Use Maven repository credentials in GradleProjectBuilder (#6096)

sullis · timtebeek · shanman190 · web-flow · commit 698f45367817 · 2025-10-02T17:20:05.000+02:00
* use maven repo credentials

* Builder does not accept a `null` username or password

* Adopt `username` within `credentials`

* Only get credentials on Gradle 6.6 or newer

* Verify username and password extracted

* Map over credentials in all valid cases for all Gradle versions

* Remove unnecessary gradle.properties file for HTTP header authentication test case

* Remove unused import and streamline assertions

* Minimize changes

---------

Co-authored-by: Tim te Beek &lt;tim@moderne.io&gt;
Co-authored-by: Shannon Pamperl &lt;shannon@moderne.io&gt;
Co-authored-by: Shannon Pamperl &lt;shanman190@gmail.com&gt;
diff --git a/rewrite-gradle-tooling-model/model/src/main/java/org/openrewrite/gradle/marker/GradleProjectBuilder.java b/rewrite-gradle-tooling-model/model/src/main/java/org/openrewrite/gradle/marker/GradleProjectBuilder.java
@@ -19,6 +19,7 @@
 import org.gradle.api.artifacts.*;
 import org.gradle.api.artifacts.repositories.ArtifactRepository;
 import org.gradle.api.artifacts.repositories.MavenArtifactRepository;
+import org.gradle.api.artifacts.repositories.PasswordCredentials;
 import org.gradle.api.attributes.Attribute;
 import org.gradle.api.attributes.HasAttributes;
 import org.gradle.api.initialization.Settings;
@@ -87,15 +88,26 @@ static List<MavenRepository> mapRepositories(List<ArtifactRepository> repositori
         return repositories.stream()
                 .filter(MavenArtifactRepository.class::isInstance)
                 .map(MavenArtifactRepository.class::cast)
-                .map(repo -> MavenRepository.builder()
+                .map(repo -> withAuthentication(repo, MavenRepository.builder()
                         .id(repo.getName())
                         .uri(repo.getUrl().toString())
                         .releases(true)
-                        .snapshots(true)
+                        .snapshots(true))
                         .build())
                 .collect(toList());
     }
 
+    private static MavenRepository.Builder withAuthentication(MavenArtifactRepository repo, MavenRepository.Builder builder) {
+        try {
+            PasswordCredentials passwordCredentials = repo.getCredentials(PasswordCredentials.class);
+            Optional.ofNullable(passwordCredentials.getUsername()).ifPresent(builder::username);
+            Optional.ofNullable(passwordCredentials.getPassword()).ifPresent(builder::password);
+        } catch (IllegalArgumentException e) {
+            // We're not using password credentials
+        }
+        return builder;
+    }
+
     public static List<GradlePluginDescriptor> pluginDescriptors(@Nullable PluginManager pluginManager) {
         if (pluginManager instanceof PluginManagerInternal) {
             return pluginDescriptors((PluginManagerInternal) pluginManager);
diff --git a/rewrite-gradle-tooling-model/plugin/src/main/java/org/openrewrite/gradle/toolingapi/ToolingApiOpenRewriteModelPlugin.java b/rewrite-gradle-tooling-model/plugin/src/main/java/org/openrewrite/gradle/toolingapi/ToolingApiOpenRewriteModelPlugin.java
@@ -15,6 +15,7 @@
  */
 package org.openrewrite.gradle.toolingapi;
 
+import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import org.gradle.api.Plugin;
 import org.gradle.api.Project;
@@ -26,6 +27,7 @@
 import org.openrewrite.gradle.marker.GradleProjectBuilder;
 import org.openrewrite.gradle.marker.GradleSettings;
 import org.openrewrite.gradle.marker.GradleSettingsBuilder;
+import org.openrewrite.maven.tree.MavenRepository;
 
 import javax.inject.Inject;
 import java.io.File;
@@ -44,7 +46,7 @@ public void apply(Project project) {
         registry.register(new OpenRewriteModelBuilder());
     }
 
-    private static final ObjectMapper mapper = new RecipeSerializer().getMapper();
+    private static final ObjectMapper mapper = new RecipeSerializer().getMapper().copy().addMixIn(MavenRepository.class, MavenRepositoryMixin.class);
 
     private static class OpenRewriteModelBuilder implements ToolingModelBuilder {
         @Override
@@ -71,4 +73,12 @@ public Object buildAll(String modelName, Project project) {
             }
         }
     }
+
+    interface MavenRepositoryMixin {
+        @JsonProperty(access = JsonProperty.Access.READ_WRITE)
+        String getUsername();
+
+        @JsonProperty(access = JsonProperty.Access.READ_WRITE)
+        String getPassword();
+    }
 }
diff --git a/rewrite-gradle/src/test/java/org/openrewrite/gradle/marker/GradleProjectTest.java b/rewrite-gradle/src/test/java/org/openrewrite/gradle/marker/GradleProjectTest.java
@@ -29,6 +29,7 @@
 import org.openrewrite.maven.tree.GroupArtifact;
 import org.openrewrite.maven.tree.GroupArtifactVersion;
 import org.openrewrite.maven.tree.ResolvedDependency;
+import org.openrewrite.properties.tree.Properties;
 import org.openrewrite.test.RecipeSpec;
 import org.openrewrite.test.RewriteTest;
 import org.openrewrite.test.SourceSpec;
@@ -43,6 +44,7 @@
 import static org.openrewrite.gradle.Assertions.settingsGradle;
 import static org.openrewrite.gradle.toolingapi.Assertions.withToolingApi;
 import static org.openrewrite.java.Assertions.mavenProject;
+import static org.openrewrite.properties.Assertions.properties;
 
 class GradleProjectTest implements RewriteTest {
 
@@ -76,6 +78,184 @@ void noopUpgrade() {
         );
     }
 
+    @Test
+    void repositoryWithCredentials() {
+        rewriteRun(
+          spec -> spec.recipe(new UpgradeDependencyInMarker(
+            new GroupArtifactVersion("org.openrewrite", "rewrite-java", "8.56.0"),
+            "implementation",
+            (original, updated) -> assertThat(updated)
+              .isSameAs(original)
+              .satisfies(gp -> assertThat(gp.getMavenRepositories())
+                .singleElement()
+                .satisfies(repo -> {
+                    assertThat(repo.getUri()).isEqualTo("https://example.com/maven2");
+                    assertThat(repo.getUsername()).isEqualTo("dummyuser");
+                    assertThat(repo.getPassword()).isEqualTo("dummypass");
+                }))
+          )),
+          properties(
+            """
+              mavenUsername=dummyuser
+              mavenPassword=dummypass
+              """,
+            spec -> spec.path("gradle.properties")
+          ),
+          buildGradle(
+            """
+              plugins {
+                  id("java")
+              }
+              repositories {
+                  maven {
+                      url = "https://example.com/maven2"
+                      credentials {
+                        username = findProperty("mavenUsername")
+                        password = findProperty("mavenPassword")
+                      }
+                  }
+              }
+              dependencies {
+                  implementation("org.openrewrite:rewrite-java:8.56.0")
+              }
+              """
+          )
+        );
+    }
+
+    @Test
+    void repositoryWithPreemptiveCredentials() {
+        rewriteRun(
+          spec -> spec.recipe(new UpgradeDependencyInMarker(
+            new GroupArtifactVersion("org.openrewrite", "rewrite-java", "8.56.0"),
+            "implementation",
+            (original, updated) -> assertThat(updated)
+              .isSameAs(original)
+              .satisfies(gp -> assertThat(gp.getMavenRepositories())
+                .singleElement()
+                .satisfies(repo -> {
+                    assertThat(repo.getUri()).isEqualTo("https://example.com/maven2");
+                    assertThat(repo.getUsername()).isEqualTo("dummyuser");
+                    assertThat(repo.getPassword()).isEqualTo("dummypass");
+                }))
+          )),
+          properties(
+            """
+              mavenUsername=dummyuser
+              mavenPassword=dummypass
+              """,
+            spec -> spec.path("gradle.properties")
+          ),
+          buildGradle(
+            """
+              plugins {
+                  id("java")
+              }
+              repositories {
+                  maven {
+                      url = "https://example.com/maven2"
+                      credentials {
+                        username = findProperty("mavenUsername")
+                        password = findProperty("mavenPassword")
+                        authentication {
+                          basic(BasicAuthentication)
+                        }
+                      }
+                  }
+              }
+              dependencies {
+                  implementation("org.openrewrite:rewrite-java:8.56.0")
+              }
+              """
+          )
+        );
+    }
+
+    @Test
+    void repositoryWithPasswordCredentials() {
+        rewriteRun(
+          spec -> spec.recipe(new UpgradeDependencyInMarker(
+            new GroupArtifactVersion("org.openrewrite", "rewrite-java", "8.56.0"),
+            "implementation",
+            (original, updated) -> assertThat(updated)
+              .isSameAs(original)
+              .satisfies(gp -> assertThat(gp.getMavenRepositories())
+                .singleElement()
+                .satisfies(repo -> {
+                    assertThat(repo.getUri()).isEqualTo("https://example.com/maven2");
+                    assertThat(repo.getUsername()).isEqualTo("dummyuser");
+                    assertThat(repo.getPassword()).isEqualTo("dummypass");
+                }))
+          )),
+          properties(
+            """
+              mySecureRepositoryUsername=dummyuser
+              mySecureRepositoryPassword=dummypass
+              """,
+            spec -> spec.path("gradle.properties")
+          ),
+          buildGradle(
+            """
+              plugins {
+                  id("java")
+              }
+              repositories {
+                  maven {
+                      name = "mySecureRepository"
+                      url = "https://example.com/maven2"
+                      credentials(PasswordCredentials)
+                  }
+              }
+              dependencies {
+                  implementation("org.openrewrite:rewrite-java:8.56.0")
+              }
+              """
+          )
+        );
+    }
+
+    @Test
+    void repositoryWithHttpHeaderCredentials() {
+        rewriteRun(
+          spec -> spec.recipe(new UpgradeDependencyInMarker(
+            new GroupArtifactVersion("org.openrewrite", "rewrite-java", "8.56.0"),
+            "implementation",
+            (original, updated) -> assertThat(updated)
+              .isSameAs(original)
+              .satisfies(gp -> assertThat(gp.getMavenRepositories())
+                .singleElement()
+                .satisfies(repo -> {
+                    assertThat(repo.getUri()).isEqualTo("https://example.com/maven2");
+                    assertThat(repo.getUsername()).isNull();
+                    assertThat(repo.getPassword()).isNull();
+                }))
+          )),
+          buildGradle(
+            """
+              plugins {
+                  id("java")
+              }
+              repositories {
+                  maven {
+                      name = "mySecureRepository"
+                      url = "https://example.com/maven2"
+                      credentials(HttpHeaderCredentials) {
+                          name = "Private-Token"
+                          value = "TOKEN"
+                      }
+                      authentication {
+                          header(HttpHeaderAuthentication)
+                      }
+                  }
+              }
+              dependencies {
+                  implementation("org.openrewrite:rewrite-java:8.56.0")
+              }
+              """
+          )
+        );
+    }
+
     @Test
     void multiProject() {
         rewriteRun(
@@ -366,7 +546,7 @@ void changeConstraint() {
 
                 GradleDependencyConstraint jacksonConstraint = constraints.stream()
                   .filter(c -> "com.fasterxml.jackson.core".equals(c.getGroupId()) &&
-                               "jackson-databind".equals(c.getArtifactId()))
+                    "jackson-databind".equals(c.getArtifactId()))
                   .findFirst()
                   .orElse(null);
 
@@ -429,6 +609,10 @@ public TreeVisitor<?, ExecutionContext> getVisitor() {
             @Override
             @SneakyThrows
             public Tree visit(Tree tree, ExecutionContext ctx) {
+                if (tree instanceof Properties.File) {
+                    // Skip gradle.properties files
+                    return tree;
+                }
                 GradleProject original = tree.getMarkers().findFirst(GradleProject.class).orElseThrow(() -> fail("Missing GradleProject"));
                 GradleProject updated = original.upgradeDirectDependencyVersion(configuration, newGav, ctx);
                 testAssertion.accept(original, updated);
