Re: [PR] DownloadableFileSource: Support "auth-header-format" extra data [buildstream]

Mon, 04 Mar 2024 21:04:43 -0800 


gtristan commented on code in PR #1895:
URL: https://github.com/apache/buildstream/pull/1895#discussion_r1512136461


##########
src/buildstream/downloadablefilesource.py:
##########
@@ -25,6 +25,66 @@
 implementation.
 
 
+SourceMirror extra data "auth-header-format"
+--------------------------------------------
+The DownloadableFileSource, and consequently any :class:`Source 
<buildstream.source.Source>`
+implementations which derive from DownloadableFileSource, support the 
"auth-header-format"
+extra data returned by :class:`SourceMirror 
<buildstream.sourcemirror.SourceMirror>` plugins
+through :func:`Source.translate_url() 
<buildstream.source.Source.translate_url>`.
+
+This functionality is available **Since: 2.2**.
+
+This allows one to use :class:`SourceMirror 
<buildstream.sourcemirror.SourceMirror>` plugins
+to add an authorization header to the ``GET`` requests.
+
+
+**Example:**
+
+.. code:: python
+
+   class MySourceMirror(SourceMirror):
+
+        def translate_url(
+            self,
+            *,
+            project_name: str,
+            alias: str,
+            alias_url: str,
+            alias_substitute_url: Optional[str],
+            source_url: str,
+            extra_data: Optional[Dict[str, Any]],
+        ) -> str:
+
+            #
+            # Set the "auth-header-format" extra data
+            #
+            if extra_data is not None:
+                extra_data["auth-header-format"] = "Bearer {password}"
+
+            return alias_substitute_url + source_url
+
+The "auth-header-format" value **must** contain the ``{password}`` expression, 
which

Review Comment:
   That is a good point, but probably goes unused.
   
   We can't really use this technique to do basic auth (which we already 
support by default), as that entails the base64 encoding too.
   
   This brings me back to wondering about whether we should instead simply be 
handling _"Bearer authentication"_ more specifically, which I raised in the 
email: https://lists.apache.org/thread/hpwv79xy6ss9kr3op4vo2vcym7khhqlt 
(although I'm reassured by @juergbi's reply that we probably don't need a 
complex "URL Opener" implementation here).



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to