diff options
| author | Paul Cristian Sarbu <paul.cristian.sarbu@huawei.com> | 2024-07-02 16:47:13 +0200 |
|---|---|---|
| committer | Paul Cristian Sarbu <paul.cristian.sarbu@huawei.com> | 2024-07-04 16:05:08 +0200 |
| commit | c2f7ead468d5e65c57e7ecb49d7fbba4254c46b7 (patch) | |
| tree | b96ce2e63d9d6a2d486cb4133c290187156b97ac /src/buildtool/execution_api | |
| parent | 0d60cd9ba4a5c18b01b6ef996434953071f0576e (diff) | |
| download | justbuild-c2f7ead468d5e65c57e7ecb49d7fbba4254c46b7.tar.gz | |
Replace the Auth and Auth::TLS singletons
Use a builder pattern for creation and validation, in a manner that
allows also other authentication methods to be added in the future
besides the current TLS/SSL.
The main Auth instances are built early and then passed by not_null
const pointers, to avoid passing temporaries, replacing the previous
Auth::TLS instances passed by simple nullable const pointers. Where
needed, these passed Auth instances are also stored, by const ref.
Tests also build Auth instances as needed, either with the default
'no certification' or from the test environment arguments.
Diffstat (limited to 'src/buildtool/execution_api')
14 files changed, 30 insertions, 25 deletions
diff --git a/src/buildtool/execution_api/common/api_bundle.cpp b/src/buildtool/execution_api/common/api_bundle.cpp index 17e3d3af..41637eb4 100644 --- a/src/buildtool/execution_api/common/api_bundle.cpp +++ b/src/buildtool/execution_api/common/api_bundle.cpp @@ -19,10 +19,10 @@ #include "src/buildtool/execution_api/remote/bazel/bazel_api.hpp" ApiBundle::ApiBundle(RepositoryConfig const* repo_config, - Auth::TLS const* authentication, + gsl::not_null<Auth const*> const& authentication, std::optional<ServerAddress> const& remote_address) : local{std::make_shared<LocalApi>(repo_config)}, // needed by remote - auth{authentication}, // needed by remote + auth{*authentication}, // needed by remote remote{CreateRemote(remote_address)} {} auto ApiBundle::CreateRemote(std::optional<ServerAddress> const& address) const @@ -31,7 +31,7 @@ auto ApiBundle::CreateRemote(std::optional<ServerAddress> const& address) const ExecutionConfiguration config; config.skip_cache_lookup = false; return std::make_shared<BazelApi>( - "remote-execution", address->host, address->port, auth, config); + "remote-execution", address->host, address->port, &auth, config); } return local; } diff --git a/src/buildtool/execution_api/common/api_bundle.hpp b/src/buildtool/execution_api/common/api_bundle.hpp index 72fdb687..0148b6af 100644 --- a/src/buildtool/execution_api/common/api_bundle.hpp +++ b/src/buildtool/execution_api/common/api_bundle.hpp @@ -29,14 +29,14 @@ /// exactly the same instance that local api is (&*remote == & *local). struct ApiBundle final { explicit ApiBundle(RepositoryConfig const* repo_config, - Auth::TLS const* authentication, + gsl::not_null<Auth const*> const& authentication, std::optional<ServerAddress> const& remote_address); [[nodiscard]] auto CreateRemote(std::optional<ServerAddress> const& address) const -> gsl::not_null<IExecutionApi::Ptr>; gsl::not_null<IExecutionApi::Ptr> const local; // needed by remote - Auth::TLS const* auth; // needed by remote + Auth const& auth; // needed by remote gsl::not_null<IExecutionApi::Ptr> const remote; }; diff --git a/src/buildtool/execution_api/execution_service/server_implementation.cpp b/src/buildtool/execution_api/execution_service/server_implementation.cpp index 4a9f23cf..676bd0a7 100644 --- a/src/buildtool/execution_api/execution_service/server_implementation.cpp +++ b/src/buildtool/execution_api/execution_service/server_implementation.cpp @@ -70,13 +70,15 @@ auto ServerImpl::Run(ApiBundle const& apis) -> bool { .RegisterService(&cap) .RegisterService(&op); + // check authentication credentials; currently only TLS/SSL is supported std::shared_ptr<grpc::ServerCredentials> creds; - if (apis.auth != nullptr) { + if (const auto* tls_auth = std::get_if<Auth::TLS>(&apis.auth.method); + tls_auth != nullptr) { auto tls_opts = grpc::SslServerCredentialsOptions{}; - tls_opts.pem_root_certs = apis.auth->CACert(); + tls_opts.pem_root_certs = tls_auth->ca_cert; grpc::SslServerCredentialsOptions::PemKeyCertPair keycert = { - apis.auth->ServerKey(), apis.auth->ServerCert()}; + tls_auth->server_key, tls_auth->server_cert}; tls_opts.pem_key_cert_pairs.emplace_back(keycert); diff --git a/src/buildtool/execution_api/remote/bazel/bazel_ac_client.cpp b/src/buildtool/execution_api/remote/bazel/bazel_ac_client.cpp index 65853702..4f93b62d 100644 --- a/src/buildtool/execution_api/remote/bazel/bazel_ac_client.cpp +++ b/src/buildtool/execution_api/remote/bazel/bazel_ac_client.cpp @@ -14,7 +14,6 @@ #include "src/buildtool/execution_api/remote/bazel/bazel_ac_client.hpp" -#include "gsl/gsl" #include "src/buildtool/common/bazel_types.hpp" #include "src/buildtool/common/remote/client_common.hpp" #include "src/buildtool/common/remote/retry.hpp" @@ -22,7 +21,7 @@ BazelAcClient::BazelAcClient(std::string const& server, Port port, - Auth::TLS const* auth) noexcept { + gsl::not_null<Auth const*> const& auth) noexcept { stub_ = bazel_re::ActionCache::NewStub( CreateChannelWithCredentials(server, port, auth)); } diff --git a/src/buildtool/execution_api/remote/bazel/bazel_ac_client.hpp b/src/buildtool/execution_api/remote/bazel/bazel_ac_client.hpp index 4ac24bbc..36e83649 100644 --- a/src/buildtool/execution_api/remote/bazel/bazel_ac_client.hpp +++ b/src/buildtool/execution_api/remote/bazel/bazel_ac_client.hpp @@ -21,6 +21,7 @@ #include <vector> #include "build/bazel/remote/execution/v2/remote_execution.grpc.pb.h" +#include "gsl/gsl" #include "src/buildtool/auth/authentication.hpp" #include "src/buildtool/common/bazel_types.hpp" #include "src/buildtool/common/remote/port.hpp" @@ -34,7 +35,7 @@ class BazelAcClient { public: explicit BazelAcClient(std::string const& server, Port port, - Auth::TLS const* auth) noexcept; + gsl::not_null<Auth const*> const& auth) noexcept; [[nodiscard]] auto GetActionResult( std::string const& instance_name, diff --git a/src/buildtool/execution_api/remote/bazel/bazel_api.cpp b/src/buildtool/execution_api/remote/bazel/bazel_api.cpp index f463ab3c..1ce65259 100644 --- a/src/buildtool/execution_api/remote/bazel/bazel_api.cpp +++ b/src/buildtool/execution_api/remote/bazel/bazel_api.cpp @@ -190,7 +190,7 @@ namespace { BazelApi::BazelApi(std::string const& instance_name, std::string const& host, Port port, - Auth::TLS const* auth, + gsl::not_null<Auth const*> const& auth, ExecutionConfiguration const& exec_config) noexcept { network_ = std::make_shared<BazelNetwork>( instance_name, host, port, auth, exec_config); diff --git a/src/buildtool/execution_api/remote/bazel/bazel_api.hpp b/src/buildtool/execution_api/remote/bazel/bazel_api.hpp index e87e6159..c9771ed7 100644 --- a/src/buildtool/execution_api/remote/bazel/bazel_api.hpp +++ b/src/buildtool/execution_api/remote/bazel/bazel_api.hpp @@ -43,7 +43,7 @@ class BazelApi final : public IExecutionApi { BazelApi(std::string const& instance_name, std::string const& host, Port port, - Auth::TLS const* auth, + gsl::not_null<Auth const*> const& auth, ExecutionConfiguration const& exec_config) noexcept; BazelApi(BazelApi const&) = delete; BazelApi(BazelApi&& other) noexcept; diff --git a/src/buildtool/execution_api/remote/bazel/bazel_cas_client.cpp b/src/buildtool/execution_api/remote/bazel/bazel_cas_client.cpp index 3850ccff..af23e9b1 100644 --- a/src/buildtool/execution_api/remote/bazel/bazel_cas_client.cpp +++ b/src/buildtool/execution_api/remote/bazel/bazel_cas_client.cpp @@ -175,7 +175,7 @@ namespace { BazelCasClient::BazelCasClient(std::string const& server, Port port, - Auth::TLS const* auth) noexcept + gsl::not_null<Auth const*> const& auth) noexcept : stream_{std::make_unique<ByteStreamClient>(server, port, auth)} { stub_ = bazel_re::ContentAddressableStorage::NewStub( CreateChannelWithCredentials(server, port, auth)); diff --git a/src/buildtool/execution_api/remote/bazel/bazel_cas_client.hpp b/src/buildtool/execution_api/remote/bazel/bazel_cas_client.hpp index d7aa5c05..90d9eb75 100644 --- a/src/buildtool/execution_api/remote/bazel/bazel_cas_client.hpp +++ b/src/buildtool/execution_api/remote/bazel/bazel_cas_client.hpp @@ -40,7 +40,7 @@ class BazelCasClient { public: explicit BazelCasClient(std::string const& server, Port port, - Auth::TLS const* auth) noexcept; + gsl::not_null<Auth const*> const& auth) noexcept; /// \brief Find missing blobs /// \param[in] instance_name Name of the CAS instance diff --git a/src/buildtool/execution_api/remote/bazel/bazel_execution_client.cpp b/src/buildtool/execution_api/remote/bazel/bazel_execution_client.cpp index f4ad250c..51ee1869 100644 --- a/src/buildtool/execution_api/remote/bazel/bazel_execution_client.cpp +++ b/src/buildtool/execution_api/remote/bazel/bazel_execution_client.cpp @@ -17,7 +17,6 @@ #include <utility> // std::move #include "grpcpp/grpcpp.h" -#include "gsl/gsl" #include "src/buildtool/common/remote/client_common.hpp" #include "src/buildtool/common/remote/retry.hpp" #include "src/buildtool/logging/log_level.hpp" @@ -56,9 +55,10 @@ auto DebugString(grpc::Status const& status) -> std::string { } // namespace -BazelExecutionClient::BazelExecutionClient(std::string const& server, - Port port, - Auth::TLS const* auth) noexcept { +BazelExecutionClient::BazelExecutionClient( + std::string const& server, + Port port, + gsl::not_null<Auth const*> const& auth) noexcept { stub_ = bazel_re::Execution::NewStub( CreateChannelWithCredentials(server, port, auth)); } diff --git a/src/buildtool/execution_api/remote/bazel/bazel_execution_client.hpp b/src/buildtool/execution_api/remote/bazel/bazel_execution_client.hpp index 74676d45..aa505121 100644 --- a/src/buildtool/execution_api/remote/bazel/bazel_execution_client.hpp +++ b/src/buildtool/execution_api/remote/bazel/bazel_execution_client.hpp @@ -22,6 +22,7 @@ #include "build/bazel/remote/execution/v2/remote_execution.grpc.pb.h" #include "google/longrunning/operations.pb.h" +#include "gsl/gsl" #include "src/buildtool/auth/authentication.hpp" #include "src/buildtool/common/bazel_types.hpp" #include "src/buildtool/common/remote/port.hpp" @@ -55,9 +56,10 @@ class BazelExecutionClient { } }; - explicit BazelExecutionClient(std::string const& server, - Port port, - Auth::TLS const* auth) noexcept; + explicit BazelExecutionClient( + std::string const& server, + Port port, + gsl::not_null<Auth const*> const& auth) noexcept; [[nodiscard]] auto Execute(std::string const& instance_name, bazel_re::Digest const& action_digest, diff --git a/src/buildtool/execution_api/remote/bazel/bazel_network.cpp b/src/buildtool/execution_api/remote/bazel/bazel_network.cpp index 4d5509c9..6094888d 100644 --- a/src/buildtool/execution_api/remote/bazel/bazel_network.cpp +++ b/src/buildtool/execution_api/remote/bazel/bazel_network.cpp @@ -24,7 +24,7 @@ BazelNetwork::BazelNetwork(std::string instance_name, std::string const& host, Port port, - Auth::TLS const* auth, + gsl::not_null<Auth const*> const& auth, ExecutionConfiguration const& exec_config) noexcept : instance_name_{std::move(instance_name)}, exec_config_{exec_config}, diff --git a/src/buildtool/execution_api/remote/bazel/bazel_network.hpp b/src/buildtool/execution_api/remote/bazel/bazel_network.hpp index 4da302c9..ca0b0e2a 100644 --- a/src/buildtool/execution_api/remote/bazel/bazel_network.hpp +++ b/src/buildtool/execution_api/remote/bazel/bazel_network.hpp @@ -22,6 +22,7 @@ #include <utility> #include <vector> +#include "gsl/gsl" #include "src/buildtool/auth/authentication.hpp" #include "src/buildtool/common/bazel_types.hpp" #include "src/buildtool/common/remote/port.hpp" @@ -39,7 +40,7 @@ class BazelNetwork { explicit BazelNetwork(std::string instance_name, std::string const& host, Port port, - Auth::TLS const* auth, + gsl::not_null<Auth const*> const& auth, ExecutionConfiguration const& exec_config) noexcept; /// \brief Check if digest exists in CAS diff --git a/src/buildtool/execution_api/remote/bazel/bytestream_client.hpp b/src/buildtool/execution_api/remote/bazel/bytestream_client.hpp index 2879a90f..88abe6fd 100644 --- a/src/buildtool/execution_api/remote/bazel/bytestream_client.hpp +++ b/src/buildtool/execution_api/remote/bazel/bytestream_client.hpp @@ -83,7 +83,7 @@ class ByteStreamClient { explicit ByteStreamClient(std::string const& server, Port port, - Auth::TLS const* auth) noexcept { + gsl::not_null<Auth const*> const& auth) noexcept { stub_ = google::bytestream::ByteStream::NewStub( CreateChannelWithCredentials(server, port, auth)); } |