Add support for auth_patterns in go_repository

Initial PR to handle netrc had support for auth_patterns bazelbuild#848 But final version didn't bazelbuild#1090 auth_patterns can still be needed, for example for private github repositories Can be used like this ```python go_repository( name = "something", auth_patterns = { "api.github.com": "Bearer <password>", }, importpath = "github.com/someorg/something", strip_prefix = "something-...", type = "zip", urls = ["https://api.github.com/repos/someorg/something/zipball/..."], ) ``` Copying parameter documentation from bazel code
dmivankov · May 18, 2022 · 22d9ac3 · 22d9ac3
1 parent 757e291
commit 22d9ac3
Showing 1 changed file with 40 additions and 1 deletion.
diff --git a/internal/go_repository.bzl b/internal/go_repository.bzl
@@ -68,6 +68,42 @@ go_repository(
 
 """
 
+# copied from
+# https://github.com/bazelbuild/bazel/blob/d273cb62f43ef8169415cf60fc96e503ea2ad823/tools/build_defs/repo/http.bzl#L76
+_AUTH_PATTERN_DOC = """An optional dict mapping host names to custom authorization patterns.
+
+If a URL's host name is present in this dict the value will be used as a pattern when
+generating the authorization header for the http request. This enables the use of custom
+authorization schemes used in a lot of common cloud storage providers.
+
+The pattern currently supports 2 tokens: <code>&lt;login&gt;</code> and
+<code>&lt;password&gt;</code>, which are replaced with their equivalent value
+in the netrc file for the same host name. After formatting, the result is set
+as the value for the <code>Authorization</code> field of the HTTP request.
+
+Example attribute and netrc for a http download to an oauth2 enabled API using a bearer token:
+
+<pre>
+auth_patterns = {
+    "storage.cloudprovider.com": "Bearer &lt;password&gt;"
+}
+</pre>
+
+netrc:
+
+<pre>
+machine storage.cloudprovider.com
+        password RANDOM-TOKEN
+</pre>
+
+The final HTTP request would have the following header:
+
+<pre>
+Authorization: Bearer RANDOM-TOKEN
+</pre>
+"""
+
+
 # We can't disable timeouts on Bazel, but we can set them to large values.
 _GO_REPOSITORY_TIMEOUT = 86400
 
@@ -85,7 +121,7 @@ def _get_auth(ctx, urls):
 
     if netrcfile and ctx.path(netrcfile).exists:
         netrc = read_netrc(ctx, netrcfile)
-        return use_netrc(netrc, urls, {})
+        return use_netrc(netrc, urls, ctx.attr.auth_patterns)
 
     return {}
 
@@ -355,6 +391,9 @@ go_repository = repository_rule(
             doc = """If the repository is downloaded via HTTP (`urls` is set) and this is set, restrict cache hits to those cases where the
             repository was added to the cache with the same canonical id.""",
         ),
+        "auth_patterns": attr.string_dict(
+            doc = _AUTH_PATTERN_DOC,
+        ),
 
         # Attributes for a module that should be downloaded with the Go toolchain.
         "version": attr.string(