refactor: refactor Google Auth util

renovatebot · Jan 8, 2025 · 1d24f16 · 1d24f16
1 parent adede1d
commit 1d24f16
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 19 deletions.
diff --git a/lib/modules/datasource/util.ts b/lib/modules/datasource/util.ts
@@ -1,6 +1,7 @@
 import is from '@sindresorhus/is';
 import { GoogleAuth } from 'google-auth-library';
 import { logger } from '../../logger';
+import type { HostRule } from '../../types';
 import type { HttpResponse } from '../../util/http/types';
 import { addSecretForSanitizing } from '../../util/sanitize';
 
@@ -12,7 +13,7 @@ export function isArtifactoryServer<T = unknown>(
   return is.string(res?.headers[JFROG_ARTIFACTORY_RES_HEADER]);
 }
 
-export async function getGoogleAuthTokenRaw(): Promise<string | null> {
+export async function getGoogleAuthHostRule(): Promise<HostRule | null> {
   try {
     const googleAuth: GoogleAuth = new GoogleAuth({
       scopes: 'https://www.googleapis.com/auth/cloud-platform',
@@ -21,7 +22,10 @@ export async function getGoogleAuthTokenRaw(): Promise<string | null> {
     if (accessToken) {
       // sanitize token
       addSecretForSanitizing(accessToken);
-      return accessToken;
+      return {
+        username: 'oauth2accesstoken',
+        password: accessToken,
+      };
     } else {
       logger.warn(
         'Could not retrieve access token using google-auth-library getAccessToken',
@@ -38,9 +42,13 @@ export async function getGoogleAuthTokenRaw(): Promise<string | null> {
 }
 
 export async function getGoogleAuthToken(): Promise<string | null> {
-  const accessToken = await getGoogleAuthTokenRaw();
-  if (accessToken) {
-    return Buffer.from(`oauth2accesstoken:${accessToken}`).toString('base64');
+  const rule = await getGoogleAuthHostRule();
+  if (rule) {
+    const token = Buffer.from(`${rule.username}:${rule.password}`).toString(
+      'base64',
+    );
+    addSecretForSanitizing(token);
+    return token;
   }
   return null;
 }
diff --git a/lib/modules/manager/pep621/processors/uv.ts b/lib/modules/manager/pep621/processors/uv.ts
@@ -11,7 +11,7 @@ import { find } from '../../../../util/host-rules';
 import { Result } from '../../../../util/result';
 import { parseUrl } from '../../../../util/url';
 import { PypiDatasource } from '../../../datasource/pypi';
-import { getGoogleAuthTokenRaw } from '../../../datasource/util';
+import { getGoogleAuthHostRule } from '../../../datasource/util';
 import type {
   PackageDependency,
   UpdateArtifact,
@@ -265,12 +265,9 @@ async function getUsernamePassword(
   }
 
   if (url.hostname.endsWith('.pkg.dev')) {
-    const accessToken = await getGoogleAuthTokenRaw();
-    if (accessToken) {
-      return {
-        username: 'oauth2accesstoken',
-        password: accessToken,
-      };
+    const hostRule = await getGoogleAuthHostRule();
+    if (hostRule) {
+      return hostRule
     } else {
       logger.once.debug({ url }, 'Could not get Google access token');
     }

diff --git a/lib/modules/manager/poetry/artifacts.ts b/lib/modules/manager/poetry/artifacts.ts
@@ -19,7 +19,7 @@ import { Result } from '../../../util/result';
 import { parse as parseToml } from '../../../util/toml';
 import { parseUrl } from '../../../util/url';
 import { PypiDatasource } from '../../datasource/pypi';
-import { getGoogleAuthTokenRaw } from '../../datasource/util';
+import { getGoogleAuthHostRule } from '../../datasource/util';
 import type { UpdateArtifact, UpdateArtifactsResult } from '../types';
 import { Lockfile, PoetrySchemaToml } from './schema';
 import type { PoetryFile, PoetrySource } from './types';
@@ -131,12 +131,9 @@ async function getMatchingHostRule(url: string | undefined): Promise<HostRule> {
   }
 
   if (parsedUrl.hostname.endsWith('.pkg.dev')) {
-    const accessToken = await getGoogleAuthTokenRaw();
-    if (accessToken) {
-      return {
-        username: 'oauth2accesstoken',
-        password: accessToken,
-      };
+    const hostRule = await getGoogleAuthHostRule();
+    if (hostRule) {
+      return hostRule
     }
     logger.once.debug(`Could not get Google access token (url=${url})`);
   }