# Copyright (C) 2019 The Android Open Source Project # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. import json import httplib2 import os import logging import threading from datetime import datetime from oauth2client.client import GoogleCredentials from config import PROJECT tls = threading.local() # Caller has to initialize this SCOPES = [] class ConcurrentModificationError(Exception): pass def get_gerrit_credentials(): '''Retrieve the credentials used to authenticate Gerrit requests Returns a tuple (user, gitcookie). These fields are obtained from the Gerrit 'New HTTP password' page which generates a .gitcookie file and stored in the project datastore. user: typically looks like git-user.gmail.com. gitcookie: is the password after the = token. ''' body = {'query': {'kind': [{'name': 'GerritAuth'}]}} res = req( 'POST', 'https://datastore.googleapis.com/v1/projects/%s:runQuery' % PROJECT, body=body) auth = res['batch']['entityResults'][0]['entity']['properties'] user = auth['user']['stringValue'] gitcookie = auth['gitcookie']['stringValue'] return user, gitcookie def req(method, uri, body=None, req_etag=False, etag=None, gerrit=False): '''Helper function to handle authenticated HTTP requests. Cloud API and Gerrit require two different types of authentication and as such need to be handled differently. The HTTP connection is cached in the TLS slot to avoid refreshing oauth tokens too often for back-to-back requests. Appengine takes care of clearing the TLS slot upon each frontend request so these connections won't be recycled for too long. ''' hdr = {'Content-Type': 'application/json; charset=UTF-8'} tls_key = 'gerrit_http' if gerrit else 'oauth2_http' if hasattr(tls, tls_key): http = getattr(tls, tls_key) else: http = httplib2.Http() setattr(tls, tls_key, http) if gerrit: http.add_credentials(*get_gerrit_credentials()) elif SCOPES: creds = GoogleCredentials.get_application_default().create_scoped(SCOPES) creds.authorize(http) if req_etag: hdr['X-Firebase-ETag'] = 'true' if etag: hdr['if-match'] = etag body = None if body is None else json.dumps(body) logging.debug('%s %s', method, uri) resp, res = http.request(uri, method=method, headers=hdr, body=body) if resp.status == 200: res = res[4:] if gerrit else res # Strip Gerrit XSSI projection chars. return (json.loads(res), resp['etag']) if req_etag else json.loads(res) elif resp.status == 412: raise ConcurrentModificationError() else: delattr(tls, tls_key) raise Exception(resp, res) # Datetime functions to deal with the fact that Javascript expects a trailing # 'Z' (Z == 'Zulu' == UTC) for timestamps. def parse_iso_time(time_str): return datetime.strptime(time_str, r'%Y-%m-%dT%H:%M:%SZ') def utc_now_iso(utcnow=None): return (utcnow or datetime.utcnow()).strftime(r'%Y-%m-%dT%H:%M:%SZ') def init_logging(): logging.basicConfig( format='%(asctime)s %(levelname)-8s %(message)s', level=logging.DEBUG if os.getenv('VERBOSE') else logging.INFO, datefmt=r'%Y-%m-%d %H:%M:%S')