Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remote CAS/AC Authentication Support #30

Open
t-chaik opened this issue Feb 20, 2019 · 1 comment
Open

Remote CAS/AC Authentication Support #30

t-chaik opened this issue Feb 20, 2019 · 1 comment

Comments

@t-chaik
Copy link

t-chaik commented Feb 20, 2019

bb-brower's blob store has a remote CAS and Action Cache (AC) gRPC backend (using the "grpc" configuration key). In that mode, bb-brower acts as a REAPI CAS and/or AC client.

This backend is compatible with any REAPI CAS and/or AC implementation. The external service may require authentication in order for a client gRPC request to be accepted though. Would be nice if bb-brower could support sending (configurable) client credentials when contacting such services.
@EdSchouten
Copy link
Member

Hi Martin,

Agreed. In buildbarn/bb-storage#2 / https://github.com/EdSchouten/bazel-buildbarn/issues/24 @edbaunton mentioned that he'd be interested in seeing OIDC/OAuth2 support appear. Maybe it would be sweet to implement credential forwarding?

More concretely, make it so that once you log in to visit bb-browser, that it attaches the client's token (stored in a HTTP header/cookie) to the gRPC requests going to the storage backend. That way you only need to manage the policy in one place.

@EdSchouten EdSchouten transferred this issue from buildbarn/bb-storage Jun 28, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@EdSchouten @t-chaik