Read authentication information from .netrc

Workaround for #13709 Closes #20417. PiperOrigin-RevId: 588762567 Change-Id: Ie02d7ff6ffaad646bf67059bebc7e0d5894f079e
bazelbuild · Dec 7, 2023 · ce8bd90 · ce8bd90
1 parent dc5dd04
commit ce8bd90
Show file tree

Hide file tree

Showing 5 changed files with 48 additions and 30 deletions.
diff --git a/MODULE.bazel.lock b/MODULE.bazel.lock
diff --git a/src/test/tools/bzlmod/MODULE.bazel.lock b/src/test/tools/bzlmod/MODULE.bazel.lock
diff --git a/tools/build_defs/repo/http.bzl b/tools/build_defs/repo/http.bzl
@@ -45,11 +45,9 @@ load(
 )
 load(
     ":utils.bzl",
+    "get_auth",
     "patch",
-    "read_netrc",
-    "read_user_netrc",
     "update_attrs",
-    "use_netrc",
     "workspace_and_buildfile",
 )
 
@@ -119,16 +117,6 @@ Authorization: Bearer RANDOM-TOKEN
 </pre>
 """
 
-def _get_auth(ctx, urls):
-    """Given the list of URLs obtain the correct auth dict."""
-    if ctx.attr.netrc:
-        netrc = read_netrc(ctx, ctx.attr.netrc)
-    elif "NETRC" in ctx.os.environ:
-        netrc = read_netrc(ctx, ctx.os.environ["NETRC"])
-    else:
-        netrc = read_user_netrc(ctx)
-    return use_netrc(netrc, urls, ctx.attr.auth_patterns)
-
 def _update_integrity_attr(ctx, attrs, download_info):
     # We don't need to override the integrity attribute if sha256 is already specified.
     integrity_override = {} if ctx.attr.sha256 else {"integrity": download_info.integrity}
@@ -140,7 +128,7 @@ def _http_archive_impl(ctx):
         fail("Only one of build_file and build_file_content can be provided.")
 
     all_urls = _get_all_urls(ctx)
-    auth = _get_auth(ctx, all_urls)
+    auth = get_auth(ctx, all_urls)
 
     download_info = ctx.download_and_extract(
         all_urls,
@@ -182,7 +170,7 @@ def _http_file_impl(ctx):
     if download_path in forbidden_files or not str(download_path).startswith(str(repo_root)):
         fail("'%s' cannot be used as downloaded_file_path in http_file" % ctx.attr.downloaded_file_path)
     all_urls = _get_all_urls(ctx)
-    auth = _get_auth(ctx, all_urls)
+    auth = get_auth(ctx, all_urls)
     download_info = ctx.download(
         all_urls,
         "file/" + downloaded_file_path,
@@ -219,7 +207,7 @@ filegroup(
 def _http_jar_impl(ctx):
     """Implementation of the http_jar rule."""
     all_urls = _get_all_urls(ctx)
-    auth = _get_auth(ctx, all_urls)
+    auth = get_auth(ctx, all_urls)
     downloaded_file_name = ctx.attr.downloaded_file_name
     download_info = ctx.download(
         all_urls,

diff --git a/tools/build_defs/repo/jvm.bzl b/tools/build_defs/repo/jvm.bzl
@@ -44,6 +44,10 @@ load(
     "DEFAULT_CANONICAL_ID_ENV",
     "get_default_canonical_id",
 )
+load(
+    ":utils.bzl",
+    "get_auth",
+)
 
 _HEADER = "# DO NOT EDIT: generated by jvm_import_external()"
 
@@ -124,13 +128,15 @@ def _jvm_import_external(repository_ctx):
         path,
         sha,
         canonical_id = repository_ctx.attr.canonical_id or get_default_canonical_id(repository_ctx, urls),
+        auth = get_auth(repository_ctx, urls),
     )
     if srcurls and _should_fetch_sources_in_current_env(repository_ctx):
         repository_ctx.download(
             srcurls,
             srcpath,
             srcsha,
             canonical_id = repository_ctx.attr.canonical_id,
+            auth = get_auth(repository_ctx, srcurls),
         )
     repository_ctx.file("BUILD", "\n".join(lines))
     repository_ctx.file("%s/BUILD" % extension, "\n".join([

diff --git a/tools/build_defs/repo/utils.bzl b/tools/build_defs/repo/utils.bzl
@@ -420,3 +420,27 @@ def read_user_netrc(ctx):
     if not ctx.path(netrcfile).exists:
         return {}
     return read_netrc(ctx, netrcfile)
+
+def get_auth(ctx, urls):
+    """Utility function to obtain the correct auth dict for a list of urls from .netrc file.
+
+    Support optional netrc and auth_patterns attributes if available.
+
+    Args:
+      ctx: The repository context of the repository rule calling this utility
+        function.
+      urls: the list of urls to read
+
+    Returns:
+      the auth dict which can be passed to repository_ctx.download
+    """
+    if hasattr(ctx.attr, "netrc") and ctx.attr.netrc:
+        netrc = read_netrc(ctx, ctx.attr.netrc)
+    elif "NETRC" in ctx.os.environ:
+        netrc = read_netrc(ctx, ctx.os.environ["NETRC"])
+    else:
+        netrc = read_user_netrc(ctx)
+    auth_patterns = {}
+    if hasattr(ctx.attr, "auth_patterns") and ctx.attr.auth_patterns:
+        auth_patterns = ctx.attr.auth_patterns
+    return use_netrc(netrc, urls, auth_patterns)