summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/buildtool/auth/authentication.hpp50
-rw-r--r--src/buildtool/common/remote/client_common.hpp9
-rw-r--r--src/buildtool/execution_api/execution_service/server_implementation.cpp7
-rw-r--r--src/buildtool/main/main.cpp14
-rw-r--r--src/buildtool/serve_api/serve_service/serve_server_implementation.cpp7
-rw-r--r--src/other_tools/just_mr/setup_utils.cpp9
-rw-r--r--test/utils/test_env.hpp10
7 files changed, 56 insertions, 50 deletions
diff --git a/src/buildtool/auth/authentication.hpp b/src/buildtool/auth/authentication.hpp
index a7e66c05..ae45561a 100644
--- a/src/buildtool/auth/authentication.hpp
+++ b/src/buildtool/auth/authentication.hpp
@@ -34,9 +34,9 @@ class Auth {
return instance;
}
- static void SetAuthMethod(AuthMethod x) { Instance().auth_ = x; }
- [[nodiscard]] static auto GetAuthMethod() noexcept -> AuthMethod {
- return Instance().auth_;
+ void SetAuthMethod(AuthMethod x) { auth_ = x; }
+ [[nodiscard]] auto GetAuthMethod() const noexcept -> AuthMethod {
+ return auth_;
}
class TLS {
@@ -46,54 +46,54 @@ class Auth {
return instance;
}
- [[nodiscard]] static auto CACert() noexcept -> const std::string& {
- return Instance().ca_cert_;
+ [[nodiscard]] auto CACert() const noexcept -> const std::string& {
+ return ca_cert_;
}
- [[nodiscard]] static auto ClientCert() noexcept -> const std::string& {
- return Instance().client_cert_;
+ [[nodiscard]] auto ClientCert() const noexcept -> const std::string& {
+ return client_cert_;
}
- [[nodiscard]] static auto ClientKey() noexcept -> const std::string& {
- return Instance().client_key_;
+ [[nodiscard]] auto ClientKey() const noexcept -> const std::string& {
+ return client_key_;
}
- [[nodiscard]] static auto ServerCert() noexcept -> const std::string& {
- return Instance().server_cert_;
+ [[nodiscard]] auto ServerCert() const noexcept -> const std::string& {
+ return server_cert_;
}
- [[nodiscard]] static auto ServerKey() noexcept -> const std::string& {
- return Instance().server_key_;
+ [[nodiscard]] auto ServerKey() const noexcept -> const std::string& {
+ return server_key_;
}
- [[nodiscard]] static auto SetCACertificate(
+ [[nodiscard]] auto SetCACertificate(
std::filesystem::path const& cert_file) noexcept -> bool {
- return set(cert_file, &Instance().ca_cert_);
+ return set(cert_file, &ca_cert_);
}
- [[nodiscard]] static auto SetClientCertificate(
+ [[nodiscard]] auto SetClientCertificate(
std::filesystem::path const& cert_file) noexcept -> bool {
- return set(cert_file, &Instance().client_cert_);
+ return set(cert_file, &client_cert_);
}
- [[nodiscard]] static auto SetClientKey(
+ [[nodiscard]] auto SetClientKey(
std::filesystem::path const& key_file) noexcept -> bool {
- return set(key_file, &Instance().client_key_);
+ return set(key_file, &client_key_);
}
- [[nodiscard]] static auto SetServerCertificate(
+ [[nodiscard]] auto SetServerCertificate(
std::filesystem::path const& cert_file) noexcept -> bool {
- return set(cert_file, &Instance().server_cert_);
+ return set(cert_file, &server_cert_);
}
- [[nodiscard]] static auto SetServerKey(
+ [[nodiscard]] auto SetServerKey(
std::filesystem::path const& key_file) noexcept -> bool {
- return set(key_file, &Instance().server_key_);
+ return set(key_file, &server_key_);
}
// must be called after the parsing of cmd line arguments
// we ensure that either both tls_client_cert or tls_client_key are set
// or none of the two.
- [[nodiscard]] static auto Validate() noexcept -> bool {
+ [[nodiscard]] auto Validate() const noexcept -> bool {
if (CACert().empty()) {
Logger::Log(LogLevel::Error, "Please provide tls-ca-cert");
return false;
@@ -137,7 +137,7 @@ class Auth {
[[nodiscard]] static auto set(
std::filesystem::path const& x,
gsl::not_null<std::string*> const& member) noexcept -> bool {
- Auth::SetAuthMethod(AuthMethod::kTLS);
+ Auth::Instance().SetAuthMethod(AuthMethod::kTLS);
try {
// if the file does not exist, it will throw an exception
auto file = std::filesystem::canonical(x);
diff --git a/src/buildtool/common/remote/client_common.hpp b/src/buildtool/common/remote/client_common.hpp
index bd962e8d..eb4af68f 100644
--- a/src/buildtool/common/remote/client_common.hpp
+++ b/src/buildtool/common/remote/client_common.hpp
@@ -36,10 +36,11 @@
std::shared_ptr<grpc::ChannelCredentials> creds;
std::string address = server + ':' + std::to_string(port);
- if (Auth::GetAuthMethod() == AuthMethod::kTLS) {
- auto tls_opts = grpc::SslCredentialsOptions{Auth::TLS::CACert(),
- Auth::TLS::ClientKey(),
- Auth::TLS::ClientCert()};
+ if (Auth::Instance().GetAuthMethod() == AuthMethod::kTLS) {
+ auto tls_opts =
+ grpc::SslCredentialsOptions{Auth::TLS::Instance().CACert(),
+ Auth::TLS::Instance().ClientKey(),
+ Auth::TLS::Instance().ClientCert()};
creds = grpc::SslCredentials(tls_opts);
}
else {
diff --git a/src/buildtool/execution_api/execution_service/server_implementation.cpp b/src/buildtool/execution_api/execution_service/server_implementation.cpp
index 7a9745db..30974d4f 100644
--- a/src/buildtool/execution_api/execution_service/server_implementation.cpp
+++ b/src/buildtool/execution_api/execution_service/server_implementation.cpp
@@ -72,12 +72,13 @@ auto ServerImpl::Run(ApiBundle const& apis) -> bool {
.RegisterService(&op);
std::shared_ptr<grpc::ServerCredentials> creds;
- if (Auth::GetAuthMethod() == AuthMethod::kTLS) {
+ if (Auth::Instance().GetAuthMethod() == AuthMethod::kTLS) {
auto tls_opts = grpc::SslServerCredentialsOptions{};
- tls_opts.pem_root_certs = Auth::TLS::CACert();
+ tls_opts.pem_root_certs = Auth::TLS::Instance().CACert();
grpc::SslServerCredentialsOptions::PemKeyCertPair keycert = {
- Auth::TLS::ServerKey(), Auth::TLS::ServerCert()};
+ Auth::TLS::Instance().ServerKey(),
+ Auth::TLS::Instance().ServerCert()};
tls_opts.pem_key_cert_pairs.emplace_back(keycert);
diff --git a/src/buildtool/main/main.cpp b/src/buildtool/main/main.cpp
index 041046bf..1ae9c0ce 100644
--- a/src/buildtool/main/main.cpp
+++ b/src/buildtool/main/main.cpp
@@ -190,7 +190,7 @@ void SetupAuthConfig(CommonAuthArguments const& authargs,
auto use_tls = false;
if (authargs.tls_ca_cert) {
use_tls = true;
- if (not Auth::TLS::SetCACertificate(*authargs.tls_ca_cert)) {
+ if (not Auth::TLS::Instance().SetCACertificate(*authargs.tls_ca_cert)) {
Logger::Log(LogLevel::Error,
"Could not read '{}' certificate.",
authargs.tls_ca_cert->string());
@@ -199,7 +199,7 @@ void SetupAuthConfig(CommonAuthArguments const& authargs,
}
if (client_authargs.tls_client_cert) {
use_tls = true;
- if (not Auth::TLS::SetClientCertificate(
+ if (not Auth::TLS::Instance().SetClientCertificate(
*client_authargs.tls_client_cert)) {
Logger::Log(LogLevel::Error,
"Could not read '{}' certificate.",
@@ -209,7 +209,8 @@ void SetupAuthConfig(CommonAuthArguments const& authargs,
}
if (client_authargs.tls_client_key) {
use_tls = true;
- if (not Auth::TLS::SetClientKey(*client_authargs.tls_client_key)) {
+ if (not Auth::TLS::Instance().SetClientKey(
+ *client_authargs.tls_client_key)) {
Logger::Log(LogLevel::Error,
"Could not read '{}' key.",
client_authargs.tls_client_key->string());
@@ -219,7 +220,7 @@ void SetupAuthConfig(CommonAuthArguments const& authargs,
if (server_authargs.tls_server_cert) {
use_tls = true;
- if (not Auth::TLS::SetServerCertificate(
+ if (not Auth::TLS::Instance().SetServerCertificate(
*server_authargs.tls_server_cert)) {
Logger::Log(LogLevel::Error,
"Could not read '{}' certificate.",
@@ -229,7 +230,8 @@ void SetupAuthConfig(CommonAuthArguments const& authargs,
}
if (server_authargs.tls_server_key) {
use_tls = true;
- if (not Auth::TLS::SetServerKey(*server_authargs.tls_server_key)) {
+ if (not Auth::TLS::Instance().SetServerKey(
+ *server_authargs.tls_server_key)) {
Logger::Log(LogLevel::Error,
"Could not read '{}' key.",
server_authargs.tls_server_key->string());
@@ -238,7 +240,7 @@ void SetupAuthConfig(CommonAuthArguments const& authargs,
}
if (use_tls) {
- if (not Auth::TLS::Validate()) {
+ if (not Auth::TLS::Instance().Validate()) {
std::exit(kExitFailure);
}
}
diff --git a/src/buildtool/serve_api/serve_service/serve_server_implementation.cpp b/src/buildtool/serve_api/serve_service/serve_server_implementation.cpp
index 34056a31..374e42ac 100644
--- a/src/buildtool/serve_api/serve_service/serve_server_implementation.cpp
+++ b/src/buildtool/serve_api/serve_service/serve_server_implementation.cpp
@@ -134,12 +134,13 @@ auto ServeServerImpl::Run(RemoteServeConfig const& serve_config,
}
std::shared_ptr<grpc::ServerCredentials> creds;
- if (Auth::GetAuthMethod() == AuthMethod::kTLS) {
+ if (Auth::Instance().GetAuthMethod() == AuthMethod::kTLS) {
auto tls_opts = grpc::SslServerCredentialsOptions{};
- tls_opts.pem_root_certs = Auth::TLS::CACert();
+ tls_opts.pem_root_certs = Auth::TLS::Instance().CACert();
grpc::SslServerCredentialsOptions::PemKeyCertPair keycert = {
- Auth::TLS::ServerKey(), Auth::TLS::ServerCert()};
+ Auth::TLS::Instance().ServerKey(),
+ Auth::TLS::Instance().ServerCert()};
tls_opts.pem_key_cert_pairs.emplace_back(keycert);
diff --git a/src/other_tools/just_mr/setup_utils.cpp b/src/other_tools/just_mr/setup_utils.cpp
index 1c55c9a3..86e0615c 100644
--- a/src/other_tools/just_mr/setup_utils.cpp
+++ b/src/other_tools/just_mr/setup_utils.cpp
@@ -32,7 +32,7 @@ void SetupAuthConfig(MultiRepoRemoteAuthArguments const& authargs) noexcept {
bool use_tls{false};
if (authargs.tls_ca_cert) {
use_tls = true;
- if (not Auth::TLS::SetCACertificate(*authargs.tls_ca_cert)) {
+ if (not Auth::TLS::Instance().SetCACertificate(*authargs.tls_ca_cert)) {
Logger::Log(LogLevel::Error,
"Could not read '{}' certificate.",
authargs.tls_ca_cert->string());
@@ -41,7 +41,8 @@ void SetupAuthConfig(MultiRepoRemoteAuthArguments const& authargs) noexcept {
}
if (authargs.tls_client_cert) {
use_tls = true;
- if (not Auth::TLS::SetClientCertificate(*authargs.tls_client_cert)) {
+ if (not Auth::TLS::Instance().SetClientCertificate(
+ *authargs.tls_client_cert)) {
Logger::Log(LogLevel::Error,
"Could not read '{}' certificate.",
authargs.tls_client_cert->string());
@@ -50,7 +51,7 @@ void SetupAuthConfig(MultiRepoRemoteAuthArguments const& authargs) noexcept {
}
if (authargs.tls_client_key) {
use_tls = true;
- if (not Auth::TLS::SetClientKey(*authargs.tls_client_key)) {
+ if (not Auth::TLS::Instance().SetClientKey(*authargs.tls_client_key)) {
Logger::Log(LogLevel::Error,
"Could not read '{}' key.",
authargs.tls_client_key->string());
@@ -59,7 +60,7 @@ void SetupAuthConfig(MultiRepoRemoteAuthArguments const& authargs) noexcept {
}
if (use_tls) {
- if (not Auth::TLS::Validate()) {
+ if (not Auth::TLS::Instance().Validate()) {
std::exit(kExitConfigError);
}
}
diff --git a/test/utils/test_env.hpp b/test/utils/test_env.hpp
index 0764f9f4..d9c60fb8 100644
--- a/test/utils/test_env.hpp
+++ b/test/utils/test_env.hpp
@@ -67,22 +67,22 @@ static inline void ReadCompatibilityFromEnv() {
auto* client_cert = std::getenv("TLS_CLIENT_CERT");
auto* client_key = std::getenv("TLS_CLIENT_KEY");
if (ca_cert != nullptr) {
- if (not Auth::TLS::SetCACertificate(ca_cert)) {
+ if (not Auth::TLS::Instance().SetCACertificate(ca_cert)) {
return false;
}
}
if (client_cert != nullptr) {
- if (not Auth::TLS::SetClientCertificate(client_cert)) {
+ if (not Auth::TLS::Instance().SetClientCertificate(client_cert)) {
return false;
}
}
if (client_key != nullptr) {
- if (not Auth::TLS::SetClientKey(client_key)) {
+ if (not Auth::TLS::Instance().SetClientKey(client_key)) {
return false;
}
}
- if (Auth::GetAuthMethod() == AuthMethod::kTLS) {
- if (not Auth::TLS::Validate()) {
+ if (Auth::Instance().GetAuthMethod() == AuthMethod::kTLS) {
+ if (not Auth::TLS::Instance().Validate()) {
return false;
}
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-03 15:00:52 +0000