Coverage for src/gitlabracadabra/gitlab/pygit2.py: 27%

38 statements  

« prev     ^ index     » next       coverage.py v7.15.0, created at 2026-07-07 22:55 +0200

1# 

2# Copyright (C) 2019-2025 Mathieu Parent <math.parent@gmail.com> 

3# 

4# This program is free software: you can redistribute it and/or modify 

5# it under the terms of the GNU Lesser General Public License as published by 

6# the Free Software Foundation, either version 3 of the License, or 

7# (at your option) any later version. 

8# 

9# This program is distributed in the hope that it will be useful, 

10# but WITHOUT ANY WARRANTY; without even the implied warranty of 

11# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 

12# GNU Lesser General Public License for more details. 

13# 

14# You should have received a copy of the GNU Lesser General Public License 

15# along with this program. If not, see <http://www.gnu.org/licenses/>. 

16 

17 

18from __future__ import annotations 

19 

20from typing import TYPE_CHECKING 

21from urllib.parse import urlparse 

22 

23from pygit2 import Passthrough, RemoteCallbacks, UserPass 

24 

25from gitlabracadabra.gitlab.pygitlab import PyGitlab 

26 

27if TYPE_CHECKING: 

28 from pygit2 import Keypair, Username 

29 from pygit2.enums import CredentialType 

30 

31 

32class PyGit2(PyGitlab): 

33 """PyGit2 wrapper.""" 

34 

35 def pygit2_certificate_check( 

36 self, 

37 certificate: None, # noqa: ARG002 

38 valid: bool, # noqa: ARG002,FBT001 

39 host: bytes, 

40 ) -> bool: 

41 """Check certificate. 

42 

43 Args: 

44 _certificate: Currently always None. 

45 valid: Whether the TLS/SSH library thinks the certificate is valid. 

46 host: The hostname we want to connect to. 

47 

48 Returns: 

49 True to connect, False to abort. 

50 

51 Raises: 

52 Passthrough: Use default behavior. 

53 """ 

54 if self.pygitlab.ssl_verify is True: 

55 raise Passthrough 

56 if self.pygitlab.ssl_verify is False: 

57 allowed_host = urlparse(self.api_url).hostname 

58 if allowed_host is not None and host in {allowed_host, allowed_host.encode()}: 

59 return True 

60 raise Passthrough 

61 # self.pygitlab.ssl_verify is a CA path, no way to verify 

62 return False 

63 

64 def pygit2_credentials( 

65 self, 

66 url: str, 

67 username_from_url: str | None, # noqa: ARG002 

68 allowed_types: CredentialType, # noqa: ARG002 

69 ) -> Username | UserPass | Keypair: 

70 """Get PyGit2 credentials. 

71 

72 Args: 

73 url: The url of the remote. 

74 _username_from_url: Username extracted from the url, if any. 

75 _allowed_types: Combination of bitflags representing the credential types supported by the remote. 

76 

77 Returns: 

78 A pygit2.UserPass. 

79 

80 Raises: 

81 ValueError: No credentials found. 

82 """ 

83 target_hostname = urlparse(url).hostname 

84 allowed_hostname = urlparse(self.api_url).hostname 

85 if allowed_hostname != target_hostname: 

86 msg = f"Target hostname {target_hostname} not matching allowed hostname {allowed_hostname}" 

87 raise ValueError( 

88 msg, 

89 ) 

90 if self.pygitlab.private_token: 

91 return UserPass("oauth2", self.pygitlab.private_token) 

92 if self.pygitlab.oauth_token: 

93 return UserPass("oauth2", self.pygitlab.oauth_token) 

94 if self.pygitlab.job_token: 

95 return UserPass("gitlab-ci-token", self.pygitlab.job_token) 

96 if self.pygitlab.http_username and self.pygitlab.http_password: 

97 return UserPass(self.pygitlab.http_username, self.pygitlab.http_password) 

98 msg = "No PyGit2 credentials for {target_hostname}" 

99 raise ValueError(msg) 

100 

101 @property 

102 def pygit2_remote_callbacks(self) -> RemoteCallbacks: 

103 """Get PyGit2 RemoteCallbacks. 

104 

105 Returns: 

106 A pygit2.RemoteCallbacks. 

107 """ 

108 cb = RemoteCallbacks() 

109 cb.credentials = self.pygit2_credentials # type: ignore[method-assign] 

110 if self.pygitlab.ssl_verify is not True: 110 ↛ 111line 110 didn't jump to line 111 because the condition on line 110 was never true

111 cb.certificate_check = self.pygit2_certificate_check # type: ignore[method-assign] 

112 return cb