feat: Support for basic auth in git remotes

Author: tomasfarias

airflow_dbt_python/hooks/git.py

@@ -187,17 +187,23 @@ def get_git_client_path(self, url: URL) -> Tuple[GitClients, str]:
             path = f"{url.netloc.split(':')[1]}/{str(url.path)}"
 
         elif url.scheme in ("http", "https"):
-            parsedurl = url._parsed
-            netloc = parsedurl.hostname
+            base_url = url.hostname
 
-            if parsedurl.port:
-                netloc = "{}:{}".format(netloc, parsedurl.port)
-            if parsedurl.username:
-                netloc = "{}@{}".format(parsedurl.username, netloc)
+            if url.port:
+                base_url = f"{base_url}:{url.port}"
 
-            url._replace(netloc=netloc)
+            auth_params = {}
+            if url.authentication.username and url.authentication.password:
+                auth_params = {
+                    "username": url.authentication.username,
+                    "password": url.authentication.password,
+                }
+                base_url = f"{url.scheme}://{base_url}"
+            elif url.authentication.username:
+                base_url = f"{url.scheme}://{url.authentication.username}@{base_url}"
+
+            client = HttpGitClient(base_url, **auth_params)
 
-            client = HttpGitClient(url.netloc)
             path = str(url.path)
 
         else:

airflow_dbt_python/hooks/remote.py

@@ -62,11 +62,11 @@ def download_dbt_project(self, source: URLLike, destination: URLLike) -> Path:
         Returns:
             The destination Path.
         """
-        self.log.info("Downloading dbt project from %s to %s", source, destination)
-
         source_url = URL(source)
         destination_url = URL(destination)
 
+        self.log.info("Downloading dbt project from %s to %s", source, destination)
+
         if source_url.is_archive():
             destination_url = destination_url / source_url.name
 
@@ -91,11 +91,11 @@ def download_dbt_profiles(self, source: URLLike, destination: URLLike) -> Path:
         Returns:
             The destination Path.
         """
-        self.log.info("Downloading dbt profiles from %s to %s", source, destination)
-
         source_url = URL(source)
         destination_url = URL(destination)
 
+        self.log.info("Downloading dbt profiles from %s to %s", source, destination)
+
         if source_url.name != "profiles.yml":
             source_url = source_url / "profiles.yml"
 
@@ -122,11 +122,11 @@ def upload_dbt_project(
             delete_before: Flag to indicate wheter to clear any existing files before
                 uploading the dbt project.
         """
-        self.log.info("Uploading dbt project from %s to %s", source, destination)
-
         source_url = URL(source)
         destination_url = URL(destination)
 
+        self.log.info("Uploading dbt project from %s to %s", source, destination)
+
         if destination_url.is_archive() and source_url.is_dir():
             zip_url = source_url / destination_url.name
             source_url.archive(zip_url)

tests/hooks/test_git_hook.py

@@ -1,6 +1,8 @@
 """Unit test module for DbtGitRemoteHook."""
 import multiprocessing
+import os
 import shutil
+from urllib.parse import quote
 
 import pytest
 from dulwich.repo import Repo
@@ -9,27 +11,176 @@
 from airflow_dbt_python.hooks.git import DbtGitRemoteHook
 from airflow_dbt_python.utils.url import URL
 
-JAFFLE_SHOP_REPO = "dbt-labs/jaffle_shop"
-PLATFORM = "github.com"
+JAFFLE_SHOP = os.getenv("GIT_TEST_REPO", "tomasfarias/jaffle_shop")
+JAFFLE_SHOP_PRIVATE = os.getenv(
+    "GIT_PRIVATE_TEST_REPO", "tomasfarias/jaffle_shop_private"
+)
+GITHUB = "github.com"
+GITLAB = "gitlab.com"
+
+
+@pytest.mark.parametrize(
+    "repo_url",
+    (
+        f"https://{GITHUB}/{JAFFLE_SHOP}",
+        f"http://{GITHUB}/{JAFFLE_SHOP}",
+    ),
+)
+def test_download_dbt_project_from_http_public_github_repo(
+    tmp_path, repo_url, assert_dir_contents
+):
+    """Test downloading dbt project from GitHub public fork of dbt-lab's jaffle-shop.
+
+    In this test we use an HTTP/HTTPS connection to access GitHub. No credentials are
+    required as the test repo is public.
+    """
+    remote = DbtGitRemoteHook()
+    source = URL(repo_url)
+    local_repo_path = remote.download_dbt_project(source, tmp_path)
+
+    expected = [
+        URL(local_repo_path / "dbt_project.yml"),
+        URL(local_repo_path / "models" / "customers.sql"),
+        URL(local_repo_path / "models" / "orders.sql"),
+        URL(local_repo_path / "seeds" / "raw_customers.csv"),
+        URL(local_repo_path / "seeds" / "raw_orders.csv"),
+    ]
+
+    assert local_repo_path.exists()
+
+    assert_dir_contents(local_repo_path, expected, exact=False)
 
 
 @pytest.mark.xfail(
     strict=False,
-    reason=(
-        "Attempting to clone from GitHub may fail for missing keys, or other reasons."
+    reason="Attempting to clone from GitHub may fail for missing keys.",
+)
+@pytest.mark.parametrize(
+    "repo_url",
+    (
+        f"ssh://{GITHUB}:{JAFFLE_SHOP}",
+        f"git+ssh://{GITHUB}:{JAFFLE_SHOP}",
     ),
 )
+def test_download_dbt_project_from_ssh_public_github_repo(
+    tmp_path, repo_url, assert_dir_contents
+):
+    """Test downloading dbt project from GitHub public fork of dbt-lab's jaffle-shop.
+
+    In this test we use an SSH connection to access GitHub. Currently, this requires an
+    SSH key to be setup in the host, so the tests are flaky by design. Future tests will
+    rely on Airflow connections and test SSH keys instead.
+    """
+    remote = DbtGitRemoteHook()
+    source = URL(repo_url)
+    local_repo_path = remote.download_dbt_project(source, tmp_path)
+
+    expected = [
+        URL(local_repo_path / "dbt_project.yml"),
+        URL(local_repo_path / "models" / "customers.sql"),
+        URL(local_repo_path / "models" / "orders.sql"),
+        URL(local_repo_path / "seeds" / "raw_customers.csv"),
+        URL(local_repo_path / "seeds" / "raw_orders.csv"),
+    ]
+
+    assert local_repo_path.exists()
+
+    assert_dir_contents(local_repo_path, expected, exact=False)
+
+
+@pytest.mark.parametrize(
+    "repo_url",
+    (
+        f"https://{GITLAB}/{JAFFLE_SHOP}",
+        f"http://{GITLAB}/{JAFFLE_SHOP}",
+    ),
+)
+def test_download_dbt_project_from_http_public_gitlab_repo(
+    tmp_path, repo_url, assert_dir_contents
+):
+    """Test downloading dbt project from GitLab public fork of dbt-lab's jaffle-shop.
+
+    In this test we use an HTTP/HTTPS connection to access GitLab. No credentials are
+    required as the test repo is public.
+    """
+    remote = DbtGitRemoteHook()
+    source = URL(repo_url)
+    local_repo_path = remote.download_dbt_project(source, tmp_path)
+
+    expected = [
+        URL(local_repo_path / "dbt_project.yml"),
+        URL(local_repo_path / "models" / "customers.sql"),
+        URL(local_repo_path / "models" / "orders.sql"),
+        URL(local_repo_path / "seeds" / "raw_customers.csv"),
+        URL(local_repo_path / "seeds" / "raw_orders.csv"),
+    ]
+
+    assert local_repo_path.exists()
+
+    assert_dir_contents(local_repo_path, expected, exact=False)
+
+
+@pytest.mark.skipif(
+    "GITHUB_READ_TOKEN" not in os.environ,
+    reason="Missing Github read token in environment.",
+)
+@pytest.mark.parametrize(
+    "repo_url",
+    (f"https://{{username}}:{{token}}@{GITHUB}/{JAFFLE_SHOP_PRIVATE}",),
+)
+def test_download_dbt_project_from_https_private_github_repo_using_token(
+    tmp_path, repo_url, assert_dir_contents
+):
+    """Test downloading dbt project from Github private fork of dbt-lab's jaffle-shop.
+
+    In this test we use an HTTPS connection to access Github. As the repo is
+    private, we need to authenticate. In this test, we are authenticating with a Github
+    Personal Access Token. Said token will be fetched from the GITHUB_READ_TOKEN env
+    variable. If missing, this test is skipped.
+
+    The user the token represents should have access to the test Github repo. We
+    have no way to check this though. Modify the JAFFLE_SHOP_PRIVATE variable with your
+    own private fork.
+    """
+    username, token = os.environ["GITHUB_USERNAME"], os.environ["GITHUB_READ_TOKEN"]
+
+    remote = DbtGitRemoteHook()
+    source = URL(repo_url.format(username=username, token=token))
+    local_repo_path = remote.download_dbt_project(source, tmp_path)
+
+    expected = [
+        URL(local_repo_path / "dbt_project.yml"),
+        URL(local_repo_path / "models" / "customers.sql"),
+        URL(local_repo_path / "models" / "orders.sql"),
+        URL(local_repo_path / "seeds" / "raw_customers.csv"),
+        URL(local_repo_path / "seeds" / "raw_orders.csv"),
+    ]
+
+    assert local_repo_path.exists()
+
+    assert_dir_contents(local_repo_path, expected, exact=False)
+
+
+@pytest.mark.xfail(
+    strict=False,
+    reason="Attempting to clone from GitLab may fail for missing keys.",
+)
 @pytest.mark.parametrize(
     "repo_url",
     (
-        f"ssh://{PLATFORM}:{JAFFLE_SHOP_REPO}",
-        f"git+ssh://{PLATFORM}:{JAFFLE_SHOP_REPO}",
-        f"https://{PLATFORM}/{JAFFLE_SHOP_REPO}",
-        f"http://{PLATFORM}/{JAFFLE_SHOP_REPO}",
+        f"ssh://{GITLAB}:{JAFFLE_SHOP}",
+        f"git+ssh://{GITLAB}:{JAFFLE_SHOP}",
     ),
 )
-def test_download_dbt_project(tmp_path, repo_url, assert_dir_contents):
-    """Test downloading dbt project from dbt-lab's very own jaffle-shop."""
+def test_download_dbt_project_from_ssh_public_gitlab_repo(
+    tmp_path, repo_url, assert_dir_contents
+):
+    """Test downloading dbt project from GitLab public fork of dbt-lab's jaffle-shop.
+
+    In this test we use an SSH connection to access GitLab. Currently, this requires an
+    SSH key to be setup in the host, so the tests are flaky by design. Future tests will
+    rely on Airflow connections and test SSH keys instead.
+    """
     remote = DbtGitRemoteHook()
     source = URL(repo_url)
     local_repo_path = remote.download_dbt_project(source, tmp_path)
@@ -47,6 +198,90 @@ def test_download_dbt_project(tmp_path, repo_url, assert_dir_contents):
     assert_dir_contents(local_repo_path, expected, exact=False)
 
 
+@pytest.mark.skipif(
+    "GITLAB_READ_TOKEN" not in os.environ,
+    reason="Missing GitLab read token in environment.",
+)
+@pytest.mark.parametrize(
+    "repo_url",
+    (f"https://oauth2:{{token}}@{GITLAB}/{JAFFLE_SHOP_PRIVATE}",),
+)
+def test_download_dbt_project_from_https_private_gitlab_repo_using_token(
+    tmp_path, repo_url, assert_dir_contents
+):
+    """Test downloading dbt project from GitLab private fork of dbt-lab's jaffle-shop.
+
+    In this test we use an HTTPS connection to access GitLab. As the repo is
+    private, we need to authenticate. In this test, we are authenticating with a GitLab
+    Personal Access Token. Said token will be fetched from the GITLAB_READ_TOKEN env
+    variable. If missing, this test is skipped.
+
+    The user the token represents should have access to the test GitLab repo. We
+    have no way to check this though. Modify the JAFFLE_SHOP_PRIVATE variable with your
+    own private fork.
+    """
+    token = os.environ["GITLAB_READ_TOKEN"]
+
+    remote = DbtGitRemoteHook()
+    source = URL(repo_url.format(token=token))
+    local_repo_path = remote.download_dbt_project(source, tmp_path)
+
+    expected = [
+        URL(local_repo_path / "dbt_project.yml"),
+        URL(local_repo_path / "models" / "customers.sql"),
+        URL(local_repo_path / "models" / "orders.sql"),
+        URL(local_repo_path / "seeds" / "raw_customers.csv"),
+        URL(local_repo_path / "seeds" / "raw_orders.csv"),
+    ]
+
+    assert local_repo_path.exists()
+
+    assert_dir_contents(local_repo_path, expected, exact=False)
+
+
+@pytest.mark.skipif(
+    any(
+        env_var not in os.environ for env_var in ("GITLAB_USERNAME", "GITLAB_PASSWORD")
+    ),
+    reason="Missing GitLab credentials in environment.",
+)
+@pytest.mark.parametrize(
+    "repo_url",
+    (f"https://{{username}}:{{password}}@{GITLAB}/{JAFFLE_SHOP_PRIVATE}",),
+)
+def test_download_dbt_project_from_https_private_gitlab_repo_using_credentials(
+    tmp_path, repo_url, assert_dir_contents
+):
+    """Test downloading dbt project from GitLab private fork of dbt-lab's jaffle-shop.
+
+    In this test we use an HTTPS connection to access GitLab. As the repo is
+    private, we need to authenticate. In this test, we are authenticating with GitLab
+    credentials (username and password). Said credentials will be fetched from the
+    GITLAB_USERNAME and GITLAB_PASSWORD env variables. If missing, this test is skipped.
+
+    The user the credentials represent should have access to the test GitLab repo. We
+    have no way to check this though. Modify the JAFFLE_SHOP_PRIVATE variable with your
+    own private fork.
+    """
+    username, password = os.environ["GITLAB_USERNAME"], os.environ["GITLAB_PASSWORD"]
+
+    remote = DbtGitRemoteHook()
+    source = URL(repo_url.format(username=username, password=password))
+    local_repo_path = remote.download_dbt_project(source, tmp_path)
+
+    expected = [
+        URL(local_repo_path / "dbt_project.yml"),
+        URL(local_repo_path / "models" / "customers.sql"),
+        URL(local_repo_path / "models" / "orders.sql"),
+        URL(local_repo_path / "seeds" / "raw_customers.csv"),
+        URL(local_repo_path / "seeds" / "raw_orders.csv"),
+    ]
+
+    assert local_repo_path.exists()
+
+    assert_dir_contents(local_repo_path, expected, exact=False)
+
+
 @pytest.fixture
 def repo_name():
     """A testing local git repo name."""