Pass Auth::TLS instance to serve and execute clients

author: Paul Cristian Sarbu <paul.cristian.sarbu@huawei.com> 2024-07-01 17:07:02 +0200
committer: Paul Cristian Sarbu <paul.cristian.sarbu@huawei.com> 2024-07-04 16:05:08 +0200
commit: 0d60cd9ba4a5c18b01b6ef996434953071f0576e (patch)
tree: e2d96536db33b8e36cfc417e548d0f60b2d1ed28 /src
parent: 217e31bf00c3437658033bd0829f31929f10a103 (diff)
download: justbuild-0d60cd9ba4a5c18b01b6ef996434953071f0576e.tar.gz
18 files changed, 67 insertions, 34 deletions
diff --git a/src/buildtool/common/remote/client_common.hpp b/src/buildtool/common/remote/client_common.hpp
index eb4af68f..4fd9e9a7 100644
--- a/src/buildtool/common/remote/client_common.hpp
+++ b/src/buildtool/common/remote/client_common.hpp
@@ -32,15 +32,14 @@
 
 [[maybe_unused]] [[nodiscard]] static inline auto CreateChannelWithCredentials(
     std::string const& server,
-    Port port) noexcept {
+    Port port,
+    Auth::TLS const* auth) noexcept {
 
     std::shared_ptr<grpc::ChannelCredentials> creds;
     std::string address = server + ':' + std::to_string(port);
-    if (Auth::Instance().GetAuthMethod() == AuthMethod::kTLS) {
-        auto tls_opts =
-            grpc::SslCredentialsOptions{Auth::TLS::Instance().CACert(),
-                                        Auth::TLS::Instance().ClientKey(),
-                                        Auth::TLS::Instance().ClientCert()};
+    if (auth != nullptr) {
+        auto tls_opts = grpc::SslCredentialsOptions{
+            auth->CACert(), auth->ClientKey(), auth->ClientCert()};
         creds = grpc::SslCredentials(tls_opts);
     }
     else {
diff --git a/src/buildtool/execution_api/remote/TARGETS b/src/buildtool/execution_api/remote/TARGETS
index 466975ec..ef019f4d 100644
--- a/src/buildtool/execution_api/remote/TARGETS
+++ b/src/buildtool/execution_api/remote/TARGETS
@@ -22,6 +22,7 @@
     ]
   , "deps":
     [ "config"
+    , ["src/buildtool/auth", "auth"]
     , ["src/buildtool/logging", "log_level"]
     , ["src/buildtool/logging", "logging"]
     , ["src/buildtool/execution_api/common", "common"]
@@ -77,6 +78,7 @@
   , "private-deps":
     [ "bazel_network"
     , ["@", "fmt", "", "fmt"]
+    , ["src/buildtool/auth", "auth"]
     , ["src/buildtool/compatibility", "compatibility"]
     , ["src/buildtool/multithreading", "task_system"]
     , ["src/buildtool/execution_api/common", "common"]
diff --git a/src/buildtool/execution_api/remote/bazel/bazel_ac_client.cpp b/src/buildtool/execution_api/remote/bazel/bazel_ac_client.cpp
index 39bc2b40..65853702 100644
--- a/src/buildtool/execution_api/remote/bazel/bazel_ac_client.cpp
+++ b/src/buildtool/execution_api/remote/bazel/bazel_ac_client.cpp
@@ -20,9 +20,11 @@
 #include "src/buildtool/common/remote/retry.hpp"
 #include "src/buildtool/logging/log_level.hpp"
 
-BazelAcClient::BazelAcClient(std::string const& server, Port port) noexcept {
+BazelAcClient::BazelAcClient(std::string const& server,
+                             Port port,
+                             Auth::TLS const* auth) noexcept {
     stub_ = bazel_re::ActionCache::NewStub(
-        CreateChannelWithCredentials(server, port));
+        CreateChannelWithCredentials(server, port, auth));
 }
 
 auto BazelAcClient::GetActionResult(
diff --git a/src/buildtool/execution_api/remote/bazel/bazel_ac_client.hpp b/src/buildtool/execution_api/remote/bazel/bazel_ac_client.hpp
index 8ec8b85f..4ac24bbc 100644
--- a/src/buildtool/execution_api/remote/bazel/bazel_ac_client.hpp
+++ b/src/buildtool/execution_api/remote/bazel/bazel_ac_client.hpp
@@ -21,6 +21,7 @@
 #include <vector>
 
 #include "build/bazel/remote/execution/v2/remote_execution.grpc.pb.h"
+#include "src/buildtool/auth/authentication.hpp"
 #include "src/buildtool/common/bazel_types.hpp"
 #include "src/buildtool/common/remote/port.hpp"
 #include "src/buildtool/execution_api/bazel_msg/bazel_common.hpp"
@@ -31,7 +32,9 @@
 /// https://github.com/bazelbuild/remote-apis/blob/e1fe21be4c9ae76269a5a63215bb3c72ed9ab3f0/build/bazel/remote/execution/v2/remote_execution.proto#L144
 class BazelAcClient {
   public:
-    explicit BazelAcClient(std::string const& server, Port port) noexcept;
+    explicit BazelAcClient(std::string const& server,
+                           Port port,
+                           Auth::TLS const* auth) noexcept;
 
     [[nodiscard]] auto GetActionResult(
         std::string const& instance_name,
diff --git a/src/buildtool/execution_api/remote/bazel/bazel_api.cpp b/src/buildtool/execution_api/remote/bazel/bazel_api.cpp
index dfd5dd6e..f463ab3c 100644
--- a/src/buildtool/execution_api/remote/bazel/bazel_api.cpp
+++ b/src/buildtool/execution_api/remote/bazel/bazel_api.cpp
@@ -24,6 +24,7 @@
 #include <utility>  // std::move
 
 #include "fmt/core.h"
+#include "src/buildtool/auth/authentication.hpp"
 #include "src/buildtool/common/bazel_types.hpp"
 #include "src/buildtool/compatibility/compatibility.hpp"
 #include "src/buildtool/execution_api/bazel_msg/bazel_blob_container.hpp"
@@ -189,10 +190,10 @@ namespace {
 BazelApi::BazelApi(std::string const& instance_name,
                    std::string const& host,
                    Port port,
-                   [[maybe_unused]] Auth::TLS const* auth,
+                   Auth::TLS const* auth,
                    ExecutionConfiguration const& exec_config) noexcept {
-    network_ =
-        std::make_shared<BazelNetwork>(instance_name, host, port, exec_config);
+    network_ = std::make_shared<BazelNetwork>(
+        instance_name, host, port, auth, exec_config);
 }
 
 // implement move constructor in cpp, where all members are complete types
diff --git a/src/buildtool/execution_api/remote/bazel/bazel_cas_client.cpp b/src/buildtool/execution_api/remote/bazel/bazel_cas_client.cpp
index 4f9214d8..3850ccff 100644
--- a/src/buildtool/execution_api/remote/bazel/bazel_cas_client.cpp
+++ b/src/buildtool/execution_api/remote/bazel/bazel_cas_client.cpp
@@ -173,10 +173,12 @@ namespace {
 
 }  // namespace
 
-BazelCasClient::BazelCasClient(std::string const& server, Port port) noexcept
-    : stream_{std::make_unique<ByteStreamClient>(server, port)} {
+BazelCasClient::BazelCasClient(std::string const& server,
+                               Port port,
+                               Auth::TLS const* auth) noexcept
+    : stream_{std::make_unique<ByteStreamClient>(server, port, auth)} {
     stub_ = bazel_re::ContentAddressableStorage::NewStub(
-        CreateChannelWithCredentials(server, port));
+        CreateChannelWithCredentials(server, port, auth));
 }
 
 auto BazelCasClient::FindMissingBlobs(
diff --git a/src/buildtool/execution_api/remote/bazel/bazel_cas_client.hpp b/src/buildtool/execution_api/remote/bazel/bazel_cas_client.hpp
index 69ee45d4..d7aa5c05 100644
--- a/src/buildtool/execution_api/remote/bazel/bazel_cas_client.hpp
+++ b/src/buildtool/execution_api/remote/bazel/bazel_cas_client.hpp
@@ -25,6 +25,7 @@
 
 #include "build/bazel/remote/execution/v2/remote_execution.grpc.pb.h"
 #include "gsl/gsl"
+#include "src/buildtool/auth/authentication.hpp"
 #include "src/buildtool/common/bazel_types.hpp"
 #include "src/buildtool/common/remote/port.hpp"
 #include "src/buildtool/execution_api/bazel_msg/bazel_blob_container.hpp"
@@ -37,7 +38,9 @@
 /// https://github.com/bazelbuild/remote-apis/blob/e1fe21be4c9ae76269a5a63215bb3c72ed9ab3f0/build/bazel/remote/execution/v2/remote_execution.proto#L317
 class BazelCasClient {
   public:
-    explicit BazelCasClient(std::string const& server, Port port) noexcept;
+    explicit BazelCasClient(std::string const& server,
+                            Port port,
+                            Auth::TLS const* auth) noexcept;
 
     /// \brief Find missing blobs
     /// \param[in] instance_name Name of the CAS instance
diff --git a/src/buildtool/execution_api/remote/bazel/bazel_execution_client.cpp b/src/buildtool/execution_api/remote/bazel/bazel_execution_client.cpp
index 323b7dc4..f4ad250c 100644
--- a/src/buildtool/execution_api/remote/bazel/bazel_execution_client.cpp
+++ b/src/buildtool/execution_api/remote/bazel/bazel_execution_client.cpp
@@ -57,9 +57,10 @@ auto DebugString(grpc::Status const& status) -> std::string {
 }  // namespace
 
 BazelExecutionClient::BazelExecutionClient(std::string const& server,
-                                           Port port) noexcept {
+                                           Port port,
+                                           Auth::TLS const* auth) noexcept {
     stub_ = bazel_re::Execution::NewStub(
-        CreateChannelWithCredentials(server, port));
+        CreateChannelWithCredentials(server, port, auth));
 }
 
 auto BazelExecutionClient::Execute(std::string const& instance_name,
diff --git a/src/buildtool/execution_api/remote/bazel/bazel_execution_client.hpp b/src/buildtool/execution_api/remote/bazel/bazel_execution_client.hpp
index cb933b99..74676d45 100644
--- a/src/buildtool/execution_api/remote/bazel/bazel_execution_client.hpp
+++ b/src/buildtool/execution_api/remote/bazel/bazel_execution_client.hpp
@@ -22,6 +22,7 @@
 
 #include "build/bazel/remote/execution/v2/remote_execution.grpc.pb.h"
 #include "google/longrunning/operations.pb.h"
+#include "src/buildtool/auth/authentication.hpp"
 #include "src/buildtool/common/bazel_types.hpp"
 #include "src/buildtool/common/remote/port.hpp"
 #include "src/buildtool/execution_api/bazel_msg/bazel_common.hpp"
@@ -55,7 +56,8 @@ class BazelExecutionClient {
     };
 
     explicit BazelExecutionClient(std::string const& server,
-                                  Port port) noexcept;
+                                  Port port,
+                                  Auth::TLS const* auth) noexcept;
 
     [[nodiscard]] auto Execute(std::string const& instance_name,
                                bazel_re::Digest const& action_digest,
diff --git a/src/buildtool/execution_api/remote/bazel/bazel_network.cpp b/src/buildtool/execution_api/remote/bazel/bazel_network.cpp
index 38bb1aa0..4d5509c9 100644
--- a/src/buildtool/execution_api/remote/bazel/bazel_network.cpp
+++ b/src/buildtool/execution_api/remote/bazel/bazel_network.cpp
@@ -24,12 +24,13 @@
 BazelNetwork::BazelNetwork(std::string instance_name,
                            std::string const& host,
                            Port port,
+                           Auth::TLS const* auth,
                            ExecutionConfiguration const& exec_config) noexcept
     : instance_name_{std::move(instance_name)},
       exec_config_{exec_config},
-      cas_{std::make_unique<BazelCasClient>(host, port)},
-      ac_{std::make_unique<BazelAcClient>(host, port)},
-      exec_{std::make_unique<BazelExecutionClient>(host, port)} {}
+      cas_{std::make_unique<BazelCasClient>(host, port, auth)},
+      ac_{std::make_unique<BazelAcClient>(host, port, auth)},
+      exec_{std::make_unique<BazelExecutionClient>(host, port, auth)} {}
 
 auto BazelNetwork::IsAvailable(bazel_re::Digest const& digest) const noexcept
     -> bool {
diff --git a/src/buildtool/execution_api/remote/bazel/bazel_network.hpp b/src/buildtool/execution_api/remote/bazel/bazel_network.hpp
index a55fa064..4da302c9 100644
--- a/src/buildtool/execution_api/remote/bazel/bazel_network.hpp
+++ b/src/buildtool/execution_api/remote/bazel/bazel_network.hpp
@@ -22,6 +22,7 @@
 #include <utility>
 #include <vector>
 
+#include "src/buildtool/auth/authentication.hpp"
 #include "src/buildtool/common/bazel_types.hpp"
 #include "src/buildtool/common/remote/port.hpp"
 #include "src/buildtool/execution_api/bazel_msg/bazel_blob_container.hpp"
@@ -38,6 +39,7 @@ class BazelNetwork {
     explicit BazelNetwork(std::string instance_name,
                           std::string const& host,
                           Port port,
+                          Auth::TLS const* auth,
                           ExecutionConfiguration const& exec_config) noexcept;
 
     /// \brief Check if digest exists in CAS
diff --git a/src/buildtool/execution_api/remote/bazel/bytestream_client.hpp b/src/buildtool/execution_api/remote/bazel/bytestream_client.hpp
index 908f6e2a..2879a90f 100644
--- a/src/buildtool/execution_api/remote/bazel/bytestream_client.hpp
+++ b/src/buildtool/execution_api/remote/bazel/bytestream_client.hpp
@@ -26,6 +26,7 @@
 
 #include "google/bytestream/bytestream.grpc.pb.h"
 #include "gsl/gsl"
+#include "src/buildtool/auth/authentication.hpp"
 #include "src/buildtool/common/remote/client_common.hpp"
 #include "src/buildtool/common/remote/port.hpp"
 #include "src/buildtool/execution_api/common/bytestream_common.hpp"
@@ -80,9 +81,11 @@ class ByteStreamClient {
         }
     };
 
-    explicit ByteStreamClient(std::string const& server, Port port) noexcept {
+    explicit ByteStreamClient(std::string const& server,
+                              Port port,
+                              Auth::TLS const* auth) noexcept {
         stub_ = google::bytestream::ByteStream::NewStub(
-            CreateChannelWithCredentials(server, port));
+            CreateChannelWithCredentials(server, port, auth));
     }
 
     [[nodiscard]] auto IncrementalRead(
diff --git a/src/buildtool/serve_api/remote/TARGETS b/src/buildtool/serve_api/remote/TARGETS
index 15aa6cd7..e6f03424 100644
--- a/src/buildtool/serve_api/remote/TARGETS
+++ b/src/buildtool/serve_api/remote/TARGETS
@@ -16,7 +16,8 @@
   , "hdrs": ["source_tree_client.hpp"]
   , "srcs": ["source_tree_client.cpp"]
   , "deps":
-    [ ["src/buildtool/common/remote", "port"]
+    [ ["src/buildtool/auth", "auth"]
+    , ["src/buildtool/common/remote", "port"]
     , ["src/buildtool/file_system", "git_types"]
     , ["src/buildtool/file_system/symlinks_map", "pragma_special"]
     , ["src/buildtool/logging", "logging"]
@@ -34,7 +35,8 @@
   , "name": ["serve_api"]
   , "hdrs": ["serve_api.hpp"]
   , "deps":
-    [ ["src/buildtool/common", "common"]
+    [ ["src/buildtool/auth", "auth"]
+    , ["src/buildtool/common", "common"]
     , ["src/buildtool/common/remote", "port"]
     , ["src/buildtool/common/remote", "remote_common"]
     , ["src/buildtool/file_system", "git_types"]
@@ -78,7 +80,8 @@
   , "hdrs": ["configuration_client.hpp"]
   , "srcs": ["configuration_client.cpp"]
   , "deps":
-    [ ["src/buildtool/common/remote", "port"]
+    [ ["src/buildtool/auth", "auth"]
+    , ["src/buildtool/common/remote", "port"]
     , ["src/buildtool/logging", "logging"]
     , ["src/buildtool/common/remote", "client_common"]
     , ["src/buildtool/common/remote", "remote_common"]
diff --git a/src/buildtool/serve_api/remote/configuration_client.hpp b/src/buildtool/serve_api/remote/configuration_client.hpp
index aeebc303..b7785315 100644
--- a/src/buildtool/serve_api/remote/configuration_client.hpp
+++ b/src/buildtool/serve_api/remote/configuration_client.hpp
@@ -22,6 +22,7 @@
 #include <vector>
 
 #include "justbuild/just_serve/just_serve.grpc.pb.h"
+#include "src/buildtool/auth/authentication.hpp"
 #include "src/buildtool/common/remote/client_common.hpp"
 #include "src/buildtool/common/remote/port.hpp"
 #include "src/buildtool/common/remote/remote_common.hpp"
@@ -31,11 +32,13 @@
 /// src/buildtool/serve_api/serve_service/just_serve.proto
 class ConfigurationClient {
   public:
-    explicit ConfigurationClient(ServerAddress address) noexcept
+    explicit ConfigurationClient(ServerAddress address,
+                                 Auth::TLS const* auth) noexcept
         : client_serve_address_{std::move(address)},
           stub_{justbuild::just_serve::Configuration::NewStub(
               CreateChannelWithCredentials(client_serve_address_.host,
-                                           client_serve_address_.port))} {}
+                                           client_serve_address_.port,
+                                           auth))} {}
 
     [[nodiscard]] auto CheckServeRemoteExecution() const noexcept -> bool;
 
diff --git a/src/buildtool/serve_api/remote/serve_api.hpp b/src/buildtool/serve_api/remote/serve_api.hpp
index 7d265c92..9e4a29bf 100644
--- a/src/buildtool/serve_api/remote/serve_api.hpp
+++ b/src/buildtool/serve_api/remote/serve_api.hpp
@@ -24,6 +24,7 @@ class ServeApi final {};
 #include <string>
 #include <unordered_map>
 
+#include "src/buildtool/auth/authentication.hpp"
 #include "src/buildtool/common/artifact.hpp"
 #include "src/buildtool/common/artifact_digest.hpp"
 #include "src/buildtool/common/remote/port.hpp"
@@ -41,7 +42,9 @@ class ServeApi final {
   public:
     explicit ServeApi(ServerAddress const& address,
                       gsl::not_null<ApiBundle const*> const& apis) noexcept
-        : stc_{address}, tc_{address, apis}, cc_{address} {}
+        : stc_{address, apis->auth},
+          tc_{address, apis},
+          cc_{address, apis->auth} {}
 
     ~ServeApi() noexcept = default;
     ServeApi(ServeApi const&) = delete;
diff --git a/src/buildtool/serve_api/remote/source_tree_client.cpp b/src/buildtool/serve_api/remote/source_tree_client.cpp
index 82a7caf0..3070a44f 100644
--- a/src/buildtool/serve_api/remote/source_tree_client.cpp
+++ b/src/buildtool/serve_api/remote/source_tree_client.cpp
@@ -59,9 +59,10 @@ auto PragmaSpecialToSymlinksResolve(
 
 }  // namespace
 
-SourceTreeClient::SourceTreeClient(ServerAddress const& address) noexcept {
+SourceTreeClient::SourceTreeClient(ServerAddress const& address,
+                                   Auth::TLS const* auth) noexcept {
     stub_ = justbuild::just_serve::SourceTree::NewStub(
-        CreateChannelWithCredentials(address.host, address.port));
+        CreateChannelWithCredentials(address.host, address.port, auth));
 }
 
 auto SourceTreeClient::ServeCommitTree(std::string const& commit_id,
diff --git a/src/buildtool/serve_api/remote/source_tree_client.hpp b/src/buildtool/serve_api/remote/source_tree_client.hpp
index 802cb072..17eb0c57 100644
--- a/src/buildtool/serve_api/remote/source_tree_client.hpp
+++ b/src/buildtool/serve_api/remote/source_tree_client.hpp
@@ -20,6 +20,7 @@
 #include <unordered_map>
 
 #include "justbuild/just_serve/just_serve.grpc.pb.h"
+#include "src/buildtool/auth/authentication.hpp"
 #include "src/buildtool/common/remote/port.hpp"
 #include "src/buildtool/common/remote/remote_common.hpp"
 #include "src/buildtool/file_system/git_types.hpp"
@@ -31,7 +32,8 @@
 /// src/buildtool/serve_api/serve_service/just_serve.proto
 class SourceTreeClient {
   public:
-    explicit SourceTreeClient(ServerAddress const& address) noexcept;
+    explicit SourceTreeClient(ServerAddress const& address,
+                              Auth::TLS const* auth) noexcept;
 
     // An error + data union type
     using result_t = expected<std::string, GitLookupError>;
diff --git a/src/buildtool/serve_api/remote/target_client.cpp b/src/buildtool/serve_api/remote/target_client.cpp
index 7b13b90e..d19ac26f 100644
--- a/src/buildtool/serve_api/remote/target_client.cpp
+++ b/src/buildtool/serve_api/remote/target_client.cpp
@@ -31,7 +31,7 @@ TargetClient::TargetClient(ServerAddress const& address,
                            gsl::not_null<ApiBundle const*> const& apis) noexcept
     : apis_{*apis} {
     stub_ = justbuild::just_serve::Target::NewStub(
-        CreateChannelWithCredentials(address.host, address.port));
+        CreateChannelWithCredentials(address.host, address.port, apis->auth));
 }
 
 auto TargetClient::ServeTarget(const TargetCacheKey& key,
author	Paul Cristian Sarbu <paul.cristian.sarbu@huawei.com>	2024-07-01 17:07:02 +0200
committer	Paul Cristian Sarbu <paul.cristian.sarbu@huawei.com>	2024-07-04 16:05:08 +0200
commit	0d60cd9ba4a5c18b01b6ef996434953071f0576e (patch)
tree	e2d96536db33b8e36cfc417e548d0f60b2d1ed28 /src
parent	217e31bf00c3437658033bd0829f31929f10a103 (diff)
download	justbuild-0d60cd9ba4a5c18b01b6ef996434953071f0576e.tar.gz