remote: rename auth flags.

--auth_* flags only work with Google Cloud Authentication. That's
confusing and restricts the naming of more general purpose authentication
flags that we might want to add in the future. So instead of --auth_*
let's call them --google_* (the old ones will continue working for a
while).

Also, --auth_enabled (aka --google_default_credentials) is no longer required
when specifying --auth_credentials (aka --google_credentials).

So now there's two simple ways to authenticate with Google Cloud:
 * bazel build --google_default_credentials
 * bazel build --google_credentials=creds.json

RELNOTES: --auth_* flags were renamed to --google_* flags. The old names
will continue to work for this release but will be removed in the next
release.

Change-Id: Ia1736f32e15a37995be3172cd9608d518ddeab44
PiperOrigin-RevId: 179700832

3 files changed, 27 insertions, 28 deletions

diff --git a/src/main/java/com/google/devtools/build/lib/authandtls/AuthAndTLSOptions.java b/src/main/java/com/google/devtools/build/lib/authandtls/AuthAndTLSOptions.java
index 2f573f964f..4965570857 100644
--- a/src/main/java/com/google/devtools/build/lib/authandtls/AuthAndTLSOptions.java
+++ b/src/main/java/com/google/devtools/build/lib/authandtls/AuthAndTLSOptions.java
@@ -27,17 +27,17 @@ import java.util.List;
  */
 public class AuthAndTLSOptions extends OptionsBase {
   @Option(
-    name = "auth_enabled",
+    name = "google_default_credentials",
+    oldName = "auth_enabled",
     defaultValue = "false",
     category = "remote",
     documentationCategory = OptionDocumentationCategory.UNCATEGORIZED,
     effectTags = {OptionEffectTag.UNKNOWN},
     help =
-        "Whether to enable authentication for remote execution/caching and the build event "
-            + "service (BES). If not otherwise specified 'Google Application Default Credentials' "
-            + "are used. Disabled by default."
+        "Whether to use 'Google Application Default Credentials' for authentication."
+            + " See https://cloud.google.com/docs/authentication for details. Disabled by default."
   )
-  public boolean authEnabled;
+  public boolean useGoogleDefaultCredentials;
 
   /**
    * Comma-separated list of auth scopes.
@@ -50,7 +50,8 @@ public class AuthAndTLSOptions extends OptionsBase {
    * </ul>
    */
   @Option(
-    name = "auth_scope",
+    name = "google_auth_scopes",
+    oldName = "auth_scope",
     defaultValue =
         "https://www.googleapis.com/auth/cloud-source-tools,"
             + "https://www.googleapis.com/auth/devstorage.read_write",
@@ -58,22 +59,22 @@ public class AuthAndTLSOptions extends OptionsBase {
     category = "remote",
     documentationCategory = OptionDocumentationCategory.UNCATEGORIZED,
     effectTags = {OptionEffectTag.UNKNOWN},
-    help = "A comma-separated list of authentication scopes."
+    help = "A comma-separated list of Google Cloud authentication scopes."
   )
-  public List<String> authScope;
+  public List<String> googleAuthScopes;
 
   @Option(
-    name = "auth_credentials",
+    name = "google_credentials",
+    oldName = "auth_credentials",
     defaultValue = "null",
     category = "remote",
     documentationCategory = OptionDocumentationCategory.UNCATEGORIZED,
     effectTags = {OptionEffectTag.UNKNOWN},
     help =
         "Specifies the file to get authentication credentials from. See "
-            + "https://cloud.google.com/docs/authentication for more details. 'Google Application "
-            + "Default Credentials' are used by default."
+            + "https://cloud.google.com/docs/authentication for details."
   )
-  public String authCredentials;
+  public String googleCredentials;
 
   @Option(
     name = "tls_enabled",
diff --git a/src/main/java/com/google/devtools/build/lib/authandtls/GoogleAuthUtils.java b/src/main/java/com/google/devtools/build/lib/authandtls/GoogleAuthUtils.java
index 53fbefd699..28682aef5d 100644
--- a/src/main/java/com/google/devtools/build/lib/authandtls/GoogleAuthUtils.java
+++ b/src/main/java/com/google/devtools/build/lib/authandtls/GoogleAuthUtils.java
@@ -118,24 +118,22 @@ public final class GoogleAuthUtils {
    * @throws IOException in case the credentials can't be constructed.
    */
   public static Credentials newCredentials(AuthAndTLSOptions options) throws IOException {
-    if (!options.authEnabled) {
-      return null;
-    }
-
-    if (options.authCredentials != null) {
+    if (options.googleCredentials != null) {
       // Credentials from file
-      try (InputStream authFile = new FileInputStream(options.authCredentials)) {
-        return newCredentials(authFile, options.authScope);
+      try (InputStream authFile = new FileInputStream(options.googleCredentials)) {
+        return newCredentials(authFile, options.googleAuthScopes);
       } catch (FileNotFoundException e) {
         String message =
             String.format(
                 "Could not open auth credentials file '%s': %s",
-                options.authCredentials, e.getMessage());
+                options.googleCredentials, e.getMessage());
         throw new IOException(message, e);
       }
+    } else if (options.useGoogleDefaultCredentials) {
+      return newCredentials(
+          null /* Google Application Default Credentials */, options.googleAuthScopes);
     }
-    // Google Application Default Credentials
-    return newCredentials(null, options.authScope);
+    return null;
   }
 
   private static Credentials newCredentials(
diff --git a/src/test/java/com/google/devtools/build/lib/remote/GrpcRemoteCacheTest.java b/src/test/java/com/google/devtools/build/lib/remote/GrpcRemoteCacheTest.java
index 83d4efdfd0..0b220aa3d1 100644
--- a/src/test/java/com/google/devtools/build/lib/remote/GrpcRemoteCacheTest.java
+++ b/src/test/java/com/google/devtools/build/lib/remote/GrpcRemoteCacheTest.java
@@ -141,9 +141,9 @@ public class GrpcRemoteCacheTest {
 
   private GrpcRemoteCache newClient() throws IOException {
     AuthAndTLSOptions authTlsOptions = Options.getDefaults(AuthAndTLSOptions.class);
-    authTlsOptions.authEnabled = true;
-    authTlsOptions.authCredentials = "/exec/root/creds.json";
-    authTlsOptions.authScope = ImmutableList.of("dummy.scope");
+    authTlsOptions.useGoogleDefaultCredentials = true;
+    authTlsOptions.googleCredentials = "/exec/root/creds.json";
+    authTlsOptions.googleAuthScopes = ImmutableList.of("dummy.scope");
 
     GenericJson json = new GenericJson();
     json.put("type", "authorized_user");
@@ -151,12 +151,12 @@ public class GrpcRemoteCacheTest {
     json.put("client_secret", "foo");
     json.put("refresh_token", "bar");
     Scratch scratch = new Scratch();
-    scratch.file(authTlsOptions.authCredentials, new JacksonFactory().toString(json));
+    scratch.file(authTlsOptions.googleCredentials, new JacksonFactory().toString(json));
 
     CallCredentials creds =
         GoogleAuthUtils.newCallCredentials(
-            scratch.resolve(authTlsOptions.authCredentials).getInputStream(),
-            authTlsOptions.authScope);
+            scratch.resolve(authTlsOptions.googleCredentials).getInputStream(),
+            authTlsOptions.googleAuthScopes);
     RemoteOptions remoteOptions = Options.getDefaults(RemoteOptions.class);
     RemoteRetrier retrier =
         new RemoteRetrier(