Google Git
Sign in
bazel/bazel/4c12bfedbccb1f65d3b751d1a1c1ae85cb9275b0
commit
4c12bfedbccb1f65d3b751d1a1c1ae85cb9275b0
[log]
author
Son Luong Ngoc <sluongng@gmail.com>
Fri Sep 13 12:14:18 2024 -0700
committer
Copybara-Service <copybara-worker@google.com>
Fri Sep 13 12:15:46 2024 -0700
tree
74bcebc5028f8fe4baf67f5f9a6a1001c3e452c3
parent
2a7aa77853b3d7d30118f6c26a90467d8ba9117a [diff]
GrpcRemoteDownloader: optionally propagate credentials to remote server

In a multi-tenancy server deployment setup, the clients might want to
treat the remote downloader server as a pull-through proxy and use it to
download from private storage systems.

Currently, we do support it via --remote_downloader_headers. However
this scheme does not apply to the specific URL, while credentials and
authentication could sometimes be host/domain specific.

Add a flag to let users opt-in to credentials propagation to the remote
server. This is off by default as not all remote servers can be
trusted. When the flag is enabled, URL-specific credentials from Netrc
or a custom credentials helper can be propagated to the remote server.

The server implementation needs to support the new
`http_header_url:<url-index>:<header-key>` qualifier where the
`url-index` is a 0-based position of the URL inside the
FetchBlobRequest's uris field. This new qualifier is modeled after the
existing `http_header` qualifier.

Fixes #23499

Closes #23578.

PiperOrigin-RevId: 674388422
Change-Id: Iaa2f5dd0bdffd9385d8f229458810442c8ca3ddc
4 files changed
tree: 74bcebc5028f8fe4baf67f5f9a6a1001c3e452c3
  1. .bazelci/
  2. .github/
  3. examples/
  4. scripts/
  5. site/
  6. src/
  7. third_party/
  8. tools/
  9. .bazelrc
  10. .bazelversion
  11. .gitattributes
  12. .gitignore
  13. AUTHORS
  14. bazel_downloader.cfg
  15. BUILD
  16. CHANGELOG.md
  17. CODE_OF_CONDUCT.md
  18. CODEOWNERS
  19. combine_distfiles.py
  20. combine_distfiles_to_tar.sh
  21. compile.sh
  22. CONTRIBUTING.md
  23. CONTRIBUTORS
  24. distdir.bzl
  25. extensions.bzl
  26. LICENSE
  27. maven_install.json
  28. MODULE.bazel
  29. MODULE.bazel.lock
  30. rbe_extension.bzl
  31. README.md
  32. repositories.bzl
  33. requirements.txt
  34. SECURITY.md
  35. WORKSPACE.bzlmod
  36. workspace_deps.bzl
README.md

Bazel

{Fast, Correct} - Choose two

Build and test software of any size, quickly and reliably.

  • Speed up your builds and tests: Bazel rebuilds only what is necessary. With advanced local and distributed caching, optimized dependency analysis and parallel execution, you get fast and incremental builds.

  • One tool, multiple languages: Build and test Java, C++, Android, iOS, Go, and a wide variety of other language platforms. Bazel runs on Windows, macOS, and Linux.

  • Scalable: Bazel helps you scale your organization, codebase, and continuous integration solution. It handles codebases of any size, in multiple repositories or a huge monorepo.

  • Extensible to your needs: Easily add support for new languages and platforms with Bazel's familiar extension language. Share and re-use language rules written by the growing Bazel community.

Getting Started

Documentation

Reporting a Vulnerability

To report a security issue, please email security@bazel.build with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue. Our vulnerability management team will respond within 3 working days of your email. If the issue is confirmed as a vulnerability, we will open a Security Advisory. This project follows a 90 day disclosure timeline.

Contributing to Bazel

See CONTRIBUTING.md

Build status