diff options
author | Jakob Buchgraber <buchgr@google.com> | 2017-12-19 06:51:56 -0800 |
---|---|---|
committer | Copybara-Service <copybara-piper@google.com> | 2017-12-19 06:53:56 -0800 |
commit | f527577fcc27a06a3db5b9fdc426a71a1b96d5a4 (patch) | |
tree | ec57dedbcf15da43205fb17c52f7e5fe5fa40dd4 /src/main/java/com/google/devtools/build/lib/authandtls | |
parent | 905e30721ad566c3a940afbec06d73b134d5f064 (diff) |
remote: Allow auth scopes to be a comma-separated list.
--auth_scopes can be passed a comma-separated list of authentication
scopes.
Add "https://www.googleapis.com/auth/devstorage.read_write" to the list
of defaults. This scope is used when using Google Cloud Storage (GCS) as
a remote caching backend.
Change-Id: I62e6fed28b28737823ad6c70cbc5048b3a3190b5
PiperOrigin-RevId: 179548090
Diffstat (limited to 'src/main/java/com/google/devtools/build/lib/authandtls')
-rw-r--r-- | src/main/java/com/google/devtools/build/lib/authandtls/AuthAndTLSOptions.java | 21 | ||||
-rw-r--r-- | src/main/java/com/google/devtools/build/lib/authandtls/GoogleAuthUtils.java | 10 |
2 files changed, 23 insertions, 8 deletions
diff --git a/src/main/java/com/google/devtools/build/lib/authandtls/AuthAndTLSOptions.java b/src/main/java/com/google/devtools/build/lib/authandtls/AuthAndTLSOptions.java index 88cae094db..2f573f964f 100644 --- a/src/main/java/com/google/devtools/build/lib/authandtls/AuthAndTLSOptions.java +++ b/src/main/java/com/google/devtools/build/lib/authandtls/AuthAndTLSOptions.java @@ -14,11 +14,13 @@ package com.google.devtools.build.lib.authandtls; +import com.google.devtools.common.options.Converters.CommaSeparatedOptionListConverter; import com.google.devtools.common.options.Option; import com.google.devtools.common.options.OptionDocumentationCategory; import com.google.devtools.common.options.OptionEffectTag; import com.google.devtools.common.options.OptionMetadataTag; import com.google.devtools.common.options.OptionsBase; +import java.util.List; /** * Common options for authentication and TLS. @@ -37,15 +39,28 @@ public class AuthAndTLSOptions extends OptionsBase { ) public boolean authEnabled; + /** + * Comma-separated list of auth scopes. + * + * <ul> + * <li><b>https://www.googleapis.com/auth/cloud-source-tools</b> is the auth scope for Build + * Event Service (BES) and Remote Build Execution (RBE). + * <li><b>https://www.googleapis.com/auth/devstorage.read_write</b> is the auth scope for Google + * Cloud Storage (GCS). + * </ul> + */ @Option( name = "auth_scope", - defaultValue = "https://www.googleapis.com/auth/cloud-source-tools", + defaultValue = + "https://www.googleapis.com/auth/cloud-source-tools," + + "https://www.googleapis.com/auth/devstorage.read_write", + converter = CommaSeparatedOptionListConverter.class, category = "remote", documentationCategory = OptionDocumentationCategory.UNCATEGORIZED, effectTags = {OptionEffectTag.UNKNOWN}, - help = "If server authentication requires a scope, provide it here." + help = "A comma-separated list of authentication scopes." ) - public String authScope; + public List<String> authScope; @Option( name = "auth_credentials", diff --git a/src/main/java/com/google/devtools/build/lib/authandtls/GoogleAuthUtils.java b/src/main/java/com/google/devtools/build/lib/authandtls/GoogleAuthUtils.java index 63dda5014b..53fbefd699 100644 --- a/src/main/java/com/google/devtools/build/lib/authandtls/GoogleAuthUtils.java +++ b/src/main/java/com/google/devtools/build/lib/authandtls/GoogleAuthUtils.java @@ -18,7 +18,6 @@ import com.google.auth.Credentials; import com.google.auth.oauth2.GoogleCredentials; import com.google.common.annotations.VisibleForTesting; import com.google.common.base.Preconditions; -import com.google.common.collect.ImmutableList; import io.grpc.CallCredentials; import io.grpc.ManagedChannel; import io.grpc.auth.MoreCallCredentials; @@ -32,6 +31,7 @@ import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; +import java.util.List; import javax.annotation.Nullable; /** Utility methods for using {@link AuthAndTLSOptions} with Google Cloud. */ @@ -104,7 +104,7 @@ public final class GoogleAuthUtils { @VisibleForTesting public static CallCredentials newCallCredentials( - @Nullable InputStream credentialsFile, @Nullable String authScope) throws IOException { + @Nullable InputStream credentialsFile, List<String> authScope) throws IOException { Credentials creds = newCredentials(credentialsFile, authScope); if (creds != null) { return MoreCallCredentials.from(creds); @@ -139,14 +139,14 @@ public final class GoogleAuthUtils { } private static Credentials newCredentials( - @Nullable InputStream credentialsFile, @Nullable String authScope) throws IOException { + @Nullable InputStream credentialsFile, List<String> authScopes) throws IOException { try { GoogleCredentials creds = credentialsFile == null ? GoogleCredentials.getApplicationDefault() : GoogleCredentials.fromStream(credentialsFile); - if (authScope != null) { - creds = creds.createScoped(ImmutableList.of(authScope)); + if (!authScopes.isEmpty()) { + creds = creds.createScoped(authScopes); } return creds; } catch (IOException e) { |