diff options
Diffstat (limited to 'src/main/java')
-rw-r--r-- | src/main/java/com/google/devtools/build/lib/authandtls/AuthAndTLSOptions.java | 21 | ||||
-rw-r--r-- | src/main/java/com/google/devtools/build/lib/authandtls/GoogleAuthUtils.java | 10 |
2 files changed, 23 insertions, 8 deletions
diff --git a/src/main/java/com/google/devtools/build/lib/authandtls/AuthAndTLSOptions.java b/src/main/java/com/google/devtools/build/lib/authandtls/AuthAndTLSOptions.java index 88cae094db..2f573f964f 100644 --- a/src/main/java/com/google/devtools/build/lib/authandtls/AuthAndTLSOptions.java +++ b/src/main/java/com/google/devtools/build/lib/authandtls/AuthAndTLSOptions.java @@ -14,11 +14,13 @@ package com.google.devtools.build.lib.authandtls; +import com.google.devtools.common.options.Converters.CommaSeparatedOptionListConverter; import com.google.devtools.common.options.Option; import com.google.devtools.common.options.OptionDocumentationCategory; import com.google.devtools.common.options.OptionEffectTag; import com.google.devtools.common.options.OptionMetadataTag; import com.google.devtools.common.options.OptionsBase; +import java.util.List; /** * Common options for authentication and TLS. @@ -37,15 +39,28 @@ public class AuthAndTLSOptions extends OptionsBase { ) public boolean authEnabled; + /** + * Comma-separated list of auth scopes. + * + * <ul> + * <li><b>https://www.googleapis.com/auth/cloud-source-tools</b> is the auth scope for Build + * Event Service (BES) and Remote Build Execution (RBE). + * <li><b>https://www.googleapis.com/auth/devstorage.read_write</b> is the auth scope for Google + * Cloud Storage (GCS). + * </ul> + */ @Option( name = "auth_scope", - defaultValue = "https://www.googleapis.com/auth/cloud-source-tools", + defaultValue = + "https://www.googleapis.com/auth/cloud-source-tools," + + "https://www.googleapis.com/auth/devstorage.read_write", + converter = CommaSeparatedOptionListConverter.class, category = "remote", documentationCategory = OptionDocumentationCategory.UNCATEGORIZED, effectTags = {OptionEffectTag.UNKNOWN}, - help = "If server authentication requires a scope, provide it here." + help = "A comma-separated list of authentication scopes." ) - public String authScope; + public List<String> authScope; @Option( name = "auth_credentials", diff --git a/src/main/java/com/google/devtools/build/lib/authandtls/GoogleAuthUtils.java b/src/main/java/com/google/devtools/build/lib/authandtls/GoogleAuthUtils.java index 63dda5014b..53fbefd699 100644 --- a/src/main/java/com/google/devtools/build/lib/authandtls/GoogleAuthUtils.java +++ b/src/main/java/com/google/devtools/build/lib/authandtls/GoogleAuthUtils.java @@ -18,7 +18,6 @@ import com.google.auth.Credentials; import com.google.auth.oauth2.GoogleCredentials; import com.google.common.annotations.VisibleForTesting; import com.google.common.base.Preconditions; -import com.google.common.collect.ImmutableList; import io.grpc.CallCredentials; import io.grpc.ManagedChannel; import io.grpc.auth.MoreCallCredentials; @@ -32,6 +31,7 @@ import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; +import java.util.List; import javax.annotation.Nullable; /** Utility methods for using {@link AuthAndTLSOptions} with Google Cloud. */ @@ -104,7 +104,7 @@ public final class GoogleAuthUtils { @VisibleForTesting public static CallCredentials newCallCredentials( - @Nullable InputStream credentialsFile, @Nullable String authScope) throws IOException { + @Nullable InputStream credentialsFile, List<String> authScope) throws IOException { Credentials creds = newCredentials(credentialsFile, authScope); if (creds != null) { return MoreCallCredentials.from(creds); @@ -139,14 +139,14 @@ public final class GoogleAuthUtils { } private static Credentials newCredentials( - @Nullable InputStream credentialsFile, @Nullable String authScope) throws IOException { + @Nullable InputStream credentialsFile, List<String> authScopes) throws IOException { try { GoogleCredentials creds = credentialsFile == null ? GoogleCredentials.getApplicationDefault() : GoogleCredentials.fromStream(credentialsFile); - if (authScope != null) { - creds = creds.createScoped(ImmutableList.of(authScope)); + if (!authScopes.isEmpty()) { + creds = creds.createScoped(authScopes); } return creds; } catch (IOException e) { |