-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
http.bzl should support authentication and not limit itself to "simple" when it does #7636
Comments
This needs some design before simply adding. It feels to me like
It's always great to hear about actual use cases.
|
I'd say, an optimal approach is to do something simple first, then elaborate further. I, personally, would be content with a Maven credentials model to start with (it's not the most secure model around but it served us well over the years). Maven stores credentials in plain text in a "settings.xml" file - essentially it's a map of custom server ids (user specified - those must be matched by the ids in the actual build file) to authentication material (passwords, private keys, whatever). It is assumed that the settings.xml file will protected by OS permissions (on multi-user machines) or isolated in a container (when dealing with those). Caching is also ok, per the above model - it is either localized to user's home dir and thus protected by the user's home dir permissions or ends up in a secure container. For proxies, Maven maintains a separate map similar to the above. |
@dkelmer wdyt? |
FWIW, here's how I solved this problem: by putting stuff on S3 and downloading it from there with this here rule: https://github.com/1e100/cloud_archive/blob/master/cloud_archive.bzl. Not super principled maybe, but it works. |
Is there anything left to do here? |
No. There's netrc support now. |
Even when dealing with internal services it is unreasonable to assume that all build dependencies are "publicly" available. Moreover, the content of the packaged build dependencies, may, in general, be dependent on the authentication details passed to the remote server.
Tools like Maven and Gradle had support for providing a local set of credentials for use with http services for dependency download from the early on. Bazel should have one too (especially considering that it is not difficult to do with Java).
The text was updated successfully, but these errors were encountered: