Add util for finding credential helper to use

Progress on https://github.com/bazelbuild/proposals/blob/main/designs/2022-06-07-bazel-credential-helpers.md
bazelbuild · Jun 20, 2022 · 483bbd7 · 483bbd7
1 parent 7a230fd
commit 483bbd7
Show file tree

Hide file tree

Showing 7 changed files with 543 additions and 2 deletions.
diff --git a/src/main/java/com/google/devtools/build/lib/authandtls/BUILD b/src/main/java/com/google/devtools/build/lib/authandtls/BUILD
@@ -4,7 +4,9 @@ package(default_visibility = ["//src:__subpackages__"])
 
 filegroup(
     name = "srcs",
-    srcs = glob(["**"]),
+    srcs = glob(["**"]) + [
+        "//src/main/java/com/google/devtools/build/lib/authandtls/credentialhelper:srcs",
+    ],
     visibility = ["//src:__subpackages__"],
 )
 

diff --git a/src/main/java/com/google/devtools/build/lib/authandtls/credentialhelper/BUILD b/src/main/java/com/google/devtools/build/lib/authandtls/credentialhelper/BUILD
@@ -0,0 +1,18 @@
+load("@rules_java//java:defs.bzl", "java_library")
+
+filegroup(
+    name = "srcs",
+    srcs = glob(["**"]),
+    visibility = ["//src:__subpackages__"],
+)
+
+java_library(
+    name = "credentialhelper",
+    srcs = glob(["*.java"]),
+    visibility = ["//src:__subpackages__"],
+    deps = [
+        "//src/main/java/com/google/devtools/build/lib/vfs",
+        "//third_party:error_prone_annotations",
+        "//third_party:guava",
+    ],
+)
diff --git a/...main/java/com/google/devtools/build/lib/authandtls/credentialhelper/CredentialHelper.java b/...main/java/com/google/devtools/build/lib/authandtls/credentialhelper/CredentialHelper.java
@@ -0,0 +1,38 @@
+// Copyright 2022 The Bazel Authors. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.google.devtools.build.lib.authandtls.credentialhelper;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Preconditions;
+import com.google.devtools.build.lib.vfs.Path;
+import com.google.errorprone.annotations.Immutable;
+
+@Immutable
+public final class CredentialHelper {
+  // `Path` is immutable, but not annotated.
+  @SuppressWarnings("Immutable")
+  private final Path path;
+
+  CredentialHelper(Path path) {
+    this.path = Preconditions.checkNotNull(path);
+  }
+
+  @VisibleForTesting
+  Path getPath() {
+    return path;
+  }
+
+  // TODO(yannic): Implement running the helper subprocess.
+}
diff --git a/...a/com/google/devtools/build/lib/authandtls/credentialhelper/CredentialHelperProvider.java b/...a/com/google/devtools/build/lib/authandtls/credentialhelper/CredentialHelperProvider.java
@@ -0,0 +1,151 @@
+// Copyright 2022 The Bazel Authors. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.google.devtools.build.lib.authandtls.credentialhelper;
+
+import com.google.common.base.Preconditions;
+import com.google.common.collect.ImmutableMap;
+import com.google.devtools.build.lib.vfs.Path;
+import com.google.errorprone.annotations.Immutable;
+import java.io.IOException;
+import java.net.URI;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Optional;
+
+/**
+ * A provider for {@link CredentialHelper}s.
+ *
+ * <p>This class is used to find the right {@link CredentialHelper} for a {@link URI}, using the
+ * most specific match.
+ */
+@Immutable
+public final class CredentialHelperProvider {
+  // `Path` is immutable, but not annotated.
+  @SuppressWarnings("Immutable")
+  private final Optional<Path> defaultHelper;
+
+  @SuppressWarnings("Immutable")
+  private final ImmutableMap<String, Path> hosts;
+
+  @SuppressWarnings("Immutable")
+  private final ImmutableMap<String, Path> wildcards;
+
+  private CredentialHelperProvider(
+      Optional<Path> defaultHelper,
+      ImmutableMap<String, Path> hosts,
+      ImmutableMap<String, Path> wildcards) {
+    this.defaultHelper = Preconditions.checkNotNull(defaultHelper);
+    this.hosts = Preconditions.checkNotNull(hosts);
+    this.wildcards = Preconditions.checkNotNull(wildcards);
+  }
+
+  /**
+   * Returns {@link CredentialHelper} to use for getting credentials for connection to the provided
+   * {@link URI}.
+   *
+   * @param uri The {@link URI} to get a credential helper for.
+   * @return The {@link CredentialHelper}, or nothing if no {@link CredentialHelper} is configured
+   *     for the provided {@link URI}.
+   */
+  public Optional<CredentialHelper> findCredentialHelper(URI uri) {
+    Preconditions.checkNotNull(uri);
+
+    String host = Preconditions.checkNotNull(uri.getHost());
+    Optional<Path> credentialHelper =
+        findHostCredentialHelper(host)
+            .or(() -> findWildcardCredentialHelper(host))
+            .or(() -> defaultHelper);
+    return credentialHelper.map(path -> new CredentialHelper(path));
+  }
+
+  private Optional<Path> findHostCredentialHelper(String host) {
+    Preconditions.checkNotNull(host);
+
+    return Optional.ofNullable(hosts.get(host));
+  }
+
+  private Optional<Path> findWildcardCredentialHelper(String host) {
+    Preconditions.checkNotNull(host);
+
+    return Optional.ofNullable(wildcards.get(host))
+        .or(
+            () -> {
+              int dot = host.indexOf('.');
+              if (dot < 0) {
+                // We reached the last segment, end.
+                return Optional.empty();
+              }
+              return findWildcardCredentialHelper(host.substring(dot + 1));
+            });
+  }
+
+  /** Returns a new bBuilder for a {@link CredentialHelperProvider}. */
+  public static Builder builder() {
+    return new Builder();
+  }
+
+  /** Builder for {@link CredentialHelperProvider}. */
+  public static final class Builder {
+    private Optional<Path> defaultHelper = Optional.empty();
+    private Map<String, Path> hosts = new HashMap<>();
+    private Map<String, Path> wildcards = new HashMap<>();
+
+    private void checkHelper(Path path) throws IOException {
+      Preconditions.checkNotNull(path);
+      Preconditions.checkArgument(
+          path.isExecutable(), "Credential helper %s is not executable", path);
+    }
+
+    /**
+     * Adds a default credential helper to use for all {@link URI}s that don't specify a more
+     * specific credential helper.
+     */
+    public Builder add(Path helper) throws IOException {
+      checkHelper(helper);
+
+      defaultHelper = Optional.of(helper);
+      return this;
+    }
+
+    /**
+     * Adds a credential helper to use for all {@link URI}s matching the provided pattern.
+     *
+     * <p>As of 2022-06-20, only matching based on (wildcard) domain name is supported.
+     *
+     * <p>If {@code pattern} starts with {@code *.}, it is considered a wildcard pattern matching
+     * all subdomains in addition to the domain itself. For example {@code *.example.com} would
+     * match {@code example.com}, {@code foo.example.com}, {@code bar.example.com}, {@code
+     * baz.bar.example.com} and so on, but not anything that isn't a subdomain of {@code
+     * example.com}.
+     */
+    public Builder add(String pattern, Path helper) throws IOException {
+      Preconditions.checkNotNull(pattern);
+      checkHelper(helper);
+
+      if (pattern.startsWith("*.")) {
+        wildcards.put(pattern.substring(2), helper);
+      } else {
+        hosts.put(pattern, helper);
+      }
+
+      return this;
+    }
+
+    public CredentialHelperProvider build() {
+      return new CredentialHelperProvider(
+          defaultHelper, ImmutableMap.copyOf(hosts), ImmutableMap.copyOf(wildcards));
+    }
+  }
+}
diff --git a/src/test/java/com/google/devtools/build/lib/authandtls/BUILD b/src/test/java/com/google/devtools/build/lib/authandtls/BUILD
@@ -10,7 +10,9 @@ licenses(["notice"])
 filegroup(
     name = "srcs",
     testonly = 0,
-    srcs = glob(["**"]),
+    srcs = glob(["**"]) + [
+        "//src/test/java/com/google/devtools/build/lib/authandtls/credentialhelper:srcs",
+    ],
     visibility = ["//src:__subpackages__"],
 )
 

diff --git a/src/test/java/com/google/devtools/build/lib/authandtls/credentialhelper/BUILD b/src/test/java/com/google/devtools/build/lib/authandtls/credentialhelper/BUILD
@@ -0,0 +1,27 @@
+load("@rules_java//java:defs.bzl", "java_test")
+
+licenses(["notice"])
+
+filegroup(
+    name = "srcs",
+    testonly = 0,
+    srcs = glob(["**"]),
+    visibility = ["//src:__subpackages__"],
+)
+
+java_test(
+    name = "credentialhelper",
+    srcs = glob(["*.java"]),
+    test_class = "com.google.devtools.build.lib.AllTests",
+    runtime_deps = [
+        "//src/test/java/com/google/devtools/build/lib:test_runner",
+    ],
+    deps = [
+        "//src/main/java/com/google/devtools/build/lib/authandtls/credentialhelper",
+        "//src/main/java/com/google/devtools/build/lib/vfs",
+        "//src/main/java/com/google/devtools/build/lib/vfs:pathfragment",
+        "//src/main/java/com/google/devtools/build/lib/vfs/inmemoryfs",
+        "//third_party:junit4",
+        "//third_party:truth",
+    ],
+)