There's some confusion on what account to use to login. Add the
context for Gerrit to hopefully make it a bit easier to decide.
Bug: b/342261857
Change-Id: Ie59b156c2a91f8168bcd2f381f85fb8157040d80
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6178581
Reviewed-by: Josip Sokcevic <sokcevic@chromium.org>
Commit-Queue: Allen Li <ayatane@chromium.org>
git-credential-luci is very similar to luci-auth, except that it is
expressly for git/Gerrit. Therefore, it hard codes the scopes needed
for git/Gerrit. It's also a separate binary, which makes it more
convenient for us to configure it for ReAuth later.
Bug: b/382341041
Change-Id: I7de56d3922adac7eb4671849eb6e30be310d4de7
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/6073043
Reviewed-by: Josip Sokcevic <sokcevic@chromium.org>
Commit-Queue: Allen Li <ayatane@chromium.org>
Scopes needs to be passed as a single CLI argument
Bug: b/351046856
Change-Id: I1c0e78b9bfa9997af3466f5b54ae27a535fa7488
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/5689095
Commit-Queue: Yiwei Zhang <yiwzhang@google.com>
Reviewed-by: Yiwei Zhang <yiwzhang@google.com>
Auto-Submit: Allen Li <ayatane@chromium.org>
This reverts commit f871d80a7e.
Reason for revert:
This is to revert https://crrev.com/c/5624014.
Original change's description:
> [gerrit_util] Add dogfoodable luci-auth Authenticator.
>
> Inspired by https://chromium-review.googlesource.com/c/5577744.
>
> This implementation allows toggling the entire new-auth-stack with
> the git configuration:
>
> [depot-tools]
> useNewAuthStack = 1
>
> Additionally, you can set:
>
> [depot-tools]
> newAuthSkipSSO = 1
>
> To intentionally skip SSOAuthenticator for now while doing local
> evaluation of these auth methods.
>
> This CL was uploaded without gitcookies using the new luci-auth
> Authenticator.
>
> Subsequent CLs will adjust creds-check and EnsureAuthenticated to
> work correctly with the new auth stack.
>
> R=ayatane@google.com
>
> Bug: 336351842, 336652327
> Change-Id: I0eb6d82ca106ddd114b74f63d8cda4c5a7b70c86
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/5590324
> Reviewed-by: Yiwei Zhang <yiwzhang@google.com>
> Reviewed-by: Scott Lee <ddoman@chromium.org>
> Commit-Queue: Allen Li <ayatane@chromium.org>
Bug: 336351842, 336652327
Change-Id: I7c947760a096f48bdac3d640f71e40ad10fe6f3e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/5624015
Owners-Override: Patti Lor <patricialor@chromium.org>
Auto-Submit: Takuto Ikuta <tikuta@chromium.org>
Commit-Queue: Patti Lor <patricialor@chromium.org>
Reviewed-by: Patti Lor <patricialor@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Inspired by https://chromium-review.googlesource.com/c/5577744.
This implementation allows toggling the entire new-auth-stack with
the git configuration:
[depot-tools]
useNewAuthStack = 1
Additionally, you can set:
[depot-tools]
newAuthSkipSSO = 1
To intentionally skip SSOAuthenticator for now while doing local
evaluation of these auth methods.
This CL was uploaded without gitcookies using the new luci-auth
Authenticator.
Subsequent CLs will adjust creds-check and EnsureAuthenticated to
work correctly with the new auth stack.
R=ayatane@google.com
Bug: 336351842, 336652327
Change-Id: I0eb6d82ca106ddd114b74f63d8cda4c5a7b70c86
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/5590324
Reviewed-by: Yiwei Zhang <yiwzhang@google.com>
Reviewed-by: Scott Lee <ddoman@chromium.org>
Commit-Queue: Allen Li <ayatane@chromium.org>
Make auth be able to generate id_token. Some services on Cloud Run will
need it (e.g. luci-config v2).
Bug: 1487020
Change-Id: Icfe95002f93ee552b99ab2694c7b777e2322484b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/4899437
Reviewed-by: Yiwei Zhang <yiwzhang@google.com>
Commit-Queue: Yuanjun Huang <yuanjunh@google.com>
All __future__ imports (unicode_literals, print_function) are already
mandatory in py3. Also remove an outdated py2 comment in
presubmit_canned_checks.py
Bug: 1475402
Change-Id: I27cf6a8268f6dd1081f22af782c4c29a975376ae
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/4867135
Reviewed-by: Josip Sokcevic <sokcevic@chromium.org>
Commit-Queue: Gavin Mak <gavinmak@google.com>
Leave the recipes/ code at 2 space to match the rest of the recipes
project in other repos.
Reformatted using:
files=( $(
git ls-tree -r --name-only HEAD | \
grep -Ev -e '^(third_party|recipes)/' | \
grep '\.py$';
git grep -l '#!/usr/bin/env.*python' | grep -v '\.py$'
) )
parallel ./yapf -i -- "${files[@]}"
~/chromiumos/chromite/contrib/reflow_overlong_comments "${files[@]}"
The files that still had strings that were too long were manually
reformatted because they were easy and only a few issues.
autoninja.py
clang_format.py
download_from_google_storage.py
fix_encoding.py
gclient_utils.py
git_cache.py
git_common.py
git_map_branches.py
git_reparent_branch.py
gn.py
my_activity.py
owners_finder.py
presubmit_canned_checks.py
reclient_helper.py
reclientreport.py
roll_dep.py
rustfmt.py
siso.py
split_cl.py
subcommand.py
subprocess2.py
swift_format.py
upload_to_google_storage.py
These files still had lines (strings) that were too long, so the pylint
warnings were suppressed with a TODO.
auth.py
gclient.py
gclient_eval.py
gclient_paths.py
gclient_scm.py
gerrit_util.py
git_cl.py
presubmit_canned_checks.py
presubmit_support.py
scm.py
Change-Id: Ia6535c4f2c48d46b589ec1e791dde6c6b2ea858f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/4836379
Commit-Queue: Josip Sokcevic <sokcevic@chromium.org>
Auto-Submit: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Josip Sokcevic <sokcevic@chromium.org>
Checking for LUCI_CONTEXT is not enough. To use local auth, the
stored config must be valid and have a default account id.
Bug: 1018069
Change-Id: I5bbe880cc217a06ae0e1ae8d7e00ef09502af6a9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1888211
Reviewed-by: Vadim Shtayura <vadimsh@chromium.org>
Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org>
This is a reland of e1410883a3
Use vpython to execute git_cl.py, gerrit_util.py and presubmit_support.py on recipes.
Original change's description:
> depot_tools: Add httplib2 to .vpython
>
> Check that things won't break before further changes are made.
>
> Bug: 1002153
> Change-Id: I41866f26334bf9ec2732bc0f25007234a95130e4
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1854749
> Auto-Submit: Edward Lesmes <ehmaldonado@chromium.org>
> Commit-Queue: Andrii Shyshkalov <tandrii@google.com>
> Reviewed-by: Andrii Shyshkalov <tandrii@google.com>
Bug: 1002153
Recipe-Nontrivial-Roll: build
Recipe-Nontrivial-Roll: chromiumos
Recipe-Nontrivial-Roll: infra
Recipe-Nontrivial-Roll: skia
Recipe-Nontrivial-Roll: build_limited_scripts_slave
Recipe-Nontrivial-Roll: release_scripts
Change-Id: Id94057eae8830dec197257df3ea35c0c4ff946b7
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1856650
Reviewed-by: Andrii Shyshkalov <tandrii@google.com>
Commit-Queue: Edward Lesmes <ehmaldonado@chromium.org>
Check that things won't break before further changes are made.
Bug: 1002153
Change-Id: I41866f26334bf9ec2732bc0f25007234a95130e4
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1854749
Auto-Submit: Edward Lesmes <ehmaldonado@chromium.org>
Commit-Queue: Andrii Shyshkalov <tandrii@google.com>
Reviewed-by: Andrii Shyshkalov <tandrii@google.com>
Ran "2to3 -w -n -f print ./" and manually added imports.
Ran "^\s*print " and "\s+print " to find batch/shell scripts, comments and the like with embedded code, and updated them manually.
Also manually added imports to files, which used print as a function, but were missing the import.
The scripts still work with Python 2.
There are no intended behaviour changes.
Bug: 942522
Change-Id: Id777e4d4df4adcdfdab1b18bde89f235ef491b9f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/1595684
Reviewed-by: Dirk Pranke <dpranke@chromium.org>
Commit-Queue: Dirk Pranke <dpranke@chromium.org>
Auto-Submit: Raul Tambre <raul@tambre.ee>
Unfortunately, w/o rewrite of gerrit_util, one can't take advantage
of existing auth.Authenticator (which also doesn't know about ~/.netrc
or .gitcookies, but that's fixable). This rewrite, however, will likely
cause issues for nasty scripts outside of depot_tools which use
gerrit_util as a Python library. So, I followed outdated way of
gerrit_util :(
Also contains refactoring of auth library, which was kept backwards
compatible for the same reasons as above.
R=vadimsh@chromium.org
Test-with: led tool
Test-artifact: https://ci.chromium.org/swarming/task/3cf4687dfd26ca10?server=chromium-swarm.appspot.com
Bug: 834536
Change-Id: I6b84b8b5732aee5d345e2b2ba44f47aaecc0f6c5
Reviewed-on: https://chromium-review.googlesource.com/1018488
Reviewed-by: Vadim Shtayura <vadimsh@chromium.org>
Commit-Queue: Andrii Shyshkalov <tandrii@chromium.org>
depot_tools' git wrapper for some reason overrides %HOME% to point to
depot_tools directory, and thus scripts running as git subprocesses (git_cl.py)
use not the same HOME as scripts that run outside of git process tree
(depot-tools-auth.py). Instead always use USERPROFILE in auth.py to consistently
pick same directory.
This issue happens only when HOME is not set globally. It can explain why it
wasn't seen earlier.
R=iannucci@chromium.org
BUG=356813
Review URL: https://codereview.chromium.org/1082833004
git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294911 0039d316-1c4b-4281-b951-d872f2087c98
There are some mysterious issues happening to some Windows users. Verbose log
can be helpful.
R=maruel@chromium.org
BUG=356813
Review URL: https://codereview.chromium.org/1051143004
git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294910 0039d316-1c4b-4281-b951-d872f2087c98
OAuth token cache file (as implemented by oauth2client library) stores refresh
token and can in theory be deployed via Puppet as the credential. But it is
mutated by the library (to store access tokens, rotated each hour), and so it is
not static and managing it via Puppet (or however else) is a big pain.
Instead, now depot_tools accepts --auth-refresh-token-json parameter with a path
to a static JSON file (with minimal body being {"refresh_token": "....."}). It
can be used to pass previously prepared refresh tokens of role accounts. It
will be used for blink DEPS roller account and similar @chromium.org accounts.
R=maruel@chromium.org
BUG=356813
Review URL: https://codereview.chromium.org/1060193005
git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294870 0039d316-1c4b-4281-b951-d872f2087c98
This code path is not actually used yet, so the typo wasn't caught earlier.
Also make sure access tokens have 'str' type, not 'unicode'.
R=nodir@chromium.org
BUG=356813
Review URL: https://codereview.chromium.org/1082133002
git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294789 0039d316-1c4b-4281-b951-d872f2087c98
This CL introduces new top level command for managing cached auth tokens:
$ depot-tools-auth login codereview.chromium.org
$ depot-tools-auth info codereview.chromium.org
$ depot-tools-auth logout codereview.chromium.org
All scripts that use rietveld.Rietveld internally should be able to use cached
credentials created by 'depot-tools-auth' subcommand. Also 'depot-tools-auth'
is the only way to run login flow. If some scripts stumbles over expired or
revoked token, it dies with the error, asking user to run
'depot-tools-auth login <hostname>'.
Password login is still default. OAuth2 can be enabled by passing --oauth2 to
all scripts.
R=maruel@chromium.org
BUG=356813
Review URL: https://codereview.chromium.org/1074673002
git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294764 0039d316-1c4b-4281-b951-d872f2087c98
It is done in preparation for switching to OAuth2 as default (and only)
authentication method. Having all auth options handled by the same code makes it
easier to gradually add OAuth2 support.
As part of this, some options that would no longer work with OAuth2 (and that
are not being used from anywhere now, as far as I can tell) are removed:
* Passing account password for authentication via command line.
* Overriding 'Host' header when making requests to Rietveld (won't work with
SSL anyway).
* --account_type option (seems to be ClientLogin specific).
R=maruel@chromium.org
BUG=356813
Review URL: https://codereview.chromium.org/1075723002
git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294746 0039d316-1c4b-4281-b951-d872f2087c98
Allen Li
Robert Iannucci
Takuto Ikuta
Gavin Mak
Yuanjun Huang
Mike Frysinger
Andrii Shyshkalov
Edward Lemur
Nodir Turakulov
Raul Tambre
Andrii Shyshkalov
Mun Yong Jang
seanmccullough@chromium.org
vadimsh@chromium.org