debt: extract a buncha stuff from cmd/frontend that was used outside of frontend (#52570)

As part of https://github.com/sourcegraph/sourcegraph/pull/52521, I had
to investigate the possible binary targets that would require explicit
calls to any of the new `Init`s that were previously implicit `init`s.
As part of this, by the power of bazel, I discovered some dependencies
on the changed packages in binaries that shouldnt need to (migrator
depending on `cmd/frontend/internal/highlight`[1]??). So heres a
mini-crusade to extract _some_ (but not all, because theres A LOT) of
the things out `cmd/frontend/internal` into more appropriate packages
(like `internal/`

<details>
<summary>[1]</summary>

```
$ bazel query 'kind("go_binary", rdeps(//..., //cmd/frontend/internal/highlight))'
//cmd/frontend:frontend
//cmd/sourcegraph-oss:sourcegraph-oss
//enterprise/cmd/frontend:frontend
//enterprise/cmd/migrator:migrator
//enterprise/cmd/sourcegraph:sourcegraph
//enterprise/cmd/worker:worker
```

</details>

## Test plan

https://buildkite.com/sourcegraph/sourcegraph/builds/223014

🔥 🙂

cmd/frontend/auth/BUILD.bazel

@@ -17,10 +17,9 @@ go_library(
         "//cmd/frontend/globals",
         "//cmd/frontend/internal/app/router",
         "//cmd/frontend/internal/app/ui/router",
-        "//cmd/frontend/internal/auth/userpasswd",
-        "//cmd/frontend/internal/session",
         "//internal/actor",
         "//internal/auth",
+        "//internal/auth/userpasswd",
         "//internal/authz",
         "//internal/conf",
         "//internal/database",
@@ -29,6 +28,7 @@ go_library(
         "//internal/extsvc",
         "//internal/featureflag",
         "//internal/lazyregexp",
+        "//internal/session",
         "//internal/types",
         "//internal/usagestats",
         "//lib/errors",

cmd/frontend/auth/auth.go

@@ -5,7 +5,7 @@ import (
 	"math/rand"
 	"net/http"
 
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/internal/auth/userpasswd"
+	"github.com/sourcegraph/sourcegraph/internal/auth/userpasswd"
 	"github.com/sourcegraph/sourcegraph/internal/lazyregexp"
 )
 

cmd/frontend/auth/reset_password.go

@@ -4,9 +4,10 @@ import (
 	"context"
 
 	"github.com/sourcegraph/log"
+
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/backend"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/globals"
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/internal/auth/userpasswd"
+	"github.com/sourcegraph/sourcegraph/internal/auth/userpasswd"
 	"github.com/sourcegraph/sourcegraph/internal/conf"
 	"github.com/sourcegraph/sourcegraph/internal/database"
 	"github.com/sourcegraph/sourcegraph/internal/types"

cmd/frontend/auth/sign_out_cookie.go

@@ -3,7 +3,7 @@ package auth
 import (
 	"net/http"
 
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/internal/session"
+	"github.com/sourcegraph/sourcegraph/internal/session"
 )
 
 const SignOutCookie = session.SignOutCookie

cmd/frontend/external/session/BUILD.bazel

@@ -5,5 +5,5 @@ go_library(
     srcs = ["session.go"],
     importpath = "github.com/sourcegraph/sourcegraph/cmd/frontend/external/session",
     visibility = ["//visibility:public"],
-    deps = ["//cmd/frontend/internal/session"],
+    deps = ["//internal/session"],
 )

cmd/frontend/external/session/session.go

@@ -2,7 +2,7 @@
 // parent package godoc for more information.
 package session
 
-import "github.com/sourcegraph/sourcegraph/cmd/frontend/internal/session"
+import "github.com/sourcegraph/sourcegraph/internal/session"
 
 var (
 	ResetMockSessionStore   = session.ResetMockSessionStore

cmd/frontend/graphqlbackend/BUILD.bazel

@@ -215,7 +215,6 @@ go_library(
     importpath = "github.com/sourcegraph/sourcegraph/cmd/frontend/graphqlbackend",
     deps = [
         "//cmd/frontend/auth",
-        "//cmd/frontend/auth/providers",
         "//cmd/frontend/backend",
         "//cmd/frontend/envvar",
         "//cmd/frontend/external/session",
@@ -226,18 +225,18 @@ go_library(
         "//cmd/frontend/hubspot",
         "//cmd/frontend/hubspot/hubspotutil",
         "//cmd/frontend/internal/app/updatecheck",
-        "//cmd/frontend/internal/auth/userpasswd",
         "//cmd/frontend/internal/highlight",
         "//cmd/frontend/internal/processrestart",
         "//cmd/frontend/internal/search/logs",
         "//cmd/frontend/internal/siteid",
-        "//cmd/frontend/internal/suspiciousnames",
         "//cmd/migrator/shared",
+        "//enterprise/cmd/worker/shared/sourcegraphoperator",
         "//internal/actor",
         "//internal/adminanalytics",
         "//internal/api",
         "//internal/auth",
-        "//internal/auth/sourcegraphoperator",
+        "//internal/auth/providers",
+        "//internal/auth/userpasswd",
         "//internal/authz",
         "//internal/authz/permssync",
         "//internal/binary",
@@ -275,6 +274,7 @@ go_library(
         "//internal/honey",
         "//internal/honey/search",
         "//internal/httpcli",
+        "//internal/insights",
         "//internal/inventory",
         "//internal/jsonc",
         "//internal/lazyregexp",
@@ -300,6 +300,7 @@ go_library(
         "//internal/service/servegit",
         "//internal/settings",
         "//internal/src-prometheus",
+        "//internal/suspiciousnames",
         "//internal/symbols",
         "//internal/syncx",
         "//internal/temporarysettings",
@@ -438,17 +439,17 @@ go_test(
         "requires-network",
     ],
     deps = [
-        "//cmd/frontend/auth/providers",
         "//cmd/frontend/backend",
         "//cmd/frontend/envvar",
         "//cmd/frontend/graphqlbackend/apitest",
         "//cmd/frontend/graphqlbackend/externallink",
         "//cmd/frontend/graphqlbackend/graphqlutil",
-        "//cmd/frontend/internal/auth/userpasswd",
         "//cmd/frontend/internal/highlight",
         "//internal/actor",
         "//internal/api",
         "//internal/auth",
+        "//internal/auth/providers",
+        "//internal/auth/userpasswd",
         "//internal/authz",
         "//internal/authz/permssync",
         "//internal/binary",

cmd/frontend/graphqlbackend/auth_provider.go

@@ -1,6 +1,6 @@
 package graphqlbackend
 
-import "github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
+import "github.com/sourcegraph/sourcegraph/internal/auth/providers"
 
 // authProviderResolver resolves an auth provider.
 type authProviderResolver struct {

cmd/frontend/graphqlbackend/auth_providers.go

@@ -3,8 +3,8 @@ package graphqlbackend
 import (
 	"context"
 
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/graphqlbackend/graphqlutil"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 )
 
 func (r *siteResolver) AuthProviders(ctx context.Context) (*authProviderConnectionResolver, error) {

cmd/frontend/graphqlbackend/external_account_data_resolver.go

@@ -3,7 +3,7 @@ package graphqlbackend
 import (
 	"context"
 
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/extsvc"
 	"github.com/sourcegraph/sourcegraph/lib/errors"
 )

cmd/frontend/graphqlbackend/external_account_data_resolver_test.go

@@ -6,8 +6,8 @@ import (
 
 	"github.com/graph-gophers/graphql-go/errors"
 
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/actor"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/database"
 	"github.com/sourcegraph/sourcegraph/internal/encryption"
 	"github.com/sourcegraph/sourcegraph/internal/extsvc"

cmd/frontend/graphqlbackend/external_accounts.go

@@ -7,9 +7,9 @@ import (
 	"github.com/graph-gophers/graphql-go"
 
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/graphqlbackend/graphqlutil"
+	"github.com/sourcegraph/sourcegraph/enterprise/cmd/worker/shared/sourcegraphoperator"
 	"github.com/sourcegraph/sourcegraph/internal/actor"
 	"github.com/sourcegraph/sourcegraph/internal/auth"
-	"github.com/sourcegraph/sourcegraph/internal/auth/sourcegraphoperator"
 	"github.com/sourcegraph/sourcegraph/internal/authz/permssync"
 	"github.com/sourcegraph/sourcegraph/internal/database"
 	"github.com/sourcegraph/sourcegraph/internal/extsvc"
@@ -24,7 +24,8 @@ func (r *siteResolver) ExternalAccounts(ctx context.Context, args *struct {
 	ServiceType *string
 	ServiceID   *string
 	ClientID    *string
-}) (*externalAccountConnectionResolver, error) {
+},
+) (*externalAccountConnectionResolver, error) {
 	// 🚨 SECURITY: Only site admins can list all external accounts.
 	if err := auth.CheckCurrentUserIsSiteAdmin(ctx, r.db); err != nil {
 		return nil, err
@@ -53,7 +54,8 @@ func (r *siteResolver) ExternalAccounts(ctx context.Context, args *struct {
 
 func (r *UserResolver) ExternalAccounts(ctx context.Context, args *struct {
 	graphqlutil.ConnectionArgs
-}) (*externalAccountConnectionResolver, error) {
+},
+) (*externalAccountConnectionResolver, error) {
 	// 🚨 SECURITY: Only site admins and the user can list a user's external accounts.
 	if err := auth.CheckSiteAdminOrSameUser(ctx, r.db, r.user.ID); err != nil {
 		return nil, err
@@ -122,7 +124,8 @@ func (r *externalAccountConnectionResolver) PageInfo(ctx context.Context) (*grap
 
 func (r *schemaResolver) DeleteExternalAccount(ctx context.Context, args *struct {
 	ExternalAccount graphql.ID
-}) (*EmptyResponse, error) {
+},
+) (*EmptyResponse, error) {
 	id, err := unmarshalExternalAccountID(args.ExternalAccount)
 	if err != nil {
 		return nil, err
@@ -154,7 +157,8 @@ func (r *schemaResolver) AddExternalAccount(ctx context.Context, args *struct {
 	ServiceType    string
 	ServiceID      string
 	AccountDetails string
-}) (*EmptyResponse, error) {
+},
+) (*EmptyResponse, error) {
 	a := actor.FromContext(ctx)
 	if !a.IsAuthenticated() || a.IsInternal() {
 		return nil, auth.ErrNotAuthenticated

cmd/frontend/graphqlbackend/org.go

@@ -10,7 +10,6 @@ import (
 
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/envvar"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/graphqlbackend/graphqlutil"
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/internal/suspiciousnames"
 	sgactor "github.com/sourcegraph/sourcegraph/internal/actor"
 	"github.com/sourcegraph/sourcegraph/internal/api"
 	"github.com/sourcegraph/sourcegraph/internal/auth"
@@ -19,6 +18,7 @@ import (
 	"github.com/sourcegraph/sourcegraph/internal/errcode"
 	"github.com/sourcegraph/sourcegraph/internal/gqlutil"
 	"github.com/sourcegraph/sourcegraph/internal/repoupdater/protocol"
+	"github.com/sourcegraph/sourcegraph/internal/suspiciousnames"
 	"github.com/sourcegraph/sourcegraph/internal/types"
 	"github.com/sourcegraph/sourcegraph/lib/errors"
 )
@@ -62,7 +62,8 @@ func (r *schemaResolver) Organization(ctx context.Context, args struct{ Name str
 // org by its graphql.ID instead.
 func (r *schemaResolver) Org(ctx context.Context, args *struct {
 	ID graphql.ID
-}) (*OrgResolver, error) {
+},
+) (*OrgResolver, error) {
 	return OrgByID(ctx, r.db, args.ID)
 }
 
@@ -142,7 +143,8 @@ func (o *OrgResolver) CreatedAt() gqlutil.DateTime { return gqlutil.DateTime{Tim
 func (o *OrgResolver) Members(ctx context.Context, args struct {
 	graphqlutil.ConnectionResolverArgs
 	Query *string
-}) (*graphqlutil.ConnectionResolver[*UserResolver], error) {
+},
+) (*graphqlutil.ConnectionResolver[*UserResolver], error) {
 	// 🚨 SECURITY: Verify listing users is allowed.
 	if err := checkMembersAccess(ctx, o.db); err != nil {
 		return nil, err
@@ -297,7 +299,8 @@ func (r *schemaResolver) CreateOrganization(ctx context.Context, args *struct {
 	Name        string
 	DisplayName *string
 	StatsID     *string
-}) (*OrgResolver, error) {
+},
+) (*OrgResolver, error) {
 	a := sgactor.FromContext(ctx)
 	if !a.IsAuthenticated() {
 		return nil, errors.New("no current user")
@@ -332,7 +335,8 @@ func (r *schemaResolver) CreateOrganization(ctx context.Context, args *struct {
 func (r *schemaResolver) UpdateOrganization(ctx context.Context, args *struct {
 	ID          graphql.ID
 	DisplayName *string
-}) (*OrgResolver, error) {
+},
+) (*OrgResolver, error) {
 	var orgID int32
 	if err := relay.UnmarshalSpec(args.ID, &orgID); err != nil {
 		return nil, err
@@ -355,7 +359,8 @@ func (r *schemaResolver) UpdateOrganization(ctx context.Context, args *struct {
 func (r *schemaResolver) RemoveUserFromOrganization(ctx context.Context, args *struct {
 	User         graphql.ID
 	Organization graphql.ID
-}) (*EmptyResponse, error) {
+},
+) (*EmptyResponse, error) {
 	orgID, err := UnmarshalOrgID(args.Organization)
 	if err != nil {
 		return nil, err
@@ -401,7 +406,8 @@ func (r *schemaResolver) siteAdminSelfRemoving(ctx context.Context, userID int32
 func (r *schemaResolver) AddUserToOrganization(ctx context.Context, args *struct {
 	Organization graphql.ID
 	Username     string
-}) (*EmptyResponse, error) {
+},
+) (*EmptyResponse, error) {
 	// get the organization ID as an integer first
 	var orgID int32
 	if err := relay.UnmarshalSpec(args.Organization, &orgID); err != nil {

cmd/frontend/graphqlbackend/site.go

@@ -29,6 +29,7 @@ import (
 	"github.com/sourcegraph/sourcegraph/internal/database/migration/drift"
 	"github.com/sourcegraph/sourcegraph/internal/database/migration/schemas"
 	"github.com/sourcegraph/sourcegraph/internal/env"
+	"github.com/sourcegraph/sourcegraph/internal/insights"
 	"github.com/sourcegraph/sourcegraph/internal/lazyregexp"
 	"github.com/sourcegraph/sourcegraph/internal/observation"
 	"github.com/sourcegraph/sourcegraph/internal/oobmigration"
@@ -267,7 +268,8 @@ func (r *siteConfigurationResolver) History(ctx context.Context, args *graphqlut
 func (r *schemaResolver) UpdateSiteConfiguration(ctx context.Context, args *struct {
 	LastID int32
 	Input  string
-}) (bool, error) {
+},
+) (bool, error) {
 	// 🚨 SECURITY: The site configuration contains secret tokens and credentials,
 	// so only admins may view it.
 	if err := auth.CheckCurrentUserIsSiteAdmin(ctx, r.db); err != nil {
@@ -300,31 +302,6 @@ func canUpdateSiteConfiguration() bool {
 	return os.Getenv("SITE_CONFIG_FILE") == "" || siteConfigAllowEdits || deploy.IsApp()
 }
 
-// IsCodeInsightsEnabled tells if code insights are enabled or not.
-func IsCodeInsightsEnabled() bool {
-	if envvar.SourcegraphDotComMode() {
-		return false
-	}
-	if v, _ := strconv.ParseBool(os.Getenv("DISABLE_CODE_INSIGHTS")); v {
-		// Code insights can always be disabled. This can be a helpful escape hatch if e.g. there
-		// are issues with (or connecting to) the codeinsights-db deployment and it is preventing
-		// the Sourcegraph frontend or repo-updater from starting.
-		//
-		// It is also useful in dev environments if you do not wish to spend resources running Code
-		// Insights.
-		return false
-	}
-	if deploy.IsDeployTypeSingleDockerContainer(deploy.Type()) {
-		// Code insights is not supported in single-container Docker demo deployments unless
-		// explicity allowed, (for example by backend integration tests.)
-		if v, _ := strconv.ParseBool(os.Getenv("ALLOW_SINGLE_DOCKER_CODE_INSIGHTS")); v {
-			return true
-		}
-		return false
-	}
-	return true
-}
-
 func (r *siteResolver) UpgradeReadiness(ctx context.Context) (*upgradeReadinessResolver, error) {
 	// 🚨 SECURITY: Only site admins may view upgrade readiness information.
 	if err := auth.CheckCurrentUserIsSiteAdmin(ctx, r.db); err != nil {
@@ -368,7 +345,7 @@ func (r *upgradeReadinessResolver) init(ctx context.Context) (_ cliutil.Runner,
 		r.runner, r.version, r.schemaNames, r.initErr = func() (cliutil.Runner, string, []string, error) {
 			schemaNames := []string{schemas.Frontend.Name, schemas.CodeIntel.Name}
 			schemaList := []*schemas.Schema{schemas.Frontend, schemas.CodeIntel}
-			if IsCodeInsightsEnabled() {
+			if insights.IsCodeInsightsEnabled() {
 				schemaNames = append(schemaNames, schemas.CodeInsights.Name)
 				schemaList = append(schemaList, schemas.CodeInsights)
 			}
@@ -535,7 +512,8 @@ func (r *siteResolver) AutoUpgradeEnabled(ctx context.Context) (bool, error) {
 
 func (r *schemaResolver) SetAutoUpgrade(ctx context.Context, args *struct {
 	Enable bool
-}) (*EmptyResponse, error) {
+},
+) (*EmptyResponse, error) {
 	// 🚨 SECURITY: Only site admins can set auto_upgrade readiness
 	if err := auth.CheckCurrentUserIsSiteAdmin(ctx, r.db); err != nil {
 		return &EmptyResponse{}, err

cmd/frontend/graphqlbackend/site_users.go

@@ -6,8 +6,8 @@ import (
 
 	"github.com/graph-gophers/graphql-go"
 
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/internal/auth/userpasswd"
 	"github.com/sourcegraph/sourcegraph/internal/auth"
+	"github.com/sourcegraph/sourcegraph/internal/auth/userpasswd"
 	"github.com/sourcegraph/sourcegraph/internal/conf"
 	sgusers "github.com/sourcegraph/sourcegraph/internal/users"
 )

cmd/frontend/graphqlbackend/user.go

@@ -9,18 +9,18 @@ import (
 
 	"github.com/sourcegraph/log"
 
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/backend"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/envvar"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/graphqlbackend/graphqlutil"
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/internal/suspiciousnames"
 	"github.com/sourcegraph/sourcegraph/internal/actor"
 	"github.com/sourcegraph/sourcegraph/internal/api"
 	"github.com/sourcegraph/sourcegraph/internal/auth"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/conf"
 	"github.com/sourcegraph/sourcegraph/internal/database"
 	"github.com/sourcegraph/sourcegraph/internal/errcode"
 	"github.com/sourcegraph/sourcegraph/internal/gqlutil"
+	"github.com/sourcegraph/sourcegraph/internal/suspiciousnames"
 	"github.com/sourcegraph/sourcegraph/internal/types"
 	"github.com/sourcegraph/sourcegraph/lib/errors"
 )

cmd/frontend/graphqlbackend/users_create.go

@@ -4,11 +4,12 @@ import (
 	"context"
 
 	"github.com/sourcegraph/log"
+
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth"
 
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/backend"
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/internal/auth/userpasswd"
 	iauth "github.com/sourcegraph/sourcegraph/internal/auth"
+	"github.com/sourcegraph/sourcegraph/internal/auth/userpasswd"
 	"github.com/sourcegraph/sourcegraph/internal/authz"
 	"github.com/sourcegraph/sourcegraph/internal/conf"
 	"github.com/sourcegraph/sourcegraph/internal/database"
@@ -20,7 +21,8 @@ func (r *schemaResolver) CreateUser(ctx context.Context, args *struct {
 	Username      string
 	Email         *string
 	VerifiedEmail *bool
-}) (*createUserResult, error) {
+},
+) (*createUserResult, error) {
 	// 🚨 SECURITY: Only site admins can create user accounts.
 	if err := iauth.CheckCurrentUserIsSiteAdmin(ctx, r.db); err != nil {
 		return nil, err

cmd/frontend/graphqlbackend/users_create_test.go

@@ -9,7 +9,7 @@ import (
 	"github.com/stretchr/testify/assert"
 
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/backend"
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/internal/auth/userpasswd"
+	"github.com/sourcegraph/sourcegraph/internal/auth/userpasswd"
 	"github.com/sourcegraph/sourcegraph/internal/conf"
 	"github.com/sourcegraph/sourcegraph/internal/database"
 	"github.com/sourcegraph/sourcegraph/internal/txemail"

cmd/frontend/graphqlbackend/users_randomize_password.go

@@ -11,8 +11,8 @@ import (
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/backend"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/envvar"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/globals"
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/internal/auth/userpasswd"
 	"github.com/sourcegraph/sourcegraph/internal/auth"
+	"github.com/sourcegraph/sourcegraph/internal/auth/userpasswd"
 	"github.com/sourcegraph/sourcegraph/internal/conf"
 	"github.com/sourcegraph/sourcegraph/internal/database"
 	"github.com/sourcegraph/sourcegraph/lib/errors"
@@ -60,7 +60,8 @@ func sendPasswordResetURLToPrimaryEmail(ctx context.Context, db database.DB, use
 
 func (r *schemaResolver) RandomizeUserPassword(ctx context.Context, args *struct {
 	User graphql.ID
-}) (*randomizeUserPasswordResult, error) {
+},
+) (*randomizeUserPasswordResult, error) {
 	if !userpasswd.ResetPasswordEnabled() {
 		return nil, errors.New("resetting passwords is not enabled")
 	}

cmd/frontend/internal/app/BUILD.bazel

@@ -29,14 +29,13 @@ go_library(
         "//cmd/frontend/internal/app/otlpadapter",
         "//cmd/frontend/internal/app/router",
         "//cmd/frontend/internal/app/ui",
-        "//cmd/frontend/internal/auth/accessrequest",
-        "//cmd/frontend/internal/auth/userpasswd",
         "//cmd/frontend/internal/routevar",
-        "//cmd/frontend/internal/session",
         "//cmd/frontend/oneclickexport",
         "//internal/actor",
         "//internal/api",
         "//internal/auth",
+        "//internal/auth/accessrequest",
+        "//internal/auth/userpasswd",
         "//internal/authz",
         "//internal/cloneurls",
         "//internal/conf",
@@ -49,6 +48,7 @@ go_library(
         "//internal/gitserver",
         "//internal/httpcli",
         "//internal/otlpenv",
+        "//internal/session",
         "//internal/src-prometheus",
         "//internal/trace",
         "//internal/usagestats",

cmd/frontend/internal/app/app.go

@@ -9,12 +9,12 @@ import (
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/internal/app/errorutil"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/internal/app/router"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/internal/app/ui"
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/internal/auth/accessrequest"
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/internal/auth/userpasswd"
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/internal/session"
+	"github.com/sourcegraph/sourcegraph/internal/auth/accessrequest"
+	"github.com/sourcegraph/sourcegraph/internal/auth/userpasswd"
 	"github.com/sourcegraph/sourcegraph/internal/conf"
 	"github.com/sourcegraph/sourcegraph/internal/conf/deploy"
 	"github.com/sourcegraph/sourcegraph/internal/database"
+	"github.com/sourcegraph/sourcegraph/internal/session"
 	"github.com/sourcegraph/sourcegraph/internal/trace"
 )
 

cmd/frontend/internal/app/jscontext/BUILD.bazel

@@ -6,22 +6,23 @@ go_library(
     importpath = "github.com/sourcegraph/sourcegraph/cmd/frontend/internal/app/jscontext",
     visibility = ["//cmd/frontend:__subpackages__"],
     deps = [
-        "//cmd/frontend/auth/providers",
         "//cmd/frontend/enterprise",
         "//cmd/frontend/envvar",
         "//cmd/frontend/globals",
         "//cmd/frontend/graphqlbackend",
         "//cmd/frontend/hooks",
         "//cmd/frontend/internal/app/assetsutil",
-        "//cmd/frontend/internal/auth/userpasswd",
         "//cmd/frontend/internal/siteid",
         "//cmd/frontend/webhooks",
         "//internal/actor",
+        "//internal/auth/providers",
+        "//internal/auth/userpasswd",
         "//internal/cody",
         "//internal/conf",
         "//internal/conf/deploy",
         "//internal/database",
         "//internal/env",
+        "//internal/insights",
         "//internal/lazyregexp",
         "//internal/types",
         "//internal/version",

cmd/frontend/internal/app/jscontext/jscontext.go

@@ -11,22 +11,23 @@ import (
 	"github.com/graph-gophers/graphql-go"
 	logger "github.com/sourcegraph/log"
 
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/enterprise"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/envvar"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/globals"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/graphqlbackend"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/hooks"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/internal/app/assetsutil"
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/internal/auth/userpasswd"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/internal/siteid"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/webhooks"
 	sgactor "github.com/sourcegraph/sourcegraph/internal/actor"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
+	"github.com/sourcegraph/sourcegraph/internal/auth/userpasswd"
 	"github.com/sourcegraph/sourcegraph/internal/cody"
 	"github.com/sourcegraph/sourcegraph/internal/conf"
 	"github.com/sourcegraph/sourcegraph/internal/conf/deploy"
 	"github.com/sourcegraph/sourcegraph/internal/database"
 	"github.com/sourcegraph/sourcegraph/internal/env"
+	"github.com/sourcegraph/sourcegraph/internal/insights"
 	"github.com/sourcegraph/sourcegraph/internal/lazyregexp"
 	"github.com/sourcegraph/sourcegraph/internal/types"
 	"github.com/sourcegraph/sourcegraph/internal/version"
@@ -370,7 +371,7 @@ func NewJSContextFromRequest(req *http.Request, db database.DB) JSContext {
 		CodeIntelAutoIndexingEnabled:             conf.CodeIntelAutoIndexingEnabled(),
 		CodeIntelAutoIndexingAllowGlobalPolicies: conf.CodeIntelAutoIndexingAllowGlobalPolicies(),
 
-		CodeInsightsEnabled: graphqlbackend.IsCodeInsightsEnabled(),
+		CodeInsightsEnabled: insights.IsCodeInsightsEnabled(),
 
 		EmbeddingsEnabled: conf.EmbeddingsEnabled(),
 

cmd/frontend/internal/app/sign_out.go

@@ -8,10 +8,10 @@ import (
 	"github.com/inconshreveable/log15"
 
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth"
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/internal/session"
 	"github.com/sourcegraph/sourcegraph/internal/actor"
 	"github.com/sourcegraph/sourcegraph/internal/cookie"
 	"github.com/sourcegraph/sourcegraph/internal/database"
+	"github.com/sourcegraph/sourcegraph/internal/session"
 )
 
 type SignOutURL struct {

cmd/frontend/internal/app/ui/BUILD.bazel

@@ -30,11 +30,11 @@ go_library(
         "//cmd/frontend/internal/app/assetsutil",
         "//cmd/frontend/internal/app/jscontext",
         "//cmd/frontend/internal/app/ui/router",
-        "//cmd/frontend/internal/auth/userpasswd",
         "//cmd/frontend/internal/handlerutil",
         "//cmd/frontend/internal/routevar",
         "//cmd/frontend/internal/search",
         "//internal/api",
+        "//internal/auth/userpasswd",
         "//internal/authz",
         "//internal/conf",
         "//internal/conf/deploy",

cmd/frontend/internal/app/ui/handlers.go

@@ -26,10 +26,10 @@ import (
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/hubspot/hubspotutil"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/internal/app/assetsutil"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/internal/app/jscontext"
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/internal/auth/userpasswd"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/internal/handlerutil"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/internal/routevar"
 	"github.com/sourcegraph/sourcegraph/internal/api"
+	"github.com/sourcegraph/sourcegraph/internal/auth/userpasswd"
 	"github.com/sourcegraph/sourcegraph/internal/authz"
 	"github.com/sourcegraph/sourcegraph/internal/conf"
 	"github.com/sourcegraph/sourcegraph/internal/conf/deploy"

cmd/frontend/internal/auth/BUILD.bazel

@@ -1,29 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
-
-go_library(
-    name = "auth",
-    srcs = [
-        "config.go",
-        "forbid_all.go",
-    ],
-    importpath = "github.com/sourcegraph/sourcegraph/cmd/frontend/internal/auth",
-    visibility = ["//cmd/frontend:__subpackages__"],
-    deps = [
-        "//internal/conf",
-        "//internal/conf/conftypes",
-    ],
-)
-
-go_test(
-    name = "auth_test",
-    timeout = "short",
-    srcs = [
-        "config_test.go",
-        "forbid_all_test.go",
-    ],
-    embed = [":auth"],
-    deps = [
-        "//internal/conf",
-        "//schema",
-    ],
-)

cmd/frontend/internal/bg/BUILD.bazel

@@ -14,7 +14,7 @@ go_library(
     visibility = ["//cmd/frontend:__subpackages__"],
     deps = [
         "//cmd/frontend/globals",
-        "//cmd/frontend/internal/auth/userpasswd",
+        "//internal/auth/userpasswd",
         "//internal/conf",
         "//internal/conf/deploy",
         "//internal/database",

cmd/frontend/internal/bg/app_ready.go

@@ -10,7 +10,7 @@ import (
 	"github.com/sourcegraph/log"
 
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/globals"
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/internal/auth/userpasswd"
+	"github.com/sourcegraph/sourcegraph/internal/auth/userpasswd"
 	"github.com/sourcegraph/sourcegraph/internal/conf/deploy"
 	"github.com/sourcegraph/sourcegraph/internal/database"
 )

cmd/frontend/internal/cli/BUILD.bazel

@@ -23,18 +23,17 @@ go_library(
         "//cmd/frontend/internal/app/assetsutil",
         "//cmd/frontend/internal/app/ui",
         "//cmd/frontend/internal/app/updatecheck",
-        "//cmd/frontend/internal/auth",
         "//cmd/frontend/internal/bg",
         "//cmd/frontend/internal/cli/middleware",
         "//cmd/frontend/internal/highlight",
         "//cmd/frontend/internal/httpapi",
         "//cmd/frontend/internal/httpapi/router",
-        "//cmd/frontend/internal/session",
         "//cmd/frontend/internal/siteid",
         "//cmd/frontend/oneclickexport",
         "//internal/actor",
         "//internal/adminanalytics",
         "//internal/api",
+        "//internal/auth",
         "//internal/conf",
         "//internal/conf/conftypes",
         "//internal/conf/deploy",
@@ -61,6 +60,7 @@ go_library(
         "//internal/requestclient",
         "//internal/search/job/jobutil",
         "//internal/service",
+        "//internal/session",
         "//internal/symbols",
         "//internal/sysreq",
         "//internal/trace",

cmd/frontend/internal/cli/http.go

@@ -19,12 +19,11 @@ import (
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/hooks"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/internal/app"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/internal/app/assetsutil"
-	internalauth "github.com/sourcegraph/sourcegraph/cmd/frontend/internal/auth"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/internal/cli/middleware"
 	internalhttpapi "github.com/sourcegraph/sourcegraph/cmd/frontend/internal/httpapi"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/internal/httpapi/router"
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/internal/session"
 	"github.com/sourcegraph/sourcegraph/internal/actor"
+	internalauth "github.com/sourcegraph/sourcegraph/internal/auth"
 	"github.com/sourcegraph/sourcegraph/internal/conf"
 	"github.com/sourcegraph/sourcegraph/internal/conf/deploy"
 	"github.com/sourcegraph/sourcegraph/internal/database"
@@ -33,6 +32,7 @@ import (
 	"github.com/sourcegraph/sourcegraph/internal/instrumentation"
 	"github.com/sourcegraph/sourcegraph/internal/requestclient"
 	"github.com/sourcegraph/sourcegraph/internal/search/job/jobutil"
+	"github.com/sourcegraph/sourcegraph/internal/session"
 	tracepkg "github.com/sourcegraph/sourcegraph/internal/trace"
 	"github.com/sourcegraph/sourcegraph/internal/version"
 )

enterprise/cmd/frontend/internal/auth/azureoauth/BUILD.bazel

@@ -12,10 +12,10 @@ go_library(
     visibility = ["//enterprise/cmd/frontend:__subpackages__"],
     deps = [
         "//cmd/frontend/auth",
-        "//cmd/frontend/auth/providers",
         "//enterprise/cmd/frontend/internal/auth/oauth",
         "//enterprise/internal/licensing",
         "//internal/actor",
+        "//internal/auth/providers",
         "//internal/conf",
         "//internal/conf/conftypes",
         "//internal/database",

enterprise/cmd/frontend/internal/auth/azureoauth/provider.go

@@ -10,10 +10,11 @@ import (
 
 	"github.com/dghubble/gologin"
 	"github.com/sourcegraph/log"
+
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth"
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
 	"github.com/sourcegraph/sourcegraph/enterprise/cmd/frontend/internal/auth/oauth"
 	"github.com/sourcegraph/sourcegraph/enterprise/internal/licensing"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/conf"
 	"github.com/sourcegraph/sourcegraph/internal/conf/conftypes"
 	"github.com/sourcegraph/sourcegraph/internal/database"

enterprise/cmd/frontend/internal/auth/azureoauth/session.go

@@ -5,16 +5,17 @@ import (
 	"net/http"
 	"strings"
 
+	"golang.org/x/oauth2"
+
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth"
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
 	"github.com/sourcegraph/sourcegraph/enterprise/cmd/frontend/internal/auth/oauth"
 	"github.com/sourcegraph/sourcegraph/internal/actor"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/database"
 	"github.com/sourcegraph/sourcegraph/internal/extsvc"
 	extsvcauth "github.com/sourcegraph/sourcegraph/internal/extsvc/auth"
 	"github.com/sourcegraph/sourcegraph/internal/extsvc/azuredevops"
 	"github.com/sourcegraph/sourcegraph/lib/errors"
-	"golang.org/x/oauth2"
 )
 
 const (

enterprise/cmd/frontend/internal/auth/bitbucketcloudoauth/BUILD.bazel

@@ -12,12 +12,12 @@ go_library(
     visibility = ["//enterprise/cmd/frontend:__subpackages__"],
     deps = [
         "//cmd/frontend/auth",
-        "//cmd/frontend/auth/providers",
         "//cmd/frontend/hubspot",
         "//cmd/frontend/hubspot/hubspotutil",
         "//enterprise/cmd/frontend/internal/auth/oauth",
         "//enterprise/internal/licensing",
         "//internal/actor",
+        "//internal/auth/providers",
         "//internal/conf",
         "//internal/conf/conftypes",
         "//internal/database",
@@ -51,11 +51,11 @@ go_test(
     ],
     deps = [
         "//cmd/frontend/auth",
-        "//cmd/frontend/auth/providers",
         "//cmd/frontend/envvar",
         "//cmd/frontend/external/session",
         "//enterprise/cmd/frontend/internal/auth/oauth",
         "//internal/actor",
+        "//internal/auth/providers",
         "//internal/conf",
         "//internal/database",
         "//internal/database/dbtest",

enterprise/cmd/frontend/internal/auth/bitbucketcloudoauth/config.go

@@ -6,8 +6,8 @@ import (
 	"github.com/dghubble/gologin"
 	"github.com/sourcegraph/log"
 
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
 	"github.com/sourcegraph/sourcegraph/enterprise/internal/licensing"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/conf"
 	"github.com/sourcegraph/sourcegraph/internal/conf/conftypes"
 	"github.com/sourcegraph/sourcegraph/internal/database"

enterprise/cmd/frontend/internal/auth/bitbucketcloudoauth/middleware_test.go

@@ -15,10 +15,10 @@ import (
 	"github.com/sourcegraph/log/logtest"
 
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth"
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/external/session"
 	"github.com/sourcegraph/sourcegraph/enterprise/cmd/frontend/internal/auth/oauth"
 	"github.com/sourcegraph/sourcegraph/internal/actor"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/database"
 	"github.com/sourcegraph/sourcegraph/schema"
 )

enterprise/cmd/frontend/internal/auth/bitbucketcloudoauth/session.go

@@ -10,11 +10,11 @@ import (
 	"golang.org/x/oauth2"
 
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth"
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/hubspot"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/hubspot/hubspotutil"
 	"github.com/sourcegraph/sourcegraph/enterprise/cmd/frontend/internal/auth/oauth"
 	"github.com/sourcegraph/sourcegraph/internal/actor"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/database"
 	"github.com/sourcegraph/sourcegraph/internal/extsvc"
 	esauth "github.com/sourcegraph/sourcegraph/internal/extsvc/auth"

enterprise/cmd/frontend/internal/auth/gerrit/BUILD.bazel

@@ -6,7 +6,7 @@ go_library(
     importpath = "github.com/sourcegraph/sourcegraph/enterprise/cmd/frontend/internal/auth/gerrit",
     visibility = ["//enterprise/cmd/frontend:__subpackages__"],
     deps = [
-        "//cmd/frontend/auth/providers",
+        "//internal/auth/providers",
         "//internal/conf",
         "//internal/conf/conftypes",
         "//internal/extsvc",

enterprise/cmd/frontend/internal/auth/gerrit/config.go

@@ -4,7 +4,7 @@ import (
 	"context"
 	"fmt"
 
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/conf"
 	"github.com/sourcegraph/sourcegraph/internal/conf/conftypes"
 	"github.com/sourcegraph/sourcegraph/internal/extsvc"

enterprise/cmd/frontend/internal/auth/githuboauth/BUILD.bazel

@@ -12,13 +12,13 @@ go_library(
     visibility = ["//enterprise/cmd/frontend:__subpackages__"],
     deps = [
         "//cmd/frontend/auth",
-        "//cmd/frontend/auth/providers",
         "//cmd/frontend/envvar",
         "//cmd/frontend/hubspot",
         "//cmd/frontend/hubspot/hubspotutil",
         "//enterprise/cmd/frontend/internal/auth/oauth",
         "//enterprise/internal/licensing",
         "//internal/actor",
+        "//internal/auth/providers",
         "//internal/conf",
         "//internal/conf/conftypes",
         "//internal/database",
@@ -54,11 +54,11 @@ go_test(
     ],
     deps = [
         "//cmd/frontend/auth",
-        "//cmd/frontend/auth/providers",
         "//cmd/frontend/envvar",
         "//cmd/frontend/external/session",
         "//enterprise/cmd/frontend/internal/auth/oauth",
         "//internal/actor",
+        "//internal/auth/providers",
         "//internal/conf",
         "//internal/database",
         "//internal/database/dbtest",

enterprise/cmd/frontend/internal/auth/githuboauth/config.go

@@ -6,8 +6,8 @@ import (
 	"github.com/dghubble/gologin"
 	"github.com/sourcegraph/log"
 
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
 	"github.com/sourcegraph/sourcegraph/enterprise/internal/licensing"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/conf"
 	"github.com/sourcegraph/sourcegraph/internal/conf/conftypes"
 	"github.com/sourcegraph/sourcegraph/internal/database"

enterprise/cmd/frontend/internal/auth/githuboauth/middleware_test.go

@@ -15,10 +15,10 @@ import (
 	"github.com/sourcegraph/log/logtest"
 
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth"
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/external/session"
 	"github.com/sourcegraph/sourcegraph/enterprise/cmd/frontend/internal/auth/oauth"
 	"github.com/sourcegraph/sourcegraph/internal/actor"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/database"
 	"github.com/sourcegraph/sourcegraph/internal/database/dbtest"
 	"github.com/sourcegraph/sourcegraph/schema"

enterprise/cmd/frontend/internal/auth/githuboauth/session.go

@@ -14,11 +14,11 @@ import (
 	"github.com/sourcegraph/log"
 
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth"
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/hubspot"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/hubspot/hubspotutil"
 	"github.com/sourcegraph/sourcegraph/enterprise/cmd/frontend/internal/auth/oauth"
 	"github.com/sourcegraph/sourcegraph/internal/actor"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/database"
 	"github.com/sourcegraph/sourcegraph/internal/extsvc"
 	esauth "github.com/sourcegraph/sourcegraph/internal/extsvc/auth"

enterprise/cmd/frontend/internal/auth/gitlaboauth/BUILD.bazel

@@ -14,12 +14,12 @@ go_library(
     visibility = ["//enterprise/cmd/frontend:__subpackages__"],
     deps = [
         "//cmd/frontend/auth",
-        "//cmd/frontend/auth/providers",
         "//cmd/frontend/hubspot",
         "//cmd/frontend/hubspot/hubspotutil",
         "//enterprise/cmd/frontend/internal/auth/oauth",
         "//enterprise/internal/licensing",
         "//internal/actor",
+        "//internal/auth/providers",
         "//internal/conf",
         "//internal/conf/conftypes",
         "//internal/database",
@@ -49,11 +49,11 @@ go_test(
     ],
     deps = [
         "//cmd/frontend/auth",
-        "//cmd/frontend/auth/providers",
         "//cmd/frontend/envvar",
         "//cmd/frontend/external/session",
         "//enterprise/cmd/frontend/internal/auth/oauth",
         "//internal/actor",
+        "//internal/auth/providers",
         "//internal/conf",
         "//internal/database",
         "//internal/database/dbtest",

enterprise/cmd/frontend/internal/auth/gitlaboauth/config.go

@@ -6,8 +6,8 @@ import (
 
 	"github.com/sourcegraph/log"
 
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
 	"github.com/sourcegraph/sourcegraph/enterprise/internal/licensing"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/conf"
 	"github.com/sourcegraph/sourcegraph/internal/conf/conftypes"
 	"github.com/sourcegraph/sourcegraph/internal/database"

enterprise/cmd/frontend/internal/auth/gitlaboauth/middleware_test.go

@@ -15,10 +15,10 @@ import (
 	"github.com/sourcegraph/log/logtest"
 
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth"
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/external/session"
 	"github.com/sourcegraph/sourcegraph/enterprise/cmd/frontend/internal/auth/oauth"
 	"github.com/sourcegraph/sourcegraph/internal/actor"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/database"
 	"github.com/sourcegraph/sourcegraph/internal/database/dbtest"
 	"github.com/sourcegraph/sourcegraph/internal/extsvc"

enterprise/cmd/frontend/internal/auth/gitlaboauth/session.go

@@ -9,11 +9,11 @@ import (
 	"golang.org/x/oauth2"
 
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth"
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/hubspot"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/hubspot/hubspotutil"
 	"github.com/sourcegraph/sourcegraph/enterprise/cmd/frontend/internal/auth/oauth"
 	"github.com/sourcegraph/sourcegraph/internal/actor"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/database"
 	"github.com/sourcegraph/sourcegraph/internal/extsvc"
 	"github.com/sourcegraph/sourcegraph/internal/extsvc/gitlab"

enterprise/cmd/frontend/internal/auth/httpheader/BUILD.bazel

@@ -11,9 +11,9 @@ go_library(
     visibility = ["//enterprise/cmd/frontend:__subpackages__"],
     deps = [
         "//cmd/frontend/auth",
-        "//cmd/frontend/auth/providers",
         "//enterprise/internal/licensing",
         "//internal/actor",
+        "//internal/auth/providers",
         "//internal/conf",
         "//internal/conf/conftypes",
         "//internal/database",
@@ -38,9 +38,9 @@ go_test(
     ],
     deps = [
         "//cmd/frontend/auth",
-        "//cmd/frontend/auth/providers",
         "//enterprise/internal/licensing",
         "//internal/actor",
+        "//internal/auth/providers",
         "//internal/conf",
         "//internal/database",
         "//internal/database/dbtest",

enterprise/cmd/frontend/internal/auth/httpheader/config.go

@@ -3,8 +3,8 @@ package httpheader
 import (
 	"github.com/sourcegraph/log"
 
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
 	"github.com/sourcegraph/sourcegraph/enterprise/internal/licensing"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/conf"
 	"github.com/sourcegraph/sourcegraph/internal/conf/conftypes"
 	"github.com/sourcegraph/sourcegraph/schema"

enterprise/cmd/frontend/internal/auth/httpheader/middleware.go

@@ -8,8 +8,8 @@ import (
 	"github.com/inconshreveable/log15"
 
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth"
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/actor"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/database"
 	"github.com/sourcegraph/sourcegraph/internal/extsvc"
 )

enterprise/cmd/frontend/internal/auth/httpheader/middleware_test.go

@@ -10,9 +10,9 @@ import (
 	"github.com/sourcegraph/log/logtest"
 
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth"
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
 	"github.com/sourcegraph/sourcegraph/enterprise/internal/licensing"
 	sgactor "github.com/sourcegraph/sourcegraph/internal/actor"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/database"
 	"github.com/sourcegraph/sourcegraph/internal/database/dbtest"
 	"github.com/sourcegraph/sourcegraph/lib/errors"

enterprise/cmd/frontend/internal/auth/httpheader/provider.go

@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"net/textproto"
 
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/extsvc"
 	"github.com/sourcegraph/sourcegraph/schema"
 )

enterprise/cmd/frontend/internal/auth/oauth/BUILD.bazel

@@ -13,10 +13,10 @@ go_library(
     visibility = ["//enterprise/cmd/frontend:__subpackages__"],
     deps = [
         "//cmd/frontend/auth",
-        "//cmd/frontend/auth/providers",
         "//cmd/frontend/external/session",
         "//cmd/frontend/globals",
         "//internal/actor",
+        "//internal/auth/providers",
         "//internal/conf",
         "//internal/cookie",
         "//internal/database",

enterprise/cmd/frontend/internal/auth/oauth/middleware.go

@@ -17,8 +17,8 @@ import (
 	"github.com/sourcegraph/log"
 
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth"
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/actor"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/database"
 	"github.com/sourcegraph/sourcegraph/internal/env"
 	"github.com/sourcegraph/sourcegraph/internal/httpcli"

enterprise/cmd/frontend/internal/auth/oauth/provider.go

@@ -14,8 +14,8 @@ import (
 	"github.com/inconshreveable/log15"
 	"golang.org/x/oauth2"
 
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/globals"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/extsvc"
 	"github.com/sourcegraph/sourcegraph/internal/extsvc/azuredevops"
 	"github.com/sourcegraph/sourcegraph/internal/extsvc/bitbucketcloud"

enterprise/cmd/frontend/internal/auth/oauth/session.go

@@ -12,9 +12,9 @@ import (
 	"github.com/sourcegraph/log"
 
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth"
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/external/session"
 	"github.com/sourcegraph/sourcegraph/internal/actor"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/cookie"
 	"github.com/sourcegraph/sourcegraph/internal/database"
 	"github.com/sourcegraph/sourcegraph/internal/trace"

enterprise/cmd/frontend/internal/auth/openidconnect/BUILD.bazel

@@ -13,11 +13,11 @@ go_library(
     visibility = ["//enterprise/cmd/frontend:__subpackages__"],
     deps = [
         "//cmd/frontend/auth",
-        "//cmd/frontend/auth/providers",
         "//cmd/frontend/external/globals",
         "//cmd/frontend/external/session",
         "//enterprise/internal/licensing",
         "//internal/actor",
+        "//internal/auth/providers",
         "//internal/conf",
         "//internal/conf/conftypes",
         "//internal/database",
@@ -46,10 +46,10 @@ go_test(
     embed = [":openidconnect"],
     deps = [
         "//cmd/frontend/auth",
-        "//cmd/frontend/auth/providers",
         "//cmd/frontend/external/session",
         "//enterprise/internal/licensing",
         "//internal/actor",
+        "//internal/auth/providers",
         "//internal/conf",
         "//internal/database",
         "//internal/types",

enterprise/cmd/frontend/internal/auth/openidconnect/config.go

@@ -11,8 +11,8 @@ import (
 	"github.com/sourcegraph/log"
 
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth"
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
 	"github.com/sourcegraph/sourcegraph/enterprise/internal/licensing"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/conf"
 	"github.com/sourcegraph/sourcegraph/internal/conf/conftypes"
 	"github.com/sourcegraph/sourcegraph/lib/errors"

enterprise/cmd/frontend/internal/auth/openidconnect/middleware.go

@@ -16,9 +16,9 @@ import (
 	"golang.org/x/oauth2"
 
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth"
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/external/session"
 	sgactor "github.com/sourcegraph/sourcegraph/internal/actor"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/database"
 	"github.com/sourcegraph/sourcegraph/internal/httpcli"
 	"github.com/sourcegraph/sourcegraph/internal/types"

enterprise/cmd/frontend/internal/auth/openidconnect/middleware_test.go

@@ -17,10 +17,10 @@ import (
 	"github.com/stretchr/testify/assert"
 
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth"
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/external/session"
 	"github.com/sourcegraph/sourcegraph/enterprise/internal/licensing"
 	"github.com/sourcegraph/sourcegraph/internal/actor"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/database"
 	"github.com/sourcegraph/sourcegraph/internal/types"
 	"github.com/sourcegraph/sourcegraph/lib/errors"

enterprise/cmd/frontend/internal/auth/openidconnect/provider.go

@@ -11,8 +11,8 @@ import (
 	"github.com/coreos/go-oidc"
 	"golang.org/x/oauth2"
 
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/external/globals"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/extsvc"
 	"github.com/sourcegraph/sourcegraph/internal/httpcli"
 	"github.com/sourcegraph/sourcegraph/lib/errors"

enterprise/cmd/frontend/internal/auth/openidconnect/session.go

@@ -3,8 +3,8 @@ package openidconnect
 import (
 	"net/http"
 
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/external/session"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/lib/errors"
 )
 

enterprise/cmd/frontend/internal/auth/saml/BUILD.bazel

@@ -14,10 +14,10 @@ go_library(
     visibility = ["//enterprise/cmd/frontend:__subpackages__"],
     deps = [
         "//cmd/frontend/auth",
-        "//cmd/frontend/auth/providers",
         "//cmd/frontend/external/session",
         "//enterprise/internal/licensing",
         "//internal/actor",
+        "//internal/auth/providers",
         "//internal/conf",
         "//internal/conf/conftypes",
         "//internal/database",
@@ -48,10 +48,10 @@ go_test(
     embed = [":saml"],
     deps = [
         "//cmd/frontend/auth",
-        "//cmd/frontend/auth/providers",
         "//cmd/frontend/external/session",
         "//enterprise/internal/licensing",
         "//internal/actor",
+        "//internal/auth/providers",
         "//internal/conf",
         "//internal/database",
         "//internal/extsvc",

enterprise/cmd/frontend/internal/auth/saml/config.go

@@ -15,8 +15,8 @@ import (
 	"github.com/inconshreveable/log15"
 	"github.com/sourcegraph/log"
 
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
 	"github.com/sourcegraph/sourcegraph/enterprise/internal/licensing"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/conf"
 	"github.com/sourcegraph/sourcegraph/internal/conf/conftypes"
 	"github.com/sourcegraph/sourcegraph/internal/env"
@@ -71,7 +71,6 @@ func Init() {
 	logger := log.Scoped(pkgName, "SAML config watch")
 	go func() {
 		conf.Watch(func() {
-
 			ps := getProviders()
 			if len(ps) == 0 {
 				providers.Update(pkgName, nil)

enterprise/cmd/frontend/internal/auth/saml/middleware.go

@@ -12,9 +12,9 @@ import (
 	"github.com/inconshreveable/log15"
 
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth"
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/external/session"
 	sgactor "github.com/sourcegraph/sourcegraph/internal/actor"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/database"
 )
 

enterprise/cmd/frontend/internal/auth/saml/middleware_test.go

@@ -22,10 +22,10 @@ import (
 	"github.com/crewjam/saml/samlidp"
 
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth"
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/external/session"
 	"github.com/sourcegraph/sourcegraph/enterprise/internal/licensing"
 	"github.com/sourcegraph/sourcegraph/internal/actor"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/conf"
 	"github.com/sourcegraph/sourcegraph/internal/database"
 	"github.com/sourcegraph/sourcegraph/internal/types"

enterprise/cmd/frontend/internal/auth/saml/provider.go

@@ -20,7 +20,7 @@ import (
 	dsig "github.com/russellhaering/goxmldsig"
 
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth"
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/conf"
 	"github.com/sourcegraph/sourcegraph/internal/extsvc"
 	"github.com/sourcegraph/sourcegraph/internal/httpcli"

enterprise/cmd/frontend/internal/auth/sourcegraphoperator/BUILD.bazel

@@ -12,14 +12,13 @@ go_library(
     visibility = ["//enterprise/cmd/frontend:__subpackages__"],
     deps = [
         "//cmd/frontend/auth",
-        "//cmd/frontend/auth/providers",
         "//cmd/frontend/external/session",
         "//enterprise/cmd/frontend/internal/auth/openidconnect",
         "//enterprise/cmd/worker/shared/sourcegraphoperator",
         "//enterprise/internal/cloud",
         "//internal/actor",
         "//internal/auth",
-        "//internal/auth/sourcegraphoperator",
+        "//internal/auth/providers",
         "//internal/conf",
         "//internal/conf/conftypes",
         "//internal/database",
@@ -45,14 +44,13 @@ go_test(
     ],
     deps = [
         "//cmd/frontend/auth",
-        "//cmd/frontend/auth/providers",
         "//cmd/frontend/external/session",
         "//enterprise/cmd/frontend/internal/auth/openidconnect",
         "//enterprise/cmd/worker/shared/sourcegraphoperator",
         "//enterprise/internal/cloud",
         "//internal/actor",
         "//internal/auth",
-        "//internal/auth/sourcegraphoperator",
+        "//internal/auth/providers",
         "//internal/conf",
         "//internal/database",
         "//internal/database/dbtest",

enterprise/cmd/frontend/internal/auth/sourcegraphoperator/associate.go

@@ -4,9 +4,9 @@ import (
 	"context"
 	"encoding/json"
 
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
 	"github.com/sourcegraph/sourcegraph/enterprise/cmd/worker/shared/sourcegraphoperator"
 	"github.com/sourcegraph/sourcegraph/internal/auth"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/database"
 	"github.com/sourcegraph/sourcegraph/internal/extsvc"
 	"github.com/sourcegraph/sourcegraph/lib/errors"

enterprise/cmd/frontend/internal/auth/sourcegraphoperator/associate_test.go

@@ -6,17 +6,16 @@ import (
 	"testing"
 
 	"github.com/hexops/autogold/v2"
-	"github.com/sourcegraph/sourcegraph/enterprise/cmd/worker/shared/sourcegraphoperator"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
 	"github.com/sourcegraph/log/logtest"
 
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
+	"github.com/sourcegraph/sourcegraph/enterprise/cmd/worker/shared/sourcegraphoperator"
 	"github.com/sourcegraph/sourcegraph/enterprise/internal/cloud"
 	"github.com/sourcegraph/sourcegraph/internal/actor"
 	"github.com/sourcegraph/sourcegraph/internal/auth"
-	osssourcegraphoperator "github.com/sourcegraph/sourcegraph/internal/auth/sourcegraphoperator"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/database"
 	"github.com/sourcegraph/sourcegraph/internal/database/dbtest"
 	"github.com/sourcegraph/sourcegraph/internal/extsvc"
@@ -42,7 +41,7 @@ func TestAddSourcegraphOperatorExternalAccountBinding(t *testing.T) {
 	users.GetByCurrentAuthUserFunc.SetDefaultReturn(&types.User{SiteAdmin: false}, nil)
 	db := database.NewMockDB()
 	db.UsersFunc.SetDefaultReturn(users)
-	err := osssourcegraphoperator.AddSourcegraphOperatorExternalAccount(context.Background(), db, 1, "foo", "")
+	err := sourcegraphoperator.AddSourcegraphOperatorExternalAccount(context.Background(), db, 1, "foo", "")
 	assert.ErrorIs(t, err, auth.ErrMustBeSiteAdmin)
 }
 

enterprise/cmd/frontend/internal/auth/sourcegraphoperator/config.go

@@ -5,11 +5,11 @@ import (
 
 	"github.com/sourcegraph/log"
 
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
 	"github.com/sourcegraph/sourcegraph/enterprise/cmd/frontend/internal/auth/openidconnect"
+	osssourcegraphoperator "github.com/sourcegraph/sourcegraph/enterprise/cmd/worker/shared/sourcegraphoperator"
 	"github.com/sourcegraph/sourcegraph/enterprise/internal/cloud"
 	"github.com/sourcegraph/sourcegraph/internal/auth"
-	osssourcegraphoperator "github.com/sourcegraph/sourcegraph/internal/auth/sourcegraphoperator"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/conf"
 	"github.com/sourcegraph/sourcegraph/internal/conf/conftypes"
 )

enterprise/cmd/frontend/internal/auth/sourcegraphoperator/middleware.go

@@ -7,14 +7,14 @@ import (
 	"time"
 
 	"github.com/sourcegraph/log"
-	"github.com/sourcegraph/sourcegraph/enterprise/cmd/worker/shared/sourcegraphoperator"
 
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth"
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/external/session"
 	"github.com/sourcegraph/sourcegraph/enterprise/cmd/frontend/internal/auth/openidconnect"
+	"github.com/sourcegraph/sourcegraph/enterprise/cmd/worker/shared/sourcegraphoperator"
 	"github.com/sourcegraph/sourcegraph/internal/actor"
 	internalauth "github.com/sourcegraph/sourcegraph/internal/auth"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/database"
 	"github.com/sourcegraph/sourcegraph/lib/errors"
 )

enterprise/cmd/frontend/internal/auth/sourcegraphoperator/middleware_test.go

@@ -19,12 +19,12 @@ import (
 	"github.com/stretchr/testify/require"
 
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth"
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/external/session"
 	"github.com/sourcegraph/sourcegraph/enterprise/cmd/frontend/internal/auth/openidconnect"
 	"github.com/sourcegraph/sourcegraph/enterprise/internal/cloud"
 	"github.com/sourcegraph/sourcegraph/internal/actor"
 	internalauth "github.com/sourcegraph/sourcegraph/internal/auth"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/database"
 	"github.com/sourcegraph/sourcegraph/internal/extsvc"
 	"github.com/sourcegraph/sourcegraph/internal/types"

enterprise/cmd/frontend/internal/auth/sourcegraphoperator/provider.go

@@ -4,10 +4,10 @@ import (
 	"path"
 
 	feAuth "github.com/sourcegraph/sourcegraph/cmd/frontend/auth"
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
 	"github.com/sourcegraph/sourcegraph/enterprise/cmd/frontend/internal/auth/openidconnect"
 	"github.com/sourcegraph/sourcegraph/enterprise/internal/cloud"
 	"github.com/sourcegraph/sourcegraph/internal/auth"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/schema"
 )
 

enterprise/cmd/frontend/internal/authz/resolvers/BUILD.bazel

@@ -17,7 +17,6 @@ go_library(
         "//cmd/frontend/globals",
         "//cmd/frontend/graphqlbackend",
         "//cmd/frontend/graphqlbackend/graphqlutil",
-        "//enterprise/cmd/worker/shared/permissions",
         "//enterprise/internal/database",
         "//enterprise/internal/licensing",
         "//internal/actor",

enterprise/cmd/frontend/internal/authz/resolvers/resolver.go

@@ -7,7 +7,6 @@ import (
 
 	"github.com/graph-gophers/graphql-go"
 	"github.com/sourcegraph/log"
-	"github.com/sourcegraph/sourcegraph/enterprise/cmd/worker/shared/permissions"
 	"golang.org/x/exp/maps"
 	"golang.org/x/exp/slices"
 
@@ -728,11 +727,13 @@ func (s permissionsSyncingStats) ReposWithNoPermissions(ctx context.Context) (in
 }
 
 func (s permissionsSyncingStats) UsersWithStalePermissions(ctx context.Context) (int32, error) {
-	count, err := s.db.Perms().CountUsersWithStalePerms(ctx, permissions.SyncUserBackoff())
+	count, err := s.db.Perms().CountUsersWithStalePerms(ctx, new(auth.Backoff).SyncUserBackoff())
+
 	return int32(count), err
 }
 
 func (s permissionsSyncingStats) ReposWithStalePermissions(ctx context.Context) (int32, error) {
-	count, err := s.db.Perms().CountReposWithStalePerms(ctx, permissions.SyncRepoBackoff())
+	count, err := s.db.Perms().CountReposWithStalePerms(ctx, new(auth.Backoff).SyncRepoBackoff())
+
 	return int32(count), err
 }

enterprise/cmd/frontend/internal/insights/init.go

@@ -7,7 +7,7 @@ import (
 	"github.com/sourcegraph/sourcegraph/enterprise/cmd/frontend/internal/insights/httpapi"
 	"github.com/sourcegraph/sourcegraph/enterprise/cmd/frontend/internal/insights/resolvers"
 	"github.com/sourcegraph/sourcegraph/enterprise/internal/codeintel"
-	internalinsights "github.com/sourcegraph/sourcegraph/enterprise/internal/insights"
+	"github.com/sourcegraph/sourcegraph/enterprise/internal/insights"
 	"github.com/sourcegraph/sourcegraph/internal/conf/conftypes"
 	"github.com/sourcegraph/sourcegraph/internal/conf/deploy"
 	"github.com/sourcegraph/sourcegraph/internal/database"
@@ -25,7 +25,7 @@ func Init(
 ) error {
 	enterpriseServices.InsightsAggregationResolver = resolvers.NewAggregationResolver(observationCtx, db, enterpriseServices.EnterpriseSearchJobs)
 
-	if !internalinsights.IsEnabled() {
+	if !insights.IsEnabled() {
 		if deploy.IsDeployTypeSingleDockerContainer(deploy.Type()) {
 			enterpriseServices.InsightsResolver = resolvers.NewDisabledResolver("code insights are not available on single-container deployments")
 		} else {
@@ -33,7 +33,7 @@ func Init(
 		}
 		return nil
 	}
-	rawInsightsDB, err := internalinsights.InitializeCodeInsightsDB(observationCtx, "frontend")
+	rawInsightsDB, err := insights.InitializeCodeInsightsDB(observationCtx, "frontend")
 	if err != nil {
 		return err
 	}

enterprise/cmd/worker/internal/auth/BUILD.bazel

@@ -4,7 +4,7 @@ go_library(
     name = "auth",
     srcs = ["sourcegraph_operator_cleaner.go"],
     importpath = "github.com/sourcegraph/sourcegraph/enterprise/cmd/worker/internal/auth",
-    visibility = ["//enterprise/cmd/worker:__subpackages__"],
+    visibility = ["//visibility:public"],
     deps = [
         "//cmd/worker/job",
         "//cmd/worker/shared/init/db",

enterprise/cmd/worker/internal/auth/sourcegraph_operator_cleaner.go

@@ -5,10 +5,10 @@ import (
 	"time"
 
 	"github.com/keegancsmith/sqlf"
-	"github.com/sourcegraph/sourcegraph/enterprise/cmd/worker/shared/sourcegraphoperator"
 
 	"github.com/sourcegraph/sourcegraph/cmd/worker/job"
 	workerdb "github.com/sourcegraph/sourcegraph/cmd/worker/shared/init/db"
+	"github.com/sourcegraph/sourcegraph/enterprise/cmd/worker/shared/sourcegraphoperator"
 	"github.com/sourcegraph/sourcegraph/enterprise/internal/cloud"
 	"github.com/sourcegraph/sourcegraph/internal/actor"
 	"github.com/sourcegraph/sourcegraph/internal/auth"

enterprise/cmd/worker/internal/auth/sourcegraph_operator_cleaner_test.go

@@ -6,10 +6,10 @@ import (
 	"time"
 
 	"github.com/sourcegraph/log/logtest"
-	"github.com/sourcegraph/sourcegraph/enterprise/cmd/worker/shared/sourcegraphoperator"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
+	"github.com/sourcegraph/sourcegraph/enterprise/cmd/worker/shared/sourcegraphoperator"
 	"github.com/sourcegraph/sourcegraph/enterprise/internal/cloud"
 	"github.com/sourcegraph/sourcegraph/internal/auth"
 	"github.com/sourcegraph/sourcegraph/internal/database"

enterprise/cmd/worker/internal/permissions/BUILD.bazel

@@ -14,11 +14,11 @@ go_library(
         "//cmd/frontend/globals",
         "//cmd/worker/job",
         "//cmd/worker/shared/init/db",
-        "//enterprise/cmd/worker/shared/permissions",
         "//enterprise/internal/authz",
         "//enterprise/internal/database",
         "//internal/actor",
         "//internal/api",
+        "//internal/auth",
         "//internal/authz",
         "//internal/conf",
         "//internal/database",
@@ -61,9 +61,9 @@ go_test(
         "requires-network",
     ],
     deps = [
-        "//enterprise/cmd/worker/shared/permissions",
         "//enterprise/internal/database",
         "//internal/api",
+        "//internal/auth",
         "//internal/authz",
         "//internal/collections",
         "//internal/conf",

enterprise/cmd/worker/internal/permissions/perms_syncer_cleaner.go

@@ -81,7 +81,8 @@ func (p *permissionSyncJobCleaner) Routines(_ context.Context, observationCtx *o
 				},
 			),
 			operation,
-		)}, nil
+		),
+	}, nil
 }
 
 func NewPermissionSyncJobCleaner() job.Job {

enterprise/cmd/worker/internal/permissions/perms_syncer_cleaner_test.go

@@ -6,12 +6,13 @@ import (
 	"testing"
 
 	"github.com/sourcegraph/log/logtest"
+	"github.com/stretchr/testify/require"
+
 	"github.com/sourcegraph/sourcegraph/internal/conf"
 	"github.com/sourcegraph/sourcegraph/internal/database"
 	"github.com/sourcegraph/sourcegraph/internal/database/dbtest"
 	"github.com/sourcegraph/sourcegraph/internal/types"
 	"github.com/sourcegraph/sourcegraph/schema"
-	"github.com/stretchr/testify/require"
 )
 
 func TestPermsSyncerWorkerCleaner(t *testing.T) {

enterprise/cmd/worker/internal/permissions/perms_syncer_scheduler.go

@@ -7,13 +7,13 @@ import (
 	"time"
 
 	"github.com/sourcegraph/log"
-	"github.com/sourcegraph/sourcegraph/enterprise/cmd/worker/shared/permissions"
 
 	"github.com/sourcegraph/sourcegraph/cmd/worker/job"
 	workerdb "github.com/sourcegraph/sourcegraph/cmd/worker/shared/init/db"
 	"github.com/sourcegraph/sourcegraph/enterprise/internal/authz"
 	edb "github.com/sourcegraph/sourcegraph/enterprise/internal/database"
 	"github.com/sourcegraph/sourcegraph/internal/api"
+	"github.com/sourcegraph/sourcegraph/internal/auth"
 	"github.com/sourcegraph/sourcegraph/internal/conf"
 	"github.com/sourcegraph/sourcegraph/internal/database"
 	"github.com/sourcegraph/sourcegraph/internal/env"
@@ -27,7 +27,9 @@ import (
 var _ job.Job = (*permissionSyncJobScheduler)(nil)
 
 // permissionSyncJobScheduler is a worker responsible for scheduling permissions sync jobs.
-type permissionSyncJobScheduler struct{}
+type permissionSyncJobScheduler struct {
+	backoff auth.Backoff
+}
 
 func (p *permissionSyncJobScheduler) Description() string {
 	return "Schedule permission sync jobs for users and repositories."
@@ -87,23 +89,24 @@ func (p *permissionSyncJobScheduler) Routines(_ context.Context, observationCtx
 					}
 
 					start := time.Now()
-					count, err := scheduleJobs(ctx, db, logger)
+					count, err := scheduleJobs(ctx, db, logger, p.backoff)
 					m.Observe(time.Since(start).Seconds(), float64(count), &err)
 					return err
 				},
 			),
 			operation,
-		)}, nil
+		),
+	}, nil
 }
 
 func NewPermissionSyncJobScheduler() job.Job {
 	return &permissionSyncJobScheduler{}
 }
 
-func scheduleJobs(ctx context.Context, db database.DB, logger log.Logger) (int, error) {
+func scheduleJobs(ctx context.Context, db database.DB, logger log.Logger, backoff auth.Backoff) (int, error) {
 	store := db.PermissionSyncJobs()
 	permsStore := edb.Perms(logger, db, timeutil.Now)
-	schedule, err := getSchedule(ctx, permsStore)
+	schedule, err := getSchedule(ctx, permsStore, backoff)
 	if err != nil {
 		return 0, err
 	}
@@ -156,7 +159,7 @@ type scheduledRepo struct {
 //  2. Private repositories with no permissions, because those can't be viewed by anyone except site admins.
 //  3. Rolling updating user permissions over time from the oldest ones.
 //  4. Rolling updating repository permissions over time from the oldest ones.
-func getSchedule(ctx context.Context, store edb.PermsStore) (*schedule, error) {
+func getSchedule(ctx context.Context, store edb.PermsStore, b auth.Backoff) (*schedule, error) {
 	schedule := new(schedule)
 
 	usersWithNoPerms, err := scheduleUsersWithNoPerms(ctx, store)
@@ -174,7 +177,7 @@ func getSchedule(ctx context.Context, store edb.PermsStore) (*schedule, error) {
 	userLimit, repoLimit := oldestUserPermissionsBatchSize(), oldestRepoPermissionsBatchSize()
 
 	if userLimit > 0 {
-		usersWithOldestPerms, err := scheduleUsersWithOldestPerms(ctx, store, userLimit, permissions.SyncUserBackoff())
+		usersWithOldestPerms, err := scheduleUsersWithOldestPerms(ctx, store, userLimit, b.SyncUserBackoff())
 		if err != nil {
 			return nil, errors.Wrap(err, "load users with oldest permissions")
 		}
@@ -182,7 +185,7 @@ func getSchedule(ctx context.Context, store edb.PermsStore) (*schedule, error) {
 	}
 
 	if repoLimit > 0 {
-		reposWithOldestPerms, err := scheduleReposWithOldestPerms(ctx, store, repoLimit, permissions.SyncRepoBackoff())
+		reposWithOldestPerms, err := scheduleReposWithOldestPerms(ctx, store, repoLimit, b.SyncRepoBackoff())
 		if err != nil {
 			return nil, errors.Wrap(err, "scan repositories with oldest permissions")
 		}

enterprise/cmd/worker/internal/permissions/perms_syncer_scheduler_test.go

@@ -10,10 +10,10 @@ import (
 	"github.com/google/go-cmp/cmp"
 	"github.com/sourcegraph/log"
 	"github.com/sourcegraph/log/logtest"
-	"github.com/sourcegraph/sourcegraph/enterprise/cmd/worker/shared/permissions"
 	"github.com/stretchr/testify/require"
 
 	edb "github.com/sourcegraph/sourcegraph/enterprise/internal/database"
+	"github.com/sourcegraph/sourcegraph/internal/auth"
 	"github.com/sourcegraph/sourcegraph/internal/authz"
 	"github.com/sourcegraph/sourcegraph/internal/conf"
 	"github.com/sourcegraph/sourcegraph/internal/database"
@@ -38,10 +38,8 @@ func TestPermsSyncerScheduler_scheduleJobs(t *testing.T) {
 		t.Skip()
 	}
 
-	permissions.ZeroBackoffDuringTest = true
 	t.Cleanup(func() {
 		conf.Mock(nil)
-		permissions.ZeroBackoffDuringTest = false
 	})
 
 	ctx := context.Background()
@@ -208,7 +206,7 @@ type testJob struct {
 }
 
 func runJobsTest(t *testing.T, ctx context.Context, logger log.Logger, db database.DB, store database.PermissionSyncJobStore, wantJobs []testJob) {
-	count, err := scheduleJobs(ctx, db, logger)
+	count, err := scheduleJobs(ctx, db, logger, auth.ZeroBackoff)
 	require.NoError(t, err)
 	require.Equal(t, len(wantJobs), count)
 

enterprise/cmd/worker/shared/permissions/BUILD.bazel

@@ -1,9 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_library")
-
-go_library(
-    name = "permissions",
-    srcs = ["backoff.go"],
-    importpath = "github.com/sourcegraph/sourcegraph/enterprise/cmd/worker/shared/permissions",
-    visibility = ["//visibility:public"],
-    deps = ["//internal/conf"],
-)

enterprise/cmd/worker/shared/service.go

@@ -21,6 +21,7 @@ func (svc) Configure() (env.Config, []debugserver.Endpoint) {
 
 func (svc) Start(ctx context.Context, observationCtx *observation.Context, ready service.ReadyFunc, config env.Config) error {
 	go setAuthzProviders(ctx, observationCtx)
+
 	return shared.Start(ctx, observationCtx, ready, config.(*shared.Config), getEnterpriseInit(observationCtx.Logger))
 }
 

enterprise/cmd/worker/shared/shared.go

@@ -5,8 +5,8 @@ import (
 	"time"
 
 	"github.com/sourcegraph/log"
-	"github.com/sourcegraph/sourcegraph/enterprise/cmd/worker/internal/auth"
 
+	"github.com/sourcegraph/sourcegraph/enterprise/cmd/worker/internal/auth"
 	"github.com/sourcegraph/sourcegraph/enterprise/cmd/worker/internal/own"
 
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/globals"

enterprise/cmd/worker/shared/sourcegraphoperator/BUILD.bazel

@@ -2,11 +2,18 @@ load("@io_bazel_rules_go//go:def.bzl", "go_library")
 
 go_library(
     name = "sourcegraphoperator",
-    srcs = ["account.go"],
+    srcs = [
+        "account.go",
+        "associate.go",
+    ],
     importpath = "github.com/sourcegraph/sourcegraph/enterprise/cmd/worker/shared/sourcegraphoperator",
     visibility = ["//visibility:public"],
     deps = [
+        "//internal/auth",
+        "//internal/auth/providers",
+        "//internal/database",
         "//internal/encryption",
         "//internal/extsvc",
+        "//lib/errors",
     ],
 )

enterprise/cmd/worker/shared/sourcegraphoperator/associate.go

@@ -0,0 +1,115 @@
+package sourcegraphoperator
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/sourcegraph/sourcegraph/internal/auth"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
+	"github.com/sourcegraph/sourcegraph/internal/database"
+	"github.com/sourcegraph/sourcegraph/internal/extsvc"
+	"github.com/sourcegraph/sourcegraph/lib/errors"
+)
+
+type accountDetailsBody struct {
+	ClientID  string `json:"clientID"`
+	AccountID string `json:"accountID"`
+
+	ExternalAccountData
+}
+
+// addSourcegraphOperatorExternalAccount links the given user with a Sourcegraph Operator
+// provider, if and only if it already exists. The provider can only be added through
+// Enterprise Sourcegraph Cloud config, so this essentially no-ops outside of Cloud.
+//
+// It implements internal/auth/sourcegraphoperator.AddSourcegraphOperatorExternalAccount
+//
+// 🚨 SECURITY: Some important things to note:
+//   - Being a SOAP user does not grant any extra privilege over being a site admin.
+//   - The operation will fail if the user is already a SOAP user, which prevents escalating
+//     time-bound accounts to permanent service accounts.
+//   - Both the client ID and the service ID must match the SOAP configuration exactly.
+func addSourcegraphOperatorExternalAccount(ctx context.Context, db database.DB, userID int32, serviceID string, accountDetails string) error {
+	// 🚨 SECURITY: Caller must be a site admin.
+	if err := auth.CheckCurrentUserIsSiteAdmin(ctx, db); err != nil {
+		return err
+	}
+
+	p := providers.GetProviderByConfigID(providers.ConfigID{
+		Type: auth.SourcegraphOperatorProviderType,
+		ID:   serviceID,
+	})
+	if p == nil {
+		return errors.New("provider does not exist")
+	}
+
+	if accountDetails == "" {
+		return errors.New("account details are required")
+	}
+	var details accountDetailsBody
+	if err := json.Unmarshal([]byte(accountDetails), &details); err != nil {
+		return errors.Wrap(err, "invalid account details")
+	}
+
+	// Additionally check client ID matches - service ID was already checked in the
+	// initial GetProviderByConfigID call
+	if details.ClientID != p.CachedInfo().ClientID {
+		return errors.Newf("unknown client ID %q", details.ClientID)
+	}
+
+	// Run account count verification and association in a single transaction, to ensure
+	// we have no funny business with accounts being created in the time between the two.
+	return db.WithTransact(ctx, func(db database.DB) error {
+		// Make sure this user has no other SOAP accounts.
+		numSOAPAccounts, err := db.UserExternalAccounts().Count(ctx, database.ExternalAccountsListOptions{
+			UserID: userID,
+			// For provider matching, we explicitly do not provider the service ID - there
+			// should only be one SOAP registered.
+			ServiceType: auth.SourcegraphOperatorProviderType,
+		})
+		if err != nil {
+			return errors.Wrap(err, "failed to check for an existing Sourcegraph Operator accounts")
+		}
+		if numSOAPAccounts > 0 {
+			return errors.New("user already has an associated Sourcegraph Operator account")
+		}
+
+		// Create an association
+		accountData, err := MarshalAccountData(details.ExternalAccountData)
+		if err != nil {
+			return errors.Wrap(err, "failed to marshal account data")
+		}
+		if err := db.UserExternalAccounts().AssociateUserAndSave(ctx, userID, extsvc.AccountSpec{
+			ServiceType: auth.SourcegraphOperatorProviderType,
+			ServiceID:   serviceID,
+			ClientID:    details.ClientID,
+
+			AccountID: details.AccountID,
+		}, accountData); err != nil {
+			return errors.Wrap(err, "failed to associate user with Sourcegraph Operator provider")
+		}
+		return nil
+	})
+}
+
+type addSourcegraphOperatorExternalAccountFunc func(ctx context.Context, db database.DB, userID int32, serviceID string, accountDetails string) error
+
+var addSourcegraphOperatorExternalAccountHandler addSourcegraphOperatorExternalAccountFunc
+
+// RegisterAddSourcegraphOperatorExternalAccountHandler is used by
+// enterprise/cmd/frontend/internal/auth/sourcegraphoperator to register an
+// enterprise handler for AddSourcegraphOperatorExternalAccount.
+func RegisterAddSourcegraphOperatorExternalAccountHandler(handler addSourcegraphOperatorExternalAccountFunc) {
+	addSourcegraphOperatorExternalAccountHandler = handler
+}
+
+// AddSourcegraphOperatorExternalAccount is implemented in
+// enterprise/cmd/frontend/internal/auth/sourcegraphoperator.AddSourcegraphOperatorExternalAccount
+//
+// Outside of Sourcegraph Enterprise, this will no-op and return an error.
+func AddSourcegraphOperatorExternalAccount(ctx context.Context, db database.DB, userID int32, serviceID string, accountDetails string) error {
+	if addSourcegraphOperatorExternalAccountHandler == nil {
+		return errors.New("AddSourcegraphOperatorExternalAccount unimplemented in Sourcegraph OSS")
+	}
+	return addSourcegraphOperatorExternalAccountHandler(ctx, db, userID, serviceID, accountDetails)
+}

enterprise/internal/authz/BUILD.bazel

@@ -35,10 +35,10 @@ go_test(
     ],
     embed = [":authz"],
     deps = [
-        "//cmd/frontend/auth/providers",
         "//cmd/frontend/globals",
         "//enterprise/internal/authz/gitlab",
         "//enterprise/internal/licensing",
+        "//internal/auth/providers",
         "//internal/authz",
         "//internal/conf",
         "//internal/database",

enterprise/internal/authz/authz_test.go

@@ -11,10 +11,10 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/globals"
 	"github.com/sourcegraph/sourcegraph/enterprise/internal/authz/gitlab"
 	"github.com/sourcegraph/sourcegraph/enterprise/internal/licensing"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/authz"
 	"github.com/sourcegraph/sourcegraph/internal/conf"
 	"github.com/sourcegraph/sourcegraph/internal/database"

enterprise/internal/authz/gitlab/BUILD.bazel

@@ -10,9 +10,9 @@ go_library(
     importpath = "github.com/sourcegraph/sourcegraph/enterprise/internal/authz/gitlab",
     visibility = ["//enterprise:__subpackages__"],
     deps = [
-        "//cmd/frontend/auth/providers",
         "//enterprise/internal/authz/types",
         "//enterprise/internal/licensing",
+        "//internal/auth/providers",
         "//internal/authz",
         "//internal/database",
         "//internal/extsvc",
@@ -36,8 +36,8 @@ go_test(
     ],
     embed = [":gitlab"],
     deps = [
-        "//cmd/frontend/auth/providers",
         "//internal/api",
+        "//internal/auth/providers",
         "//internal/authz",
         "//internal/database",
         "//internal/extsvc",

enterprise/internal/authz/gitlab/authz.go

@@ -3,9 +3,9 @@ package gitlab
 import (
 	"net/url"
 
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
 	atypes "github.com/sourcegraph/sourcegraph/enterprise/internal/authz/types"
 	"github.com/sourcegraph/sourcegraph/enterprise/internal/licensing"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/authz"
 	"github.com/sourcegraph/sourcegraph/internal/database"
 	"github.com/sourcegraph/sourcegraph/internal/extsvc"

enterprise/internal/authz/gitlab/common_test.go

@@ -9,7 +9,7 @@ import (
 
 	"github.com/davecgh/go-spew/spew"
 
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/extsvc"
 	"github.com/sourcegraph/sourcegraph/internal/extsvc/auth"
 	"github.com/sourcegraph/sourcegraph/internal/extsvc/gitlab"
@@ -206,6 +206,7 @@ func (m *mockGitLab) ListProjects(c *gitlab.Client, ctx context.Context, urlStr
 	}
 	return projs[(page-1)*perPage:], nil, nil
 }
+
 func (m *mockGitLab) ListTree(c *gitlab.Client, ctx context.Context, op gitlab.ListTreeOp) ([]*gitlab.Tree, error) {
 	if _, ok := m.madeListTree[c.Auth.Hash()]; !ok {
 		m.madeListTree[c.Auth.Hash()] = map[gitlab.ListTreeOp]int{}

enterprise/internal/authz/gitlab/sudo.go

@@ -7,7 +7,7 @@ import (
 	"strconv"
 	"time"
 
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/authz"
 	"github.com/sourcegraph/sourcegraph/internal/extsvc"
 	"github.com/sourcegraph/sourcegraph/internal/extsvc/gitlab"

enterprise/internal/authz/gitlab/sudo_test.go

@@ -14,8 +14,8 @@ import (
 	"github.com/google/go-cmp/cmp"
 	"github.com/sergi/go-diff/diffmatchpatch"
 
-	"github.com/sourcegraph/sourcegraph/cmd/frontend/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/api"
+	"github.com/sourcegraph/sourcegraph/internal/auth/providers"
 	"github.com/sourcegraph/sourcegraph/internal/authz"
 	"github.com/sourcegraph/sourcegraph/internal/extsvc"
 	"github.com/sourcegraph/sourcegraph/internal/extsvc/gitlab"

enterprise/internal/database/external_services.go

@@ -10,8 +10,10 @@ import (
 	"github.com/sourcegraph/sourcegraph/schema"
 )
 
-var ValidateExternalServiceConfig = database.MakeValidateExternalServiceConfigFunc([]func(*types.GitHubConnection) error{github.ValidateAuthz},
+var ValidateExternalServiceConfig = database.MakeValidateExternalServiceConfigFunc(
+	[]func(*types.GitHubConnection) error{github.ValidateAuthz},
 	[]func(*schema.GitLabConnection, []schema.AuthProviders) error{gitlab.ValidateAuthz},
 	[]func(*schema.BitbucketServerConnection) error{bitbucketserver.ValidateAuthz},
-	[]func(connection *schema.PerforceConnection) error{perforce.ValidateAuthz},
-	[]func(connection *schema.AzureDevOpsConnection) error{func(_ *schema.AzureDevOpsConnection) error { return nil }}) // TODO: @varsanojidan switch this with actual authz once its implemented.
+	[]func(*schema.PerforceConnection) error{perforce.ValidateAuthz},
+	[]func(*schema.AzureDevOpsConnection) error{func(_ *schema.AzureDevOpsConnection) error { return nil }},
+) // TODO: @varsanojidan switch this with actual authz once its implemented.

enterprise/internal/insights/BUILD.bazel

@@ -6,11 +6,11 @@ go_library(
     importpath = "github.com/sourcegraph/sourcegraph/enterprise/internal/insights",
     visibility = ["//enterprise:__subpackages__"],
     deps = [
-        "//cmd/frontend/graphqlbackend",
         "//enterprise/internal/database",
         "//internal/conf",
         "//internal/conf/conftypes",
         "//internal/database/connections/live",
+        "//internal/insights",
         "//internal/observation",
         "//lib/errors",
     ],