Remote CAS/AC Authentication Support

buildbarn / bb-browser

Web frontend for exploring an Action Cache / Content Addressable Storage

Apache License 2.0

42 stars 35 forks source link

Remote CAS/AC Authentication Support #30

Open t-chaik opened 5 years ago

t-chaik commented 5 years ago

bb-brower's blob store has a remote CAS and Action Cache (AC) gRPC backend (using the "grpc" configuration key). In that mode, bb-brower acts as a REAPI CAS and/or AC client.

This backend is compatible with any REAPI CAS and/or AC implementation. The external service may require authentication in order for a client gRPC request to be accepted though. Would be nice if bb-brower could support sending (configurable) client credentials when contacting such services.

EdSchouten commented 5 years ago

Hi Martin,

Agreed. In https://github.com/buildbarn/bb-storage/issues/2 / https://github.com/EdSchouten/bazel-buildbarn/issues/24 @edbaunton mentioned that he'd be interested in seeing OIDC/OAuth2 support appear. Maybe it would be sweet to implement credential forwarding?

More concretely, make it so that once you log in to visit bb-browser, that it attaches the client's token (stored in a HTTP header/cookie) to the gRPC requests going to the storage backend. That way you only need to manage the policy in one place.