Add support for username/password authentication

[lann]

Replaces #5

[venth]

I have an issue with pipeline setup. I have locally built image and my pipeline returns an error: custom resource type 'gerrit' version not found

And resource type:

resource_types:
- name: gerrit
  type: docker-image
  source:
    repository: us.gcr.io/concourse-resources/gerrit-resource:0.1.1-14-gf4a53a3

[lann]

I just pushed us.gcr.io/concourse-resources/gerrit-resource:test-userpass (with this PR) and tested that it still works with cookies. I don't have a gerrit instance with password auth to test against.

I have seen resource type 'gerrit' version not found before during development - sometimes I needed to destroy the pipeline and rebuild it to get it to work properly.

[lann]

It is also possible that the missing vendored package in the above commit was breaking it for you.

[venth]

I'll test it today and let you know 👍

[lann]

Have you had a chance to test this yet?

[venth]

I've changed the approach and performed the test directly inside docker container. I've ran docker-compose run --rm resource using docker-compose.yml as follows:

version: "3"

services:
  resource:
    image: us.gcr.io/concourse-resources/gerrit-resource:<locally built image tag>
    command: ''
    entrypoint: /bin/sh

and the result was:

/opt/resource # ./check < /tmp/check
./check: line 1: ����: not found
./check: line 1: syntax error: unterminated quoted string

when I've changed the tag to: test-userpass (built by you) there was no such error.

In next step I'll check the image prepared by you using credentials.

[venth]

I provided username and password. The result was:

2017/09/01 16:55:09 gerrit-resource build 0.1.2-3-gf4a53a3
2017/09/01 16:55:09 query: "status:open project:myproject" {N:1 Fields:[CURRENT_REVISION]}
2017/09/01 16:55:09 error processing check request: error querying for changes: HTTP status 401 Unauthorized; Unauthorized

Input arguments:

{
  "source": {
    "url": "https://my_gerrit_host",
    "query: "status:open project:myproject",
    "username": "my_user",
    "password": "my_password"
  }
}

Image: us.gcr.io/concourse-resources/gerrit-resource:test-userpass

[lann]

Could you try this equivalent curl command? Note that the debug output will contain a line Authorization: Basic <base64 data> that encodes your plaintext user/pass; you should scrub that line if you post the output.

curl -v https://my_gerrit_host/a/ -u my_user (should prompt for a password)

I am particularly interested in the response status code and any response header WWW-Authenticate.

[venth]

WWW-Authenticate: Digest realm="Gerrit Code Review", domain="https://myserver/", qop="auth", nonce="XXXXXXXXXXXX$"

HTTP/1.1 401 Unauthorized

[lann]

Ah, looks like you do need digest auth. It would be nice if the gerrit library could just negotiate that for you. Oh well, easy enough to add the option.

[lann]

I pushed a new image, retagging test-userpass. You will need to add digest_auth: true to your source config.

[venth]

OK, now check script works and produces results:

[{
  "change_id": "change_id",
  "revision": "revision",
  "created": "1229-08-14T15:02:45Z"
}]

I've user this result as input for in script in following form:

{
  "source": {
  "url": "https://my_gerrit_host",
  "query": "status:open project:myproject",
  "username": "my_user",
  "password": "my_password",
    "digest_auth": true,
    "version": {
      "change_id": "change_id",
      "revision": "revision",
      "created": "1229-08-14T15:02:45Z"
    }
  }
}

and executed script:

./in /tmp/result < /tmp/in

the execution result was:

error processing in request: error decoding version: unexpected end of JSON input

[venth]

Found ;) I've prepared wrong input for the in script. in and out scripts seem to work ;) 👍

[venth]

I prepared a simple pipeline. It seems that the check script always returns one change, even if there are more of them. The same query executed in ui returns proper number of changes. As the result the pipeline isn't triggered.

For development purposes local gerrit could be used. For example: docker run --rm -p 8080:8080 -p 29418:29418 -e AUTH_TYPE=DEVELOPMENT_BECOME_ANY_ACCOUNT openfrontier/gerrit:2.14.3

[lann]

It seems that the check script always returns one change, even if there are more of them.

This is how Concourse works; a new resource will initially return only the newest version. Try creating a new change or patch set in Gerrit after creating the pipeline.

Also, the default configuration for get doesn't really make sense for gerrit. You almost certainly want to set version: every and trigger: true in your gerrit resource get step (as in the README).

[venth]

Thanks for the explanation 👍