diff options
author | Jakob Buchgraber <buchgr@google.com> | 2017-12-18 04:40:16 -0800 |
---|---|---|
committer | Copybara-Service <copybara-piper@google.com> | 2017-12-18 04:42:36 -0800 |
commit | dd11a0e2e7a143f89bca1be6e4cd56df0640dbe0 (patch) | |
tree | 92c56461e41fea6ac4b0e912dca36094fa9b5c0b /src/main/java/com/google/devtools/build/lib/authandtls | |
parent | 176f0a2a5f5f7987d340682715708ed45123b59d (diff) |
remote: Add support for Google Cloud Storage.
Add support for Google Cloud Storage (GCS) as a HTTP caching backend.
This commit mainly adds the infrastructure necessary to authenticate
to GCS.
Using GCS as a caching backend works as follows:
1) Create a new GCS bucket.
2) Create a service account that can read and write to the GCS bucket
and generate a JSON credentials file for it.
3) Invoke Bazel as follows:
bazel build
--remote_rest_cache=https://storage.googleapis.com/<bucket>
--auth_enabled
--auth_scope=https://www.googleapis.com/auth/devstorage.read_write
--auth_credentials=</path/to/creds.json>
I'll add simplification's and docs in a subsequent commit.
Change-Id: Ie827d7946a2193b97ea7d9aa72eb15f09de2164d
PiperOrigin-RevId: 179406380
Diffstat (limited to 'src/main/java/com/google/devtools/build/lib/authandtls')
-rw-r--r-- | src/main/java/com/google/devtools/build/lib/authandtls/GoogleAuthUtils.java (renamed from src/main/java/com/google/devtools/build/lib/authandtls/GrpcUtils.java) | 60 |
1 files changed, 40 insertions, 20 deletions
diff --git a/src/main/java/com/google/devtools/build/lib/authandtls/GrpcUtils.java b/src/main/java/com/google/devtools/build/lib/authandtls/GoogleAuthUtils.java index 5f1ff70c2d..63dda5014b 100644 --- a/src/main/java/com/google/devtools/build/lib/authandtls/GrpcUtils.java +++ b/src/main/java/com/google/devtools/build/lib/authandtls/GoogleAuthUtils.java @@ -14,6 +14,7 @@ package com.google.devtools.build.lib.authandtls; +import com.google.auth.Credentials; import com.google.auth.oauth2.GoogleCredentials; import com.google.common.annotations.VisibleForTesting; import com.google.common.base.Preconditions; @@ -33,15 +34,13 @@ import java.io.IOException; import java.io.InputStream; import javax.annotation.Nullable; -/** - * Utility methods for using {@link AuthAndTLSOptions} with gRPC. - */ -public final class GrpcUtils { +/** Utility methods for using {@link AuthAndTLSOptions} with Google Cloud. */ +public final class GoogleAuthUtils { /** * Create a new gRPC {@link ManagedChannel}. * - * @throws IOException in case the channel can't be constructed. + * @throws IOException in case the channel can't be constructed. */ public static ManagedChannel newChannel(String target, AuthAndTLSOptions options) throws IOException { @@ -54,8 +53,7 @@ public final class GrpcUtils { try { NettyChannelBuilder builder = NettyChannelBuilder.forTarget(target) - .negotiationType( - options.tlsEnabled ? NegotiationType.TLS : NegotiationType.PLAINTEXT) + .negotiationType(options.tlsEnabled ? NegotiationType.TLS : NegotiationType.PLAINTEXT) .loadBalancerFactory(RoundRobinLoadBalancerFactory.getInstance()); if (sslContext != null) { builder.sslContext(sslContext); @@ -77,8 +75,7 @@ public final class GrpcUtils { try { return GrpcSslContexts.forClient().build(); } catch (Exception e) { - String message = "Failed to init TLS infrastructure: " - + e.getMessage(); + String message = "Failed to init TLS infrastructure: " + e.getMessage(); throw new IOException(message, e); } } else { @@ -95,9 +92,32 @@ public final class GrpcUtils { /** * Create a new {@link CallCredentials} object. * - * @throws IOException in case the call credentials can't be constructed. + * @throws IOException in case the call credentials can't be constructed. */ public static CallCredentials newCallCredentials(AuthAndTLSOptions options) throws IOException { + Credentials creds = newCredentials(options); + if (creds != null) { + return MoreCallCredentials.from(creds); + } + return null; + } + + @VisibleForTesting + public static CallCredentials newCallCredentials( + @Nullable InputStream credentialsFile, @Nullable String authScope) throws IOException { + Credentials creds = newCredentials(credentialsFile, authScope); + if (creds != null) { + return MoreCallCredentials.from(creds); + } + return null; + } + + /** + * Create a new {@link Credentials} object. + * + * @throws IOException in case the credentials can't be constructed. + */ + public static Credentials newCredentials(AuthAndTLSOptions options) throws IOException { if (!options.authEnabled) { return null; } @@ -105,20 +125,21 @@ public final class GrpcUtils { if (options.authCredentials != null) { // Credentials from file try (InputStream authFile = new FileInputStream(options.authCredentials)) { - return newCallCredentials(authFile, options.authScope); + return newCredentials(authFile, options.authScope); } catch (FileNotFoundException e) { - String message = String.format("Could not open auth credentials file '%s': %s", - options.authCredentials, e.getMessage()); + String message = + String.format( + "Could not open auth credentials file '%s': %s", + options.authCredentials, e.getMessage()); throw new IOException(message, e); } } // Google Application Default Credentials - return newCallCredentials(null, options.authScope); + return newCredentials(null, options.authScope); } - @VisibleForTesting - public static CallCredentials newCallCredentials(@Nullable InputStream credentialsFile, - @Nullable String authScope) throws IOException { + private static Credentials newCredentials( + @Nullable InputStream credentialsFile, @Nullable String authScope) throws IOException { try { GoogleCredentials creds = credentialsFile == null @@ -127,10 +148,9 @@ public final class GrpcUtils { if (authScope != null) { creds = creds.createScoped(ImmutableList.of(authScope)); } - return MoreCallCredentials.from(creds); + return creds; } catch (IOException e) { - String message = "Failed to init auth credentials: " - + e.getMessage(); + String message = "Failed to init auth credentials: " + e.getMessage(); throw new IOException(message, e); } } |