Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AuthenticateBbclientd ¶
AuthenticateBbclientd auths our CAS mounts
bb_clientd mounts CAS as a fuse filesystem. It also runs a grpc enpoint that acts as a proxy for our build cluster backend.
It authenticates the fuse filesystem by intercepting credentials that come from requests from the RBE client (bazel). Those credentials are reused when a user wants to read a file from CAS (testslogs from failed builds, etc..).
The issue with this auth setup is that users must do an initial bazel invocation to "seed" the credentials before they're able to use the CAS mounts. This is a poor user experience.
To get around this we're sending a dummy rpc request through the proxy at `enkit login` so that bbclientd is automatically authenticated on user login for the day.
A less hacky approach would be to add proper credentials helper support for bb_clientd so auth happens when the daemon starts up. Upstream has already indicated they'd be happy to accept this contribution. If we're able to land that feature (or someone else does) then this code can be removed.
The ticket for cred helper support in bb_clientd: ENGPROD-355
func TokenAuthInterceptor ¶
func TokenAuthInterceptor(token string) grpc.UnaryClientInterceptor
Adds our auth headers to our requests
Types ¶
type Login ¶
type Login struct {
*cobra.Command
BbclientdAddress string
Debug bool
NoDefault bool
MinWaitTime time.Duration
// contains filtered or unexported fields
}
func NewLogin ¶
NewLogin creates a new Login command.
Base is the pointer to a base object, initialized with NewBase. rng is a secure random number generator.
When the login command is run, it will: - apply the configuration defaults necessary for the domain, using a populator. - retrieve an authentication token from the authentication server. - save it on disk, optionally as a default identity.
Source Files