Clean up askpass_URL

* Tighten git e2e shim - exit on errors - simpler - don't set XDG_CONFIG_HOME * Reword logs
2022-06-25 11:08:31 -07:00 · 2022-06-25 11:08:31 -07:00 · e40079fa8d
parent 3719d0385e
commit e40079fa8d
2 changed files with 22 additions and 29 deletions
--- a/askpass_git.sh
+++ b/askpass_git.sh
@ -14,31 +14,24 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

-# Ask pass when cloning new repo, fail if it mismatched the magic password.
+# This script uses the in-container shell which is limited.  For example, it
+# does not support the 'pipefail' option.
+set -o errexit
+set -o nounset

-mkdir -p "${XDG_CONFIG_HOME}/git/"
-# Override the default 'git --global' config location, the default location
-# outside the e2e test environment. See https://git-scm.com/docs/git-config
-touch "${XDG_CONFIG_HOME}/git/config"
-# Override the default 'git credential store' config location, the default location
-# outside the e2e test environment. See https://git-scm.com/docs/git-credential-store
-touch "${XDG_CONFIG_HOME}/git/credentials"
-
-if [ "$1" != "clone" -a "$1" != "ls-remote" -a "$1" != "fetch" ]; then
-  git "$@"
-  exit $?
-fi
-
-# `git credential fill` requires the repo url match to consume the credentials stored by git-sync.
-# Askpass git only support repo started with "file://" which is used in test_e2e.sh.
-REPO=$(echo "$@" | grep -o "file://[^ ]*")
-OUTPUT=$(echo "url=${REPO}" | git credential fill)
-USERNAME=$(echo "${OUTPUT}" | grep "^username=.*")
-PASSWD=$(echo "${OUTPUT}" | grep "^password=.*")
-# Test case must match the magic username and password below.
-if [ "${USERNAME}" != "username=my-username" -o "${PASSWD}" != "password=my-password" ]; then
-  echo "invalid test username/password pair: ${USERNAME}:${PASSWD}"
-  exit 1
+# Ask pass some ops, fail if it mismatched the magic password.
+if [ "$1" = "clone" -o "$1" = "ls-remote" -o "$1" = "fetch" ]; then
+    # `git credential fill` requires the repo url match to consume the credentials stored by git-sync.
+    # Askpass git only support repo started with "file://" which is used in test_e2e.sh.
+    REPO=$(echo "$@" | grep -o "file://[^ ]*")
+    OUTPUT=$(echo "url=${REPO}" | git credential fill)
+    USERNAME=$(echo "${OUTPUT}" | grep "^username=.*")
+    PASSWD=$(echo "${OUTPUT}" | grep "^password=.*")
+    # Test case must match the magic username and password below.
+    if [ "${USERNAME}" != "username=my-username" -o "${PASSWD}" != "password=my-password" ]; then
+        echo "invalid test username/password pair: ${USERNAME}:${PASSWD}"
+        exit 1
+    fi
 fi

 git "$@"
--- a/cmd/git-sync/main.go
+++ b/cmd/git-sync/main.go
@ -1246,11 +1246,11 @@ func (git *repoSync) ResolveRef(ctx context.Context, ref string) (string, error)
 // returns (1) whether a change occured, (2) the new hash, and (3) an error if one happened
 func (git *repoSync) SyncRepo(ctx context.Context) (bool, string, error) {
 	if git.authURL != "" {
-		// For ASKPASS Callback URL, the credentials behind is dynamic, it needs to be
+		// When using an auth URL, the credentials can be dynamic, it needs to be
 		// re-fetched each time.
 		if err := git.CallAskPassURL(ctx); err != nil {
 			askpassCount.WithLabelValues(metricKeyError).Inc()
-			return false, "", fmt.Errorf("failed to call GIT_ASKPASS_URL: %v", err)
+			return false, "", fmt.Errorf("failed to get credentials from auth URL: %v", err)
 		}
 		askpassCount.WithLabelValues(metricKeySuccess).Inc()
 	}
@ -1317,7 +1317,7 @@ func (git *repoSync) GetRevs(ctx context.Context) (string, string, error) {
 // SetupAuth configures the local git repo to use a username and password when
 // accessing the repo.
 func (git *repoSync) SetupAuth(ctx context.Context, username, password string) error {
-	git.log.V(1).Info("setting up git credential store")
+	git.log.V(3).Info("storing git credentials")

 	_, err := git.run.Run(ctx, "", nil, git.cmd, "config", "--global", "credential.helper", "store")
 	if err != nil {
@ -1379,12 +1379,12 @@ func (git *repoSync) SetupCookieFile(ctx context.Context) error {
 // CallAskPassURL consults the specified URL looking for git credentials in the
 // response.
 //
-// The expected ASKPASS callback output are below,
+// The expected URL callback output is below,
 // see https://git-scm.com/docs/gitcredentials for more examples:
 //   username=xxx@example.com
 //   password=xxxyyyzzz
 func (git *repoSync) CallAskPassURL(ctx context.Context) error {
-	git.log.V(1).Info("calling GIT_ASKPASS URL to get credentials")
+	git.log.V(2).Info("calling auth URL to get credentials")

 	var netClient = &http.Client{
 		Timeout: time.Second * 1,