diff options
| -rw-r--r-- | etc/repos.json | 3 | ||||
| -rw-r--r-- | test/end-to-end/remote-execution/TARGETS | 14 | ||||
| -rw-r--r-- | test/end-to-end/remote-execution/large-blobs.sh | 13 | ||||
| -rw-r--r-- | test/end-to-end/remote-execution/native-protocol.sh | 13 | ||||
| -rw-r--r-- | test/end-to-end/remote-execution/upload-test.sh | 13 | ||||
| -rw-r--r-- | test/end-to-end/target-cache/TARGETS | 2 | ||||
| -rw-r--r-- | test/end-to-end/target-cache/artifacts-sync.sh | 22 | ||||
| -rw-r--r-- | test/end-to-end/target-cache/target-cache-hit.sh | 19 | ||||
| -rw-r--r-- | test/etc/credentials/TARGETS | 6 | ||||
| -rw-r--r-- | test/etc/credentials/readme.org | 2 | ||||
| -rw-r--r-- | test/utils/TARGETS | 6 | ||||
| -rw-r--r-- | test/utils/remote_execution/main-remote-execution.cpp | 3 | ||||
| -rw-r--r-- | test/utils/test_env.hpp | 28 |
13 files changed, 128 insertions, 16 deletions
diff --git a/etc/repos.json b/etc/repos.json index 1da2715a..5937cebd 100644 --- a/etc/repos.json +++ b/etc/repos.json @@ -19,6 +19,7 @@ , "libcurl": "com_github_curl_curl" , "bzip2": "bzip2" , "libarchive": "com_github_libarchive_libarchive" + , "credentials": "test-credentials" } , "bootstrap": {"link": ["-lpthread"]} , "bootstrap_local": {"link": ["-lpthread"]} @@ -446,5 +447,7 @@ , "bzip2": "bzip2" } } + , "test-credentials": + {"repository": {"type": "file", "path": "test/etc/credentials"}} } } diff --git a/test/end-to-end/remote-execution/TARGETS b/test/end-to-end/remote-execution/TARGETS index 0f7b5118..f2ba00f5 100644 --- a/test/end-to-end/remote-execution/TARGETS +++ b/test/end-to-end/remote-execution/TARGETS @@ -5,23 +5,31 @@ , "deps": [ ["test/end-to-end", "tool-under-test"] , ["test/end-to-end", "mr-tool-under-test"] + , ["@", "credentials", "", ""] ] } , "large-blobs": { "type": ["@", "rules", "shell/test", "script"] , "name": ["large-blobs"] , "test": ["large-blobs.sh"] - , "deps": [["test/end-to-end", "tool-under-test"]] + , "deps": + [["test/end-to-end", "tool-under-test"], ["@", "credentials", "", ""]] } , "upload-test": { "type": ["@", "rules", "shell/test", "script"] , "name": ["upload-test"] , "test": ["upload-test.sh"] - , "deps": [["test/end-to-end", "tool-under-test"]] + , "deps": + [["test/end-to-end", "tool-under-test"], ["@", "credentials", "", ""]] } , "TESTS": { "type": "install" , "tainted": ["test"] - , "deps": ["native-protocol", "large-blobs", "upload-test"] + , "deps": + [ "native-protocol" + , "large-blobs" + , "upload-test" + , ["@", "credentials", "", ""] + ] } } diff --git a/test/end-to-end/remote-execution/large-blobs.sh b/test/end-to-end/remote-execution/large-blobs.sh index 17839e86..a4d25ffa 100644 --- a/test/end-to-end/remote-execution/large-blobs.sh +++ b/test/end-to-end/remote-execution/large-blobs.sh @@ -17,6 +17,7 @@ set -eu readonly JUST="${PWD}/bin/tool-under-test" +readonly CREDENTIALS_DIR="${PWD}/credentials" # create a sufficiently large (>4MB) file for testing upload/download (16MB) dd if=/dev/zero of=large.file bs=1024 count=$((16*1024)) @@ -43,12 +44,22 @@ run_tests() { local TYPE="local" local REMOTE_ARGS="" local REMOTE_BUILD_ARGS="" + local AUTH_ARGS="" if [ -n "${1:-}" ] && [ -n "${2:-}" ]; then TYPE="remote" REMOTE_ARGS="-r $1" REMOTE_BUILD_ARGS="--remote-execution-property $2" + if [ -f "${CREDENTIALS_DIR}/ca.crt" ]; then + AUTH_ARGS=" --tls-ca-cert ${CREDENTIALS_DIR}/ca.crt " + if [ -f "${CREDENTIALS_DIR}/client.crt" ]; then + AUTH_ARGS=" --tls-client-cert ${CREDENTIALS_DIR}/client.crt "${AUTH_ARGS} + fi + if [ -f "${CREDENTIALS_DIR}/client.key" ]; then + AUTH_ARGS=" --tls-client-key ${CREDENTIALS_DIR}/client.key "${AUTH_ARGS} + fi + fi fi - ARGS="$COMMON_ARGS $REMOTE_ARGS" + ARGS="$COMMON_ARGS $REMOTE_ARGS ${AUTH_ARGS}" BUILD_ARGS="$ARGS $REMOTE_BUILD_ARGS" echo diff --git a/test/end-to-end/remote-execution/native-protocol.sh b/test/end-to-end/remote-execution/native-protocol.sh index aea047ad..bef83e46 100644 --- a/test/end-to-end/remote-execution/native-protocol.sh +++ b/test/end-to-end/remote-execution/native-protocol.sh @@ -23,6 +23,7 @@ readonly LBRDIR="${TEST_TMPDIR}/local-build-root" readonly JUST_MR="${PWD}/bin/mr-tool-under-test" readonly JUST="${PWD}/bin/tool-under-test" readonly RESULT="out.txt" +readonly CREDENTIALS_DIR="${PWD}/credentials" echo echo Create Git repository @@ -84,15 +85,25 @@ echo TREE_ID="$(jq -r ".${OUT_DIRNAME}.id" "${RESULT}" 2>&1)" test ${TREE_ID} ${EQUAL} ${GIT_TREE_ID} +AUTH_ARGS="" if [ "${REMOTE_EXECUTION_ADDRESS:-}" != "" ]; then REMOTE_EXECUTION_ARGS="-r ${REMOTE_EXECUTION_ADDRESS}" if [ "${REMOTE_EXECUTION_PROPERTIES:-}" != "" ]; then REMOTE_EXECUTION_ARGS="${REMOTE_EXECUTION_ARGS} --remote-execution-property ${REMOTE_EXECUTION_PROPERTIES}" fi + if [ -f "${CREDENTIALS_DIR}/ca.crt" ]; then + AUTH_ARGS=" --tls-ca-cert ${CREDENTIALS_DIR}/ca.crt " + if [ -f "${CREDENTIALS_DIR}/client.crt" ]; then + AUTH_ARGS=" --tls-client-cert ${CREDENTIALS_DIR}/client.crt "${AUTH_ARGS} + fi + if [ -f "${CREDENTIALS_DIR}/client.key" ]; then + AUTH_ARGS=" --tls-client-key ${CREDENTIALS_DIR}/client.key "${AUTH_ARGS} + fi + fi echo echo Upload and download Git tree to remote CAS in ${NAME} mode echo - "${JUST}" build -C "${CONF}" --main test test ${REMOTE_EXECUTION_ARGS} --local-build-root="${LBRDIR}" --dump-artifacts "${RESULT}" ${ARGS} 2>&1 + "${JUST}" build -C "${CONF}" --main test test ${REMOTE_EXECUTION_ARGS} ${AUTH_ARGS} --local-build-root="${LBRDIR}" --dump-artifacts "${RESULT}" ${ARGS} 2>&1 TREE_ID="$(jq -r ".${OUT_DIRNAME}.id" "${RESULT}" 2>&1)" test ${TREE_ID} ${EQUAL} ${GIT_TREE_ID} fi diff --git a/test/end-to-end/remote-execution/upload-test.sh b/test/end-to-end/remote-execution/upload-test.sh index b04b6125..40d2628b 100644 --- a/test/end-to-end/remote-execution/upload-test.sh +++ b/test/end-to-end/remote-execution/upload-test.sh @@ -19,6 +19,7 @@ set -eu readonly JUST="${PWD}/bin/tool-under-test" readonly GITDIR="${TEST_TMPDIR}/src" readonly LBRDIR="${TEST_TMPDIR}/local-build-root" +readonly CREDENTIALS_DIR="${PWD}/credentials" mkdir -p ${GITDIR} cd ${GITDIR} @@ -57,10 +58,20 @@ export CONF="$(realpath repos.json)" "${JUST}" build -C "${CONF}" --local-build-root="${LBRDIR}" ${ARGS} 2>&1 # Build remotely +AUTH_ARGS="" if [ "${REMOTE_EXECUTION_ADDRESS:-}" != "" ]; then REMOTE_EXECUTION_ARGS="-r ${REMOTE_EXECUTION_ADDRESS}" if [ "${REMOTE_EXECUTION_PROPERTIES:-}" != "" ]; then REMOTE_EXECUTION_ARGS="${REMOTE_EXECUTION_ARGS} --remote-execution-property ${REMOTE_EXECUTION_PROPERTIES}" fi - "${JUST}" build -C "${CONF}" --local-build-root="${LBRDIR}" ${ARGS} ${REMOTE_EXECUTION_ARGS} 2>&1 + if [ -f "${CREDENTIALS_DIR}/ca.crt" ]; then + AUTH_ARGS=" --tls-ca-cert ${CREDENTIALS_DIR}/ca.crt " + if [ -f "${CREDENTIALS_DIR}/client.crt" ]; then + AUTH_ARGS=" --tls-client-cert ${CREDENTIALS_DIR}/client.crt "${AUTH_ARGS} + fi + if [ -f "${CREDENTIALS_DIR}/client.key" ]; then + AUTH_ARGS=" --tls-client-key ${CREDENTIALS_DIR}/client.key "${AUTH_ARGS} + fi + fi + "${JUST}" build -C "${CONF}" --local-build-root="${LBRDIR}" ${ARGS} ${REMOTE_EXECUTION_ARGS} ${AUTH_ARGS} 2>&1 fi diff --git a/test/end-to-end/target-cache/TARGETS b/test/end-to-end/target-cache/TARGETS index 09057dd2..83af5993 100644 --- a/test/end-to-end/target-cache/TARGETS +++ b/test/end-to-end/target-cache/TARGETS @@ -5,6 +5,7 @@ , "deps": [ ["test/end-to-end", "tool-under-test"] , ["test/end-to-end", "mr-tool-under-test"] + , ["@", "credentials", "", ""] ] } , "artifacts-sync": @@ -16,6 +17,7 @@ , ["./", "test-data-artifacts-sync", "greetlib"] , ["./", "test-data-artifacts-sync", "pydicts"] , "bootstrap-src-staged" + , ["@", "credentials", "", ""] ] } , "bootstrap-src-staged": diff --git a/test/end-to-end/target-cache/artifacts-sync.sh b/test/end-to-end/target-cache/artifacts-sync.sh index c4f75f51..552e04aa 100644 --- a/test/end-to-end/target-cache/artifacts-sync.sh +++ b/test/end-to-end/target-cache/artifacts-sync.sh @@ -57,6 +57,7 @@ readonly JUST_MR="$ROOT/foo/bin/just-mr.py" readonly JUST_RULES="$ROOT/foo/rules" readonly LBRDIR="$TEST_TMPDIR/local-build-root" readonly TESTDIR="$TEST_TMPDIR/test-root" +readonly CREDENTIALS_DIR="${PWD}/credentials" if [ "${REMOTE_EXECUTION_ADDRESS:-}" = "" ]; then echo @@ -70,6 +71,17 @@ if [ "${REMOTE_EXECUTION_PROPERTIES:-}" != "" ]; then REMOTE_EXECUTION_ARGS="$REMOTE_EXECUTION_ARGS --remote-execution-property $REMOTE_EXECUTION_PROPERTIES" fi +AUTH_ARGS="" +if [ -f "${CREDENTIALS_DIR}/ca.crt" ]; then + AUTH_ARGS=" --tls-ca-cert ${CREDENTIALS_DIR}/ca.crt " + if [ -f "${CREDENTIALS_DIR}/client.crt" ]; then + AUTH_ARGS=" --tls-client-cert ${CREDENTIALS_DIR}/client.crt "${AUTH_ARGS} + fi + if [ -f "${CREDENTIALS_DIR}/client.key" ]; then + AUTH_ARGS=" --tls-client-key ${CREDENTIALS_DIR}/client.key "${AUTH_ARGS} + fi +fi + if [ "${COMPATIBLE:-}" = "YES" ]; then ARGS="--compatible" HASH_TYPE="compatible-sha256" @@ -121,7 +133,7 @@ echo "Local execution ID: $LOCAL_EXECUTION_ID" rm -rf "$TCDIR" # Determine remote execution ID -"$JUST_MR" --norc --just "$JUST" --local-build-root "$LBRDIR" build main $ARGS $REMOTE_EXECUTION_ARGS +"$JUST_MR" --norc --just "$JUST" --local-build-root "$LBRDIR" build main $ARGS $REMOTE_EXECUTION_ARGS ${AUTH_ARGS} readonly REMOTE_EXECUTION_ID=$(ls -1 "$TCDIR" | head -n1) echo "Remote execution ID: $REMOTE_EXECUTION_ID" rm -rf "$TCDIR" @@ -155,7 +167,7 @@ sed -i "s|RANDOM_STRING_1 \".*\"|RANDOM_STRING_1 \"$RANDOM_STRING\"|" greet/incl sed -i "s|RANDOM_STRING_2 \".*\"|RANDOM_STRING_2 \"$RANDOM_STRING\"|" greet/src/greet.cpp # Build greetlib remotely -"$JUST_MR" --norc --just "$JUST" --local-build-root "$LBRDIR" --main main build main $ARGS $REMOTE_EXECUTION_ARGS +"$JUST_MR" --norc --just "$JUST" --local-build-root "$LBRDIR" --main main build main $ARGS $REMOTE_EXECUTION_ARGS ${AUTH_ARGS} # Check if file and tree artifacts have been downloaded correctly readonly TC_HASH=$(get_tc_hash $REMOTE_EXECUTION_ID) @@ -181,7 +193,7 @@ sed -i "s|RANDOM_STRING_2 \".*\"|RANDOM_STRING_2 \"$RANDOM_STRING\"|" greet/src/ mv "$TCDIR/$LOCAL_EXECUTION_ID" "$TCDIR/$REMOTE_EXECUTION_ID" # Check if greetlib successfully builds remotely -"$JUST_MR" --norc --just "$JUST" --local-build-root "$LBRDIR" --main main build main $ARGS $REMOTE_EXECUTION_ARGS +"$JUST_MR" --norc --just "$JUST" --local-build-root "$LBRDIR" --main main build main $ARGS $REMOTE_EXECUTION_ARGS ${AUTH_ARGS} # Clean up test files rm -rf "$TESTDIR" "$LBRDIR" @@ -209,7 +221,7 @@ sed -i "s|\"foo\": \"[^\"]*\"|\"foo\": \"$RANDOM_STRING\"|" foo.py sed -i "s|\"foo\": \"[^\"]*\"|\"foo\": \"$RANDOM_STRING\"|" bar.py # Build pydicts remotely -"$JUST_MR" --norc --just "$JUST" --local-build-root "$LBRDIR" build json_from_py $ARGS $REMOTE_EXECUTION_ARGS +"$JUST_MR" --norc --just "$JUST" --local-build-root "$LBRDIR" build json_from_py $ARGS $REMOTE_EXECUTION_ARGS ${AUTH_ARGS} # 'exported_py' target contains a provides map, # which contains an abstract node (type 'convert'), @@ -244,7 +256,7 @@ sed -i "s|\"foo\": \"[^\"]*\"|\"foo\": \"$RANDOM_STRING\"|" bar.py mv "$TCDIR/$LOCAL_EXECUTION_ID" "$TCDIR/$REMOTE_EXECUTION_ID" # Check if pydicts successfully builds remotely -"$JUST_MR" --norc --just "$JUST" --local-build-root "$LBRDIR" build json_from_py $ARGS $REMOTE_EXECUTION_ARGS +"$JUST_MR" --norc --just "$JUST" --local-build-root "$LBRDIR" build json_from_py $ARGS $REMOTE_EXECUTION_ARGS ${AUTH_ARGS} # Clean up test files rm -rf "$TESTDIR" "$LBRDIR" diff --git a/test/end-to-end/target-cache/target-cache-hit.sh b/test/end-to-end/target-cache/target-cache-hit.sh index e4776f2f..0b7252ae 100644 --- a/test/end-to-end/target-cache/target-cache-hit.sh +++ b/test/end-to-end/target-cache/target-cache-hit.sh @@ -20,6 +20,7 @@ readonly JUST="$PWD/bin/tool-under-test" readonly JUST_MR="$PWD/bin/mr-tool-under-test" readonly LBRDIR="$TEST_TMPDIR/local-build-root" readonly TESTDIR="$TEST_TMPDIR/test-root" +readonly CREDENTIALS_DIR="${PWD}/credentials" # create project files including an exported target mkdir -p "$TESTDIR" @@ -60,13 +61,23 @@ export CONF="$("$JUST_MR" -C repos.json --local-build-root="$LBRDIR" setup main) "$JUST" build -C "$CONF" main --local-build-root="$LBRDIR" $ARGS 2>&1 REMOTE_EXECUTION_ARGS="" +AUTH_ARGS="" if [ "${REMOTE_EXECUTION_ADDRESS:-}" != "" ]; then - REMOTE_EXECUTION_ARGS="-r $REMOTE_EXECUTION_ADDRESS" + REMOTE_EXECUTION_ARGS="-r ${REMOTE_EXECUTION_ADDRESS}" if [ "${REMOTE_EXECUTION_PROPERTIES:-}" != "" ]; then - REMOTE_EXECUTION_ARGS="$REMOTE_EXECUTION_ARGS --remote-execution-property $REMOTE_EXECUTION_PROPERTIES" + REMOTE_EXECUTION_ARGS="${REMOTE_EXECUTION_ARGS} --remote-execution-property ${REMOTE_EXECUTION_PROPERTIES}" + fi + if [ -f "${CREDENTIALS_DIR}/ca.crt" ]; then + AUTH_ARGS=" --tls-ca-cert ${CREDENTIALS_DIR}/ca.crt " + if [ -f "${CREDENTIALS_DIR}/client.crt" ]; then + AUTH_ARGS=" --tls-client-cert ${CREDENTIALS_DIR}/client.crt "${AUTH_ARGS} + fi + if [ -f "${CREDENTIALS_DIR}/client.key" ]; then + AUTH_ARGS=" --tls-client-key ${CREDENTIALS_DIR}/client.key "${AUTH_ARGS} + fi fi fi # build project twice remotely to trigger a target cache hit -"$JUST" build -C "$CONF" main --local-build-root="$LBRDIR" $ARGS $REMOTE_EXECUTION_ARGS 2>&1 -"$JUST" build -C "$CONF" main --local-build-root="$LBRDIR" $ARGS $REMOTE_EXECUTION_ARGS 2>&1 +"$JUST" build -C "$CONF" main --local-build-root="$LBRDIR" $ARGS $REMOTE_EXECUTION_ARGS ${AUTH_ARGS} 2>&1 +"$JUST" build -C "$CONF" main --local-build-root="$LBRDIR" $ARGS $REMOTE_EXECUTION_ARGS ${AUTH_ARGS} 2>&1 diff --git a/test/etc/credentials/TARGETS b/test/etc/credentials/TARGETS new file mode 100644 index 00000000..884e3c20 --- /dev/null +++ b/test/etc/credentials/TARGETS @@ -0,0 +1,6 @@ +{ "": + { "type": "install" + , "dirs": [[["TREE", null, "."], "credentials"]] + , "tainted": ["test"] + } +} diff --git a/test/etc/credentials/readme.org b/test/etc/credentials/readme.org new file mode 100644 index 00000000..ab2cc674 --- /dev/null +++ b/test/etc/credentials/readme.org @@ -0,0 +1,2 @@ +This directory backs a repository to be populated during execution of +tests to pass files needed for, e.g., authentication. diff --git a/test/utils/TARGETS b/test/utils/TARGETS index c9f40532..81137cb5 100644 --- a/test/utils/TARGETS +++ b/test/utils/TARGETS @@ -26,7 +26,11 @@ { "type": ["@", "rules", "CC", "library"] , "name": ["test_env"] , "hdrs": ["test_env.hpp"] - , "deps": ["log_config", ["src/buildtool/compatibility", "compatibility"]] + , "deps": + [ "log_config" + , ["src/buildtool/compatibility", "compatibility"] + , ["src/buildtool/auth", "auth"] + ] , "stage": ["test", "utils"] } , "local_hermeticity": diff --git a/test/utils/remote_execution/main-remote-execution.cpp b/test/utils/remote_execution/main-remote-execution.cpp index 32774a65..952b025e 100644 --- a/test/utils/remote_execution/main-remote-execution.cpp +++ b/test/utils/remote_execution/main-remote-execution.cpp @@ -37,6 +37,9 @@ void wait_for_grpc_to_shutdown() { /// \returns true If remote execution was successfully configured. [[nodiscard]] auto ConfigureRemoteExecution() -> bool { ReadCompatibilityFromEnv(); + if (not ReadTLSAuthArgsFromEnv()) { + return false; + } HashFunction::SetHashType(Compatibility::IsCompatible() ? HashFunction::JustHash::Compatible : HashFunction::JustHash::Native); diff --git a/test/utils/test_env.hpp b/test/utils/test_env.hpp index 0302f555..7013d2ff 100644 --- a/test/utils/test_env.hpp +++ b/test/utils/test_env.hpp @@ -21,6 +21,7 @@ #include <sstream> #include <string> +#include "src/buildtool/auth/authentication.hpp" #include "src/buildtool/compatibility/compatibility.hpp" #include "test/utils/logging/log_config.hpp" @@ -53,4 +54,31 @@ static inline void ReadCompatibilityFromEnv() { : std::make_optional(std::string{execution_address}); } +[[nodiscard]] static inline auto ReadTLSAuthArgsFromEnv() -> bool { + auto* ca_cert = std::getenv("TLS_CA_CERT"); + auto* client_cert = std::getenv("TLS_CLIENT_CERT"); + auto* client_key = std::getenv("TLS_CLIENT_KEY"); + if (ca_cert != nullptr) { + if (not Auth::TLS::SetCACertificate(ca_cert)) { + return false; + } + } + if (client_cert != nullptr) { + if (not Auth::TLS::SetClientCertificate(client_cert)) { + return false; + } + } + if (client_key != nullptr) { + if (not Auth::TLS::SetClientKey(client_key)) { + return false; + } + } + if (Auth::GetAuthMethod() == AuthMethod::kTLS) { + if (not Auth::TLS::Validate()) { + return false; + } + } + return true; +} + #endif // INCLUDED_SRC_TEST_UTILS_TEST_ENV_HPP |