generate credentials metadata (#1502)

Author: jakecoffman

__tests__/main.test.ts

@@ -145,6 +145,7 @@ describe('run', () => {
       jest.spyOn(ApiClient.prototype, 'getJobDetails').mockResolvedValue({
         'package-manager': 'npm_and_yarn',
         'allowed-updates': [],
+        'credentials-metadata': [],
         id: '1',
         experiments: {}
       })

__tests__/updater-builder-integration.test.ts

@@ -24,6 +24,7 @@ integration('UpdaterBuilder', () => {
 
   const details: JobDetails = {
     'allowed-updates': [],
+    'credentials-metadata': [],
     id: '1',
     'package-manager': 'npm_and_yarn',
     experiments: {}

__tests__/updater.test.ts

@@ -142,4 +142,114 @@ describe('Updater', () => {
       )
     })
   })
+
+  describe('when given credentials', () => {
+    const jobDetails = {...mockJobDetails}
+
+    new Updater(
+      'MOCK_UPDATER_IMAGE_NAME',
+      'MOCK_PROXY_IMAGE_NAME',
+      mockApiClient,
+      jobDetails,
+      [
+        {
+          type: 'git_source',
+          host: 'github.com',
+          username: 'user',
+          password: 'pass'
+        },
+        {
+          type: 'npm_registry',
+          host: 'registry.npmjs.org',
+          username: 'npm_user',
+          token: 'npm_token',
+          'replaces-base': true
+        }
+      ],
+      workingDirectory
+    )
+
+    it('generates credentials metadata on the job definition', () => {
+      expect(jobDetails['credentials-metadata']).toEqual([
+        {
+          type: 'git_source',
+          host: 'github.com'
+        },
+        {
+          type: 'npm_registry',
+          host: 'registry.npmjs.org',
+          'replaces-base': true
+        }
+      ])
+    })
+  })
+
+  describe('when given duplicate credentials', () => {
+    const jobDetails = {...mockJobDetails}
+
+    new Updater(
+      'MOCK_UPDATER_IMAGE_NAME',
+      'MOCK_PROXY_IMAGE_NAME',
+      mockApiClient,
+      jobDetails,
+      [
+        {
+          type: 'git_source',
+          host: 'github.com',
+          username: 'user',
+          password: 'pass'
+        },
+        {
+          type: 'git_source',
+          host: 'github.com',
+          username: 'user',
+          password: 'pass'
+        }
+      ],
+      workingDirectory
+    )
+
+    it('removes duplicates from the metadata', () => {
+      expect(jobDetails['credentials-metadata']).toEqual([
+        {
+          type: 'git_source',
+          host: 'github.com'
+        }
+      ])
+    })
+  })
+
+  describe('when given a jit_access type credential', () => {
+    const jobDetails = {...mockJobDetails}
+
+    new Updater(
+      'MOCK_UPDATER_IMAGE_NAME',
+      'MOCK_PROXY_IMAGE_NAME',
+      mockApiClient,
+      jobDetails,
+      [
+        {
+          type: 'git_source',
+          host: 'github.com',
+          username: 'user',
+          password: 'pass'
+        },
+        {
+          type: 'jit_access',
+          host: 'github.com',
+          token: 'hello'
+        }
+      ],
+      workingDirectory
+    )
+
+    it('removes it from the metadata', () => {
+      expect(jobDetails['credentials-metadata']).toEqual([
+        {
+          type: 'git_source',
+          host: 'github.com'
+        }
+      ])
+    })
+  })
 })

dist/main/index.js

@@ -10,6 +10,9 @@ export type JobDetails = {
   }>
   id: string
   'package-manager': string
+  // Reuse Credential here since it shares many of the same fields,
+  // but the job details contains no secrets
+  'credentials-metadata': Credential[]
   experiments: object
 }
 
@@ -22,10 +25,18 @@ export type JobError = {
 
 export type Credential = {
   type: string
-  host: string
+  host?: string
+  url?: string
   username?: string
   password?: string
   token?: string
+  repo?: string
+  registry?: string
+  organization?: string
+  'index-url'?: string
+  'env-key'?: string
+  'replaces-base'?: boolean
+  'public-key-fingerprint'?: string
 }
 
 export type Metric = {

dist/main/index.js.map

@@ -23,6 +23,7 @@ export class Updater {
     this.docker = new Docker()
     this.outputHostPath = path.join(workingDirectory, 'output')
     this.repoHostPath = path.join(workingDirectory, 'repo')
+    this.details['credentials-metadata'] = this.generateCredentialsMetadata()
   }
 
   /**
@@ -57,6 +58,51 @@ export class Updater {
     }
   }
 
+  private generateCredentialsMetadata(): Credential[] {
+    const unique: Set<string> = new Set()
+    const result: Credential[] = []
+    for (const credential of this.credentials) {
+      if (credential.type === 'jit_access') {
+        continue
+      }
+
+      const obj: any = {type: credential.type}
+      if (credential.host !== undefined) {
+        obj.host = credential.host
+      }
+      if (credential.registry !== undefined) {
+        obj.registry = credential.registry
+      }
+      if (credential['index-url'] !== undefined) {
+        obj['index-url'] = credential['index-url']
+      }
+      if (credential['env-key'] !== undefined) {
+        obj['env-key'] = credential['env-key']
+      }
+      if (credential.url !== undefined) {
+        obj.url = credential.url
+      }
+      if (credential.organization !== undefined) {
+        obj.organization = credential.organization
+      }
+      if (credential['replaces-base'] !== undefined) {
+        obj['replaces-base'] = credential['replaces-base']
+      }
+      if (credential['public-key-fingerprint'] !== undefined) {
+        obj['public-key-fingerprint'] = credential['public-key-fingerprint']
+      }
+      if (credential.repo !== undefined) {
+        obj.repo = credential.repo
+      }
+      const key = JSON.stringify(obj)
+      if (!unique.has(key)) {
+        unique.add(key)
+        result.push(obj as Credential)
+      }
+    }
+    return result
+  }
+
   private async runUpdate(proxy: Proxy): Promise<void> {
     const name = `dependabot-job-${this.apiClient.params.jobId}`
     const container = await this.createContainer(proxy, name, {