Skip to content

Commit

Permalink
[credentialhelper] Add types to communicate with the subprocess
Browse files Browse the repository at this point in the history
This change adds `GetCredentials{Request,Response}`, which we'll use to
pass data in `stdin` to the credental helper subprocess, and read the
response from `stdout` of the subprocess.

Progress on https://github.com/bazelbuild/proposals/blob/main/designs/2022-06-07-bazel-credential-helpers.md#proposal

Closes #15803.

PiperOrigin-RevId: 459701706
Change-Id: Icbd9fc491546ee5599d5a9d04680671b06a91a85
  • Loading branch information
Yannic authored and copybara-github committed Jul 8, 2022
1 parent 4fca652 commit 37f181c
Show file tree
Hide file tree
Showing 6 changed files with 534 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,9 @@ java_library(
srcs = glob(["*.java"]),
deps = [
"//src/main/java/com/google/devtools/build/lib/vfs",
"//third_party:auto_value",
"//third_party:error_prone_annotations",
"//third_party:gson",
"//third_party:guava",
],
)
Original file line number Diff line number Diff line change
@@ -0,0 +1,103 @@
// Copyright 2022 The Bazel Authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package com.google.devtools.build.lib.authandtls.credentialhelper;

import com.google.auto.value.AutoValue;
import com.google.common.base.Preconditions;
import com.google.errorprone.annotations.Immutable;
import com.google.gson.JsonSyntaxException;
import com.google.gson.TypeAdapter;
import com.google.gson.annotations.JsonAdapter;
import com.google.gson.stream.JsonReader;
import com.google.gson.stream.JsonToken;
import com.google.gson.stream.JsonWriter;
import java.io.IOException;
import java.net.URI;
import java.util.Locale;

/**
* Request for the {@code get} command of the <a
* href="https://github.com/bazelbuild/proposals/blob/main/designs/2022-06-07-bazel-credential-helpers.md#proposal">Credential
* Helper Protocol</a>.
*/
@AutoValue
@AutoValue.CopyAnnotations
@Immutable
@JsonAdapter(GetCredentialsRequest.GsonTypeAdapter.class)
public abstract class GetCredentialsRequest {
/** Returns the {@link URI} this request is for. */
public abstract URI getUri();

/** Returns a new builder for {@link GetCredentialsRequest}. */
public static Builder newBuilder() {
return new AutoValue_GetCredentialsRequest.Builder();
}

/** Builder for {@link GetCredentialsRequest}. */
@AutoValue.Builder
public abstract static class Builder {
/** Sets the {@link URI} this request is for. */
public abstract Builder setUri(URI uri);

/** Returns the newly constructed {@link GetCredentialsRequest}. */
public abstract GetCredentialsRequest build();
}

/** GSON adapter for GetCredentialsRequest. */
public static final class GsonTypeAdapter extends TypeAdapter<GetCredentialsRequest> {
@Override
public void write(JsonWriter writer, GetCredentialsRequest value) throws IOException {
Preconditions.checkNotNull(writer);
Preconditions.checkNotNull(value);

writer.beginObject();
writer.name("uri").value(value.getUri().toString());
writer.endObject();
}

@Override
public GetCredentialsRequest read(JsonReader reader) throws IOException {
Preconditions.checkNotNull(reader);

Builder request = newBuilder();

if (reader.peek() != JsonToken.BEGIN_OBJECT) {
throw new JsonSyntaxException(
String.format(Locale.US, "Expected object, got %s", reader.peek()));
}
reader.beginObject();
while (reader.hasNext()) {
String name = reader.nextName();
switch (name) {
case "uri":
if (reader.peek() != JsonToken.STRING) {
throw new JsonSyntaxException(
String.format(
Locale.US, "Expected value of 'url' to be a string, got %s", reader.peek()));
}
request.setUri(URI.create(reader.nextString()));
break;

default:
// We intentionally ignore unknown keys to achieve forward compatibility with requests
// coming from newer tools.
reader.skipValue();
}
}
reader.endObject();
return request.build();
}
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,154 @@
// Copyright 2022 The Bazel Authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package com.google.devtools.build.lib.authandtls.credentialhelper;

import com.google.auto.value.AutoValue;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.errorprone.annotations.Immutable;
import com.google.gson.JsonSyntaxException;
import com.google.gson.TypeAdapter;
import com.google.gson.annotations.JsonAdapter;
import com.google.gson.stream.JsonReader;
import com.google.gson.stream.JsonToken;
import com.google.gson.stream.JsonWriter;
import java.io.IOException;
import java.util.Locale;
import java.util.Map;

/**
* Response from the {@code get} command of the <a
* href="https://github.com/bazelbuild/proposals/blob/main/designs/2022-06-07-bazel-credential-helpers.md#proposal">Credential
* Helper Protocol</a>.
*/
@AutoValue
@AutoValue.CopyAnnotations
@Immutable
@JsonAdapter(GetCredentialsResponse.GsonTypeAdapter.class)
public abstract class GetCredentialsResponse {
/** Returns the headers to attach to the request. */
public abstract ImmutableMap<String, ImmutableList<String>> getHeaders();

/** Returns a new builder for {@link GetCredentialsRequest}. */
public static Builder newBuilder() {
return new AutoValue_GetCredentialsResponse.Builder();
}

/** Builder for {@link GetCredentialsResponse}. */
@AutoValue.Builder
public abstract static class Builder {
protected abstract ImmutableMap.Builder<String, ImmutableList<String>> headersBuilder();

/** Returns the newly constructed {@link GetCredentialsResponse}. */
public abstract GetCredentialsResponse build();
}

/** GSON adapter for GetCredentialsResponse. */
public static final class GsonTypeAdapter extends TypeAdapter<GetCredentialsResponse> {
@Override
public void write(JsonWriter writer, GetCredentialsResponse response) throws IOException {
Preconditions.checkNotNull(writer);
Preconditions.checkNotNull(response);

writer.beginObject();

ImmutableMap<String, ImmutableList<String>> headers = response.getHeaders();
if (!headers.isEmpty()) {
writer.name("headers");
writer.beginObject();
for (Map.Entry<String, ImmutableList<String>> entry : headers.entrySet()) {
writer.name(entry.getKey());

writer.beginArray();
for (String value : entry.getValue()) {
writer.value(value);
}
writer.endArray();
}
writer.endObject();
}
writer.endObject();
}

@Override
public GetCredentialsResponse read(JsonReader reader) throws IOException {
Preconditions.checkNotNull(reader);

GetCredentialsResponse.Builder response = newBuilder();

if (reader.peek() != JsonToken.BEGIN_OBJECT) {
throw new JsonSyntaxException(
String.format(Locale.US, "Expected object, got %s", reader.peek()));
}
reader.beginObject();

while (reader.hasNext()) {
String name = reader.nextName();
switch (name) {
case "headers":
if (reader.peek() != JsonToken.BEGIN_OBJECT) {
throw new JsonSyntaxException(
String.format(
Locale.US,
"Expected value of 'headers' to be an object, got %s",
reader.peek()));
}
reader.beginObject();

while (reader.hasNext()) {
String headerName = reader.nextName();
ImmutableList.Builder<String> headerValues = ImmutableList.builder();

if (reader.peek() != JsonToken.BEGIN_ARRAY) {
throw new JsonSyntaxException(
String.format(
Locale.US,
"Expected value of '%s' header to be an array of strings, got %s",
headerName,
reader.peek()));
}
reader.beginArray();
for (int i = 0; reader.hasNext(); i++) {
if (reader.peek() != JsonToken.STRING) {
throw new JsonSyntaxException(
String.format(
Locale.US,
"Expected value %s of '%s' header to be a string, got %s",
i,
headerName,
reader.peek()));
}
headerValues.add(reader.nextString());
}
reader.endArray();

response.headersBuilder().put(headerName, headerValues.build());
}

reader.endObject();
break;

default:
// We intentionally ignore unknown keys to achieve forward compatibility with responses
// coming from newer tools.
reader.skipValue();
}
}
reader.endObject();
return response.build();
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ java_test(
"//src/main/java/com/google/devtools/build/lib/vfs",
"//src/main/java/com/google/devtools/build/lib/vfs:pathfragment",
"//src/main/java/com/google/devtools/build/lib/vfs/inmemoryfs",
"//third_party:gson",
"//third_party:guava",
"//third_party:junit4",
"//third_party:truth",
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,116 @@
// Copyright 2022 The Bazel Authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package com.google.devtools.build.lib.authandtls.credentialhelper;

import static com.google.common.truth.Truth.assertThat;
import static org.junit.Assert.assertThrows;

import com.google.gson.Gson;
import com.google.gson.JsonSyntaxException;
import java.net.URI;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.JUnit4;

/** Tests for {@link GetCredentialsRequest}. */
@RunWith(JUnit4.class)
public class GetCredentialsRequestTest {
private static final Gson GSON = new Gson();

@Test
public void parseValid() {
assertThat(
GSON.fromJson("{\"uri\": \"http://example.com\"}", GetCredentialsRequest.class)
.getUri())
.isEqualTo(URI.create("http://example.com"));
assertThat(
GSON.fromJson("{\"uri\": \"https://example.com\"}", GetCredentialsRequest.class)
.getUri())
.isEqualTo(URI.create("https://example.com"));
assertThat(
GSON.fromJson("{\"uri\": \"grpc://example.com\"}", GetCredentialsRequest.class)
.getUri())
.isEqualTo(URI.create("grpc://example.com"));
assertThat(
GSON.fromJson("{\"uri\": \"grpcs://example.com\"}", GetCredentialsRequest.class)
.getUri())
.isEqualTo(URI.create("grpcs://example.com"));

assertThat(
GSON.fromJson("{\"uri\": \"uri-without-protocol\"}", GetCredentialsRequest.class)
.getUri())
.isEqualTo(URI.create("uri-without-protocol"));
}

@Test
public void parseMissingUri() {
assertThrows(JsonSyntaxException.class, () -> GSON.fromJson("{}", GetCredentialsRequest.class));
assertThrows(
JsonSyntaxException.class,
() -> GSON.fromJson("{\"foo\": 1}", GetCredentialsRequest.class));
assertThrows(
JsonSyntaxException.class,
() -> GSON.fromJson("{\"foo\": 1, \"bar\": 2}", GetCredentialsRequest.class));
}

@Test
public void parseNonStringUri() {
assertThrows(JsonSyntaxException.class, () -> GSON.fromJson("[]", GetCredentialsRequest.class));
assertThrows(
JsonSyntaxException.class, () -> GSON.fromJson("\"foo\"", GetCredentialsRequest.class));
assertThrows(JsonSyntaxException.class, () -> GSON.fromJson("1", GetCredentialsRequest.class));
assertThrows(
JsonSyntaxException.class,
() -> GSON.fromJson("{\"uri\": 1}", GetCredentialsRequest.class));
assertThrows(
JsonSyntaxException.class,
() -> GSON.fromJson("{\"uri\": {}}", GetCredentialsRequest.class));
assertThrows(
JsonSyntaxException.class,
() -> GSON.fromJson("{\"uri\": []}", GetCredentialsRequest.class));
assertThrows(
JsonSyntaxException.class,
() -> GSON.fromJson("{\"uri\": [\"https://example.com\"]}", GetCredentialsRequest.class));
assertThrows(
JsonSyntaxException.class,
() -> GSON.fromJson("{\"uri\": null}", GetCredentialsRequest.class));
}

@Test
public void parseWithExtraFields() {
assertThat(
GSON.fromJson(
"{\"uri\": \"http://example.com\", \"foo\": 1}", GetCredentialsRequest.class)
.getUri())
.isEqualTo(URI.create("http://example.com"));
assertThat(
GSON.fromJson(
"{\"foo\": 1, \"uri\": \"http://example.com\"}", GetCredentialsRequest.class)
.getUri())
.isEqualTo(URI.create("http://example.com"));
assertThat(
GSON.fromJson(
"{\"uri\": \"http://example.com\", \"foo\": 1, \"bar\": {}}",
GetCredentialsRequest.class)
.getUri())
.isEqualTo(URI.create("http://example.com"));
assertThat(
GSON.fromJson(
"{\"foo\": 1, \"uri\": \"http://example.com\", \"bar\": []}",
GetCredentialsRequest.class)
.getUri())
.isEqualTo(URI.create("http://example.com"));
}
}
Loading

0 comments on commit 37f181c

Please sign in to comment.