[git_cl] Refactor EnsureAuthenticated.

This will allow us to invert the main Authenticator API.

R=yiwzhang@google.com

Bug: 336351842
Change-Id: Iebe06f68373b99685809849bcd96371e7634d6ef
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/depot_tools/+/5582406
Reviewed-by: Yiwei Zhang <yiwzhang@google.com>
Auto-Submit: Robbie Iannucci <iannucci@chromium.org>
Commit-Queue: Robbie Iannucci <iannucci@chromium.org>

gerrit_util.py

@@ -189,7 +189,7 @@ class CookiesAuthenticator(Authenticator):
         return 'https://%s/new-password' % ('.'.join(parts))
 
     @classmethod
-    def get_new_password_message(cls, host):
+    def _get_new_password_message(cls, host):
         if host is None:
             return ('Git host for Gerrit upload is unknown. Check your remote '
                     'and the branch your branch is tracking. This tool assumes '
@@ -252,6 +252,46 @@ class CookiesAuthenticator(Authenticator):
             return 'Bearer %s' % a[2], None
         return None, None
 
+
+    def ensure_authenticated(self, gerrit_host: str, git_host: str) -> Tuple[bool, str]:
+      """Returns (bypassable, error message).
+
+      If the error message is empty, there is no error to report.
+      If bypassable is true, the caller will allow the user to continue past the
+      error.
+      """
+      # Lazy-loader to identify Gerrit and Git hosts.
+      gerrit_auth = self._get_auth_for_host(gerrit_host)
+      git_auth = self._get_auth_for_host(git_host)
+      if gerrit_auth and git_auth:
+          if gerrit_auth == git_auth:
+              return True, ''
+          all_gsrc, _ = self.get_auth_info(
+              'd0esN0tEx1st.googlesource.com')
+          print(
+              'WARNING: You have different credentials for Gerrit and git hosts:\n'
+              '           %s\n'
+              '           %s\n'
+              '        Consider running the following command:\n'
+              '          git cl creds-check\n'
+              '        %s\n'
+              '        %s' %
+              (git_host, gerrit_host,
+               ('Hint: delete creds for .googlesource.com' if all_gsrc else
+                ''), self._get_new_password_message(git_host)))
+          return True, 'If you know what you are doing'
+
+      missing = (([] if gerrit_auth else [gerrit_host]) +
+                 ([] if git_auth else [git_host]))
+      return False, (
+        'Credentials for the following hosts are required:\n'
+        '  %s\n'
+        'These are read from %s\n'
+        '%s' %
+        ('\n  '.join(missing), self.get_gitcookies_path(),
+         self._get_new_password_message(git_host)))
+
+
     # Used to redact the cookies from the gitcookies file.
     GITCOOKIES_REDACT_RE = re.compile(r'1/.*')
 

git_cl.py

@@ -2312,37 +2312,14 @@ class Changelist(object):
         git_host = self._GetGitHost()
         assert self._gerrit_server and self._gerrit_host and git_host
 
-        gerrit_auth, _ = cookie_auth.get_auth_info(self._gerrit_host)
-        git_auth, _ = cookie_auth.get_auth_info(git_host)
-        if gerrit_auth and git_auth:
-            if gerrit_auth == git_auth:
-                return
-            all_gsrc, _ = cookie_auth.get_auth_info(
-                'd0esN0tEx1st.googlesource.com')
-            print(
-                'WARNING: You have different credentials for Gerrit and git hosts:\n'
-                '           %s\n'
-                '           %s\n'
-                '        Consider running the following command:\n'
-                '          git cl creds-check\n'
-                '        %s\n'
-                '        %s' %
-                (git_host, self._gerrit_host,
-                 ('Hint: delete creds for .googlesource.com' if all_gsrc else
-                  ''), cookie_auth.get_new_password_message(git_host)))
+        bypassable, msg = cookie_auth.ensure_authenticated(git_host, self._gerrit_host)
+        if not msg:
+            return  # OK
+        if bypassable:
             if not force:
-                confirm_or_exit('If you know what you are doing',
-                                action='continue')
-            return
-
-        missing = (([] if gerrit_auth else [self._gerrit_host]) +
-                   ([] if git_auth else [git_host]))
-        DieWithError('Credentials for the following hosts are required:\n'
-                     '  %s\n'
-                     'These are read from %s\n'
-                     '%s' %
-                     ('\n  '.join(missing), cookie_auth.get_gitcookies_path(),
-                      cookie_auth.get_new_password_message(git_host)))
+                confirm_or_exit(msg, action='continue')
+        else:
+          DieWithError(msg)
 
     def EnsureCanUploadPatchset(self, force):
         if not self.GetIssue():

tests/gerrit_util_test.py

@@ -108,10 +108,10 @@ class CookiesAuthenticatorTest(unittest.TestCase):
         auth = gerrit_util.CookiesAuthenticator()
         self.assertIn(
             'https://chromium.googlesource.com/new-password',
-            auth.get_new_password_message('chromium-review.googlesource.com'))
+            auth._get_new_password_message('chromium-review.googlesource.com'))
         self.assertIn(
             'https://chrome-internal.googlesource.com/new-password',
-            auth.get_new_password_message('chrome-internal.googlesource.com'))
+            auth._get_new_password_message('chrome-internal.googlesource.com'))
 
     def testGetGitcookiesPath(self):
         self.assertEqual(