(buildstream-plugins) 01/01: cargo: add support for bearer http authentication

akitouni Sun, 07 Apr 2024 10:19:10 -0700

This is an automated email from the ASF dual-hosted git repository.

akitouni pushed a commit to branch abderrahim/bearer-auth
in repository https://gitbox.apache.org/repos/asf/buildstream-plugins.git


commit 018a92497be162ca980148d6753c9d228401ed7f
Author: Abderrahim Kitouni <[email protected]>
AuthorDate: Mon Mar 11 15:48:09 2024 +0100

    cargo: add support for bearer http authentication
---
 src/buildstream_plugins/sources/_utils.py | 16 ++++++++++++----
 src/buildstream_plugins/sources/cargo.py  | 22 ++++++++++++++--------
 2 files changed, 26 insertions(+), 12 deletions(-)

diff --git a/src/buildstream_plugins/sources/_utils.py 
b/src/buildstream_plugins/sources/_utils.py
index 27dfeb3..1ed10ff 100644
--- a/src/buildstream_plugins/sources/_utils.py
+++ b/src/buildstream_plugins/sources/_utils.py
@@ -62,22 +62,30 @@ class _UrlOpenerCreator:
     def __init__(self, netrc_config):
         self.netrc_config = netrc_config
 
-    def get_url_opener(self):
-        if self.netrc_config:
+    def get_url_opener(self, bearer_auth):
+        if self.netrc_config and not bearer_auth:
             netrc_pw_mgr = _NetrcPasswordManager(self.netrc_config)
             http_auth = urllib.request.HTTPBasicAuthHandler(netrc_pw_mgr)
             return urllib.request.build_opener(http_auth)
         return urllib.request.build_opener()
 
 
-def download_file(url, etag, directory):
+def download_file(url, etag, directory, auth_scheme):
     opener_creator = _UrlOpenerCreator(_parse_netrc())
-    opener = opener_creator.get_url_opener()
+    opener = opener_creator.get_url_opener(auth_scheme == "bearer")
     default_name = os.path.basename(url)
     request = urllib.request.Request(url)
     request.add_header("Accept", "*/*")
     request.add_header("User-Agent", "BuildStream/2")
 
+    if opener_creator.netrc_config and auth_scheme == "bearer":
+        parts = urllib.parse.urlsplit(url)
+        entry = opener_creator.netrc_config.authenticators(parts.hostname)
+        if entry:
+            _, _, password = entry
+            auth_header = "Bearer " + password
+            request.add_header("Authorization", auth_header)
+
     if etag is not None:
         request.add_header("If-None-Match", etag)
 
diff --git a/src/buildstream_plugins/sources/cargo.py 
b/src/buildstream_plugins/sources/cargo.py
index 42fcaa3..c2fa7fb 100644
--- a/src/buildstream_plugins/sources/cargo.py
+++ b/src/buildstream_plugins/sources/cargo.py
@@ -121,10 +121,11 @@ class Crate(SourceFetcher):
         if os.path.isfile(self._get_mirror_file()):
             return  # pragma: nocover
 
+        extra_data = {}
         # Download the crate
-        crate_url = self._get_url(alias_override)
+        crate_url, auth_scheme = self._get_url(alias_override)
         with self.cargo.timed_activity("Downloading: {}".format(crate_url), 
silent_nested=True):
-            sha256 = self._download(crate_url)
+            sha256 = self._download(crate_url, auth_scheme)
             if self.sha is not None and sha256 != self.sha:
                 raise SourceError(
                     "File downloaded from {} has sha256sum '{}', not 
'{}'!".format(crate_url, sha256, self.sha)
@@ -194,7 +195,7 @@ class Crate(SourceFetcher):
     # Returns:
     #    (str): The sha256 checksum of the downloaded crate
     #
-    def _download(self, url):
+    def _download(self, url, auth_scheme):
         # We do not use etag in case what we have in cache is
         # not matching ref in order to be able to recover from
         # corrupted download.
@@ -204,7 +205,7 @@ class Crate(SourceFetcher):
             etag = None
 
         with self.cargo.tempdir() as td:
-            local_file, etag, error = download_file(url, etag, td)
+            local_file, etag, error = download_file(url, etag, td, auth_scheme)
 
             if error:
                 raise SourceError("{}: Error mirroring {}: {}".format(self, 
url, error), temporary=True)
@@ -234,10 +235,15 @@ class Crate(SourceFetcher):
     #
     def _get_url(self, alias=None):
         path = "{name}/{name}-{version}.crate".format(name=self.name, 
version=self.version)
+        extra_data = {}
         if utils.get_bst_version() >= (2, 2):
-            return self.cargo.translate_url(self.cargo.url, suffix=path, 
alias_override=alias)
+            translated_url = self.cargo.translate_url(
+                self.cargo.url, suffix=path, alias_override=alias, 
extra_data=extra_data
+            )
         else:
-            return self.cargo.translate_url(self.cargo.url, 
alias_override=alias) + path
+            translated_url = self.cargo.translate_url(self.cargo.url, 
alias_override=alias) + path
+
+        return translated_url, extra_data.get("http-auth")
 
     # _get_etag()
     #
@@ -387,9 +393,9 @@ class CargoSource(Source):
 
             crate = Crate(self, crate_obj["name"], crate_obj["version"])
 
-            crate_url = crate._get_url()
+            crate_url, auth_scheme = crate._get_url()
             with self.timed_activity("Downloading: {}".format(crate_url), 
silent_nested=True):
-                crate_obj["sha"] = crate._download(crate_url)
+                crate_obj["sha"] = crate._download(crate_url, auth_scheme)
 
         return new_ref

(buildstream-plugins) 01/01: cargo: add support for bearer http authentication

Reply via email to