refactor authorization provider setup

tomerd · tomerd · commit b454f30a2844 · 2022-02-03T20:54:25.000-08:00
motivation: more easily share authorization provider setup with libSwiftPM users

changes:
* move authorization providers setup from SwiftTool to a Worksapce configuraiton utility
* adjust call sites and tests
diff --git a/Sources/Basics/AuthorizationProvider.swift b/Sources/Basics/AuthorizationProvider.swift
@@ -251,7 +251,8 @@ public struct KeychainAuthorizationProvider: AuthorizationProvider {
 // MARK: - Composite
 
 public struct CompositeAuthorizationProvider: AuthorizationProvider {
-    private let providers: [AuthorizationProvider]
+    // internal for testing
+    internal let providers: [AuthorizationProvider]
     private let observabilityScope: ObservabilityScope
 
     public init(_ providers: AuthorizationProvider..., observabilityScope: ObservabilityScope) {
diff --git a/Sources/Commands/SwiftTool.swift b/Sources/Commands/SwiftTool.swift
@@ -577,63 +577,21 @@ public class SwiftTool {
     }
 
     func getAuthorizationProvider() throws -> AuthorizationProvider? {
-        var providers = [AuthorizationProvider]()
-
-        // netrc file has higher specificity than keychain so use it first
-        try providers.append(contentsOf: self.getNetrcAuthorizationProviders())
-
-#if canImport(Security)
-        if self.options.keychain {
-            providers.append(KeychainAuthorizationProvider(observabilityScope: self.observabilityScope))
-        }
-#endif
-
-        return providers.isEmpty ? .none : CompositeAuthorizationProvider(providers, observabilityScope: self.observabilityScope)
-    }
-
-    func getNetrcAuthorizationProviders() throws -> [NetrcAuthorizationProvider] {
-        guard options.netrc else {
-            return []
-        }
-
-        var providers = [NetrcAuthorizationProvider]()
-
-        // Use custom .netrc file if specified, otherwise look for it within workspace and user's home directory.
-        if let configuredPath = options.netrcFilePath {
-            guard localFileSystem.exists(configuredPath) else {
-                throw StringError("Did not find .netrc file at \(configuredPath).")
-            }
-
-            providers.append(try NetrcAuthorizationProvider(path: configuredPath, fileSystem: localFileSystem))
+        var authorization = Workspace.Configuration.Authorization.default
+        if !options.netrc {
+            authorization.netrc = .disabled
+        } else if let configuredPath = options.netrcFilePath {
+            authorization.netrc = .custom(configuredPath)
         } else {
-            // User didn't tell us to use these .netrc files so be more lenient with errors
-            func loadNetrcNoThrows(at path: AbsolutePath) -> NetrcAuthorizationProvider? {
-                guard localFileSystem.exists(path) && localFileSystem.isReadable(path) else {
-                    return nil
-                }
-
-                do {
-                    return try NetrcAuthorizationProvider(path: path, fileSystem: localFileSystem)
-                } catch {
-                    self.observabilityScope.emit(warning: "Failed to load .netrc file at \(path). Error: \(error)")
-                    return nil
-                }
-            }
-
-            // Workspace's .netrc file should be consulted before user-global file
-            // TODO: replace multiroot-data-file with explicit overrides
-            if let localPath = try? (options.multirootPackageDataFile ?? self.getPackageRoot()).appending(component: ".netrc"),
-               let localProvider = loadNetrcNoThrows(at: localPath) {
-                providers.append(localProvider)
-            }
-
-            let userHomePath = localFileSystem.homeDirectory.appending(component: ".netrc")
-            if let userHomeProvider = loadNetrcNoThrows(at: userHomePath) {
-                providers.append(userHomeProvider)
-            }
+            let rootPath = try options.multirootPackageDataFile ?? self.getPackageRoot()
+            authorization.netrc = .workspaceAndUser(rootPath: rootPath)
         }
 
-        return providers
+        #if canImport(Security)
+        authorization.keychain = self.options.keychain ? .enabled : .disabled
+        #endif
+
+        return try authorization.makeAuthorizationProvider(fileSystem: localFileSystem, observabilityScope: self.observabilityScope)
     }
 
     /// Start redirecting the standard output stream to the standard error stream.
diff --git a/Sources/Workspace/WorkspaceConfiguration.swift b/Sources/Workspace/WorkspaceConfiguration.swift
@@ -209,6 +209,109 @@ extension Workspace {
     }
 }
 
+// MARK: - Authorization
+
+extension Workspace.Configuration {
+    public struct Authorization {
+        public var netrc: Netrc
+        public var keychain: Keychain
+
+        public static var `default`: Self {
+            #if canImport(Security)
+            .init(netrc: .user, keychain: .enabled)
+            #else
+            .init(netrc: .user, keychain: .disabled)
+            #endif
+        }
+
+        public init(netrc: Netrc, keychain: Keychain) {
+            self.netrc = netrc
+            self.keychain = keychain
+        }
+
+        public func makeAuthorizationProvider(fileSystem: FileSystem, observabilityScope: ObservabilityScope) throws -> AuthorizationProvider? {
+            var providers = [AuthorizationProvider]()
+
+            switch self.netrc {
+            case .custom(let path):
+                guard fileSystem.exists(path) else {
+                    throw StringError("Did not find .netrc file at \(path).")
+                }
+                providers.append(try NetrcAuthorizationProvider(path: path, fileSystem: fileSystem))
+            case .workspaceAndUser(let rootPath):
+                // package/project "local" .netrc file, takes priority over user-level file
+                let localPath = rootPath.appending(component: ".netrc")
+                // user didn't tell us to explicitly use these .netrc files so be more lenient with errors
+                if let localProvider = self.loadOptionalNetrc(fileSystem: fileSystem, path: localPath, observabilityScope: observabilityScope) {
+                    providers.append(localProvider)
+                }
+
+                // user .netrc file (most typical)
+                let userHomePath = fileSystem.homeDirectory.appending(component: ".netrc")
+                // user didn't tell us to explicitly use these .netrc files so be more lenient with errors
+                if let userHomeProvider = self.loadOptionalNetrc(fileSystem: fileSystem, path: userHomePath, observabilityScope: observabilityScope) {
+                    providers.append(userHomeProvider)
+                }
+            case .user:
+                // user .netrc file (most typical)
+                let userHomePath = fileSystem.homeDirectory.appending(component: ".netrc")
+                
+                // user didn't tell us to explicitly use these .netrc files so be more lenient with errors
+                if let userHomeProvider = self.loadOptionalNetrc(fileSystem: fileSystem, path: userHomePath, observabilityScope: observabilityScope) {
+                    providers.append(userHomeProvider)
+                }
+            case .disabled:
+                // noop
+                break
+            }
+
+            switch self.keychain {
+            case .enabled:
+                #if canImport(Security)
+                providers.append(KeychainAuthorizationProvider(observabilityScope: observabilityScope))
+                #else
+                throw InternalError("Keychain not supported on this platform")
+                #endif
+            case .disabled:
+                // noop
+                break
+            }
+
+            return providers.isEmpty ? .none : CompositeAuthorizationProvider(providers, observabilityScope: observabilityScope)
+        }
+
+        private func loadOptionalNetrc(
+            fileSystem: FileSystem,
+            path: AbsolutePath,
+            observabilityScope: ObservabilityScope
+        ) -> NetrcAuthorizationProvider? {
+            guard fileSystem.exists(path) && fileSystem.isReadable(path) else {
+                return .none
+            }
+
+            do {
+                return try NetrcAuthorizationProvider(path: path, fileSystem: fileSystem)
+            } catch {
+                observabilityScope.emit(warning: "Failed to load .netrc file at \(path). Error: \(error)")
+                return .none
+            }
+        }
+
+        public enum Netrc {
+            case disabled
+            case custom(AbsolutePath)
+            case workspaceAndUser(rootPath: AbsolutePath)
+            case user
+        }
+
+        public enum Keychain {
+            case disabled
+            case enabled
+        }
+    }
+}
+
+
 // MARK: - Mirrors
 
 extension Workspace.Configuration {
diff --git a/Tests/CommandsTests/SwiftToolTests.swift b/Tests/CommandsTests/SwiftToolTests.swift
@@ -80,7 +80,8 @@ final class SwiftToolTests: CommandsTestCase {
                 let options = try SwiftToolOptions.parse(["--package-path", packageRoot.pathString, "--netrc-file", customPath.pathString])
                 let tool = try SwiftTool(options: options)
 
-                let netrcProviders = try tool.getNetrcAuthorizationProviders()
+                let authorizationProvider = try tool.getAuthorizationProvider() as? CompositeAuthorizationProvider
+                let netrcProviders = authorizationProvider?.providers.compactMap{ $0 as? NetrcAuthorizationProvider } ?? []
                 XCTAssertEqual(netrcProviders.count, 1)
                 XCTAssertEqual(netrcProviders.first.map { resolveSymlinks($0.path) }, resolveSymlinks(customPath))
 
@@ -90,7 +91,7 @@ final class SwiftToolTests: CommandsTestCase {
 
                 // delete it
                 try localFileSystem.removeFileTree(customPath)
-                XCTAssertThrowsError(try tool.getNetrcAuthorizationProviders(), "error expected") { error in
+                XCTAssertThrowsError(try tool.getAuthorizationProvider(), "error expected") { error in
                     XCTAssertEqual(error as? StringError, StringError("Did not find .netrc file at \(customPath)."))
                 }
             }
@@ -104,7 +105,8 @@ final class SwiftToolTests: CommandsTestCase {
                 let options = try SwiftToolOptions.parse(["--package-path", packageRoot.pathString])
                 let tool = try SwiftTool(options: options)
 
-                let netrcProviders = try tool.getNetrcAuthorizationProviders()
+                let authorizationProvider = try tool.getAuthorizationProvider() as? CompositeAuthorizationProvider
+                let netrcProviders = authorizationProvider?.providers.compactMap{ $0 as? NetrcAuthorizationProvider } ?? []
                 XCTAssertTrue(netrcProviders.count >= 1) // This might include .netrc in user's home dir
                 XCTAssertNotNil(netrcProviders.first { resolveSymlinks($0.path) == resolveSymlinks(localPath) })
 
diff --git a/Tests/WorkspaceTests/AuthorizationProviderTests.swift b/Tests/WorkspaceTests/AuthorizationProviderTests.swift
@@ -0,0 +1,127 @@
+/*
+ This source file is part of the Swift.org open source project
+
+ Copyright (c) 2020 Apple Inc. and the Swift project authors
+ Licensed under Apache License v2.0 with Runtime Library Exception
+
+ See http://swift.org/LICENSE.txt for license information
+ See http://swift.org/CONTRIBUTORS.txt for Swift project authors
+ */
+
+@testable import Basics
+import SPMTestSupport
+import TSCBasic
+import TSCUtility
+import Workspace
+import XCTest
+
+final class AuthorizationConfigurationTests: XCTestCase {
+    func testNetrcAuthorizationProviders() throws {
+        let observability = ObservabilitySystem.makeForTesting()
+
+        // custom .netrc file
+
+        do {
+            let fileSystem = InMemoryFileSystem()
+
+            let customPath = fileSystem.homeDirectory.appending(components: UUID().uuidString, "custom-netrc-file")
+            try fileSystem.createDirectory(customPath.parentDirectory, recursive: true)
+            try fileSystem.writeFileContents(customPath) {
+                "machine mymachine.labkey.org login custom@labkey.org password custom"
+            }
+
+            let configuration = Workspace.Configuration.Authorization(netrc: .custom(customPath), keychain: .disabled)
+            let authorizationProvider = try configuration.makeAuthorizationProvider(fileSystem: fileSystem, observabilityScope: observability.topScope) as? CompositeAuthorizationProvider
+            let netrcProviders = authorizationProvider?.providers.compactMap{ $0 as? NetrcAuthorizationProvider }
+
+            XCTAssertEqual(netrcProviders?.count, 1)
+            XCTAssertEqual(netrcProviders?.first.map { resolveSymlinks($0.path) }, resolveSymlinks(customPath))
+
+            let auth = authorizationProvider?.authentication(for: URL(string: "https://mymachine.labkey.org")!)
+            XCTAssertEqual(auth?.user, "custom@labkey.org")
+            XCTAssertEqual(auth?.password, "custom")
+
+            // delete it
+            try fileSystem.removeFileTree(customPath)
+            XCTAssertThrowsError(try configuration.makeAuthorizationProvider(fileSystem: fileSystem, observabilityScope: observability.topScope), "error expected") { error in
+                XCTAssertEqual(error as? StringError, StringError("Did not find .netrc file at \(customPath)."))
+            }
+        }
+
+        // user .netrc file
+
+        do {
+            let fileSystem = InMemoryFileSystem()
+
+            let userPath = fileSystem.homeDirectory.appending(component: ".netrc")
+            try fileSystem.createDirectory(userPath.parentDirectory, recursive: true)
+            try fileSystem.writeFileContents(userPath) {
+                "machine mymachine.labkey.org login user@labkey.org password user"
+            }
+
+            let configuration = Workspace.Configuration.Authorization(netrc: .user, keychain: .disabled)
+            let authorizationProvider = try configuration.makeAuthorizationProvider(fileSystem: fileSystem, observabilityScope: observability.topScope) as? CompositeAuthorizationProvider
+            let netrcProviders = authorizationProvider?.providers.compactMap{ $0 as? NetrcAuthorizationProvider }
+
+            XCTAssertEqual(netrcProviders?.count, 1)
+            XCTAssertEqual(netrcProviders?.first.map { resolveSymlinks($0.path) }, resolveSymlinks(userPath))
+
+            let auth = authorizationProvider?.authentication(for: URL(string: "https://mymachine.labkey.org")!)
+            XCTAssertEqual(auth?.user, "user@labkey.org")
+            XCTAssertEqual(auth?.password, "user")
+
+            // delete it
+            do {
+                try fileSystem.removeFileTree(userPath)
+                let authorizationProvider = try configuration.makeAuthorizationProvider(fileSystem: fileSystem, observabilityScope: observability.topScope)  as? CompositeAuthorizationProvider
+                XCTAssertNil(authorizationProvider)
+            }
+        }
+
+        // workspace + user .netrc file
+
+        do {
+            let fileSystem = InMemoryFileSystem()
+
+            let userPath = fileSystem.homeDirectory.appending(component: ".netrc")
+            try fileSystem.createDirectory(userPath.parentDirectory, recursive: true)
+            try fileSystem.writeFileContents(userPath) {
+                "machine mymachine.labkey.org login user@labkey.org password user"
+            }
+
+            let workspacePath = AbsolutePath.root.appending(components: UUID().uuidString, ".netrc")
+            try fileSystem.createDirectory(workspacePath.parentDirectory, recursive: true)
+            try fileSystem.writeFileContents(workspacePath) {
+                "machine mymachine.labkey.org login workspace@labkey.org password workspace"
+            }
+
+            let configuration = Workspace.Configuration.Authorization(netrc: .workspaceAndUser(rootPath: workspacePath.parentDirectory), keychain: .disabled)
+            let authorizationProvider = try configuration.makeAuthorizationProvider(fileSystem: fileSystem, observabilityScope: observability.topScope) as? CompositeAuthorizationProvider
+            let netrcProviders = authorizationProvider?.providers.compactMap{ $0 as? NetrcAuthorizationProvider }
+
+            XCTAssertEqual(netrcProviders?.count, 2)
+            XCTAssertEqual(netrcProviders?.first.map { resolveSymlinks($0.path) }, resolveSymlinks(workspacePath))
+            XCTAssertEqual(netrcProviders?.last.map { resolveSymlinks($0.path) }, resolveSymlinks(userPath))
+
+            let auth = authorizationProvider?.authentication(for: URL(string: "https://mymachine.labkey.org")!)
+            XCTAssertEqual(auth?.user, "workspace@labkey.org")
+            XCTAssertEqual(auth?.password, "workspace")
+
+            // delete workspace file
+            do {
+                try fileSystem.removeFileTree(workspacePath)
+                let authorizationProvider = try configuration.makeAuthorizationProvider(fileSystem: fileSystem, observabilityScope: observability.topScope) as? CompositeAuthorizationProvider
+                let auth = authorizationProvider?.authentication(for: URL(string: "https://mymachine.labkey.org")!)
+                XCTAssertEqual(auth?.user, "user@labkey.org")
+                XCTAssertEqual(auth?.password, "user")
+            }
+
+            // delete user file
+            do {
+                try fileSystem.removeFileTree(userPath)
+                let authorizationProvider = try configuration.makeAuthorizationProvider(fileSystem: fileSystem, observabilityScope: observability.topScope) as? CompositeAuthorizationProvider
+                XCTAssertNil(authorizationProvider)
+            }
+        }
+    }
+}
