Add support for auth_patterns in go_repository (#1254)

Initial PR to handle netrc had support for auth_patterns #848 But final version didn't #1090 auth_patterns can still be needed, for example for private github repositories Can be used like this ```python go_repository( name = "something", auth_patterns = { "api.github.com": "Bearer <password>", }, importpath = "github.com/someorg/something", strip_prefix = "something-...", type = "zip", urls = ["https://api.github.com/repos/someorg/something/zipball/..."], ) ```
bazelbuild · Jun 12, 2022 · 55d692e · 55d692e
1 parent 5bd1e0c
commit 55d692e
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 2 deletions.
diff --git a/internal/go_repository.bzl b/internal/go_repository.bzl
@@ -68,6 +68,42 @@ go_repository(
 
 """
 
+# copied from
+# https://github.com/bazelbuild/bazel/blob/d273cb62f43ef8169415cf60fc96e503ea2ad823/tools/build_defs/repo/http.bzl#L76
+_AUTH_PATTERN_DOC = """An optional dict mapping host names to custom authorization patterns.
+
+If a URL's host name is present in this dict the value will be used as a pattern when
+generating the authorization header for the http request. This enables the use of custom
+authorization schemes used in a lot of common cloud storage providers.
+
+The pattern currently supports 2 tokens: <code>&lt;login&gt;</code> and
+<code>&lt;password&gt;</code>, which are replaced with their equivalent value
+in the netrc file for the same host name. After formatting, the result is set
+as the value for the <code>Authorization</code> field of the HTTP request.
+
+Example attribute and netrc for a http download to an oauth2 enabled API using a bearer token:
+
+<pre>
+auth_patterns = {
+    "storage.cloudprovider.com": "Bearer &lt;password&gt;"
+}
+</pre>
+
+netrc:
+
+<pre>
+machine storage.cloudprovider.com
+        password RANDOM-TOKEN
+</pre>
+
+The final HTTP request would have the following header:
+
+<pre>
+Authorization: Bearer RANDOM-TOKEN
+</pre>
+"""
+
+
 # We can't disable timeouts on Bazel, but we can set them to large values.
 _GO_REPOSITORY_TIMEOUT = 86400
 
@@ -85,7 +121,7 @@ def _get_auth(ctx, urls):
 
     if netrcfile and ctx.path(netrcfile).exists:
         netrc = read_netrc(ctx, netrcfile)
-        return use_netrc(netrc, urls, {})
+        return use_netrc(netrc, urls, ctx.attr.auth_patterns)
 
     return {}
 
@@ -355,6 +391,9 @@ go_repository = repository_rule(
             doc = """If the repository is downloaded via HTTP (`urls` is set) and this is set, restrict cache hits to those cases where the
             repository was added to the cache with the same canonical id.""",
         ),
+        "auth_patterns": attr.string_dict(
+            doc = _AUTH_PATTERN_DOC,
+        ),
 
         # Attributes for a module that should be downloaded with the Go toolchain.
         "version": attr.string(

diff --git a/repository.md b/repository.md
@@ -104,7 +104,7 @@ git_repository(
 ## go_repository
 
 <pre>
-go_repository(<a href="#go_repository-name">name</a>, <a href="#go_repository-build_config">build_config</a>, <a href="#go_repository-build_directives">build_directives</a>, <a href="#go_repository-build_external">build_external</a>, <a href="#go_repository-build_extra_args">build_extra_args</a>,
+go_repository(<a href="#go_repository-name">name</a>, <a href="#go_repository-auth_patterns">auth_patterns</a>, <a href="#go_repository-build_config">build_config</a>, <a href="#go_repository-build_directives">build_directives</a>, <a href="#go_repository-build_external">build_external</a>, <a href="#go_repository-build_extra_args">build_extra_args</a>,
               <a href="#go_repository-build_file_generation">build_file_generation</a>, <a href="#go_repository-build_file_name">build_file_name</a>, <a href="#go_repository-build_file_proto_mode">build_file_proto_mode</a>, <a href="#go_repository-build_naming_convention">build_naming_convention</a>,
               <a href="#go_repository-build_tags">build_tags</a>, <a href="#go_repository-canonical_id">canonical_id</a>, <a href="#go_repository-commit">commit</a>, <a href="#go_repository-debug_mode">debug_mode</a>, <a href="#go_repository-importpath">importpath</a>, <a href="#go_repository-patch_args">patch_args</a>, <a href="#go_repository-patch_cmds">patch_cmds</a>,
               <a href="#go_repository-patch_tool">patch_tool</a>, <a href="#go_repository-patches">patches</a>, <a href="#go_repository-remote">remote</a>, <a href="#go_repository-replace">replace</a>, <a href="#go_repository-repo_mapping">repo_mapping</a>, <a href="#go_repository-sha256">sha256</a>, <a href="#go_repository-strip_prefix">strip_prefix</a>, <a href="#go_repository-sum">sum</a>, <a href="#go_repository-tag">tag</a>,
@@ -169,6 +169,7 @@ go_repository(
 | Name  | Description | Type | Mandatory | Default |
 | :------------- | :------------- | :------------- | :------------- | :------------- |
 | <a id="go_repository-name"></a>name |  A unique name for this repository.   | <a href="https://bazel.build/docs/build-ref.html#name">Name</a> | required |  |
+| <a id="go_repository-auth_patterns"></a>auth_patterns |  An optional dict mapping host names to custom authorization patterns.<br><br>If a URL's host name is present in this dict the value will be used as a pattern when generating the authorization header for the http request. This enables the use of custom authorization schemes used in a lot of common cloud storage providers.<br><br>The pattern currently supports 2 tokens: &lt;code&gt;&lt;login&gt;&lt;/code&gt; and &lt;code&gt;&lt;password&gt;&lt;/code&gt;, which are replaced with their equivalent value in the netrc file for the same host name. After formatting, the result is set as the value for the &lt;code&gt;Authorization&lt;/code&gt; field of the HTTP request.<br><br>Example attribute and netrc for a http download to an oauth2 enabled API using a bearer token:<br><br>&lt;pre&gt; auth_patterns = {     "storage.cloudprovider.com": "Bearer &lt;password&gt;" } &lt;/pre&gt;<br><br>netrc:<br><br>&lt;pre&gt; machine storage.cloudprovider.com         password RANDOM-TOKEN &lt;/pre&gt;<br><br>The final HTTP request would have the following header:<br><br>&lt;pre&gt; Authorization: Bearer RANDOM-TOKEN &lt;/pre&gt;   | <a href="https://bazel.build/docs/skylark/lib/dict.html">Dictionary: String -> String</a> | optional | {} |
 | <a id="go_repository-build_config"></a>build_config |  A file that Gazelle should read to learn about external repositories before             generating build files. This is useful for dependency resolution. For example,             a <code>go_repository</code> rule in this file establishes a mapping between a             repository name like <code>golang.org/x/tools</code> and a workspace name like             <code>org_golang_x_tools</code>. Workspace directives like             <code># gazelle:repository_macro</code> are recognized.<br><br>            <code>go_repository</code> rules will be re-evaluated when parts of WORKSPACE related             to Gazelle's configuration are changed, including Gazelle directives and             <code>go_repository</code> <code>name</code> and <code>importpath</code> attributes.             Their content should still be fetched from a local cache, but build files             will be regenerated. If this is not desirable, <code>build_config</code> may be set             to a less frequently updated file or <code>None</code> to disable this functionality.   | <a href="https://bazel.build/docs/build-ref.html#labels">Label</a> | optional | @bazel_gazelle_go_repository_config//:WORKSPACE |
 | <a id="go_repository-build_directives"></a>build_directives |  A list of directives to be written to the root level build file before             Calling Gazelle to generate build files. Each string in the list will be             prefixed with <code>#</code> automatically. A common use case is to pass a list of             Gazelle directives.   | List of strings | optional | [] |
 | <a id="go_repository-build_external"></a>build_external |  One of <code>"external"</code>, <code>"static"</code> or <code>"vendored"</code>.<br><br>            This sets Gazelle's <code>-external</code> command line flag. In <code>"static"</code> mode,             Gazelle will not call out to the network to resolve imports.<br><br>            **NOTE:** This cannot be used to ignore the <code>vendor</code> directory in a             repository. The <code>-external</code> flag only controls how Gazelle resolves             imports which are not present in the repository. Use             <code>build_extra_args = ["-exclude=vendor"]</code> instead.   | String | optional | "static" |