From c30b38e2aa05defb08c4152b1e6e0eee5c63a792 Mon Sep 17 00:00:00 2001 From: buchgr Date: Fri, 19 May 2017 17:30:10 +0200 Subject: Remote+BES: Stabilize command line flags. Update the command line flags used by remote execution/caching as well as the build event service (BES). Major changes: - Remote execution/caching and BES share flags for authentication and TLS. - Removed API Key authentication from BES, as it's not being used. - Add TLS support to BES upload. - Add --bes_project_id flag. If set, the value is propagated as part of BES lifecycle events. For reviewers: Start your review at CommonRemoteAndBesOptions, BuildEventServiceOptions and RemoteOptions. The other changes are mostly automatic IDE renames of fields and flag updates in shell script tests. RELNOTES: None. PiperOrigin-RevId: 156553857 --- .../build/lib/remote/CachedLocalSpawnRunner.java | 2 +- .../devtools/build/lib/remote/ChannelOptions.java | 21 +++--- .../devtools/build/lib/remote/GrpcActionCache.java | 6 +- .../build/lib/remote/GrpcRemoteExecutor.java | 8 +-- .../com/google/devtools/build/lib/remote/README.md | 8 +-- .../lib/remote/RemoteActionContextProvider.java | 2 + .../devtools/build/lib/remote/RemoteModule.java | 4 +- .../devtools/build/lib/remote/RemoteOptions.java | 82 ++++------------------ .../build/lib/remote/RemoteSpawnRunner.java | 14 ++-- .../build/lib/remote/RemoteSpawnStrategy.java | 44 ++++++------ .../build/lib/remote/SimpleBlobStoreFactory.java | 4 +- .../build/lib/runtime/AuthAndTLSOptions.java | 79 +++++++++++++++++++++ 12 files changed, 158 insertions(+), 116 deletions(-) create mode 100644 src/main/java/com/google/devtools/build/lib/runtime/AuthAndTLSOptions.java (limited to 'src/main/java/com/google/devtools/build/lib') diff --git a/src/main/java/com/google/devtools/build/lib/remote/CachedLocalSpawnRunner.java b/src/main/java/com/google/devtools/build/lib/remote/CachedLocalSpawnRunner.java index fb7241eb7b..87da7c2405 100644 --- a/src/main/java/com/google/devtools/build/lib/remote/CachedLocalSpawnRunner.java +++ b/src/main/java/com/google/devtools/build/lib/remote/CachedLocalSpawnRunner.java @@ -126,7 +126,7 @@ final class CachedLocalSpawnRunner implements SpawnRunner { } } SpawnResult spawnResult = delegate.exec(spawn, policy); - if (options.remoteLocalExecUploadResults + if (options.remoteUploadLocalResults && spawnResult.status() == Status.SUCCESS && spawnResult.exitCode() == 0) { writeCacheEntry(spawn, policy.getFileOutErr(), actionKey); diff --git a/src/main/java/com/google/devtools/build/lib/remote/ChannelOptions.java b/src/main/java/com/google/devtools/build/lib/remote/ChannelOptions.java index d6bfa79ebd..7fa5c9e276 100644 --- a/src/main/java/com/google/devtools/build/lib/remote/ChannelOptions.java +++ b/src/main/java/com/google/devtools/build/lib/remote/ChannelOptions.java @@ -18,6 +18,7 @@ import com.google.auth.oauth2.GoogleCredentials; import com.google.common.annotations.VisibleForTesting; import com.google.common.collect.ImmutableList; import com.google.devtools.build.lib.concurrent.ThreadSafety.ThreadSafe; +import com.google.devtools.build.lib.runtime.AuthAndTLSOptions; import io.grpc.CallCredentials; import io.grpc.auth.MoreCallCredentials; import io.grpc.netty.GrpcSslContexts; @@ -72,12 +73,13 @@ public final class ChannelOptions { return maxMessageSize; } - public static ChannelOptions create(RemoteOptions options) { + public static ChannelOptions create(AuthAndTLSOptions options, int grpcMaxChunkSizeBytes) { try { return create( options, - options.authCredentialsJson != null - ? new FileInputStream(options.authCredentialsJson) + grpcMaxChunkSizeBytes, + options.authCredentials != null + ? new FileInputStream(options.authCredentials) : null); } catch (IOException e) { throw new IllegalArgumentException( @@ -86,18 +88,19 @@ public final class ChannelOptions { } @VisibleForTesting - public static ChannelOptions create( - RemoteOptions options, @Nullable InputStream credentialsInputStream) { + public static ChannelOptions create(AuthAndTLSOptions options, int grpcMaxChunkSizeBytes, + @Nullable InputStream credentialsInputStream) { boolean tlsEnabled = options.tlsEnabled; SslContext sslContext = null; String tlsAuthorityOverride = options.tlsAuthorityOverride; CallCredentials credentials = null; - if (options.tlsEnabled && options.tlsCert != null) { + if (options.tlsEnabled && options.tlsCertificate != null) { try { - sslContext = GrpcSslContexts.forClient().trustManager(new File(options.tlsCert)).build(); + sslContext = + GrpcSslContexts.forClient().trustManager(new File(options.tlsCertificate)).build(); } catch (SSLException e) { throw new IllegalArgumentException( - "SSL error initializing cert " + options.tlsCert + " : " + e); + "SSL error initializing cert " + options.tlsCertificate + " : " + e); } } if (options.authEnabled) { @@ -118,7 +121,7 @@ public final class ChannelOptions { final int maxMessageSize = Math.max( 4 * 1024 * 1024 /* GrpcUtil.DEFAULT_MAX_MESSAGE_SIZE */, - options.grpcMaxChunkSizeBytes + CHUNK_MESSAGE_OVERHEAD); + grpcMaxChunkSizeBytes + CHUNK_MESSAGE_OVERHEAD); return new ChannelOptions( tlsEnabled, sslContext, tlsAuthorityOverride, credentials, maxMessageSize); } diff --git a/src/main/java/com/google/devtools/build/lib/remote/GrpcActionCache.java b/src/main/java/com/google/devtools/build/lib/remote/GrpcActionCache.java index 67b04a969a..d85125f15c 100644 --- a/src/main/java/com/google/devtools/build/lib/remote/GrpcActionCache.java +++ b/src/main/java/com/google/devtools/build/lib/remote/GrpcActionCache.java @@ -87,9 +87,9 @@ public class GrpcActionCache implements RemoteActionCache { Channel channel, RemoteOptions options, ChannelOptions channelOptions) { this.options = options; this.casIface = - GrpcInterfaces.casInterface(options.grpcTimeoutSeconds, channel, channelOptions); + GrpcInterfaces.casInterface(options.remoteTimeout, channel, channelOptions); this.iface = - GrpcInterfaces.executionCacheInterface(options.grpcTimeoutSeconds, channel, channelOptions); + GrpcInterfaces.executionCacheInterface(options.remoteTimeout, channel, channelOptions); } public GrpcActionCache(RemoteOptions options, ChannelOptions channelOptions) { @@ -392,7 +392,7 @@ public class GrpcActionCache implements RemoteActionCache { while (batches++ < numItems) { finishLatch.countDown(); // Non-sent batches. } - finishLatch.await(options.grpcTimeoutSeconds, TimeUnit.SECONDS); + finishLatch.await(options.remoteTimeout, TimeUnit.SECONDS); if (exception.get() != null) { throw exception.get(); // Re-throw the first encountered exception. } diff --git a/src/main/java/com/google/devtools/build/lib/remote/GrpcRemoteExecutor.java b/src/main/java/com/google/devtools/build/lib/remote/GrpcRemoteExecutor.java index 1812d8f4f0..eb79c91919 100644 --- a/src/main/java/com/google/devtools/build/lib/remote/GrpcRemoteExecutor.java +++ b/src/main/java/com/google/devtools/build/lib/remote/GrpcRemoteExecutor.java @@ -25,7 +25,7 @@ import java.util.Iterator; @ThreadSafe public class GrpcRemoteExecutor extends GrpcActionCache { public static boolean isRemoteExecutionOptions(RemoteOptions options) { - return options.remoteWorker != null; + return options.remoteExecutor != null; } private final GrpcExecutionInterface executionIface; @@ -43,11 +43,11 @@ public class GrpcRemoteExecutor extends GrpcActionCache { ManagedChannel channel, ChannelOptions channelOptions, RemoteOptions options) { super( options, - GrpcInterfaces.casInterface(options.grpcTimeoutSeconds, channel, channelOptions), + GrpcInterfaces.casInterface(options.remoteTimeout, channel, channelOptions), GrpcInterfaces.executionCacheInterface( - options.grpcTimeoutSeconds, channel, channelOptions)); + options.remoteTimeout, channel, channelOptions)); this.executionIface = - GrpcInterfaces.executionInterface(options.grpcTimeoutSeconds, channel, channelOptions); + GrpcInterfaces.executionInterface(options.remoteTimeout, channel, channelOptions); } public ExecuteReply executeRemotely(ExecuteRequest request) { diff --git a/src/main/java/com/google/devtools/build/lib/remote/README.md b/src/main/java/com/google/devtools/build/lib/remote/README.md index 2b242c3bb5..ddcf7a9175 100644 --- a/src/main/java/com/google/devtools/build/lib/remote/README.md +++ b/src/main/java/com/google/devtools/build/lib/remote/README.md @@ -18,7 +18,7 @@ execution support. This option is always needed to support distributed caching and remote execution. -* ```build --spawn_strategy=remote --rest_cache_url=http://remote-cache:8080/cache``` +* ```build --spawn_strategy=remote --remote_rest_cache=http://remote-cache:8080/cache``` This option enables distributed caching with a REST endpoint that supports GET, HEAD and PUT. @@ -30,7 +30,7 @@ This option enables distributed caching using a gRPC content-addressable storage This option enables distributed caching using Hazelcast memory cluster as a content-addressable storage (CAS). Please watch for future announcement as this might be removed in favor of the REST endpoint. -* ```build --spawn_strategy=remote --remote_worker=grpc-builder:5000 --remote_cache=grpc-builder:5000``` +* ```build --spawn_strategy=remote --remote_executor=grpc-builder:5000 --remote_cache=grpc-builder:5000``` This option enables remote execution with a gRPC service at ```grpc-builder:5000```. Remote execution requires a distributed caching service, which is also at ```grpc-builder:5000```. @@ -150,7 +150,7 @@ following options to enable distributed caching. Change `http://server-address:p one that you provide. You may also put the options in `~/.bazelrc`. ``` -build --spawn_strategy=remote --rest_cache_url=http://server-address:port/cache +build --spawn_strategy=remote --remote_rest_cache=http://server-address:port/cache ``` ### Distributed caching with gRPC CAS endpoint @@ -261,5 +261,5 @@ memory cluster. Use the following build options. ``` -build --spawn_strategy=remote --remote_worker=localhost:8080 --remote_cache=localhost:8080 +build --spawn_strategy=remote --remote_executor=localhost:8080 --remote_cache=localhost:8080 ``` diff --git a/src/main/java/com/google/devtools/build/lib/remote/RemoteActionContextProvider.java b/src/main/java/com/google/devtools/build/lib/remote/RemoteActionContextProvider.java index b7c2830a62..261e130e8c 100644 --- a/src/main/java/com/google/devtools/build/lib/remote/RemoteActionContextProvider.java +++ b/src/main/java/com/google/devtools/build/lib/remote/RemoteActionContextProvider.java @@ -20,6 +20,7 @@ import com.google.devtools.build.lib.actions.Executor.ActionContext; import com.google.devtools.build.lib.buildtool.BuildRequest; import com.google.devtools.build.lib.exec.ActionContextProvider; import com.google.devtools.build.lib.exec.ExecutionOptions; +import com.google.devtools.build.lib.runtime.AuthAndTLSOptions; import com.google.devtools.build.lib.runtime.CommandEnvironment; /** @@ -38,6 +39,7 @@ final class RemoteActionContextProvider extends ActionContextProvider { env.getClientEnv(), env.getExecRoot(), buildRequest.getOptions(RemoteOptions.class), + buildRequest.getOptions(AuthAndTLSOptions.class), verboseFailures, env.getRuntime().getProductName())); this.strategies = strategiesBuilder.build(); diff --git a/src/main/java/com/google/devtools/build/lib/remote/RemoteModule.java b/src/main/java/com/google/devtools/build/lib/remote/RemoteModule.java index acc664285b..bbc20d2157 100644 --- a/src/main/java/com/google/devtools/build/lib/remote/RemoteModule.java +++ b/src/main/java/com/google/devtools/build/lib/remote/RemoteModule.java @@ -19,6 +19,7 @@ import com.google.common.eventbus.Subscribe; import com.google.devtools.build.lib.buildtool.BuildRequest; import com.google.devtools.build.lib.buildtool.buildevent.BuildStartingEvent; import com.google.devtools.build.lib.exec.ExecutorBuilder; +import com.google.devtools.build.lib.runtime.AuthAndTLSOptions; import com.google.devtools.build.lib.runtime.BlazeModule; import com.google.devtools.build.lib.runtime.Command; import com.google.devtools.build.lib.runtime.CommandEnvironment; @@ -67,7 +68,8 @@ public final class RemoteModule extends BlazeModule { @Override public Iterable> getCommandOptions(Command command) { return "build".equals(command.name()) - ? ImmutableList.>of(RemoteOptions.class) + ? ImmutableList.>of(RemoteOptions.class, + AuthAndTLSOptions.class) : ImmutableList.>of(); } } diff --git a/src/main/java/com/google/devtools/build/lib/remote/RemoteOptions.java b/src/main/java/com/google/devtools/build/lib/remote/RemoteOptions.java index 0c76aa3106..fcdb44a14a 100644 --- a/src/main/java/com/google/devtools/build/lib/remote/RemoteOptions.java +++ b/src/main/java/com/google/devtools/build/lib/remote/RemoteOptions.java @@ -20,14 +20,14 @@ import com.google.devtools.common.options.OptionsBase; /** Options for remote execution and distributed caching. */ public final class RemoteOptions extends OptionsBase { @Option( - name = "rest_cache_url", + name = "remote_rest_cache", defaultValue = "null", category = "remote", help = "A base URL for a RESTful cache server for storing build artifacts." + "It has to support PUT, GET, and HEAD requests." ) - public String restCacheUrl; + public String remoteRestCache; @Option( name = "hazelcast_node", @@ -56,18 +56,18 @@ public final class RemoteOptions extends OptionsBase { public int hazelcastStandaloneListenPort; @Option( - name = "remote_worker", + name = "remote_executor", defaultValue = "null", category = "remote", - help = "Hostname and port number of remote worker in the form of host:port. " + help = "HOST or HOST:PORT of a remote execution endpoint." ) - public String remoteWorker; + public String remoteExecutor; @Option( name = "remote_cache", defaultValue = "null", category = "remote", - help = "Hostname and port number of remote gRPC cache in the form of host:port. " + help = "HOST or HOST:PORT of a remote caching endpoint." ) public String remoteCache; @@ -96,12 +96,12 @@ public final class RemoteOptions extends OptionsBase { public int grpcMaxBatchSizeBytes; @Option( - name = "grpc_timeout_seconds", + name = "remote_timeout", defaultValue = "60", category = "remote", - help = "The maximal number of seconds to wait for remote calls." + help = "The maximum number of seconds to wait for remote execution and cache calls." ) - public int grpcTimeoutSeconds; + public int remoteTimeout; @Option( name = "remote_accept_cached", @@ -112,20 +112,20 @@ public final class RemoteOptions extends OptionsBase { public boolean remoteAcceptCached; @Option( - name = "remote_allow_local_fallback", + name = "remote_local_fallback", defaultValue = "true", category = "remote", - help = "Whether to fall back to standalone strategy if remote fails." + help = "Whether to fall back to standalone local execution strategy if remote execution fails." ) - public boolean remoteAllowLocalFallback; + public boolean remoteLocalFallback; @Option( - name = "remote_local_exec_upload_results", + name = "remote_upload_local_results", defaultValue = "true", category = "remote", - help = "Whether to upload action results to the remote cache after executing locally." + help = "Whether to upload locally executed action results to the remote cache." ) - public boolean remoteLocalExecUploadResults; + public boolean remoteUploadLocalResults; @Option( name = "experimental_remote_platform_override", @@ -134,56 +134,4 @@ public final class RemoteOptions extends OptionsBase { help = "Temporary, for testing only. Manually set a Platform to pass to remote execution." ) public String experimentalRemotePlatformOverride; - - @Option( - name = "auth_enabled", - defaultValue = "false", - category = "remote", - help = "Whether to enable API key authentication." - ) - public boolean authEnabled; - - @Option( - name = "auth_scope", - defaultValue = "null", - category = "remote", - help = "If server authentication requires a scope, provide it here." - ) - public String authScope; - - @Option( - name = "auth_credentials_json", - defaultValue = "null", - category = "remote", - help = "Location of credentials JSON file." - ) - public String authCredentialsJson; - - @Option( - name = "tls_enabled", - defaultValue = "false", - category = "remote", - help = - "If set to true, Bazel uses TLS encryption for all connections to remote cache and " - + "execution servers." - ) - public boolean tlsEnabled; - - @Option( - name = "tls_cert", - defaultValue = "null", - category = "remote", - help = "TLS certificate file to use." - ) - public String tlsCert; - - @Option( - name = "tls_authority_override", - defaultValue = "null", - category = "remote", - help = - "If present, consider the value of the flag a valid TLS authority. This is useful for " - + "using self-signed test TLS certificates. For testing only." - ) - public String tlsAuthorityOverride; } diff --git a/src/main/java/com/google/devtools/build/lib/remote/RemoteSpawnRunner.java b/src/main/java/com/google/devtools/build/lib/remote/RemoteSpawnRunner.java index e7025beee8..73fb45eefe 100644 --- a/src/main/java/com/google/devtools/build/lib/remote/RemoteSpawnRunner.java +++ b/src/main/java/com/google/devtools/build/lib/remote/RemoteSpawnRunner.java @@ -36,6 +36,7 @@ import com.google.devtools.build.lib.remote.RemoteProtocol.ExecuteRequest; import com.google.devtools.build.lib.remote.RemoteProtocol.ExecutionStatus; import com.google.devtools.build.lib.remote.RemoteProtocol.Platform; import com.google.devtools.build.lib.remote.TreeNodeRepository.TreeNode; +import com.google.devtools.build.lib.runtime.AuthAndTLSOptions; import com.google.devtools.build.lib.util.io.FileOutErr; import com.google.devtools.build.lib.vfs.Path; import com.google.devtools.build.lib.vfs.PathFragment; @@ -82,15 +83,18 @@ final class RemoteSpawnRunner implements SpawnRunner { RemoteSpawnRunner( Path execRoot, - RemoteOptions options) { - this(execRoot, options, connect(options)); + RemoteOptions options, + AuthAndTLSOptions authTlsOptions) { + this(execRoot, options, connect(options, authTlsOptions)); } - private static GrpcRemoteExecutor connect(RemoteOptions options) { + private static GrpcRemoteExecutor connect(RemoteOptions options, + AuthAndTLSOptions authTlsOptions) { Preconditions.checkArgument(GrpcRemoteExecutor.isRemoteExecutionOptions(options)); - ChannelOptions channelOptions = ChannelOptions.create(options); + ChannelOptions channelOptions = ChannelOptions.create(authTlsOptions, + options.grpcMaxChunkSizeBytes); return new GrpcRemoteExecutor( - RemoteUtils.createChannel(options.remoteWorker, channelOptions), channelOptions, options); + RemoteUtils.createChannel(options.remoteExecutor, channelOptions), channelOptions, options); } @Override diff --git a/src/main/java/com/google/devtools/build/lib/remote/RemoteSpawnStrategy.java b/src/main/java/com/google/devtools/build/lib/remote/RemoteSpawnStrategy.java index 9882da210b..537643990b 100644 --- a/src/main/java/com/google/devtools/build/lib/remote/RemoteSpawnStrategy.java +++ b/src/main/java/com/google/devtools/build/lib/remote/RemoteSpawnStrategy.java @@ -44,6 +44,7 @@ import com.google.devtools.build.lib.remote.RemoteProtocol.ExecutionStatus; import com.google.devtools.build.lib.remote.RemoteProtocol.Platform; import com.google.devtools.build.lib.remote.TreeNodeRepository.TreeNode; import com.google.devtools.build.lib.rules.fileset.FilesetActionContext; +import com.google.devtools.build.lib.runtime.AuthAndTLSOptions; import com.google.devtools.build.lib.standalone.StandaloneSpawnStrategy; import com.google.devtools.build.lib.util.io.FileOutErr; import com.google.devtools.build.lib.vfs.Path; @@ -71,7 +72,7 @@ final class RemoteSpawnStrategy implements SpawnActionContext { private final Path execRoot; private final StandaloneSpawnStrategy standaloneStrategy; private final boolean verboseFailures; - private final RemoteOptions options; + private final RemoteOptions remoteOptions; // TODO(olaola): This will be set on a per-action basis instead. private final Platform platform; private final ChannelOptions channelOptions; @@ -80,18 +81,20 @@ final class RemoteSpawnStrategy implements SpawnActionContext { RemoteSpawnStrategy( Map clientEnv, Path execRoot, - RemoteOptions options, + RemoteOptions remoteOptions, + AuthAndTLSOptions authTlsOptions, boolean verboseFailures, String productName) { this.execRoot = execRoot; this.standaloneStrategy = new StandaloneSpawnStrategy(execRoot, verboseFailures, productName); this.verboseFailures = verboseFailures; - this.options = options; - channelOptions = ChannelOptions.create(options); - if (options.experimentalRemotePlatformOverride != null) { + this.remoteOptions = remoteOptions; + channelOptions = ChannelOptions.create(authTlsOptions, remoteOptions.grpcMaxChunkSizeBytes); + if (remoteOptions.experimentalRemotePlatformOverride != null) { Platform.Builder platformBuilder = Platform.newBuilder(); try { - TextFormat.getParser().merge(options.experimentalRemotePlatformOverride, platformBuilder); + TextFormat.getParser().merge(remoteOptions.experimentalRemotePlatformOverride, + platformBuilder); } catch (ParseException e) { throw new IllegalArgumentException( "Failed to parse --experimental_remote_platform_override", e); @@ -139,7 +142,7 @@ final class RemoteSpawnStrategy implements SpawnActionContext { ActionKey actionKey) throws ExecException, InterruptedException { standaloneStrategy.exec(spawn, actionExecutionContext); - if (options.remoteLocalExecUploadResults && actionCache != null && actionKey != null) { + if (remoteOptions.remoteUploadLocalResults && actionCache != null && actionKey != null) { ArrayList outputFiles = new ArrayList<>(); for (ActionInput output : spawn.getOutputFiles()) { Path outputFile = execRoot.getRelative(output.getExecPathString()); @@ -214,19 +217,19 @@ final class RemoteSpawnStrategy implements SpawnActionContext { if (spawn.isRemotable()) { // Initialize remote cache and execution handlers. We use separate handlers for every // action to enable server-side parallelism (need a different gRPC channel per action). - if (SimpleBlobStoreFactory.isRemoteCacheOptions(options)) { - actionCache = new SimpleBlobStoreActionCache(SimpleBlobStoreFactory.create(options)); - } else if (GrpcActionCache.isRemoteCacheOptions(options)) { - actionCache = new GrpcActionCache(options, channelOptions); + if (SimpleBlobStoreFactory.isRemoteCacheOptions(remoteOptions)) { + actionCache = new SimpleBlobStoreActionCache(SimpleBlobStoreFactory.create(remoteOptions)); + } else if (GrpcActionCache.isRemoteCacheOptions(remoteOptions)) { + actionCache = new GrpcActionCache(remoteOptions, channelOptions); } // Otherwise actionCache remains null and remote caching/execution are disabled. - if (actionCache != null && GrpcRemoteExecutor.isRemoteExecutionOptions(options)) { + if (actionCache != null && GrpcRemoteExecutor.isRemoteExecutionOptions(remoteOptions)) { workExecutor = new GrpcRemoteExecutor( - RemoteUtils.createChannel(options.remoteWorker, channelOptions), + RemoteUtils.createChannel(remoteOptions.remoteExecutor, channelOptions), channelOptions, - options); + remoteOptions); } } if (!spawn.isRemotable() || actionCache == null) { @@ -260,9 +263,10 @@ final class RemoteSpawnStrategy implements SpawnActionContext { // Look up action cache, and reuse the action output if it is found. actionKey = ContentDigests.computeActionKey(action); - ActionResult result = - this.options.remoteAcceptCached ? actionCache.getCachedActionResult(actionKey) : null; - boolean acceptCachedResult = this.options.remoteAcceptCached; + ActionResult result = this.remoteOptions.remoteAcceptCached + ? actionCache.getCachedActionResult(actionKey) + : null; + boolean acceptCachedResult = this.remoteOptions.remoteAcceptCached; if (result != null) { // We don't cache failed actions, so we know the outputs exist. // For now, download all outputs locally; in the future, we can reuse the digests to @@ -304,7 +308,7 @@ final class RemoteSpawnStrategy implements SpawnActionContext { return; } if (status.getError() == ExecutionStatus.ErrorCode.EXEC_FAILED - || !options.remoteAllowLocalFallback) { + || !remoteOptions.remoteLocalFallback) { passRemoteOutErr(actionCache, result, actionExecutionContext.getFileOutErr()); throw new UserExecException(status.getErrorDetail()); } @@ -323,14 +327,14 @@ final class RemoteSpawnStrategy implements SpawnActionContext { stackTrace = "\n" + Throwables.getStackTraceAsString(e); } eventHandler.handle(Event.warn(mnemonic + " remote work failed (" + e + ")" + stackTrace)); - if (options.remoteAllowLocalFallback) { + if (remoteOptions.remoteLocalFallback) { execLocally(spawn, actionExecutionContext, actionCache, actionKey); } else { throw new UserExecException(e); } } catch (CacheNotFoundException e) { eventHandler.handle(Event.warn(mnemonic + " remote work results cache miss (" + e + ")")); - if (options.remoteAllowLocalFallback) { + if (remoteOptions.remoteLocalFallback) { execLocally(spawn, actionExecutionContext, actionCache, actionKey); } else { throw new UserExecException(e); diff --git a/src/main/java/com/google/devtools/build/lib/remote/SimpleBlobStoreFactory.java b/src/main/java/com/google/devtools/build/lib/remote/SimpleBlobStoreFactory.java index 2bb5962399..2f6993cce1 100644 --- a/src/main/java/com/google/devtools/build/lib/remote/SimpleBlobStoreFactory.java +++ b/src/main/java/com/google/devtools/build/lib/remote/SimpleBlobStoreFactory.java @@ -187,7 +187,7 @@ public final class SimpleBlobStoreFactory { } public static SimpleBlobStore createRest(RemoteOptions options) { - return new RestBlobStore(options.restCacheUrl); + return new RestBlobStore(options.remoteRestCache); } public static SimpleBlobStore create(RemoteOptions options) { @@ -213,6 +213,6 @@ public final class SimpleBlobStoreFactory { } private static boolean isRestUrlOptions(RemoteOptions options) { - return options.restCacheUrl != null; + return options.remoteRestCache != null; } } diff --git a/src/main/java/com/google/devtools/build/lib/runtime/AuthAndTLSOptions.java b/src/main/java/com/google/devtools/build/lib/runtime/AuthAndTLSOptions.java new file mode 100644 index 0000000000..587b68dfd7 --- /dev/null +++ b/src/main/java/com/google/devtools/build/lib/runtime/AuthAndTLSOptions.java @@ -0,0 +1,79 @@ +// Copyright 2017 The Bazel Authors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package com.google.devtools.build.lib.runtime; + +import com.google.devtools.common.options.Option; +import com.google.devtools.common.options.OptionsBase; +import com.google.devtools.common.options.OptionsParser.OptionUsageRestrictions; + +/** + * Common options for authentication and TLS. + */ +public class AuthAndTLSOptions extends OptionsBase { + @Option( + name = "auth_enabled", + defaultValue = "false", + category = "remote", + help = "Whether to enable authentication for remote execution/caching and the build event " + + "service (BES). If not otherwise specified 'Google Application Default Credentials' " + + "are used. Disabled by default." + ) + public boolean authEnabled; + + @Option( + name = "auth_scope", + defaultValue = "null", + category = "remote", + help = "If server authentication requires a scope, provide it here." + ) + public String authScope; + + @Option( + name = "auth_credentials", + defaultValue = "null", + category = "remote", + help = "Specifies the file to get authentication credentials from. See " + + "https://cloud.google.com/docs/authentication for more details. 'Google Application " + + "Default Credentials' are used by default." + ) + public String authCredentials; + + @Option( + name = "tls_enabled", + defaultValue = "false", + category = "remote", + help = "Specifies whether to use TLS for remote execution/caching and the build event service" + + " (BES)." + ) + public boolean tlsEnabled; + + @Option( + name = "tls_certificate", + defaultValue = "null", + category = "remote", + help = "Specify the TLS client certificate to use." + ) + public String tlsCertificate; + + @Option( + name = "tls_authority_override", + defaultValue = "null", + category = "remote", + optionUsageRestrictions = OptionUsageRestrictions.HIDDEN, + help = "TESTING ONLY! Can be used with a self-signed certificate to consider the specified " + + "value a valid TLS authority." + ) + public String tlsAuthorityOverride; +} -- cgit v1.2.3