repo.Session.DeleteSession(&models.Session{Key: session.ID}); err != nil {
+		if _, err := repo.Session().DeleteSession(&models.Session{Key: session.ID}); err != nil {
 			return err
 		}
 		http.SetCookie(w, sessions.NewCookie(session.Name(), "", session.Options))

internal/forms/cluster.go

@@ -109,7 +109,7 @@ type ResolveClusterForm struct {
 func (rcf *ResolveClusterForm) ResolveIntegration(
 	repo repository.Repository,
 ) error {
-	cc, err := repo.Cluster.ReadClusterCandidate(rcf.ClusterCandidateID)
+	cc, err := repo.Cluster().ReadClusterCandidate(rcf.ClusterCandidateID)
 
 	if err != nil {
 		return err
@@ -206,7 +206,7 @@ func (rcf *ResolveClusterForm) resolveX509(
 	}
 
 	// return integration id if exists
-	ki, err := repo.KubeIntegration.CreateKubeIntegration(ki)
+	ki, err := repo.KubeIntegration().CreateKubeIntegration(ki)
 
 	if err != nil {
 		return 0, err
@@ -241,7 +241,7 @@ func (rcf *ResolveClusterForm) resolveToken(
 	}
 
 	// return integration id if exists
-	ki, err := repo.KubeIntegration.CreateKubeIntegration(ki)
+	ki, err := repo.KubeIntegration().CreateKubeIntegration(ki)
 
 	if err != nil {
 		return 0, err
@@ -273,7 +273,7 @@ func (rcf *ResolveClusterForm) resolveBasic(
 	}
 
 	// return integration id if exists
-	ki, err := repo.KubeIntegration.CreateKubeIntegration(ki)
+	ki, err := repo.KubeIntegration().CreateKubeIntegration(ki)
 
 	if err != nil {
 		return 0, err
@@ -294,7 +294,7 @@ func (rcf *ResolveClusterForm) resolveLocal(
 	}
 
 	// return integration id if exists
-	ki, err := repo.KubeIntegration.CreateKubeIntegration(ki)
+	ki, err := repo.KubeIntegration().CreateKubeIntegration(ki)
 
 	if err != nil {
 		return 0, err
@@ -349,7 +349,7 @@ func (rcf *ResolveClusterForm) resolveOIDC(
 	}
 
 	// return integration id if exists
-	oidc, err := repo.OIDCIntegration.CreateOIDCIntegration(oidc)
+	oidc, err := repo.OIDCIntegration().CreateOIDCIntegration(oidc)
 
 	if err != nil {
 		return 0, err
@@ -379,7 +379,7 @@ func (rcf *ResolveClusterForm) resolveGCP(
 	}
 
 	// return integration id if exists
-	gcp, err := repo.GCPIntegration.CreateGCPIntegration(gcp)
+	gcp, err := repo.GCPIntegration().CreateGCPIntegration(gcp)
 
 	if err != nil {
 		return 0, err
@@ -418,7 +418,7 @@ func (rcf *ResolveClusterForm) resolveAWS(
 	}
 
 	// return integration id if exists
-	aws, err := repo.AWSIntegration.CreateAWSIntegration(aws)
+	aws, err := repo.AWSIntegration().CreateAWSIntegration(aws)
 
 	if err != nil {
 		return 0, err
@@ -440,7 +440,7 @@ func (rcf *ResolveClusterForm) ResolveCluster(
 	}
 
 	// save cluster to db
-	return repo.Cluster.CreateCluster(cluster)
+	return repo.Cluster().CreateCluster(cluster)
 }
 
 func (rcf *ResolveClusterForm) buildCluster() (*models.Cluster, error) {

internal/forms/cluster_test.go

@@ -406,13 +406,13 @@ func TestClusters(t *testing.T) {
 		var cc *models.ClusterCandidate
 
 		for _, _cc := range ccs {
-			cc, err = tester.repo.Cluster.CreateClusterCandidate(_cc)
+			cc, err = tester.repo.Cluster().CreateClusterCandidate(_cc)
 
 			if err != nil {
 				t.Fatalf("%v\n", err)
 			}
 
-			cc, err = tester.repo.Cluster.ReadClusterCandidate(cc.ID)
+			cc, err = tester.repo.Cluster().ReadClusterCandidate(cc.ID)
 
 			if err != nil {
 				t.Fatalf("%v\n", err)
@@ -427,7 +427,7 @@ func TestClusters(t *testing.T) {
 		}
 
 		// resolve integration (should be kube with local)
-		err = form.ResolveIntegration(*tester.repo)
+		err = form.ResolveIntegration(tester.repo)
 
 		if err != nil {
 			t.Fatalf("%v\n", err)
@@ -436,7 +436,7 @@ func TestClusters(t *testing.T) {
 		switch c.expIntegration.(type) {
 		case *ints.KubeIntegration:
 			// make sure integration is equal, read integration from DB
-			gotIntegration, err := tester.repo.KubeIntegration.ReadKubeIntegration(form.IntegrationID)
+			gotIntegration, err := tester.repo.KubeIntegration().ReadKubeIntegration(form.IntegrationID)
 
 			if err != nil {
 				t.Fatalf("%v\n", err)
@@ -462,7 +462,7 @@ func TestClusters(t *testing.T) {
 			}
 		case *ints.OIDCIntegration:
 			// make sure integration is equal, read integration from DB
-			gotIntegration, err := tester.repo.OIDCIntegration.ReadOIDCIntegration(form.IntegrationID)
+			gotIntegration, err := tester.repo.OIDCIntegration().ReadOIDCIntegration(form.IntegrationID)
 
 			if err != nil {
 				t.Fatalf("%v\n", err)
@@ -479,7 +479,7 @@ func TestClusters(t *testing.T) {
 			}
 		case *ints.GCPIntegration:
 			// make sure integration is equal, read integration from DB
-			gotIntegration, err := tester.repo.GCPIntegration.ReadGCPIntegration(form.IntegrationID)
+			gotIntegration, err := tester.repo.GCPIntegration().ReadGCPIntegration(form.IntegrationID)
 
 			if err != nil {
 				t.Fatalf("%v\n", err)
@@ -496,7 +496,7 @@ func TestClusters(t *testing.T) {
 			}
 		case *ints.AWSIntegration:
 			// make sure integration is equal, read integration from DB
-			gotIntegration, err := tester.repo.AWSIntegration.ReadAWSIntegration(form.IntegrationID)
+			gotIntegration, err := tester.repo.AWSIntegration().ReadAWSIntegration(form.IntegrationID)
 
 			if err != nil {
 				t.Fatalf("%v\n", err)
@@ -514,7 +514,7 @@ func TestClusters(t *testing.T) {
 		}
 
 		// resolve cluster
-		gotCluster, err := form.ResolveCluster(*tester.repo)
+		gotCluster, err := form.ResolveCluster(tester.repo)
 
 		if err != nil {
 			t.Fatalf("%v\n", err)
@@ -556,7 +556,7 @@ func compareKubeconfig(t *testing.T, resKube []byte, expKube []byte) {
 // 	repo := test.NewRepository(true)
 
 // 	// create a new project
-// 	repo.Project.CreateProject(&models.Project{
+// 	repo.Project().CreateProject(&models.Project{
 // 		Name: "test-project",
 // 	})
 
@@ -621,7 +621,7 @@ func compareKubeconfig(t *testing.T, resKube []byte, expKube []byte) {
 // 	repo := test.NewRepository(true)
 
 // 	// create a new project
-// 	repo.Project.CreateProject(&models.Project{
+// 	repo.Project().CreateProject(&models.Project{
 // 		Name: "test-project",
 // 	})
 
@@ -686,7 +686,7 @@ func compareKubeconfig(t *testing.T, resKube []byte, expKube []byte) {
 // 	repo := test.NewRepository(true)
 
 // 	// create a new project
-// 	repo.Project.CreateProject(&models.Project{
+// 	repo.Project().CreateProject(&models.Project{
 // 		Name: "test-project",
 // 	})
 
@@ -751,7 +751,7 @@ func compareKubeconfig(t *testing.T, resKube []byte, expKube []byte) {
 // 	repo := test.NewRepository(true)
 
 // 	// create a new project
-// 	repo.Project.CreateProject(&models.Project{
+// 	repo.Project().CreateProject(&models.Project{
 // 		Name: "test-project",
 // 	})
 
@@ -828,7 +828,7 @@ func compareKubeconfig(t *testing.T, resKube []byte, expKube []byte) {
 // 	tokenData := "abcdefghijklmnop"
 
 // 	// create a new project
-// 	repo.Project.CreateProject(&models.Project{
+// 	repo.Project().CreateProject(&models.Project{
 // 		Name: "test-project",
 // 	})
 
@@ -883,7 +883,7 @@ func compareKubeconfig(t *testing.T, resKube []byte, expKube []byte) {
 // 	gcpKeyData := []byte(`{"key": "data"}`)
 
 // 	// create a new project
-// 	repo.Project.CreateProject(&models.Project{
+// 	repo.Project().CreateProject(&models.Project{
 // 		Name: "test-project",
 // 	})
 
@@ -937,7 +937,7 @@ func compareKubeconfig(t *testing.T, resKube []byte, expKube []byte) {
 // 	repo := test.NewRepository(true)
 
 // 	// create a new project
-// 	repo.Project.CreateProject(&models.Project{
+// 	repo.Project().CreateProject(&models.Project{
 // 		Name: "test-project",
 // 	})
 
@@ -1003,7 +1003,7 @@ func compareKubeconfig(t *testing.T, resKube []byte, expKube []byte) {
 // 	repo := test.NewRepository(true)
 
 // 	// create a new project
-// 	repo.Project.CreateProject(&models.Project{
+// 	repo.Project().CreateProject(&models.Project{
 // 		Name: "test-project",
 // 	})
 

internal/forms/helper_test.go

@@ -14,7 +14,7 @@ import (
 )
 
 type tester struct {
-	repo         *repository.Repository
+	repo         repository.Repository
 	key          *[32]byte
 	dbFileName   string
 	initUsers    []*models.User
@@ -90,7 +90,7 @@ func initUser(tester *tester, t *testing.T) {
 		Password: "hello1234",
 	}
 
-	user, err := tester.repo.User.CreateUser(user)
+	user, err := tester.repo.User().CreateUser(user)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -106,7 +106,7 @@ func initProject(tester *tester, t *testing.T) {
 		Name: "project-test",
 	}
 
-	proj, err := tester.repo.Project.CreateProject(proj)
+	proj, err := tester.repo.Project().CreateProject(proj)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -126,7 +126,7 @@ func initProjectRole(tester *tester, t *testing.T) {
 		},
 	}
 
-	role, err := tester.repo.Project.CreateProjectRole(tester.initProjects[0], role)
+	role, err := tester.repo.Project().CreateProjectRole(tester.initProjects[0], role)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -151,7 +151,7 @@ func initKubeIntegration(tester *tester, t *testing.T) {
 		Kubeconfig: []byte("current-context: testing\n"),
 	}
 
-	ki, err := tester.repo.KubeIntegration.CreateKubeIntegration(ki)
+	ki, err := tester.repo.KubeIntegration().CreateKubeIntegration(ki)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -182,7 +182,7 @@ func initOIDCIntegration(tester *tester, t *testing.T) {
 		RefreshToken: []byte("refreshtoken"),
 	}
 
-	oidc, err := tester.repo.OIDCIntegration.CreateOIDCIntegration(oidc)
+	oidc, err := tester.repo.OIDCIntegration().CreateOIDCIntegration(oidc)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -211,7 +211,7 @@ func initOAuthIntegration(tester *tester, t *testing.T) {
 		RefreshToken: []byte("refreshtoken"),
 	}
 
-	oauth, err := tester.repo.OAuthIntegration.CreateOAuthIntegration(oauth)
+	oauth, err := tester.repo.OAuthIntegration().CreateOAuthIntegration(oauth)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -239,7 +239,7 @@ func initGCPIntegration(tester *tester, t *testing.T) {
 		GCPKeyData:   []byte("{\"test\":\"key\"}"),
 	}
 
-	gcp, err := tester.repo.GCPIntegration.CreateGCPIntegration(gcp)
+	gcp, err := tester.repo.GCPIntegration().CreateGCPIntegration(gcp)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -268,7 +268,7 @@ func initAWSIntegration(tester *tester, t *testing.T) {
 		AWSSessionToken:    []byte("optional"),
 	}
 
-	aws, err := tester.repo.AWSIntegration.CreateAWSIntegration(aws)
+	aws, err := tester.repo.AWSIntegration().CreateAWSIntegration(aws)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -296,7 +296,7 @@ func initClusterCandidate(tester *tester, t *testing.T) {
 		Kubeconfig:        []byte("current-context: testing\n"),
 	}
 
-	cc, err := tester.repo.Cluster.CreateClusterCandidate(cc)
+	cc, err := tester.repo.Cluster().CreateClusterCandidate(cc)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -324,7 +324,7 @@ func initCluster(tester *tester, t *testing.T) {
 		CertificateAuthorityData: []byte("-----BEGIN"),
 	}
 
-	cluster, err := tester.repo.Cluster.CreateCluster(cluster)
+	cluster, err := tester.repo.Cluster().CreateCluster(cluster)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -350,7 +350,7 @@ func initGitRepo(tester *tester, t *testing.T) {
 		OAuthIntegrationID: tester.initOAuths[0].ID,
 	}
 
-	gr, err := tester.repo.GitRepo.CreateGitRepo(gr)
+	gr, err := tester.repo.GitRepo().CreateGitRepo(gr)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)

internal/forms/registry.go

@@ -31,7 +31,7 @@ func (cr *CreateRegistry) ToRegistry(repo repository.Repository) (*models.Regist
 	}
 
 	if registry.URL == "" && registry.AWSIntegrationID != 0 {
-		awsInt, err := repo.AWSIntegration.ReadAWSIntegration(registry.AWSIntegrationID)
+		awsInt, err := repo.AWSIntegration().ReadAWSIntegration(registry.AWSIntegrationID)
 
 		if err != nil {
 			return nil, err

internal/helm/config.go

@@ -21,7 +21,7 @@ import (
 // creating a Helm agent
 type Form struct {
 	Cluster           *models.Cluster `form:"required"`
-	Repo              *repository.Repository
+	Repo              repository.Repository
 	DigitalOceanOAuth *oauth2.Config
 	Storage           string `json:"storage" form:"oneof=secret configmap memory" default:"secret"`
 	Namespace         string `json:"namespace"`

internal/helm/postrenderer.go

@@ -422,7 +422,7 @@ func (d *DockerSecretsPostRenderer) isRegistryNative(regName string) bool {
 
 	if strings.Contains(regName, "gcr") && d.Cluster.AuthMechanism == models.GCP {
 		// get the project id of the cluster
-		gcpInt, err := d.Repo.GCPIntegration.ReadGCPIntegration(d.Cluster.GCPIntegrationID)
+		gcpInt, err := d.Repo.GCPIntegration().ReadGCPIntegration(d.Cluster.GCPIntegrationID)
 
 		if err != nil {
 			return false
@@ -450,7 +450,7 @@ func (d *DockerSecretsPostRenderer) isRegistryNative(regName string) bool {
 		eksAccountID := matches[1]
 		eksRegion := matches[3]
 
-		awsInt, err := d.Repo.AWSIntegration.ReadAWSIntegration(d.Cluster.AWSIntegrationID)
+		awsInt, err := d.Repo.AWSIntegration().ReadAWSIntegration(d.Cluster.AWSIntegrationID)
 
 		if err != nil {
 			return false

internal/helm/repo/repo.go

@@ -38,7 +38,7 @@ func (hr *HelmRepo) listChartsBasic(
 	repo repository.Repository,
 ) ([]*models.PorterChartList, error) {
 	// get the basic auth integration
-	basic, err := repo.BasicIntegration.ReadBasicIntegration(
+	basic, err := repo.BasicIntegration().ReadBasicIntegration(
 		hr.BasicAuthIntegrationID,
 	)
 
@@ -65,7 +65,7 @@ func (hr *HelmRepo) getChartBasic(
 	chartName, chartVersion string,
 ) (*chart.Chart, error) {
 	// get the basic auth integration
-	basic, err := repo.BasicIntegration.ReadBasicIntegration(
+	basic, err := repo.BasicIntegration().ReadBasicIntegration(
 		hr.BasicAuthIntegrationID,
 	)
 

internal/integrations/ci/actions/actions.go

@@ -198,7 +198,7 @@ func (g *GithubActions) GetGithubActionYAML() ([]byte, error) {
 
 func (g *GithubActions) getClient() (*github.Client, error) {
 	// get the oauth integration
-	oauthInt, err := g.Repo.OAuthIntegration.ReadOAuthIntegration(g.GitIntegration.OAuthIntegrationID)
+	oauthInt, err := g.Repo.OAuthIntegration().ReadOAuthIntegration(g.GitIntegration.OAuthIntegrationID)
 
 	if err != nil {
 		return nil, err

internal/kubernetes/agent.go

@@ -729,7 +729,7 @@ func (a *Agent) ProvisionDOCR(
 	provImageTag string,
 ) (*batchv1.Job, error) {
 	// get the token
-	oauthInt, err := repo.OAuthIntegration.ReadOAuthIntegration(
+	oauthInt, err := repo.OAuthIntegration().ReadOAuthIntegration(
 		infra.DOIntegrationID,
 	)
 
@@ -779,7 +779,7 @@ func (a *Agent) ProvisionDOKS(
 	provImageTag string,
 ) (*batchv1.Job, error) {
 	// get the token
-	oauthInt, err := repo.OAuthIntegration.ReadOAuthIntegration(
+	oauthInt, err := repo.OAuthIntegration().ReadOAuthIntegration(
 		infra.DOIntegrationID,
 	)
 
@@ -864,7 +864,7 @@ func (a *Agent) provision(
 	}
 
 	infra.LastApplied = prov.LastApplied
-	infra, err = repo.Infra.UpdateInfra(infra)
+	infra, err = repo.Infra().UpdateInfra(infra)
 
 	if err != nil {
 		return nil, err

internal/kubernetes/config.go

@@ -100,7 +100,7 @@ func GetAgentTesting(objects ...runtime.Object) *Agent {
 // This implements RESTClientGetter
 type OutOfClusterConfig struct {
 	Cluster          *models.Cluster
-	Repo             *repository.Repository
+	Repo             repository.Repository
 	DefaultNamespace string // optional
 
 	// Only required if using DigitalOcean OAuth as an auth mechanism
@@ -180,7 +180,7 @@ func (conf *OutOfClusterConfig) GetClientConfigFromCluster() (clientcmd.ClientCo
 	}
 
 	if conf.Cluster.AuthMechanism == models.Local {
-		kubeAuth, err := conf.Repo.KubeIntegration.ReadKubeIntegration(
+		kubeAuth, err := conf.Repo.KubeIntegration().ReadKubeIntegration(
 			conf.Cluster.KubeIntegrationID,
 		)
 
@@ -241,7 +241,7 @@ func (conf *OutOfClusterConfig) CreateRawConfigFromCluster() (*api.Config, error
 
 	switch cluster.AuthMechanism {
 	case models.X509:
-		kubeAuth, err := conf.Repo.KubeIntegration.ReadKubeIntegration(
+		kubeAuth, err := conf.Repo.KubeIntegration().ReadKubeIntegration(
 			cluster.KubeIntegrationID,
 		)
 
@@ -252,7 +252,7 @@ func (conf *OutOfClusterConfig) CreateRawConfigFromCluster() (*api.Config, error
 		authInfoMap[authInfoName].ClientCertificateData = kubeAuth.ClientCertificateData
 		authInfoMap[authInfoName].ClientKeyData = kubeAuth.ClientKeyData
 	case models.Basic:
-		kubeAuth, err := conf.Repo.KubeIntegration.ReadKubeIntegration(
+		kubeAuth, err := conf.Repo.KubeIntegration().ReadKubeIntegration(
 			cluster.KubeIntegrationID,
 		)
 
@@ -263,7 +263,7 @@ func (conf *OutOfClusterConfig) CreateRawConfigFromCluster() (*api.Config, error
 		authInfoMap[authInfoName].Username = string(kubeAuth.Username)
 		authInfoMap[authInfoName].Password = string(kubeAuth.Password)
 	case models.Bearer:
-		kubeAuth, err := conf.Repo.KubeIntegration.ReadKubeIntegration(
+		kubeAuth, err := conf.Repo.KubeIntegration().ReadKubeIntegration(
 			cluster.KubeIntegrationID,
 		)
 
@@ -273,7 +273,7 @@ func (conf *OutOfClusterConfig) CreateRawConfigFromCluster() (*api.Config, error
 
 		authInfoMap[authInfoName].Token = string(kubeAuth.Token)
 	case models.OIDC:
-		oidcAuth, err := conf.Repo.OIDCIntegration.ReadOIDCIntegration(
+		oidcAuth, err := conf.Repo.OIDCIntegration().ReadOIDCIntegration(
 			cluster.OIDCIntegrationID,
 		)
 
@@ -293,7 +293,7 @@ func (conf *OutOfClusterConfig) CreateRawConfigFromCluster() (*api.Config, error
 			},
 		}
 	case models.GCP:
-		gcpAuth, err := conf.Repo.GCPIntegration.ReadGCPIntegration(
+		gcpAuth, err := conf.Repo.GCPIntegration().ReadGCPIntegration(
 			cluster.GCPIntegrationID,
 		)
 
@@ -314,7 +314,7 @@ func (conf *OutOfClusterConfig) CreateRawConfigFromCluster() (*api.Config, error
 		// add this as a bearer token
 		authInfoMap[authInfoName].Token = tok
 	case models.AWS:
-		awsAuth, err := conf.Repo.AWSIntegration.ReadAWSIntegration(
+		awsAuth, err := conf.Repo.AWSIntegration().ReadAWSIntegration(
 			cluster.AWSIntegrationID,
 		)
 
@@ -331,7 +331,7 @@ func (conf *OutOfClusterConfig) CreateRawConfigFromCluster() (*api.Config, error
 		// add this as a bearer token
 		authInfoMap[authInfoName].Token = tok
 	case models.DO:
-		oauthInt, err := conf.Repo.OAuthIntegration.ReadOAuthIntegration(
+		oauthInt, err := conf.Repo.OAuthIntegration().ReadOAuthIntegration(
 			cluster.DOIntegrationID,
 		)
 
@@ -339,7 +339,7 @@ func (conf *OutOfClusterConfig) CreateRawConfigFromCluster() (*api.Config, error
 			return nil, err
 		}
 
-		tok, _, err := oauth.GetAccessToken(oauthInt, conf.DigitalOceanOAuth, *conf.Repo)
+		tok, _, err := oauth.GetAccessToken(oauthInt, conf.DigitalOceanOAuth, conf.Repo)
 
 		if err != nil {
 			return nil, err
@@ -373,7 +373,7 @@ func (conf *OutOfClusterConfig) getTokenCache() (tok *ints.TokenCache, err error
 }
 
 func (conf *OutOfClusterConfig) setTokenCache(token string, expiry time.Time) error {
-	_, err := conf.Repo.Cluster.UpdateClusterTokenCache(
+	_, err := conf.Repo.Cluster().UpdateClusterTokenCache(
 		&ints.ClusterTokenCache{
 			ClusterID: conf.Cluster.ID,
 			TokenCache: ints.TokenCache{

internal/kubernetes/provisioner/global_stream.go

@@ -107,7 +107,7 @@ func GlobalStreamListener(
 			kind, projID, infraID, err := models.ParseUniqueName(fmt.Sprintf("%v", msg.Values["id"]))
 
 			if fmt.Sprintf("%v", msg.Values["status"]) == "created" {
-				infra, err := repo.Infra.ReadInfra(infraID)
+				infra, err := repo.Infra().ReadInfra(infraID)
 
 				if err != nil {
 					continue
@@ -115,7 +115,7 @@ func GlobalStreamListener(
 
 				infra.Status = models.StatusCreated
 
-				infra, err = repo.Infra.UpdateInfra(infra)
+				infra, err = repo.Infra().UpdateInfra(infra)
 
 				if err != nil {
 					continue
@@ -136,7 +136,7 @@ func GlobalStreamListener(
 						json.Unmarshal([]byte(dataString), reg)
 					}
 
-					awsInt, err := repo.AWSIntegration.ReadAWSIntegration(reg.AWSIntegrationID)
+					awsInt, err := repo.AWSIntegration().ReadAWSIntegration(reg.AWSIntegrationID)
 
 					if err != nil {
 						continue
@@ -158,7 +158,7 @@ func GlobalStreamListener(
 
 					reg.URL = *output.AuthorizationData[0].ProxyEndpoint
 
-					reg, err = repo.Registry.CreateRegistry(reg)
+					reg, err = repo.Registry().CreateRegistry(reg)
 
 					if err != nil {
 						continue
@@ -192,7 +192,7 @@ func GlobalStreamListener(
 						cluster.CertificateAuthorityData = []byte(decoded)
 					}
 
-					cluster, err := repo.Cluster.CreateCluster(cluster)
+					cluster, err := repo.Cluster().CreateCluster(cluster)
 
 					if err != nil {
 						continue
@@ -212,7 +212,7 @@ func GlobalStreamListener(
 						json.Unmarshal([]byte(dataString), reg)
 					}
 
-					reg, err = repo.Registry.CreateRegistry(reg)
+					reg, err = repo.Registry().CreateRegistry(reg)
 
 					if err != nil {
 						continue
@@ -246,7 +246,7 @@ func GlobalStreamListener(
 						cluster.CertificateAuthorityData = []byte(decoded)
 					}
 
-					cluster, err := repo.Cluster.CreateCluster(cluster)
+					cluster, err := repo.Cluster().CreateCluster(cluster)
 
 					if err != nil {
 						continue
@@ -265,7 +265,7 @@ func GlobalStreamListener(
 						json.Unmarshal([]byte(dataString), reg)
 					}
 
-					reg, err = repo.Registry.CreateRegistry(reg)
+					reg, err = repo.Registry().CreateRegistry(reg)
 
 					if err != nil {
 						continue
@@ -299,14 +299,14 @@ func GlobalStreamListener(
 						cluster.CertificateAuthorityData = []byte(decoded)
 					}
 
-					cluster, err := repo.Cluster.CreateCluster(cluster)
+					cluster, err := repo.Cluster().CreateCluster(cluster)
 
 					if err != nil {
 						continue
 					}
 				}
 			} else if fmt.Sprintf("%v", msg.Values["status"]) == "error" {
-				infra, err := repo.Infra.ReadInfra(infraID)
+				infra, err := repo.Infra().ReadInfra(infraID)
 
 				if err != nil {
 					continue
@@ -314,13 +314,13 @@ func GlobalStreamListener(
 
 				infra.Status = models.StatusError
 
-				infra, err = repo.Infra.UpdateInfra(infra)
+				infra, err = repo.Infra().UpdateInfra(infra)
 
 				if err != nil {
 					continue
 				}
 			} else if fmt.Sprintf("%v", msg.Values["status"]) == "destroyed" {
-				infra, err := repo.Infra.ReadInfra(infraID)
+				infra, err := repo.Infra().ReadInfra(infraID)
 
 				if err != nil {
 					continue
@@ -328,7 +328,7 @@ func GlobalStreamListener(
 
 				infra.Status = models.StatusDestroyed
 
-				infra, err = repo.Infra.UpdateInfra(infra)
+				infra, err = repo.Infra().UpdateInfra(infra)
 
 				if err != nil {
 					continue

internal/oauth/config.go

@@ -89,7 +89,7 @@ func GetAccessToken(
 		o.AccessToken = []byte(token.AccessToken)
 		o.RefreshToken = []byte(token.RefreshToken)
 
-		o, err = repo.OAuthIntegration.UpdateOAuthIntegration(o)
+		o, err = repo.OAuthIntegration().UpdateOAuthIntegration(o)
 
 		if err != nil {
 			return "", nil, err

internal/registry/registry.go

@@ -92,7 +92,7 @@ type gcrRepositoryResp struct {
 }
 
 func (r *Registry) GetGCRToken(repo repository.Repository) (*ints.TokenCache, error) {
-	gcp, err := repo.GCPIntegration.ReadGCPIntegration(
+	gcp, err := repo.GCPIntegration().ReadGCPIntegration(
 		r.GCPIntegrationID,
 	)
 
@@ -124,7 +124,7 @@ func (r *Registry) GetGCRToken(repo repository.Repository) (*ints.TokenCache, er
 func (r *Registry) listGCRRepositories(
 	repo repository.Repository,
 ) ([]*Repository, error) {
-	gcp, err := repo.GCPIntegration.ReadGCPIntegration(
+	gcp, err := repo.GCPIntegration().ReadGCPIntegration(
 		r.GCPIntegrationID,
 	)
 
@@ -179,7 +179,7 @@ func (r *Registry) listGCRRepositories(
 }
 
 func (r *Registry) listECRRepositories(repo repository.Repository) ([]*Repository, error) {
-	aws, err := repo.AWSIntegration.ReadAWSIntegration(
+	aws, err := repo.AWSIntegration().ReadAWSIntegration(
 		r.AWSIntegrationID,
 	)
 
@@ -218,7 +218,7 @@ func (r *Registry) listDOCRRepositories(
 	repo repository.Repository,
 	doAuth *oauth2.Config,
 ) ([]*Repository, error) {
-	oauthInt, err := repo.OAuthIntegration.ReadOAuthIntegration(
+	oauthInt, err := repo.OAuthIntegration().ReadOAuthIntegration(
 		r.DOIntegrationID,
 	)
 
@@ -276,7 +276,7 @@ func (r *Registry) listPrivateRegistryRepositories(
 		return res, nil
 	}
 
-	basic, err := repo.BasicIntegration.ReadBasicIntegration(
+	basic, err := repo.BasicIntegration().ReadBasicIntegration(
 		r.BasicIntegrationID,
 	)
 
@@ -363,7 +363,7 @@ func (r *Registry) setTokenCacheFunc(
 	repo repository.Repository,
 ) ints.SetTokenCacheFunc {
 	return func(token string, expiry time.Time) error {
-		_, err := repo.Registry.UpdateRegistryTokenCache(
+		_, err := repo.Registry().UpdateRegistryTokenCache(
 			&ints.RegTokenCache{
 				TokenCache: ints.TokenCache{
 					Token:  []byte(token),
@@ -396,7 +396,7 @@ func (r *Registry) createECRRepository(
 	repo repository.Repository,
 	name string,
 ) error {
-	aws, err := repo.AWSIntegration.ReadAWSIntegration(
+	aws, err := repo.AWSIntegration().ReadAWSIntegration(
 		r.AWSIntegrationID,
 	)
 
@@ -458,7 +458,7 @@ func (r *Registry) ListImages(
 }
 
 func (r *Registry) listECRImages(repoName string, repo repository.Repository) ([]*Image, error) {
-	aws, err := repo.AWSIntegration.ReadAWSIntegration(
+	aws, err := repo.AWSIntegration().ReadAWSIntegration(
 		r.AWSIntegrationID,
 	)
 
@@ -512,7 +512,7 @@ type gcrImageResp struct {
 }
 
 func (r *Registry) listGCRImages(repoName string, repo repository.Repository) ([]*Image, error) {
-	gcp, err := repo.GCPIntegration.ReadGCPIntegration(
+	gcp, err := repo.GCPIntegration().ReadGCPIntegration(
 		r.GCPIntegrationID,
 	)
 
@@ -572,7 +572,7 @@ func (r *Registry) listDOCRImages(
 	repo repository.Repository,
 	doAuth *oauth2.Config,
 ) ([]*Image, error) {
-	oauthInt, err := repo.OAuthIntegration.ReadOAuthIntegration(
+	oauthInt, err := repo.OAuthIntegration().ReadOAuthIntegration(
 		r.DOIntegrationID,
 	)
 
@@ -620,7 +620,7 @@ func (r *Registry) listPrivateRegistryImages(repoName string, repo repository.Re
 		return r.listDockerHubImages(repoName, repo)
 	}
 
-	basic, err := repo.BasicIntegration.ReadBasicIntegration(
+	basic, err := repo.BasicIntegration().ReadBasicIntegration(
 		r.BasicIntegrationID,
 	)
 
@@ -680,7 +680,7 @@ type dockerHubImageResp struct {
 }
 
 func (r *Registry) listDockerHubImages(repoName string, repo repository.Repository) ([]*Image, error) {
-	basic, err := repo.BasicIntegration.ReadBasicIntegration(
+	basic, err := repo.BasicIntegration().ReadBasicIntegration(
 		r.BasicIntegrationID,
 	)
 
@@ -762,7 +762,7 @@ func (r *Registry) GetDockerConfigJSON(
 func (r *Registry) getECRDockerConfigFile(
 	repo repository.Repository,
 ) (*configfile.ConfigFile, error) {
-	aws, err := repo.AWSIntegration.ReadAWSIntegration(
+	aws, err := repo.AWSIntegration().ReadAWSIntegration(
 		r.AWSIntegrationID,
 	)
 
@@ -818,7 +818,7 @@ func (r *Registry) getECRDockerConfigFile(
 func (r *Registry) getGCRDockerConfigFile(
 	repo repository.Repository,
 ) (*configfile.ConfigFile, error) {
-	gcp, err := repo.GCPIntegration.ReadGCPIntegration(
+	gcp, err := repo.GCPIntegration().ReadGCPIntegration(
 		r.GCPIntegrationID,
 	)
 
@@ -849,7 +849,7 @@ func (r *Registry) getDOCRDockerConfigFile(
 	repo repository.Repository,
 	doAuth *oauth2.Config,
 ) (*configfile.ConfigFile, error) {
-	oauthInt, err := repo.OAuthIntegration.ReadOAuthIntegration(
+	oauthInt, err := repo.OAuthIntegration().ReadOAuthIntegration(
 		r.DOIntegrationID,
 	)
 
@@ -885,7 +885,7 @@ func (r *Registry) getDOCRDockerConfigFile(
 func (r *Registry) getPrivateRegistryDockerConfigFile(
 	repo repository.Repository,
 ) (*configfile.ConfigFile, error) {
-	basic, err := repo.BasicIntegration.ReadBasicIntegration(
+	basic, err := repo.BasicIntegration().ReadBasicIntegration(
 		r.BasicIntegrationID,
 	)
 

internal/repository/gorm/auth_test.go

@@ -27,13 +27,13 @@ func TestCreateKubeIntegration(t *testing.T) {
 
 	expKI := *ki
 
-	ki, err := tester.repo.KubeIntegration.CreateKubeIntegration(ki)
+	ki, err := tester.repo.KubeIntegration().CreateKubeIntegration(ki)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
 	}
 
-	ki, err = tester.repo.KubeIntegration.ReadKubeIntegration(ki.Model.ID)
+	ki, err = tester.repo.KubeIntegration().ReadKubeIntegration(ki.Model.ID)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -63,7 +63,7 @@ func TestListKubeIntegrationsByProjectID(t *testing.T) {
 	initKubeIntegration(tester, t)
 	defer cleanup(tester, t)
 
-	kis, err := tester.repo.KubeIntegration.ListKubeIntegrationsByProjectID(
+	kis, err := tester.repo.KubeIntegration().ListKubeIntegrationsByProjectID(
 		tester.initProjects[0].Model.ID,
 	)
 
@@ -113,13 +113,13 @@ func TestCreateBasicIntegration(t *testing.T) {
 
 	expBasic := *basic
 
-	basic, err := tester.repo.BasicIntegration.CreateBasicIntegration(basic)
+	basic, err := tester.repo.BasicIntegration().CreateBasicIntegration(basic)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
 	}
 
-	basic, err = tester.repo.BasicIntegration.ReadBasicIntegration(basic.Model.ID)
+	basic, err = tester.repo.BasicIntegration().ReadBasicIntegration(basic.Model.ID)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -149,7 +149,7 @@ func TestListBasicIntegrationsByProjectID(t *testing.T) {
 	initBasicIntegration(tester, t)
 	defer cleanup(tester, t)
 
-	basics, err := tester.repo.BasicIntegration.ListBasicIntegrationsByProjectID(
+	basics, err := tester.repo.BasicIntegration().ListBasicIntegrationsByProjectID(
 		tester.initProjects[0].Model.ID,
 	)
 
@@ -203,13 +203,13 @@ func TestCreateOIDCIntegration(t *testing.T) {
 
 	expOIDC := *oidc
 
-	oidc, err := tester.repo.OIDCIntegration.CreateOIDCIntegration(oidc)
+	oidc, err := tester.repo.OIDCIntegration().CreateOIDCIntegration(oidc)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
 	}
 
-	oidc, err = tester.repo.OIDCIntegration.ReadOIDCIntegration(oidc.Model.ID)
+	oidc, err = tester.repo.OIDCIntegration().ReadOIDCIntegration(oidc.Model.ID)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -239,7 +239,7 @@ func TestListOIDCIntegrationsByProjectID(t *testing.T) {
 	initOIDCIntegration(tester, t)
 	defer cleanup(tester, t)
 
-	oidcs, err := tester.repo.OIDCIntegration.ListOIDCIntegrationsByProjectID(
+	oidcs, err := tester.repo.OIDCIntegration().ListOIDCIntegrationsByProjectID(
 		tester.initProjects[0].Model.ID,
 	)
 
@@ -295,13 +295,13 @@ func TestCreateOAuthIntegration(t *testing.T) {
 
 	expOAuth := *oauth
 
-	oauth, err := tester.repo.OAuthIntegration.CreateOAuthIntegration(oauth)
+	oauth, err := tester.repo.OAuthIntegration().CreateOAuthIntegration(oauth)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
 	}
 
-	oauth, err = tester.repo.OAuthIntegration.ReadOAuthIntegration(oauth.Model.ID)
+	oauth, err = tester.repo.OAuthIntegration().ReadOAuthIntegration(oauth.Model.ID)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -331,7 +331,7 @@ func TestListOAuthIntegrationsByProjectID(t *testing.T) {
 	initOAuthIntegration(tester, t)
 	defer cleanup(tester, t)
 
-	oauths, err := tester.repo.OAuthIntegration.ListOAuthIntegrationsByProjectID(
+	oauths, err := tester.repo.OAuthIntegration().ListOAuthIntegrationsByProjectID(
 		tester.initProjects[0].Model.ID,
 	)
 
@@ -384,13 +384,13 @@ func TestCreateGCPIntegration(t *testing.T) {
 
 	expGCP := *gcp
 
-	gcp, err := tester.repo.GCPIntegration.CreateGCPIntegration(gcp)
+	gcp, err := tester.repo.GCPIntegration().CreateGCPIntegration(gcp)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
 	}
 
-	gcp, err = tester.repo.GCPIntegration.ReadGCPIntegration(gcp.Model.ID)
+	gcp, err = tester.repo.GCPIntegration().ReadGCPIntegration(gcp.Model.ID)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -420,7 +420,7 @@ func TestListGCPIntegrationsByProjectID(t *testing.T) {
 	initGCPIntegration(tester, t)
 	defer cleanup(tester, t)
 
-	gcps, err := tester.repo.GCPIntegration.ListGCPIntegrationsByProjectID(
+	gcps, err := tester.repo.GCPIntegration().ListGCPIntegrationsByProjectID(
 		tester.initProjects[0].Model.ID,
 	)
 
@@ -473,13 +473,13 @@ func TestCreateAWSIntegration(t *testing.T) {
 
 	expAWS := *aws
 
-	aws, err := tester.repo.AWSIntegration.CreateAWSIntegration(aws)
+	aws, err := tester.repo.AWSIntegration().CreateAWSIntegration(aws)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
 	}
 
-	aws, err = tester.repo.AWSIntegration.ReadAWSIntegration(aws.Model.ID)
+	aws, err = tester.repo.AWSIntegration().ReadAWSIntegration(aws.Model.ID)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -509,7 +509,7 @@ func TestListAWSIntegrationsByProjectID(t *testing.T) {
 	initAWSIntegration(tester, t)
 	defer cleanup(tester, t)
 
-	awss, err := tester.repo.AWSIntegration.ListAWSIntegrationsByProjectID(
+	awss, err := tester.repo.AWSIntegration().ListAWSIntegrationsByProjectID(
 		tester.initProjects[0].Model.ID,
 	)
 

internal/repository/gorm/cluster_test.go

@@ -33,13 +33,13 @@ func TestCreateClusterCandidate(t *testing.T) {
 
 	expCC := *cc
 
-	cc, err := tester.repo.Cluster.CreateClusterCandidate(cc)
+	cc, err := tester.repo.Cluster().CreateClusterCandidate(cc)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
 	}
 
-	cc, err = tester.repo.Cluster.ReadClusterCandidate(cc.Model.ID)
+	cc, err = tester.repo.Cluster().ReadClusterCandidate(cc.Model.ID)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -87,13 +87,13 @@ func TestCreateClusterCandidateWithResolvers(t *testing.T) {
 
 	expCC := *cc
 
-	cc, err := tester.repo.Cluster.CreateClusterCandidate(cc)
+	cc, err := tester.repo.Cluster().CreateClusterCandidate(cc)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
 	}
 
-	cc, err = tester.repo.Cluster.ReadClusterCandidate(cc.Model.ID)
+	cc, err = tester.repo.Cluster().ReadClusterCandidate(cc.Model.ID)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -136,7 +136,7 @@ func TestListClusterCandidatesByProjectID(t *testing.T) {
 	initClusterCandidate(tester, t)
 	defer cleanup(tester, t)
 
-	ccs, err := tester.repo.Cluster.ListClusterCandidatesByProjectID(
+	ccs, err := tester.repo.Cluster().ListClusterCandidatesByProjectID(
 		tester.initProjects[0].Model.ID,
 	)
 
@@ -182,7 +182,7 @@ func TestUpdateClusterCandidateCreatedClusterID(t *testing.T) {
 	initCluster(tester, t)
 	defer cleanup(tester, t)
 
-	cc, err := tester.repo.Cluster.UpdateClusterCandidateCreatedClusterID(
+	cc, err := tester.repo.Cluster().UpdateClusterCandidateCreatedClusterID(
 		tester.initCCs[0].ID,
 		tester.initClusters[0].ID,
 	)
@@ -231,13 +231,13 @@ func TestCreateCluster(t *testing.T) {
 
 	expCluster := *cluster
 
-	cluster, err := tester.repo.Cluster.CreateCluster(cluster)
+	cluster, err := tester.repo.Cluster().CreateCluster(cluster)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
 	}
 
-	cluster, err = tester.repo.Cluster.ReadCluster(cluster.Model.ID)
+	cluster, err = tester.repo.Cluster().ReadCluster(cluster.Model.ID)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -267,7 +267,7 @@ func TestListClustersByProjectID(t *testing.T) {
 	initCluster(tester, t)
 	defer cleanup(tester, t)
 
-	clusters, err := tester.repo.Cluster.ListClustersByProjectID(
+	clusters, err := tester.repo.Cluster().ListClustersByProjectID(
 		tester.initProjects[0].Model.ID,
 	)
 
@@ -313,7 +313,7 @@ func TestUpdateCluster(t *testing.T) {
 
 	cluster.Name = "cluster-new-name"
 
-	cluster, err := tester.repo.Cluster.UpdateCluster(
+	cluster, err := tester.repo.Cluster().UpdateCluster(
 		cluster,
 	)
 
@@ -321,7 +321,7 @@ func TestUpdateCluster(t *testing.T) {
 		t.Fatalf("%v\n", err)
 	}
 
-	cluster, err = tester.repo.Cluster.ReadCluster(tester.initClusters[0].ID)
+	cluster, err = tester.repo.Cluster().ReadCluster(tester.initClusters[0].ID)
 
 	// make sure data is correct
 	expCluster := models.Cluster{
@@ -365,13 +365,13 @@ func TestUpdateClusterToken(t *testing.T) {
 		},
 	}
 
-	cluster, err := tester.repo.Cluster.CreateCluster(cluster)
+	cluster, err := tester.repo.Cluster().CreateCluster(cluster)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
 	}
 
-	cluster, err = tester.repo.Cluster.ReadCluster(cluster.Model.ID)
+	cluster, err = tester.repo.Cluster().ReadCluster(cluster.Model.ID)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -395,11 +395,11 @@ func TestUpdateClusterToken(t *testing.T) {
 	cluster.TokenCache.Token = []byte("token-2")
 	cluster.TokenCache.Expiry = time.Now().Add(24 * time.Hour)
 
-	cluster, err = tester.repo.Cluster.UpdateClusterTokenCache(&cluster.TokenCache)
+	cluster, err = tester.repo.Cluster().UpdateClusterTokenCache(&cluster.TokenCache)
 	if err != nil {
 		t.Fatalf("%v\n", err)
 	}
-	cluster, err = tester.repo.Cluster.ReadCluster(cluster.Model.ID)
+	cluster, err = tester.repo.Cluster().ReadCluster(cluster.Model.ID)
 	if err != nil {
 		t.Fatalf("%v\n", err)
 	}
@@ -433,25 +433,25 @@ func TestDeleteCluster(t *testing.T) {
 	initCluster(tester, t)
 	defer cleanup(tester, t)
 
-	cluster, err := tester.repo.Cluster.ReadCluster(tester.initClusters[0].Model.ID)
+	cluster, err := tester.repo.Cluster().ReadCluster(tester.initClusters[0].Model.ID)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
 	}
 
-	err = tester.repo.Cluster.DeleteCluster(cluster)
+	err = tester.repo.Cluster().DeleteCluster(cluster)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
 	}
 
-	_, err = tester.repo.Cluster.ReadCluster(tester.initClusters[0].Model.ID)
+	_, err = tester.repo.Cluster().ReadCluster(tester.initClusters[0].Model.ID)
 
 	if err != orm.ErrRecordNotFound {
 		t.Fatalf("incorrect error: expected %v, got %v\n", orm.ErrRecordNotFound, err)
 	}
 
-	clusters, err := tester.repo.Cluster.ListClustersByProjectID(tester.initProjects[0].Model.ID)
+	clusters, err := tester.repo.Cluster().ListClustersByProjectID(tester.initProjects[0].Model.ID)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)

internal/repository/gorm/git_action_config_test.go

@@ -28,13 +28,13 @@ func TestCreateGitActionConfig(t *testing.T) {
 
 	expGA := *ga
 
-	ga, err := tester.repo.GitActionConfig.CreateGitActionConfig(ga)
+	ga, err := tester.repo.GitActionConfig().CreateGitActionConfig(ga)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
 	}
 
-	ga, err = tester.repo.GitActionConfig.ReadGitActionConfig(ga.Model.ID)
+	ga, err = tester.repo.GitActionConfig().ReadGitActionConfig(ga.Model.ID)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -54,7 +54,7 @@ func TestCreateGitActionConfig(t *testing.T) {
 	}
 
 	// read the release and make sure GitActionConfig is expected
-	release, err := tester.repo.Release.ReadRelease(1, "denver-meister-dakota", "default")
+	release, err := tester.repo.Release().ReadRelease(1, "denver-meister-dakota", "default")
 
 	if err != nil {
 		t.Fatalf("%v\n", err)

internal/repository/gorm/gitrepo_test.go

@@ -27,13 +27,13 @@ func TestCreateGitRepo(t *testing.T) {
 
 	expGR := *gr
 
-	gr, err := tester.repo.GitRepo.CreateGitRepo(gr)
+	gr, err := tester.repo.GitRepo().CreateGitRepo(gr)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
 	}
 
-	gr, err = tester.repo.GitRepo.ReadGitRepo(gr.Model.ID)
+	gr, err = tester.repo.GitRepo().ReadGitRepo(gr.Model.ID)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -62,7 +62,7 @@ func TestListGitReposByProjectID(t *testing.T) {
 	initGitRepo(tester, t)
 	defer cleanup(tester, t)
 
-	grs, err := tester.repo.GitRepo.ListGitReposByProjectID(
+	grs, err := tester.repo.GitRepo().ListGitReposByProjectID(
 		tester.initProjects[0].Model.ID,
 	)
 
@@ -106,7 +106,7 @@ func TestUpdateGitRepo(t *testing.T) {
 
 	gr.RepoEntity = "porter-dev-new-name"
 
-	gr, err := tester.repo.GitRepo.UpdateGitRepo(
+	gr, err := tester.repo.GitRepo().UpdateGitRepo(
 		gr,
 	)
 
@@ -114,7 +114,7 @@ func TestUpdateGitRepo(t *testing.T) {
 		t.Fatalf("%v\n", err)
 	}
 
-	gr, err = tester.repo.GitRepo.ReadGitRepo(tester.initGRs[0].ID)
+	gr, err = tester.repo.GitRepo().ReadGitRepo(tester.initGRs[0].ID)
 
 	// make sure data is correct
 	expGR := models.GitRepo{

internal/repository/gorm/helm_repo_test.go

@@ -26,13 +26,13 @@ func TestCreateHelmRepo(t *testing.T) {
 		ProjectID: tester.initProjects[0].Model.ID,
 	}
 
-	hr, err := tester.repo.HelmRepo.CreateHelmRepo(hr)
+	hr, err := tester.repo.HelmRepo().CreateHelmRepo(hr)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
 	}
 
-	hr, err = tester.repo.HelmRepo.ReadHelmRepo(hr.Model.ID)
+	hr, err = tester.repo.HelmRepo().ReadHelmRepo(hr.Model.ID)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -62,7 +62,7 @@ func TestListHelmReposByProjectID(t *testing.T) {
 	initHelmRepo(tester, t)
 	defer cleanup(tester, t)
 
-	hrs, err := tester.repo.HelmRepo.ListHelmReposByProjectID(
+	hrs, err := tester.repo.HelmRepo().ListHelmReposByProjectID(
 		tester.initProjects[0].Model.ID,
 	)
 
@@ -106,7 +106,7 @@ func TestUpdateHelmRepo(t *testing.T) {
 
 	hr.Name = "helm-repo-new-name"
 
-	hr, err := tester.repo.HelmRepo.UpdateHelmRepo(
+	hr, err := tester.repo.HelmRepo().UpdateHelmRepo(
 		hr,
 	)
 
@@ -114,7 +114,7 @@ func TestUpdateHelmRepo(t *testing.T) {
 		t.Fatalf("%v\n", err)
 	}
 
-	hr, err = tester.repo.HelmRepo.ReadHelmRepo(tester.initHRs[0].ID)
+	hr, err = tester.repo.HelmRepo().ReadHelmRepo(tester.initHRs[0].ID)
 
 	// make sure data is correct
 	expHelmRepo := models.HelmRepo{
@@ -153,13 +153,13 @@ func TestUpdateHelmRepoToken(t *testing.T) {
 		},
 	}
 
-	hr, err := tester.repo.HelmRepo.CreateHelmRepo(hr)
+	hr, err := tester.repo.HelmRepo().CreateHelmRepo(hr)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
 	}
 
-	hr, err = tester.repo.HelmRepo.ReadHelmRepo(hr.Model.ID)
+	hr, err = tester.repo.HelmRepo().ReadHelmRepo(hr.Model.ID)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -182,11 +182,11 @@ func TestUpdateHelmRepoToken(t *testing.T) {
 	hr.TokenCache.Token = []byte("token-2")
 	hr.TokenCache.Expiry = time.Now().Add(24 * time.Hour)
 
-	hr, err = tester.repo.HelmRepo.UpdateHelmRepoTokenCache(&hr.TokenCache)
+	hr, err = tester.repo.HelmRepo().UpdateHelmRepoTokenCache(&hr.TokenCache)
 	if err != nil {
 		t.Fatalf("%v\n", err)
 	}
-	hr, err = tester.repo.HelmRepo.ReadHelmRepo(hr.Model.ID)
+	hr, err = tester.repo.HelmRepo().ReadHelmRepo(hr.Model.ID)
 	if err != nil {
 		t.Fatalf("%v\n", err)
 	}
@@ -220,25 +220,25 @@ func TestUpdateHelmRepoToken(t *testing.T) {
 // 	initRegistry(tester, t)
 // 	defer cleanup(tester, t)
 
-// 	reg, err := tester.repo.Registry.ReadRegistry(tester.initRegs[0].Model.ID)
+// 	reg, err := tester.repo.Registry().ReadRegistry(tester.initRegs[0].Model.ID)
 
 // 	if err != nil {
 // 		t.Fatalf("%v\n", err)
 // 	}
 
-// 	err = tester.repo.Registry.DeleteRegistry(reg)
+// 	err = tester.repo.Registry().DeleteRegistry(reg)
 
 // 	if err != nil {
 // 		t.Fatalf("%v\n", err)
 // 	}
 
-// 	_, err = tester.repo.Registry.ReadRegistry(tester.initRegs[0].Model.ID)
+// 	_, err = tester.repo.Registry().ReadRegistry(tester.initRegs[0].Model.ID)
 
 // 	if err != orm.ErrRecordNotFound {
 // 		t.Fatalf("incorrect error: expected %v, got %v\n", orm.ErrRecordNotFound, err)
 // 	}
 
-// 	regs, err := tester.repo.Registry.ListRegistriesByProjectID(tester.initProjects[0].Model.ID)
+// 	regs, err := tester.repo.Registry().ListRegistriesByProjectID(tester.initProjects[0].Model.ID)
 
 // 	if err != nil {
 // 		t.Fatalf("%v\n", err)

internal/repository/gorm/helpers_test.go

@@ -15,7 +15,7 @@ import (
 )
 
 type tester struct {
-	repo         *repository.Repository
+	repo         repository.Repository
 	key          *[32]byte
 	dbFileName   string
 	initUsers    []*models.User
@@ -105,7 +105,7 @@ func initUser(tester *tester, t *testing.T) {
 		Password: "hello1234",
 	}
 
-	user, err := tester.repo.User.CreateUser(user)
+	user, err := tester.repo.User().CreateUser(user)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -121,7 +121,7 @@ func initProject(tester *tester, t *testing.T) {
 		Name: "project-test",
 	}
 
-	proj, err := tester.repo.Project.CreateProject(proj)
+	proj, err := tester.repo.Project().CreateProject(proj)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -141,7 +141,7 @@ func initProjectRole(tester *tester, t *testing.T) {
 		},
 	}
 
-	role, err := tester.repo.Project.CreateProjectRole(tester.initProjects[0], role)
+	role, err := tester.repo.Project().CreateProjectRole(tester.initProjects[0], role)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -166,7 +166,7 @@ func initKubeIntegration(tester *tester, t *testing.T) {
 		Kubeconfig: []byte("current-context: testing\n"),
 	}
 
-	ki, err := tester.repo.KubeIntegration.CreateKubeIntegration(ki)
+	ki, err := tester.repo.KubeIntegration().CreateKubeIntegration(ki)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -193,7 +193,7 @@ func initBasicIntegration(tester *tester, t *testing.T) {
 		Password:  []byte("password"),
 	}
 
-	basic, err := tester.repo.BasicIntegration.CreateBasicIntegration(basic)
+	basic, err := tester.repo.BasicIntegration().CreateBasicIntegration(basic)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -224,7 +224,7 @@ func initOIDCIntegration(tester *tester, t *testing.T) {
 		RefreshToken: []byte("refreshtoken"),
 	}
 
-	oidc, err := tester.repo.OIDCIntegration.CreateOIDCIntegration(oidc)
+	oidc, err := tester.repo.OIDCIntegration().CreateOIDCIntegration(oidc)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -253,7 +253,7 @@ func initOAuthIntegration(tester *tester, t *testing.T) {
 		RefreshToken: []byte("refreshtoken"),
 	}
 
-	oauth, err := tester.repo.OAuthIntegration.CreateOAuthIntegration(oauth)
+	oauth, err := tester.repo.OAuthIntegration().CreateOAuthIntegration(oauth)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -281,7 +281,7 @@ func initGCPIntegration(tester *tester, t *testing.T) {
 		GCPKeyData:   []byte("{\"test\":\"key\"}"),
 	}
 
-	gcp, err := tester.repo.GCPIntegration.CreateGCPIntegration(gcp)
+	gcp, err := tester.repo.GCPIntegration().CreateGCPIntegration(gcp)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -310,7 +310,7 @@ func initAWSIntegration(tester *tester, t *testing.T) {
 		AWSSessionToken:    []byte("optional"),
 	}
 
-	aws, err := tester.repo.AWSIntegration.CreateAWSIntegration(aws)
+	aws, err := tester.repo.AWSIntegration().CreateAWSIntegration(aws)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -338,7 +338,7 @@ func initClusterCandidate(tester *tester, t *testing.T) {
 		Kubeconfig:        []byte("current-context: testing\n"),
 	}
 
-	cc, err := tester.repo.Cluster.CreateClusterCandidate(cc)
+	cc, err := tester.repo.Cluster().CreateClusterCandidate(cc)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -366,7 +366,7 @@ func initCluster(tester *tester, t *testing.T) {
 		CertificateAuthorityData: []byte("-----BEGIN"),
 	}
 
-	cluster, err := tester.repo.Cluster.CreateCluster(cluster)
+	cluster, err := tester.repo.Cluster().CreateCluster(cluster)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -392,7 +392,7 @@ func initGitRepo(tester *tester, t *testing.T) {
 		OAuthIntegrationID: tester.initOAuths[0].ID,
 	}
 
-	gr, err := tester.repo.GitRepo.CreateGitRepo(gr)
+	gr, err := tester.repo.GitRepo().CreateGitRepo(gr)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -413,7 +413,7 @@ func initRegistry(tester *tester, t *testing.T) {
 		Name:      "registry-test",
 	}
 
-	reg, err := tester.repo.Registry.CreateRegistry(reg)
+	reg, err := tester.repo.Registry().CreateRegistry(reg)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -435,7 +435,7 @@ func initHelmRepo(tester *tester, t *testing.T) {
 		ProjectID: tester.initProjects[0].Model.ID,
 	}
 
-	hr, err := tester.repo.HelmRepo.CreateHelmRepo(hr)
+	hr, err := tester.repo.HelmRepo().CreateHelmRepo(hr)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -457,7 +457,7 @@ func initInfra(tester *tester, t *testing.T) {
 		Status:    models.StatusCreated,
 	}
 
-	infra, err := tester.repo.Infra.CreateInfra(infra)
+	infra, err := tester.repo.Infra().CreateInfra(infra)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -482,7 +482,7 @@ func initInvite(tester *tester, t *testing.T) {
 		ProjectID: 1,
 	}
 
-	invite, err := tester.repo.Invite.CreateInvite(invite)
+	invite, err := tester.repo.Invite().CreateInvite(invite)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -506,7 +506,7 @@ func initRelease(tester *tester, t *testing.T) {
 		WebhookToken: "abcdefgh",
 	}
 
-	release, err := tester.repo.Release.CreateRelease(release)
+	release, err := tester.repo.Release().CreateRelease(release)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)

internal/repository/gorm/infra_test.go

@@ -23,13 +23,13 @@ func TestCreateInfra(t *testing.T) {
 		Status:    models.StatusCreated,
 	}
 
-	infra, err := tester.repo.Infra.CreateInfra(infra)
+	infra, err := tester.repo.Infra().CreateInfra(infra)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
 	}
 
-	infra, err = tester.repo.Infra.ReadInfra(infra.Model.ID)
+	infra, err = tester.repo.Infra().ReadInfra(infra.Model.ID)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -59,7 +59,7 @@ func TestListInfrasByProjectID(t *testing.T) {
 	initInfra(tester, t)
 	defer cleanup(tester, t)
 
-	infras, err := tester.repo.Infra.ListInfrasByProjectID(
+	infras, err := tester.repo.Infra().ListInfrasByProjectID(
 		tester.initProjects[0].Model.ID,
 	)
 

internal/repository/gorm/invite_test.go

@@ -27,13 +27,13 @@ func TestCreateInvite(t *testing.T) {
 		ProjectID: 1,
 	}
 
-	invite, err := tester.repo.Invite.CreateInvite(invite)
+	invite, err := tester.repo.Invite().CreateInvite(invite)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
 	}
 
-	invite, err = tester.repo.Invite.ReadInvite(invite.Model.ID)
+	invite, err = tester.repo.Invite().ReadInvite(invite.Model.ID)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -67,7 +67,7 @@ func TestListInvitesByProjectID(t *testing.T) {
 	initInvite(tester, t)
 	defer cleanup(tester, t)
 
-	invites, err := tester.repo.Invite.ListInvitesByProjectID(
+	invites, err := tester.repo.Invite().ListInvitesByProjectID(
 		tester.initProjects[0].Model.ID,
 	)
 

internal/repository/gorm/project_test.go

@@ -23,13 +23,13 @@ func TestCreateProject(t *testing.T) {
 		Name: "project-test",
 	}
 
-	proj, err := tester.repo.Project.CreateProject(proj)
+	proj, err := tester.repo.Project().CreateProject(proj)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
 	}
 
-	proj, err = tester.repo.Project.ReadProject(proj.Model.ID)
+	proj, err = tester.repo.Project().ReadProject(proj.Model.ID)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -62,13 +62,13 @@ func TestCreateProjectRole(t *testing.T) {
 		},
 	}
 
-	role, err := tester.repo.Project.CreateProjectRole(tester.initProjects[0], role)
+	role, err := tester.repo.Project().CreateProjectRole(tester.initProjects[0], role)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
 	}
 
-	proj, err := tester.repo.Project.ReadProject(tester.initProjects[0].Model.ID)
+	proj, err := tester.repo.Project().ReadProject(tester.initProjects[0].Model.ID)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -132,7 +132,7 @@ func TestListProjectsByUserID(t *testing.T) {
 		},
 	}
 
-	role, err := tester.repo.Project.CreateProjectRole(tester.initProjects[1], role)
+	role, err := tester.repo.Project().CreateProjectRole(tester.initProjects[1], role)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -140,7 +140,7 @@ func TestListProjectsByUserID(t *testing.T) {
 
 	defer cleanup(tester, t)
 
-	projects, err := tester.repo.Project.ListProjectsByUserID(tester.initUsers[0].Model.ID)
+	projects, err := tester.repo.Project().ListProjectsByUserID(tester.initUsers[0].Model.ID)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -192,7 +192,7 @@ func TestReadProjectRole(t *testing.T) {
 
 	defer cleanup(tester, t)
 
-	role, err := tester.repo.Project.ReadProjectRole(1, 1)
+	role, err := tester.repo.Project().ReadProjectRole(1, 1)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -223,14 +223,14 @@ func TestDeleteProject(t *testing.T) {
 	initProject(tester, t)
 	defer cleanup(tester, t)
 
-	proj, err := tester.repo.Project.DeleteProject(tester.initProjects[0])
+	proj, err := tester.repo.Project().DeleteProject(tester.initProjects[0])
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
 	}
 
 	// attempt to read the project and ensure that the error is gorm.ErrRecordNotFound
-	_, err = tester.repo.Project.ReadProject(proj.Model.ID)
+	_, err = tester.repo.Project().ReadProject(proj.Model.ID)
 
 	if err != gorm.ErrRecordNotFound {
 		t.Fatalf("read should have returned record not found: returned %v\n", err)

internal/repository/gorm/registry_test.go

@@ -25,13 +25,13 @@ func TestCreateRegistry(t *testing.T) {
 		ProjectID: tester.initProjects[0].Model.ID,
 	}
 
-	reg, err := tester.repo.Registry.CreateRegistry(reg)
+	reg, err := tester.repo.Registry().CreateRegistry(reg)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
 	}
 
-	reg, err = tester.repo.Registry.ReadRegistry(reg.Model.ID)
+	reg, err = tester.repo.Registry().ReadRegistry(reg.Model.ID)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -57,7 +57,7 @@ func TestListRegistriesByProjectID(t *testing.T) {
 	initRegistry(tester, t)
 	defer cleanup(tester, t)
 
-	regs, err := tester.repo.Registry.ListRegistriesByProjectID(
+	regs, err := tester.repo.Registry().ListRegistriesByProjectID(
 		tester.initProjects[0].Model.ID,
 	)
 
@@ -100,7 +100,7 @@ func TestUpdateRegistry(t *testing.T) {
 
 	reg.Name = "registry-new-name"
 
-	reg, err := tester.repo.Registry.UpdateRegistry(
+	reg, err := tester.repo.Registry().UpdateRegistry(
 		reg,
 	)
 
@@ -108,7 +108,7 @@ func TestUpdateRegistry(t *testing.T) {
 		t.Fatalf("%v\n", err)
 	}
 
-	reg, err = tester.repo.Registry.ReadRegistry(tester.initRegs[0].ID)
+	reg, err = tester.repo.Registry().ReadRegistry(tester.initRegs[0].ID)
 
 	// make sure data is correct
 	expRegistry := models.Registry{
@@ -145,13 +145,13 @@ func TestUpdateRegistryToken(t *testing.T) {
 		},
 	}
 
-	reg, err := tester.repo.Registry.CreateRegistry(reg)
+	reg, err := tester.repo.Registry().CreateRegistry(reg)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
 	}
 
-	reg, err = tester.repo.Registry.ReadRegistry(reg.Model.ID)
+	reg, err = tester.repo.Registry().ReadRegistry(reg.Model.ID)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -174,11 +174,11 @@ func TestUpdateRegistryToken(t *testing.T) {
 	reg.TokenCache.Token = []byte("token-2")
 	reg.TokenCache.Expiry = time.Now().Add(24 * time.Hour)
 
-	reg, err = tester.repo.Registry.UpdateRegistryTokenCache(&reg.TokenCache)
+	reg, err = tester.repo.Registry().UpdateRegistryTokenCache(&reg.TokenCache)
 	if err != nil {
 		t.Fatalf("%v\n", err)
 	}
-	reg, err = tester.repo.Registry.ReadRegistry(reg.Model.ID)
+	reg, err = tester.repo.Registry().ReadRegistry(reg.Model.ID)
 	if err != nil {
 		t.Fatalf("%v\n", err)
 	}
@@ -212,25 +212,25 @@ func TestDeleteRegistry(t *testing.T) {
 	initRegistry(tester, t)
 	defer cleanup(tester, t)
 
-	reg, err := tester.repo.Registry.ReadRegistry(tester.initRegs[0].Model.ID)
+	reg, err := tester.repo.Registry().ReadRegistry(tester.initRegs[0].Model.ID)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
 	}
 
-	err = tester.repo.Registry.DeleteRegistry(reg)
+	err = tester.repo.Registry().DeleteRegistry(reg)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
 	}
 
-	_, err = tester.repo.Registry.ReadRegistry(tester.initRegs[0].Model.ID)
+	_, err = tester.repo.Registry().ReadRegistry(tester.initRegs[0].Model.ID)
 
 	if err != orm.ErrRecordNotFound {
 		t.Fatalf("incorrect error: expected %v, got %v\n", orm.ErrRecordNotFound, err)
 	}
 
-	regs, err := tester.repo.Registry.ListRegistriesByProjectID(tester.initProjects[0].Model.ID)
+	regs, err := tester.repo.Registry().ListRegistriesByProjectID(tester.initProjects[0].Model.ID)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)

internal/repository/gorm/release_test.go

@@ -25,13 +25,13 @@ func TestCreateRelease(t *testing.T) {
 		WebhookToken: "abcdefgh",
 	}
 
-	release, err := tester.repo.Release.CreateRelease(release)
+	release, err := tester.repo.Release().CreateRelease(release)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
 	}
 
-	release, err = tester.repo.Release.ReadRelease(1, release.Name, release.Namespace)
+	release, err = tester.repo.Release().ReadRelease(1, release.Name, release.Namespace)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -50,7 +50,7 @@ func TestCreateRelease(t *testing.T) {
 		t.Errorf("incorrect webhook token: expected %s, got %s\n", "abcdefgh", release.WebhookToken)
 	}
 
-	release, err = tester.repo.Release.ReadReleaseByWebhookToken(release.WebhookToken)
+	release, err = tester.repo.Release().ReadReleaseByWebhookToken(release.WebhookToken)
 
 	if release.Name != "denver-meister-dakota" {
 		t.Errorf("incorrect project name: expected %s, got %s\n", "denver-meister-dakota", release.Name)
@@ -85,7 +85,7 @@ func TestListReleasesByImageRepoURI(t *testing.T) {
 			ImageRepoURI: uri,
 		}
 
-		release, err := tester.repo.Release.CreateRelease(release)
+		release, err := tester.repo.Release().CreateRelease(release)
 
 		if err != nil {
 			t.Fatalf("%v\n", err)
@@ -96,7 +96,7 @@ func TestListReleasesByImageRepoURI(t *testing.T) {
 		}
 	}
 
-	resReleases, err := tester.repo.Release.ListReleasesByImageRepoURI(1, "uri1")
+	resReleases, err := tester.repo.Release().ListReleasesByImageRepoURI(1, "uri1")
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -129,25 +129,25 @@ func TestDeleteRelease(t *testing.T) {
 		WebhookToken: "abcdefgh",
 	}
 
-	release, err := tester.repo.Release.CreateRelease(release)
+	release, err := tester.repo.Release().CreateRelease(release)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
 	}
 
-	release, err = tester.repo.Release.ReadRelease(1, release.Name, release.Namespace)
+	release, err = tester.repo.Release().ReadRelease(1, release.Name, release.Namespace)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
 	}
 
-	_, err = tester.repo.Release.DeleteRelease(release)
+	_, err = tester.repo.Release().DeleteRelease(release)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
 	}
 
-	_, err = tester.repo.Release.ReadRelease(1, release.Name, release.Namespace)
+	_, err = tester.repo.Release().ReadRelease(1, release.Name, release.Namespace)
 
 	if err != orm.ErrRecordNotFound {
 		t.Fatalf("incorrect error: expected %v, got %v\n", orm.ErrRecordNotFound, err)

internal/repository/gorm/repository.go

@@ -5,29 +5,132 @@ import (
 	"gorm.io/gorm"
 )
 
-// NewRepository returns a Repository which uses
-// gorm.DB for querying the database
-func NewRepository(db *gorm.DB, key *[32]byte) *repository.Repository {
-	return &repository.Repository{
-		User:             NewUserRepository(db),
-		Session:          NewSessionRepository(db),
-		Project:          NewProjectRepository(db),
-		Release:          NewReleaseRepository(db),
-		GitRepo:          NewGitRepoRepository(db, key),
-		Cluster:          NewClusterRepository(db, key),
-		HelmRepo:         NewHelmRepoRepository(db, key),
-		Registry:         NewRegistryRepository(db, key),
-		Infra:            NewInfraRepository(db, key),
-		GitActionConfig:  NewGitActionConfigRepository(db),
-		Invite:           NewInviteRepository(db),
-		AuthCode:         NewAuthCodeRepository(db),
-		DNSRecord:        NewDNSRecordRepository(db),
-		PWResetToken:     NewPWResetTokenRepository(db),
-		KubeIntegration:  NewKubeIntegrationRepository(db, key),
-		BasicIntegration: NewBasicIntegrationRepository(db, key),
-		OIDCIntegration:  NewOIDCIntegrationRepository(db, key),
-		OAuthIntegration: NewOAuthIntegrationRepository(db, key),
-		GCPIntegration:   NewGCPIntegrationRepository(db, key),
-		AWSIntegration:   NewAWSIntegrationRepository(db, key),
+type GormRepository struct {
+	user             repository.UserRepository
+	session          repository.SessionRepository
+	project          repository.ProjectRepository
+	cluster          repository.ClusterRepository
+	helmRepo         repository.HelmRepoRepository
+	registry         repository.RegistryRepository
+	gitRepo          repository.GitRepoRepository
+	gitActionConfig  repository.GitActionConfigRepository
+	invite           repository.InviteRepository
+	release          repository.ReleaseRepository
+	authCode         repository.AuthCodeRepository
+	dnsRecord        repository.DNSRecordRepository
+	pwResetToken     repository.PWResetTokenRepository
+	infra            repository.InfraRepository
+	kubeIntegration  repository.KubeIntegrationRepository
+	basicIntegration repository.BasicIntegrationRepository
+	oidcIntegration  repository.OIDCIntegrationRepository
+	oauthIntegration repository.OAuthIntegrationRepository
+	gcpIntegration   repository.GCPIntegrationRepository
+	awsIntegration   repository.AWSIntegrationRepository
+}
+
+func (t *GormRepository) User() repository.UserRepository {
+	return t.user
+}
+
+func (t *GormRepository) Session() repository.SessionRepository {
+	return t.session
+}
+
+func (t *GormRepository) Project() repository.ProjectRepository {
+	return t.project
+}
+
+func (t *GormRepository) Cluster() repository.ClusterRepository {
+	return t.cluster
+}
+
+func (t *GormRepository) HelmRepo() repository.HelmRepoRepository {
+	return t.helmRepo
+}
+
+func (t *GormRepository) Registry() repository.RegistryRepository {
+	return t.registry
+}
+
+func (t *GormRepository) GitRepo() repository.GitRepoRepository {
+	return t.gitRepo
+}
+
+func (t *GormRepository) GitActionConfig() repository.GitActionConfigRepository {
+	return t.gitActionConfig
+}
+
+func (t *GormRepository) Invite() repository.InviteRepository {
+	return t.invite
+}
+
+func (t *GormRepository) Release() repository.ReleaseRepository {
+	return t.release
+}
+
+func (t *GormRepository) AuthCode() repository.AuthCodeRepository {
+	return t.authCode
+}
+
+func (t *GormRepository) DNSRecord() repository.DNSRecordRepository {
+	return t.dnsRecord
+}
+
+func (t *GormRepository) PWResetToken() repository.PWResetTokenRepository {
+	return t.pwResetToken
+}
+
+func (t *GormRepository) Infra() repository.InfraRepository {
+	return t.infra
+}
+
+func (t *GormRepository) KubeIntegration() repository.KubeIntegrationRepository {
+	return t.kubeIntegration
+}
+
+func (t *GormRepository) BasicIntegration() repository.BasicIntegrationRepository {
+	return t.basicIntegration
+}
+
+func (t *GormRepository) OIDCIntegration() repository.OIDCIntegrationRepository {
+	return t.oidcIntegration
+}
+
+func (t *GormRepository) OAuthIntegration() repository.OAuthIntegrationRepository {
+	return t.oauthIntegration
+}
+
+func (t *GormRepository) GCPIntegration() repository.GCPIntegrationRepository {
+	return t.gcpIntegration
+}
+
+func (t *GormRepository) AWSIntegration() repository.AWSIntegrationRepository {
+	return t.awsIntegration
+}
+
+// NewRepository returns a Repository which persists users in memory
+// and accepts a parameter that can trigger read/write errors
+func NewRepository(db *gorm.DB, key *[32]byte) repository.Repository {
+	return &GormRepository{
+		user:             NewUserRepository(db),
+		session:          NewSessionRepository(db),
+		project:          NewProjectRepository(db),
+		cluster:          NewClusterRepository(db, key),
+		helmRepo:         NewHelmRepoRepository(db, key),
+		registry:         NewRegistryRepository(db, key),
+		gitRepo:          NewGitRepoRepository(db, key),
+		gitActionConfig:  NewGitActionConfigRepository(db),
+		invite:           NewInviteRepository(db),
+		release:          NewReleaseRepository(db),
+		authCode:         NewAuthCodeRepository(db),
+		dnsRecord:        NewDNSRecordRepository(db),
+		pwResetToken:     NewPWResetTokenRepository(db),
+		infra:            NewInfraRepository(db, key),
+		kubeIntegration:  NewKubeIntegrationRepository(db, key),
+		basicIntegration: NewBasicIntegrationRepository(db, key),
+		oidcIntegration:  NewOIDCIntegrationRepository(db, key),
+		oauthIntegration: NewOAuthIntegrationRepository(db, key),
+		gcpIntegration:   NewGCPIntegrationRepository(db, key),
+		awsIntegration:   NewAWSIntegrationRepository(db, key),
 	}
 }

internal/repository/gorm/session_test.go

@@ -1,147 +0,0 @@
-package gorm
-
-import (
-	"database/sql"
-	"testing"
-	"time"
-
-	"gorm.io/driver/postgres"
-
-	"github.com/DATA-DOG/go-sqlmock"
-	"github.com/go-test/deep"
-	"github.com/porter-dev/porter/internal/models"
-	"github.com/porter-dev/porter/internal/repository"
-	"github.com/stretchr/testify/require"
-	"github.com/stretchr/testify/suite"
-	"gorm.io/gorm"
-)
-
-type Suite struct {
-	suite.Suite
-	db   *gorm.DB
-	mock sqlmock.Sqlmock
-
-	repo    repository.SessionRepository
-	session *models.Session
-}
-
-func (s *Suite) SetupSuite() {
-	var (
-		db  *sql.DB
-		err error
-	)
-
-	db, s.mock, err = sqlmock.New()
-
-	require.NoError(s.T(), err)
-
-	s.db, err = gorm.Open(postgres.New(postgres.Config{
-		Conn: db,
-	}), &gorm.Config{})
-
-	require.NoError(s.T(), err)
-
-	s.repo = NewSessionRepository(s.db)
-}
-
-func (s *Suite) AfterTest(_, _ string) {
-	require.NoError(s.T(), s.mock.ExpectationsWereMet())
-}
-
-func TestInit(t *testing.T) {
-	suite.Run(t, new(Suite))
-}
-
-func (s *Suite) TestShouldCreateNewSession() {
-	var (
-		key       = "onekey"
-		data      = []byte("onedata")
-		expiresAt = time.Now()
-	)
-
-	rows := sqlmock.NewRows([]string{"id"}).AddRow("111")
-
-	s.mock.ExpectBegin()
-	// s.mock.ExpectQuery(`INSERT INTO "sessions" ("created_at","updated_at","deleted_at","key","data","expires_at")
-	// 	VALUES ($1,$2,$3,$4,$5,$6) RETURNING "sessions"."id"`).
-	s.mock.ExpectQuery(`.*`).
-		WithArgs(sqlmock.AnyArg(), sqlmock.AnyArg(), sqlmock.AnyArg(), key, data, expiresAt).
-		WillReturnRows(rows)
-	s.mock.ExpectCommit()
-
-	// test function
-	_, err := s.repo.CreateSession(&models.Session{
-		Key:       key,
-		Data:      data,
-		ExpiresAt: expiresAt,
-	})
-
-	require.NoError(s.T(), err)
-}
-
-func (s *Suite) TestShoudSelectSessionByKey() {
-	var (
-		key = "onekey"
-	)
-
-	rows := sqlmock.NewRows([]string{"Key"}).AddRow(key)
-
-	s.mock.ExpectQuery(`.*`). // do proper regex labor later as meditative exercise
-					WithArgs(key).
-					WillReturnRows(rows)
-
-	// test function
-	res, err := s.repo.SelectSession(&models.Session{
-		Key: key,
-	})
-
-	require.NoError(s.T(), err)
-	require.Nil(s.T(), deep.Equal(&models.Session{Key: key}, res))
-}
-
-func (s *Suite) TestShouldUpdateSessionByKey() {
-	var (
-		key       = "onekey"
-		data      = []byte("chobanilime")
-		expiresAt = time.Now()
-	)
-
-	// rows := sqlmock.NewRows([]string{"Key"}).AddRow(key)
-
-	s.mock.ExpectBegin()
-	s.mock.ExpectExec(`.*`). // do proper regex labor later as meditative exercise
-					WithArgs(sqlmock.AnyArg(), key, data, sqlmock.AnyArg(), key).
-					WillReturnResult(sqlmock.NewResult(1, 1))
-	s.mock.ExpectCommit()
-
-	// test function
-	_, err := s.repo.UpdateSession(&models.Session{
-		Key:       key,
-		Data:      data,
-		ExpiresAt: expiresAt,
-	})
-
-	require.NoError(s.T(), err)
-	// require.Nil(s.T(), deep.Equal(&models.Session{Data: data}, res))
-}
-
-func (s *Suite) TestShouldDeleteSession() {
-	var (
-		key = "onekey"
-	)
-
-	// rows := sqlmock.NewRows([]string{"id"}).AddRow("111")
-
-	s.mock.ExpectBegin()
-	s.mock.ExpectExec(`.*`).
-		WithArgs(key).
-		WillReturnResult(sqlmock.NewResult(1, 1))
-	s.mock.ExpectCommit()
-
-	// test function
-	_, err := s.repo.DeleteSession(&models.Session{
-		Key: key,
-	})
-
-	require.NoError(s.T(), err)
-}

internal/repository/gorm/user_test.go

@@ -21,13 +21,13 @@ func TestReadUserByGithubUserID(t *testing.T) {
 		GithubUserID: 5,
 	}
 
-	user, err := tester.repo.User.CreateUser(user)
+	user, err := tester.repo.User().CreateUser(user)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
 	}
 
-	readUser, err := tester.repo.User.ReadUserByGithubUserID(5)
+	readUser, err := tester.repo.User().ReadUserByGithubUserID(5)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
@@ -53,13 +53,13 @@ func TestReadUserByGoogleUserID(t *testing.T) {
 		GoogleUserID: "alsdkfjsldaf",
 	}
 
-	user, err := tester.repo.User.CreateUser(user)
+	user, err := tester.repo.User().CreateUser(user)
 
 	if err != nil {
 		t.Fatalf("%v\n", err)
 	}
 
-	readUser, err := tester.repo.User.ReadUserByGoogleUserID("alsdkfjsldaf")
+	readUser, err := tester.repo.User().ReadUserByGoogleUserID("alsdkfjsldaf")
 
 	if err != nil {
 		t.Fatalf("%v\n", err)

internal/repository/repository.go

@@ -1,25 +1,24 @@
 package repository
 
-// Repository collects the repositories for each model
-type Repository struct {
-	User             UserRepository
-	Project          ProjectRepository
-	Release          ReleaseRepository
-	Session          SessionRepository
-	GitRepo          GitRepoRepository
-	Cluster          ClusterRepository
-	HelmRepo         HelmRepoRepository
-	Registry         RegistryRepository
-	Infra            InfraRepository
-	GitActionConfig  GitActionConfigRepository
-	Invite           InviteRepository
-	AuthCode         AuthCodeRepository
-	DNSRecord        DNSRecordRepository
-	PWResetToken     PWResetTokenRepository
-	KubeIntegration  KubeIntegrationRepository
-	BasicIntegration BasicIntegrationRepository
-	OIDCIntegration  OIDCIntegrationRepository
-	OAuthIntegration OAuthIntegrationRepository
-	GCPIntegration   GCPIntegrationRepository
-	AWSIntegration   AWSIntegrationRepository
+type Repository interface {
+	User() UserRepository
+	Project() ProjectRepository
+	Release() ReleaseRepository
+	GitRepo() GitRepoRepository
+	Cluster() ClusterRepository
+	HelmRepo() HelmRepoRepository
+	Registry() RegistryRepository
+	Infra() InfraRepository
+	GitActionConfig() GitActionConfigRepository
+	Invite() InviteRepository
+	AuthCode() AuthCodeRepository
+	DNSRecord() DNSRecordRepository
+	PWResetToken() PWResetTokenRepository
+	Session() SessionRepository
+	KubeIntegration() KubeIntegrationRepository
+	BasicIntegration() BasicIntegrationRepository
+	OIDCIntegration() OIDCIntegrationRepository
+	OAuthIntegration() OAuthIntegrationRepository
+	GCPIntegration() GCPIntegrationRepository
+	AWSIntegration() AWSIntegrationRepository
 }

internal/repository/test/git_action_config.go

@@ -0,0 +1,48 @@
+package test
+
+import (
+	"errors"
+
+	"github.com/porter-dev/porter/internal/models"
+	"github.com/porter-dev/porter/internal/repository"
+	"gorm.io/gorm"
+)
+
+// GitActionConfigRepository uses gorm.DB for querying the database
+type GitActionConfigRepository struct {
+	canQuery         bool
+	gitActionConfigs []*models.GitActionConfig
+}
+
+func NewGitActionConfigRepository(canQuery bool) repository.GitActionConfigRepository {
+	return &GitActionConfigRepository{
+		canQuery,
+		[]*models.GitActionConfig{},
+	}
+}
+
+// CreateGitActionConfig creates a new git repo
+func (repo *GitActionConfigRepository) CreateGitActionConfig(gac *models.GitActionConfig) (*models.GitActionConfig, error) {
+	if !repo.canQuery {
+		return nil, errors.New("Cannot write database")
+	}
+
+	repo.gitActionConfigs = append(repo.gitActionConfigs, gac)
+	gac.ID = uint(len(repo.gitActionConfigs))
+
+	return gac, nil
+}
+
+// ReadGitActionConfig gets a git repo specified by a unique id
+func (repo *GitActionConfigRepository) ReadGitActionConfig(id uint) (*models.GitActionConfig, error) {
+	if !repo.canQuery {
+		return nil, errors.New("Cannot read from database")
+	}
+
+	if int(id-1) >= len(repo.gitActionConfigs) || repo.gitActionConfigs[id-1] == nil {
+		return nil, gorm.ErrRecordNotFound
+	}
+
+	index := int(id - 1)
+	return repo.gitActionConfigs[index], nil
+}

internal/repository/test/repository.go

@@ -4,27 +4,132 @@ import (
 	"github.com/porter-dev/porter/internal/repository"
 )
 
+type TestRepository struct {
+	user             repository.UserRepository
+	session          repository.SessionRepository
+	project          repository.ProjectRepository
+	cluster          repository.ClusterRepository
+	helmRepo         repository.HelmRepoRepository
+	registry         repository.RegistryRepository
+	gitRepo          repository.GitRepoRepository
+	gitActionConfig  repository.GitActionConfigRepository
+	invite           repository.InviteRepository
+	release          repository.ReleaseRepository
+	authCode         repository.AuthCodeRepository
+	dnsRecord        repository.DNSRecordRepository
+	pwResetToken     repository.PWResetTokenRepository
+	infra            repository.InfraRepository
+	kubeIntegration  repository.KubeIntegrationRepository
+	basicIntegration repository.BasicIntegrationRepository
+	oidcIntegration  repository.OIDCIntegrationRepository
+	oauthIntegration repository.OAuthIntegrationRepository
+	gcpIntegration   repository.GCPIntegrationRepository
+	awsIntegration   repository.AWSIntegrationRepository
+}
+
+func (t *TestRepository) User() repository.UserRepository {
+	return t.user
+}
+
+func (t *TestRepository) Session() repository.SessionRepository {
+	return t.session
+}
+
+func (t *TestRepository) Project() repository.ProjectRepository {
+	return t.project
+}
+
+func (t *TestRepository) Cluster() repository.ClusterRepository {
+	return t.cluster
+}
+
+func (t *TestRepository) HelmRepo() repository.HelmRepoRepository {
+	return t.helmRepo
+}
+
+func (t *TestRepository) Registry() repository.RegistryRepository {
+	return t.registry
+}
+
+func (t *TestRepository) GitRepo() repository.GitRepoRepository {
+	return t.gitRepo
+}
+
+func (t *TestRepository) GitActionConfig() repository.GitActionConfigRepository {
+	return t.gitActionConfig
+}
+
+func (t *TestRepository) Invite() repository.InviteRepository {
+	return t.invite
+}
+
+func (t *TestRepository) Release() repository.ReleaseRepository {
+	return t.release
+}
+
+func (t *TestRepository) AuthCode() repository.AuthCodeRepository {
+	return t.authCode
+}
+
+func (t *TestRepository) DNSRecord() repository.DNSRecordRepository {
+	return t.dnsRecord
+}
+
+func (t *TestRepository) PWResetToken() repository.PWResetTokenRepository {
+	return t.pwResetToken
+}
+
+func (t *TestRepository) Infra() repository.InfraRepository {
+	return t.infra
+}
+
+func (t *TestRepository) KubeIntegration() repository.KubeIntegrationRepository {
+	return t.kubeIntegration
+}
+
+func (t *TestRepository) BasicIntegration() repository.BasicIntegrationRepository {
+	return t.basicIntegration
+}
+
+func (t *TestRepository) OIDCIntegration() repository.OIDCIntegrationRepository {
+	return t.oidcIntegration
+}
+
+func (t *TestRepository) OAuthIntegration() repository.OAuthIntegrationRepository {
+	return t.oauthIntegration
+}
+
+func (t *TestRepository) GCPIntegration() repository.GCPIntegrationRepository {
+	return t.gcpIntegration
+}
+
+func (t *TestRepository) AWSIntegration() repository.AWSIntegrationRepository {
+	return t.awsIntegration
+}
+
 // NewRepository returns a Repository which persists users in memory
 // and accepts a parameter that can trigger read/write errors
-func NewRepository(canQuery bool) *repository.Repository {
-	return &repository.Repository{
-		User:             NewUserRepository(canQuery),
-		Session:          NewSessionRepository(canQuery),
-		Project:          NewProjectRepository(canQuery),
-		Cluster:          NewClusterRepository(canQuery),
-		HelmRepo:         NewHelmRepoRepository(canQuery),
-		Registry:         NewRegistryRepository(canQuery),
-		GitRepo:          NewGitRepoRepository(canQuery),
-		Invite:           NewInviteRepository(canQuery),
-		Release:          NewReleaseRepository(canQuery),
-		AuthCode:         NewAuthCodeRepository(canQuery),
-		DNSRecord:        NewDNSRecordRepository(canQuery),
-		PWResetToken:     NewPWResetTokenRepository(canQuery),
-		KubeIntegration:  NewKubeIntegrationRepository(canQuery),
-		BasicIntegration: NewBasicIntegrationRepository(canQuery),
-		OIDCIntegration:  NewOIDCIntegrationRepository(canQuery),
-		OAuthIntegration: NewOAuthIntegrationRepository(canQuery),
-		GCPIntegration:   NewGCPIntegrationRepository(canQuery),
-		AWSIntegration:   NewAWSIntegrationRepository(canQuery),
+func NewRepository(canQuery bool) repository.Repository {
+	return &TestRepository{
+		user:             NewUserRepository(canQuery),
+		session:          NewSessionRepository(canQuery),
+		project:          NewProjectRepository(canQuery),
+		cluster:          NewClusterRepository(canQuery),
+		helmRepo:         NewHelmRepoRepository(canQuery),
+		registry:         NewRegistryRepository(canQuery),
+		gitRepo:          NewGitRepoRepository(canQuery),
+		gitActionConfig:  NewGitActionConfigRepository(canQuery),
+		invite:           NewInviteRepository(canQuery),
+		release:          NewReleaseRepository(canQuery),
+		authCode:         NewAuthCodeRepository(canQuery),
+		dnsRecord:        NewDNSRecordRepository(canQuery),
+		pwResetToken:     NewPWResetTokenRepository(canQuery),
+		infra:            NewInfraRepository(canQuery),
+		kubeIntegration:  NewKubeIntegrationRepository(canQuery),
+		basicIntegration: NewBasicIntegrationRepository(canQuery),
+		oidcIntegration:  NewOIDCIntegrationRepository(canQuery),
+		oauthIntegration: NewOAuthIntegrationRepository(canQuery),
+		gcpIntegration:   NewGCPIntegrationRepository(canQuery),
+		awsIntegration:   NewAWSIntegrationRepository(canQuery),
 	}
 }

server/api/api.go

@@ -38,7 +38,7 @@ type TestAgents struct {
 type AppConfig struct {
 	DB         *gorm.DB
 	Logger     *lr.Logger
-	Repository *repository.Repository
+	Repository repository.Repository
 	ServerConf config.ServerConf
 	RedisConf  *config.RedisConf
 	DBConf     config.DBConf
@@ -58,7 +58,7 @@ type App struct {
 	Logger *lr.Logger
 
 	// Repo implements a query repository
-	Repo *repository.Repository
+	Repo repository.Repository
 
 	// session store for cookie-based sessions
 	Store sessions.Store

server/api/cluster_handler.go

@@ -44,7 +44,7 @@ func (app *App) HandleCreateProjectCluster(w http.ResponseWriter, r *http.Reques
 	}
 
 	// handle write to the database
-	cluster, err = app.Repo.Cluster.CreateCluster(cluster)
+	cluster, err = app.Repo.Cluster().CreateCluster(cluster)
 
 	if err != nil {
 		app.handleErrorDataWrite(err, w)
@@ -72,7 +72,7 @@ func (app *App) HandleReadProjectCluster(w http.ResponseWriter, r *http.Request)
 		return
 	}
 
-	cluster, err := app.Repo.Cluster.ReadCluster(uint(id))
+	cluster, err := app.Repo.Cluster().ReadCluster(uint(id))
 
 	if err != nil {
 		app.handleErrorRead(err, ErrProjectDataRead, w)
@@ -98,7 +98,7 @@ func (app *App) HandleListProjectClusters(w http.ResponseWriter, r *http.Request
 		return
 	}
 
-	clusters, err := app.Repo.Cluster.ListClustersByProjectID(uint(projID))
+	clusters, err := app.Repo.Cluster().ListClustersByProjectID(uint(projID))
 
 	if err != nil {
 		app.handleErrorRead(err, ErrProjectDataRead, w)
@@ -152,7 +152,7 @@ func (app *App) HandleUpdateProjectCluster(w http.ResponseWriter, r *http.Reques
 	}
 
 	// convert the form to a registry
-	cluster, err := form.ToCluster(app.Repo.Cluster)
+	cluster, err := form.ToCluster(app.Repo.Cluster())
 
 	if err != nil {
 		app.handleErrorFormDecoding(err, ErrProjectDecode, w)
@@ -160,7 +160,7 @@ func (app *App) HandleUpdateProjectCluster(w http.ResponseWriter, r *http.Reques
 	}
 
 	// handle write to the database
-	cluster, err = app.Repo.Cluster.UpdateCluster(cluster)
+	cluster, err = app.Repo.Cluster().UpdateCluster(cluster)
 
 	if err != nil {
 		app.handleErrorDataWrite(err, w)
@@ -186,14 +186,14 @@ func (app *App) HandleDeleteProjectCluster(w http.ResponseWriter, r *http.Reques
 		return
 	}
 
-	cluster, err := app.Repo.Cluster.ReadCluster(uint(id))
+	cluster, err := app.Repo.Cluster().ReadCluster(uint(id))
 
 	if err != nil {
 		app.handleErrorRead(err, ErrProjectDataRead, w)
 		return
 	}
 
-	err = app.Repo.Cluster.DeleteCluster(cluster)
+	err = app.Repo.Cluster().DeleteCluster(cluster)
 
 	if err != nil {
 		app.handleErrorRead(err, ErrProjectDataRead, w)
@@ -250,7 +250,7 @@ func (app *App) HandleCreateProjectClusterCandidates(w http.ResponseWriter, r *h
 
 	for _, cc := range ccs {
 		// handle write to the database
-		cc, err = app.Repo.Cluster.CreateClusterCandidate(cc)
+		cc, err = app.Repo.Cluster().CreateClusterCandidate(cc)
 
 		if err != nil {
 			app.handleErrorDataWrite(err, w)
@@ -263,7 +263,7 @@ func (app *App) HandleCreateProjectClusterCandidates(w http.ResponseWriter, r *h
 		// automatically
 		if len(cc.Resolvers) == 0 {
 			// we query the repo again to get the decrypted version of the cluster candidate
-			cc, err = app.Repo.Cluster.ReadClusterCandidate(cc.ID)
+			cc, err = app.Repo.Cluster().ReadClusterCandidate(cc.ID)
 
 			if err != nil {
 				app.handleErrorDataRead(err, w)
@@ -277,21 +277,21 @@ func (app *App) HandleCreateProjectClusterCandidates(w http.ResponseWriter, r *h
 				UserID:             userID,
 			}
 
-			err := clusterForm.ResolveIntegration(*app.Repo)
+			err := clusterForm.ResolveIntegration(app.Repo)
 
 			if err != nil {
 				app.handleErrorDataWrite(err, w)
 				return
 			}
 
-			cluster, err := clusterForm.ResolveCluster(*app.Repo)
+			cluster, err := clusterForm.ResolveCluster(app.Repo)
 
 			if err != nil {
 				app.handleErrorDataWrite(err, w)
 				return
 			}
 
-			cc, err = app.Repo.Cluster.UpdateClusterCandidateCreatedClusterID(cc.ID, cluster.ID)
+			cc, err = app.Repo.Cluster().UpdateClusterCandidateCreatedClusterID(cc.ID, cluster.ID)
 
 			if err != nil {
 				app.handleErrorDataWrite(err, w)
@@ -322,7 +322,7 @@ func (app *App) HandleListProjectClusterCandidates(w http.ResponseWriter, r *htt
 		return
 	}
 
-	ccs, err := app.Repo.Cluster.ListClusterCandidatesByProjectID(uint(projID))
+	ccs, err := app.Repo.Cluster().ListClusterCandidatesByProjectID(uint(projID))
 
 	if err != nil {
 		app.handleErrorRead(err, ErrProjectDataRead, w)
@@ -385,21 +385,21 @@ func (app *App) HandleResolveClusterCandidate(w http.ResponseWriter, r *http.Req
 		UserID:             userID,
 	}
 
-	err = clusterResolver.ResolveIntegration(*app.Repo)
+	err = clusterResolver.ResolveIntegration(app.Repo)
 
 	if err != nil {
 		app.handleErrorDataWrite(err, w)
 		return
 	}
 
-	cluster, err := clusterResolver.ResolveCluster(*app.Repo)
+	cluster, err := clusterResolver.ResolveCluster(app.Repo)
 
 	if err != nil {
 		app.handleErrorDataWrite(err, w)
 		return
 	}
 
-	_, err = app.Repo.Cluster.UpdateClusterCandidateCreatedClusterID(uint(candID), cluster.ID)
+	_, err = app.Repo.Cluster().UpdateClusterCandidateCreatedClusterID(uint(candID), cluster.ID)
 
 	if err != nil {
 		app.handleErrorDataWrite(err, w)

server/api/cluster_handler_test.go

@@ -232,7 +232,7 @@ var createProjectClusterCandidatesTests = []*clusterTest{
 			projectClusterCandidateBodyValidator,
 			// check that Cluster was created by default
 			func(c *clusterTest, tester *tester, t *testing.T) {
-				clusters, err := tester.repo.Cluster.ListClustersByProjectID(1)
+				clusters, err := tester.repo.Cluster().ListClustersByProjectID(1)
 
 				if err != nil {
 					t.Fatalf("%v\n", err)
@@ -335,7 +335,7 @@ func TestHandleResolveProjectClusterCandidate(t *testing.T) {
 // ------------------------- INITIALIZERS AND VALIDATORS ------------------------- //
 
 func initProjectClusterCandidate(tester *tester) {
-	proj, _ := tester.repo.Project.ReadProject(1)
+	proj, _ := tester.repo.Project().ReadProject(1)
 
 	form := &forms.CreateClusterCandidatesForm{
 		ProjectID:  proj.ID,
@@ -346,12 +346,12 @@ func initProjectClusterCandidate(tester *tester) {
 	ccs, _ := form.ToClusterCandidates(false)
 
 	for _, cc := range ccs {
-		tester.repo.Cluster.CreateClusterCandidate(cc)
+		tester.repo.Cluster().CreateClusterCandidate(cc)
 	}
 }
 
 func initProjectClusterDefault(tester *tester) {
-	proj, _ := tester.repo.Project.ReadProject(1)
+	proj, _ := tester.repo.Project().ReadProject(1)
 
 	form := &forms.CreateClusterCandidatesForm{
 		ProjectID:  proj.ID,
@@ -362,7 +362,7 @@ func initProjectClusterDefault(tester *tester) {
 	ccs, _ := form.ToClusterCandidates(false)
 
 	for _, cc := range ccs {
-		tester.repo.Cluster.CreateClusterCandidate(cc)
+		tester.repo.Cluster().CreateClusterCandidate(cc)
 	}
 
 	clusterForm := forms.ResolveClusterForm{
@@ -372,8 +372,8 @@ func initProjectClusterDefault(tester *tester) {
 		UserID:             1,
 	}
 
-	clusterForm.ResolveIntegration(*tester.repo)
-	clusterForm.ResolveCluster(*tester.repo)
+	clusterForm.ResolveIntegration(tester.repo)
+	clusterForm.ResolveCluster(tester.repo)
 }
 
 func projectClusterCandidateBodyValidator(c *clusterTest, tester *tester, t *testing.T) {

server/api/deploy_handler.go

@@ -70,7 +70,7 @@ func (app *App) HandleDeployTemplate(w http.ResponseWriter, r *http.Request) {
 
 	form.ReleaseForm.PopulateHelmOptionsFromQueryParams(
 		vals,
-		app.Repo.Cluster,
+		app.Repo.Cluster(),
 	)
 
 	if err := json.NewDecoder(r.Body).Decode(form); err != nil {
@@ -89,7 +89,7 @@ func (app *App) HandleDeployTemplate(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	registries, err := app.Repo.Registry.ListRegistriesByProjectID(uint(projID))
+	registries, err := app.Repo.Registry().ListRegistriesByProjectID(uint(projID))
 
 	if err != nil {
 		app.handleErrorDataRead(err, w)
@@ -102,7 +102,7 @@ func (app *App) HandleDeployTemplate(w http.ResponseWriter, r *http.Request) {
 		Namespace:  form.ReleaseForm.Form.Namespace,
 		Values:     form.ChartTemplateForm.FormValues,
 		Cluster:    form.ReleaseForm.Cluster,
-		Repo:       *app.Repo,
+		Repo:       app.Repo,
 		Registries: registries,
 	}
 
@@ -142,7 +142,7 @@ func (app *App) HandleDeployTemplate(w http.ResponseWriter, r *http.Request) {
 		ImageRepoURI: repoStr,
 	}
 
-	_, err = app.Repo.Release.CreateRelease(release)
+	_, err = app.Repo.Release().CreateRelease(release)
 
 	if err != nil {
 		app.sendExternalError(err, http.StatusInternalServerError, HTTPError{
@@ -223,7 +223,7 @@ func (app *App) HandleUninstallTemplate(w http.ResponseWriter, r *http.Request)
 			}, w)
 		}
 
-		release, err := app.Repo.Release.ReadRelease(uint(clusterID), name, resp.Release.Namespace)
+		release, err := app.Repo.Release().ReadRelease(uint(clusterID), name, resp.Release.Namespace)
 
 		if release != nil {
 			gitAction := release.GitActionConfig
@@ -242,7 +242,7 @@ func (app *App) HandleUninstallTemplate(w http.ResponseWriter, r *http.Request)
 
 				yaml.Unmarshal(rawValues, cEnv)
 
-				gr, err := app.Repo.GitRepo.ReadGitRepo(gitAction.GitRepoID)
+				gr, err := app.Repo.GitRepo().ReadGitRepo(gitAction.GitRepoID)
 
 				if err != nil {
 					app.sendExternalError(err, http.StatusInternalServerError, HTTPError{
@@ -265,7 +265,7 @@ func (app *App) HandleUninstallTemplate(w http.ResponseWriter, r *http.Request)
 					GitIntegration: gr,
 					GitRepoName:    repoSplit[1],
 					GitRepoOwner:   repoSplit[0],
-					Repo:           *app.Repo,
+					Repo:           app.Repo,
 					GithubConf:     app.GithubProjectConf,
 					WebhookToken:   release.WebhookToken,
 					ProjectID:      uint(projID),

server/api/dns_record_handler.go

@@ -30,7 +30,7 @@ func (app *App) HandleCreateDNSRecord(w http.ResponseWriter, r *http.Request) {
 		},
 	}
 
-	form.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster)
+	form.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster())
 
 	if err := json.NewDecoder(r.Body).Decode(form); err != nil {
 		app.handleErrorFormDecoding(err, ErrUserDecode, w)
@@ -67,7 +67,7 @@ func (app *App) HandleCreateDNSRecord(w http.ResponseWriter, r *http.Request) {
 
 	record := createDomain.NewDNSRecordForEndpoint()
 
-	record, err = app.Repo.DNSRecord.CreateDNSRecord(record)
+	record, err = app.Repo.DNSRecord().CreateDNSRecord(record)
 
 	if err != nil {
 		app.handleErrorDataWrite(err, w)

server/api/git_action_handler.go

@@ -39,7 +39,7 @@ func (app *App) HandleCreateGitAction(w http.ResponseWriter, r *http.Request) {
 		}, w)
 	}
 
-	release, err := app.Repo.Release.ReadRelease(uint(clusterID), name, namespace)
+	release, err := app.Repo.Release().ReadRelease(uint(clusterID), name, namespace)
 
 	if err != nil {
 		app.sendExternalError(err, http.StatusInternalServerError, HTTPError{
@@ -85,7 +85,7 @@ func (app *App) createGitActionFromForm(
 	// if the registry was provisioned through Porter, create a repository if necessary
 	if form.RegistryID != 0 {
 		// read the registry
-		reg, err := app.Repo.Registry.ReadRegistry(form.RegistryID)
+		reg, err := app.Repo.Registry().ReadRegistry(form.RegistryID)
 
 		if err != nil {
 			app.handleErrorDataRead(err, w)
@@ -99,7 +99,7 @@ func (app *App) createGitActionFromForm(
 		nameSpl := strings.Split(form.ImageRepoURI, "/")
 		repoName := nameSpl[len(nameSpl)-1]
 
-		err = regAPI.CreateRepository(*app.Repo, repoName)
+		err = regAPI.CreateRepository(app.Repo, repoName)
 
 		if err != nil {
 			app.handleErrorInternal(err, w)
@@ -116,7 +116,7 @@ func (app *App) createGitActionFromForm(
 	}
 
 	// read the git repo
-	gr, err := app.Repo.GitRepo.ReadGitRepo(gitAction.GitRepoID)
+	gr, err := app.Repo.GitRepo().ReadGitRepo(gitAction.GitRepoID)
 
 	if err != nil {
 		app.handleErrorFormDecoding(err, ErrProjectDecode, w)
@@ -157,7 +157,7 @@ func (app *App) createGitActionFromForm(
 		GitIntegration: gr,
 		GitRepoName:    repoSplit[1],
 		GitRepoOwner:   repoSplit[0],
-		Repo:           *app.Repo,
+		Repo:           app.Repo,
 		GithubConf:     app.GithubProjectConf,
 		WebhookToken:   release.WebhookToken,
 		ProjectID:      uint(projID),
@@ -178,7 +178,7 @@ func (app *App) createGitActionFromForm(
 	}
 
 	// handle write to the database
-	ga, err := app.Repo.GitActionConfig.CreateGitActionConfig(gitAction)
+	ga, err := app.Repo.GitActionConfig().CreateGitActionConfig(gitAction)
 
 	if err != nil {
 		app.handleErrorDataWrite(err, w)
@@ -190,7 +190,7 @@ func (app *App) createGitActionFromForm(
 	// update the release in the db with the image repo uri
 	release.ImageRepoURI = gitAction.ImageRepoURI
 
-	_, err = app.Repo.Release.UpdateRelease(release)
+	_, err = app.Repo.Release().UpdateRelease(release)
 
 	if err != nil {
 		app.handleErrorDataWrite(err, w)

server/api/git_repo_handler.go

@@ -26,7 +26,7 @@ func (app *App) HandleListProjectGitRepos(w http.ResponseWriter, r *http.Request
 		return
 	}
 
-	grs, err := app.Repo.GitRepo.ListGitReposByProjectID(uint(projID))
+	grs, err := app.Repo.GitRepo().ListGitReposByProjectID(uint(projID))
 
 	if err != nil {
 		app.handleErrorRead(err, ErrProjectDataRead, w)
@@ -117,14 +117,14 @@ func (app *App) HandleDeleteProjectGitRepo(w http.ResponseWriter, r *http.Reques
 		return
 	}
 
-	repo, err := app.Repo.GitRepo.ReadGitRepo(uint(id))
+	repo, err := app.Repo.GitRepo().ReadGitRepo(uint(id))
 
 	if err != nil {
 		app.handleErrorRead(err, ErrProjectDataRead, w)
 		return
 	}
 
-	err = app.Repo.GitRepo.DeleteGitRepo(repo)
+	err = app.Repo.GitRepo().DeleteGitRepo(repo)
 
 	if err != nil {
 		app.handleErrorRead(err, ErrProjectDataRead, w)
@@ -332,14 +332,14 @@ func (app *App) githubTokenFromRequest(
 	}
 
 	// query for the git repo
-	gr, err := app.Repo.GitRepo.ReadGitRepo(uint(grID))
+	gr, err := app.Repo.GitRepo().ReadGitRepo(uint(grID))
 
 	if err != nil {
 		return nil, err
 	}
 
 	// get the oauth integration
-	oauthInt, err := app.Repo.OAuthIntegration.ReadOAuthIntegration(gr.OAuthIntegrationID)
+	oauthInt, err := app.Repo.OAuthIntegration().ReadOAuthIntegration(gr.OAuthIntegrationID)
 
 	if err != nil {
 		return nil, err

server/api/helm_repo_handler.go

@@ -46,7 +46,7 @@ func (app *App) HandleCreateHelmRepo(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// handle write to the database
-	hr, err = app.Repo.HelmRepo.CreateHelmRepo(hr)
+	hr, err = app.Repo.HelmRepo().CreateHelmRepo(hr)
 
 	if err != nil {
 		app.handleErrorDataWrite(err, w)
@@ -74,7 +74,7 @@ func (app *App) HandleListProjectHelmRepos(w http.ResponseWriter, r *http.Reques
 		return
 	}
 
-	hrs, err := app.Repo.HelmRepo.ListHelmReposByProjectID(uint(projID))
+	hrs, err := app.Repo.HelmRepo().ListHelmReposByProjectID(uint(projID))
 
 	if err != nil {
 		app.handleErrorRead(err, ErrProjectDataRead, w)
@@ -104,7 +104,7 @@ func (app *App) HandleListHelmRepoCharts(w http.ResponseWriter, r *http.Request)
 		return
 	}
 
-	hr, err := app.Repo.HelmRepo.ReadHelmRepo(uint(helmID))
+	hr, err := app.Repo.HelmRepo().ReadHelmRepo(uint(helmID))
 
 	if err != nil {
 		app.handleErrorRead(err, ErrProjectDataRead, w)
@@ -115,7 +115,7 @@ func (app *App) HandleListHelmRepoCharts(w http.ResponseWriter, r *http.Request)
 	_hr := repo.HelmRepo(*hr)
 	hrAPI := &_hr
 
-	charts, err := hrAPI.ListCharts(*app.Repo)
+	charts, err := hrAPI.ListCharts(app.Repo)
 
 	if err != nil {
 		app.handleErrorRead(err, ErrProjectDataRead, w)

server/api/helm_repo_handler_test.go

@@ -118,7 +118,7 @@ func TestHandleListHelmRepos(t *testing.T) {
 // ------------------------- INITIALIZERS AND VALIDATORS ------------------------- //
 
 func initHelmRepo(tester *tester) {
-	proj, _ := tester.repo.Project.ReadProject(1)
+	proj, _ := tester.repo.Project().ReadProject(1)
 
 	hr := &models.HelmRepo{
 		Name:                   "helm-repo-test",
@@ -127,7 +127,7 @@ func initHelmRepo(tester *tester) {
 		BasicAuthIntegrationID: 1,
 	}
 
-	tester.repo.HelmRepo.CreateHelmRepo(hr)
+	tester.repo.HelmRepo().CreateHelmRepo(hr)
 }
 
 func helmRepoBodyValidator(c *helmTest, tester *tester, t *testing.T) {

server/api/helpers_test.go

@@ -21,7 +21,7 @@ import (
 
 type tester struct {
 	app    *api.App
-	repo   *repository.Repository
+	repo   repository.Repository
 	store  *sessionstore.PGStore
 	router *chi.Mux
 	req    *http.Request

server/api/infra_handler.go

@@ -18,7 +18,7 @@ func (app *App) HandleListProjectInfra(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	infras, err := app.Repo.Infra.ListInfrasByProjectID(uint(projID))
+	infras, err := app.Repo.Infra().ListInfrasByProjectID(uint(projID))
 
 	if err != nil {
 		app.handleErrorRead(err, ErrProjectDataRead, w)

server/api/integration_handler.go

@@ -106,7 +106,7 @@ func (app *App) HandleCreateGCPIntegration(w http.ResponseWriter, r *http.Reques
 	}
 
 	// handle write to the database
-	gcp, err = app.Repo.GCPIntegration.CreateGCPIntegration(gcp)
+	gcp, err = app.Repo.GCPIntegration().CreateGCPIntegration(gcp)
 
 	if err != nil {
 		app.handleErrorDataWrite(err, w)
@@ -167,7 +167,7 @@ func (app *App) HandleCreateAWSIntegration(w http.ResponseWriter, r *http.Reques
 	}
 
 	// handle write to the database
-	aws, err = app.Repo.AWSIntegration.CreateAWSIntegration(aws)
+	aws, err = app.Repo.AWSIntegration().CreateAWSIntegration(aws)
 
 	if err != nil {
 		app.handleErrorDataWrite(err, w)
@@ -228,7 +228,7 @@ func (app *App) HandleCreateBasicAuthIntegration(w http.ResponseWriter, r *http.
 	}
 
 	// handle write to the database
-	basic, err = app.Repo.BasicIntegration.CreateBasicIntegration(basic)
+	basic, err = app.Repo.BasicIntegration().CreateBasicIntegration(basic)
 
 	if err != nil {
 		app.handleErrorDataWrite(err, w)
@@ -256,7 +256,7 @@ func (app *App) HandleListProjectOAuthIntegrations(w http.ResponseWriter, r *htt
 		return
 	}
 
-	oauthInts, err := app.Repo.OAuthIntegration.ListOAuthIntegrationsByProjectID(uint(projID))
+	oauthInts, err := app.Repo.OAuthIntegration().ListOAuthIntegrationsByProjectID(uint(projID))
 
 	if err != nil {
 		app.handleErrorDataRead(err, w)

server/api/integration_handler_test.go

@@ -238,7 +238,7 @@ func TestHandleCreateBasicIntegration(t *testing.T) {
 // ------------------------- INITIALIZERS AND VALIDATORS ------------------------- //
 
 func initAWSIntegration(tester *tester) {
-	proj, _ := tester.repo.Project.ReadProject(1)
+	proj, _ := tester.repo.Project().ReadProject(1)
 
 	form := &forms.CreateAWSIntegrationForm{
 		ProjectID: proj.ID,
@@ -248,18 +248,18 @@ func initAWSIntegration(tester *tester) {
 	// convert the form to a ServiceAccountCandidate
 	awsInt, _ := form.ToAWSIntegration()
 
-	tester.repo.AWSIntegration.CreateAWSIntegration(awsInt)
+	tester.repo.AWSIntegration().CreateAWSIntegration(awsInt)
 }
 
 func initBasicIntegration(tester *tester) {
-	proj, _ := tester.repo.Project.ReadProject(1)
+	proj, _ := tester.repo.Project().ReadProject(1)
 
 	basicInt := &ints.BasicIntegration{
 		ProjectID: proj.ID,
 		UserID:    1,
 	}
 
-	tester.repo.BasicIntegration.CreateBasicIntegration(basicInt)
+	tester.repo.BasicIntegration().CreateBasicIntegration(basicInt)
 }
 
 func publicIntBodyValidator(c *publicIntTest, tester *tester, t *testing.T) {

server/api/invite_handler.go

@@ -48,7 +48,7 @@ func (app *App) HandleCreateInvite(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// handle write to the database
-	invite, err = app.Repo.Invite.CreateInvite(invite)
+	invite, err = app.Repo.Invite().CreateInvite(invite)
 
 	if err != nil {
 		app.handleErrorDataWrite(err, w)
@@ -67,7 +67,7 @@ func (app *App) HandleCreateInvite(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// send invite email
-	project, err := app.Repo.Project.ReadProject(uint(projID))
+	project, err := app.Repo.Project().ReadProject(uint(projID))
 
 	if err != nil {
 		return
@@ -79,7 +79,7 @@ func (app *App) HandleCreateInvite(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	user, err := app.Repo.User.ReadUser(userID)
+	user, err := app.Repo.User().ReadUser(userID)
 
 	if err != nil {
 		return
@@ -111,7 +111,7 @@ func (app *App) HandleAcceptInvite(w http.ResponseWriter, r *http.Request) {
 
 	userID, _ := session.Values["user_id"].(uint)
 
-	user, err := app.Repo.User.ReadUser(userID)
+	user, err := app.Repo.User().ReadUser(userID)
 
 	if err != nil {
 		acceptInviteError(w, r)
@@ -132,7 +132,7 @@ func (app *App) HandleAcceptInvite(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	invite, err := app.Repo.Invite.ReadInviteByToken(token)
+	invite, err := app.Repo.Invite().ReadInviteByToken(token)
 
 	if err != nil || invite.ProjectID != uint(projID) {
 		vals := url.Values{}
@@ -161,7 +161,7 @@ func (app *App) HandleAcceptInvite(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// create a new role for the user in the project
-	projModel, err := app.Repo.Project.ReadProject(uint(projID))
+	projModel, err := app.Repo.Project().ReadProject(uint(projID))
 
 	if err != nil {
 		acceptInviteError(w, r)
@@ -169,7 +169,7 @@ func (app *App) HandleAcceptInvite(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// create a new Role with the user as the admin
-	_, err = app.Repo.Project.CreateProjectRole(projModel, &models.Role{
+	_, err = app.Repo.Project().CreateProjectRole(projModel, &models.Role{
 		Role: types.Role{
 			UserID:    userID,
 			ProjectID: uint(projID),
@@ -185,7 +185,7 @@ func (app *App) HandleAcceptInvite(w http.ResponseWriter, r *http.Request) {
 	// update the invite
 	invite.UserID = userID
 
-	_, err = app.Repo.Invite.UpdateInvite(invite)
+	_, err = app.Repo.Invite().UpdateInvite(invite)
 
 	if err != nil {
 		acceptInviteError(w, r)
@@ -212,7 +212,7 @@ func (app *App) HandleListProjectInvites(w http.ResponseWriter, r *http.Request)
 		return
 	}
 
-	invites, err := app.Repo.Invite.ListInvitesByProjectID(uint(projID))
+	invites, err := app.Repo.Invite().ListInvitesByProjectID(uint(projID))
 
 	if err != nil {
 		app.handleErrorRead(err, ErrProjectDataRead, w)
@@ -242,14 +242,14 @@ func (app *App) HandleDeleteProjectInvite(w http.ResponseWriter, r *http.Request
 		return
 	}
 
-	invite, err := app.Repo.Invite.ReadInvite(uint(id))
+	invite, err := app.Repo.Invite().ReadInvite(uint(id))
 
 	if err != nil {
 		app.handleErrorRead(err, ErrProjectDataRead, w)
 		return
 	}
 
-	err = app.Repo.Invite.DeleteInvite(invite)
+	err = app.Repo.Invite().DeleteInvite(invite)
 
 	if err != nil {
 		app.handleErrorRead(err, ErrProjectDataRead, w)

server/api/invite_handler_test.go

@@ -85,7 +85,7 @@ var createInviteTests = []*inviteTest{
 		validators: []func(c *inviteTest, tester *tester, t *testing.T){
 			func(c *inviteTest, tester *tester, t *testing.T) {
 				// manually read the invite to get the expected token
-				invite, _ := tester.repo.Invite.ReadInvite(1)
+				invite, _ := tester.repo.Invite().ReadInvite(1)
 
 				gotBody := &models.InviteExternal{}
 				expBody := &models.InviteExternal{
@@ -125,7 +125,7 @@ var listInvitesTest = []*inviteTest{
 		validators: []func(c *inviteTest, tester *tester, t *testing.T){
 			func(c *inviteTest, tester *tester, t *testing.T) {
 				// manually read the invite to get the expected token
-				invite, _ := tester.repo.Invite.ReadInvite(1)
+				invite, _ := tester.repo.Invite().ReadInvite(1)
 
 				gotBody := []*models.InviteExternal{}
 				expBody := []*models.InviteExternal{}
@@ -165,13 +165,13 @@ var acceptInviteTests = []*inviteTest{
 		useCookie: true,
 		validators: []func(c *inviteTest, tester *tester, t *testing.T){
 			func(c *inviteTest, tester *tester, t *testing.T) {
-				user, err := tester.repo.User.ReadUserByEmail("test@test.it")
+				user, err := tester.repo.User().ReadUserByEmail("test@test.it")
 
 				if err != nil {
 					t.Fatalf("%v\n", err)
 				}
 
-				projects, err := tester.repo.Project.ListProjectsByUserID(user.ID)
+				projects, err := tester.repo.Project().ListProjectsByUserID(user.ID)
 
 				if len(projects) != 1 {
 					t.Fatalf("length of projects not 1\n")
@@ -267,7 +267,7 @@ func TestHandleAcceptInvite(t *testing.T) {
 // ------------------------- INITIALIZERS AND VALIDATORS ------------------------- //
 
 func initInvite(tester *tester) {
-	proj, _ := tester.repo.Project.ReadProject(1)
+	proj, _ := tester.repo.Project().ReadProject(1)
 
 	expiry := time.Now().Add(24 * time.Hour)
 
@@ -278,11 +278,11 @@ func initInvite(tester *tester) {
 		ProjectID: proj.Model.ID,
 	}
 
-	tester.repo.Invite.CreateInvite(invite)
+	tester.repo.Invite().CreateInvite(invite)
 }
 
 func initInviteExpiredToken(tester *tester) {
-	proj, _ := tester.repo.Project.ReadProject(1)
+	proj, _ := tester.repo.Project().ReadProject(1)
 
 	expiry := time.Now().Add(-1 * time.Hour)
 
@@ -293,5 +293,5 @@ func initInviteExpiredToken(tester *tester) {
 		ProjectID: proj.Model.ID,
 	}
 
-	tester.repo.Invite.CreateInvite(invite)
+	tester.repo.Invite().CreateInvite(invite)
 }

server/api/k8s_handler.go

@@ -45,7 +45,7 @@ func (app *App) HandleListNamespaces(w http.ResponseWriter, r *http.Request) {
 		},
 	}
 
-	form.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster)
+	form.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster())
 
 	// validate the form
 	if err := app.validator.Struct(form); err != nil {
@@ -96,7 +96,7 @@ func (app *App) HandleListPodEvents(w http.ResponseWriter, r *http.Request) {
 		},
 	}
 
-	form.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster)
+	form.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster())
 
 	// validate the form
 	if err := app.validator.Struct(form); err != nil {
@@ -142,7 +142,7 @@ func (app *App) HandleCreateConfigMap(w http.ResponseWriter, r *http.Request) {
 		},
 	}
 
-	form.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster)
+	form.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster())
 
 	// validate the form
 	if err := app.validator.Struct(form); err != nil {
@@ -225,7 +225,7 @@ func (app *App) HandleListConfigMaps(w http.ResponseWriter, r *http.Request) {
 		},
 	}
 
-	form.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster)
+	form.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster())
 
 	// validate the form
 	if err := app.validator.Struct(form); err != nil {
@@ -275,7 +275,7 @@ func (app *App) HandleGetConfigMap(w http.ResponseWriter, r *http.Request) {
 		},
 	}
 
-	form.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster)
+	form.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster())
 
 	// validate the form
 	if err := app.validator.Struct(form); err != nil {
@@ -324,7 +324,7 @@ func (app *App) HandleDeleteConfigMap(w http.ResponseWriter, r *http.Request) {
 		},
 	}
 
-	form.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster)
+	form.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster())
 
 	// validate the form
 	if err := app.validator.Struct(form); err != nil {
@@ -376,7 +376,7 @@ func (app *App) HandleUpdateConfigMap(w http.ResponseWriter, r *http.Request) {
 		},
 	}
 
-	form.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster)
+	form.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster())
 
 	// validate the form
 	if err := app.validator.Struct(form); err != nil {
@@ -477,7 +477,7 @@ func (app *App) HandleGetPodLogs(w http.ResponseWriter, r *http.Request) {
 		},
 	}
 
-	form.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster)
+	form.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster())
 
 	// validate the form
 	if err := app.validator.Struct(form); err != nil {
@@ -532,7 +532,7 @@ func (app *App) HandleDeletePod(w http.ResponseWriter, r *http.Request) {
 		},
 	}
 
-	form.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster)
+	form.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster())
 
 	// validate the form
 	if err := app.validator.Struct(form); err != nil {
@@ -590,7 +590,7 @@ func (app *App) HandleGetIngress(w http.ResponseWriter, r *http.Request) {
 		},
 	}
 
-	form.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster)
+	form.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster())
 
 	// validate the form
 	if err := app.validator.Struct(form); err != nil {
@@ -647,7 +647,7 @@ func (app *App) HandleListPods(w http.ResponseWriter, r *http.Request) {
 		},
 	}
 
-	form.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster)
+	form.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster())
 
 	// validate the form
 	if err := app.validator.Struct(form); err != nil {
@@ -707,7 +707,7 @@ func (app *App) HandleListJobsByChart(w http.ResponseWriter, r *http.Request) {
 		},
 	}
 
-	form.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster)
+	form.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster())
 
 	// validate the form
 	if err := app.validator.Struct(form); err != nil {
@@ -764,7 +764,7 @@ func (app *App) HandleStopJob(w http.ResponseWriter, r *http.Request) {
 		},
 	}
 
-	form.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster)
+	form.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster())
 
 	// validate the form
 	if err := app.validator.Struct(form); err != nil {
@@ -813,7 +813,7 @@ func (app *App) HandleListJobPods(w http.ResponseWriter, r *http.Request) {
 		},
 	}
 
-	form.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster)
+	form.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster())
 
 	// validate the form
 	if err := app.validator.Struct(form); err != nil {
@@ -870,7 +870,7 @@ func (app *App) HandleStreamControllerStatus(w http.ResponseWriter, r *http.Requ
 		},
 	}
 
-	form.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster)
+	form.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster())
 
 	// validate the form
 	if err := app.validator.Struct(form); err != nil {
@@ -923,7 +923,7 @@ func (app *App) HandleDetectPrometheusInstalled(w http.ResponseWriter, r *http.R
 		},
 	}
 
-	form.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster)
+	form.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster())
 
 	// validate the form
 	if err := app.validator.Struct(form); err != nil {
@@ -969,7 +969,7 @@ func (app *App) HandleListNGINXIngresses(w http.ResponseWriter, r *http.Request)
 		},
 	}
 
-	form.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster)
+	form.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster())
 
 	// validate the form
 	if err := app.validator.Struct(form); err != nil {
@@ -1020,7 +1020,7 @@ func (app *App) HandleGetPodMetrics(w http.ResponseWriter, r *http.Request) {
 		QueryOpts: &prometheus.QueryOpts{},
 	}
 
-	form.K8sForm.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster)
+	form.K8sForm.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster())
 
 	// decode from JSON to form value
 	decoder := schema.NewDecoder()
@@ -1089,7 +1089,7 @@ func (app *App) HandleGetTemporaryKubeconfig(w http.ResponseWriter, r *http.Requ
 		},
 	}
 
-	form.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster)
+	form.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster())
 
 	// get the API config
 	apiConf, err := form.OutOfClusterConfig.CreateRawConfigFromCluster()

server/api/oauth_do_handler.go

@@ -84,7 +84,7 @@ func (app *App) HandleDOOAuthCallback(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// create the oauth integration first
-	oauthInt, err = app.Repo.OAuthIntegration.CreateOAuthIntegration(oauthInt)
+	oauthInt, err = app.Repo.OAuthIntegration().CreateOAuthIntegration(oauthInt)
 
 	if err != nil {
 		app.handleErrorDataWrite(err, w)

server/api/oauth_github_handler.go

@@ -204,7 +204,7 @@ func (app *App) upsertUserFromToken(tok *oauth2.Token) (*models.User, error) {
 		return nil, err
 	}
 
-	user, err := app.Repo.User.ReadUserByGithubUserID(*githubUser.ID)
+	user, err := app.Repo.User().ReadUserByGithubUserID(*githubUser.ID)
 
 	// if the user does not exist, create new user
 	if err != nil && err == gorm.ErrRecordNotFound {
@@ -231,7 +231,7 @@ func (app *App) upsertUserFromToken(tok *oauth2.Token) (*models.User, error) {
 		}
 
 		// check if a user with that email address already exists
-		_, err = app.Repo.User.ReadUserByEmail(primary)
+		_, err = app.Repo.User().ReadUserByEmail(primary)
 
 		if err == gorm.ErrRecordNotFound {
 			user = &models.User{
@@ -240,7 +240,7 @@ func (app *App) upsertUserFromToken(tok *oauth2.Token) (*models.User, error) {
 				GithubUserID:  githubUser.GetID(),
 			}
 
-			user, err = app.Repo.User.CreateUser(user)
+			user, err = app.Repo.User().CreateUser(user)
 
 			if err != nil {
 				return nil, err
@@ -277,7 +277,7 @@ func (app *App) updateProjectFromToken(projectID uint, userID uint, tok *oauth2.
 	}
 
 	// create the oauth integration first
-	oauthInt, err = app.Repo.OAuthIntegration.CreateOAuthIntegration(oauthInt)
+	oauthInt, err = app.Repo.OAuthIntegration().CreateOAuthIntegration(oauthInt)
 
 	if err != nil {
 		return err
@@ -290,7 +290,7 @@ func (app *App) updateProjectFromToken(projectID uint, userID uint, tok *oauth2.
 		OAuthIntegrationID: oauthInt.ID,
 	}
 
-	gr, err = app.Repo.GitRepo.CreateGitRepo(gr)
+	gr, err = app.Repo.GitRepo().CreateGitRepo(gr)
 
 	return err
 }

server/api/oauth_google_handler.go

@@ -150,12 +150,12 @@ func (app *App) upsertGoogleUserFromToken(tok *oauth2.Token) (*models.User, erro
 		}
 	}
 
-	user, err := app.Repo.User.ReadUserByGoogleUserID(gInfo.Sub)
+	user, err := app.Repo.User().ReadUserByGoogleUserID(gInfo.Sub)
 
 	// if the user does not exist, create new user
 	if err != nil && err == gorm.ErrRecordNotFound {
 		// check if a user with that email address already exists
-		_, err = app.Repo.User.ReadUserByEmail(gInfo.Email)
+		_, err = app.Repo.User().ReadUserByEmail(gInfo.Email)
 
 		if err == gorm.ErrRecordNotFound {
 			user = &models.User{
@@ -164,7 +164,7 @@ func (app *App) upsertGoogleUserFromToken(tok *oauth2.Token) (*models.User, erro
 				GoogleUserID:  gInfo.Sub,
 			}
 
-			user, err = app.Repo.User.CreateUser(user)
+			user, err = app.Repo.User().CreateUser(user)
 
 			if err != nil {
 				return nil, err

server/api/project_handler.go

@@ -45,7 +45,7 @@ func (app *App) HandleCreateProject(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// convert the form to a project model
-	projModel, err := form.ToProject(app.Repo.Project)
+	projModel, err := form.ToProject(app.Repo.Project())
 
 	if err != nil {
 		app.handleErrorFormDecoding(err, ErrProjectDecode, w)
@@ -53,7 +53,7 @@ func (app *App) HandleCreateProject(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// handle write to the database
-	projModel, err = app.Repo.Project.CreateProject(projModel)
+	projModel, err = app.Repo.Project().CreateProject(projModel)
 
 	if err != nil {
 		app.handleErrorDataWrite(err, w)
@@ -61,7 +61,7 @@ func (app *App) HandleCreateProject(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// create a new Role with the user as the admin
-	_, err = app.Repo.Project.CreateProjectRole(projModel, &models.Role{
+	_, err = app.Repo.Project().CreateProjectRole(projModel, &models.Role{
 		Role: types.Role{
 			UserID:    userID,
 			ProjectID: projModel.ID,
@@ -96,7 +96,7 @@ func (app *App) HandleReadProject(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	proj, err := app.Repo.Project.ReadProject(uint(id))
+	proj, err := app.Repo.Project().ReadProject(uint(id))
 
 	if err != nil {
 		app.handleErrorRead(err, ErrProjectDataRead, w)
@@ -123,14 +123,14 @@ func (app *App) HandleDeleteProject(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	proj, err := app.Repo.Project.ReadProject(uint(id))
+	proj, err := app.Repo.Project().ReadProject(uint(id))
 
 	if err != nil {
 		app.handleErrorRead(err, ErrProjectDataRead, w)
 		return
 	}
 
-	proj, err = app.Repo.Project.DeleteProject(proj)
+	proj, err = app.Repo.Project().DeleteProject(proj)
 
 	if err != nil {
 		app.handleErrorRead(err, ErrProjectDataRead, w)

server/api/project_handler_test.go

@@ -142,19 +142,19 @@ func TestHandleDeleteProject(t *testing.T) {
 // ------------------------- INITIALIZERS AND VALIDATORS ------------------------- //
 
 func initProject(tester *tester) {
-	user, err := tester.repo.User.ReadUserByEmail("belanger@getporter.dev")
+	user, err := tester.repo.User().ReadUserByEmail("belanger@getporter.dev")
 
 	if err != nil {
 		panic(err)
 	}
 
 	// handle write to the database
-	projModel, _ := tester.repo.Project.CreateProject(&models.Project{
+	projModel, _ := tester.repo.Project().CreateProject(&models.Project{
 		Name: "project-test",
 	})
 
 	// create a new Role with the user as the owner
-	tester.repo.Project.CreateProjectRole(projModel, &models.Role{
+	tester.repo.Project().CreateProjectRole(projModel, &models.Role{
 		Role: types.Role{
 			UserID:    user.ID,
 			ProjectID: projModel.ID,

server/api/provision_handler.go

@@ -44,7 +44,7 @@ func (app *App) HandleProvisionTestInfra(w http.ResponseWriter, r *http.Request)
 	}
 
 	// handle write to the database
-	infra, err = app.Repo.Infra.CreateInfra(infra)
+	infra, err = app.Repo.Infra().CreateInfra(infra)
 
 	if err != nil {
 		app.handleErrorDataWrite(err, w)
@@ -54,7 +54,7 @@ func (app *App) HandleProvisionTestInfra(w http.ResponseWriter, r *http.Request)
 	_, err = app.InClusterAgent.ProvisionTest(
 		uint(projID),
 		infra,
-		*app.Repo,
+		app.Repo,
 		provisioner.Apply,
 		&app.DBConf,
 		app.RedisConf,
@@ -63,7 +63,7 @@ func (app *App) HandleProvisionTestInfra(w http.ResponseWriter, r *http.Request)
 
 	if err != nil {
 		infra.Status = models.StatusError
-		infra, _ = app.Repo.Infra.UpdateInfra(infra)
+		infra, _ = app.Repo.Infra().UpdateInfra(infra)
 
 		app.handleErrorInternal(err, w)
 		return
@@ -92,7 +92,7 @@ func (app *App) HandleDestroyTestInfra(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// read infra to get id
-	infra, err := app.Repo.Infra.ReadInfra(uint(infraID))
+	infra, err := app.Repo.Infra().ReadInfra(uint(infraID))
 
 	if err != nil {
 		app.handleErrorDataRead(err, w)
@@ -104,7 +104,7 @@ func (app *App) HandleDestroyTestInfra(w http.ResponseWriter, r *http.Request) {
 
 	if err != nil {
 		infra.Status = models.StatusError
-		infra, _ = app.Repo.Infra.UpdateInfra(infra)
+		infra, _ = app.Repo.Infra().UpdateInfra(infra)
 
 		app.handleErrorDataRead(err, w)
 		return
@@ -112,7 +112,7 @@ func (app *App) HandleDestroyTestInfra(w http.ResponseWriter, r *http.Request) {
 
 	// mark infra for deletion
 	infra.Status = models.StatusDestroying
-	infra, err = app.Repo.Infra.UpdateInfra(infra)
+	infra, err = app.Repo.Infra().UpdateInfra(infra)
 
 	if err != nil {
 		app.handleErrorDataWrite(err, w)
@@ -122,7 +122,7 @@ func (app *App) HandleDestroyTestInfra(w http.ResponseWriter, r *http.Request) {
 	_, err = agent.ProvisionTest(
 		infra.ProjectID,
 		infra,
-		*app.Repo,
+		app.Repo,
 		provisioner.Destroy,
 		&app.DBConf,
 		app.RedisConf,
@@ -173,18 +173,18 @@ func (app *App) HandleProvisionAWSECRInfra(w http.ResponseWriter, r *http.Reques
 	}
 
 	// handle write to the database
-	infra, err = app.Repo.Infra.CreateInfra(infra)
+	infra, err = app.Repo.Infra().CreateInfra(infra)
 
 	if err != nil {
 		app.handleErrorDataWrite(err, w)
 		return
 	}
 
-	awsInt, err := app.Repo.AWSIntegration.ReadAWSIntegration(infra.AWSIntegrationID)
+	awsInt, err := app.Repo.AWSIntegration().ReadAWSIntegration(infra.AWSIntegrationID)
 
 	if err != nil {
 		infra.Status = models.StatusError
-		infra, _ = app.Repo.Infra.UpdateInfra(infra)
+		infra, _ = app.Repo.Infra().UpdateInfra(infra)
 
 		app.handleErrorDataRead(err, w)
 		return
@@ -195,7 +195,7 @@ func (app *App) HandleProvisionAWSECRInfra(w http.ResponseWriter, r *http.Reques
 		uint(projID),
 		awsInt,
 		form.ECRName,
-		*app.Repo,
+		app.Repo,
 		infra,
 		provisioner.Apply,
 		&app.DBConf,
@@ -205,7 +205,7 @@ func (app *App) HandleProvisionAWSECRInfra(w http.ResponseWriter, r *http.Reques
 
 	if err != nil {
 		infra.Status = models.StatusError
-		infra, _ = app.Repo.Infra.UpdateInfra(infra)
+		infra, _ = app.Repo.Infra().UpdateInfra(infra)
 
 		app.handleErrorInternal(err, w)
 		return
@@ -234,21 +234,21 @@ func (app *App) HandleDestroyAWSECRInfra(w http.ResponseWriter, r *http.Request)
 	}
 
 	// read infra to get id
-	infra, err := app.Repo.Infra.ReadInfra(uint(infraID))
+	infra, err := app.Repo.Infra().ReadInfra(uint(infraID))
 
 	if err != nil {
 		app.handleErrorDataRead(err, w)
 		return
 	}
 
-	awsInt, err := app.Repo.AWSIntegration.ReadAWSIntegration(infra.AWSIntegrationID)
+	awsInt, err := app.Repo.AWSIntegration().ReadAWSIntegration(infra.AWSIntegrationID)
 
 	form := &forms.DestroyECRInfra{}
 
 	// decode from JSON to form value
 	if err := json.NewDecoder(r.Body).Decode(form); err != nil {
 		infra.Status = models.StatusError
-		infra, _ = app.Repo.Infra.UpdateInfra(infra)
+		infra, _ = app.Repo.Infra().UpdateInfra(infra)
 
 		app.handleErrorFormDecoding(err, ErrProjectDecode, w)
 		return
@@ -257,7 +257,7 @@ func (app *App) HandleDestroyAWSECRInfra(w http.ResponseWriter, r *http.Request)
 	// validate the form
 	if err := app.validator.Struct(form); err != nil {
 		infra.Status = models.StatusError
-		infra, _ = app.Repo.Infra.UpdateInfra(infra)
+		infra, _ = app.Repo.Infra().UpdateInfra(infra)
 
 		app.handleErrorFormValidation(err, ErrProjectValidateFields, w)
 		return
@@ -266,7 +266,7 @@ func (app *App) HandleDestroyAWSECRInfra(w http.ResponseWriter, r *http.Request)
 	// launch provisioning destruction pod
 	// mark infra for deletion
 	infra.Status = models.StatusDestroying
-	infra, err = app.Repo.Infra.UpdateInfra(infra)
+	infra, err = app.Repo.Infra().UpdateInfra(infra)
 
 	if err != nil {
 		app.handleErrorDataWrite(err, w)
@@ -277,7 +277,7 @@ func (app *App) HandleDestroyAWSECRInfra(w http.ResponseWriter, r *http.Request)
 		infra.ProjectID,
 		awsInt,
 		form.ECRName,
-		*app.Repo,
+		app.Repo,
 		infra,
 		provisioner.Destroy,
 		&app.DBConf,
@@ -329,18 +329,18 @@ func (app *App) HandleProvisionAWSEKSInfra(w http.ResponseWriter, r *http.Reques
 	}
 
 	// handle write to the database
-	infra, err = app.Repo.Infra.CreateInfra(infra)
+	infra, err = app.Repo.Infra().CreateInfra(infra)
 
 	if err != nil {
 		app.handleErrorDataWrite(err, w)
 		return
 	}
 
-	awsInt, err := app.Repo.AWSIntegration.ReadAWSIntegration(infra.AWSIntegrationID)
+	awsInt, err := app.Repo.AWSIntegration().ReadAWSIntegration(infra.AWSIntegrationID)
 
 	if err != nil {
 		infra.Status = models.StatusError
-		infra, _ = app.Repo.Infra.UpdateInfra(infra)
+		infra, _ = app.Repo.Infra().UpdateInfra(infra)
 
 		app.handleErrorDataRead(err, w)
 		return
@@ -352,7 +352,7 @@ func (app *App) HandleProvisionAWSEKSInfra(w http.ResponseWriter, r *http.Reques
 		awsInt,
 		form.EKSName,
 		form.MachineType,
-		*app.Repo,
+		app.Repo,
 		infra,
 		provisioner.Apply,
 		&app.DBConf,
@@ -362,7 +362,7 @@ func (app *App) HandleProvisionAWSEKSInfra(w http.ResponseWriter, r *http.Reques
 
 	if err != nil {
 		infra.Status = models.StatusError
-		infra, _ = app.Repo.Infra.UpdateInfra(infra)
+		infra, _ = app.Repo.Infra().UpdateInfra(infra)
 
 		app.handleErrorInternal(err, w)
 		return
@@ -391,21 +391,21 @@ func (app *App) HandleDestroyAWSEKSInfra(w http.ResponseWriter, r *http.Request)
 	}
 
 	// read infra to get id
-	infra, err := app.Repo.Infra.ReadInfra(uint(infraID))
+	infra, err := app.Repo.Infra().ReadInfra(uint(infraID))
 
 	if err != nil {
 		app.handleErrorDataRead(err, w)
 		return
 	}
 
-	awsInt, err := app.Repo.AWSIntegration.ReadAWSIntegration(infra.AWSIntegrationID)
+	awsInt, err := app.Repo.AWSIntegration().ReadAWSIntegration(infra.AWSIntegrationID)
 
 	form := &forms.DestroyEKSInfra{}
 
 	// decode from JSON to form value
 	if err := json.NewDecoder(r.Body).Decode(form); err != nil {
 		infra.Status = models.StatusError
-		infra, _ = app.Repo.Infra.UpdateInfra(infra)
+		infra, _ = app.Repo.Infra().UpdateInfra(infra)
 
 		app.handleErrorFormDecoding(err, ErrProjectDecode, w)
 		return
@@ -414,7 +414,7 @@ func (app *App) HandleDestroyAWSEKSInfra(w http.ResponseWriter, r *http.Request)
 	// validate the form
 	if err := app.validator.Struct(form); err != nil {
 		infra.Status = models.StatusError
-		infra, _ = app.Repo.Infra.UpdateInfra(infra)
+		infra, _ = app.Repo.Infra().UpdateInfra(infra)
 
 		app.handleErrorFormValidation(err, ErrProjectValidateFields, w)
 		return
@@ -423,7 +423,7 @@ func (app *App) HandleDestroyAWSEKSInfra(w http.ResponseWriter, r *http.Request)
 	// launch provisioning destruction pod
 	// mark infra for deletion
 	infra.Status = models.StatusDestroying
-	infra, err = app.Repo.Infra.UpdateInfra(infra)
+	infra, err = app.Repo.Infra().UpdateInfra(infra)
 
 	if err != nil {
 		app.handleErrorDataWrite(err, w)
@@ -435,7 +435,7 @@ func (app *App) HandleDestroyAWSEKSInfra(w http.ResponseWriter, r *http.Request)
 		awsInt,
 		form.EKSName,
 		"",
-		*app.Repo,
+		app.Repo,
 		infra,
 		provisioner.Destroy,
 		&app.DBConf,
@@ -487,18 +487,18 @@ func (app *App) HandleProvisionGCPGCRInfra(w http.ResponseWriter, r *http.Reques
 	}
 
 	// handle write to the database
-	infra, err = app.Repo.Infra.CreateInfra(infra)
+	infra, err = app.Repo.Infra().CreateInfra(infra)
 
 	if err != nil {
 		app.handleErrorDataWrite(err, w)
 		return
 	}
 
-	gcpInt, err := app.Repo.GCPIntegration.ReadGCPIntegration(infra.GCPIntegrationID)
+	gcpInt, err := app.Repo.GCPIntegration().ReadGCPIntegration(infra.GCPIntegrationID)
 
 	if err != nil {
 		infra.Status = models.StatusError
-		infra, _ = app.Repo.Infra.UpdateInfra(infra)
+		infra, _ = app.Repo.Infra().UpdateInfra(infra)
 
 		app.handleErrorDataRead(err, w)
 		return
@@ -508,7 +508,7 @@ func (app *App) HandleProvisionGCPGCRInfra(w http.ResponseWriter, r *http.Reques
 	_, err = app.InClusterAgent.ProvisionGCR(
 		uint(projID),
 		gcpInt,
-		*app.Repo,
+		app.Repo,
 		infra,
 		provisioner.Apply,
 		&app.DBConf,
@@ -518,7 +518,7 @@ func (app *App) HandleProvisionGCPGCRInfra(w http.ResponseWriter, r *http.Reques
 
 	if err != nil {
 		infra.Status = models.StatusError
-		infra, _ = app.Repo.Infra.UpdateInfra(infra)
+		infra, _ = app.Repo.Infra().UpdateInfra(infra)
 
 		app.handleErrorInternal(err, w)
 		return
@@ -570,18 +570,18 @@ func (app *App) HandleProvisionGCPGKEInfra(w http.ResponseWriter, r *http.Reques
 	}
 
 	// handle write to the database
-	infra, err = app.Repo.Infra.CreateInfra(infra)
+	infra, err = app.Repo.Infra().CreateInfra(infra)
 
 	if err != nil {
 		app.handleErrorDataWrite(err, w)
 		return
 	}
 
-	gcpInt, err := app.Repo.GCPIntegration.ReadGCPIntegration(infra.GCPIntegrationID)
+	gcpInt, err := app.Repo.GCPIntegration().ReadGCPIntegration(infra.GCPIntegrationID)
 
 	if err != nil {
 		infra.Status = models.StatusError
-		infra, _ = app.Repo.Infra.UpdateInfra(infra)
+		infra, _ = app.Repo.Infra().UpdateInfra(infra)
 
 		app.handleErrorDataRead(err, w)
 		return
@@ -592,7 +592,7 @@ func (app *App) HandleProvisionGCPGKEInfra(w http.ResponseWriter, r *http.Reques
 		uint(projID),
 		gcpInt,
 		form.GKEName,
-		*app.Repo,
+		app.Repo,
 		infra,
 		provisioner.Apply,
 		&app.DBConf,
@@ -602,7 +602,7 @@ func (app *App) HandleProvisionGCPGKEInfra(w http.ResponseWriter, r *http.Reques
 
 	if err != nil {
 		infra.Status = models.StatusError
-		infra, _ = app.Repo.Infra.UpdateInfra(infra)
+		infra, _ = app.Repo.Infra().UpdateInfra(infra)
 
 		app.handleErrorInternal(err, w)
 		return
@@ -631,21 +631,21 @@ func (app *App) HandleDestroyGCPGKEInfra(w http.ResponseWriter, r *http.Request)
 	}
 
 	// read infra to get id
-	infra, err := app.Repo.Infra.ReadInfra(uint(infraID))
+	infra, err := app.Repo.Infra().ReadInfra(uint(infraID))
 
 	if err != nil {
 		app.handleErrorDataRead(err, w)
 		return
 	}
 
-	gcpInt, err := app.Repo.GCPIntegration.ReadGCPIntegration(infra.GCPIntegrationID)
+	gcpInt, err := app.Repo.GCPIntegration().ReadGCPIntegration(infra.GCPIntegrationID)
 
 	form := &forms.DestroyGKEInfra{}
 
 	// decode from JSON to form value
 	if err := json.NewDecoder(r.Body).Decode(form); err != nil {
 		infra.Status = models.StatusError
-		infra, _ = app.Repo.Infra.UpdateInfra(infra)
+		infra, _ = app.Repo.Infra().UpdateInfra(infra)
 
 		app.handleErrorFormDecoding(err, ErrProjectDecode, w)
 		return
@@ -654,7 +654,7 @@ func (app *App) HandleDestroyGCPGKEInfra(w http.ResponseWriter, r *http.Request)
 	// validate the form
 	if err := app.validator.Struct(form); err != nil {
 		infra.Status = models.StatusError
-		infra, _ = app.Repo.Infra.UpdateInfra(infra)
+		infra, _ = app.Repo.Infra().UpdateInfra(infra)
 
 		app.handleErrorFormValidation(err, ErrProjectValidateFields, w)
 		return
@@ -663,7 +663,7 @@ func (app *App) HandleDestroyGCPGKEInfra(w http.ResponseWriter, r *http.Request)
 	// launch provisioning destruction pod
 	// mark infra for deletion
 	infra.Status = models.StatusDestroying
-	infra, err = app.Repo.Infra.UpdateInfra(infra)
+	infra, err = app.Repo.Infra().UpdateInfra(infra)
 
 	if err != nil {
 		app.handleErrorDataWrite(err, w)
@@ -674,7 +674,7 @@ func (app *App) HandleDestroyGCPGKEInfra(w http.ResponseWriter, r *http.Request)
 		infra.ProjectID,
 		gcpInt,
 		form.GKEName,
-		*app.Repo,
+		app.Repo,
 		infra,
 		provisioner.Destroy,
 		&app.DBConf,
@@ -703,7 +703,7 @@ func (app *App) HandleGetProvisioningLogs(w http.ResponseWriter, r *http.Request
 	}
 
 	// read infra to get id
-	infra, err := app.Repo.Infra.ReadInfra(uint(infraID))
+	infra, err := app.Repo.Infra().ReadInfra(uint(infraID))
 
 	if err != nil {
 		app.handleErrorDataRead(err, w)
@@ -770,18 +770,18 @@ func (app *App) HandleProvisionDODOCRInfra(w http.ResponseWriter, r *http.Reques
 	}
 
 	// handle write to the database
-	infra, err = app.Repo.Infra.CreateInfra(infra)
+	infra, err = app.Repo.Infra().CreateInfra(infra)
 
 	if err != nil {
 		app.handleErrorDataWrite(err, w)
 		return
 	}
 
-	oauthInt, err := app.Repo.OAuthIntegration.ReadOAuthIntegration(infra.DOIntegrationID)
+	oauthInt, err := app.Repo.OAuthIntegration().ReadOAuthIntegration(infra.DOIntegrationID)
 
 	if err != nil {
 		infra.Status = models.StatusError
-		infra, _ = app.Repo.Infra.UpdateInfra(infra)
+		infra, _ = app.Repo.Infra().UpdateInfra(infra)
 
 		app.handleErrorDataRead(err, w)
 		return
@@ -792,7 +792,7 @@ func (app *App) HandleProvisionDODOCRInfra(w http.ResponseWriter, r *http.Reques
 		uint(projID),
 		oauthInt,
 		app.DOConf,
-		*app.Repo,
+		app.Repo,
 		form.DOCRName,
 		form.DOCRSubscriptionTier,
 		infra,
@@ -804,7 +804,7 @@ func (app *App) HandleProvisionDODOCRInfra(w http.ResponseWriter, r *http.Reques
 
 	if err != nil {
 		infra.Status = models.StatusError
-		infra, _ = app.Repo.Infra.UpdateInfra(infra)
+		infra, _ = app.Repo.Infra().UpdateInfra(infra)
 
 		app.handleErrorInternal(err, w)
 		return
@@ -833,21 +833,21 @@ func (app *App) HandleDestroyDODOCRInfra(w http.ResponseWriter, r *http.Request)
 	}
 
 	// read infra to get id
-	infra, err := app.Repo.Infra.ReadInfra(uint(infraID))
+	infra, err := app.Repo.Infra().ReadInfra(uint(infraID))
 
 	if err != nil {
 		app.handleErrorDataRead(err, w)
 		return
 	}
 
-	oauthInt, err := app.Repo.OAuthIntegration.ReadOAuthIntegration(infra.DOIntegrationID)
+	oauthInt, err := app.Repo.OAuthIntegration().ReadOAuthIntegration(infra.DOIntegrationID)
 
 	form := &forms.DestroyDOCRInfra{}
 
 	// decode from JSON to form value
 	if err := json.NewDecoder(r.Body).Decode(form); err != nil {
 		infra.Status = models.StatusError
-		infra, _ = app.Repo.Infra.UpdateInfra(infra)
+		infra, _ = app.Repo.Infra().UpdateInfra(infra)
 
 		app.handleErrorFormDecoding(err, ErrProjectDecode, w)
 		return
@@ -856,7 +856,7 @@ func (app *App) HandleDestroyDODOCRInfra(w http.ResponseWriter, r *http.Request)
 	// validate the form
 	if err := app.validator.Struct(form); err != nil {
 		infra.Status = models.StatusError
-		infra, _ = app.Repo.Infra.UpdateInfra(infra)
+		infra, _ = app.Repo.Infra().UpdateInfra(infra)
 
 		app.handleErrorFormValidation(err, ErrProjectValidateFields, w)
 		return
@@ -865,7 +865,7 @@ func (app *App) HandleDestroyDODOCRInfra(w http.ResponseWriter, r *http.Request)
 	// launch provisioning destruction pod
 	// mark infra for deletion
 	infra.Status = models.StatusDestroying
-	infra, err = app.Repo.Infra.UpdateInfra(infra)
+	infra, err = app.Repo.Infra().UpdateInfra(infra)
 
 	if err != nil {
 		app.handleErrorDataWrite(err, w)
@@ -876,7 +876,7 @@ func (app *App) HandleDestroyDODOCRInfra(w http.ResponseWriter, r *http.Request)
 		infra.ProjectID,
 		oauthInt,
 		app.DOConf,
-		*app.Repo,
+		app.Repo,
 		form.DOCRName,
 		"basic", // this doesn't matter for destroy
 		infra,
@@ -930,18 +930,18 @@ func (app *App) HandleProvisionDODOKSInfra(w http.ResponseWriter, r *http.Reques
 	}
 
 	// handle write to the database
-	infra, err = app.Repo.Infra.CreateInfra(infra)
+	infra, err = app.Repo.Infra().CreateInfra(infra)
 
 	if err != nil {
 		app.handleErrorDataWrite(err, w)
 		return
 	}
 
-	oauthInt, err := app.Repo.OAuthIntegration.ReadOAuthIntegration(infra.DOIntegrationID)
+	oauthInt, err := app.Repo.OAuthIntegration().ReadOAuthIntegration(infra.DOIntegrationID)
 
 	if err != nil {
 		infra.Status = models.StatusError
-		infra, _ = app.Repo.Infra.UpdateInfra(infra)
+		infra, _ = app.Repo.Infra().UpdateInfra(infra)
 
 		app.handleErrorDataRead(err, w)
 		return
@@ -952,7 +952,7 @@ func (app *App) HandleProvisionDODOKSInfra(w http.ResponseWriter, r *http.Reques
 		uint(projID),
 		oauthInt,
 		app.DOConf,
-		*app.Repo,
+		app.Repo,
 		form.DORegion,
 		form.DOKSName,
 		infra,
@@ -964,7 +964,7 @@ func (app *App) HandleProvisionDODOKSInfra(w http.ResponseWriter, r *http.Reques
 
 	if err != nil {
 		infra.Status = models.StatusError
-		infra, _ = app.Repo.Infra.UpdateInfra(infra)
+		infra, _ = app.Repo.Infra().UpdateInfra(infra)
 
 		app.handleErrorInternal(err, w)
 		return
@@ -993,21 +993,21 @@ func (app *App) HandleDestroyDODOKSInfra(w http.ResponseWriter, r *http.Request)
 	}
 
 	// read infra to get id
-	infra, err := app.Repo.Infra.ReadInfra(uint(infraID))
+	infra, err := app.Repo.Infra().ReadInfra(uint(infraID))
 
 	if err != nil {
 		app.handleErrorDataRead(err, w)
 		return
 	}
 
-	oauthInt, err := app.Repo.OAuthIntegration.ReadOAuthIntegration(infra.DOIntegrationID)
+	oauthInt, err := app.Repo.OAuthIntegration().ReadOAuthIntegration(infra.DOIntegrationID)
 
 	form := &forms.DestroyDOKSInfra{}
 
 	// decode from JSON to form value
 	if err := json.NewDecoder(r.Body).Decode(form); err != nil {
 		infra.Status = models.StatusError
-		infra, _ = app.Repo.Infra.UpdateInfra(infra)
+		infra, _ = app.Repo.Infra().UpdateInfra(infra)
 
 		app.handleErrorFormDecoding(err, ErrProjectDecode, w)
 		return
@@ -1016,7 +1016,7 @@ func (app *App) HandleDestroyDODOKSInfra(w http.ResponseWriter, r *http.Request)
 	// validate the form
 	if err := app.validator.Struct(form); err != nil {
 		infra.Status = models.StatusError
-		infra, _ = app.Repo.Infra.UpdateInfra(infra)
+		infra, _ = app.Repo.Infra().UpdateInfra(infra)
 
 		app.handleErrorFormValidation(err, ErrProjectValidateFields, w)
 		return
@@ -1025,7 +1025,7 @@ func (app *App) HandleDestroyDODOKSInfra(w http.ResponseWriter, r *http.Request)
 	// launch provisioning destruction pod
 	// mark infra for deletion
 	infra.Status = models.StatusDestroying
-	infra, err = app.Repo.Infra.UpdateInfra(infra)
+	infra, err = app.Repo.Infra().UpdateInfra(infra)
 
 	if err != nil {
 		app.handleErrorDataWrite(err, w)
@@ -1036,7 +1036,7 @@ func (app *App) HandleDestroyDODOKSInfra(w http.ResponseWriter, r *http.Request)
 		infra.ProjectID,
 		oauthInt,
 		app.DOConf,
-		*app.Repo,
+		app.Repo,
 		"nyc1",
 		form.DOKSName,
 		infra,

server/api/registry_handler.go

@@ -45,7 +45,7 @@ func (app *App) HandleCreateRegistry(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// convert the form to a registry
-	registry, err := form.ToRegistry(*app.Repo)
+	registry, err := form.ToRegistry(app.Repo)
 
 	if err != nil {
 		app.handleErrorFormDecoding(err, ErrProjectDecode, w)
@@ -53,7 +53,7 @@ func (app *App) HandleCreateRegistry(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// handle write to the database
-	registry, err = app.Repo.Registry.CreateRegistry(registry)
+	registry, err = app.Repo.Registry().CreateRegistry(registry)
 
 	if err != nil {
 		app.handleErrorDataWrite(err, w)
@@ -81,7 +81,7 @@ func (app *App) HandleListProjectRegistries(w http.ResponseWriter, r *http.Reque
 		return
 	}
 
-	regs, err := app.Repo.Registry.ListRegistriesByProjectID(uint(projID))
+	regs, err := app.Repo.Registry().ListRegistriesByProjectID(uint(projID))
 
 	if err != nil {
 		app.handleErrorRead(err, ErrProjectDataRead, w)
@@ -125,13 +125,13 @@ func (app *App) HandleGetProjectRegistryECRToken(w http.ResponseWriter, r *http.
 	}
 
 	// list registries and find one that matches the region
-	regs, err := app.Repo.Registry.ListRegistriesByProjectID(uint(projID))
+	regs, err := app.Repo.Registry().ListRegistriesByProjectID(uint(projID))
 	var token string
 	var expiresAt *time.Time
 
 	for _, reg := range regs {
 		if reg.AWSIntegrationID != 0 {
-			awsInt, err := app.Repo.AWSIntegration.ReadAWSIntegration(reg.AWSIntegrationID)
+			awsInt, err := app.Repo.AWSIntegration().ReadAWSIntegration(reg.AWSIntegrationID)
 
 			if err != nil {
 				app.handleErrorDataRead(err, w)
@@ -185,13 +185,13 @@ func (app *App) HandleGetProjectRegistryDockerhubToken(w http.ResponseWriter, r
 	}
 
 	// list registries and find one that matches the region
-	regs, err := app.Repo.Registry.ListRegistriesByProjectID(uint(projID))
+	regs, err := app.Repo.Registry().ListRegistriesByProjectID(uint(projID))
 	var token string
 	var expiresAt *time.Time
 
 	for _, reg := range regs {
 		if reg.BasicIntegrationID != 0 && strings.Contains(reg.URL, "index.docker.io") {
-			basic, err := app.Repo.BasicIntegration.ReadBasicIntegration(reg.BasicIntegrationID)
+			basic, err := app.Repo.BasicIntegration().ReadBasicIntegration(reg.BasicIntegrationID)
 
 			if err != nil {
 				app.handleErrorDataRead(err, w)
@@ -241,7 +241,7 @@ func (app *App) HandleGetProjectRegistryGCRToken(w http.ResponseWriter, r *http.
 	}
 
 	// list registries and find one that matches the region
-	regs, err := app.Repo.Registry.ListRegistriesByProjectID(uint(projID))
+	regs, err := app.Repo.Registry().ListRegistriesByProjectID(uint(projID))
 	var token string
 	var expiresAt *time.Time
 
@@ -249,7 +249,7 @@ func (app *App) HandleGetProjectRegistryGCRToken(w http.ResponseWriter, r *http.
 		if reg.GCPIntegrationID != 0 && strings.Contains(reg.URL, reqBody.ServerURL) {
 			_reg := registry.Registry(*reg)
 
-			tokenCache, err := _reg.GetGCRToken(*app.Repo)
+			tokenCache, err := _reg.GetGCRToken(app.Repo)
 
 			if err != nil {
 				app.handleErrorDataRead(err, w)
@@ -293,20 +293,20 @@ func (app *App) HandleGetProjectRegistryDOCRToken(w http.ResponseWriter, r *http
 	}
 
 	// list registries and find one that matches the region
-	regs, err := app.Repo.Registry.ListRegistriesByProjectID(uint(projID))
+	regs, err := app.Repo.Registry().ListRegistriesByProjectID(uint(projID))
 	var token string
 	var expiresAt *time.Time
 
 	for _, reg := range regs {
 		if reg.DOIntegrationID != 0 && strings.Contains(reg.URL, reqBody.ServerURL) {
-			oauthInt, err := app.Repo.OAuthIntegration.ReadOAuthIntegration(reg.DOIntegrationID)
+			oauthInt, err := app.Repo.OAuthIntegration().ReadOAuthIntegration(reg.DOIntegrationID)
 
 			if err != nil {
 				app.handleErrorDataRead(err, w)
 				return
 			}
 
-			tok, expiry, err := oauth.GetAccessToken(oauthInt, app.DOConf, *app.Repo)
+			tok, expiry, err := oauth.GetAccessToken(oauthInt, app.DOConf, app.Repo)
 
 			if err != nil {
 				app.handleErrorDataRead(err, w)
@@ -365,7 +365,7 @@ func (app *App) HandleUpdateProjectRegistry(w http.ResponseWriter, r *http.Reque
 	}
 
 	// convert the form to a registry
-	registry, err := form.ToRegistry(app.Repo.Registry)
+	registry, err := form.ToRegistry(app.Repo.Registry())
 
 	if err != nil {
 		app.handleErrorFormDecoding(err, ErrProjectDecode, w)
@@ -373,7 +373,7 @@ func (app *App) HandleUpdateProjectRegistry(w http.ResponseWriter, r *http.Reque
 	}
 
 	// handle write to the database
-	registry, err = app.Repo.Registry.UpdateRegistry(registry)
+	registry, err = app.Repo.Registry().UpdateRegistry(registry)
 
 	if err != nil {
 		app.handleErrorDataWrite(err, w)
@@ -399,14 +399,14 @@ func (app *App) HandleDeleteProjectRegistry(w http.ResponseWriter, r *http.Reque
 		return
 	}
 
-	reg, err := app.Repo.Registry.ReadRegistry(uint(id))
+	reg, err := app.Repo.Registry().ReadRegistry(uint(id))
 
 	if err != nil {
 		app.handleErrorRead(err, ErrProjectDataRead, w)
 		return
 	}
 
-	err = app.Repo.Registry.DeleteRegistry(reg)
+	err = app.Repo.Registry().DeleteRegistry(reg)
 
 	if err != nil {
 		app.handleErrorRead(err, ErrProjectDataRead, w)
@@ -425,7 +425,7 @@ func (app *App) HandleListRepositories(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	reg, err := app.Repo.Registry.ReadRegistry(uint(regID))
+	reg, err := app.Repo.Registry().ReadRegistry(uint(regID))
 
 	if err != nil {
 		app.handleErrorRead(err, ErrProjectDataRead, w)
@@ -436,7 +436,7 @@ func (app *App) HandleListRepositories(w http.ResponseWriter, r *http.Request) {
 	_reg := registry.Registry(*reg)
 	regAPI := &_reg
 
-	repos, err := regAPI.ListRepositories(*app.Repo, app.DOConf)
+	repos, err := regAPI.ListRepositories(app.Repo, app.DOConf)
 
 	if err != nil {
 		app.handleErrorRead(err, ErrProjectDataRead, w)
@@ -462,7 +462,7 @@ func (app *App) HandleListImages(w http.ResponseWriter, r *http.Request) {
 
 	repoName := chi.URLParam(r, "*")
 
-	reg, err := app.Repo.Registry.ReadRegistry(uint(regID))
+	reg, err := app.Repo.Registry().ReadRegistry(uint(regID))
 
 	if err != nil {
 		app.handleErrorRead(err, ErrProjectDataRead, w)
@@ -473,7 +473,7 @@ func (app *App) HandleListImages(w http.ResponseWriter, r *http.Request) {
 	_reg := registry.Registry(*reg)
 	regAPI := &_reg
 
-	imgs, err := regAPI.ListImages(repoName, *app.Repo, app.DOConf)
+	imgs, err := regAPI.ListImages(repoName, app.Repo, app.DOConf)
 
 	if err != nil {
 		app.handleErrorRead(err, ErrProjectDataRead, w)

server/api/registry_handler_test.go

@@ -254,7 +254,7 @@ func TestHandleDeleteRegistry(t *testing.T) {
 // ------------------------- INITIALIZERS AND VALIDATORS ------------------------- //
 
 func initRegistry(tester *tester) {
-	proj, _ := tester.repo.Project.ReadProject(1)
+	proj, _ := tester.repo.Project().ReadProject(1)
 
 	reg := &models.Registry{
 		Name:             "registry-test",
@@ -262,7 +262,7 @@ func initRegistry(tester *tester) {
 		AWSIntegrationID: 1,
 	}
 
-	tester.repo.Registry.CreateRegistry(reg)
+	tester.repo.Registry().CreateRegistry(reg)
 }
 
 func regBodyValidator(c *regTest, tester *tester, t *testing.T) {

server/api/release_handler.go

@@ -139,7 +139,7 @@ func (app *App) HandleGetRelease(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	k8sForm.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster)
+	k8sForm.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster())
 	k8sForm.DefaultNamespace = form.ReleaseForm.Namespace
 
 	// validate the form
@@ -214,7 +214,7 @@ func (app *App) HandleGetRelease(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// if the release was created from this server,
-	modelRelease, err := app.Repo.Release.ReadRelease(form.Cluster.ID, release.Name, release.Namespace)
+	modelRelease, err := app.Repo.Release().ReadRelease(form.Cluster.ID, release.Name, release.Namespace)
 
 	if modelRelease != nil {
 		gitAction := modelRelease.GitActionConfig
@@ -341,7 +341,7 @@ func (app *App) HandleGetReleaseControllers(w http.ResponseWriter, r *http.Reque
 		},
 	}
 
-	k8sForm.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster)
+	k8sForm.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster())
 	k8sForm.DefaultNamespace = form.ReleaseForm.Namespace
 
 	// validate the form
@@ -481,7 +481,7 @@ func (app *App) HandleGetReleaseAllPods(w http.ResponseWriter, r *http.Request)
 		},
 	}
 
-	k8sForm.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster)
+	k8sForm.PopulateK8sOptionsFromQueryParams(vals, app.Repo.Cluster())
 	k8sForm.DefaultNamespace = form.ReleaseForm.Namespace
 
 	// validate the form
@@ -637,7 +637,7 @@ func (app *App) HandleGetReleaseToken(w http.ResponseWriter, r *http.Request) {
 		}, w)
 	}
 
-	release, err := app.Repo.Release.ReadRelease(uint(clusterID), name, namespace)
+	release, err := app.Repo.Release().ReadRelease(uint(clusterID), name, namespace)
 
 	if err != nil {
 		app.sendExternalError(err, http.StatusInternalServerError, HTTPError{
@@ -692,7 +692,7 @@ func (app *App) HandleUpgradeRelease(w http.ResponseWriter, r *http.Request) {
 
 	form.ReleaseForm.PopulateHelmOptionsFromQueryParams(
 		vals,
-		app.Repo.Cluster,
+		app.Repo.Cluster(),
 	)
 
 	if err := json.NewDecoder(r.Body).Decode(form); err != nil {
@@ -711,7 +711,7 @@ func (app *App) HandleUpgradeRelease(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	registries, err := app.Repo.Registry.ListRegistriesByProjectID(uint(projID))
+	registries, err := app.Repo.Registry().ListRegistriesByProjectID(uint(projID))
 
 	if err != nil {
 		app.handleErrorDataRead(err, w)
@@ -721,7 +721,7 @@ func (app *App) HandleUpgradeRelease(w http.ResponseWriter, r *http.Request) {
 	conf := &helm.UpgradeReleaseConfig{
 		Name:       form.Name,
 		Cluster:    form.ReleaseForm.Cluster,
-		Repo:       *app.Repo,
+		Repo:       app.Repo,
 		Registries: registries,
 	}
 
@@ -780,7 +780,7 @@ func (app *App) HandleUpgradeRelease(w http.ResponseWriter, r *http.Request) {
 			}, w)
 		}
 
-		release, err := app.Repo.Release.ReadRelease(uint(clusterID), name, rel.Namespace)
+		release, err := app.Repo.Release().ReadRelease(uint(clusterID), name, rel.Namespace)
 
 		if release != nil {
 			// update image repo uri if changed
@@ -793,7 +793,7 @@ func (app *App) HandleUpgradeRelease(w http.ResponseWriter, r *http.Request) {
 			}
 
 			if repoStr != release.ImageRepoURI {
-				release, err = app.Repo.Release.UpdateRelease(release)
+				release, err = app.Repo.Release().UpdateRelease(release)
 
 				if err != nil {
 					app.handleErrorInternal(err, w)
@@ -809,7 +809,7 @@ func (app *App) HandleUpgradeRelease(w http.ResponseWriter, r *http.Request) {
 
 				yaml.Unmarshal([]byte(form.Values), cEnv)
 
-				gr, err := app.Repo.GitRepo.ReadGitRepo(gitAction.GitRepoID)
+				gr, err := app.Repo.GitRepo().ReadGitRepo(gitAction.GitRepoID)
 
 				if err != nil {
 					app.sendExternalError(err, http.StatusInternalServerError, HTTPError{
@@ -825,7 +825,7 @@ func (app *App) HandleUpgradeRelease(w http.ResponseWriter, r *http.Request) {
 					GitIntegration: gr,
 					GitRepoName:    repoSplit[1],
 					GitRepoOwner:   repoSplit[0],
-					Repo:           *app.Repo,
+					Repo:           app.Repo,
 					GithubConf:     app.GithubProjectConf,
 					WebhookToken:   release.WebhookToken,
 					ProjectID:      uint(projID),
@@ -857,7 +857,7 @@ func (app *App) HandleReleaseDeployWebhook(w http.ResponseWriter, r *http.Reques
 	token := chi.URLParam(r, "token")
 
 	// retrieve release by token
-	release, err := app.Repo.Release.ReadReleaseByWebhookToken(token)
+	release, err := app.Repo.Release().ReadReleaseByWebhookToken(token)
 
 	if err != nil {
 		app.sendExternalError(err, http.StatusInternalServerError, HTTPError{
@@ -892,7 +892,7 @@ func (app *App) HandleReleaseDeployWebhook(w http.ResponseWriter, r *http.Reques
 
 	form.ReleaseForm.PopulateHelmOptionsFromQueryParams(
 		params,
-		app.Repo.Cluster,
+		app.Repo.Cluster(),
 	)
 
 	agent, err := app.getAgentFromReleaseForm(
@@ -934,7 +934,7 @@ func (app *App) HandleReleaseDeployWebhook(w http.ResponseWriter, r *http.Reques
 		return
 	}
 
-	registries, err := app.Repo.Registry.ListRegistriesByProjectID(uint(form.ReleaseForm.Cluster.ProjectID))
+	registries, err := app.Repo.Registry().ListRegistriesByProjectID(uint(form.ReleaseForm.Cluster.ProjectID))
 
 	if err != nil {
 		app.handleErrorDataRead(err, w)
@@ -944,7 +944,7 @@ func (app *App) HandleReleaseDeployWebhook(w http.ResponseWriter, r *http.Reques
 	conf := &helm.UpgradeReleaseConfig{
 		Name:       form.Name,
 		Cluster:    form.ReleaseForm.Cluster,
-		Repo:       *app.Repo,
+		Repo:       app.Repo,
 		Registries: registries,
 		Values:     rel.Config,
 	}
@@ -996,7 +996,7 @@ func (app *App) HandleRollbackRelease(w http.ResponseWriter, r *http.Request) {
 
 	form.ReleaseForm.PopulateHelmOptionsFromQueryParams(
 		vals,
-		app.Repo.Cluster,
+		app.Repo.Cluster(),
 	)
 
 	if err := json.NewDecoder(r.Body).Decode(form); err != nil {
@@ -1049,7 +1049,7 @@ func (app *App) HandleRollbackRelease(w http.ResponseWriter, r *http.Request) {
 			}, w)
 		}
 
-		release, err := app.Repo.Release.ReadRelease(uint(clusterID), name, rel.Namespace)
+		release, err := app.Repo.Release().ReadRelease(uint(clusterID), name, rel.Namespace)
 
 		if release != nil {
 			// update image repo uri if changed
@@ -1062,7 +1062,7 @@ func (app *App) HandleRollbackRelease(w http.ResponseWriter, r *http.Request) {
 			}
 
 			if repoStr != release.ImageRepoURI {
-				release, err = app.Repo.Release.UpdateRelease(release)
+				release, err = app.Repo.Release().UpdateRelease(release)
 
 				if err != nil {
 					app.handleErrorInternal(err, w)
@@ -1086,7 +1086,7 @@ func (app *App) HandleRollbackRelease(w http.ResponseWriter, r *http.Request) {
 
 				yaml.Unmarshal(rawValues, cEnv)
 
-				gr, err := app.Repo.GitRepo.ReadGitRepo(gitAction.GitRepoID)
+				gr, err := app.Repo.GitRepo().ReadGitRepo(gitAction.GitRepoID)
 
 				if err != nil {
 					app.sendExternalError(err, http.StatusInternalServerError, HTTPError{
@@ -1109,7 +1109,7 @@ func (app *App) HandleRollbackRelease(w http.ResponseWriter, r *http.Request) {
 					GitIntegration: gr,
 					GitRepoName:    repoSplit[1],
 					GitRepoOwner:   repoSplit[0],
-					Repo:           *app.Repo,
+					Repo:           app.Repo,
 					GithubConf:     app.GithubProjectConf,
 					WebhookToken:   release.WebhookToken,
 					ProjectID:      uint(projID),
@@ -1156,7 +1156,7 @@ func (app *App) getAgentFromQueryParams(
 	}
 
 	for _, f := range populate {
-		err := f(vals, app.Repo.Cluster)
+		err := f(vals, app.Repo.Cluster())
 
 		if err != nil {
 			app.handleErrorInternal(err, w)

server/api/user_handler.go

@@ -43,7 +43,7 @@ func (app *App) HandleCreateUser(w http.ResponseWriter, r *http.Request) {
 
 	user, err := app.writeUser(
 		form,
-		app.Repo.User.CreateUser,
+		app.Repo.User().CreateUser,
 		w,
 		r,
 		doesUserExist,
@@ -98,7 +98,7 @@ func (app *App) HandleAuthCheck(w http.ResponseWriter, r *http.Request) {
 
 	if tok != nil {
 		// read the user
-		user, err := app.Repo.User.ReadUser(tok.IBy)
+		user, err := app.Repo.User().ReadUser(tok.IBy)
 
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -123,7 +123,7 @@ func (app *App) HandleAuthCheck(w http.ResponseWriter, r *http.Request) {
 	userID, _ := session.Values["user_id"].(uint)
 	email, _ := session.Values["email"].(string)
 
-	user, err := app.Repo.User.ReadUser(userID)
+	user, err := app.Repo.User().ReadUser(userID)
 
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -188,7 +188,7 @@ func (app *App) HandleCLILoginUser(w http.ResponseWriter, r *http.Request) {
 		Expiry:            &expiry,
 	}
 
-	authCode, err = app.Repo.AuthCode.CreateAuthCode(authCode)
+	authCode, err = app.Repo.AuthCode().CreateAuthCode(authCode)
 
 	if err != nil {
 		app.handleErrorInternal(err, w)
@@ -216,7 +216,7 @@ func (app *App) HandleCLILoginExchangeToken(w http.ResponseWriter, r *http.Reque
 		return
 	}
 
-	authCode, err := app.Repo.AuthCode.ReadAuthCode(req.AuthorizationCode)
+	authCode, err := app.Repo.AuthCode().ReadAuthCode(req.AuthorizationCode)
 
 	if err != nil || authCode.IsExpired() {
 		http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
@@ -251,7 +251,7 @@ func (app *App) HandleLoginUser(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	storedUser, readErr := app.Repo.User.ReadUserByEmail(form.Email)
+	storedUser, readErr := app.Repo.User().ReadUserByEmail(form.Email)
 
 	if readErr != nil {
 		app.sendExternalError(readErr, http.StatusUnauthorized, HTTPError{
@@ -339,7 +339,7 @@ func (app *App) HandleListUserProjects(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	projects, err := app.Repo.Project.ListProjectsByUserID(uint(id))
+	projects, err := app.Repo.Project().ListProjectsByUserID(uint(id))
 
 	if err != nil {
 		app.handleErrorRead(err, ErrUserDataRead, w)
@@ -373,7 +373,7 @@ func (app *App) HandleDeleteUser(w http.ResponseWriter, r *http.Request) {
 		ID: uint(id),
 	}
 
-	user, err := app.writeUser(form, app.Repo.User.DeleteUser, w, r)
+	user, err := app.writeUser(form, app.Repo.User().DeleteUser, w, r)
 
 	if err == nil {
 		app.Logger.Info().Msgf("User deleted: %d", user.ID)
@@ -390,7 +390,7 @@ func (app *App) InitiateEmailVerifyUser(w http.ResponseWriter, r *http.Request)
 		return
 	}
 
-	user, err := app.Repo.User.ReadUser(userID)
+	user, err := app.Repo.User().ReadUser(userID)
 
 	if err != nil {
 		app.handleErrorInternal(err, w)
@@ -415,7 +415,7 @@ func (app *App) InitiateEmailVerifyUser(w http.ResponseWriter, r *http.Request)
 	}
 
 	// handle write to the database
-	pwReset, err = app.Repo.PWResetToken.CreatePWResetToken(pwReset)
+	pwReset, err = app.Repo.PWResetToken().CreatePWResetToken(pwReset)
 
 	if err != nil {
 		app.handleErrorDataWrite(err, w)
@@ -456,7 +456,7 @@ func (app *App) FinalizEmailVerifyUser(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	user, err := app.Repo.User.ReadUser(userID)
+	user, err := app.Repo.User().ReadUser(userID)
 
 	if err != nil {
 		app.handleErrorInternal(err, w)
@@ -495,7 +495,7 @@ func (app *App) FinalizEmailVerifyUser(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// verify the token is valid
-	token, err := app.Repo.PWResetToken.ReadPWResetToken(tokenID)
+	token, err := app.Repo.PWResetToken().ReadPWResetToken(tokenID)
 
 	if err != nil {
 		http.Redirect(w, r, "/dashboard?error="+url.QueryEscape("Email verification error: valid token required"), 302)
@@ -516,7 +516,7 @@ func (app *App) FinalizEmailVerifyUser(w http.ResponseWriter, r *http.Request) {
 
 	user.EmailVerified = true
 
-	user, err = app.Repo.User.UpdateUser(user)
+	user, err = app.Repo.User().UpdateUser(user)
 
 	if err != nil {
 		http.Redirect(w, r, "/dashboard?error="+url.QueryEscape("Could not verify email address"), 302)
@@ -526,7 +526,7 @@ func (app *App) FinalizEmailVerifyUser(w http.ResponseWriter, r *http.Request) {
 	// invalidate the token
 	token.IsValid = false
 
-	_, err = app.Repo.PWResetToken.UpdatePWResetToken(token)
+	_, err = app.Repo.PWResetToken().UpdatePWResetToken(token)
 
 	if err != nil {
 		http.Redirect(w, r, "/dashboard?error="+url.QueryEscape("Could not verify email address"), 302)
@@ -556,7 +556,7 @@ func (app *App) InitiatePWResetUser(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// check that the email exists; return 200 status code even if it doesn't
-	user, err := app.Repo.User.ReadUserByEmail(form.Email)
+	user, err := app.Repo.User().ReadUserByEmail(form.Email)
 
 	if err == gorm.ErrRecordNotFound {
 		w.WriteHeader(http.StatusOK)
@@ -597,7 +597,7 @@ func (app *App) InitiatePWResetUser(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// handle write to the database
-	pwReset, err = app.Repo.PWResetToken.CreatePWResetToken(pwReset)
+	pwReset, err = app.Repo.PWResetToken().CreatePWResetToken(pwReset)
 
 	if err != nil {
 		app.handleErrorDataWrite(err, w)
@@ -646,7 +646,7 @@ func (app *App) VerifyPWResetUser(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	token, err := app.Repo.PWResetToken.ReadPWResetToken(form.PWResetTokenID)
+	token, err := app.Repo.PWResetToken().ReadPWResetToken(form.PWResetTokenID)
 
 	if err != nil {
 		w.WriteHeader(http.StatusForbidden)
@@ -692,7 +692,7 @@ func (app *App) FinalizPWResetUser(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// verify the token is valid
-	token, err := app.Repo.PWResetToken.ReadPWResetToken(form.PWResetTokenID)
+	token, err := app.Repo.PWResetToken().ReadPWResetToken(form.PWResetTokenID)
 
 	if err != nil {
 		w.WriteHeader(http.StatusForbidden)
@@ -718,7 +718,7 @@ func (app *App) FinalizPWResetUser(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// check that the email exists
-	user, err := app.Repo.User.ReadUserByEmail(form.Email)
+	user, err := app.Repo.User().ReadUserByEmail(form.Email)
 
 	if err != nil {
 		w.WriteHeader(http.StatusForbidden)
@@ -734,7 +734,7 @@ func (app *App) FinalizPWResetUser(w http.ResponseWriter, r *http.Request) {
 
 	user.Password = string(hashedPW)
 
-	user, err = app.Repo.User.UpdateUser(user)
+	user, err = app.Repo.User().UpdateUser(user)
 
 	if err != nil {
 		app.handleErrorDataWrite(err, w)
@@ -744,7 +744,7 @@ func (app *App) FinalizPWResetUser(w http.ResponseWriter, r *http.Request) {
 	// invalidate the token
 	token.IsValid = false
 
-	_, err = app.Repo.PWResetToken.UpdatePWResetToken(token)
+	_, err = app.Repo.PWResetToken().UpdatePWResetToken(token)
 
 	if err != nil {
 		app.handleErrorDataWrite(err, w)
@@ -765,7 +765,7 @@ func (app *App) writeUser(
 	dbWrite repository.WriteUser,
 	w http.ResponseWriter,
 	r *http.Request,
-	validators ...func(repo *repository.Repository, user *models.User) *HTTPError,
+	validators ...func(repo repository.Repository, user *models.User) *HTTPError,
 ) (*models.User, error) {
 	// decode from JSON to form value
 	if err := json.NewDecoder(r.Body).Decode(form); err != nil {
@@ -780,7 +780,7 @@ func (app *App) writeUser(
 	}
 
 	// convert the form to a user model -- WriteUserForm must implement ToUser
-	userModel, err := form.ToUser(app.Repo.User)
+	userModel, err := form.ToUser(app.Repo.User())
 
 	if err != nil {
 		app.handleErrorFormDecoding(err, ErrUserDecode, w)
@@ -835,7 +835,7 @@ func (app *App) readUser(w http.ResponseWriter, r *http.Request) (*models.User,
 		return nil, err
 	}
 
-	user, err := app.Repo.User.ReadUser(uint(id))
+	user, err := app.Repo.User().ReadUser(uint(id))
 
 	if err != nil {
 		app.handleErrorRead(err, ErrUserDataRead, w)
@@ -845,8 +845,8 @@ func (app *App) readUser(w http.ResponseWriter, r *http.Request) (*models.User,
 	return user, nil
 }
 
-func doesUserExist(repo *repository.Repository, user *models.User) *HTTPError {
-	user, err := repo.User.ReadUserByEmail(user.Email)
+func doesUserExist(repo repository.Repository, user *models.User) *HTTPError {
+	user, err := repo.User().ReadUserByEmail(user.Email)
 
 	if user != nil && err == nil {
 		return &HTTPError{

server/middleware/auth.go

@@ -22,7 +22,7 @@ type Auth struct {
 	store      sessions.Store
 	cookieName string
 	tokenConf  *token.TokenGeneratorConf
-	repo       *repository.Repository
+	repo       repository.Repository
 }
 
 // NewAuth returns a new Auth instance
@@ -30,7 +30,7 @@ func NewAuth(
 	store sessions.Store,
 	cookieName string,
 	tokenConf *token.TokenGeneratorConf,
-	repo *repository.Repository,
+	repo repository.Repository,
 ) *Auth {
 	return &Auth{store, cookieName, tokenConf, repo}
 }
@@ -211,7 +211,7 @@ func (auth *Auth) DoesUserHaveProjectAccess(
 		}
 
 		// get the project
-		proj, err := auth.repo.Project.ReadProject(uint(projID))
+		proj, err := auth.repo.Project().ReadProject(uint(projID))
 
 		if err != nil {
 			http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@@ -263,7 +263,7 @@ func (auth *Auth) DoesUserHaveClusterAccess(
 		}
 
 		// get the service accounts belonging to the project
-		clusters, err := auth.repo.Cluster.ListClustersByProjectID(uint(projID))
+		clusters, err := auth.repo.Cluster().ListClustersByProjectID(uint(projID))
 
 		if err != nil {
 			http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@@ -313,7 +313,7 @@ func (auth *Auth) DoesUserHaveInviteAccess(
 		}
 
 		// get the service accounts belonging to the project
-		invites, err := auth.repo.Invite.ListInvitesByProjectID(uint(projID))
+		invites, err := auth.repo.Invite().ListInvitesByProjectID(uint(projID))
 
 		if err != nil {
 			http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@@ -363,7 +363,7 @@ func (auth *Auth) DoesUserHaveRegistryAccess(
 		}
 
 		// get the service accounts belonging to the project
-		regs, err := auth.repo.Registry.ListRegistriesByProjectID(uint(projID))
+		regs, err := auth.repo.Registry().ListRegistriesByProjectID(uint(projID))
 
 		if err != nil {
 			http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@@ -413,7 +413,7 @@ func (auth *Auth) DoesUserHaveGitRepoAccess(
 		}
 
 		// get the service accounts belonging to the project
-		grs, err := auth.repo.GitRepo.ListGitReposByProjectID(uint(projID))
+		grs, err := auth.repo.GitRepo().ListGitReposByProjectID(uint(projID))
 
 		if err != nil {
 			http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@@ -462,7 +462,7 @@ func (auth *Auth) DoesUserHaveInfraAccess(
 			return
 		}
 
-		infras, err := auth.repo.Infra.ListInfrasByProjectID(uint(projID))
+		infras, err := auth.repo.Infra().ListInfrasByProjectID(uint(projID))
 
 		if err != nil {
 			http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@@ -517,7 +517,7 @@ func (auth *Auth) DoesUserHaveAWSIntegrationAccess(
 			return
 		}
 
-		awsInts, err := auth.repo.AWSIntegration.ListAWSIntegrationsByProjectID(uint(projID))
+		awsInts, err := auth.repo.AWSIntegration().ListAWSIntegrationsByProjectID(uint(projID))
 
 		if err != nil {
 			http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@@ -572,7 +572,7 @@ func (auth *Auth) DoesUserHaveGCPIntegrationAccess(
 			return
 		}
 
-		gcpInts, err := auth.repo.GCPIntegration.ListGCPIntegrationsByProjectID(uint(projID))
+		gcpInts, err := auth.repo.GCPIntegration().ListGCPIntegrationsByProjectID(uint(projID))
 
 		if err != nil {
 			http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@@ -627,7 +627,7 @@ func (auth *Auth) DoesUserHaveDOIntegrationAccess(
 			return
 		}
 
-		oauthInts, err := auth.repo.OAuthIntegration.ListOAuthIntegrationsByProjectID(uint(projID))
+		oauthInts, err := auth.repo.OAuthIntegration().ListOAuthIntegrationsByProjectID(uint(projID))
 
 		if err != nil {
 			http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)