BasicAuth

open-component-model · Apr 30, 2024 · 5865363 · 5865363
1 parent 96cabdb
commit 5865363
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 32 deletions.
diff --git a/pkg/contexts/credentials/builtin/mvn/identity/identity.go b/pkg/contexts/credentials/builtin/mvn/identity/identity.go
@@ -1,13 +1,15 @@
 package identity
 
 import (
+	"net/http"
 	"path"
 
 	. "net/url"
 
 	"github.com/open-component-model/ocm/pkg/common"
 	"github.com/open-component-model/ocm/pkg/contexts/credentials/cpi"
 	"github.com/open-component-model/ocm/pkg/contexts/credentials/identity/hostpath"
+	"github.com/open-component-model/ocm/pkg/contexts/ocm/cpi/accspeccpi"
 	"github.com/open-component-model/ocm/pkg/listformat"
 	"github.com/open-component-model/ocm/pkg/logging"
 )
@@ -59,3 +61,16 @@ func GetCredentials(ctx cpi.ContextProvider, repoUrl, groupId string) common.Pro
 	}
 	return credentials.Properties()
 }
+
+func BasicAuth(req *http.Request, ctx accspeccpi.Context, repoUrl, groupId string) {
+	credentials := GetCredentials(ctx, repoUrl, groupId)
+	if credentials == nil {
+		return
+	}
+	username := credentials[ATTR_USERNAME]
+	password := credentials[ATTR_PASSWORD]
+	if username == "" || password == "" {
+		return
+	}
+	req.SetBasicAuth(username, password)
+}
diff --git a/pkg/contexts/ocm/accessmethods/mvn/integration_test.go b/pkg/contexts/ocm/accessmethods/mvn/integration_test.go
@@ -34,7 +34,7 @@ var _ = Describe("online accessmethods.mvn.AccessSpec integration tests", func()
 	// https://repo1.maven.org/maven2/com/sap/cloud/sdk/sdk-modules-bom/5.7.0
 	It("one single pom only", func() {
 		acc := mvn.New("https://repo1.maven.org/maven2", "com.sap.cloud.sdk", "sdk-modules-bom", "5.7.0")
-		files, err := acc.GavFiles()
+		files, err := acc.GavFiles(cv.GetContext())
 		Expect(err).ToNot(HaveOccurred())
 		Expect(files).To(HaveLen(1))
 		Expect(files["sdk-modules-bom-5.7.0.pom"]).To(Equal(crypto.SHA1))
@@ -55,7 +55,7 @@ var _ = Describe("online accessmethods.mvn.AccessSpec integration tests", func()
 		acc := mvn.New("https://repo1.maven.org/maven2", "org.apache.maven", "apache-maven", "3.9.6")
 		Expect(acc).ToNot(BeNil())
 		Expect(acc.BaseUrl()).To(Equal("https://repo1.maven.org/maven2/org/apache/maven/apache-maven/3.9.6"))
-		files, err := acc.GavFiles()
+		files, err := acc.GavFiles(cv.GetContext())
 		Expect(err).ToNot(HaveOccurred())
 		Expect(files).To(HaveLen(8))
 		Expect(files["apache-maven-3.9.6-src.zip"]).To(Equal(crypto.SHA512))

diff --git a/pkg/contexts/ocm/accessmethods/mvn/method.go b/pkg/contexts/ocm/accessmethods/mvn/method.go
@@ -144,7 +144,7 @@ func (a *AccessSpec) GetPackageMeta(ctx accspeccpi.Context) (*meta, error) {
 	fs := vfsattr.Get(ctx)
 
 	log := log.WithValues("BaseUrl", a.BaseUrl())
-	fileMap, err := a.GavFiles(fs)
+	fileMap, err := a.GavFiles(ctx, fs)
 	if err != nil {
 		return nil, err
 	}
@@ -170,7 +170,7 @@ func (a *AccessSpec) GetPackageMeta(ctx accspeccpi.Context) (*meta, error) {
 		metadata.MimeType = artifact.MimeType()
 		if hash > 0 {
 			metadata.HashType = hash
-			metadata.Hash, err = getStringData(metadata.Bin+hashUrlExt(hash), fs)
+			metadata.Hash, err = getStringData(ctx, metadata.Bin+hashUrlExt(hash), fs)
 			if err != nil {
 				return nil, errors.Wrapf(err, "cannot read %s digest of: %s", hash, metadata.Bin)
 			}
@@ -190,7 +190,7 @@ func (a *AccessSpec) GetPackageMeta(ctx accspeccpi.Context) (*meta, error) {
 			return nil, err
 		}
 		defer out.Close()
-		reader, err := getReader(metadata.Bin, fs)
+		reader, err := getReader(ctx, metadata.Bin, fs)
 		if err != nil {
 			return nil, err
 		}
@@ -247,12 +247,12 @@ func filterByClassifier(fileMap map[string]crypto.Hash, classifier string) map[s
 	return filtered
 }
 
-func (a *AccessSpec) GavFiles(fs ...vfs.FileSystem) (map[string]crypto.Hash, error) {
+func (a *AccessSpec) GavFiles(ctx accspeccpi.Context, fs ...vfs.FileSystem) (map[string]crypto.Hash, error) {
 	if strings.HasPrefix(a.Repository, "file://") && len(fs) > 0 {
 		dir := a.Repository[7:]
 		return gavFilesFromDisk(fs[0], dir)
 	}
-	return a.gavOnlineFiles()
+	return a.gavOnlineFiles(ctx)
 }
 
 func gavFilesFromDisk(fs vfs.FileSystem, dir string) (map[string]crypto.Hash, error) {
@@ -264,11 +264,11 @@ func gavFilesFromDisk(fs vfs.FileSystem, dir string) (map[string]crypto.Hash, er
 }
 
 // gavOnlineFiles returns the files of the Maven (mvn) artifact in the repository and their available digests.
-func (a *AccessSpec) gavOnlineFiles() (map[string]crypto.Hash, error) {
+func (a *AccessSpec) gavOnlineFiles(ctx accspeccpi.Context) (map[string]crypto.Hash, error) {
 	log := log.WithValues("BaseUrl", a.BaseUrl())
 	log.Debug("gavOnlineFiles")
 
-	reader, err := getReader(a.BaseUrl(), nil)
+	reader, err := getReader(ctx, a.BaseUrl(), nil)
 	if err != nil {
 		return nil, err
 	}
@@ -334,8 +334,8 @@ func bestAvailableHash(list []string, filename string) crypto.Hash {
 ////////////////////////////////////////////////////////////////////////////////
 
 // getStringData reads all data from the given URL and returns it as a string.
-func getStringData(url string, fs vfs.FileSystem) (string, error) {
-	r, err := getReader(url, fs)
+func getStringData(ctx accspeccpi.Context, url string, fs vfs.FileSystem) (string, error) {
+	r, err := getReader(ctx, url, fs)
 	if err != nil {
 		return "", err
 	}
@@ -360,7 +360,7 @@ func newMethod(c accspeccpi.ComponentVersionAccess, a *AccessSpec) (accspeccpi.A
 		}
 
 		reader := func() (io.ReadCloser, error) {
-			return getReader(meta.Bin, vfsattr.Get(c.GetContext()))
+			return getReader(c.GetContext(), meta.Bin, vfsattr.Get(c.GetContext()))
 		}
 		if meta.Hash != "" {
 			getreader := reader
@@ -379,7 +379,7 @@ func newMethod(c accspeccpi.ComponentVersionAccess, a *AccessSpec) (accspeccpi.A
 	return accspeccpi.NewDefaultMethodImpl(c, a, "", a.MimeType(), factory), nil
 }
 
-func getReader(url string, fs vfs.FileSystem) (io.ReadCloser, error) {
+func getReader(ctx accspeccpi.Context, url string, fs vfs.FileSystem) (io.ReadCloser, error) {
 	if strings.HasPrefix(url, "file://") {
 		path := url[7:]
 		return fs.OpenFile(path, vfs.O_RDONLY, 0o600)
@@ -389,6 +389,7 @@ func getReader(url string, fs vfs.FileSystem) (io.ReadCloser, error) {
 	if err != nil {
 		return nil, err
 	}
+	identity.BasicAuth(req, ctx, url, "")
 	httpClient := &http.Client{}
 	resp, err := httpClient.Do(req)
 	if err != nil {

diff --git a/pkg/contexts/ocm/blobhandler/handlers/generic/mvn/blobhandler.go b/pkg/contexts/ocm/blobhandler/handlers/generic/mvn/blobhandler.go
@@ -14,6 +14,7 @@ import (
 	"github.com/open-component-model/ocm/pkg/contexts/credentials/builtin/mvn/identity"
 	"github.com/open-component-model/ocm/pkg/contexts/ocm/accessmethods/mvn"
 	"github.com/open-component-model/ocm/pkg/contexts/ocm/cpi"
+	"github.com/open-component-model/ocm/pkg/contexts/ocm/cpi/accspeccpi"
 	"github.com/open-component-model/ocm/pkg/contexts/ocm/resourcetypes"
 	"github.com/open-component-model/ocm/pkg/iotools"
 	"github.com/open-component-model/ocm/pkg/logging"
@@ -53,32 +54,16 @@ func (b *artifactHandler) StoreBlob(blob cpi.BlobAccess, resourceType string, hi
 
 	// setup logger
 	log := log.WithValues("repository", b.spec.Url)
-
 	// identify artifact
 	artifact := mvn.DeSerialize(hint)
 	log = log.WithValues("groupId", artifact.GroupId, "artifactId", artifact.ArtifactId, "version", artifact.Version)
 	log.Debug("identified")
 
-	// get credentials
-	cred := identity.GetCredentials(ctx.GetContext(), b.spec.Url, artifact.GroupPath())
-	if cred == nil {
-		return nil, fmt.Errorf("no credentials found for %s. Couldn't upload '%s'", b.spec.Url, artifact)
-	}
-	username := cred[identity.ATTR_USERNAME]
-	password := cred[identity.ATTR_PASSWORD]
-	if username == "" || password == "" {
-		return nil, fmt.Errorf("credentials for %s are invalid. Username or password missing! Couldn't upload '%s'", b.spec.Url, artifact)
-	}
-	log = log.WithValues("user", username)
-	log.Debug("found credentials")
-
-	// Create a new request
 	blobReader, err := blob.Reader()
 	if err != nil {
 		return nil, err
 	}
 	defer blobReader.Close()
-
 	tempFs, err := tarutils.ExtractTgzToTempFs(blobReader)
 	if err != nil {
 		return nil, err
@@ -106,7 +91,7 @@ func (b *artifactHandler) StoreBlob(blob cpi.BlobAccess, resourceType string, hi
 			return nil, err
 		}
 		defer reader.Close()
-		err = deploy(artifact, b.spec.Url, reader, username, password, hr)
+		err = deploy(artifact, b.spec.Url, reader, ctx.GetContext(), hr)
 		if err != nil {
 			return nil, err
 		}
@@ -117,12 +102,12 @@ func (b *artifactHandler) StoreBlob(blob cpi.BlobAccess, resourceType string, hi
 }
 
 // deploy an artifact to the specified destination. See https://jfrog.com/help/r/jfrog-rest-apis/deploy-artifact
-func deploy(artifact *mvn.Artifact, url string, reader io.ReadCloser, username string, password string, hashes *iotools.HashReader) error {
+func deploy(artifact *mvn.Artifact, url string, reader io.ReadCloser, ctx accspeccpi.Context, hashes *iotools.HashReader) error {
 	req, err := http.NewRequestWithContext(context.Background(), http.MethodPut, artifact.Url(url), reader)
 	if err != nil {
 		return err
 	}
-	req.SetBasicAuth(username, password)
+	identity.BasicAuth(req, ctx, url, artifact.GroupPath())
 	// give the remote server a chance to decide based upon the checksum policy
 	for k, v := range hashes.HttpHeader() {
 		req.Header.Set(k, v)