Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remote Downloader should support using custom credentials #23499

Closed
sluongng opened this issue Sep 3, 2024 · 3 comments
Closed

Remote Downloader should support using custom credentials #23499

sluongng opened this issue Sep 3, 2024 · 3 comments
Labels
team-Remote-Exec Issues and PRs for the Execution (Remote) team type: feature request untriaged

Comments

@sluongng
Copy link
Contributor

sluongng commented Sep 3, 2024

Description of the feature request:

Currently, the HttpDownloader does support credentials from netrc or a custom credential helper.

However, the GrpcRemoteDownloader backed by Remote Asset API simply ignores the credentials https://cs.opensource.google/bazel/bazel/+/master:src/main/java/com/google/devtools/build/lib/remote/downloader/GrpcRemoteDownloader.java;l=167;drc=0a0d877a6960db1f4054f9b6ac09b6c91c311548;bpv=0;bpt=1 which make it not possible to use remote_downloader against a URL that requires authentications.

Given that the credentials might be based on URL, we may want to extend the current QUALIFIER_HTTP_HEADER_PREFIX to also support different URLs, perhaps based on the order of the URLs added to the grpc request.,

Which category does this issue belong to?

Remote Execution

What underlying problem are you trying to solve with this feature?

No response

Which operating system are you running Bazel on?

No response

What is the output of bazel info release?

No response

If bazel info release returns development version or (@non-git), tell us how you built Bazel.

No response

What's the output of git remote get-url origin; git rev-parse HEAD ?

No response

Have you found anything relevant by searching the web?

No response

Any other information, logs, or outputs that you want to share?

No response

@github-actions github-actions bot added the team-Remote-Exec Issues and PRs for the Execution (Remote) team label Sep 3, 2024
@sluongng
Copy link
Contributor Author

sluongng commented Sep 3, 2024

cc: @r2r-dev

@jmillikin
Copy link
Contributor

Normally your remote downloader implementation would contain logic for loading appropriate credentials. For example, if you're using it to redirect download requests to an internal caching proxy then that proxy should be configured with netrc (or equivalent).

@sluongng
Copy link
Contributor Author

sluongng commented Sep 5, 2024

@jmillikin It's one way to set it up. However, in some settings where the remote downloader is shared between different isolated + diverse tenants, it might be desirable to forward the credentials from the client side (Bazel side) instead of keeping the credentials in one centralized location. This way, tenant foo could be using a different set of credentials headers from tenant bar.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
team-Remote-Exec Issues and PRs for the Execution (Remote) team type: feature request untriaged
Projects
None yet
Development

Successfully merging a pull request may close this issue.

5 participants