Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add util for finding credential helper to use #15707

Closed
wants to merge 3 commits into from
Closed

Add util for finding credential helper to use #15707

wants to merge 3 commits into from

Conversation

Yannic
Copy link
Contributor

@Yannic Yannic commented Jun 20, 2022

@Yannic Yannic force-pushed the yannic-creds-helper-provider branch from ac79963 to 2f8c78e Compare June 20, 2022 15:07
@Yannic Yannic force-pushed the yannic-creds-helper-provider branch from 2f8c78e to 483bbd7 Compare June 20, 2022 15:08
@Yannic
Copy link
Contributor Author

Yannic commented Jun 20, 2022

@tjgq PTAL

@Yannic Yannic marked this pull request as ready for review June 20, 2022 17:07
@sgowroji sgowroji added team-ExternalDeps External dependency handling, remote repositiories, WORKSPACE file. awaiting-review PR is awaiting review from an assigned reviewer labels Jun 21, 2022
tjgq
tjgq requested changes Jun 21, 2022
View reviewed changes
...java/com/google/devtools/build/lib/authandtls/credentialhelper/CredentialHelperProvider.java Outdated
Comment on lines 84 to 90
() -> {
int dot = host.indexOf('.');
if (dot < 0) {
// We reached the last segment, end.
return Optional.empty();
}
return findWildcardCredentialHelper(host.substring(dot + 1));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it would be clearer to encapsulate this logic in a boolean hostMatchesPattern(String pattern, String host) helper.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Slightly refactored the "get parent domain" logic into helper function.

...java/com/google/devtools/build/lib/authandtls/credentialhelper/CredentialHelperProvider.java Outdated Show resolved Hide resolved
...java/com/google/devtools/build/lib/authandtls/credentialhelper/CredentialHelperProvider.java Outdated Show resolved Hide resolved
...java/com/google/devtools/build/lib/authandtls/credentialhelper/CredentialHelperProvider.java Outdated
Comment on lines 137 to 140
if (pattern.startsWith("*.")) {
wildcards.put(pattern.substring(2), helper);
} else {
hosts.put(pattern, helper);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should do more exhaustive validation to reject stuff like foo.*.bar, http://foo.bar, http://foo.bar/path/to/resource, or http://foo.bar:8080.

To be concrete, I think we want the pattern to match the regex (\*|[-a-zA-Z0-9]+)(\.[-a-zA-Z0-9]+)+ (technically domain names are stricter, but this should cover most misuses).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done (+ also handling non-ascii DNS names correctly)

Yannic
Yannic commented Jun 21, 2022
View reviewed changes
Copy link
Contributor Author

@Yannic Yannic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PTAL

...java/com/google/devtools/build/lib/authandtls/credentialhelper/CredentialHelperProvider.java Outdated Show resolved Hide resolved
...java/com/google/devtools/build/lib/authandtls/credentialhelper/CredentialHelperProvider.java Outdated Show resolved Hide resolved
...java/com/google/devtools/build/lib/authandtls/credentialhelper/CredentialHelperProvider.java Outdated
Comment on lines 137 to 140
if (pattern.startsWith("*.")) {
wildcards.put(pattern.substring(2), helper);
} else {
hosts.put(pattern, helper);
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done (+ also handling non-ascii DNS names correctly)

...java/com/google/devtools/build/lib/authandtls/credentialhelper/CredentialHelperProvider.java Outdated
Comment on lines 84 to 90
() -> {
int dot = host.indexOf('.');
if (dot < 0) {
// We reached the last segment, end.
return Optional.empty();
}
return findWildcardCredentialHelper(host.substring(dot + 1));
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Slightly refactored the "get parent domain" logic into helper function.

@Yannic
Copy link
Contributor Author

Yannic commented Jun 24, 2022

@tjgq ping?

tjgq referenced this pull request in bazelbuild/proposals Jun 30, 2022
@tjgq
Mark the credential helpers proposal as approved. (#265)
3f99a29
@copybara-service copybara-service bot closed this in 4175018 Jul 1, 2022
@tjgq
Copy link
Contributor

tjgq commented Jul 1, 2022

FYI, I fixed a few of the test assertions to use Truth8.assertThat to appease our internal linter.

@Yannic Yannic deleted the yannic-creds-helper-provider branch July 1, 2022 19:00
@Yannic
Copy link
Contributor Author

Yannic commented Jul 1, 2022

@bazel-io flag

@bazel-io bazel-io added the potential release blocker Flagged by community members using "@bazel-io flag". Should be added to a release blocker milestone label Jul 1, 2022
@ckolli5
Copy link

ckolli5 commented Jul 5, 2022

@bazel-io fork 5.3.0

@bazel-io bazel-io mentioned this pull request Jul 5, 2022
Closed
@bazel-io bazel-io removed the potential release blocker Flagged by community members using "@bazel-io flag". Should be added to a release blocker milestone label Jul 5, 2022
@ckolli5 ckolli5 mentioned this pull request Jul 5, 2022
Merged
ckolli5 added a commit that referenced this pull request Jul 6, 2022
@ckolli5 @Yannic
Add util for finding credential helper to use (#15816)
024f552 
Progress on https://github.com/bazelbuild/proposals/blob/main/designs/2022-06-07-bazel-credential-helpers.md

Closes #15707.

PiperOrigin-RevId: 458456496
Change-Id: I751a594144c3563096ee9794c41329b49755824e

Co-authored-by: Yannic Bonenberger <[email protected]>
@ShreeM01 ShreeM01 removed the awaiting-review PR is awaiting review from an assigned reviewer label Sep 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tjgq tjgq tjgq approved these changes

Assignees
No one assigned
Labels
team-ExternalDeps External dependency handling, remote repositiories, WORKSPACE file.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@Yannic @tjgq @ckolli5 @bazel-io @sgowroji @ShreeM01