client/cmd/git-credential-luci/main.go - infra/luci/luci-go - Git at Google

 // Copyright 2017 The LUCI Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 // Command git-credential-luci is a Git credential helper.
 //
 // The protocol used for communication between Git and the credential helper
 // is documented in:
 //
 // https://www.kernel.org/pub/software/scm/git/docs/technical/api-credentials.html#_credential_helpers
 // https://www.kernel.org/pub/software/scm/git/docs/git-credential.html
 package main

 import (
 	"context"
 	"flag"
 	"fmt"
 	"os"
 	"time"

 	"go.chromium.org/luci/auth"
 	"go.chromium.org/luci/auth/client/authcli"
 	"go.chromium.org/luci/common/logging/gologger"

 	"go.chromium.org/luci/common/api/gitiles"
 	"go.chromium.org/luci/hardcoded/chromeinfra"
 )

 var (
 	flags    authcli.Flags
 	lifetime time.Duration
 )

 func init() {
 	defaults := chromeinfra.DefaultAuthOptions()
 	defaults.Scopes = []string{gitiles.OAuthScope, auth.OAuthScopeEmail}
 	flags.Register(flag.CommandLine, defaults)
 	flag.DurationVar(
 		&lifetime, "lifetime", time.Minute,
 		"Minimum token lifetime. If existing token expired and refresh token or service account is not present, returns nothing.",
 	)

 	flag.Usage = func() {
 		fmt.Fprintf(os.Stderr, "usage: git-credential-luci command\n")
 		flag.PrintDefaults()
 	}
 }

 func main() {
 	flag.Parse()

 	if len(flag.Args()) != 1 {
 		fmt.Fprintln(os.Stderr, "invalid number of arguments")
 		os.Exit(1)
 	}

 	opts, err := flags.Options()
 	if err != nil {
 		fmt.Fprintln(os.Stderr, err)
 		os.Exit(1)
 	}
 	if lifetime > 30*time.Minute {
 		fmt.Fprintln(os.Stderr, "lifetime cannot exceed 30m")
 		os.Exit(1)
 	}

 	ctx := gologger.StdConfig.Use(context.Background())
 	auth := auth.NewAuthenticator(ctx, auth.SilentLogin, opts)

 	switch flag.Args()[0] {
 	case "get":
 		t, err := auth.GetAccessToken(lifetime)
 		if err != nil {
 			printErr("cannot get access token", err)
 			os.Exit(1)
 		}
 		fmt.Printf("username=git-luci\n")
 		fmt.Printf("password=%s\n", t.AccessToken)
 	case "erase":
 		if err := auth.PurgeCredentialsCache(); err != nil {
 			printErr("cannot erase cache", err)
 			os.Exit(1)
 		}
 	default:
 		// The specification for Git credential helper says: "If a helper
 		// receives any other operation, it should silently ignore the
 		// request."
 	}
 }

 func printErr(prefix string, err error) {
 	switch {
 	case err == auth.ErrLoginRequired:
 		fmt.Fprintln(os.Stderr, "not running with a service account and not logged in")
 	case err != nil:
 		fmt.Fprintf(os.Stderr, "%s: %v\n", prefix, err)
 	}
 }
	// Copyright 2017 The LUCI Authors.
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	// Command git-credential-luci is a Git credential helper.
	//
	// The protocol used for communication between Git and the credential helper
	// is documented in:
	//
	// https://www.kernel.org/pub/software/scm/git/docs/technical/api-credentials.html#_credential_helpers
	// https://www.kernel.org/pub/software/scm/git/docs/git-credential.html
	package main

	import (
	"context"
	"flag"
	"fmt"
	"os"
	"time"

	"go.chromium.org/luci/auth"
	"go.chromium.org/luci/auth/client/authcli"
	"go.chromium.org/luci/common/logging/gologger"

	"go.chromium.org/luci/common/api/gitiles"
	"go.chromium.org/luci/hardcoded/chromeinfra"
	)

	var (
	flags authcli.Flags
	lifetime time.Duration
	)

	func init() {
	defaults := chromeinfra.DefaultAuthOptions()
	defaults.Scopes = []string{gitiles.OAuthScope, auth.OAuthScopeEmail}
	flags.Register(flag.CommandLine, defaults)
	flag.DurationVar(
	&lifetime, "lifetime", time.Minute,
	"Minimum token lifetime. If existing token expired and refresh token or service account is not present, returns nothing.",
	)

	flag.Usage = func() {
	fmt.Fprintf(os.Stderr, "usage: git-credential-luci command\n")
	flag.PrintDefaults()
	}
	}

	func main() {
	flag.Parse()

	if len(flag.Args()) != 1 {
	fmt.Fprintln(os.Stderr, "invalid number of arguments")
	os.Exit(1)
	}

	opts, err := flags.Options()
	if err != nil {
	fmt.Fprintln(os.Stderr, err)
	os.Exit(1)
	}
	if lifetime > 30*time.Minute {
	fmt.Fprintln(os.Stderr, "lifetime cannot exceed 30m")
	os.Exit(1)
	}

	ctx := gologger.StdConfig.Use(context.Background())
	auth := auth.NewAuthenticator(ctx, auth.SilentLogin, opts)

	switch flag.Args()[0] {
	case "get":
	t, err := auth.GetAccessToken(lifetime)
	if err != nil {
	printErr("cannot get access token", err)
	os.Exit(1)
	}
	fmt.Printf("username=git-luci\n")
	fmt.Printf("password=%s\n", t.AccessToken)
	case "erase":
	if err := auth.PurgeCredentialsCache(); err != nil {
	printErr("cannot erase cache", err)
	os.Exit(1)
	}
	default:
	// The specification for Git credential helper says: "If a helper
	// receives any other operation, it should silently ignore the
	// request."
	}
	}

	func printErr(prefix string, err error) {
	switch {
	case err == auth.ErrLoginRequired:
	fmt.Fprintln(os.Stderr, "not running with a service account and not logged in")
	case err != nil:
	fmt.Fprintf(os.Stderr, "%s: %v\n", prefix, err)
	}
	}