Add git_over_ssh option for Gerrit connection

This option allows Zuul to continue to use ssh for Git operations even when HTTP Password is set for the Gerrit connection. This enable REST API usage by Zuul even when the Gerrit server requires SSH for Git operations. Change-Id: Ie16eac048a54b2a698397f47b232d31177c54e07
2022-01-06 15:40:05 -05:00 · 2022-01-06 15:40:05 -05:00 · 35522a2053
parent 02efa8fb28
commit 35522a2053
3 changed files with 29 additions and 2 deletions
--- a/doc/source/drivers/gerrit.rst
+++ b/doc/source/drivers/gerrit.rst
@ -102,6 +102,14 @@ The supported options in ``zuul.conf`` connections are:
      messages).  Retrieve this password from the ``HTTP Password``
      section of the ``Settings`` page in Gerrit.

+   .. attr:: git_over_ssh
+      :default: false
+
+      This forces git operation over SSH even if the ``password``
+      attribute is set.  This allow REST API access to the Gerrit
+      server even when git-over-http operation is disabled on the
+      server.
+
   .. attr:: auth_type
      :default: basic

--- a/tests/unit/test_gerrit.py
+++ b/tests/unit/test_gerrit.py
@ -130,6 +130,24 @@ class TestGerrit(BaseTestCase):
            'https://gerrit:1%2Fbadpassword@localhost/org/project',
            url)

+    def test_git_over_ssh_getGitURL(self):
+        gerrit_config = {
+            'user': 'gerrit',
+            'server': 'localhost',
+            'password': '1/badpassword',
+            'git_over_ssh': 'true',
+        }
+        # The 1/ in the password ensures we test the url encoding
+        # path; this is the format of password we get from
+        # googlesource.com.
+        driver = GerritDriver()
+        gerrit = GerritConnection(driver, 'review_gerrit', gerrit_config)
+        project = gerrit.source.getProject('org/project')
+        url = gerrit.source.getGitUrl(project)
+        self.assertEqual(
+            'ssh://gerrit@localhost:29418/org/project',
+            url)
+

 class TestGerritWeb(ZuulTestCase):
    config_file = 'zuul-gerrit-web.conf'
--- a/zuul/driver/gerrit/gerritconnection.py
+++ b/zuul/driver/gerrit/gerritconnection.py
@ -618,6 +618,7 @@ class GerritConnection(ZKChangeCacheMixin, ZKBranchCacheMixin, BaseConnection):

        self.session = None
        self.password = self.connection_config.get('password', None)
+        self.git_over_ssh = self.connection_config.get('git_over_ssh', False)
        self.auth_type = self.connection_config.get('auth_type', None)
        self.anonymous_git = False
        if self.password or self.auth_type == 'gcloud_service':
@ -1430,7 +1431,7 @@ class GerritConnection(ZKChangeCacheMixin, ZKBranchCacheMixin, BaseConnection):
                    for data in alldata]

    def _uploadPack(self, project: Project) -> str:
-        if self.session:
+        if self.session and not self.git_over_ssh:
            url = ('%s/%s/info/refs?service=git-upload-pack' %
                   (self.baseurl, project.name))
            r = self.session.get(
@ -1537,7 +1538,7 @@ class GerritConnection(ZKChangeCacheMixin, ZKBranchCacheMixin, BaseConnection):
    def getGitUrl(self, project: Project) -> str:
        if self.anonymous_git:
            url = ('%s/%s' % (self.baseurl, project.name))
-        elif self.session:
+        elif self.session and not self.git_over_ssh:
            baseurl = list(urllib.parse.urlparse(self.baseurl))
            # Make sure we escape '/' symbols, otherwise git's url
            # parser will think the username is a hostname.