[ARVADOS] updated: ee23a6ebe5e99f716c148dd62a9ba6dbcb516457
Git user
git at public.curoverse.com
Tue Feb 23 15:54:03 EST 2016
Summary of changes:
sdk/python/arvados/api.py | 1 +
sdk/python/arvados/commands/arv_copy.py | 54 +++++++++++++++++----------------
2 files changed, 29 insertions(+), 26 deletions(-)
via ee23a6ebe5e99f716c148dd62a9ba6dbcb516457 (commit)
from 5fb73e1dcad7e3179ab74623e88bc672353a84ed (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit ee23a6ebe5e99f716c148dd62a9ba6dbcb516457
Author: Peter Amstutz <peter.amstutz at curoverse.com>
Date: Tue Feb 23 15:18:13 2016 -0500
6605: Use git -c instead of "git config" to set credentials. Refuse to use
insecure http unless ARVADOS_API_HOST_INSECURE is also true.
diff --git a/sdk/python/arvados/api.py b/sdk/python/arvados/api.py
index e2e8ba1..f24b1ed 100644
--- a/sdk/python/arvados/api.py
+++ b/sdk/python/arvados/api.py
@@ -207,6 +207,7 @@ def api(version=None, cache=True, host=None, token=None, insecure=False, **kwarg
svc = apiclient_discovery.build('arvados', version, **kwargs)
svc.api_token = token
+ svc.insecure = insecure
kwargs['http'].max_request_size = svc._rootDesc.get('maxRequestSize', 0)
kwargs['http'].cache = None
return svc
diff --git a/sdk/python/arvados/commands/arv_copy.py b/sdk/python/arvados/commands/arv_copy.py
index bc03474..f5226f6 100755
--- a/sdk/python/arvados/commands/arv_copy.py
+++ b/sdk/python/arvados/commands/arv_copy.py
@@ -584,20 +584,6 @@ def copy_collection(obj_uuid, src, dst, args):
c['manifest_text'] = dst_manifest
return create_collection_from(c, src, dst, args)
-def setup_git_http(url):
- u = urlparse.urlsplit(url)
- url = urlparse.urlunsplit((u.scheme, u.netloc, "", "", ""))
- arvados.util.run_command(["git",
- "config",
- "--global",
- "credential.%s/.username" % url,
- "none"])
- arvados.util.run_command(["git",
- "config",
- "--global",
- "credential.%s/.helper" % url,
- """!cred(){ cat >/dev/null; if [ "$1" = get ]; then echo password=$ARVADOS_API_TOKEN; fi; };cred"""])
-
def select_git_url(api, repo_name, retries):
r = api.repositories().list(
filters=[['name', '=', repo_name]]).execute(num_retries=retries)
@@ -605,16 +591,26 @@ def select_git_url(api, repo_name, retries):
raise Exception('cannot identify repo {}; {} repos found'
.format(repo_name, r['items_available']))
- http_url = [c for c in r['items'][0]["clone_urls"] if c.startswith("https")]
- other_url = [c for c in r['items'][0]["clone_urls"] if not c.startswith("https")]
- if http_url:
- setup_git_http(http_url[0])
+ https_url = [c for c in r['items'][0]["clone_urls"] if c.startswith("https:")]
+ http_url = [c for c in r['items'][0]["clone_urls"] if c.startswith("http:")]
+ other_url = [c for c in r['items'][0]["clone_urls"] if not c.startswith("http")]
+
+ priority = https_url + other_url + http_url
+ git_config = []
git_url = None
- for url in (http_url + other_url):
+ for url in priority:
+ if url.startswith("http"):
+ u = urlparse.urlsplit(url)
+ baseurl = urlparse.urlunsplit((u.scheme, u.netloc, "", "", ""))
+ git_config = ["-c", "credential.%s/.username=none" % baseurl,
+ "-c", "credential.%s/.helper=!cred(){ cat >/dev/null; if [ \"$1\" = get ]; then echo password=$ARVADOS_API_TOKEN; fi; };cred" % baseurl]
+ else:
+ git_config = []
+
try:
logger.debug("trying %s", url)
- arvados.util.run_command(["git", "ls-remote", url],
+ arvados.util.run_command(["git"] + git_config + ["ls-remote", url],
env={"HOME": os.environ["HOME"],
"ARVADOS_API_TOKEN": api.api_token,
"GIT_ASKPASS": "/bin/false"})
@@ -626,9 +622,15 @@ def select_git_url(api, repo_name, retries):
if not git_url:
raise Exception('Cannot access git repository, tried {}'
- .format(http_url + other_url))
+ .format(priority))
+
+ if git_url.startswith("http:"):
+ if api.insecure:
+ logger.warn("Using insecure git url %s but will allow this because ARVADOS_API_HOST_INSECURE is true.", git_url)
+ else:
+ raise Exception("Refusing to use insecure git url %s, set ARVADOS_API_HOST_INSECURE if you really want this." % git_url)
- return git_url
+ return (git_url, git_config)
# copy_git_repo(src_git_repo, src, dst, dst_git_repo, script_version, args)
@@ -649,8 +651,8 @@ def select_git_url(api, repo_name, retries):
def copy_git_repo(src_git_repo, src, dst, dst_git_repo, script_version, args):
# Identify the fetch and push URLs for the git repositories.
- src_git_url = select_git_url(src, src_git_repo, args.retries)
- dst_git_url = select_git_url(dst, dst_git_repo, args.retries)
+ (src_git_url, src_git_config) = select_git_url(src, src_git_repo, args.retries)
+ (dst_git_url, dst_git_config) = select_git_url(dst, dst_git_repo, args.retries)
logger.debug('src_git_url: {}'.format(src_git_url))
logger.debug('dst_git_url: {}'.format(dst_git_url))
@@ -661,7 +663,7 @@ def copy_git_repo(src_git_repo, src, dst, dst_git_repo, script_version, args):
if src_git_repo not in local_repo_dir:
local_repo_dir[src_git_repo] = tempfile.mkdtemp()
arvados.util.run_command(
- ["git", "clone", "--bare", src_git_url,
+ ["git"] + src_git_config + ["clone", "--bare", src_git_url,
local_repo_dir[src_git_repo]],
cwd=os.path.dirname(local_repo_dir[src_git_repo]),
env={"HOME": os.environ["HOME"],
@@ -673,7 +675,7 @@ def copy_git_repo(src_git_repo, src, dst, dst_git_repo, script_version, args):
arvados.util.run_command(
["git", "branch", dst_branch, script_version],
cwd=local_repo_dir[src_git_repo])
- arvados.util.run_command(["git", "push", "dst", dst_branch],
+ arvados.util.run_command(["git"] + dst_git_config + ["push", "dst", dst_branch],
cwd=local_repo_dir[src_git_repo],
env={"HOME": os.environ["HOME"],
"ARVADOS_API_TOKEN": dst.api_token,
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list