🔒️ Strip credentials form image VCS (ITISFoundation#6433)

Co-authored-by: Andrei Neagu <[email protected]>

Author: 2 people

packages/service-integration/requirements/_base.in

@@ -13,3 +13,4 @@ jsonschema # pytest-plugin
 pytest # pytest-plugin
 pyyaml
 typer[all]
+yarl

packages/service-integration/requirements/_base.txt

@@ -35,6 +35,7 @@ idna==3.7
     # via
     #   email-validator
     #   requests
+    #   yarl
 iniconfig==2.0.0
     # via pytest
 jinja2==3.1.4
@@ -57,6 +58,8 @@ markupsafe==2.1.5
     # via jinja2
 mdurl==0.1.2
     # via markdown-it-py
+multidict==6.1.0
+    # via yarl
 orjson==3.10.7
     # via
     #   -c requirements/../../../packages/models-library/requirements/../../../requirements/constraints.txt
@@ -121,3 +124,5 @@ urllib3==2.2.2
     #   -c requirements/../../../requirements/constraints.txt
     #   docker
     #   requests
+yarl==1.12.1
+    # via -r requirements/_base.in

packages/service-integration/src/service_integration/cli/_compose_spec.py

@@ -8,6 +8,7 @@
 import yaml
 from models_library.utils.labels_annotations import to_labels
 from rich.console import Console
+from yarl import URL
 
 from ..compose_spec_model import ComposeSpecification
 from ..errors import UndefinedOciImageSpecError
@@ -34,6 +35,13 @@ def _run_git(*args) -> str:
     ).stdout.strip()
 
 
+def _strip_credentials(url: str) -> str:
+    if (yarl_url := URL(url)) and yarl_url.is_absolute():
+        stripped_url = URL(url).with_user(None).with_password(None)
+        return f"{stripped_url}"
+    return url
+
+
 def _run_git_or_empty_string(*args) -> str:
     try:
         return _run_git(*args)
@@ -118,8 +126,8 @@ def create_docker_compose_image_spec(
     extra_labels[f"{LS_LABEL_PREFIX}.vcs-ref"] = _run_git_or_empty_string(
         "rev-parse", "HEAD"
     )
-    extra_labels[f"{LS_LABEL_PREFIX}.vcs-url"] = _run_git_or_empty_string(
-        "config", "--get", "remote.origin.url"
+    extra_labels[f"{LS_LABEL_PREFIX}.vcs-url"] = _strip_credentials(
+        _run_git_or_empty_string("config", "--get", "remote.origin.url")
     )
 
     return create_image_spec(

packages/service-integration/tests/test_cli__compose_spec.py

@@ -0,0 +1,28 @@
+import pytest
+from service_integration.cli._compose_spec import _strip_credentials
+
+
+@pytest.mark.parametrize(
+    "url, expected_url",
+    [
+        (
+            "schema.veshttps://user:[email protected]/some/repo.git",
+            "schema.veshttps://example.com/some/repo.git",
+        ),
+        (
+            "https://user:[email protected]/some/repo.git",
+            "https://example.com/some/repo.git",
+        ),
+        (
+            "ssh://user:[email protected]/some/repo.git",
+            "ssh://example.com/some/repo.git",
+        ),
+        (
+            "[email protected]:some/repo.git",
+            "[email protected]:some/repo.git",
+        ),
+        ("any_str", "any_str"),
+    ],
+)
+def test__strip_credentials(url: str, expected_url: str):
+    assert _strip_credentials(url) == expected_url