Replace the Auth and Auth::TLS singletons

Use a builder pattern for creation and validation, in a manner that
allows also other authentication methods to be added in the future
besides the current TLS/SSL.

The main Auth instances are built early and then passed by not_null
const pointers, to avoid passing temporaries, replacing the previous
Auth::TLS instances passed by simple nullable const pointers. Where
needed, these passed Auth instances are also stored, by const ref.

Tests also build Auth instances as needed, either with the default
'no certification' or from the test environment arguments.

1 files changed, 5 insertions, 3 deletions

diff --git a/src/buildtool/execution_api/execution_service/server_implementation.cpp b/src/buildtool/execution_api/execution_service/server_implementation.cpp
index 4a9f23cf..676bd0a7 100644
--- a/src/buildtool/execution_api/execution_service/server_implementation.cpp
+++ b/src/buildtool/execution_api/execution_service/server_implementation.cpp
@@ -70,13 +70,15 @@ auto ServerImpl::Run(ApiBundle const& apis) -> bool {
         .RegisterService(&cap)
         .RegisterService(&op);
 
+    // check authentication credentials; currently only TLS/SSL is supported
     std::shared_ptr<grpc::ServerCredentials> creds;
-    if (apis.auth != nullptr) {
+    if (const auto* tls_auth = std::get_if<Auth::TLS>(&apis.auth.method);
+        tls_auth != nullptr) {
         auto tls_opts = grpc::SslServerCredentialsOptions{};
 
-        tls_opts.pem_root_certs = apis.auth->CACert();
+        tls_opts.pem_root_certs = tls_auth->ca_cert;
         grpc::SslServerCredentialsOptions::PemKeyCertPair keycert = {
-            apis.auth->ServerKey(), apis.auth->ServerCert()};
+            tls_auth->server_key, tls_auth->server_cert};
 
         tls_opts.pem_key_cert_pairs.emplace_back(keycert);