Add util for finding credential helper to use by Yannic · Pull Request #15707 · bazelbuild/bazel

Yannic · 2022-06-20T15:04:48Z

Progress on https://github.com/bazelbuild/proposals/blob/main/designs/2022-06-07-bazel-credential-helpers.md

Yannic · 2022-06-20T15:22:31Z

@tjgq PTAL

tjgq · 2022-06-20T15:29:07Z

+            () -> {
+              int dot = host.indexOf('.');
+              if (dot < 0) {
+                // We reached the last segment, end.
+                return Optional.empty();
+              }
+              return findWildcardCredentialHelper(host.substring(dot + 1));


I think it would be clearer to encapsulate this logic in a boolean hostMatchesPattern(String pattern, String host) helper.

Slightly refactored the "get parent domain" logic into helper function.

tjgq · 2022-06-20T15:36:00Z

+      if (pattern.startsWith("*.")) {
+        wildcards.put(pattern.substring(2), helper);
+      } else {
+        hosts.put(pattern, helper);


I think we should do more exhaustive validation to reject stuff like foo.*.bar, http://foo.bar, http://foo.bar/path/to/resource, or http://foo.bar:8080.

To be concrete, I think we want the pattern to match the regex (\*|[-a-zA-Z0-9]+)(\.[-a-zA-Z0-9]+)+ (technically domain names are stricter, but this should cover most misuses).

Done (+ also handling non-ascii DNS names correctly)

Yannic

PTAL

Yannic · 2022-06-21T09:58:57Z

+      if (pattern.startsWith("*.")) {
+        wildcards.put(pattern.substring(2), helper);
+      } else {
+        hosts.put(pattern, helper);


Done (+ also handling non-ascii DNS names correctly)

Yannic · 2022-06-21T10:10:51Z

+            () -> {
+              int dot = host.indexOf('.');
+              if (dot < 0) {
+                // We reached the last segment, end.
+                return Optional.empty();
+              }
+              return findWildcardCredentialHelper(host.substring(dot + 1));


Slightly refactored the "get parent domain" logic into helper function.

Yannic · 2022-06-24T08:17:34Z

@tjgq ping?

tjgq · 2022-07-01T13:38:24Z

FYI, I fixed a few of the test assertions to use Truth8.assertThat to appease our internal linter.

Yannic · 2022-07-01T19:00:11Z

@bazel-io flag

ckolli5 · 2022-07-05T13:10:14Z

@bazel-io fork 5.3.0

Progress on https://github.com/bazelbuild/proposals/blob/main/designs/2022-06-07-bazel-credential-helpers.md Closes #15707. PiperOrigin-RevId: 458456496 Change-Id: I751a594144c3563096ee9794c41329b49755824e Co-authored-by: Yannic Bonenberger <[email protected]>

Yannic force-pushed the yannic-creds-helper-provider branch from ac79963 to 2f8c78e Compare June 20, 2022 15:07

Add util for finding credential helper to use

483bbd7

Progress on https://github.com/bazelbuild/proposals/blob/main/designs/2022-06-07-bazel-credential-helpers.md

Yannic force-pushed the yannic-creds-helper-provider branch from 2f8c78e to 483bbd7 Compare June 20, 2022 15:08

Yannic marked this pull request as ready for review June 20, 2022 17:07

sgowroji added team-ExternalDeps External dependency handling, remote repositiories, WORKSPACE file. awaiting-review PR is awaiting review from an assigned reviewer labels Jun 21, 2022

tjgq requested changes Jun 21, 2022

View reviewed changes

Yannic added 2 commits June 21, 2022 11:58

CR + punycode

5bb125a

extract subdomain finder

5fedd41

Yannic commented Jun 21, 2022

View reviewed changes

tjgq approved these changes Jun 30, 2022

View reviewed changes

tjgq referenced this pull request in bazelbuild/proposals Jun 30, 2022

Mark the credential helpers proposal as approved. (#265)

3f99a29

copybara-service Bot closed this in 4175018 Jul 1, 2022

Yannic deleted the yannic-creds-helper-provider branch July 1, 2022 19:00

bazel-io added the potential release blocker Flagged by community members using "@bazel-io flag". Should be added to a release blocker milestone label Jul 1, 2022

bazel-io mentioned this pull request Jul 5, 2022

[5.3.0] Add util for finding credential helper to use #15812

Closed

bazel-io removed the potential release blocker Flagged by community members using "@bazel-io flag". Should be added to a release blocker milestone label Jul 5, 2022

ckolli5 mentioned this pull request Jul 5, 2022

Add util for finding credential helper to use #15816

Merged

ShreeM01 removed the awaiting-review PR is awaiting review from an assigned reviewer label Sep 15, 2022

Conversation

Yannic commented Jun 20, 2022

Uh oh!

Yannic commented Jun 20, 2022

Uh oh!

tjgq Jun 20, 2022

Choose a reason for hiding this comment

Uh oh!

Yannic Jun 21, 2022

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

tjgq Jun 20, 2022

Choose a reason for hiding this comment

Uh oh!

Yannic Jun 21, 2022

Choose a reason for hiding this comment

Uh oh!

Yannic left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Yannic Jun 21, 2022

Choose a reason for hiding this comment

Uh oh!

Yannic Jun 21, 2022

Choose a reason for hiding this comment

Uh oh!

Yannic commented Jun 24, 2022

Uh oh!

tjgq commented Jul 1, 2022

Uh oh!

Yannic commented Jul 1, 2022

Uh oh!

ckolli5 commented Jul 5, 2022

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants