-
Notifications
You must be signed in to change notification settings - Fork 4.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[credentialhelper] Add types to communicate with the subprocess
This change adds `GetCredentials{Request,Response}`, which we'll use to pass data in `stdin` to the credental helper subprocess, and read the response from `stdout` of the subprocess. Progress on https://github.com/bazelbuild/proposals/blob/main/designs/2022-06-07-bazel-credential-helpers.md#proposal Closes #15803. PiperOrigin-RevId: 459701706 Change-Id: Icbd9fc491546ee5599d5a9d04680671b06a91a85
- Loading branch information
1 parent
4fca652
commit 37f181c
Showing
6 changed files
with
534 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
103 changes: 103 additions & 0 deletions
103
...java/com/google/devtools/build/lib/authandtls/credentialhelper/GetCredentialsRequest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,103 @@ | ||
// Copyright 2022 The Bazel Authors. All rights reserved. | ||
// | ||
// Licensed under the Apache License, Version 2.0 (the "License"); | ||
// you may not use this file except in compliance with the License. | ||
// You may obtain a copy of the License at | ||
// | ||
// http://www.apache.org/licenses/LICENSE-2.0 | ||
// | ||
// Unless required by applicable law or agreed to in writing, software | ||
// distributed under the License is distributed on an "AS IS" BASIS, | ||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
// See the License for the specific language governing permissions and | ||
// limitations under the License. | ||
|
||
package com.google.devtools.build.lib.authandtls.credentialhelper; | ||
|
||
import com.google.auto.value.AutoValue; | ||
import com.google.common.base.Preconditions; | ||
import com.google.errorprone.annotations.Immutable; | ||
import com.google.gson.JsonSyntaxException; | ||
import com.google.gson.TypeAdapter; | ||
import com.google.gson.annotations.JsonAdapter; | ||
import com.google.gson.stream.JsonReader; | ||
import com.google.gson.stream.JsonToken; | ||
import com.google.gson.stream.JsonWriter; | ||
import java.io.IOException; | ||
import java.net.URI; | ||
import java.util.Locale; | ||
|
||
/** | ||
* Request for the {@code get} command of the <a | ||
* href="https://github.com/bazelbuild/proposals/blob/main/designs/2022-06-07-bazel-credential-helpers.md#proposal">Credential | ||
* Helper Protocol</a>. | ||
*/ | ||
@AutoValue | ||
@AutoValue.CopyAnnotations | ||
@Immutable | ||
@JsonAdapter(GetCredentialsRequest.GsonTypeAdapter.class) | ||
public abstract class GetCredentialsRequest { | ||
/** Returns the {@link URI} this request is for. */ | ||
public abstract URI getUri(); | ||
|
||
/** Returns a new builder for {@link GetCredentialsRequest}. */ | ||
public static Builder newBuilder() { | ||
return new AutoValue_GetCredentialsRequest.Builder(); | ||
} | ||
|
||
/** Builder for {@link GetCredentialsRequest}. */ | ||
@AutoValue.Builder | ||
public abstract static class Builder { | ||
/** Sets the {@link URI} this request is for. */ | ||
public abstract Builder setUri(URI uri); | ||
|
||
/** Returns the newly constructed {@link GetCredentialsRequest}. */ | ||
public abstract GetCredentialsRequest build(); | ||
} | ||
|
||
/** GSON adapter for GetCredentialsRequest. */ | ||
public static final class GsonTypeAdapter extends TypeAdapter<GetCredentialsRequest> { | ||
@Override | ||
public void write(JsonWriter writer, GetCredentialsRequest value) throws IOException { | ||
Preconditions.checkNotNull(writer); | ||
Preconditions.checkNotNull(value); | ||
|
||
writer.beginObject(); | ||
writer.name("uri").value(value.getUri().toString()); | ||
writer.endObject(); | ||
} | ||
|
||
@Override | ||
public GetCredentialsRequest read(JsonReader reader) throws IOException { | ||
Preconditions.checkNotNull(reader); | ||
|
||
Builder request = newBuilder(); | ||
|
||
if (reader.peek() != JsonToken.BEGIN_OBJECT) { | ||
throw new JsonSyntaxException( | ||
String.format(Locale.US, "Expected object, got %s", reader.peek())); | ||
} | ||
reader.beginObject(); | ||
while (reader.hasNext()) { | ||
String name = reader.nextName(); | ||
switch (name) { | ||
case "uri": | ||
if (reader.peek() != JsonToken.STRING) { | ||
throw new JsonSyntaxException( | ||
String.format( | ||
Locale.US, "Expected value of 'url' to be a string, got %s", reader.peek())); | ||
} | ||
request.setUri(URI.create(reader.nextString())); | ||
break; | ||
|
||
default: | ||
// We intentionally ignore unknown keys to achieve forward compatibility with requests | ||
// coming from newer tools. | ||
reader.skipValue(); | ||
} | ||
} | ||
reader.endObject(); | ||
return request.build(); | ||
} | ||
} | ||
} |
154 changes: 154 additions & 0 deletions
154
...ava/com/google/devtools/build/lib/authandtls/credentialhelper/GetCredentialsResponse.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,154 @@ | ||
// Copyright 2022 The Bazel Authors. All rights reserved. | ||
// | ||
// Licensed under the Apache License, Version 2.0 (the "License"); | ||
// you may not use this file except in compliance with the License. | ||
// You may obtain a copy of the License at | ||
// | ||
// http://www.apache.org/licenses/LICENSE-2.0 | ||
// | ||
// Unless required by applicable law or agreed to in writing, software | ||
// distributed under the License is distributed on an "AS IS" BASIS, | ||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
// See the License for the specific language governing permissions and | ||
// limitations under the License. | ||
|
||
package com.google.devtools.build.lib.authandtls.credentialhelper; | ||
|
||
import com.google.auto.value.AutoValue; | ||
import com.google.common.base.Preconditions; | ||
import com.google.common.collect.ImmutableList; | ||
import com.google.common.collect.ImmutableMap; | ||
import com.google.errorprone.annotations.Immutable; | ||
import com.google.gson.JsonSyntaxException; | ||
import com.google.gson.TypeAdapter; | ||
import com.google.gson.annotations.JsonAdapter; | ||
import com.google.gson.stream.JsonReader; | ||
import com.google.gson.stream.JsonToken; | ||
import com.google.gson.stream.JsonWriter; | ||
import java.io.IOException; | ||
import java.util.Locale; | ||
import java.util.Map; | ||
|
||
/** | ||
* Response from the {@code get} command of the <a | ||
* href="https://github.com/bazelbuild/proposals/blob/main/designs/2022-06-07-bazel-credential-helpers.md#proposal">Credential | ||
* Helper Protocol</a>. | ||
*/ | ||
@AutoValue | ||
@AutoValue.CopyAnnotations | ||
@Immutable | ||
@JsonAdapter(GetCredentialsResponse.GsonTypeAdapter.class) | ||
public abstract class GetCredentialsResponse { | ||
/** Returns the headers to attach to the request. */ | ||
public abstract ImmutableMap<String, ImmutableList<String>> getHeaders(); | ||
|
||
/** Returns a new builder for {@link GetCredentialsRequest}. */ | ||
public static Builder newBuilder() { | ||
return new AutoValue_GetCredentialsResponse.Builder(); | ||
} | ||
|
||
/** Builder for {@link GetCredentialsResponse}. */ | ||
@AutoValue.Builder | ||
public abstract static class Builder { | ||
protected abstract ImmutableMap.Builder<String, ImmutableList<String>> headersBuilder(); | ||
|
||
/** Returns the newly constructed {@link GetCredentialsResponse}. */ | ||
public abstract GetCredentialsResponse build(); | ||
} | ||
|
||
/** GSON adapter for GetCredentialsResponse. */ | ||
public static final class GsonTypeAdapter extends TypeAdapter<GetCredentialsResponse> { | ||
@Override | ||
public void write(JsonWriter writer, GetCredentialsResponse response) throws IOException { | ||
Preconditions.checkNotNull(writer); | ||
Preconditions.checkNotNull(response); | ||
|
||
writer.beginObject(); | ||
|
||
ImmutableMap<String, ImmutableList<String>> headers = response.getHeaders(); | ||
if (!headers.isEmpty()) { | ||
writer.name("headers"); | ||
writer.beginObject(); | ||
for (Map.Entry<String, ImmutableList<String>> entry : headers.entrySet()) { | ||
writer.name(entry.getKey()); | ||
|
||
writer.beginArray(); | ||
for (String value : entry.getValue()) { | ||
writer.value(value); | ||
} | ||
writer.endArray(); | ||
} | ||
writer.endObject(); | ||
} | ||
writer.endObject(); | ||
} | ||
|
||
@Override | ||
public GetCredentialsResponse read(JsonReader reader) throws IOException { | ||
Preconditions.checkNotNull(reader); | ||
|
||
GetCredentialsResponse.Builder response = newBuilder(); | ||
|
||
if (reader.peek() != JsonToken.BEGIN_OBJECT) { | ||
throw new JsonSyntaxException( | ||
String.format(Locale.US, "Expected object, got %s", reader.peek())); | ||
} | ||
reader.beginObject(); | ||
|
||
while (reader.hasNext()) { | ||
String name = reader.nextName(); | ||
switch (name) { | ||
case "headers": | ||
if (reader.peek() != JsonToken.BEGIN_OBJECT) { | ||
throw new JsonSyntaxException( | ||
String.format( | ||
Locale.US, | ||
"Expected value of 'headers' to be an object, got %s", | ||
reader.peek())); | ||
} | ||
reader.beginObject(); | ||
|
||
while (reader.hasNext()) { | ||
String headerName = reader.nextName(); | ||
ImmutableList.Builder<String> headerValues = ImmutableList.builder(); | ||
|
||
if (reader.peek() != JsonToken.BEGIN_ARRAY) { | ||
throw new JsonSyntaxException( | ||
String.format( | ||
Locale.US, | ||
"Expected value of '%s' header to be an array of strings, got %s", | ||
headerName, | ||
reader.peek())); | ||
} | ||
reader.beginArray(); | ||
for (int i = 0; reader.hasNext(); i++) { | ||
if (reader.peek() != JsonToken.STRING) { | ||
throw new JsonSyntaxException( | ||
String.format( | ||
Locale.US, | ||
"Expected value %s of '%s' header to be a string, got %s", | ||
i, | ||
headerName, | ||
reader.peek())); | ||
} | ||
headerValues.add(reader.nextString()); | ||
} | ||
reader.endArray(); | ||
|
||
response.headersBuilder().put(headerName, headerValues.build()); | ||
} | ||
|
||
reader.endObject(); | ||
break; | ||
|
||
default: | ||
// We intentionally ignore unknown keys to achieve forward compatibility with responses | ||
// coming from newer tools. | ||
reader.skipValue(); | ||
} | ||
} | ||
reader.endObject(); | ||
return response.build(); | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
116 changes: 116 additions & 0 deletions
116
.../com/google/devtools/build/lib/authandtls/credentialhelper/GetCredentialsRequestTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,116 @@ | ||
// Copyright 2022 The Bazel Authors. All rights reserved. | ||
// | ||
// Licensed under the Apache License, Version 2.0 (the "License"); | ||
// you may not use this file except in compliance with the License. | ||
// You may obtain a copy of the License at | ||
// | ||
// http://www.apache.org/licenses/LICENSE-2.0 | ||
// | ||
// Unless required by applicable law or agreed to in writing, software | ||
// distributed under the License is distributed on an "AS IS" BASIS, | ||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
// See the License for the specific language governing permissions and | ||
// limitations under the License. | ||
|
||
package com.google.devtools.build.lib.authandtls.credentialhelper; | ||
|
||
import static com.google.common.truth.Truth.assertThat; | ||
import static org.junit.Assert.assertThrows; | ||
|
||
import com.google.gson.Gson; | ||
import com.google.gson.JsonSyntaxException; | ||
import java.net.URI; | ||
import org.junit.Test; | ||
import org.junit.runner.RunWith; | ||
import org.junit.runners.JUnit4; | ||
|
||
/** Tests for {@link GetCredentialsRequest}. */ | ||
@RunWith(JUnit4.class) | ||
public class GetCredentialsRequestTest { | ||
private static final Gson GSON = new Gson(); | ||
|
||
@Test | ||
public void parseValid() { | ||
assertThat( | ||
GSON.fromJson("{\"uri\": \"http://example.com\"}", GetCredentialsRequest.class) | ||
.getUri()) | ||
.isEqualTo(URI.create("http://example.com")); | ||
assertThat( | ||
GSON.fromJson("{\"uri\": \"https://example.com\"}", GetCredentialsRequest.class) | ||
.getUri()) | ||
.isEqualTo(URI.create("https://example.com")); | ||
assertThat( | ||
GSON.fromJson("{\"uri\": \"grpc://example.com\"}", GetCredentialsRequest.class) | ||
.getUri()) | ||
.isEqualTo(URI.create("grpc://example.com")); | ||
assertThat( | ||
GSON.fromJson("{\"uri\": \"grpcs://example.com\"}", GetCredentialsRequest.class) | ||
.getUri()) | ||
.isEqualTo(URI.create("grpcs://example.com")); | ||
|
||
assertThat( | ||
GSON.fromJson("{\"uri\": \"uri-without-protocol\"}", GetCredentialsRequest.class) | ||
.getUri()) | ||
.isEqualTo(URI.create("uri-without-protocol")); | ||
} | ||
|
||
@Test | ||
public void parseMissingUri() { | ||
assertThrows(JsonSyntaxException.class, () -> GSON.fromJson("{}", GetCredentialsRequest.class)); | ||
assertThrows( | ||
JsonSyntaxException.class, | ||
() -> GSON.fromJson("{\"foo\": 1}", GetCredentialsRequest.class)); | ||
assertThrows( | ||
JsonSyntaxException.class, | ||
() -> GSON.fromJson("{\"foo\": 1, \"bar\": 2}", GetCredentialsRequest.class)); | ||
} | ||
|
||
@Test | ||
public void parseNonStringUri() { | ||
assertThrows(JsonSyntaxException.class, () -> GSON.fromJson("[]", GetCredentialsRequest.class)); | ||
assertThrows( | ||
JsonSyntaxException.class, () -> GSON.fromJson("\"foo\"", GetCredentialsRequest.class)); | ||
assertThrows(JsonSyntaxException.class, () -> GSON.fromJson("1", GetCredentialsRequest.class)); | ||
assertThrows( | ||
JsonSyntaxException.class, | ||
() -> GSON.fromJson("{\"uri\": 1}", GetCredentialsRequest.class)); | ||
assertThrows( | ||
JsonSyntaxException.class, | ||
() -> GSON.fromJson("{\"uri\": {}}", GetCredentialsRequest.class)); | ||
assertThrows( | ||
JsonSyntaxException.class, | ||
() -> GSON.fromJson("{\"uri\": []}", GetCredentialsRequest.class)); | ||
assertThrows( | ||
JsonSyntaxException.class, | ||
() -> GSON.fromJson("{\"uri\": [\"https://example.com\"]}", GetCredentialsRequest.class)); | ||
assertThrows( | ||
JsonSyntaxException.class, | ||
() -> GSON.fromJson("{\"uri\": null}", GetCredentialsRequest.class)); | ||
} | ||
|
||
@Test | ||
public void parseWithExtraFields() { | ||
assertThat( | ||
GSON.fromJson( | ||
"{\"uri\": \"http://example.com\", \"foo\": 1}", GetCredentialsRequest.class) | ||
.getUri()) | ||
.isEqualTo(URI.create("http://example.com")); | ||
assertThat( | ||
GSON.fromJson( | ||
"{\"foo\": 1, \"uri\": \"http://example.com\"}", GetCredentialsRequest.class) | ||
.getUri()) | ||
.isEqualTo(URI.create("http://example.com")); | ||
assertThat( | ||
GSON.fromJson( | ||
"{\"uri\": \"http://example.com\", \"foo\": 1, \"bar\": {}}", | ||
GetCredentialsRequest.class) | ||
.getUri()) | ||
.isEqualTo(URI.create("http://example.com")); | ||
assertThat( | ||
GSON.fromJson( | ||
"{\"foo\": 1, \"uri\": \"http://example.com\", \"bar\": []}", | ||
GetCredentialsRequest.class) | ||
.getUri()) | ||
.isEqualTo(URI.create("http://example.com")); | ||
} | ||
} |
Oops, something went wrong.