about summary refs log tree commit diff
path: root/third_party/gerrit_plugins
diff options
context:
space:
mode:
Diffstat (limited to 'third_party/gerrit_plugins')
-rw-r--r--third_party/gerrit_plugins/builder.nix33
-rw-r--r--third_party/gerrit_plugins/default.nix22
-rw-r--r--third_party/gerrit_plugins/oauth/cas-6x.patch69
-rw-r--r--third_party/gerrit_plugins/oauth/default.nix26
4 files changed, 150 insertions, 0 deletions
diff --git a/third_party/gerrit_plugins/builder.nix b/third_party/gerrit_plugins/builder.nix
new file mode 100644
index 000000000000..ff1754e088f3
--- /dev/null
+++ b/third_party/gerrit_plugins/builder.nix
@@ -0,0 +1,33 @@
+{ depot, pkgs, ... }:
+{
+  buildGerritBazelPlugin = {
+    name,
+    src,
+    depsOutputHash,
+    overlayPluginCmd ? ''
+      cp -R "${src}" "$out/plugins/${name}"
+    '',
+    postPatch ? "",
+  }: ((depot.third_party.gerrit.override {
+    name = "${name}.jar";
+
+    src = pkgs.runCommandLocal "${name}-src" {} ''
+      cp -R "${depot.third_party.gerrit.src}" "$out"
+      chmod +w "$out/plugins"
+      ${overlayPluginCmd}
+    '';
+
+    bazelTarget = "//plugins/${name}";
+  }).overrideAttrs (super: {
+    deps = super.deps.overrideAttrs (superDeps: {
+      outputHash = depsOutputHash;
+    });
+    installPhase = ''
+      cp "bazel-bin/plugins/${name}/${name}.jar" "$out"
+    '';
+    postPatch = if super ? postPatch then ''
+      ${super.postPatch}
+      ${postPatch}
+    '' else postPatch;
+  }));
+}
diff --git a/third_party/gerrit_plugins/default.nix b/third_party/gerrit_plugins/default.nix
new file mode 100644
index 000000000000..8131ca2eb014
--- /dev/null
+++ b/third_party/gerrit_plugins/default.nix
@@ -0,0 +1,22 @@
+{ depot, pkgs, ... }@args:
+
+let
+  inherit (import ./builder.nix args) buildGerritBazelPlugin;
+in depot.nix.readTree.drvTargets {
+  # https://gerrit.googlesource.com/plugins/owners
+  owners = buildGerritBazelPlugin rec {
+    name = "owners";
+    depsOutputHash = "sha256:0qx3675lkj241c1sqs6xia5jpcwha2ib3mv32cilmh0k3cwdyyh2";
+    src = pkgs.fetchgit {
+      url = "https://gerrit.googlesource.com/plugins/owners";
+      rev = "99a9ab585532d172d141b4641dfc70081513dfc2";
+      sha256 = "sha256:1xn9qb7q94jxfx7yq0zjqjm16gfyzzif13sak9x6j4f9r68frcd4";
+    };
+    overlayPluginCmd = ''
+      chmod +w "$out" "$out/plugins/external_plugin_deps.bzl"
+      cp -R "${src}/owners" "$out/plugins/owners"
+      cp "${src}/external_plugin_deps.bzl" "$out/plugins/external_plugin_deps.bzl"
+      cp -R "${src}/owners-common" "$out/owners-common"
+    '';
+  };
+}
diff --git a/third_party/gerrit_plugins/oauth/cas-6x.patch b/third_party/gerrit_plugins/oauth/cas-6x.patch
new file mode 100644
index 000000000000..7494298b3f26
--- /dev/null
+++ b/third_party/gerrit_plugins/oauth/cas-6x.patch
@@ -0,0 +1,69 @@
+diff --git a/src/main/java/com/googlesource/gerrit/plugins/oauth/CasApi.java b/src/main/java/com/googlesource/gerrit/plugins/oauth/CasApi.java
+index 450549f..27310cd 100644
+--- a/src/main/java/com/googlesource/gerrit/plugins/oauth/CasApi.java
++++ b/src/main/java/com/googlesource/gerrit/plugins/oauth/CasApi.java
+@@ -15,7 +15,7 @@
+ package com.googlesource.gerrit.plugins.oauth;
+ 
+ import com.github.scribejava.core.builder.api.DefaultApi20;
+-import com.github.scribejava.core.extractors.OAuth2AccessTokenExtractor;
++import com.github.scribejava.core.extractors.OAuth2AccessTokenJsonExtractor;
+ import com.github.scribejava.core.extractors.TokenExtractor;
+ import com.github.scribejava.core.model.OAuth2AccessToken;
+ import com.github.scribejava.core.oauth2.bearersignature.BearerSignature;
+@@ -47,6 +47,6 @@ public class CasApi extends DefaultApi20 {
+ 
+   @Override
+   public TokenExtractor<OAuth2AccessToken> getAccessTokenExtractor() {
+-    return OAuth2AccessTokenExtractor.instance();
++    return OAuth2AccessTokenJsonExtractor.instance();
+   }
+ }
+diff --git a/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java b/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java
+index 5f3e4a1..fc5bc50 100644
+--- a/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java
++++ b/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java
+@@ -106,36 +106,14 @@ class CasOAuthService implements OAuthServiceProvider {
+         throw new IOException(String.format("CAS response missing id: %s", response.getBody()));
+       }
+ 
+-      JsonElement attrListJson = jsonObject.get("attributes");
+-      if (attrListJson == null) {
+-        throw new IOException(
+-            String.format("CAS response missing attributes: %s", response.getBody()));
+-      }
+-
+       String email = null, name = null, login = null;
+-      if (attrListJson.isJsonArray()) {
+-        // It is possible for CAS to be configured to not return any attributes (email, name,
+-        // login),
+-        // in which case,
+-        // CAS returns an empty JSON object "attributes":{}, rather than "null" or an empty JSON
+-        // array
+-        // "attributes": []
+-
+-        JsonArray attrJson = attrListJson.getAsJsonArray();
+-        for (JsonElement elem : attrJson) {
+-          if (elem == null || !elem.isJsonObject()) {
+-            throw new IOException(String.format("Invalid JSON '%s': not a JSON Object", elem));
+-          }
+-          JsonObject obj = elem.getAsJsonObject();
+-
+-          String property = getStringElement(obj, "email");
+-          if (property != null) email = property;
+-          property = getStringElement(obj, "name");
+-          if (property != null) name = property;
+-          property = getStringElement(obj, "login");
+-          if (property != null) login = property;
+-        }
+-      }
++
++      String property = getStringElement(jsonObject, "mail");
++      if (property != null) email = property;
++      property = getStringElement(jsonObject, "displayName");
++      if (property != null) name = property;
++      property = getStringElement(jsonObject, "uid");
++      if (property != null) login = property;
+ 
+       return new OAuthUserInfo(
+           CAS_PROVIDER_PREFIX + id.getAsString(),
diff --git a/third_party/gerrit_plugins/oauth/default.nix b/third_party/gerrit_plugins/oauth/default.nix
new file mode 100644
index 000000000000..2298c0b39d93
--- /dev/null
+++ b/third_party/gerrit_plugins/oauth/default.nix
@@ -0,0 +1,26 @@
+{ depot, pkgs, ... }@args:
+
+let
+  inherit (import ../builder.nix args) buildGerritBazelPlugin;
+in buildGerritBazelPlugin rec {
+  name = "oauth";
+  depsOutputHash = "sha256:0ww88msym6zr5z86k5az1kmw3hv8d9giniwkii4lwnzf3kc5qnrx";
+  src = pkgs.fetchgit {
+    url = "https://gerrit.googlesource.com/plugins/oauth";
+    rev = "4aa7322db5ec221b2419e12a9ec7af5b8c66659c";
+    sha256 = "1szra3pjl0axf4a7k96flpk7rhfvp37rdxay4gbglh939gzbba88";
+  };
+  overlayPluginCmd = ''
+    chmod +w "$out" "$out/plugins/external_plugin_deps.bzl"
+    cp -R "${src}" "$out/plugins/${name}"
+    cp "${src}/external_plugin_deps.bzl" "$out/plugins/external_plugin_deps.bzl"
+  '';
+
+  # The code in the OAuth repo expects CAS to return oauth2 access tokens as urlencoded.
+  # Our version of CAS returns them as JSON instead.
+  postPatch = ''
+    pushd plugins/oauth
+    patch -p1 <${./cas-6x.patch}
+    popd
+  '';
+}