diff options
Diffstat (limited to 'third_party/gerrit_plugins')
-rw-r--r-- | third_party/gerrit_plugins/builder.nix | 33 | ||||
-rw-r--r-- | third_party/gerrit_plugins/default.nix | 22 | ||||
-rw-r--r-- | third_party/gerrit_plugins/oauth/cas-6x.patch | 69 | ||||
-rw-r--r-- | third_party/gerrit_plugins/oauth/default.nix | 26 |
4 files changed, 150 insertions, 0 deletions
diff --git a/third_party/gerrit_plugins/builder.nix b/third_party/gerrit_plugins/builder.nix new file mode 100644 index 000000000000..ff1754e088f3 --- /dev/null +++ b/third_party/gerrit_plugins/builder.nix @@ -0,0 +1,33 @@ +{ depot, pkgs, ... }: +{ + buildGerritBazelPlugin = { + name, + src, + depsOutputHash, + overlayPluginCmd ? '' + cp -R "${src}" "$out/plugins/${name}" + '', + postPatch ? "", + }: ((depot.third_party.gerrit.override { + name = "${name}.jar"; + + src = pkgs.runCommandLocal "${name}-src" {} '' + cp -R "${depot.third_party.gerrit.src}" "$out" + chmod +w "$out/plugins" + ${overlayPluginCmd} + ''; + + bazelTarget = "//plugins/${name}"; + }).overrideAttrs (super: { + deps = super.deps.overrideAttrs (superDeps: { + outputHash = depsOutputHash; + }); + installPhase = '' + cp "bazel-bin/plugins/${name}/${name}.jar" "$out" + ''; + postPatch = if super ? postPatch then '' + ${super.postPatch} + ${postPatch} + '' else postPatch; + })); +} diff --git a/third_party/gerrit_plugins/default.nix b/third_party/gerrit_plugins/default.nix new file mode 100644 index 000000000000..8131ca2eb014 --- /dev/null +++ b/third_party/gerrit_plugins/default.nix @@ -0,0 +1,22 @@ +{ depot, pkgs, ... }@args: + +let + inherit (import ./builder.nix args) buildGerritBazelPlugin; +in depot.nix.readTree.drvTargets { + # https://gerrit.googlesource.com/plugins/owners + owners = buildGerritBazelPlugin rec { + name = "owners"; + depsOutputHash = "sha256:0qx3675lkj241c1sqs6xia5jpcwha2ib3mv32cilmh0k3cwdyyh2"; + src = pkgs.fetchgit { + url = "https://gerrit.googlesource.com/plugins/owners"; + rev = "99a9ab585532d172d141b4641dfc70081513dfc2"; + sha256 = "sha256:1xn9qb7q94jxfx7yq0zjqjm16gfyzzif13sak9x6j4f9r68frcd4"; + }; + overlayPluginCmd = '' + chmod +w "$out" "$out/plugins/external_plugin_deps.bzl" + cp -R "${src}/owners" "$out/plugins/owners" + cp "${src}/external_plugin_deps.bzl" "$out/plugins/external_plugin_deps.bzl" + cp -R "${src}/owners-common" "$out/owners-common" + ''; + }; +} diff --git a/third_party/gerrit_plugins/oauth/cas-6x.patch b/third_party/gerrit_plugins/oauth/cas-6x.patch new file mode 100644 index 000000000000..7494298b3f26 --- /dev/null +++ b/third_party/gerrit_plugins/oauth/cas-6x.patch @@ -0,0 +1,69 @@ +diff --git a/src/main/java/com/googlesource/gerrit/plugins/oauth/CasApi.java b/src/main/java/com/googlesource/gerrit/plugins/oauth/CasApi.java +index 450549f..27310cd 100644 +--- a/src/main/java/com/googlesource/gerrit/plugins/oauth/CasApi.java ++++ b/src/main/java/com/googlesource/gerrit/plugins/oauth/CasApi.java +@@ -15,7 +15,7 @@ + package com.googlesource.gerrit.plugins.oauth; + + import com.github.scribejava.core.builder.api.DefaultApi20; +-import com.github.scribejava.core.extractors.OAuth2AccessTokenExtractor; ++import com.github.scribejava.core.extractors.OAuth2AccessTokenJsonExtractor; + import com.github.scribejava.core.extractors.TokenExtractor; + import com.github.scribejava.core.model.OAuth2AccessToken; + import com.github.scribejava.core.oauth2.bearersignature.BearerSignature; +@@ -47,6 +47,6 @@ public class CasApi extends DefaultApi20 { + + @Override + public TokenExtractor<OAuth2AccessToken> getAccessTokenExtractor() { +- return OAuth2AccessTokenExtractor.instance(); ++ return OAuth2AccessTokenJsonExtractor.instance(); + } + } +diff --git a/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java b/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java +index 5f3e4a1..fc5bc50 100644 +--- a/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java ++++ b/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java +@@ -106,36 +106,14 @@ class CasOAuthService implements OAuthServiceProvider { + throw new IOException(String.format("CAS response missing id: %s", response.getBody())); + } + +- JsonElement attrListJson = jsonObject.get("attributes"); +- if (attrListJson == null) { +- throw new IOException( +- String.format("CAS response missing attributes: %s", response.getBody())); +- } +- + String email = null, name = null, login = null; +- if (attrListJson.isJsonArray()) { +- // It is possible for CAS to be configured to not return any attributes (email, name, +- // login), +- // in which case, +- // CAS returns an empty JSON object "attributes":{}, rather than "null" or an empty JSON +- // array +- // "attributes": [] +- +- JsonArray attrJson = attrListJson.getAsJsonArray(); +- for (JsonElement elem : attrJson) { +- if (elem == null || !elem.isJsonObject()) { +- throw new IOException(String.format("Invalid JSON '%s': not a JSON Object", elem)); +- } +- JsonObject obj = elem.getAsJsonObject(); +- +- String property = getStringElement(obj, "email"); +- if (property != null) email = property; +- property = getStringElement(obj, "name"); +- if (property != null) name = property; +- property = getStringElement(obj, "login"); +- if (property != null) login = property; +- } +- } ++ ++ String property = getStringElement(jsonObject, "mail"); ++ if (property != null) email = property; ++ property = getStringElement(jsonObject, "displayName"); ++ if (property != null) name = property; ++ property = getStringElement(jsonObject, "uid"); ++ if (property != null) login = property; + + return new OAuthUserInfo( + CAS_PROVIDER_PREFIX + id.getAsString(), diff --git a/third_party/gerrit_plugins/oauth/default.nix b/third_party/gerrit_plugins/oauth/default.nix new file mode 100644 index 000000000000..2298c0b39d93 --- /dev/null +++ b/third_party/gerrit_plugins/oauth/default.nix @@ -0,0 +1,26 @@ +{ depot, pkgs, ... }@args: + +let + inherit (import ../builder.nix args) buildGerritBazelPlugin; +in buildGerritBazelPlugin rec { + name = "oauth"; + depsOutputHash = "sha256:0ww88msym6zr5z86k5az1kmw3hv8d9giniwkii4lwnzf3kc5qnrx"; + src = pkgs.fetchgit { + url = "https://gerrit.googlesource.com/plugins/oauth"; + rev = "4aa7322db5ec221b2419e12a9ec7af5b8c66659c"; + sha256 = "1szra3pjl0axf4a7k96flpk7rhfvp37rdxay4gbglh939gzbba88"; + }; + overlayPluginCmd = '' + chmod +w "$out" "$out/plugins/external_plugin_deps.bzl" + cp -R "${src}" "$out/plugins/${name}" + cp "${src}/external_plugin_deps.bzl" "$out/plugins/external_plugin_deps.bzl" + ''; + + # The code in the OAuth repo expects CAS to return oauth2 access tokens as urlencoded. + # Our version of CAS returns them as JSON instead. + postPatch = '' + pushd plugins/oauth + patch -p1 <${./cas-6x.patch} + popd + ''; +} |