From 001025fd26f58434314d9f186ee0bdaebfa40799 Mon Sep 17 00:00:00 2001 From: Matt Moore Date: Wed, 3 Jul 2024 19:39:37 -0700 Subject: [PATCH] Preliminary support for `HTTP_AUTH`. (#84) I am still working through a few issues, but I believe the main problem at this point is that we don't support range requests. Signed-off-by: Matt Moore --- apko/private/apk.bzl | 38 ++++++++++++++++++++++++++++++++------ 1 file changed, 32 insertions(+), 6 deletions(-) diff --git a/apko/private/apk.bzl b/apko/private/apk.bzl index 8a7357d..db26a91 100644 --- a/apko/private/apk.bzl +++ b/apko/private/apk.bzl @@ -6,7 +6,7 @@ load(":util.bzl", "util") APK_IMPORT_TMPL = """\ # Generated by apk_import. DO NOT EDIT filegroup( - name = "all", + name = "all", srcs = glob( ["**/*.tar.gz", "**/*.apk"], allow_empty = True, @@ -15,6 +15,29 @@ filegroup( ) """ +def _auth(rctx, url): + if "HTTP_AUTH" not in rctx.os.environ: + return {} + http_auth = rctx.os.environ["HTTP_AUTH"] + + parts = http_auth.split(":", 3) + if len(parts) != 4: + fail("malformed HTTP_AUTH environment variable wanted basic:REALM:USER:PASSWORD, but got {} parts", len(parts)) + + if parts[0].lower() != "basic": + fail("malformed HTTP_AUTH environment variable wanted basic:REALM:USER:PASSWORD, but got {} for first part", parts[0]) + + if not url.startswith("https://{}".format(parts[1])): + return {} + + return { + url: { + "type": "basic", + "login": parts[2], + "password": parts[3], + }, + } + def _range(url, range): return "{}#_apk_range_{}".format(url, range.replace("=", "_")) @@ -36,10 +59,10 @@ def _check_initial_setup(rctx): if bytes[0] != "1": fail(""" -‼️ We encountered an issue with your current configuration that prevents partial package fetching during downloads. +‼️ We encountered an issue with your current configuration that prevents partial package fetching during downloads. This may indicate either a misconfiguration or that the initial setup hasn't been performed correctly. -To resolve this issue and enable partial package fetching, please follow the step-by-step instructions in our documentation. +To resolve this issue and enable partial package fetching, please follow the step-by-step instructions in our documentation. 📚 Documentation: https://github.com/chainguard-dev/rules_apko/blob/main/docs/initial-setup.md @@ -50,11 +73,13 @@ def _download(rctx, url, rng, **kwargs): return rctx.download( url = [url], headers = {"Range": [rng]}, + auth = _auth(rctx, url), **kwargs ) else: return rctx.download( url = [_range(url, rng)], + auth = _auth(rctx, url), **kwargs ) @@ -123,7 +148,7 @@ apk_import = repository_rule( APK_REPOSITORY_TMPL = """\ # Generated by apk_repository. DO NOT EDIT filegroup( - name = "index", + name = "index", srcs = glob(["**/APKINDEX/*.tar.gz"]), visibility = ["//visibility:public"] ) @@ -135,6 +160,7 @@ def _apk_repository_impl(rctx): _check_initial_setup(rctx) rctx.download( url = [rctx.attr.url], + auth = _auth(rctx, rctx.attr.url), output = "{}/{}/APKINDEX/latest.tar.gz".format(repo_escaped, rctx.attr.architecture), ) rctx.file("BUILD.bazel", APK_REPOSITORY_TMPL) @@ -150,7 +176,7 @@ apk_repository = repository_rule( APK_KEYRING_TMPL = """\ # Generated by apk_import. DO NOT EDIT filegroup( - name = "keyring", + name = "keyring", srcs = ["{public_key}"], visibility = ["//visibility:public"] ) @@ -177,7 +203,7 @@ def _cachePathFromURL(url): def _apk_keyring_impl(rctx): public_key = _cachePathFromURL(rctx.attr.url) - rctx.download(url = [rctx.attr.url], output = public_key) + rctx.download(url = [rctx.attr.url], output = public_key, auth = _auth(rctx, rctx.attr.url)) rctx.file("BUILD.bazel", APK_KEYRING_TMPL.format(public_key = public_key)) apk_keyring = repository_rule(