Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

NuGet - add allowInsecureConnections attribute to config #810

Merged
merged 7 commits into from
Jan 1, 2025
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@
import java.util.stream.Stream;

import static org.jfrog.build.api.util.FileChecksumCalculator.*;
import static org.jfrog.build.extractor.clientConfiguration.ArtifactoryClientConfiguration.DEFAULT_NUGET_ALLOW_INSECURE_CONNECTIONS;
import static org.jfrog.build.extractor.clientConfiguration.ArtifactoryClientConfiguration.DEFAULT_NUGET_PROTOCOL;
import static org.jfrog.build.extractor.packageManager.PackageManagerUtils.createArtifactoryClientConfiguration;

Expand All @@ -47,7 +48,7 @@ public class NugetRun extends PackageManagerExtractor {
private static final String CONFIG_FILE_FORMAT = "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n" +
"<configuration>\n" +
"\t<packageSources>\n" +
"\t\t<add key=\"JFrogJenkins\" value=\"%s\" protocolVersion=\"%s\" />\n" +
"\t\t<add key=\"JFrogJenkins\" value=\"%s\" protocolVersion=\"%s\" allowInsecureConnections=\"%s\"/>\n" +
"\t</packageSources>\n" +
"\t<packageSourceCredentials>\n" +
"\t\t<JFrogJenkins>\n" +
Expand Down Expand Up @@ -75,6 +76,7 @@ public class NugetRun extends PackageManagerExtractor {
private String apiProtocol;
private String module;
private String nugetCmdArgs;
private boolean allowInsecureConnections;
private List<String> dependenciesSources;
private List<Module> modulesList = new ArrayList<>();

Expand All @@ -91,10 +93,11 @@ public class NugetRun extends PackageManagerExtractor {
* @param module - NuGet module
* @param username - JFrog platform username.
* @param password - JFrog platform password.
* @param allowInsecureConnections - Allow insecure package sources connection, should be used only for developing.
* @param apiProtocol - A string indicates which NuGet protocol should be used (V2/V3).
*/

public NugetRun(ArtifactoryManagerBuilder artifactoryManagerBuilder, String resolutionRepo, boolean useDotnetCli, String nugetCmdArgs, Log logger, Path path, Map<String, String> env, String module, String username, String password, String apiProtocol) {
public NugetRun(ArtifactoryManagerBuilder artifactoryManagerBuilder, String resolutionRepo, boolean useDotnetCli, String nugetCmdArgs, Log logger, Path path, Map<String, String> env, String module, String username, String password, String apiProtocol, Boolean allowInsecureConnections) {
this.artifactoryManagerBuilder = artifactoryManagerBuilder;
this.toolchainDriver = useDotnetCli ? new DotnetDriver(env, path, logger) : new NugetDriver(env, path, logger);
this.workingDir = Files.isDirectory(path) ? path : path.toAbsolutePath().getParent();
Expand All @@ -106,6 +109,7 @@ public NugetRun(ArtifactoryManagerBuilder artifactoryManagerBuilder, String reso
this.password = password;
this.apiProtocol = StringUtils.isBlank(apiProtocol) ? DEFAULT_NUGET_PROTOCOL : apiProtocol;
this.module = module;
this.allowInsecureConnections = allowInsecureConnections == null ? DEFAULT_NUGET_ALLOW_INSECURE_CONNECTIONS : allowInsecureConnections;
}

private static String removeQuotes(String str) {
Expand Down Expand Up @@ -160,7 +164,8 @@ public static void main(String[] ignored) {
handler.getModule(),
clientConfiguration.resolver.getUsername(),
clientConfiguration.resolver.getPassword(),
clientConfiguration.dotnetHandler.apiProtocol());
clientConfiguration.dotnetHandler.apiProtocol(),
clientConfiguration.getNuGetAllowInsecureConnections());
nugetRun.executeAndSaveBuildInfo(clientConfiguration);
} catch (RuntimeException e) {
ExceptionUtils.printRootCauseStackTrace(e, System.out);
Expand Down Expand Up @@ -208,7 +213,7 @@ private File prepareConfig(ArtifactoryManager artifactoryManager) throws Excepti
if (!nugetCmdArgs.contains(toolchainDriver.getFlagSyntax(ToolchainDriverBase.CONFIG_FILE_FLAG)) && !nugetCmdArgs.contains(toolchainDriver.getFlagSyntax(ToolchainDriverBase.SOURCE_FLAG))) {
configFile = File.createTempFile(NUGET_CONFIG_FILE_PREFIX, null);
configFile.deleteOnExit();
addSourceToConfigFile(configFile.getAbsolutePath(), artifactoryManager, resolutionRepo, username, password, apiProtocol);
addSourceToConfigFile(configFile.getAbsolutePath(), artifactoryManager, resolutionRepo, username, password, apiProtocol, allowInsecureConnections);
}
return configFile;
}
Expand All @@ -217,10 +222,10 @@ private File prepareConfig(ArtifactoryManager artifactoryManager) throws Excepti
* We will write a temporary NuGet configuration using a string formater in order to support NuGet v3 protocol.
* Currently the NuGet configuration utility doesn't allow setting protocolVersion.
*/
private void addSourceToConfigFile(String configPath, ArtifactoryManager client, String repo, String username, String password, String apiProtocol) throws Exception {
private void addSourceToConfigFile(String configPath, ArtifactoryManager client, String repo, String username, String password, String apiProtocol, boolean allowInsecureConnections) throws Exception {
String sourceUrl = toolchainDriver.buildNugetSourceUrl(client, repo, apiProtocol);
String protocolVersion = apiProtocol.substring(apiProtocol.length() - 1);
String configFileText = String.format(CONFIG_FILE_FORMAT, sourceUrl, protocolVersion, username, password);
String configFileText = String.format(CONFIG_FILE_FORMAT, sourceUrl, protocolVersion, Boolean.toString(allowInsecureConnections), username, password);
try (PrintWriter out = new PrintWriter(configPath)) {
out.println(configFileText);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ public class NugetExtractorTest extends IntegrationTestsBase {

private static final String NUGET_REMOTE_REPO = "build-info-tests-nuget-remote";
private static final String CUSTOM_MODULE = "custom-module-name";
private static final boolean ALLOW_INSECURE_CONNECTIONS_TEST = true;

private static final Path PROJECTS_ROOT = Paths.get(".").toAbsolutePath().normalize().resolve(Paths.get("src", "test", "resources", "org", "jfrog", "build", "extractor"));

Expand Down Expand Up @@ -95,7 +96,7 @@ public void nugetRunTest(Project project, String args, String moduleName, String
try {
// Run nuget restore install
projectDir = createProjectDir(project);
NugetRun nugetRun = new NugetRun(artifactoryManagerBuilder, remoteRepo, false, args, log, projectDir, env, moduleName, getUsername(), getAdminToken(), "v2");
NugetRun nugetRun = new NugetRun(artifactoryManagerBuilder, remoteRepo, false, args, log, projectDir, env, moduleName, getUsername(), getAdminToken(), "v2",ALLOW_INSECURE_CONNECTIONS_TEST);
executeAndAssertBuildInfo(nugetRun, expectedModules, expectedDependencies);
} catch (Exception e) {
fail(ExceptionUtils.getStackTrace(e));
Expand All @@ -117,7 +118,7 @@ public void dotnetCliRunTest(Project project, String args, String moduleName, St
try {
// Run nuget restore install
projectDir = createProjectDir(project);
NugetRun nugetRun = new NugetRun(artifactoryManagerBuilder, remoteRepo, true, args, log, projectDir, env, moduleName, getUsername(), getAdminToken(), "v2");
NugetRun nugetRun = new NugetRun(artifactoryManagerBuilder, remoteRepo, true, args, log, projectDir, env, moduleName, getUsername(), getAdminToken(), "v2",ALLOW_INSECURE_CONNECTIONS_TEST);
executeAndAssertBuildInfo(nugetRun, expectedModules, expectedDependencies);
} catch (Exception e) {
fail(ExceptionUtils.getStackTrace(e));
Expand Down Expand Up @@ -167,7 +168,7 @@ private Object[][] projectRootProvider() {
private void getProjectRootTest(String args, String expectedProjectRootFileName) {
try {
File rootDir = PROJECTS_ROOT.resolve("projectRootTestDir").toFile();
NugetRun nugetRun = new NugetRun(artifactoryManagerBuilder, remoteRepo, false, args, log, rootDir.toPath(), env, null, getUsername(), getAdminToken(), "v2");
NugetRun nugetRun = new NugetRun(artifactoryManagerBuilder, remoteRepo, false, args, log, rootDir.toPath(), env, null, getUsername(), getAdminToken(), "v2",ALLOW_INSECURE_CONNECTIONS_TEST);
File projectRoot = nugetRun.getProjectRootPath();
assertTrue(projectRoot.getPath().endsWith(expectedProjectRootFileName));
} catch (Exception e) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ public class ArtifactoryClientConfiguration {
// Try checksum deploy of files greater than 10KB
public static final transient int DEFAULT_MIN_CHECKSUM_DEPLOY_SIZE_KB = 10;
public static final String DEFAULT_NUGET_PROTOCOL = "v2";
public static final boolean DEFAULT_NUGET_ALLOW_INSECURE_CONNECTIONS = false;

public final ResolverHandler resolver;
public final PublisherHandler publisher;
Expand All @@ -54,6 +55,8 @@ public class ArtifactoryClientConfiguration {
public final DockerHandler dockerHandler;
public final GoHandler goHandler;
public final PrefixPropertyHandler root;


/**
* To configure the props builder itself, so all method of this classes delegated from here
*/
Expand Down Expand Up @@ -208,6 +211,10 @@ public boolean getInsecureTls() {
return root.getBooleanValue(PROP_INSECURE_TLS, false);
}

public boolean getNuGetAllowInsecureConnections() {
return root.getBooleanValue(PROP_NUGET_ALLOW_INSECURE_CONNECTIONS, false);
}

public void setInsecureTls(boolean enabled) {
root.setBooleanValue(PROP_INSECURE_TLS, enabled);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -70,4 +70,10 @@ public interface ClientProperties {
* Property for whether to use relaxed ssl check and ignore issues with server certificate
*/
String PROP_INSECURE_TLS = "insecureTls";

/**
* Property to allow NuGet package sources to use insecure connections (HTTP).
* This setting is enforced by the NuGet client and is not recommended for production use.
*/
String PROP_NUGET_ALLOW_INSECURE_CONNECTIONS = "nuget.AllowInsecureConnections";
}
Loading