Coverage for src/gitlabracadabra/gitlab/pygit2.py: 27%
38 statements
« prev ^ index » next coverage.py v7.15.0, created at 2026-07-07 22:55 +0200
« prev ^ index » next coverage.py v7.15.0, created at 2026-07-07 22:55 +0200
1#
2# Copyright (C) 2019-2025 Mathieu Parent <math.parent@gmail.com>
3#
4# This program is free software: you can redistribute it and/or modify
5# it under the terms of the GNU Lesser General Public License as published by
6# the Free Software Foundation, either version 3 of the License, or
7# (at your option) any later version.
8#
9# This program is distributed in the hope that it will be useful,
10# but WITHOUT ANY WARRANTY; without even the implied warranty of
11# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12# GNU Lesser General Public License for more details.
13#
14# You should have received a copy of the GNU Lesser General Public License
15# along with this program. If not, see <http://www.gnu.org/licenses/>.
18from __future__ import annotations
20from typing import TYPE_CHECKING
21from urllib.parse import urlparse
23from pygit2 import Passthrough, RemoteCallbacks, UserPass
25from gitlabracadabra.gitlab.pygitlab import PyGitlab
27if TYPE_CHECKING:
28 from pygit2 import Keypair, Username
29 from pygit2.enums import CredentialType
32class PyGit2(PyGitlab):
33 """PyGit2 wrapper."""
35 def pygit2_certificate_check(
36 self,
37 certificate: None, # noqa: ARG002
38 valid: bool, # noqa: ARG002,FBT001
39 host: bytes,
40 ) -> bool:
41 """Check certificate.
43 Args:
44 _certificate: Currently always None.
45 valid: Whether the TLS/SSH library thinks the certificate is valid.
46 host: The hostname we want to connect to.
48 Returns:
49 True to connect, False to abort.
51 Raises:
52 Passthrough: Use default behavior.
53 """
54 if self.pygitlab.ssl_verify is True:
55 raise Passthrough
56 if self.pygitlab.ssl_verify is False:
57 allowed_host = urlparse(self.api_url).hostname
58 if allowed_host is not None and host in {allowed_host, allowed_host.encode()}:
59 return True
60 raise Passthrough
61 # self.pygitlab.ssl_verify is a CA path, no way to verify
62 return False
64 def pygit2_credentials(
65 self,
66 url: str,
67 username_from_url: str | None, # noqa: ARG002
68 allowed_types: CredentialType, # noqa: ARG002
69 ) -> Username | UserPass | Keypair:
70 """Get PyGit2 credentials.
72 Args:
73 url: The url of the remote.
74 _username_from_url: Username extracted from the url, if any.
75 _allowed_types: Combination of bitflags representing the credential types supported by the remote.
77 Returns:
78 A pygit2.UserPass.
80 Raises:
81 ValueError: No credentials found.
82 """
83 target_hostname = urlparse(url).hostname
84 allowed_hostname = urlparse(self.api_url).hostname
85 if allowed_hostname != target_hostname:
86 msg = f"Target hostname {target_hostname} not matching allowed hostname {allowed_hostname}"
87 raise ValueError(
88 msg,
89 )
90 if self.pygitlab.private_token:
91 return UserPass("oauth2", self.pygitlab.private_token)
92 if self.pygitlab.oauth_token:
93 return UserPass("oauth2", self.pygitlab.oauth_token)
94 if self.pygitlab.job_token:
95 return UserPass("gitlab-ci-token", self.pygitlab.job_token)
96 if self.pygitlab.http_username and self.pygitlab.http_password:
97 return UserPass(self.pygitlab.http_username, self.pygitlab.http_password)
98 msg = "No PyGit2 credentials for {target_hostname}"
99 raise ValueError(msg)
101 @property
102 def pygit2_remote_callbacks(self) -> RemoteCallbacks:
103 """Get PyGit2 RemoteCallbacks.
105 Returns:
106 A pygit2.RemoteCallbacks.
107 """
108 cb = RemoteCallbacks()
109 cb.credentials = self.pygit2_credentials # type: ignore[method-assign]
110 if self.pygitlab.ssl_verify is not True: 110 ↛ 111line 110 didn't jump to line 111 because the condition on line 110 was never true
111 cb.certificate_check = self.pygit2_certificate_check # type: ignore[method-assign]
112 return cb