diff options
27 files changed, 483 insertions, 177 deletions
diff --git a/src/buildtool/execution_api/common/TARGETS b/src/buildtool/execution_api/common/TARGETS index a2063a70..b355641b 100644 --- a/src/buildtool/execution_api/common/TARGETS +++ b/src/buildtool/execution_api/common/TARGETS @@ -40,6 +40,7 @@ , "stage": ["src", "buildtool", "execution_api", "common"] , "deps": [ "common" + , ["src/buildtool/auth", "auth"] , ["src/buildtool/common", "config"] , ["src/buildtool/common/remote", "remote_common"] ] diff --git a/src/buildtool/execution_api/common/api_bundle.cpp b/src/buildtool/execution_api/common/api_bundle.cpp index 488fc25d..17e3d3af 100644 --- a/src/buildtool/execution_api/common/api_bundle.cpp +++ b/src/buildtool/execution_api/common/api_bundle.cpp @@ -19,8 +19,10 @@ #include "src/buildtool/execution_api/remote/bazel/bazel_api.hpp" ApiBundle::ApiBundle(RepositoryConfig const* repo_config, + Auth::TLS const* authentication, std::optional<ServerAddress> const& remote_address) - : local{std::make_shared<LocalApi>(repo_config)}, + : local{std::make_shared<LocalApi>(repo_config)}, // needed by remote + auth{authentication}, // needed by remote remote{CreateRemote(remote_address)} {} auto ApiBundle::CreateRemote(std::optional<ServerAddress> const& address) const @@ -29,7 +31,7 @@ auto ApiBundle::CreateRemote(std::optional<ServerAddress> const& address) const ExecutionConfiguration config; config.skip_cache_lookup = false; return std::make_shared<BazelApi>( - "remote-execution", address->host, address->port, config); + "remote-execution", address->host, address->port, auth, config); } return local; } diff --git a/src/buildtool/execution_api/common/api_bundle.hpp b/src/buildtool/execution_api/common/api_bundle.hpp index 53e59de2..72fdb687 100644 --- a/src/buildtool/execution_api/common/api_bundle.hpp +++ b/src/buildtool/execution_api/common/api_bundle.hpp @@ -19,6 +19,7 @@ #include <optional> #include "gsl/gsl" +#include "src/buildtool/auth/authentication.hpp" #include "src/buildtool/common/remote/remote_common.hpp" #include "src/buildtool/common/repository_config.hpp" #include "src/buildtool/execution_api/common/execution_api.hpp" @@ -28,12 +29,14 @@ /// exactly the same instance that local api is (&*remote == & *local). struct ApiBundle final { explicit ApiBundle(RepositoryConfig const* repo_config, + Auth::TLS const* authentication, std::optional<ServerAddress> const& remote_address); [[nodiscard]] auto CreateRemote(std::optional<ServerAddress> const& address) const -> gsl::not_null<IExecutionApi::Ptr>; - gsl::not_null<IExecutionApi::Ptr> const local; + gsl::not_null<IExecutionApi::Ptr> const local; // needed by remote + Auth::TLS const* auth; // needed by remote gsl::not_null<IExecutionApi::Ptr> const remote; }; diff --git a/src/buildtool/execution_api/remote/TARGETS b/src/buildtool/execution_api/remote/TARGETS index f38990ac..466975ec 100644 --- a/src/buildtool/execution_api/remote/TARGETS +++ b/src/buildtool/execution_api/remote/TARGETS @@ -65,6 +65,7 @@ , "srcs": ["bazel/bazel_api.cpp"] , "deps": [ "config" + , ["src/buildtool/auth", "auth"] , ["src/buildtool/execution_api/common", "common"] , ["src/buildtool/execution_api/bazel_msg", "bazel_msg"] , ["@", "gsl", "", "gsl"] diff --git a/src/buildtool/execution_api/remote/bazel/bazel_api.cpp b/src/buildtool/execution_api/remote/bazel/bazel_api.cpp index aea38ab4..dfd5dd6e 100644 --- a/src/buildtool/execution_api/remote/bazel/bazel_api.cpp +++ b/src/buildtool/execution_api/remote/bazel/bazel_api.cpp @@ -189,6 +189,7 @@ namespace { BazelApi::BazelApi(std::string const& instance_name, std::string const& host, Port port, + [[maybe_unused]] Auth::TLS const* auth, ExecutionConfiguration const& exec_config) noexcept { network_ = std::make_shared<BazelNetwork>(instance_name, host, port, exec_config); diff --git a/src/buildtool/execution_api/remote/bazel/bazel_api.hpp b/src/buildtool/execution_api/remote/bazel/bazel_api.hpp index 289cb19c..e87e6159 100644 --- a/src/buildtool/execution_api/remote/bazel/bazel_api.hpp +++ b/src/buildtool/execution_api/remote/bazel/bazel_api.hpp @@ -24,6 +24,7 @@ #include <vector> #include "gsl/gsl" +#include "src/buildtool/auth/authentication.hpp" #include "src/buildtool/common/artifact.hpp" #include "src/buildtool/common/artifact_digest.hpp" #include "src/buildtool/common/remote/port.hpp" @@ -42,6 +43,7 @@ class BazelApi final : public IExecutionApi { BazelApi(std::string const& instance_name, std::string const& host, Port port, + Auth::TLS const* auth, ExecutionConfiguration const& exec_config) noexcept; BazelApi(BazelApi const&) = delete; BazelApi(BazelApi&& other) noexcept; diff --git a/src/buildtool/execution_engine/executor/executor.hpp b/src/buildtool/execution_engine/executor/executor.hpp index c42a68cd..89a384b8 100644 --- a/src/buildtool/execution_engine/executor/executor.hpp +++ b/src/buildtool/execution_engine/executor/executor.hpp @@ -28,6 +28,7 @@ #include <vector> #include "gsl/gsl" +#include "src/buildtool/auth/authentication.hpp" #include "src/buildtool/common/artifact_digest.hpp" #include "src/buildtool/common/remote/remote_common.hpp" #include "src/buildtool/common/repository_config.hpp" @@ -60,6 +61,7 @@ class ExecutorImpl { std::map<std::string, std::string> const& properties, std::vector<std::pair<std::map<std::string, std::string>, ServerAddress>> const& dispatch_list, + Auth::TLS const* auth, std::chrono::milliseconds const& timeout, IExecutionAction::CacheFlag cache_flag, gsl::not_null<Statistics*> const& stats, @@ -108,7 +110,7 @@ class ExecutorImpl { } auto alternative_api = - GetAlternativeEndpoint(properties, dispatch_list); + GetAlternativeEndpoint(properties, dispatch_list, auth); if (alternative_api) { if (not api.ParallelRetrieveToCas( std::vector<Artifact::ObjectInfo>{Artifact::ObjectInfo{ @@ -665,8 +667,8 @@ class ExecutorImpl { [[nodiscard]] static inline auto GetAlternativeEndpoint( const std::map<std::string, std::string>& properties, const std::vector<std::pair<std::map<std::string, std::string>, - ServerAddress>>& dispatch_list) - -> std::unique_ptr<BazelApi> { + ServerAddress>>& dispatch_list, + const Auth::TLS* auth) -> std::unique_ptr<BazelApi> { for (auto const& [pred, endpoint] : dispatch_list) { bool match = true; for (auto const& [k, v] : pred) { @@ -685,6 +687,7 @@ class ExecutorImpl { "alternative remote execution", endpoint.host, endpoint.port, + auth, config); } } @@ -705,6 +708,7 @@ class Executor { std::map<std::string, std::string> properties, std::vector<std::pair<std::map<std::string, std::string>, ServerAddress>> dispatch_list, + Auth::TLS const* auth, gsl::not_null<Statistics*> const& stats, gsl::not_null<Progress*> const& progress, Logger const* logger = nullptr, // log in caller logger, if given @@ -714,6 +718,7 @@ class Executor { remote_api_{*remote_api}, properties_{std::move(properties)}, dispatch_list_{std::move(dispatch_list)}, + auth_{auth}, stats_{stats}, progress_{progress}, logger_{logger}, @@ -736,6 +741,7 @@ class Executor { Impl::MergeProperties(properties_, action->ExecutionProperties()), dispatch_list_, + auth_, Impl::ScaleTime(timeout_, action->TimeoutScale()), action->NoCache() ? CF::DoNotCacheOutput : CF::CacheOutput, stats_, @@ -754,6 +760,7 @@ class Executor { remote_api_, Impl::MergeProperties(properties_, action->ExecutionProperties()), dispatch_list_, + auth_, Impl::ScaleTime(timeout_, action->TimeoutScale()), action->NoCache() ? CF::DoNotCacheOutput : CF::CacheOutput, stats_, @@ -791,6 +798,7 @@ class Executor { std::map<std::string, std::string> properties_; std::vector<std::pair<std::map<std::string, std::string>, ServerAddress>> dispatch_list_; + Auth::TLS const* auth_; gsl::not_null<Statistics*> stats_; gsl::not_null<Progress*> progress_; Logger const* logger_; @@ -816,6 +824,7 @@ class Rebuilder { std::map<std::string, std::string> properties, std::vector<std::pair<std::map<std::string, std::string>, ServerAddress>> dispatch_list, + Auth::TLS const* auth, gsl::not_null<Statistics*> const& stats, gsl::not_null<Progress*> const& progress, std::chrono::milliseconds timeout = IExecutionAction::kDefaultTimeout) @@ -825,6 +834,7 @@ class Rebuilder { api_cached_{*api_cached}, properties_{std::move(properties)}, dispatch_list_{std::move(dispatch_list)}, + auth_{auth}, stats_{stats}, progress_{progress}, timeout_{timeout} {} @@ -840,6 +850,7 @@ class Rebuilder { remote_api_, Impl::MergeProperties(properties_, action->ExecutionProperties()), dispatch_list_, + auth_, Impl::ScaleTime(timeout_, action->TimeoutScale()), CF::PretendCached, stats_, @@ -856,6 +867,7 @@ class Rebuilder { api_cached_, Impl::MergeProperties(properties_, action->ExecutionProperties()), dispatch_list_, + auth_, Impl::ScaleTime(timeout_, action->TimeoutScale()), CF::FromCacheOnly, stats_, @@ -904,6 +916,7 @@ class Rebuilder { std::map<std::string, std::string> properties_; std::vector<std::pair<std::map<std::string, std::string>, ServerAddress>> dispatch_list_; + Auth::TLS const* auth_; gsl::not_null<Statistics*> stats_; gsl::not_null<Progress*> progress_; std::chrono::milliseconds timeout_; diff --git a/src/buildtool/graph_traverser/graph_traverser.hpp b/src/buildtool/graph_traverser/graph_traverser.hpp index ef5316a6..40ca1ec3 100644 --- a/src/buildtool/graph_traverser/graph_traverser.hpp +++ b/src/buildtool/graph_traverser/graph_traverser.hpp @@ -364,6 +364,7 @@ class GraphTraverser { &*apis_.remote, platform_properties_, dispatch_list_, + apis_.auth, stats_, progress_, logger_, @@ -397,6 +398,7 @@ class GraphTraverser { &*api_cached, platform_properties_, dispatch_list_, + apis_.auth, stats_, progress_, clargs_.build.timeout}; diff --git a/src/buildtool/main/main.cpp b/src/buildtool/main/main.cpp index 1ae9c0ce..cd073847 100644 --- a/src/buildtool/main/main.cpp +++ b/src/buildtool/main/main.cpp @@ -813,6 +813,10 @@ auto main(int argc, char* argv[]) -> int { } SetupAuthConfig(arguments.auth, arguments.cauth, arguments.sauth); + std::optional<Auth::TLS> auth = {}; + if (Auth::Instance().GetAuthMethod() == AuthMethod::kTLS) { + auth = Auth::TLS::Instance(); + } if (arguments.cmd == SubCommand::kGc) { if (GarbageCollector::TriggerGarbageCollection( @@ -824,7 +828,8 @@ auto main(int argc, char* argv[]) -> int { if (arguments.cmd == SubCommand::kExecute) { SetupExecutionServiceConfig(arguments.service); - ApiBundle const exec_apis{nullptr, + ApiBundle const exec_apis{/*repo_config=*/nullptr, + auth ? &*auth : nullptr, RemoteExecutionConfig::RemoteAddress()}; if (!ServerImpl::Instance().Run(exec_apis)) { return kExitFailure; @@ -840,7 +845,9 @@ auto main(int argc, char* argv[]) -> int { arguments.service.pid_file); if (serve_server) { ApiBundle const serve_apis{ - nullptr, RemoteExecutionConfig::RemoteAddress()}; + /*repo_config=*/nullptr, + auth ? &*auth : nullptr, + RemoteExecutionConfig::RemoteAddress()}; auto serve = ServeApi::Create(*serve_config, &serve_apis); bool with_execute = not RemoteExecutionConfig::RemoteAddress(); return serve_server->Run( @@ -892,6 +899,7 @@ auto main(int argc, char* argv[]) -> int { std::exit(kExitFailure); } ApiBundle const main_apis{&repo_config, + auth ? &*auth : nullptr, RemoteExecutionConfig::RemoteAddress()}; GraphTraverser const traverser{ {jobs, diff --git a/src/buildtool/serve_api/serve_service/target.cpp b/src/buildtool/serve_api/serve_service/target.cpp index 0f980f86..fc09ee8c 100644 --- a/src/buildtool/serve_api/serve_service/target.cpp +++ b/src/buildtool/serve_api/serve_service/target.cpp @@ -499,7 +499,7 @@ auto TargetService::ServeTarget( // Use a new ApiBundle that knows about local repository config for // traversing. - ApiBundle const local_apis{&repository_config, address}; + ApiBundle const local_apis{&repository_config, apis_.auth, address}; GraphTraverser const traverser{ std::move(traverser_args), &repository_config, diff --git a/src/other_tools/just_mr/TARGETS b/src/other_tools/just_mr/TARGETS index df99e7ef..b8afc631 100644 --- a/src/other_tools/just_mr/TARGETS +++ b/src/other_tools/just_mr/TARGETS @@ -107,6 +107,7 @@ , "private-deps": [ ["@", "fmt", "", "fmt"] , ["@", "json", "", "json"] + , ["src/buildtool/auth", "auth"] , ["src/buildtool/logging", "logging"] , ["src/buildtool/multithreading", "task_system"] , "exit_codes" @@ -155,6 +156,7 @@ , "stage": ["src", "other_tools", "just_mr"] , "private-deps": [ ["@", "json", "", "json"] + , ["src/buildtool/auth", "auth"] , ["src/buildtool/logging", "logging"] , ["src/buildtool/multithreading", "task_system"] , ["src/buildtool/storage", "fs_utils"] diff --git a/src/other_tools/just_mr/fetch.cpp b/src/other_tools/just_mr/fetch.cpp index d0018ba4..11ae3a01 100644 --- a/src/other_tools/just_mr/fetch.cpp +++ b/src/other_tools/just_mr/fetch.cpp @@ -20,6 +20,7 @@ #include "fmt/core.h" #include "nlohmann/json.hpp" +#include "src/buildtool/auth/authentication.hpp" #include "src/buildtool/execution_api/common/api_bundle.hpp" #include "src/buildtool/execution_api/common/execution_api.hpp" #include "src/buildtool/logging/log_level.hpp" @@ -394,16 +395,25 @@ auto MultiRepoFetch(std::shared_ptr<Configuration> const& config, // setup the APIs for archive fetches; only happens if in native mode JustMR::Utils::SetupRemoteConfig(common_args.remote_execution_address, - common_args.remote_serve_address, - auth_args); + common_args.remote_serve_address); + + // setup authentication + JustMR::Utils::SetupAuthConfig(auth_args); + std::optional<Auth::TLS> auth = {}; + if (Auth::Instance().GetAuthMethod() == AuthMethod::kTLS) { + auth = Auth::TLS::Instance(); + } + + ApiBundle const apis{/*repo_config=*/nullptr, + auth ? &*auth : nullptr, + RemoteExecutionConfig::RemoteAddress()}; - ApiBundle const apis{nullptr, RemoteExecutionConfig::RemoteAddress()}; bool const has_remote_api = apis.local != apis.remote and not common_args.compatible; // setup the API for serving roots - auto serve_config = JustMR::Utils::CreateServeConfig( - common_args.remote_serve_address, auth_args); + auto serve_config = + JustMR::Utils::CreateServeConfig(common_args.remote_serve_address); if (not serve_config) { return kExitConfigError; } diff --git a/src/other_tools/just_mr/setup.cpp b/src/other_tools/just_mr/setup.cpp index dacbfec6..70c74eb0 100644 --- a/src/other_tools/just_mr/setup.cpp +++ b/src/other_tools/just_mr/setup.cpp @@ -18,9 +18,11 @@ #include <condition_variable> #include <cstddef> #include <exception> +#include <optional> #include <thread> #include "nlohmann/json.hpp" +#include "src/buildtool/auth/authentication.hpp" #include "src/buildtool/execution_api/common/api_bundle.hpp" #include "src/buildtool/execution_api/common/execution_api.hpp" #include "src/buildtool/file_system/symlinks_map/resolve_symlinks_map.hpp" @@ -111,24 +113,31 @@ auto MultiRepoSetup(std::shared_ptr<Configuration> const& config, } // setup the APIs for archive fetches; only happens if in native mode - // setup the APIs for archive fetches; only happens if in native mode JustMR::Utils::SetupRemoteConfig(common_args.remote_execution_address, - common_args.remote_serve_address, - auth_args); + common_args.remote_serve_address); + + // setup authentication + JustMR::Utils::SetupAuthConfig(auth_args); + std::optional<Auth::TLS> auth = {}; + if (Auth::Instance().GetAuthMethod() == AuthMethod::kTLS) { + auth = Auth::TLS::Instance(); + } + + ApiBundle const apis{/*repo_config=*/nullptr, + auth ? &*auth : nullptr, + RemoteExecutionConfig::RemoteAddress()}; - ApiBundle const apis{nullptr, RemoteExecutionConfig::RemoteAddress()}; bool const has_remote_api = apis.local != apis.remote and not common_args.compatible; // setup the API for serving roots - auto serve_config = JustMR::Utils::CreateServeConfig( - common_args.remote_serve_address, auth_args); + auto serve_config = + JustMR::Utils::CreateServeConfig(common_args.remote_serve_address); if (not serve_config) { return std::nullopt; } auto serve = ServeApi::Create(*serve_config, &apis); - // check configuration of the serve endpoint provided if (serve) { // if we have a remote endpoint explicitly given by the user, it must diff --git a/src/other_tools/just_mr/setup_utils.cpp b/src/other_tools/just_mr/setup_utils.cpp index 86e0615c..7ed61897 100644 --- a/src/other_tools/just_mr/setup_utils.cpp +++ b/src/other_tools/just_mr/setup_utils.cpp @@ -26,48 +26,6 @@ #include "src/buildtool/logging/logger.hpp" #include "src/other_tools/just_mr/exit_codes.hpp" -namespace { - -void SetupAuthConfig(MultiRepoRemoteAuthArguments const& authargs) noexcept { - bool use_tls{false}; - if (authargs.tls_ca_cert) { - use_tls = true; - if (not Auth::TLS::Instance().SetCACertificate(*authargs.tls_ca_cert)) { - Logger::Log(LogLevel::Error, - "Could not read '{}' certificate.", - authargs.tls_ca_cert->string()); - std::exit(kExitConfigError); - } - } - if (authargs.tls_client_cert) { - use_tls = true; - if (not Auth::TLS::Instance().SetClientCertificate( - *authargs.tls_client_cert)) { - Logger::Log(LogLevel::Error, - "Could not read '{}' certificate.", - authargs.tls_client_cert->string()); - std::exit(kExitConfigError); - } - } - if (authargs.tls_client_key) { - use_tls = true; - if (not Auth::TLS::Instance().SetClientKey(*authargs.tls_client_key)) { - Logger::Log(LogLevel::Error, - "Could not read '{}' key.", - authargs.tls_client_key->string()); - std::exit(kExitConfigError); - } - } - - if (use_tls) { - if (not Auth::TLS::Instance().Validate()) { - std::exit(kExitConfigError); - } - } -} - -} // namespace - namespace JustMR::Utils { void ReachableRepositories( @@ -235,9 +193,47 @@ auto ReadConfiguration( } } -void SetupRemoteConfig(std::optional<std::string> const& remote_exec_addr, - std::optional<std::string> const& remote_serve_addr, - MultiRepoRemoteAuthArguments const& auth) noexcept { +void SetupAuthConfig(MultiRepoRemoteAuthArguments const& authargs) noexcept { + bool use_tls{false}; + if (authargs.tls_ca_cert) { + use_tls = true; + if (not Auth::TLS::Instance().SetCACertificate(*authargs.tls_ca_cert)) { + Logger::Log(LogLevel::Error, + "Could not read '{}' certificate.", + authargs.tls_ca_cert->string()); + std::exit(kExitConfigError); + } + } + if (authargs.tls_client_cert) { + use_tls = true; + if (not Auth::TLS::Instance().SetClientCertificate( + *authargs.tls_client_cert)) { + Logger::Log(LogLevel::Error, + "Could not read '{}' certificate.", + authargs.tls_client_cert->string()); + std::exit(kExitConfigError); + } + } + if (authargs.tls_client_key) { + use_tls = true; + if (not Auth::TLS::Instance().SetClientKey(*authargs.tls_client_key)) { + Logger::Log(LogLevel::Error, + "Could not read '{}' key.", + authargs.tls_client_key->string()); + std::exit(kExitConfigError); + } + } + + if (use_tls) { + if (not Auth::TLS::Instance().Validate()) { + std::exit(kExitConfigError); + } + } +} + +void SetupRemoteConfig( + std::optional<std::string> const& remote_exec_addr, + std::optional<std::string> const& remote_serve_addr) noexcept { // if only a serve endpoint address is given, we assume it is one that acts // also as remote-execution auto remote_addr = remote_exec_addr ? remote_exec_addr : remote_serve_addr; @@ -245,8 +241,6 @@ void SetupRemoteConfig(std::optional<std::string> const& remote_exec_addr, return; } - // setup authentication - SetupAuthConfig(auth); // setup remote if (not RemoteExecutionConfig::SetRemoteAddress(*remote_addr)) { Logger::Log(LogLevel::Error, @@ -256,15 +250,13 @@ void SetupRemoteConfig(std::optional<std::string> const& remote_exec_addr, } } -auto CreateServeConfig(std::optional<std::string> const& remote_serve_addr, - MultiRepoRemoteAuthArguments const& auth) noexcept +auto CreateServeConfig( + std::optional<std::string> const& remote_serve_addr) noexcept -> std::optional<RemoteServeConfig> { RemoteServeConfig::Builder builder; auto config = builder.SetRemoteAddress(remote_serve_addr).Build(); if (config) { - // setup authentication - SetupAuthConfig(auth); return *std::move(config); } diff --git a/src/other_tools/just_mr/setup_utils.hpp b/src/other_tools/just_mr/setup_utils.hpp index f29dbef1..2ae08d41 100644 --- a/src/other_tools/just_mr/setup_utils.hpp +++ b/src/other_tools/just_mr/setup_utils.hpp @@ -60,16 +60,17 @@ void DefaultReachableRepositories( std::optional<std::filesystem::path> const& absent_file_opt) noexcept -> std::shared_ptr<Configuration>; -void SetupRemoteConfig(std::optional<std::string> const& remote_exec_addr, - std::optional<std::string> const& remote_serve_addr, - MultiRepoRemoteAuthArguments const& auth) noexcept; +void SetupAuthConfig(MultiRepoRemoteAuthArguments const& authargs) noexcept; + +void SetupRemoteConfig( + std::optional<std::string> const& remote_exec_addr, + std::optional<std::string> const& remote_serve_addr) noexcept; /// \brief Setup of a 'just serve' remote API based on just-mr arguments. -/// \returns RemoteServeConfig if initialization was successfull or std::nullopt +/// \returns RemoteServeConfig if initialization was successful or std::nullopt /// if failed. [[nodiscard]] auto CreateServeConfig( - std::optional<std::string> const& remote_serve_addr, - MultiRepoRemoteAuthArguments const& auth) noexcept + std::optional<std::string> const& remote_serve_addr) noexcept -> std::optional<RemoteServeConfig>; } // namespace Utils diff --git a/test/buildtool/build_engine/target_map/target_map.test.cpp b/test/buildtool/build_engine/target_map/target_map.test.cpp index d02aea8e..7bb8ab3e 100644 --- a/test/buildtool/build_engine/target_map/target_map.test.cpp +++ b/test/buildtool/build_engine/target_map/target_map.test.cpp @@ -99,7 +99,9 @@ TEST_CASE_METHOD(HermeticLocalTestFixture, "simple targets", "[target_map]") { auto serve_config = TestServeConfig::ReadServeConfigFromEnvironment(); REQUIRE(serve_config); - ApiBundle const apis{nullptr, RemoteExecutionConfig::RemoteAddress()}; + ApiBundle const apis{/*repo_config=*/nullptr, + /*authentication=*/nullptr, + RemoteExecutionConfig::RemoteAddress()}; auto serve = ServeApi::Create(*serve_config, &apis); AnalyseContext ctx{.repo_config = &repo_config, .target_cache = &Storage::Instance().TargetCache(), @@ -542,7 +544,9 @@ TEST_CASE_METHOD(HermeticLocalTestFixture, auto serve_config = TestServeConfig::ReadServeConfigFromEnvironment(); REQUIRE(serve_config); - ApiBundle const apis{nullptr, RemoteExecutionConfig::RemoteAddress()}; + ApiBundle const apis{/*repo_config=*/nullptr, + /*authentication=*/nullptr, + RemoteExecutionConfig::RemoteAddress()}; auto serve = ServeApi::Create(*serve_config, &apis); AnalyseContext ctx{.repo_config = &repo_config, .target_cache = &Storage::Instance().TargetCache(), @@ -630,7 +634,9 @@ TEST_CASE_METHOD(HermeticLocalTestFixture, auto serve_config = TestServeConfig::ReadServeConfigFromEnvironment(); REQUIRE(serve_config); - ApiBundle const apis{nullptr, RemoteExecutionConfig::RemoteAddress()}; + ApiBundle const apis{/*repo_config=*/nullptr, + /*authentication=*/nullptr, + RemoteExecutionConfig::RemoteAddress()}; auto serve = ServeApi::Create(*serve_config, &apis); AnalyseContext ctx{.repo_config = &repo_config, .target_cache = &Storage::Instance().TargetCache(), @@ -728,7 +734,9 @@ TEST_CASE_METHOD(HermeticLocalTestFixture, "built-in rules", "[target_map]") { auto serve_config = TestServeConfig::ReadServeConfigFromEnvironment(); REQUIRE(serve_config); - ApiBundle const apis{nullptr, RemoteExecutionConfig::RemoteAddress()}; + ApiBundle const apis{/*repo_config=*/nullptr, + /*authentication=*/nullptr, + RemoteExecutionConfig::RemoteAddress()}; auto serve = ServeApi::Create(*serve_config, &apis); AnalyseContext ctx{.repo_config = &repo_config, .target_cache = &Storage::Instance().TargetCache(), @@ -936,7 +944,9 @@ TEST_CASE_METHOD(HermeticLocalTestFixture, "target reference", "[target_map]") { auto serve_config = TestServeConfig::ReadServeConfigFromEnvironment(); REQUIRE(serve_config); - ApiBundle const apis{nullptr, RemoteExecutionConfig::RemoteAddress()}; + ApiBundle const apis{/*repo_config=*/nullptr, + /*authentication=*/nullptr, + RemoteExecutionConfig::RemoteAddress()}; auto serve = ServeApi::Create(*serve_config, &apis); AnalyseContext ctx{.repo_config = &repo_config, .target_cache = &Storage::Instance().TargetCache(), @@ -1077,7 +1087,9 @@ TEST_CASE_METHOD(HermeticLocalTestFixture, "trees", "[target_map]") { auto serve_config = TestServeConfig::ReadServeConfigFromEnvironment(); REQUIRE(serve_config); - ApiBundle const apis{nullptr, RemoteExecutionConfig::RemoteAddress()}; + ApiBundle const apis{/*repo_config=*/nullptr, + /*authentication=*/nullptr, + RemoteExecutionConfig::RemoteAddress()}; auto serve = ServeApi::Create(*serve_config, &apis); AnalyseContext ctx{.repo_config = &repo_config, .target_cache = &Storage::Instance().TargetCache(), @@ -1184,7 +1196,9 @@ TEST_CASE_METHOD(HermeticLocalTestFixture, auto serve_config = TestServeConfig::ReadServeConfigFromEnvironment(); REQUIRE(serve_config); - ApiBundle const apis{nullptr, RemoteExecutionConfig::RemoteAddress()}; + ApiBundle const apis{/*repo_config=*/nullptr, + /*authentication=*/nullptr, + RemoteExecutionConfig::RemoteAddress()}; auto serve = ServeApi::Create(*serve_config, &apis); AnalyseContext ctx{.repo_config = &repo_config, .target_cache = &Storage::Instance().TargetCache(), @@ -1348,7 +1362,9 @@ TEST_CASE_METHOD(HermeticLocalTestFixture, "wrong arguments", "[target_map]") { auto serve_config = TestServeConfig::ReadServeConfigFromEnvironment(); REQUIRE(serve_config); - ApiBundle const apis{nullptr, RemoteExecutionConfig::RemoteAddress()}; + ApiBundle const apis{/*repo_config=*/nullptr, + /*authentication=*/nullptr, + RemoteExecutionConfig::RemoteAddress()}; auto serve = ServeApi::Create(*serve_config, &apis); AnalyseContext ctx{.repo_config = &repo_config, .target_cache = &Storage::Instance().TargetCache(), diff --git a/test/buildtool/execution_api/bazel/TARGETS b/test/buildtool/execution_api/bazel/TARGETS index eeae31ea..dd93a373 100644 --- a/test/buildtool/execution_api/bazel/TARGETS +++ b/test/buildtool/execution_api/bazel/TARGETS @@ -88,6 +88,7 @@ , "private-deps": [ ["@", "catch2", "", "catch2"] , ["utils", "catch-main-remote-execution"] + , ["@", "src", "src/buildtool/auth", "auth"] , ["@", "src", "src/buildtool/execution_api/remote", "bazel"] , ["buildtool/execution_api/common", "api_test"] ] diff --git a/test/buildtool/execution_api/bazel/bazel_api.test.cpp b/test/buildtool/execution_api/bazel/bazel_api.test.cpp index 268edb1e..af457066 100644 --- a/test/buildtool/execution_api/bazel/bazel_api.test.cpp +++ b/test/buildtool/execution_api/bazel/bazel_api.test.cpp @@ -13,9 +13,11 @@ // limitations under the License. #include <cstdlib> +#include <optional> #include <string> #include "catch2/catch_test_macros.hpp" +#include "src/buildtool/auth/authentication.hpp" #include "src/buildtool/execution_api/remote/bazel/bazel_api.hpp" #include "src/buildtool/execution_api/remote/config.hpp" #include "test/buildtool/execution_api/common/api_test.hpp" @@ -25,8 +27,15 @@ namespace { auto const kApiFactory = []() { static auto const& server = RemoteExecutionConfig::RemoteAddress(); - return IExecutionApi::Ptr{ - new BazelApi{"remote-execution", server->host, server->port, {}}}; + std::optional<Auth::TLS> auth = {}; + if (Auth::Instance().GetAuthMethod() == AuthMethod::kTLS) { + auth = Auth::TLS::Instance(); + } + return IExecutionApi::Ptr{new BazelApi{"remote-execution", + server->host, + server->port, + auth ? &*auth : nullptr, + {}}}; }; } // namespace diff --git a/test/buildtool/execution_engine/executor/TARGETS b/test/buildtool/execution_engine/executor/TARGETS index 57ef9b44..0cca077d 100644 --- a/test/buildtool/execution_engine/executor/TARGETS +++ b/test/buildtool/execution_engine/executor/TARGETS @@ -2,6 +2,21 @@ { "type": ["@", "rules", "CC", "library"] , "name": ["executor_api_tests"] , "hdrs": ["executor_api.test.hpp"] + , "deps": + [ ["@", "src", "src/buildtool/auth", "auth"] + , ["@", "src", "src/buildtool/common", "artifact_description"] + , ["@", "src", "src/buildtool/common", "artifact_factory"] + , ["@", "src", "src/buildtool/common", "common"] + , ["@", "src", "src/buildtool/execution_api/common", "common"] + , ["@", "src", "src/buildtool/execution_api/remote", "config"] + , ["@", "src", "src/buildtool/execution_engine/dag", "dag"] + , ["@", "src", "src/buildtool/execution_engine/executor", "executor"] + , ["@", "src", "src/buildtool/file_system", "file_system_manager"] + , ["@", "src", "src/buildtool/progress_reporting", "progress"] + , ["utils", "test_env"] + , ["@", "catch2", "", "catch2"] + , ["@", "gsl", "", "gsl"] + ] , "stage": ["test", "buildtool", "execution_engine", "executor"] } , "executor": @@ -29,12 +44,11 @@ , "data": ["test_data"] , "private-deps": [ "executor_api_tests" - , ["@", "src", "src/buildtool/common", "artifact_factory"] + , ["@", "src", "src/buildtool/auth", "auth"] , ["@", "src", "src/buildtool/common", "common"] , ["@", "src", "src/buildtool/common", "config"] , ["@", "src", "src/buildtool/execution_api/local", "local"] , ["@", "src", "src/buildtool/execution_api/remote", "config"] - , ["@", "src", "src/buildtool/execution_engine/dag", "dag"] , ["@", "src", "src/buildtool/execution_engine/executor", "executor"] , ["@", "src", "src/buildtool/progress_reporting", "progress"] , ["utils", "catch-main-remote-execution"] @@ -50,7 +64,7 @@ , "data": ["test_data"] , "private-deps": [ "executor_api_tests" - , ["@", "src", "src/buildtool/common", "artifact_factory"] + , ["@", "src", "src/buildtool/auth", "auth"] , ["@", "src", "src/buildtool/common", "common"] , ["@", "src", "src/buildtool/common", "config"] , ["@", "src", "src/buildtool/execution_api/remote", "bazel"] diff --git a/test/buildtool/execution_engine/executor/executor.test.cpp b/test/buildtool/execution_engine/executor/executor.test.cpp index f063ffe4..a55c398d 100644 --- a/test/buildtool/execution_engine/executor/executor.test.cpp +++ b/test/buildtool/execution_engine/executor/executor.test.cpp @@ -280,8 +280,14 @@ TEST_CASE("Executor: Process artifact", "[executor]") { auto api = TestApi::Ptr{new TestApi{config}}; Statistics stats{}; Progress progress{}; - Executor runner{ - &repo_config, api.get(), api.get(), {}, {}, &stats, &progress}; + Executor runner{&repo_config, + api.get(), + api.get(), + /*properties=*/{}, + /*dispatch_list=*/{}, + /*auth=*/nullptr, + &stats, + &progress}; CHECK(runner.Process(g.ArtifactNodeWithId(local_cpp_id))); CHECK(runner.Process(g.ArtifactNodeWithId(known_cpp_id))); @@ -293,8 +299,14 @@ TEST_CASE("Executor: Process artifact", "[executor]") { auto api = TestApi::Ptr{new TestApi{config}}; Statistics stats{}; Progress progress{}; - Executor runner{ - &repo_config, api.get(), api.get(), {}, {}, &stats, &progress}; + Executor runner{&repo_config, + api.get(), + api.get(), + /*properties=*/{}, + /*dispatch_list=*/{}, + /*auth=*/nullptr, + &stats, + &progress}; CHECK(not runner.Process(g.ArtifactNodeWithId(local_cpp_id))); CHECK(runner.Process(g.ArtifactNodeWithId(known_cpp_id))); @@ -306,8 +318,14 @@ TEST_CASE("Executor: Process artifact", "[executor]") { auto api = TestApi::Ptr{new TestApi{config}}; Statistics stats{}; Progress progress{}; - Executor runner{ - &repo_config, api.get(), api.get(), {}, {}, &stats, &progress}; + Executor runner{&repo_config, + api.get(), + api.get(), + /*properties=*/{}, + /*dispatch_list=*/{}, + /*auth=*/nullptr, + &stats, + &progress}; CHECK(runner.Process(g.ArtifactNodeWithId(local_cpp_id))); CHECK(not runner.Process(g.ArtifactNodeWithId(known_cpp_id))); @@ -342,8 +360,14 @@ TEST_CASE("Executor: Process action", "[executor]") { auto api = TestApi::Ptr{new TestApi{config}}; Statistics stats{}; Progress progress{}; - Executor runner{ - &repo_config, api.get(), api.get(), {}, {}, &stats, &progress}; + Executor runner{&repo_config, + api.get(), + api.get(), + /*properties=*/{}, + /*dispatch_list=*/{}, + /*auth=*/nullptr, + &stats, + &progress}; CHECK(runner.Process(g.ArtifactNodeWithId(local_cpp_id))); CHECK(runner.Process(g.ArtifactNodeWithId(known_cpp_id))); @@ -358,8 +382,14 @@ TEST_CASE("Executor: Process action", "[executor]") { auto api = TestApi::Ptr{new TestApi{config}}; Statistics stats{}; Progress progress{}; - Executor runner{ - &repo_config, api.get(), api.get(), {}, {}, &stats, &progress}; + Executor runner{&repo_config, + api.get(), + api.get(), + /*properties=*/{}, + /*dispatch_list=*/{}, + /*auth=*/nullptr, + &stats, + &progress}; CHECK(runner.Process(g.ArtifactNodeWithId(local_cpp_id))); CHECK(runner.Process(g.ArtifactNodeWithId(known_cpp_id))); @@ -374,8 +404,14 @@ TEST_CASE("Executor: Process action", "[executor]") { auto api = TestApi::Ptr{new TestApi{config}}; Statistics stats{}; Progress progress{}; - Executor runner{ - &repo_config, api.get(), api.get(), {}, {}, &stats, &progress}; + Executor runner{&repo_config, + api.get(), + api.get(), + /*properties=*/{}, + /*dispatch_list=*/{}, + /*auth=*/nullptr, + &stats, + &progress}; CHECK(runner.Process(g.ArtifactNodeWithId(local_cpp_id))); CHECK(runner.Process(g.ArtifactNodeWithId(known_cpp_id))); @@ -393,8 +429,14 @@ TEST_CASE("Executor: Process action", "[executor]") { auto api = TestApi::Ptr{new TestApi{config}}; Statistics stats{}; Progress progress{}; - Executor runner{ - &repo_config, api.get(), api.get(), {}, {}, &stats, &progress}; + Executor runner{&repo_config, + api.get(), + api.get(), + /*properties=*/{}, + /*dispatch_list=*/{}, + /*auth=*/nullptr, + &stats, + &progress}; CHECK(runner.Process(g.ArtifactNodeWithId(local_cpp_id))); CHECK(runner.Process(g.ArtifactNodeWithId(known_cpp_id))); @@ -409,8 +451,14 @@ TEST_CASE("Executor: Process action", "[executor]") { auto api = TestApi::Ptr{new TestApi{config}}; Statistics stats{}; Progress progress{}; - Executor runner{ - &repo_config, api.get(), api.get(), {}, {}, &stats, &progress}; + Executor runner{&repo_config, + api.get(), + api.get(), + /*properties=*/{}, + /*dispatch_list=*/{}, + /*auth=*/nullptr, + &stats, + &progress}; CHECK(runner.Process(g.ArtifactNodeWithId(local_cpp_id))); CHECK(runner.Process(g.ArtifactNodeWithId(known_cpp_id))); @@ -428,8 +476,14 @@ TEST_CASE("Executor: Process action", "[executor]") { auto api = TestApi::Ptr{new TestApi{config}}; Statistics stats{}; Progress progress{}; - Executor runner{ - &repo_config, api.get(), api.get(), {}, {}, &stats, &progress}; + Executor runner{&repo_config, + api.get(), + api.get(), + /*properties=*/{}, + /*dispatch_list=*/{}, + /*auth=*/nullptr, + &stats, + &progress}; CHECK(runner.Process(g.ArtifactNodeWithId(local_cpp_id))); CHECK(runner.Process(g.ArtifactNodeWithId(known_cpp_id))); diff --git a/test/buildtool/execution_engine/executor/executor_api.test.hpp b/test/buildtool/execution_engine/executor/executor_api.test.hpp index 8c3c84ca..db80e861 100644 --- a/test/buildtool/execution_engine/executor/executor_api.test.hpp +++ b/test/buildtool/execution_engine/executor/executor_api.test.hpp @@ -24,6 +24,7 @@ #include "catch2/catch_test_macros.hpp" #include "gsl/gsl" +#include "src/buildtool/auth/authentication.hpp" #include "src/buildtool/common/artifact.hpp" #include "src/buildtool/common/artifact_description.hpp" #include "src/buildtool/common/artifact_factory.hpp" @@ -93,6 +94,7 @@ static inline void RunHelloWorldCompilation( gsl::not_null<Statistics*> const& stats, gsl::not_null<Progress*> const& progress, ApiFactory const& factory, + Auth::TLS const* auth, bool is_hermetic = true, int expected_queued = 0, int expected_cached = 0) { @@ -131,6 +133,7 @@ static inline void RunHelloWorldCompilation( api.get(), RemoteExecutionConfig::PlatformProperties(), RemoteExecutionConfig::DispatchList(), + auth, stats, progress}; @@ -165,6 +168,7 @@ static inline void RunGreeterCompilation( gsl::not_null<Statistics*> const& stats, gsl::not_null<Progress*> const& progress, ApiFactory const& factory, + Auth::TLS const* auth, std::string const& greetcpp, bool is_hermetic = true, int expected_queued = 0, @@ -251,6 +255,7 @@ static inline void RunGreeterCompilation( api.get(), RemoteExecutionConfig::PlatformProperties(), RemoteExecutionConfig::DispatchList(), + auth, stats, progress}; @@ -298,18 +303,19 @@ static inline void RunGreeterCompilation( gsl::not_null<Statistics*> const& stats, gsl::not_null<Progress*> const& progress, ApiFactory const& factory, + Auth::TLS const* auth, bool is_hermetic = true) { SetupConfig(repo_config); // expecting 1 action queued, 0 results from cache // NOLINTNEXTLINE RunHelloWorldCompilation( - repo_config, stats, progress, factory, is_hermetic, 1, 0); + repo_config, stats, progress, factory, auth, is_hermetic, 1, 0); SECTION("Running same compilation again") { // expecting 2 actions queued, 1 result from cache // NOLINTNEXTLINE RunHelloWorldCompilation( - repo_config, stats, progress, factory, is_hermetic, 2, 1); + repo_config, stats, progress, factory, auth, is_hermetic, 2, 1); } } @@ -318,12 +324,20 @@ static inline void RunGreeterCompilation( gsl::not_null<Statistics*> const& stats, gsl::not_null<Progress*> const& progress, ApiFactory const& factory, + Auth::TLS const* auth, bool is_hermetic = true) { SetupConfig(repo_config); // expecting 3 action queued, 0 results from cache // NOLINTNEXTLINE - RunGreeterCompilation( - repo_config, stats, progress, factory, "greet.cpp", is_hermetic, 3, 0); + RunGreeterCompilation(repo_config, + stats, + progress, + factory, + auth, + "greet.cpp", + is_hermetic, + 3, + 0); SECTION("Running same compilation again") { // expecting 6 actions queued, 3 results from cache @@ -331,6 +345,7 @@ static inline void RunGreeterCompilation( stats, progress, factory, + auth, "greet.cpp", is_hermetic, 6, // NOLINT @@ -343,6 +358,7 @@ static inline void RunGreeterCompilation( stats, progress, factory, + auth, "greet_mod.cpp", is_hermetic, 6, // NOLINT @@ -355,6 +371,7 @@ static inline void TestUploadAndDownloadTrees( gsl::not_null<Statistics*> const& stats, gsl::not_null<Progress*> const& progress, ApiFactory const& factory, + Auth::TLS const* auth, bool /*is_hermetic*/ = true, int /*expected_queued*/ = 0, int /*expected_cached*/ = 0) { @@ -399,6 +416,7 @@ static inline void TestUploadAndDownloadTrees( api.get(), RemoteExecutionConfig::PlatformProperties(), RemoteExecutionConfig::DispatchList(), + auth, stats, progress}; REQUIRE(runner.Process(g.ArtifactNodeWithId(foo_id))); @@ -507,6 +525,7 @@ static inline void TestRetrieveOutputDirectories( gsl::not_null<Statistics*> const& stats, gsl::not_null<Progress*> const& progress, ApiFactory const& factory, + Auth::TLS const* auth, bool /*is_hermetic*/ = true, int /*expected_queued*/ = 0, int /*expected_cached*/ = 0) { @@ -560,6 +579,7 @@ static inline void TestRetrieveOutputDirectories( api.get(), RemoteExecutionConfig::PlatformProperties(), RemoteExecutionConfig::DispatchList(), + auth, stats, progress}; REQUIRE(runner.Process(action)); @@ -610,6 +630,7 @@ static inline void TestRetrieveOutputDirectories( api.get(), RemoteExecutionConfig::PlatformProperties(), RemoteExecutionConfig::DispatchList(), + auth, stats, progress}; REQUIRE(runner.Process(action)); @@ -676,6 +697,7 @@ static inline void TestRetrieveOutputDirectories( api.get(), RemoteExecutionConfig::PlatformProperties(), RemoteExecutionConfig::DispatchList(), + auth, stats, progress}; REQUIRE(runner.Process(action)); @@ -747,6 +769,7 @@ static inline void TestRetrieveOutputDirectories( api.get(), RemoteExecutionConfig::PlatformProperties(), RemoteExecutionConfig::DispatchList(), + auth, stats, progress}; CHECK_FALSE(runner.Process(action)); @@ -771,6 +794,7 @@ static inline void TestRetrieveOutputDirectories( api.get(), RemoteExecutionConfig::PlatformProperties(), RemoteExecutionConfig::DispatchList(), + auth, stats, progress}; CHECK_FALSE(runner.Process(action)); diff --git a/test/buildtool/execution_engine/executor/executor_api_local.test.cpp b/test/buildtool/execution_engine/executor/executor_api_local.test.cpp index 670a3fa7..b6ffe2d7 100755 --- a/test/buildtool/execution_engine/executor/executor_api_local.test.cpp +++ b/test/buildtool/execution_engine/executor/executor_api_local.test.cpp @@ -13,8 +13,10 @@ // limitations under the License. #include <memory> +#include <optional> #include "catch2/catch_test_macros.hpp" +#include "src/buildtool/auth/authentication.hpp" #include "src/buildtool/common/repository_config.hpp" #include "src/buildtool/common/statistics.hpp" #include "src/buildtool/execution_api/local/local_api.hpp" @@ -38,9 +40,18 @@ TEST_CASE_METHOD(HermeticLocalTestFixture, RepositoryConfig repo_config{}; Statistics stats{}; Progress progress{}; - TestHelloWorldCompilation(&repo_config, &stats, &progress, [&] { - return std::make_unique<LocalApi>(&repo_config); - }); + + std::optional<Auth::TLS> auth = {}; + if (Auth::Instance().GetAuthMethod() == AuthMethod::kTLS) { + auth = Auth::TLS::Instance(); + } + + TestHelloWorldCompilation( + &repo_config, + &stats, + &progress, + [&] { return std::make_unique<LocalApi>(&repo_config); }, + auth ? &*auth : nullptr); } TEST_CASE_METHOD(HermeticLocalTestFixture, @@ -49,9 +60,18 @@ TEST_CASE_METHOD(HermeticLocalTestFixture, RepositoryConfig repo_config{}; Statistics stats{}; Progress progress{}; - TestGreeterCompilation(&repo_config, &stats, &progress, [&] { - return std::make_unique<LocalApi>(&repo_config); - }); + + std::optional<Auth::TLS> auth = {}; + if (Auth::Instance().GetAuthMethod() == AuthMethod::kTLS) { + auth = Auth::TLS::Instance(); + } + + TestGreeterCompilation( + &repo_config, + &stats, + &progress, + [&] { return std::make_unique<LocalApi>(&repo_config); }, + auth ? &*auth : nullptr); } TEST_CASE_METHOD(HermeticLocalTestFixture, @@ -60,9 +80,18 @@ TEST_CASE_METHOD(HermeticLocalTestFixture, RepositoryConfig repo_config{}; Statistics stats{}; Progress progress{}; - TestUploadAndDownloadTrees(&repo_config, &stats, &progress, [&] { - return std::make_unique<LocalApi>(&repo_config); - }); + + std::optional<Auth::TLS> auth = {}; + if (Auth::Instance().GetAuthMethod() == AuthMethod::kTLS) { + auth = Auth::TLS::Instance(); + } + + TestUploadAndDownloadTrees( + &repo_config, + &stats, + &progress, + [&] { return std::make_unique<LocalApi>(&repo_config); }, + auth ? &*auth : nullptr); } TEST_CASE_METHOD(HermeticLocalTestFixture, @@ -71,7 +100,16 @@ TEST_CASE_METHOD(HermeticLocalTestFixture, RepositoryConfig repo_config{}; Statistics stats{}; Progress progress{}; - TestRetrieveOutputDirectories(&repo_config, &stats, &progress, [&] { - return std::make_unique<LocalApi>(&repo_config); - }); + + std::optional<Auth::TLS> auth = {}; + if (Auth::Instance().GetAuthMethod() == AuthMethod::kTLS) { + auth = Auth::TLS::Instance(); + } + + TestRetrieveOutputDirectories( + &repo_config, + &stats, + &progress, + [&] { return std::make_unique<LocalApi>(&repo_config); }, + auth ? &*auth : nullptr); } diff --git a/test/buildtool/execution_engine/executor/executor_api_remote_bazel.test.cpp b/test/buildtool/execution_engine/executor/executor_api_remote_bazel.test.cpp index 56094fc3..83554e64 100755 --- a/test/buildtool/execution_engine/executor/executor_api_remote_bazel.test.cpp +++ b/test/buildtool/execution_engine/executor/executor_api_remote_bazel.test.cpp @@ -12,7 +12,10 @@ // See the License for the specific language governing permissions and // limitations under the License. +#include <optional> + #include "catch2/catch_test_macros.hpp" +#include "src/buildtool/auth/authentication.hpp" #include "src/buildtool/common/repository_config.hpp" #include "src/buildtool/common/statistics.hpp" #include "src/buildtool/execution_api/remote/bazel/bazel_api.hpp" @@ -25,10 +28,17 @@ TEST_CASE("Executor<BazelApi>: Upload blob", "[executor]") { RepositoryConfig repo_config{}; ExecutionConfiguration config; auto const& info = RemoteExecutionConfig::RemoteAddress(); + std::optional<Auth::TLS> auth = {}; + if (Auth::Instance().GetAuthMethod() == AuthMethod::kTLS) { + auth = Auth::TLS::Instance(); + } TestBlobUpload(&repo_config, [&] { - return BazelApi::Ptr{ - new BazelApi{"remote-execution", info->host, info->port, config}}; + return BazelApi::Ptr{new BazelApi{"remote-execution", + info->host, + info->port, + auth ? &*auth : nullptr, + config}}; }); } @@ -41,14 +51,23 @@ TEST_CASE("Executor<BazelApi>: Compile hello world", "[executor]") { auto const& info = RemoteExecutionConfig::RemoteAddress(); + std::optional<Auth::TLS> auth = {}; + if (Auth::Instance().GetAuthMethod() == AuthMethod::kTLS) { + auth = Auth::TLS::Instance(); + } + TestHelloWorldCompilation( &repo_config, &stats, &progress, [&] { - return BazelApi::Ptr{new BazelApi{ - "remote-execution", info->host, info->port, config}}; + return BazelApi::Ptr{new BazelApi{"remote-execution", + info->host, + info->port, + auth ? &*auth : nullptr, + config}}; }, + auth ? &*auth : nullptr, false /* not hermetic */); } @@ -61,14 +80,23 @@ TEST_CASE("Executor<BazelApi>: Compile greeter", "[executor]") { auto const& info = RemoteExecutionConfig::RemoteAddress(); + std::optional<Auth::TLS> auth = {}; + if (Auth::Instance().GetAuthMethod() == AuthMethod::kTLS) { + auth = Auth::TLS::Instance(); + } + TestGreeterCompilation( &repo_config, &stats, &progress, [&] { - return BazelApi::Ptr{new BazelApi{ - "remote-execution", info->host, info->port, config}}; + return BazelApi::Ptr{new BazelApi{"remote-execution", + info->host, + info->port, + auth ? &*auth : nullptr, + config}}; }, + auth ? &*auth : nullptr, false /* not hermetic */); } @@ -81,14 +109,23 @@ TEST_CASE("Executor<BazelApi>: Upload and download trees", "[executor]") { auto const& info = RemoteExecutionConfig::RemoteAddress(); + std::optional<Auth::TLS> auth = {}; + if (Auth::Instance().GetAuthMethod() == AuthMethod::kTLS) { + auth = Auth::TLS::Instance(); + } + TestUploadAndDownloadTrees( &repo_config, &stats, &progress, [&] { - return BazelApi::Ptr{new BazelApi{ - "remote-execution", info->host, info->port, config}}; + return BazelApi::Ptr{new BazelApi{"remote-execution", + info->host, + info->port, + auth ? &*auth : nullptr, + config}}; }, + auth ? &*auth : nullptr, false /* not hermetic */); } @@ -101,13 +138,22 @@ TEST_CASE("Executor<BazelApi>: Retrieve output directories", "[executor]") { auto const& info = RemoteExecutionConfig::RemoteAddress(); + std::optional<Auth::TLS> auth = {}; + if (Auth::Instance().GetAuthMethod() == AuthMethod::kTLS) { + auth = Auth::TLS::Instance(); + } + TestRetrieveOutputDirectories( &repo_config, &stats, &progress, [&] { - return BazelApi::Ptr{new BazelApi{ - "remote-execution", info->host, info->port, config}}; + return BazelApi::Ptr{new BazelApi{"remote-execution", + info->host, + info->port, + auth ? &*auth : nullptr, + config}}; }, + auth ? &*auth : nullptr, false /* not hermetic */); } diff --git a/test/buildtool/graph_traverser/TARGETS b/test/buildtool/graph_traverser/TARGETS index 937f3b04..c67ded03 100644 --- a/test/buildtool/graph_traverser/TARGETS +++ b/test/buildtool/graph_traverser/TARGETS @@ -5,6 +5,7 @@ , "deps": [ ["@", "catch2", "", "catch2"] , ["@", "json", "", "json"] + , ["@", "src", "src/buildtool/auth", "auth"] , ["@", "src", "src/buildtool/common", "common"] , ["@", "src", "src/buildtool/execution_api/local", "config"] , ["@", "src", "src/buildtool/file_system", "file_system_manager"] @@ -40,6 +41,7 @@ [ "graph_traverser_tests" , ["@", "catch2", "", "catch2"] , ["utils", "catch-main-remote-execution"] + , ["@", "src", "src/buildtool/auth", "auth"] ] , "stage": ["test", "buildtool", "graph_traverser"] } diff --git a/test/buildtool/graph_traverser/graph_traverser.test.hpp b/test/buildtool/graph_traverser/graph_traverser.test.hpp index 3f235087..7d23dcd5 100644 --- a/test/buildtool/graph_traverser/graph_traverser.test.hpp +++ b/test/buildtool/graph_traverser/graph_traverser.test.hpp @@ -18,6 +18,7 @@ #include <chrono> #include <cstdlib> #include <filesystem> +#include <optional> #include <sstream> #include <string> #include <thread> @@ -26,6 +27,7 @@ #include "catch2/catch_test_macros.hpp" #include "nlohmann/json.hpp" +#include "src/buildtool/auth/authentication.hpp" #include "src/buildtool/common/statistics.hpp" #include "src/buildtool/execution_api/common/api_bundle.hpp" #include "src/buildtool/execution_api/local/config.hpp" @@ -150,6 +152,7 @@ inline void SetLauncher() { } // namespace [[maybe_unused]] static void TestHelloWorldCopyMessage( + Auth::TLS const* auth, bool is_hermetic = true) { TestProject p("hello_world_copy_message"); @@ -157,8 +160,8 @@ inline void SetLauncher() { auto const clargs = p.CmdLineArgs(); Statistics stats{}; Progress progress{}; - ApiBundle const apis{p.GetRepoConfig(), - RemoteExecutionConfig::RemoteAddress()}; + ApiBundle const apis{ + p.GetRepoConfig(), auth, RemoteExecutionConfig::RemoteAddress()}; GraphTraverser const gt{clargs.gtargs, p.GetRepoConfig(), RemoteExecutionConfig::PlatformProperties(), @@ -185,8 +188,8 @@ inline void SetLauncher() { SECTION("Executable is retrieved as executable") { auto const clargs_exec = p.CmdLineArgs("_entry_points_get_executable"); - ApiBundle const apis{p.GetRepoConfig(), - RemoteExecutionConfig::RemoteAddress()}; + ApiBundle const apis{ + p.GetRepoConfig(), auth, RemoteExecutionConfig::RemoteAddress()}; GraphTraverser const gt_get_exec{ clargs_exec.gtargs, p.GetRepoConfig(), @@ -214,15 +217,16 @@ inline void SetLauncher() { } } -[[maybe_unused]] static void TestCopyLocalFile(bool is_hermetic = true) { +[[maybe_unused]] static void TestCopyLocalFile(Auth::TLS const* auth, + bool is_hermetic = true) { TestProject p("copy_local_file"); SetLauncher(); auto const clargs = p.CmdLineArgs(); Statistics stats{}; Progress progress{}; - ApiBundle const apis{p.GetRepoConfig(), - RemoteExecutionConfig::RemoteAddress()}; + ApiBundle const apis{ + p.GetRepoConfig(), auth, RemoteExecutionConfig::RemoteAddress()}; GraphTraverser const gt{clargs.gtargs, p.GetRepoConfig(), RemoteExecutionConfig::PlatformProperties(), @@ -245,6 +249,7 @@ inline void SetLauncher() { } [[maybe_unused]] static void TestSequencePrinterBuildLibraryOnly( + Auth::TLS const* auth, bool is_hermetic = true) { TestProject p("sequence_printer_build_library_only"); @@ -252,8 +257,8 @@ inline void SetLauncher() { auto const clargs = p.CmdLineArgs(); Statistics stats{}; Progress progress{}; - ApiBundle const apis{p.GetRepoConfig(), - RemoteExecutionConfig::RemoteAddress()}; + ApiBundle const apis{ + p.GetRepoConfig(), auth, RemoteExecutionConfig::RemoteAddress()}; GraphTraverser const gt{clargs.gtargs, p.GetRepoConfig(), RemoteExecutionConfig::PlatformProperties(), @@ -296,6 +301,7 @@ inline void SetLauncher() { } [[maybe_unused]] static void TestHelloWorldWithKnownSource( + Auth::TLS const* auth, bool is_hermetic = true) { TestProject full_hello_world("hello_world_copy_message"); @@ -305,6 +311,7 @@ inline void SetLauncher() { Statistics stats{}; Progress progress{}; ApiBundle const apis{full_hello_world.GetRepoConfig(), + auth, RemoteExecutionConfig::RemoteAddress()}; GraphTraverser const gt_upload{clargs_update_cpp.gtargs, full_hello_world.GetRepoConfig(), @@ -353,15 +360,16 @@ inline void SetLauncher() { } } -static void TestBlobsUploadedAndUsed(bool is_hermetic = true) { +static void TestBlobsUploadedAndUsed(Auth::TLS const* auth, + bool is_hermetic = true) { TestProject p("use_uploaded_blobs"); auto const clargs = p.CmdLineArgs(); SetLauncher(); Statistics stats{}; Progress progress{}; - ApiBundle const apis{p.GetRepoConfig(), - RemoteExecutionConfig::RemoteAddress()}; + ApiBundle const apis{ + p.GetRepoConfig(), auth, RemoteExecutionConfig::RemoteAddress()}; GraphTraverser gt{clargs.gtargs, p.GetRepoConfig(), RemoteExecutionConfig::PlatformProperties(), @@ -391,15 +399,16 @@ static void TestBlobsUploadedAndUsed(bool is_hermetic = true) { } } -static void TestEnvironmentVariablesSetAndUsed(bool is_hermetic = true) { +static void TestEnvironmentVariablesSetAndUsed(Auth::TLS const* auth, + bool is_hermetic = true) { TestProject p("use_env_variables"); auto const clargs = p.CmdLineArgs(); SetLauncher(); Statistics stats{}; Progress progress{}; - ApiBundle const apis{p.GetRepoConfig(), - RemoteExecutionConfig::RemoteAddress()}; + ApiBundle const apis{ + p.GetRepoConfig(), auth, RemoteExecutionConfig::RemoteAddress()}; GraphTraverser gt{clargs.gtargs, p.GetRepoConfig(), RemoteExecutionConfig::PlatformProperties(), @@ -429,15 +438,15 @@ static void TestEnvironmentVariablesSetAndUsed(bool is_hermetic = true) { } } -static void TestTreesUsed(bool is_hermetic = true) { +static void TestTreesUsed(Auth::TLS const* auth, bool is_hermetic = true) { TestProject p("use_trees"); auto const clargs = p.CmdLineArgs(); SetLauncher(); Statistics stats{}; Progress progress{}; - ApiBundle const apis{p.GetRepoConfig(), - RemoteExecutionConfig::RemoteAddress()}; + ApiBundle const apis{ + p.GetRepoConfig(), auth, RemoteExecutionConfig::RemoteAddress()}; GraphTraverser gt{clargs.gtargs, p.GetRepoConfig(), RemoteExecutionConfig::PlatformProperties(), @@ -467,15 +476,16 @@ static void TestTreesUsed(bool is_hermetic = true) { } } -static void TestNestedTreesUsed(bool is_hermetic = true) { +static void TestNestedTreesUsed(Auth::TLS const* auth, + bool is_hermetic = true) { TestProject p("use_nested_trees"); auto const clargs = p.CmdLineArgs(); SetLauncher(); Statistics stats{}; Progress progress{}; - ApiBundle const apis{p.GetRepoConfig(), - RemoteExecutionConfig::RemoteAddress()}; + ApiBundle const apis{ + p.GetRepoConfig(), auth, RemoteExecutionConfig::RemoteAddress()}; GraphTraverser gt{clargs.gtargs, p.GetRepoConfig(), RemoteExecutionConfig::PlatformProperties(), @@ -505,13 +515,14 @@ static void TestNestedTreesUsed(bool is_hermetic = true) { } } -static void TestFlakyHelloWorldDetected(bool /*is_hermetic*/ = true) { +static void TestFlakyHelloWorldDetected(Auth::TLS const* auth, + bool /*is_hermetic*/ = true) { TestProject p("flaky_hello_world"); Statistics stats{}; Progress progress{}; - ApiBundle const apis{p.GetRepoConfig(), - RemoteExecutionConfig::RemoteAddress()}; + ApiBundle const apis{ + p.GetRepoConfig(), auth, RemoteExecutionConfig::RemoteAddress()}; { SetLauncher(); diff --git a/test/buildtool/graph_traverser/graph_traverser_local.test.cpp b/test/buildtool/graph_traverser/graph_traverser_local.test.cpp index bfb8a2e0..64d7189b 100644 --- a/test/buildtool/graph_traverser/graph_traverser_local.test.cpp +++ b/test/buildtool/graph_traverser/graph_traverser_local.test.cpp @@ -19,53 +19,53 @@ TEST_CASE_METHOD(HermeticLocalTestFixture, "Local: Output created when entry point is local artifact", "[graph_traverser]") { - TestCopyLocalFile(); + TestCopyLocalFile(/*auth=*/nullptr); } TEST_CASE_METHOD(HermeticLocalTestFixture, "Local: Output created and contents are correct", "[graph_traverser]") { - TestHelloWorldCopyMessage(); + TestHelloWorldCopyMessage(/*auth=*/nullptr); } TEST_CASE_METHOD(HermeticLocalTestFixture, "Local: Actions are not re-run", "[graph_traverser]") { - TestSequencePrinterBuildLibraryOnly(); + TestSequencePrinterBuildLibraryOnly(/*auth=*/nullptr); } TEST_CASE_METHOD(HermeticLocalTestFixture, "Local: KNOWN artifact", "[graph_traverser]") { - TestHelloWorldWithKnownSource(); + TestHelloWorldWithKnownSource(/*auth=*/nullptr); } TEST_CASE_METHOD(HermeticLocalTestFixture, "Local: Blobs uploaded and correctly used", "[graph_traverser]") { - TestBlobsUploadedAndUsed(); + TestBlobsUploadedAndUsed(/*auth=*/nullptr); } TEST_CASE_METHOD(HermeticLocalTestFixture, "Local: Environment variables are set and used", "[graph_traverser]") { - TestEnvironmentVariablesSetAndUsed(); + TestEnvironmentVariablesSetAndUsed(/*auth=*/nullptr); } TEST_CASE_METHOD(HermeticLocalTestFixture, "Local: Trees correctly used", "[graph_traverser]") { - TestTreesUsed(); + TestTreesUsed(/*auth=*/nullptr); } TEST_CASE_METHOD(HermeticLocalTestFixture, "Local: Nested trees correctly used", "[graph_traverser]") { - TestNestedTreesUsed(); + TestNestedTreesUsed(/*auth=*/nullptr); } TEST_CASE_METHOD(HermeticLocalTestFixture, "Local: Detect flaky actions", "[graph_traverser]") { - TestFlakyHelloWorldDetected(); + TestFlakyHelloWorldDetected(/*auth=*/nullptr); } diff --git a/test/buildtool/graph_traverser/graph_traverser_remote.test.cpp b/test/buildtool/graph_traverser/graph_traverser_remote.test.cpp index 48867d16..e33d5d27 100644 --- a/test/buildtool/graph_traverser/graph_traverser_remote.test.cpp +++ b/test/buildtool/graph_traverser/graph_traverser_remote.test.cpp @@ -12,44 +12,88 @@ // See the License for the specific language governing permissions and // limitations under the License. +#include <optional> + #include "catch2/catch_test_macros.hpp" +#include "src/buildtool/auth/authentication.hpp" #include "test/buildtool/graph_traverser/graph_traverser.test.hpp" TEST_CASE("Remote: Output created and contents are correct", "[graph_traverser]") { - TestHelloWorldCopyMessage(false /* not hermetic */); + std::optional<Auth::TLS> auth = {}; + if (Auth::Instance().GetAuthMethod() == AuthMethod::kTLS) { + auth = Auth::TLS::Instance(); + } + TestHelloWorldCopyMessage(auth ? &*auth : nullptr, + false /* not hermetic */); } TEST_CASE("Remote: Output created when entry point is local artifact", "[graph_traverser]") { - TestCopyLocalFile(false /* not hermetic */); + std::optional<Auth::TLS> auth = {}; + if (Auth::Instance().GetAuthMethod() == AuthMethod::kTLS) { + auth = Auth::TLS::Instance(); + } + TestCopyLocalFile(auth ? &*auth : nullptr, false /* not hermetic */); } TEST_CASE("Remote: Actions are not re-run", "[graph_traverser]") { - TestSequencePrinterBuildLibraryOnly(false /* not hermetic */); + std::optional<Auth::TLS> auth = {}; + if (Auth::Instance().GetAuthMethod() == AuthMethod::kTLS) { + auth = Auth::TLS::Instance(); + } + TestSequencePrinterBuildLibraryOnly(auth ? &*auth : nullptr, + false /* not hermetic */); } TEST_CASE("Remote: KNOWN artifact", "[graph_traverser]") { - TestHelloWorldWithKnownSource(false /* not hermetic */); + std::optional<Auth::TLS> auth = {}; + if (Auth::Instance().GetAuthMethod() == AuthMethod::kTLS) { + auth = Auth::TLS::Instance(); + } + TestHelloWorldWithKnownSource(auth ? &*auth : nullptr, + false /* not hermetic */); } TEST_CASE("Remote: Blobs uploaded and correctly used", "[graph_traverser]") { - TestBlobsUploadedAndUsed(false /* not hermetic */); + std::optional<Auth::TLS> auth = {}; + if (Auth::Instance().GetAuthMethod() == AuthMethod::kTLS) { + auth = Auth::TLS::Instance(); + } + TestBlobsUploadedAndUsed(auth ? &*auth : nullptr, false /* not hermetic */); } TEST_CASE("Remote: Environment variables are set and used", "[graph_traverser]") { - TestEnvironmentVariablesSetAndUsed(false /* not hermetic */); + std::optional<Auth::TLS> auth = {}; + if (Auth::Instance().GetAuthMethod() == AuthMethod::kTLS) { + auth = Auth::TLS::Instance(); + } + TestEnvironmentVariablesSetAndUsed(auth ? &*auth : nullptr, + false /* not hermetic */); } TEST_CASE("Remote: Trees correctly used", "[graph_traverser]") { - TestTreesUsed(false /* not hermetic */); + std::optional<Auth::TLS> auth = {}; + if (Auth::Instance().GetAuthMethod() == AuthMethod::kTLS) { + auth = Auth::TLS::Instance(); + } + TestTreesUsed(auth ? &*auth : nullptr, false /* not hermetic */); } TEST_CASE("Remote: Nested trees correctly used", "[graph_traverser]") { - TestNestedTreesUsed(false /* not hermetic */); + std::optional<Auth::TLS> auth = {}; + if (Auth::Instance().GetAuthMethod() == AuthMethod::kTLS) { + auth = Auth::TLS::Instance(); + } + TestNestedTreesUsed(auth ? &*auth : nullptr, false /* not hermetic */); } TEST_CASE("Remote: Detect flaky actions", "[graph_traverser]") { - TestFlakyHelloWorldDetected(false /* not hermetic */); + std::optional<Auth::TLS> auth = {}; + if (Auth::Instance().GetAuthMethod() == AuthMethod::kTLS) { + auth = Auth::TLS::Instance(); + } + TestFlakyHelloWorldDetected(auth ? &*auth : nullptr, + false /* not hermetic */); } |