Page MenuHomeSoftware Heritage
Differential D4940

gitlab: Support authentication
ClosedPublic
Actions

Authored by ardumont on Jan 25 2021, 3:33 PM.

Details

Reviewers
vlorentz
anlambert
Group Reviewers
Reviewers
Maniphest Tasks
T2987: Port gitlab lister to the new `swh.lister.pattern.Lister` API
Commits
rDLS1a19b2c74752: gitlab: Support authentication
Summary

Depends on D4942
Related to T2987

Diff Detail

Repository
rDLS Listers
Branch
master
Lint
No Linters Available
Unit
No Unit Test Coverage
Build Status
Buildable 18739
Build 29006: Phabricator diff pipeline on jenkinsJenkins console · Jenkins
Build 29005: arc lint + arc unit

Event Timeline

ardumont created this revision.Jan 25 2021, 3:33 PM
Herald added a reviewer: Reviewers. · View Herald TranscriptJan 25 2021, 3:33 PM
ardumont mentioned this in D4929: gitlab: Port to the new lister api.Jan 25 2021, 3:33 PM
swh-public-ci added a comment.Jan 25 2021, 3:36 PM

Build is green

Patch application report for D4940 (id=17583)

Rebasing onto 02871f16c9...

Current branch diff-target is up to date.
Changes applied before test
commit 83c669476fc11c2a88e1db6746de9e19767a3baf
Author: Antoine R. Dumont (@ardumont) <ardumont@softwareheritage.org>
Date:   Mon Jan 25 15:32:49 2021 +0100

    gitlab: Support authentication
    
    Related to T2987

See https://jenkins.softwareheritage.org/job/DLS/job/tests-on-diff/158/ for more details.

Harbormaster completed remote builds in B18718: Diff 17583.Jan 25 2021, 3:36 PM
ardumont requested review of this revision.Jan 25 2021, 3:36 PM
vlorentz added a subscriber: vlorentz.Jan 25 2021, 3:48 PM
vlorentz added inline comments.
swh/lister/gitlab/lister.py
105

to keep the order consistent

116–118

shouldn't it be info, or even debug?

vlorentz requested changes to this revision.Jan 25 2021, 3:48 PM
This revision now requires changes to proceed.Jan 25 2021, 3:48 PM
anlambert added a subscriber: anlambert.Jan 25 2021, 4:06 PM
anlambert added inline comments.
swh/lister/gitlab/lister.py
116–118

Listers workers are configured with warning log level in production so that's why we are using warning here.

ardumont updated this revision to Diff 17588.Jan 25 2021, 4:07 PM
ardumont removed a subscriber: anlambert.

Adapt according to review:

  • keep constructor parameter super().init(...) call consistent
  • decrease log-level to info (it will only be used for the main

gitlab.com instance but still might as well see it's indeed used)

ardumont added inline comments.Jan 25 2021, 4:09 PM
swh/lister/gitlab/lister.py
116–118

heh, i did not know or forgot :)

either way, we should probably rethink that now that we are passing on all of them.
We can make them do something more reasonable in terms of log.

as mentioned in my diff adaptation, it's not that much of a burden to have it log in info as most of the gitlab instance do not have credentials configured. We only have the one main instance gitlab.com so far.

swh-public-ci added a comment.Jan 25 2021, 4:10 PM

Build is green

Patch application report for D4940 (id=17588)

Rebasing onto b6a69b2ed9...

First, rewinding head to replay your work on top of it...
Applying: gitlab: Support authentication
Changes applied before test
commit 3d741ab3f4738f7bb246becc04ad920b242a41dd
Author: Antoine R. Dumont (@ardumont) <ardumont@softwareheritage.org>
Date:   Mon Jan 25 15:32:49 2021 +0100

    gitlab: Support authentication
    
    Related to T2987

See https://jenkins.softwareheritage.org/job/DLS/job/tests-on-diff/159/ for more details.

Harbormaster completed remote builds in B18726: Diff 17588.Jan 25 2021, 4:10 PM
anlambert added inline comments.Jan 25 2021, 4:16 PM
swh/lister/gitlab/lister.py
116–118

I guess there must be a reason for using a warning level in production.

I agree that info level is more adequate here and in other listers but knowing which credentials was used by the lister is of interest so the use of warning here.

ardumont added inline comments.Jan 25 2021, 4:50 PM
swh/lister/gitlab/lister.py
116–118

I recall (come to think of it) that they were way too verbose at one point in the past.
Since we are moving away from the swh.lister.core*, that should no longer be a problem.

tenma added a subscriber: tenma.Jan 25 2021, 6:08 PM
tenma added inline comments.
swh/lister/gitlab/lister.py
97

typing

116–118

Celery is very verbose on low-information INFO logs (pun intended), I think that explains it well

ardumont updated this revision to Diff 17591.Jan 25 2021, 6:20 PM
  • Keep using logger.warning for credential log (aligned with other listers)
  • Fix type (in another commit though)
swh-public-ci added a comment.Jan 25 2021, 6:21 PM

Build has FAILED

Patch application report for D4940 (id=17591)

Rebasing onto b6a69b2ed9...

Current branch diff-target is up to date.
Changes applied before test
commit b66ffc6c441dba8d01325bf8c648ba667f14798c
Author: Antoine R. Dumont (@ardumont) <ardumont@softwareheritage.org>
Date:   Mon Jan 25 18:15:21 2021 +0100

    gitlab: make url mandatory and add type

commit cc9cccdcc284738a3e20ea1a7a71f8c814c2ace6
Author: Antoine R. Dumont (@ardumont) <ardumont@softwareheritage.org>
Date:   Mon Jan 25 15:32:49 2021 +0100

    gitlab: Support authentication
    
    Related to T2987

Link to build: https://jenkins.softwareheritage.org/job/DLS/job/tests-on-diff/162/
See console output for more information: https://jenkins.softwareheritage.org/job/DLS/job/tests-on-diff/162/console

Harbormaster failed remote builds in B18729: Diff 17591!Jan 25 2021, 6:21 PM
anlambert added inline comments.Jan 25 2021, 6:21 PM
swh/lister/gitlab/lister.py
116–118

Celery produces verbose INFO output only when a worker starts, the remaining logging is at the DEBUG level when a task is executing.

I guess we could change the listers workers loglevel from warning to info in production and then adjust listers code when it is done.

anlambert added a comment.Jan 25 2021, 6:22 PM
In D4940#124126, @swh-public-ci wrote:

Build has FAILED

Patch application report for D4940 (id=17591)

Rebasing onto b6a69b2ed9...

Current branch diff-target is up to date.
Changes applied before test
commit b66ffc6c441dba8d01325bf8c648ba667f14798c
Author: Antoine R. Dumont (@ardumont) <ardumont@softwareheritage.org>
Date:   Mon Jan 25 18:15:21 2021 +0100

    gitlab: make url mandatory and add type

commit cc9cccdcc284738a3e20ea1a7a71f8c814c2ace6
Author: Antoine R. Dumont (@ardumont) <ardumont@softwareheritage.org>
Date:   Mon Jan 25 15:32:49 2021 +0100

    gitlab: Support authentication
    
    Related to T2987

Link to build: https://jenkins.softwareheritage.org/job/DLS/job/tests-on-diff/162/
See console output for more information: https://jenkins.softwareheritage.org/job/DLS/job/tests-on-diff/162/console

D4942 to fix the tests ;-)

ardumont added a comment.Jan 25 2021, 6:23 PM

Build has failed

I think the new swh.scheduler-0.9.2 broke the build, thus the build failure here.
possibly due to b93aa5b...

ardumont edited the summary of this revision. (Show Details)Jan 25 2021, 6:26 PM
ardumont added a parent revision: D4942: tests: Fix errors after swh-scheduler API update.
swh-public-ci added a comment.Jan 25 2021, 6:26 PM

Build has FAILED

Patch application report for D4940 (id=17591)

Rebasing onto b6a69b2ed9...

Current branch diff-target is up to date.
Changes applied before test
commit b66ffc6c441dba8d01325bf8c648ba667f14798c
Author: Antoine R. Dumont (@ardumont) <ardumont@softwareheritage.org>
Date:   Mon Jan 25 18:15:21 2021 +0100

    gitlab: make url mandatory and add type

commit cc9cccdcc284738a3e20ea1a7a71f8c814c2ace6
Author: Antoine R. Dumont (@ardumont) <ardumont@softwareheritage.org>
Date:   Mon Jan 25 15:32:49 2021 +0100

    gitlab: Support authentication
    
    Related to T2987

Link to build: https://jenkins.softwareheritage.org/job/DLS/job/tests-on-diff/163/
See console output for more information: https://jenkins.softwareheritage.org/job/DLS/job/tests-on-diff/163/console

ardumont updated this revision to Diff 17593.Jan 25 2021, 6:29 PM

Rebase

swh-public-ci added a comment.Jan 25 2021, 6:32 PM

Build has FAILED

Patch application report for D4940 (id=17593)

Rebasing onto ea8ecee541...

Current branch diff-target is up to date.
Changes applied before test
commit 0c9cbe833920bbc358df54de6a86cb79da4d47e6
Author: Antoine R. Dumont (@ardumont) <ardumont@softwareheritage.org>
Date:   Mon Jan 25 18:15:21 2021 +0100

    gitlab: make url mandatory and add type

commit f49af7a3b03985eeef63639e78fab76bb8db6f6b
Author: Antoine R. Dumont (@ardumont) <ardumont@softwareheritage.org>
Date:   Mon Jan 25 15:32:49 2021 +0100

    gitlab: Support authentication
    
    Related to T2987

Link to build: https://jenkins.softwareheritage.org/job/DLS/job/tests-on-diff/164/
See console output for more information: https://jenkins.softwareheritage.org/job/DLS/job/tests-on-diff/164/console

Harbormaster failed remote builds in B18731: Diff 17593!Jan 25 2021, 6:32 PM
ardumont updated this revision to Diff 17596.Jan 25 2021, 6:36 PM

Update only the diff with authentication code

swh-public-ci added a comment.Jan 25 2021, 6:42 PM

Build is green

Patch application report for D4940 (id=17596)

Rebasing onto ea8ecee541...

Current branch diff-target is up to date.
Changes applied before test
commit f49af7a3b03985eeef63639e78fab76bb8db6f6b
Author: Antoine R. Dumont (@ardumont) <ardumont@softwareheritage.org>
Date:   Mon Jan 25 15:32:49 2021 +0100

    gitlab: Support authentication
    
    Related to T2987

See https://jenkins.softwareheritage.org/job/DLS/job/tests-on-diff/167/ for more details.

Harbormaster completed remote builds in B18734: Diff 17596.Jan 25 2021, 6:42 PM
ardumont updated this revision to Diff 17600.Jan 25 2021, 7:04 PM

Rebase

swh-public-ci added a comment.Jan 25 2021, 7:07 PM

Build is green

Patch application report for D4940 (id=17600)

Rebasing onto bea9d6d147...

Current branch diff-target is up to date.
Changes applied before test
commit 544a38f109ac89fc6d1b5222ae5324539e350798
Author: Antoine R. Dumont (@ardumont) <ardumont@softwareheritage.org>
Date:   Mon Jan 25 15:32:49 2021 +0100

    gitlab: Support authentication
    
    Related to T2987

See https://jenkins.softwareheritage.org/job/DLS/job/tests-on-diff/170/ for more details.

Harbormaster completed remote builds in B18739: Diff 17600.Jan 25 2021, 7:07 PM
ardumont added inline comments.Jan 25 2021, 7:10 PM
swh/lister/gitlab/lister.py
97

yes, thanks, it got dealt with in another commit.

ardumont marked 5 inline comments as done.Jan 25 2021, 7:11 PM
ardumont added inline comments.
swh/lister/gitlab/lister.py
116–118

sounds fine a plan to me.
Reverted to log as warning for now.

anlambert accepted this revision.Jan 25 2021, 7:37 PM

I do not see any section regarding basic HTTP authentication for API requests in Gitlab API doc. Are you sure it is working ?

I guess using an API token here would be a better choice. A token can be easily generated through Gitlab user account Web UI.

anlambert requested changes to this revision.Jan 25 2021, 7:40 PM

Sorry I accepted the diff before seeing you used Basic Auth which I think is not working.

This revision now requires changes to proceed.Jan 25 2021, 7:40 PM
ardumont marked an inline comment as done.Jan 26 2021, 9:26 AM

I do not see any section regarding basic HTTP authentication for API requests in Gitlab API doc. Are you sure it is working ?

Bravo, I did not check. I trusted the old code.
It's doing what was done in the earlier version [1]
I'll check now.

[1] https://forge.softwareheritage.org/source/swh-lister/browse/master/swh/lister/core/lister_transports.py$108-119

I guess using an API token here would be a better choice. A token can be easily generated through Gitlab user account Web UI.

Yes, and i recall that's what configured for the main gitlab instance.

Sorry I accepted the diff before seeing you used Basic Auth which I think is not working.

That happens ;)

I'll check if it's really working.

ardumont added a comment.Jan 26 2021, 9:53 AM

Bravo, I did not check. I trusted the old code.
It's doing what was done in the earlier version [1]
I'll check now.

lol, using the actual and solely token we have in production with the right query (so not what's coded here or in the old lister).

I got a beautful:

$ http --headers "https://gitlab.com/api/v4/projects?access_token=<token>"
...
Www-Authenticate: Bearer realm="Protected by OAuth 2.0", error="invalid_token", error_description="Token is expired. You can either do re-authorization or token refresh."
...
$ http --headers https://gitlab.com/api/v4/projects "Authorization:Bearer <token>"
...
same
...

So that means we listed gitlab.com anonymously without any token so far.
So i'm wondering if that diff is needed at all now.

If i'm implementing this nonetheless, i'll go with the header (bearer) implementation.

Anyway, a huge thanks for the heads up.

ardumont planned changes to this revision.Jan 26 2021, 9:54 AM
ardumont added a comment.Jan 26 2021, 12:59 PM

If i'm implementing this nonetheless, i'll go with the header (bearer) implementation.

a new swhbot account got created for the main gitlab instance with a fresh new token.
Now on to implement this properly.

ardumont updated this revision to Diff 17616.Jan 26 2021, 2:05 PM

Use supported authentication scheme (bearer token in Authorization request header)

swh-public-ci added a comment.Jan 26 2021, 2:08 PM

Build is green

Patch application report for D4940 (id=17616)

Rebasing onto bea9d6d147...

Current branch diff-target is up to date.
Changes applied before test
commit 1a19b2c74752a0a77539aaab1763340e8cef31a0
Author: Antoine R. Dumont (@ardumont) <ardumont@softwareheritage.org>
Date:   Mon Jan 25 15:32:49 2021 +0100

    gitlab: Support authentication
    
    Related to T2987

See https://jenkins.softwareheritage.org/job/DLS/job/tests-on-diff/174/ for more details.

Harbormaster completed remote builds in B18754: Diff 17616.Jan 26 2021, 2:08 PM
anlambert accepted this revision.Jan 26 2021, 2:14 PM

Looks good !

This revision was not accepted when it landed; it landed in state Needs Review.Jan 26 2021, 3:02 PM
Closed by commit rDLS1a19b2c74752: gitlab: Support authentication (authored by ardumont). · Explain Why
This revision was automatically updated to reflect the committed changes.
ardumont added a commit: rDLS1a19b2c74752: gitlab: Support authentication.

Revision Contents
Changeset List

PathSizeCoverage (All)Coverage (Touched)
swh/
lister/
gitlab/
18 lines100%
Loading...
tests/
13 lines100%
Loading...

Diff 17600

View Options

swh/lister/gitlab/lister.py

Loading...
View Options

swh/lister/gitlab/tests/test_lister.py

Loading...
About · Developer information · Legal