Merge pull request #990 from GitGuardian/plalanne/-/add-default-eu-support-for-hmsl

Add default EU support for HMSL

Author: agateau-gg

ggshield/core/config/config.py

@@ -142,14 +142,15 @@ def add_ignored_match(self, *args: Any, **kwargs: Any) -> None:
     @property
     def saas_api_url(self) -> str:
         """
-        The GIM SaaS instance (used to get JWT tokens).
-        It is not configurable, but can be overridden with the
-        GITGUARDIAN_SAAS_URL environment variable for tests.
+        The GIM SaaS instance used to get JWT tokens.
+        This can be overridden with the GITGUARDIAN_SAAS_URL environment variable.
+        If the HMSL URL is different from the default, we derive the SaaS API from it.
+        Otherwise the SaaS API URL is actually the one derived from the dashboard
         """
-        if "api" in self.hmsl_url:  # case https://api.hasmysecretleaked.[...]
+        if self.hmsl_url != DEFAULT_HMSL_URL and "api" in self.hmsl_url:
             default_value = self.hmsl_url.replace("hasmysecretleaked", "gitguardian")
-        else:  # case https://hasmysecretleaked.[...]
-            default_value = self.hmsl_url.replace("hasmysecretleaked", "api")
+        else:
+            default_value = self.api_url
 
         return os.environ.get(
             "GITGUARDIAN_SAAS_URL",

tests/unit/verticals/hmsl/test_hmsl_utils.py

@@ -49,13 +49,31 @@ def test_hmsl_other_env_config_values(isolated_fs, hmsl_no_env_vars, monkeypatch
     WHEN getting HasMySecretLeaked config values
     THEN the values are correctly set
     """
+    # If the user defines a custom HMSL URL
     monkeypatch.setenv(
-        "GITGUARDIAN_HMSL_URL", "https://hasmysecretleaked.secretdomain.net"
+        "GITGUARDIAN_HMSL_URL", "https://hasmysecretleaked.env.gitguardian.com"
     )
+    # They are also expected to set a corresponding GitGuardian instance
+    monkeypatch.setenv("GITGUARDIAN_INSTANCE", "https://dashboard.env.gitguardian.com")
     config = Config()
-    assert config.hmsl_url == "https://hasmysecretleaked.secretdomain.net"
-    assert config.hmsl_audience == "https://hasmysecretleaked.secretdomain.net"
-    assert config.saas_api_url == "https://api.secretdomain.net"
+    assert config.hmsl_url == "https://hasmysecretleaked.env.gitguardian.com"
+    assert config.hmsl_audience == "https://hasmysecretleaked.env.gitguardian.com"
+    assert config.saas_api_url == "https://api.env.gitguardian.com"
+
+
+def test_hmsl_region_specific_config_values(isolated_fs, hmsl_no_env_vars, monkeypatch):
+    """
+    GIVEN another SaaS environment
+    WHEN getting HasMySecretLeaked config values
+    THEN the values are correctly set
+    """
+    monkeypatch.setenv(
+        "GITGUARDIAN_INSTANCE", "https://dashboard.region3.gitguardian.com"
+    )
+    config = Config()
+    assert config.hmsl_url == "https://api.hasmysecretleaked.com"
+    assert config.hmsl_audience == "https://api.hasmysecretleaked.com"
+    assert config.saas_api_url == "https://api.region3.gitguardian.com"
 
 
 def test_no_token(isolated_fs, hmsl_no_env_vars):