[credentialhelper] Add parser for flag syntax

Progress on bazelbuild#15856
EngFlow · Jul 18, 2022 · 589d95b · 589d95b
1 parent 33516e2
commit 589d95b
Show file tree

Hide file tree

Showing 6 changed files with 303 additions and 2 deletions.
diff --git a/...main/java/com/google/devtools/build/lib/authandtls/credentialhelper/CredentialHelper.java b/...main/java/com/google/devtools/build/lib/authandtls/credentialhelper/CredentialHelper.java
@@ -49,7 +49,7 @@ public final class CredentialHelper {
   }
 
   @VisibleForTesting
-  Path getPath() {
+  public Path getPath() {
     return path;
   }
 

diff --git a/...a/com/google/devtools/build/lib/authandtls/credentialhelper/CredentialHelperProvider.java b/...a/com/google/devtools/build/lib/authandtls/credentialhelper/CredentialHelperProvider.java
@@ -129,6 +129,23 @@ private void checkHelper(Path path) throws IOException {
           path.isExecutable(), "Credential helper %s is not executable", path);
     }
 
+    /**
+     * Adds a credential helper to use for all {@link URI}s matching the provided pattern, or as
+     * default credential helper if {@code pattern} is empty.
+     *
+     * <p>See {@link #add(String, Path)} for the syntax of {@code pattern}.
+     */
+    public Builder add(Optional<String> pattern, Path helper) throws IOException {
+      Preconditions.checkNotNull(pattern);
+      Preconditions.checkNotNull(helper);
+
+      if (pattern.isPresent()) {
+        return add(pattern.get(), helper);
+      } else {
+        return add(helper);
+      }
+    }
+
     /**
      * Adds a default credential helper to use for all {@link URI}s that don't specify a more
      * specific credential helper.

diff --git a/src/main/java/com/google/devtools/build/lib/remote/BUILD b/src/main/java/com/google/devtools/build/lib/remote/BUILD
@@ -59,6 +59,7 @@ java_library(
         "//src/main/java/com/google/devtools/build/lib/analysis:top_level_artifact_context",
         "//src/main/java/com/google/devtools/build/lib/analysis/platform:platform_utils",
         "//src/main/java/com/google/devtools/build/lib/authandtls",
+        "//src/main/java/com/google/devtools/build/lib/authandtls/credentialhelper",
         "//src/main/java/com/google/devtools/build/lib/bazel/repository/downloader",
         "//src/main/java/com/google/devtools/build/lib/buildeventstream",
         "//src/main/java/com/google/devtools/build/lib/clock",
@@ -102,6 +103,7 @@ java_library(
         "//src/main/java/com/google/devtools/common/options",
         "//src/main/protobuf:failure_details_java_proto",
         "//third_party:auth",
+        "//third_party:auto_value",
         "//third_party:caffeine",
         "//third_party:flogger",
         "//third_party:guava",

diff --git a/src/main/java/com/google/devtools/build/lib/remote/RemoteModule.java b/src/main/java/com/google/devtools/build/lib/remote/RemoteModule.java
@@ -19,6 +19,7 @@
 import build.bazel.remote.execution.v2.DigestFunction;
 import build.bazel.remote.execution.v2.ServerCapabilities;
 import com.google.auth.Credentials;
+import com.google.auto.value.AutoValue;
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Ascii;
 import com.google.common.base.Preconditions;
@@ -50,6 +51,8 @@
 import com.google.devtools.build.lib.authandtls.Netrc;
 import com.google.devtools.build.lib.authandtls.NetrcCredentials;
 import com.google.devtools.build.lib.authandtls.NetrcParser;
+import com.google.devtools.build.lib.authandtls.credentialhelper.CredentialHelperEnvironment;
+import com.google.devtools.build.lib.authandtls.credentialhelper.CredentialHelperProvider;
 import com.google.devtools.build.lib.bazel.repository.downloader.Downloader;
 import com.google.devtools.build.lib.buildeventstream.BuildEventArtifactUploader;
 import com.google.devtools.build.lib.buildeventstream.LocalFilesArtifactUploader;
@@ -78,6 +81,7 @@
 import com.google.devtools.build.lib.runtime.BuildEventArtifactUploaderFactory;
 import com.google.devtools.build.lib.runtime.Command;
 import com.google.devtools.build.lib.runtime.CommandEnvironment;
+import com.google.devtools.build.lib.runtime.CommandLinePathFactory;
 import com.google.devtools.build.lib.runtime.RepositoryRemoteExecutor;
 import com.google.devtools.build.lib.runtime.RepositoryRemoteExecutorFactory;
 import com.google.devtools.build.lib.runtime.ServerBuilder;
@@ -1130,4 +1134,53 @@ static Credentials newCredentials(
 
     return creds;
   }
+
+  @VisibleForTesting
+  static CredentialHelperProvider newCredentialHelperProvider(
+      CredentialHelperEnvironment environment,
+      CommandLinePathFactory pathFactory,
+      List<String> inputs)
+      throws IOException {
+    Preconditions.checkNotNull(environment);
+    Preconditions.checkNotNull(pathFactory);
+    Preconditions.checkNotNull(inputs);
+
+    CredentialHelperProvider.Builder builder = CredentialHelperProvider.builder();
+    for (String input : inputs) {
+      ScopedCredentialHelper helper = parseCredentialHelperFlag(environment, pathFactory, input);
+      builder.add(helper.getScope(), helper.getPath());
+    }
+    return builder.build();
+  }
+
+  @VisibleForTesting
+  static ScopedCredentialHelper parseCredentialHelperFlag(
+      CredentialHelperEnvironment environment, CommandLinePathFactory pathFactory, String input)
+      throws IOException {
+    Preconditions.checkNotNull(environment);
+    Preconditions.checkNotNull(pathFactory);
+    Preconditions.checkNotNull(input);
+
+    int pos = input.indexOf('=');
+    if (pos > 0) {
+      String scope = input.substring(0, pos);
+      String path = input.substring(pos + 1);
+      return new AutoValue_RemoteModule_ScopedCredentialHelper(
+          Optional.of(scope), pathFactory.create(environment.getClientEnvironment(), path));
+    }
+
+    // `input` does not specify a scope.
+    return new AutoValue_RemoteModule_ScopedCredentialHelper(
+        Optional.empty(), pathFactory.create(environment.getClientEnvironment(), input));
+  }
+
+  @VisibleForTesting
+  @AutoValue
+  static abstract class ScopedCredentialHelper {
+    /** Returns the scope of the credential helper (if any). */
+    public abstract Optional<String> getScope();
+
+    /** Returns the path of the credential helper. */
+    public abstract Path getPath();
+  }
 }
diff --git a/src/test/java/com/google/devtools/build/lib/remote/BUILD b/src/test/java/com/google/devtools/build/lib/remote/BUILD
@@ -56,6 +56,7 @@ java_test(
         "//src/main/java/com/google/devtools/build/lib/analysis:server_directories",
         "//src/main/java/com/google/devtools/build/lib/analysis/platform:platform_utils",
         "//src/main/java/com/google/devtools/build/lib/authandtls",
+        "//src/main/java/com/google/devtools/build/lib/authandtls/credentialhelper",
         "//src/main/java/com/google/devtools/build/lib/buildeventstream",
         "//src/main/java/com/google/devtools/build/lib/clock",
         "//src/main/java/com/google/devtools/build/lib/collect/nestedset",