Store repository credentials with repositories

Summary:
Move toward storing credentials in configuration so it's easier to get the
daemons working. This should eventually solve all the key juggling junk you have
to do right now.

This only gets us part of the way to actually using these credentials in the
daemons since I have to go swap everything for $repository->execBlah().

I tried to write a web "Test Connection" button but it was too much of a mess to
get git to work since git doesn't give you access to its SSH command and SSH has
a bunch of interactive prompts which you can't really do anything about without
it or a bunch of ~/.ssh/config editing. This is what Git recommends:

https://git.wiki.kernel.org/index.php/GitFaq#How_do_I_specify_what_ssh_key_git_should_use.3F

..but it's not a great match for this use case.

Test Plan:
  - Only partial.
  - Ran "test_connection.php" on a Git repo with and without SSH, and with and
without valid credentials. This part works properly.
  - Ran "test_connection.php" on a public SVN repo, but I don't have private or
WEBDAV repos set up at the moment.
  - Mercurial doesn't work yet.
  - Daemons haven't been converted yet.

Reviewers: jungejason, tuomaspelkonen, aran

Reviewed By: jungejason

CC: aran, abdul, nmalcolm, epriestley, jungejason

Differential Revision: 888

Author: epriestley

scripts/repository/test_connection.php

@@ -0,0 +1,90 @@
+#!/usr/bin/env php
+<?php
+
+/*
+ * Copyright 2011 Facebook, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+$root = dirname(dirname(dirname(__FILE__)));
+require_once $root.'/scripts/__init_script__.php';
+require_once $root.'/scripts/__init_env__.php';
+
+phutil_require_module('phutil', 'console');
+phutil_require_module('phutil', 'future/exec');
+
+if (empty($argv[1])) {
+  echo "usage: test_connection.php <repository_callsign>\n";
+  exit(1);
+}
+
+echo phutil_console_wrap(
+  phutil_console_format(
+    'This script will test that you have configured valid credentials for '.
+    'access to a repository, so the Phabricator daemons can pull from it. '.
+    'You should run this as the **same user you will run the daemons as**, '.
+    'from the **same machine they will run from**. Doing this will help '.
+    'detect various problems with your configuration, such as SSH issues.'));
+
+list($whoami) = execx('whoami');
+$whoami = trim($whoami);
+
+$ok = phutil_console_confirm("Do you want to continue as '{$whoami}'?");
+if (!$ok) {
+  die(1);
+}
+
+$callsign = $argv[1];
+echo "Loading '{$callsign}' repository...\n";
+$repository = id(new PhabricatorRepository())->loadOneWhere(
+  'callsign = %s',
+  $argv[1]);
+if (!$repository) {
+  throw new Exception("No such repository exists!");
+}
+
+$vcs = $repository->getVersionControlSystem();
+
+PhutilServiceProfiler::installEchoListener();
+
+echo "Trying to connect to the remote...\n";
+switch ($vcs) {
+  case PhabricatorRepositoryType::REPOSITORY_TYPE_SVN:
+    $err = $repository->passthruRemoteCommand(
+      '--limit 1 log %s',
+      $repository->getRemoteURI());
+    break;
+  case PhabricatorRepositoryType::REPOSITORY_TYPE_GIT:
+    // Do an ls-remote on a nonexistent ref, which we expect to just return
+    // nothing.
+    $err = $repository->passthruRemoteCommand(
+      'ls-remote %s %s',
+      $repository->getRemoteURI(),
+      'just-testing');
+    break;
+  default:
+    throw new Exception("Unsupported repository type.");
+}
+
+if ($err) {
+  echo phutil_console_format(
+    "<bg:red>** FAIL **</bg> Connection failed. The credentials for this ".
+    "repository appear to be incorrectly configured.\n");
+  exit(1);
+} else {
+  echo phutil_console_format(
+    "<bg:green>** OKAY **</bg> Connection successful. The credentials for ".
+    "this repository appear to be correctly configured.\n");
+}
+

src/__celerity_resource_map__.php

@@ -652,6 +652,17 @@
     ),
     'disk' => '/rsrc/js/application/maniphest/behavior-transaction-preview.js',
   ),
+  0 =>
+  array(
+    'uri' => '/res/1da00bfe/rsrc/js/javelin/lib/__tests__/URI.js',
+    'type' => 'js',
+    'requires' =>
+    array(
+      0 => 'javelin-uri',
+      1 => 'javelin-php-serializer',
+    ),
+    'disk' => '/rsrc/js/javelin/lib/__tests__/URI.js',
+  ),
   'javelin-behavior-owners-path-editor' =>
   array(
     'uri' => '/res/9cf78ffc/rsrc/js/application/owners/owners-path-editor.js',
@@ -1283,15 +1294,6 @@
     ),
     'disk' => '/rsrc/js/application/core/Prefab.js',
   ),
-  0 =>
-  array(
-    'uri' => '/res/936e8e81/rsrc/js/javelin/docs/onload.js',
-    'type' => 'js',
-    'requires' =>
-    array(
-    ),
-    'disk' => '/rsrc/js/javelin/docs/onload.js',
-  ),
   'phabricator-profile-css' =>
   array(
     'uri' => '/res/ebe1ac2f/rsrc/css/application/profile/profile-view.css',

src/applications/repository/controller/edit/PhabricatorRepositoryEditController.php

@@ -239,6 +239,9 @@ private function processTrackingRequest() {
           'default-owners-path',
           '/'));
 
+      $repository->setDetail('ssh-login', $request->getStr('ssh-login'));
+      $repository->setDetail('ssh-key', $request->getStr('ssh-key'));
+
       $repository->setDetail(
         'herald-disabled',
         $request->getInt('herald-disabled', 0));
@@ -329,10 +332,14 @@ private function processTrackingRequest() {
         'Differential, Diffusion, Herald, and other services. To enable '.
         'tracking for a repository, configure it here and then start (or '.
         'restart) the daemons. More information is available in the '.
-        '<strong>'.$user_guide_link.'</strong>.</p>')
+        '<strong>'.$user_guide_link.'</strong>.</p>');
+
+    $form
+      ->appendChild(
+        '<h1>Basics</h1><div class="aphront-form-inset">')
       ->appendChild(
         id(new AphrontFormStaticControl())
-          ->setLabel('Repository')
+          ->setLabel('Repository Name')
           ->setValue($repository->getName()))
       ->appendChild(
         id(new AphrontFormSelectControl())
@@ -345,13 +352,19 @@ private function processTrackingRequest() {
           ->setValue(
             $repository->getDetail('tracking-enabled')
               ? 'enabled'
-              : 'disabled'));
+              : 'disabled'))
+      ->appendChild('</div>');
+
+    $form->appendChild(
+      '<h1>Remote URI</h1>'.
+      '<div class="aphront-form-inset">');
 
     $uri_label = 'Repository URI';
     if ($is_git) {
       $instructions =
-        'NOTE: The user the tracking daemon runs as must have permission to '.
-        '<tt>git clone</tt> from this URI.';
+        'Enter the URI to clone this repository from. It should look like '.
+        '<tt>git@github.com:example/example.git</tt> or '.
+        '<tt>ssh://user@host.com/git/example.git</tt>';
       $form->appendChild(
         '<p class="aphront-form-instructions">'.$instructions.'</p>');
     } else if ($is_svn) {
@@ -360,10 +373,7 @@ private function processTrackingRequest() {
         'You can figure this out by running <tt>svn info</tt> and looking at '.
         'the value in the <tt>Repository Root</tt> field. It should be a URI '.
         'and look like <tt>http://svn.example.org/svn/</tt> or '.
-        '<tt>svn+ssh://svn.example.com/svnroot/</tt>.'.
-        '<br /><br />'.
-        'NOTE: The user the daemons run as must be able to execute '.
-        '<tt>svn log</tt> against this URI.';
+        '<tt>svn+ssh://svn.example.com/svnroot/</tt>';
       $form->appendChild(
         '<p class="aphront-form-instructions">'.$instructions.'</p>');
       $uri_label = 'Repository Root';
@@ -374,9 +384,44 @@ private function processTrackingRequest() {
         id(new AphrontFormTextControl())
           ->setName('uri')
           ->setLabel($uri_label)
+          ->setID('remote-uri')
           ->setValue($repository->getDetail('remote-uri'))
           ->setError($e_uri));
 
+    $form->appendChild(
+      '<div class="aphront-form-instructions">'.
+        'If you want to connect to this repository over SSH, enter the '.
+        'username and private key to use. You can leave these fields blank if '.
+        'the repository does not use SSH. <strong>NOTE: This feature is not '.
+        'yet fully supported.</strong>'.
+      '</div>');
+
+    $form
+      ->appendChild(
+        id(new AphrontFormTextControl())
+          ->setName('ssh-login')
+          ->setLabel('SSH User')
+          ->setValue($repository->getDetail('ssh-login')))
+      ->appendChild(
+        id(new AphrontFormTextAreaControl())
+          ->setName('ssh-key')
+          ->setLabel('SSH Private Key')
+          ->setHeight(AphrontFormTextAreaControl::HEIGHT_VERY_SHORT)
+          ->setValue($repository->getDetail('ssh-key')))
+      ->appendChild(
+        id(new AphrontFormMarkupControl())
+          ->setLabel('Test Connection')
+          ->setValue(
+            'To test these credentials, <strong>save this form</strong> and '.
+            'then run: <code>phabricator/scripts/repository/test_connection'.
+            '.php '.phutil_escape_html($repository->getCallsign()).'</code>'));
+
+    $form->appendChild('</div>');
+
+    $form->appendChild(
+      '<h1>Importing Repository Information</h1>'.
+      '<div class="aphront-form-inset">');
+
     if ($is_git) {
       $form->appendChild(
         '<p class="aphront-form-instructions">Select a path on local disk '.
@@ -415,6 +460,12 @@ private function processTrackingRequest() {
             'Number of seconds daemon should sleep between requests. Larger '.
             'numbers reduce load but also decrease responsiveness.'));
 
+    $form->appendChild('</div>');
+
+    $form->appendChild(
+      '<h1>Application Configuration</h1>'.
+      '<div class="aphront-form-inset">');
+
     if ($is_git) {
       $form
         ->appendChild(
@@ -452,8 +503,8 @@ private function processTrackingRequest() {
               1 => 'Disabled - Do Not Send Email',
             ))
           ->setCaption(
-            'You can temporarily disable Herald notifications when reparsing '.
-            'a repository or importing a new repository.'));
+            'You can temporarily disable Herald commit notifications when '.
+            'reparsing a repository or importing a new repository.'));
 
     $parsers = id(new PhutilSymbolLoader())
       ->setAncestorClass('PhabricatorRepositoryCommitMessageDetailParser')
@@ -487,10 +538,12 @@ private function processTrackingRequest() {
             ->setCaption('Repository UUID from <tt>svn info</tt>.'));
     }
 
+    $form->appendChild('</div>');
+
     $form
       ->appendChild(
         id(new AphrontFormSubmitControl())
-          ->setValue('Save'));
+          ->setValue('Save Configuration'));
 
     $panel = new AphrontPanelView();
     $panel->setHeader('Repository Tracking');

src/applications/repository/controller/edit/__init__.php

@@ -17,6 +17,7 @@
 phutil_require_module('phabricator', 'infrastructure/env');
 phutil_require_module('phabricator', 'view/control/table');
 phutil_require_module('phabricator', 'view/form/base');
+phutil_require_module('phabricator', 'view/form/control/markup');
 phutil_require_module('phabricator', 'view/form/control/select');
 phutil_require_module('phabricator', 'view/form/control/static');
 phutil_require_module('phabricator', 'view/form/control/submit');