From ce8bd90353c1dd9f394fcc84a61f1cc7ee17974e Mon Sep 17 00:00:00 2001 From: Gunnar Wagenknecht Date: Thu, 7 Dec 2023 05:49:39 -0800 Subject: [PATCH] Read authentication information from .netrc Workaround for #13709 Closes #20417. PiperOrigin-RevId: 588762567 Change-Id: Ie02d7ff6ffaad646bf67059bebc7e0d5894f079e --- MODULE.bazel.lock | 14 +++++++------- src/test/tools/bzlmod/MODULE.bazel.lock | 14 +++++++------- tools/build_defs/repo/http.bzl | 20 ++++---------------- tools/build_defs/repo/jvm.bzl | 6 ++++++ tools/build_defs/repo/utils.bzl | 24 ++++++++++++++++++++++++ 5 files changed, 48 insertions(+), 30 deletions(-) diff --git a/MODULE.bazel.lock b/MODULE.bazel.lock index c292ccd8370ffe..abbdc4c6ec4b86 100644 --- a/MODULE.bazel.lock +++ b/MODULE.bazel.lock @@ -2228,7 +2228,7 @@ "moduleExtensions": { "//:extensions.bzl%bazel_android_deps": { "general": { - "bzlTransitiveDigest": "jRtP5osY4OoM27yZDy++l0G15nhPHicA27B589vWc7Q=", + "bzlTransitiveDigest": "GePZH6z20Bg8DBJJz2KRAeVWAUspcD8Fl2sAoNAktTg=", "accumulatedFileDigests": {}, "envVariables": {}, "generatedRepoSpecs": { @@ -2247,10 +2247,10 @@ }, "//:extensions.bzl%bazel_build_deps": { "general": { - "bzlTransitiveDigest": "jRtP5osY4OoM27yZDy++l0G15nhPHicA27B589vWc7Q=", + "bzlTransitiveDigest": "GePZH6z20Bg8DBJJz2KRAeVWAUspcD8Fl2sAoNAktTg=", "accumulatedFileDigests": { - "@@//src/test/tools/bzlmod:MODULE.bazel.lock": "cd1b6e477c28420dedbc9eb36de4ba497f4af6be18c32042feddd270e35bb717", - "@@//:MODULE.bazel": "181678df5c28839fced02f5f546f99ae5a99c21eb263975d3244e17497b7064f" + "@@//src/test/tools/bzlmod:MODULE.bazel.lock": "d1de0c7a82ede5b9126e764faf1e228c7ee518d86fc3d193b2b47640cacd535b", + "@@//:MODULE.bazel": "181678df5c28839fced02f5f546f99ae5a99c21eb263975d3244e17497b7064f" }, "envVariables": {}, "generatedRepoSpecs": { @@ -2505,7 +2505,7 @@ }, "//:extensions.bzl%bazel_test_deps": { "general": { - "bzlTransitiveDigest": "jRtP5osY4OoM27yZDy++l0G15nhPHicA27B589vWc7Q=", + "bzlTransitiveDigest": "GePZH6z20Bg8DBJJz2KRAeVWAUspcD8Fl2sAoNAktTg=", "accumulatedFileDigests": {}, "envVariables": {}, "generatedRepoSpecs": { @@ -2555,7 +2555,7 @@ }, "//tools/android:android_extensions.bzl%remote_android_tools_extensions": { "general": { - "bzlTransitiveDigest": "iz3RFYDcsjupaT10sdSPAhA44WL3eDYkTEnYThllj1w=", + "bzlTransitiveDigest": "kyYmVfXVvQ/eqU6zuZ6/NCQC72VLGyxJvwX/5Kzw3E8=", "accumulatedFileDigests": {}, "envVariables": {}, "generatedRepoSpecs": { @@ -2582,7 +2582,7 @@ }, "//tools/test:extensions.bzl%remote_coverage_tools_extension": { "general": { - "bzlTransitiveDigest": "cizrA62cv8WUgb0cCmx5B6PRijtr/I4TAWxg/4caNGU=", + "bzlTransitiveDigest": "dSavvzz4Z4n0JlBCZevqTBn9fRwlL29Y3/kjd1rvGAQ=", "accumulatedFileDigests": {}, "envVariables": {}, "generatedRepoSpecs": { diff --git a/src/test/tools/bzlmod/MODULE.bazel.lock b/src/test/tools/bzlmod/MODULE.bazel.lock index cefce052759f3c..e8a33a2d26a418 100644 --- a/src/test/tools/bzlmod/MODULE.bazel.lock +++ b/src/test/tools/bzlmod/MODULE.bazel.lock @@ -989,7 +989,7 @@ }, "@@bazel_tools//tools/android:android_extensions.bzl%remote_android_tools_extensions": { "general": { - "bzlTransitiveDigest": "iz3RFYDcsjupaT10sdSPAhA44WL3eDYkTEnYThllj1w=", + "bzlTransitiveDigest": "kyYmVfXVvQ/eqU6zuZ6/NCQC72VLGyxJvwX/5Kzw3E8=", "accumulatedFileDigests": {}, "envVariables": {}, "generatedRepoSpecs": { @@ -1073,7 +1073,7 @@ }, "@@bazel_tools//tools/test:extensions.bzl%remote_coverage_tools_extension": { "general": { - "bzlTransitiveDigest": "cizrA62cv8WUgb0cCmx5B6PRijtr/I4TAWxg/4caNGU=", + "bzlTransitiveDigest": "dSavvzz4Z4n0JlBCZevqTBn9fRwlL29Y3/kjd1rvGAQ=", "accumulatedFileDigests": {}, "envVariables": {}, "generatedRepoSpecs": { @@ -1093,7 +1093,7 @@ }, "@@rules_java~7.3.1//java:extensions.bzl%toolchains": { "general": { - "bzlTransitiveDigest": "KSu3EzOsgA5I4iHPuY9tSp974k847ZckOC2+AqHeN3U=", + "bzlTransitiveDigest": "dE7hHxM351CfQ5Z9+woayMrI9kUcFoqXgL6t1yhXodE=", "accumulatedFileDigests": {}, "envVariables": {}, "generatedRepoSpecs": { @@ -1633,7 +1633,7 @@ }, "@@rules_jvm_external~4.4.2//:extensions.bzl%maven": { "general": { - "bzlTransitiveDigest": "SNZtnmBkSzitA86+iyWV+lsMoWqTaHkbJeV673xyy3k=", + "bzlTransitiveDigest": "8bCMg1PvrC5kIZolTwRMdMG2stFYPJph2VrNUkWxiBw=", "accumulatedFileDigests": { "@@rules_jvm_external~4.4.2//:rules_jvm_external_deps_install.json": "10442a5ae27d9ff4c2003e5ab71643bf0d8b48dcf968b4173fa274c3232a8c06" }, @@ -2720,7 +2720,7 @@ }, "@@rules_jvm_external~4.4.2//:non-module-deps.bzl%non_module_deps": { "general": { - "bzlTransitiveDigest": "/rh2kt+7d77UiyuaTMepsRWJdj6Aot4FxGP6oW8S+U0=", + "bzlTransitiveDigest": "ianytwKVaqmOgfIRGRP4Ra/4fOv9bVx66S9abA454wc=", "accumulatedFileDigests": {}, "envVariables": {}, "generatedRepoSpecs": { @@ -2740,7 +2740,7 @@ }, "@@rules_python~0.22.0//python/extensions:python.bzl%python": { "general": { - "bzlTransitiveDigest": "co6A3RsidzqC5V/9x3wk58Bai0nXlmTHqX0B7joFK1U=", + "bzlTransitiveDigest": "5984r65oTDrHlsC2EzVYYzZuSysKJJHzbkPtXZaZq9Q=", "accumulatedFileDigests": {}, "envVariables": {}, "generatedRepoSpecs": { @@ -2757,7 +2757,7 @@ }, "@@rules_python~0.22.0//python/extensions/private:internal_deps.bzl%internal_deps": { "general": { - "bzlTransitiveDigest": "j8mP7UV0Gx/ZqeUzuwQj/eps7zXau+u1767KHE8DzZg=", + "bzlTransitiveDigest": "BnJzAP4gt64l11dxPIXHUAtc4AYnunQFksKopy7uynE=", "accumulatedFileDigests": {}, "envVariables": {}, "generatedRepoSpecs": { diff --git a/tools/build_defs/repo/http.bzl b/tools/build_defs/repo/http.bzl index 81fc3f96dc77ab..de88e6e48e588a 100644 --- a/tools/build_defs/repo/http.bzl +++ b/tools/build_defs/repo/http.bzl @@ -45,11 +45,9 @@ load( ) load( ":utils.bzl", + "get_auth", "patch", - "read_netrc", - "read_user_netrc", "update_attrs", - "use_netrc", "workspace_and_buildfile", ) @@ -119,16 +117,6 @@ Authorization: Bearer RANDOM-TOKEN """ -def _get_auth(ctx, urls): - """Given the list of URLs obtain the correct auth dict.""" - if ctx.attr.netrc: - netrc = read_netrc(ctx, ctx.attr.netrc) - elif "NETRC" in ctx.os.environ: - netrc = read_netrc(ctx, ctx.os.environ["NETRC"]) - else: - netrc = read_user_netrc(ctx) - return use_netrc(netrc, urls, ctx.attr.auth_patterns) - def _update_integrity_attr(ctx, attrs, download_info): # We don't need to override the integrity attribute if sha256 is already specified. integrity_override = {} if ctx.attr.sha256 else {"integrity": download_info.integrity} @@ -140,7 +128,7 @@ def _http_archive_impl(ctx): fail("Only one of build_file and build_file_content can be provided.") all_urls = _get_all_urls(ctx) - auth = _get_auth(ctx, all_urls) + auth = get_auth(ctx, all_urls) download_info = ctx.download_and_extract( all_urls, @@ -182,7 +170,7 @@ def _http_file_impl(ctx): if download_path in forbidden_files or not str(download_path).startswith(str(repo_root)): fail("'%s' cannot be used as downloaded_file_path in http_file" % ctx.attr.downloaded_file_path) all_urls = _get_all_urls(ctx) - auth = _get_auth(ctx, all_urls) + auth = get_auth(ctx, all_urls) download_info = ctx.download( all_urls, "file/" + downloaded_file_path, @@ -219,7 +207,7 @@ filegroup( def _http_jar_impl(ctx): """Implementation of the http_jar rule.""" all_urls = _get_all_urls(ctx) - auth = _get_auth(ctx, all_urls) + auth = get_auth(ctx, all_urls) downloaded_file_name = ctx.attr.downloaded_file_name download_info = ctx.download( all_urls, diff --git a/tools/build_defs/repo/jvm.bzl b/tools/build_defs/repo/jvm.bzl index c7e87d2f4a97bd..a3ea79e17e5386 100644 --- a/tools/build_defs/repo/jvm.bzl +++ b/tools/build_defs/repo/jvm.bzl @@ -44,6 +44,10 @@ load( "DEFAULT_CANONICAL_ID_ENV", "get_default_canonical_id", ) +load( + ":utils.bzl", + "get_auth", +) _HEADER = "# DO NOT EDIT: generated by jvm_import_external()" @@ -124,6 +128,7 @@ def _jvm_import_external(repository_ctx): path, sha, canonical_id = repository_ctx.attr.canonical_id or get_default_canonical_id(repository_ctx, urls), + auth = get_auth(repository_ctx, urls), ) if srcurls and _should_fetch_sources_in_current_env(repository_ctx): repository_ctx.download( @@ -131,6 +136,7 @@ def _jvm_import_external(repository_ctx): srcpath, srcsha, canonical_id = repository_ctx.attr.canonical_id, + auth = get_auth(repository_ctx, srcurls), ) repository_ctx.file("BUILD", "\n".join(lines)) repository_ctx.file("%s/BUILD" % extension, "\n".join([ diff --git a/tools/build_defs/repo/utils.bzl b/tools/build_defs/repo/utils.bzl index cda04c237ca7b5..dabb75332cbb1f 100644 --- a/tools/build_defs/repo/utils.bzl +++ b/tools/build_defs/repo/utils.bzl @@ -420,3 +420,27 @@ def read_user_netrc(ctx): if not ctx.path(netrcfile).exists: return {} return read_netrc(ctx, netrcfile) + +def get_auth(ctx, urls): + """Utility function to obtain the correct auth dict for a list of urls from .netrc file. + + Support optional netrc and auth_patterns attributes if available. + + Args: + ctx: The repository context of the repository rule calling this utility + function. + urls: the list of urls to read + + Returns: + the auth dict which can be passed to repository_ctx.download + """ + if hasattr(ctx.attr, "netrc") and ctx.attr.netrc: + netrc = read_netrc(ctx, ctx.attr.netrc) + elif "NETRC" in ctx.os.environ: + netrc = read_netrc(ctx, ctx.os.environ["NETRC"]) + else: + netrc = read_user_netrc(ctx) + auth_patterns = {} + if hasattr(ctx.attr, "auth_patterns") and ctx.attr.auth_patterns: + auth_patterns = ctx.attr.auth_patterns + return use_netrc(netrc, urls, auth_patterns)