use basic auth for all request to artifactory if credentials are defined

Signed-off-by: Daniel Linsley <dlinsley@vmware.com>
pivotal-cf · May 14, 2024 · beaa050 · beaa050
1 parent 5e03046
commit beaa050
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 19 deletions.
diff --git a/internal/component/artifactory.go b/internal/component/artifactory.go
@@ -80,9 +80,9 @@ func (ars *ArtifactoryReleaseSource) DownloadRelease(releaseDir string, remoteRe
 	downloadURL += "/" + ars.Repo + "/" + remoteRelease.RemotePath
 
 	ars.logger.Printf(logLineDownload, remoteRelease.Name, ReleaseSourceTypeArtifactory, ars.ID)
-	resp, err := ars.Client.Get(downloadURL)
+	resp, err := ars.getWithAuth(downloadURL)
 	if err != nil {
-		return Local{}, wrapVPNError(err)
+		return Local{}, err
 	}
 
 	if resp.StatusCode != http.StatusOK {
@@ -122,9 +122,10 @@ func (ars *ArtifactoryReleaseSource) DownloadRelease(releaseDir string, remoteRe
 func (ars *ArtifactoryReleaseSource) getFileSHA1(release cargo.BOSHReleaseTarballLock) (string, error) {
 	fullURL := ars.ArtifactoryHost + "/api/storage/" + ars.Repo + "/" + release.RemotePath
 	ars.logger.Printf("Getting %s file info from artifactory", release.Name)
-	resp, err := ars.Client.Get(fullURL)
+
+	resp, err := ars.getWithAuth(fullURL)
 	if err != nil {
-		return "", wrapVPNError(err)
+		return "", err
 	}
 	if resp.StatusCode != http.StatusOK {
 		return "", fmt.Errorf("failed to get %s release info from artifactory with error code %d", release.Name, resp.StatusCode)
@@ -157,15 +158,10 @@ func (ars *ArtifactoryReleaseSource) GetMatchedRelease(spec cargo.BOSHReleaseTar
 	}
 
 	fullUrl := fmt.Sprintf("%s/%s/%s/%s", ars.ArtifactoryHost, "api/storage", ars.Repo, remotePath)
-	request, err := http.NewRequest(http.MethodGet, fullUrl, nil)
+	response, err := ars.getWithAuth(fullUrl)
 	if err != nil {
 		return cargo.BOSHReleaseTarballLock{}, err
 	}
-
-	response, err := ars.Client.Do(request)
-	if err != nil {
-		return cargo.BOSHReleaseTarballLock{}, wrapVPNError(err)
-	}
 	defer func() {
 		_ = response.Body.Close()
 	}()
@@ -196,15 +192,11 @@ func (ars *ArtifactoryReleaseSource) FindReleaseVersion(spec cargo.BOSHReleaseTa
 
 	fullUrl := fmt.Sprintf("%s/%s/%s/%s", ars.ArtifactoryHost, "api/storage", ars.Repo, path.Dir(remotePath))
 
-	request, err := http.NewRequest(http.MethodGet, fullUrl, nil)
+	response, err := ars.getWithAuth(fullUrl)
 	if err != nil {
 		return cargo.BOSHReleaseTarballLock{}, err
 	}
 
-	response, err := ars.Client.Do(request)
-	if err != nil {
-		return cargo.BOSHReleaseTarballLock{}, wrapVPNError(err)
-	}
 	defer func() {
 		_ = response.Body.Close()
 	}()
@@ -226,7 +218,7 @@ func (ars *ArtifactoryReleaseSource) FindReleaseVersion(spec cargo.BOSHReleaseTa
 	}
 
 	if err := json.Unmarshal(responseBody, &artifactoryFolderInfo); err != nil {
-		return cargo.BOSHReleaseTarballLock{}, fmt.Errorf("json from %s is malformed: %s", request.URL.Host, err)
+		return cargo.BOSHReleaseTarballLock{}, fmt.Errorf("json from %s is malformed: %s", response.Request.URL.Host, err)
 	}
 
 	semverPattern, err := regexp.Compile(`([-v])\d+(.\d+)*`)
@@ -348,6 +340,18 @@ func (ars *ArtifactoryReleaseSource) pathTemplate() *template.Template {
 			Parse(ars.ReleaseSourceConfig.PathTemplate))
 }
 
+func (ars *ArtifactoryReleaseSource) getWithAuth(url string) (*http.Response, error) {
+	request, err := http.NewRequest(http.MethodGet, url, nil)
+	if err != nil {
+		return nil, err
+	}
+	if ars.Username != "" {
+		request.SetBasicAuth(ars.Username, ars.Password)
+	}
+	response, err := ars.Client.Do(request)
+	return response, wrapVPNError(err)
+}
+
 type vpnError struct {
 	wrapped error
 }

diff --git a/internal/component/artifactory_test.go b/internal/component/artifactory_test.go
@@ -66,16 +66,18 @@ var _ = Describe("interacting with BOSH releases on Artifactory", func() {
 
 	Describe("read operations", func() {
 		BeforeEach(func() {
+			requireAuth := requireBasicAuthMiddleware(correctUsername, correctPassword)
+
 			artifactoryRouter.Handler(http.MethodGet, "/api/storage/basket/bosh-releases/smoothie/9.9/mango/mango-2.3.4-smoothie-9.9.tgz", applyMiddleware(http.HandlerFunc(func(res http.ResponseWriter, _ *http.Request) {
 				res.WriteHeader(http.StatusOK)
 				// language=json
 				_, _ = io.WriteString(res, `{"checksums": {"sha1":  "some-sha"}}`)
-			})))
+			}), requireAuth))
 			artifactoryRouter.Handler(http.MethodGet, "/api/storage/basket/bosh-releases/smoothie/9.9/mango", applyMiddleware(http.HandlerFunc(func(res http.ResponseWriter, _ *http.Request) {
 				res.WriteHeader(http.StatusOK)
 				// language=json
 				_, _ = io.WriteString(res, `{"children": [{"uri": "/mango-2.3.4-smoothie-9.9.tgz", "folder": false}]}`)
-			})))
+			}), requireAuth))
 			artifactoryRouter.Handler(http.MethodGet, "/artifactory/basket/bosh-releases/smoothie/9.9/mango/mango-2.3.4-smoothie-9.9.tgz", applyMiddleware(http.HandlerFunc(func(res http.ResponseWriter, _ *http.Request) {
 				res.WriteHeader(http.StatusOK)
 				f, err := os.Open(filepath.Join("testdata", "some-release.tgz"))
@@ -84,7 +86,7 @@ var _ = Describe("interacting with BOSH releases on Artifactory", func() {
 				}
 				defer closeAndIgnoreError(f)
 				_, _ = io.Copy(res, f)
-			}) /* put middleware here */))
+			}), requireAuth))
 		})
 		When("the server has the a file at the expected path", func() {
 			It("resolves the lock from the spec", func() { // testing GetMatchedRelease