go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/client/cmd/git-credential-luci/main.go

go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/client/cmd/git-credential-luci/main.go (about)

     1  // Copyright 2017 The LUCI Authors.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  // Command git-credential-luci is a Git credential helper.
    16  //
    17  // The protocol used for communication between Git and the credential helper
    18  // is documented in:
    19  //
    20  // https://www.kernel.org/pub/software/scm/git/docs/technical/api-credentials.html#_credential_helpers
    21  // https://www.kernel.org/pub/software/scm/git/docs/git-credential.html
    22  package main
    23  
    24  import (
    25  	"context"
    26  	"flag"
    27  	"fmt"
    28  	"os"
    29  	"time"
    30  
    31  	"go.chromium.org/luci/auth"
    32  	"go.chromium.org/luci/auth/client/authcli"
    33  	"go.chromium.org/luci/common/logging/gologger"
    34  
    35  	"go.chromium.org/luci/common/api/gitiles"
    36  	"go.chromium.org/luci/hardcoded/chromeinfra"
    37  )
    38  
    39  var (
    40  	flags    authcli.Flags
    41  	lifetime time.Duration
    42  )
    43  
    44  func init() {
    45  	defaults := chromeinfra.DefaultAuthOptions()
    46  	defaults.Scopes = []string{gitiles.OAuthScope, auth.OAuthScopeEmail}
    47  	flags.Register(flag.CommandLine, defaults)
    48  	flag.DurationVar(
    49  		&lifetime, "lifetime", time.Minute,
    50  		"Minimum token lifetime. If existing token expired and refresh token or service account is not present, returns nothing.",
    51  	)
    52  
    53  	flag.Usage = func() {
    54  		fmt.Fprintf(os.Stderr, "usage: git-credential-luci command\n")
    55  		flag.PrintDefaults()
    56  	}
    57  }
    58  
    59  func main() {
    60  	flag.Parse()
    61  
    62  	if len(flag.Args()) != 1 {
    63  		fmt.Fprintln(os.Stderr, "invalid number of arguments")
    64  		os.Exit(1)
    65  	}
    66  
    67  	opts, err := flags.Options()
    68  	if err != nil {
    69  		fmt.Fprintln(os.Stderr, err)
    70  		os.Exit(1)
    71  	}
    72  	if lifetime > 30*time.Minute {
    73  		fmt.Fprintln(os.Stderr, "lifetime cannot exceed 30m")
    74  		os.Exit(1)
    75  	}
    76  
    77  	ctx := gologger.StdConfig.Use(context.Background())
    78  	auth := auth.NewAuthenticator(ctx, auth.SilentLogin, opts)
    79  
    80  	switch flag.Args()[0] {
    81  	case "get":
    82  		t, err := auth.GetAccessToken(lifetime)
    83  		if err != nil {
    84  			printErr("cannot get access token", err)
    85  			os.Exit(1)
    86  		}
    87  		fmt.Printf("username=git-luci\n")
    88  		fmt.Printf("password=%s\n", t.AccessToken)
    89  	case "erase":
    90  		if err := auth.PurgeCredentialsCache(); err != nil {
    91  			printErr("cannot erase cache", err)
    92  			os.Exit(1)
    93  		}
    94  	default:
    95  		// The specification for Git credential helper says: "If a helper
    96  		// receives any other operation, it should silently ignore the
    97  		// request."
    98  	}
    99  }
   100  
   101  func printErr(prefix string, err error) {
   102  	switch {
   103  	case err == auth.ErrLoginRequired:
   104  		fmt.Fprintln(os.Stderr, "not running with a service account and not logged in")
   105  	case err != nil:
   106  		fmt.Fprintf(os.Stderr, "%s: %v\n", prefix, err)
   107  	}
   108  }