diff options
| author | Paul Cristian Sarbu <paul.cristian.sarbu@huawei.com> | 2023-08-24 10:34:07 +0200 |
|---|---|---|
| committer | Paul Cristian Sarbu <paul.cristian.sarbu@huawei.com> | 2023-08-25 18:11:23 +0200 |
| commit | 0bd3bb3c38e6c50650bf05aab8d69e62036b7765 (patch) | |
| tree | 292f9c19740a2ae3cd55b7ea8f391963271b2ead /src | |
| parent | 8fd8a822cacd1d0208c2b3660fa8b61abf86cbe8 (diff) | |
| download | justbuild-0bd3bb3c38e6c50650bf05aab8d69e62036b7765.tar.gz | |
just-mr: Add remote execution and mTLS arguments
These have similar meanings as in 'just', are forwarded to 'just'
subcommands that support them, and can be set also in the RC file
via appropriate fields.
Diffstat (limited to 'src')
| -rw-r--r-- | src/other_tools/just_mr/TARGETS | 1 | ||||
| -rw-r--r-- | src/other_tools/just_mr/cli.hpp | 34 | ||||
| -rw-r--r-- | src/other_tools/just_mr/launch.cpp | 31 | ||||
| -rw-r--r-- | src/other_tools/just_mr/launch.hpp | 1 | ||||
| -rw-r--r-- | src/other_tools/just_mr/main.cpp | 80 | ||||
| -rw-r--r-- | src/other_tools/just_mr/utils.hpp | 75 |
6 files changed, 210 insertions, 12 deletions
diff --git a/src/other_tools/just_mr/TARGETS b/src/other_tools/just_mr/TARGETS index b3ddcfb0..8941c1c9 100644 --- a/src/other_tools/just_mr/TARGETS +++ b/src/other_tools/just_mr/TARGETS @@ -15,6 +15,7 @@ , ["@", "json", "", "json"] , ["src/buildtool/storage", "storage"] , ["src/buildtool/file_system", "git_context"] + , ["src/buildtool/compatibility", "compatibility"] , "fetch" , "update" , "setup" diff --git a/src/other_tools/just_mr/cli.hpp b/src/other_tools/just_mr/cli.hpp index 48c06fb8..60c8f745 100644 --- a/src/other_tools/just_mr/cli.hpp +++ b/src/other_tools/just_mr/cli.hpp @@ -45,6 +45,8 @@ struct MultiRepoCommonArguments { bool norc{false}; std::size_t jobs{std::max(1U, std::thread::hardware_concurrency())}; std::vector<std::string> defines{}; + std::optional<std::string> remote_execution_address; + std::optional<bool> compatible{std::nullopt}; }; struct MultiRepoLogArguments { @@ -73,6 +75,13 @@ struct MultiRepoJustSubCmdsArguments { std::unordered_map<std::string, std::vector<std::string>> just_args{}; }; +// corresponding to the similarly-named arguments in 'just' +struct MultiRepoRemoteAuthArguments { + std::optional<std::filesystem::path> tls_ca_cert{std::nullopt}; + std::optional<std::filesystem::path> tls_client_cert{std::nullopt}; + std::optional<std::filesystem::path> tls_client_key{std::nullopt}; +}; + static inline void SetupMultiRepoCommonArguments( gsl::not_null<CLI::App*> const& app, gsl::not_null<MultiRepoCommonArguments*> const& clargs) { @@ -167,6 +176,16 @@ static inline void SetupMultiRepoCommonArguments( ->type_name("JSON") ->trigger_on_parse(); // run callback on all instances while parsing, // not after all parsing is done + app->add_option("-r,--remote-execution-address", + clargs->remote_execution_address, + "Address of a remote-execution service.") + ->type_name("NAME:PORT"); + app->add_flag( + "--compatible", + clargs->compatible, + "At increased computational effort, be compatible with the original " + "remote build execution protocol. As the change affects identifiers, " + "the flag must be used consistently for all related invocations."); } static inline auto SetupMultiRepoLogArguments( @@ -234,4 +253,19 @@ static inline void SetupMultiRepoUpdateArguments( ->type_name(""); } +static inline auto SetupMultiRepoRemoteAuthArguments( + gsl::not_null<CLI::App*> const& app, + gsl::not_null<MultiRepoRemoteAuthArguments*> const& authargs) { + app->add_option("--tls-ca-cert", + authargs->tls_ca_cert, + "Path to a TLS CA certificate that is trusted to sign the " + "server certificate."); + app->add_option("--tls-client-cert", + authargs->tls_client_cert, + "Path to the TLS client certificate."); + app->add_option("--tls-client-key", + authargs->tls_client_key, + "Path to the TLS client key."); +} + #endif // INCLUDED_SRC_OTHER_TOOLS_JUST_MR_CLI_HPP diff --git a/src/other_tools/just_mr/launch.cpp b/src/other_tools/just_mr/launch.cpp index 0d8f263b..61953cda 100644 --- a/src/other_tools/just_mr/launch.cpp +++ b/src/other_tools/just_mr/launch.cpp @@ -33,6 +33,7 @@ auto CallJust(std::optional<std::filesystem::path> const& config_file, MultiRepoSetupArguments const& setup_args, MultiRepoJustSubCmdsArguments const& just_cmd_args, MultiRepoLogArguments const& log_args, + MultiRepoRemoteAuthArguments const& auth_args, bool forward_build_root) -> int { // check if subcmd_name can be taken from additional args auto additional_args_offset = 0U; @@ -46,6 +47,9 @@ auto CallJust(std::optional<std::filesystem::path> const& config_file, bool use_build_root{false}; bool use_launcher{false}; bool supports_defines{false}; + bool supports_remote{false}; + bool supports_cacert{false}; + bool supports_client_auth{false}; std::optional<std::filesystem::path> mr_config_path{std::nullopt}; std::optional<LockFile> lock{}; @@ -74,6 +78,10 @@ auto CallJust(std::optional<std::filesystem::path> const& config_file, use_build_root = kKnownJustSubcommands.at(*subcommand).build_root; use_launcher = kKnownJustSubcommands.at(*subcommand).launch; supports_defines = kKnownJustSubcommands.at(*subcommand).defines; + supports_remote = kKnownJustSubcommands.at(*subcommand).remote; + supports_cacert = kKnownJustSubcommands.at(*subcommand).cacert; + supports_client_auth = + kKnownJustSubcommands.at(*subcommand).client_auth; } // build just command std::vector<std::string> cmd = {common_args.just_path->string()}; @@ -135,6 +143,29 @@ auto CallJust(std::optional<std::filesystem::path> const& config_file, cmd.emplace_back(overlay_config.ToString()); } } + // forward remote execution arguments + if (supports_remote and (common_args.compatible == true)) { + cmd.emplace_back("--compatible"); + } + if (supports_remote and common_args.remote_execution_address) { + cmd.emplace_back("-r"); + cmd.emplace_back(*common_args.remote_execution_address); + } + // forward mutual TLS arguments + if (supports_cacert and auth_args.tls_ca_cert) { + cmd.emplace_back("--tls-ca-cert"); + cmd.emplace_back(auth_args.tls_ca_cert->string()); + } + if (supports_client_auth) { + if (auth_args.tls_client_cert) { + cmd.emplace_back("--tls-client-cert"); + cmd.emplace_back(auth_args.tls_client_cert->string()); + } + if (auth_args.tls_client_key) { + cmd.emplace_back("--tls-client-key"); + cmd.emplace_back(auth_args.tls_client_key->string()); + } + } // add args read from just-mrrc if (subcommand and just_cmd_args.just_args.contains(*subcommand)) { for (auto const& subcmd_arg : just_cmd_args.just_args.at(*subcommand)) { diff --git a/src/other_tools/just_mr/launch.hpp b/src/other_tools/just_mr/launch.hpp index 1a778a47..36f08a42 100644 --- a/src/other_tools/just_mr/launch.hpp +++ b/src/other_tools/just_mr/launch.hpp @@ -26,6 +26,7 @@ MultiRepoSetupArguments const& setup_args, MultiRepoJustSubCmdsArguments const& just_cmd_args, MultiRepoLogArguments const& log_args, + MultiRepoRemoteAuthArguments const& auth_args, bool forward_build_root) -> int; #endif // INCLUDED_SRC_OTHER_TOOLS_JUST_MR_LAUNCH_HPP diff --git a/src/other_tools/just_mr/main.cpp b/src/other_tools/just_mr/main.cpp index d11785b3..1ef6d25c 100644 --- a/src/other_tools/just_mr/main.cpp +++ b/src/other_tools/just_mr/main.cpp @@ -21,6 +21,7 @@ #include "gsl/gsl" #include "nlohmann/json.hpp" #include "src/buildtool/build_engine/expression/configuration.hpp" +#include "src/buildtool/compatibility/compatibility.hpp" #include "src/buildtool/file_system/git_context.hpp" #include "src/buildtool/logging/log_config.hpp" #include "src/buildtool/logging/log_level.hpp" @@ -57,6 +58,7 @@ struct CommandLineArguments { MultiRepoFetchArguments fetch; MultiRepoUpdateArguments update; MultiRepoJustSubCmdsArguments just_cmd; + MultiRepoRemoteAuthArguments auth; }; /// \brief Setup arguments for just-mr itself, common to all subcommands. @@ -65,6 +67,7 @@ void SetupCommonCommandArguments( gsl::not_null<CommandLineArguments*> const& clargs) { SetupMultiRepoCommonArguments(app, &clargs->common); SetupMultiRepoLogArguments(app, &clargs->log); + SetupMultiRepoRemoteAuthArguments(app, &clargs->auth); } /// \brief Setup arguments for subcommand "just-mr fetch". @@ -490,6 +493,77 @@ void SetupLogging(MultiRepoLogArguments const& clargs) { } } } + // read remote exec args; overwritten if user provided it already + auto remote = rc_config["remote execution"]; + if (remote.IsNotNull()) { + if (not remote->IsMap()) { + Logger::Log(LogLevel::Error, + "Configuration-provided remote execution arguments has " + "to be a map, but found {}", + remote->ToString()); + std::exit(kExitConfigError); + } + auto const& remote_map = remote->Map(); + if (not clargs->common.remote_execution_address) { + auto addr = remote_map.at("address"); + if (addr.IsNotNull()) { + if (not addr->IsString()) { + Logger::Log(LogLevel::Error, + "Configuration-provided remote execution " + "address has to be a string, but found {}", + addr->ToString()); + std::exit(kExitConfigError); + } + clargs->common.remote_execution_address = addr->String(); + } + } + if (not clargs->common.compatible) { + auto compat = remote_map.at("compatible"); + if (compat.IsNotNull()) { + if (not compat->IsBool()) { + Logger::Log(LogLevel::Error, + "Configuration-provided remote execution " + "compatibility has to be a flag, but found {}", + compat->ToString()); + std::exit(kExitConfigError); + } + clargs->common.compatible = compat->Bool(); + } + } + } + // read authentication args; overwritten if user provided it already + auto auth_args = rc_config["authentication"]; + if (auth_args.IsNotNull()) { + if (not auth_args->IsMap()) { + Logger::Log(LogLevel::Error, + "Configuration-provided authentication arguments has " + "to be a map, but found {}", + auth_args->ToString()); + std::exit(kExitConfigError); + } + auto const& auth_map = auth_args->Map(); + if (not clargs->auth.tls_ca_cert) { + auto v = ReadLocation(auth_map.at("ca cert"), + clargs->common.just_mr_paths->workspace_root); + if (v) { + clargs->auth.tls_ca_cert = v->first; + } + } + if (not clargs->auth.tls_client_cert) { + auto v = ReadLocation(auth_map.at("client cert"), + clargs->common.just_mr_paths->workspace_root); + if (v) { + clargs->auth.tls_client_cert = v->first; + } + } + if (not clargs->auth.tls_client_key) { + auto v = ReadLocation(auth_map.at("client key"), + clargs->common.just_mr_paths->workspace_root); + if (v) { + clargs->auth.tls_client_key = v->first; + } + } + } // read config lookup order auto config_lookup_order = rc_config["config lookup order"]; if (config_lookup_order.IsNotNull()) { @@ -614,6 +688,11 @@ auto main(int argc, char* argv[]) -> int { return kExitGenericFailure; } + // set remote execution protocol compatibility + if (arguments.common.compatible == true) { + Compatibility::SetCompatible(); + } + /** * The current implementation of libgit2 uses pthread_key_t incorrectly * on POSIX systems to handle thread-specific data, which requires us to @@ -630,6 +709,7 @@ auto main(int argc, char* argv[]) -> int { arguments.setup, arguments.just_cmd, arguments.log, + arguments.auth, forward_build_root); } auto lock = GarbageCollector::SharedLock(); diff --git a/src/other_tools/just_mr/utils.hpp b/src/other_tools/just_mr/utils.hpp index 9d6f3b7f..9ee3d656 100644 --- a/src/other_tools/just_mr/utils.hpp +++ b/src/other_tools/just_mr/utils.hpp @@ -46,30 +46,81 @@ std::vector<std::string> const kTakeOver = {"bindings", "expression_file_name"}; struct JustSubCmdFlags { - bool config; - bool build_root; - bool launch; - bool defines; + bool config; // requires setup + bool build_root; // supports the local build root arg + bool launch; // supports the local launcher arg + bool defines; // supports defines arg + bool remote; // supports remote exec args + bool cacert; // supports CA cert arg + bool client_auth; // supports client auth args }; // ordered, so that we have replicability std::map<std::string, JustSubCmdFlags> const kKnownJustSubcommands{ {"version", - {.config = false, .build_root = false, .launch = false, .defines = false}}, + {.config = false, + .build_root = false, + .launch = false, + .defines = false, + .remote = false, + .cacert = false, + .client_auth = false}}, {"describe", - {.config = true, .build_root = false, .launch = false, .defines = true}}, + {.config = true, + .build_root = false, + .launch = false, + .defines = true, + .remote = false, + .cacert = false, + .client_auth = false}}, {"analyse", - {.config = true, .build_root = true, .launch = false, .defines = true}}, + {.config = true, + .build_root = true, + .launch = false, + .defines = true, + .remote = true, + .cacert = false, + .client_auth = false}}, {"build", - {.config = true, .build_root = true, .launch = true, .defines = true}}, + {.config = true, + .build_root = true, + .launch = true, + .defines = true, + .remote = true, + .cacert = true, + .client_auth = true}}, {"install", - {.config = true, .build_root = true, .launch = true, .defines = true}}, + {.config = true, + .build_root = true, + .launch = true, + .defines = true, + .remote = true, + .cacert = true, + .client_auth = true}}, {"rebuild", - {.config = true, .build_root = true, .launch = true, .defines = true}}, + {.config = true, + .build_root = true, + .launch = true, + .defines = true, + .remote = true, + .cacert = true, + .client_auth = true}}, {"install-cas", - {.config = false, .build_root = true, .launch = false, .defines = false}}, + {.config = false, + .build_root = true, + .launch = false, + .defines = false, + .remote = true, + .cacert = true, + .client_auth = true}}, {"gc", - {.config = false, .build_root = true, .launch = false, .defines = false}}}; + {.config = false, + .build_root = true, + .launch = false, + .defines = false, + .remote = false, + .cacert = false, + .client_auth = false}}}; nlohmann::json const kDefaultConfigLocations = nlohmann::json::array( {{{"root", "workspace"}, {"path", "repos.json"}}, |