From fc2798fc31a08997c049f609c19dd4ab8d75964e Mon Sep 17 00:00:00 2001
From: "Kay-Uwe (Kiwi) Lorenz" <kiwi@moduleworks.com>
Date: Sun, 7 Mar 2021 15:13:52 +0100
Subject: fix: make secret helper more user friendly

---
 gitlab/config.py            | 25 ++++++++++++++++---------
 gitlab/tests/test_config.py | 36 +++++++++++++++++++++++++-----------
 2 files changed, 41 insertions(+), 20 deletions(-)

(limited to 'gitlab')

diff --git a/gitlab/config.py b/gitlab/config.py
index a6f25ac..67f5082 100644
--- a/gitlab/config.py
+++ b/gitlab/config.py
@@ -34,6 +34,11 @@ _DEFAULT_FILES: List[str] = _env_config() + [
     os.path.expanduser("~/.python-gitlab.cfg"),
 ]
 
+HELPER_PREFIX = "helper:"
+
+HELPER_ATTRIBUTES = [
+    "job_token", "http_password", "private_token", "oauth_token"
+]
 
 class ConfigError(Exception):
     pass
@@ -151,15 +156,7 @@ class GitlabConfigParser(object):
         except Exception:
             pass
 
-        for attr in ("job_token", "http_password", "private_token", "oauth_token"):
-            value = getattr(self, attr)
-            prefix = "lookup:"
-            if isinstance(value, str) and value.lower().strip().startswith(prefix):
-                helper = value[len(prefix) :].strip()
-                value = (
-                    subprocess.check_output(helper, shell=True).decode("utf-8").strip()
-                )
-                setattr(self, attr, value)
+        self._get_values_from_helper()
 
         self.api_version = "4"
         try:
@@ -203,3 +200,13 @@ class GitlabConfigParser(object):
             self.user_agent = self._config.get(self.gitlab_id, "user_agent")
         except Exception:
             pass
+
+    def _get_values_from_helper(self):
+        """Update attributes, which may get values from an external helper program
+        """
+        for attr in HELPER_ATTRIBUTES:
+            value = getattr(self, attr)
+            if isinstance(value, str) and value.lower().strip().startswith(HELPER_PREFIX):
+                helper = value[len(HELPER_PREFIX) :].strip()
+                value = subprocess.check_output([helper]).decode("utf-8").strip()
+                setattr(self, attr, value)
\ No newline at end of file
diff --git a/gitlab/tests/test_config.py b/gitlab/tests/test_config.py
index 644b0c1..60c8853 100644
--- a/gitlab/tests/test_config.py
+++ b/gitlab/tests/test_config.py
@@ -17,6 +17,7 @@
 
 import os
 import unittest
+from textwrap import dedent
 
 import mock
 import io
@@ -51,10 +52,6 @@ per_page = 50
 [four]
 url = https://four.url
 oauth_token = STUV
-
-[five]
-url = https://five.url
-oauth_token = lookup: echo "foobar"
 """
 
 custom_user_agent_config = """[global]
@@ -196,16 +193,33 @@ def test_valid_data(m_open, path_exists):
     assert 2 == cp.timeout
     assert True == cp.ssl_verify
 
-    fd = io.StringIO(valid_config)
+
+@mock.patch("os.path.exists")
+@mock.patch("builtins.open")
+def test_data_from_helper(m_open, path_exists, tmp_path):
+    helper = (tmp_path / "helper.sh")
+    helper.write_text(dedent("""\
+        #!/bin/sh
+        echo "secret"
+    """))
+    helper.chmod(0o755)
+
+    fd = io.StringIO(dedent("""\
+        [global]
+        default = helper
+
+        [helper]
+        url = https://helper.url
+        oauth_token = helper: %s
+    """) % helper)
+
     fd.close = mock.Mock(return_value=None)
     m_open.return_value = fd
-    cp = config.GitlabConfigParser(gitlab_id="five")
-    assert "five" == cp.gitlab_id
-    assert "https://five.url" == cp.url
+    cp = config.GitlabConfigParser(gitlab_id="helper")
+    assert "helper" == cp.gitlab_id
+    assert "https://helper.url" == cp.url
     assert None == cp.private_token
-    assert "foobar" == cp.oauth_token
-    assert 2 == cp.timeout
-    assert True == cp.ssl_verify
+    assert "secret" == cp.oauth_token
 
 
 @mock.patch("os.path.exists")
-- 
cgit v1.2.1