SshScheme: Provide an option to omit usernames in SSH URLs Including the username in the download URL can prevent IT admins from configuring hosts to redirect read-only traffic to regional replicas when the admins rely on the git url.insteadOf configuration. This is because git doesn't support anything except simple replacement of matching strings, so there's no way to account for variable usernames in a host-wide /etc/gitconfig file. The default stays as always including the username in the SSH download commands. Release-Notes: Added an option to omit SSH usernames from download commands Change-Id: I49f3b85adc3dae2d440366c919fb656ca95b812f

commit: 978e803c87416eb9e96236446b15b167017c0385 [log] [tgz]
author: Kaushik Lingarkar <kaushik.lingarkar@linaro.org> Tue Aug 22 11:05:41 2023 -0700
committer: Ajay Gupta <ajay.gupta@linaro.org> Wed Feb 14 13:20:12 2024 +0530
tree: a3d6c6ba2eeec1a51ecfbd9b8e1bb2fdaeced1bf
parent: 2ccaaa5896d6065dc39c0407eb2c1c214d8803f9 [diff]
diff --git a/src/main/java/com/googlesource/gerrit/plugins/download/scheme/SshScheme.java b/src/main/java/com/googlesource/gerrit/plugins/download/scheme/SshScheme.java
index 6e23ef9..cb41f9b 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/download/scheme/SshScheme.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/download/scheme/SshScheme.java

@@ -44,6 +44,7 @@
   private final Provider<CurrentUser> userProvider;
   private final boolean schemeAllowed;
   private final boolean schemeHidden;
+  private final boolean includeUserName;
 
   @Inject
   @VisibleForTesting
@@ -101,6 +102,7 @@
     this.userProvider = userProvider;
     this.schemeAllowed = downloadConfig.getDownloadSchemes().contains(SSH);
     this.schemeHidden = downloadConfig.getHiddenSchemes().contains(SSH);
+    this.includeUserName = config.getBoolean("sshIncludeUserName", true);
   }
 
   @Nullable
@@ -127,12 +129,16 @@
 
     StringBuilder r = new StringBuilder();
     r.append("ssh://");
-    try {
-      r.append(URLEncoder.encode(username.get(), StandardCharsets.UTF_8.name()));
-    } catch (UnsupportedEncodingException e) {
-      throw new IllegalStateException("No UTF-8 support", e);
+
+    if (includeUserName) {
+      try {
+        r.append(URLEncoder.encode(username.get(), StandardCharsets.UTF_8.name()));
+      } catch (UnsupportedEncodingException e) {
+        throw new IllegalStateException("No UTF-8 support", e);
+      }
+      r.append("@");
     }
-    r.append("@");
+
     r.append(ensureSlash(address));
     r.append(project);
     return r.toString();

diff --git a/src/main/resources/Documentation/config.md b/src/main/resources/Documentation/config.md
index 3386747..5580f87 100644
--- a/src/main/resources/Documentation/config.md
+++ b/src/main/resources/Documentation/config.md

@@ -144,6 +144,7 @@
 ```
 [plugin "@PLUGIN@"]
 	sshdAdvertisedPrimaryAddress = host:port
+	sshIncludeUserName = true
 ```
 
 <a id="plugin.@PLUGIN@.sshdAdvertisedPrimaryAddress">plugin.@PLUGIN@.sshdAdvertisedPrimaryAddress</a>
@@ -164,3 +165,7 @@
 * `['IPv6']:'port'` (for example `[ff02::1]:29418`)
 
 By default unset.
+
+<a id="plugin.@PLUGIN@.sshIncludeUserName">plugin.@PLUGIN@.sshIncludeUserName</a>
+Whether the SSH scheme's download commands should include the current user's username
+or not. By default `true`.

diff --git a/src/test/java/com/googlesource/gerrit/plugins/download/DownloadCommandTest.java b/src/test/java/com/googlesource/gerrit/plugins/download/DownloadCommandTest.java
index c39bf25..cc10b95 100644
--- a/src/test/java/com/googlesource/gerrit/plugins/download/DownloadCommandTest.java
+++ b/src/test/java/com/googlesource/gerrit/plugins/download/DownloadCommandTest.java

@@ -81,6 +81,7 @@
     }
   }
 
+  protected static final String PLUGIN_NAME = "download-commands";
   protected static TestEnvironment ENV = new TestEnvironment();
 
   protected HttpScheme httpScheme;
@@ -94,11 +95,9 @@
 
   @Before
   public void setUp() {
-    final String pluginName = "download-commands";
-
     PluginConfigFactory configFactory = Mockito.mock(PluginConfigFactory.class);
-    Mockito.when(configFactory.getFromGerritConfig(pluginName))
-        .thenReturn(PluginConfig.createFromGerritConfig(pluginName, new Config()));
+    Mockito.when(configFactory.getFromGerritConfig(PLUGIN_NAME))
+        .thenReturn(PluginConfig.createFromGerritConfig(PLUGIN_NAME, new Config()));
 
     urlProvider = Providers.of(ENV.canonicalUrl());
 
@@ -111,7 +110,7 @@
     sshScheme =
         new SshScheme(
             ImmutableList.of(String.format("%s:%d", ENV.fqdn, ENV.sshPort)),
-            pluginName,
+            PLUGIN_NAME,
             configFactory,
             urlProvider,
             userProvider,

diff --git a/src/test/java/com/googlesource/gerrit/plugins/download/scheme/SchemeTest.java b/src/test/java/com/googlesource/gerrit/plugins/download/scheme/SchemeTest.java
index eaae634..74e57b5 100644
--- a/src/test/java/com/googlesource/gerrit/plugins/download/scheme/SchemeTest.java
+++ b/src/test/java/com/googlesource/gerrit/plugins/download/scheme/SchemeTest.java

@@ -15,11 +15,24 @@
 package com.googlesource.gerrit.plugins.download.scheme;
 
 import static com.google.common.truth.Truth.assertThat;
+import static org.mockito.Mockito.when;
 
+import com.google.common.collect.ImmutableList;
+import com.google.gerrit.server.config.DownloadConfig;
+import com.google.gerrit.server.config.PluginConfig;
+import com.google.gerrit.server.config.PluginConfigFactory;
 import com.googlesource.gerrit.plugins.download.DownloadCommandTest;
+import org.eclipse.jgit.lib.Config;
 import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnitRunner;
 
+@RunWith(MockitoJUnitRunner.class)
 public class SchemeTest extends DownloadCommandTest {
+  @Mock
+  private PluginConfigFactory pluginConfigFactoryMock;
+
   @Test
   public void ensureHttpSchemeEncodedInUrl() throws Exception {
     assertThat(httpScheme.getUrl(ENV.projectName))
@@ -29,11 +42,33 @@
   }
 
   @Test
-  public void ensureSshSchemeEncodedInUrl() throws Exception {
+  public void ensureSshSchemeEncodedInUrlWithUserName() throws Exception {
     assertThat(sshScheme.getUrl(ENV.projectName))
         .isEqualTo(
             String.format(
                 "ssh://%s@%s:%d/%s",
                 ENV.urlEncodedUserName(), ENV.fqdn, ENV.sshPort, ENV.projectName));
   }
+
+  @Test
+  public void ensureSshSchemeNameEncodedInUrlWithoutUserName() {
+    assertThat(getSshSchemeUrlWithoutUserName())
+        .isEqualTo(String.format("ssh://%s:%d/%s", ENV.fqdn, ENV.sshPort, ENV.projectName));
+  }
+
+  private String getSshSchemeUrlWithoutUserName() {
+    PluginConfig.Update pluginConfig = PluginConfig.Update.forTest(PLUGIN_NAME, new Config());
+    pluginConfig.setBoolean("sshIncludeUserName", false);
+    when(pluginConfigFactoryMock.getFromGerritConfig(PLUGIN_NAME))
+        .thenReturn(pluginConfig.asPluginConfig());
+    SshScheme scheme =
+        new SshScheme(
+            ImmutableList.of(String.format("%s:%d", ENV.fqdn, ENV.sshPort)),
+            PLUGIN_NAME,
+            pluginConfigFactoryMock,
+            urlProvider,
+            userProvider,
+            new DownloadConfig(new Config()));
+    return scheme.getUrl(ENV.projectName);
+  }
 }
commit	978e803c87416eb9e96236446b15b167017c0385	[log] [tgz]
author	Kaushik Lingarkar <kaushik.lingarkar@linaro.org>	Tue Aug 22 11:05:41 2023 -0700
committer	Ajay Gupta <ajay.gupta@linaro.org>	Wed Feb 14 13:20:12 2024 +0530
tree	a3d6c6ba2eeec1a51ecfbd9b8e1bb2fdaeced1bf
parent	2ccaaa5896d6065dc39c0407eb2c1c214d8803f9 [diff]