`zen oplog-export`, `zen oplog-import` for `--url` (cloud) and `--builds` (builds) option now has `--oidctoken-exe-path` to let zen run the OidcToken executable to get and refresh authentication token (#340)

author: Dan Engelbrecht <[email protected]> 2025-04-03 14:28:15 +0200
committer: GitHub Enterprise <[email protected]> 2025-04-03 14:28:15 +0200
commit: 9e138d34eda99c57c1e55ab15b1c60f4757cd99f (patch)
tree: ea9a8181061f87459f1282145555e98f4f240ce5 /src/zenserver
parent: 5.6.2 (diff)
download: zen-9e138d34eda99c57c1e55ab15b1c60f4757cd99f.tar.xz
zen-9e138d34eda99c57c1e55ab15b1c60f4757cd99f.zip
5 files changed, 64 insertions, 24 deletions
diff --git a/src/zenserver/projectstore/buildsremoteprojectstore.cpp b/src/zenserver/projectstore/buildsremoteprojectstore.cpp
index a6583b722..2a04d5c40 100644
--- a/src/zenserver/projectstore/buildsremoteprojectstore.cpp
+++ b/src/zenserver/projectstore/buildsremoteprojectstore.cpp
@@ -494,7 +494,15 @@ CreateBuildsRemoteStore(const BuildsRemoteStoreOptions& Options, const std::file
 	{
 		TokenProvider = httpclientauth::CreateFromStaticToken(Options.AccessToken);
 	}
-	else
+	else if (!Options.OidcExePath.empty())
+	{
+		if (auto TokenProviderMaybe = httpclientauth::CreateFromOidcTokenExecutable(Options.OidcExePath, Url); TokenProviderMaybe)
+		{
+			TokenProvider = TokenProviderMaybe.value();
+		}
+	}
+
+	if (!TokenProvider)
 	{
 		TokenProvider = httpclientauth::CreateFromDefaultOpenIdProvider(Options.AuthManager);
 	}
diff --git a/src/zenserver/projectstore/buildsremoteprojectstore.h b/src/zenserver/projectstore/buildsremoteprojectstore.h
index 8b2c6c8c8..c52b13886 100644
--- a/src/zenserver/projectstore/buildsremoteprojectstore.h
+++ b/src/zenserver/projectstore/buildsremoteprojectstore.h
@@ -10,17 +10,18 @@ class AuthMgr;
 
 struct BuildsRemoteStoreOptions : RemoteStoreOptions
 {
-	std::string Url;
-	std::string Namespace;
-	std::string Bucket;
-	Oid			BuildId;
-	std::string OpenIdProvider;
-	std::string AccessToken;
-	AuthMgr&	AuthManager;
-	bool		ForceDisableBlocks	   = false;
-	bool		ForceDisableTempBlocks = false;
-	bool		AssumeHttp2			   = false;
-	IoBuffer	MetaData;
+	std::string			  Url;
+	std::string			  Namespace;
+	std::string			  Bucket;
+	Oid					  BuildId;
+	std::string			  OpenIdProvider;
+	std::string			  AccessToken;
+	AuthMgr&			  AuthManager;
+	std::filesystem::path OidcExePath;
+	bool				  ForceDisableBlocks	 = false;
+	bool				  ForceDisableTempBlocks = false;
+	bool				  AssumeHttp2			 = false;
+	IoBuffer			  MetaData;
 };
 
 std::shared_ptr<RemoteProjectStore> CreateBuildsRemoteStore(const BuildsRemoteStoreOptions& Options,
diff --git a/src/zenserver/projectstore/jupiterremoteprojectstore.cpp b/src/zenserver/projectstore/jupiterremoteprojectstore.cpp
index e5839ad3b..20e6c28ac 100644
--- a/src/zenserver/projectstore/jupiterremoteprojectstore.cpp
+++ b/src/zenserver/projectstore/jupiterremoteprojectstore.cpp
@@ -371,7 +371,15 @@ CreateJupiterRemoteStore(const JupiterRemoteStoreOptions& Options, const std::fi
 	{
 		TokenProvider = httpclientauth::CreateFromStaticToken(Options.AccessToken);
 	}
-	else
+	else if (!Options.OidcExePath.empty())
+	{
+		if (auto TokenProviderMaybe = httpclientauth::CreateFromOidcTokenExecutable(Options.OidcExePath, Url); TokenProviderMaybe)
+		{
+			TokenProvider = TokenProviderMaybe.value();
+		}
+	}
+
+	if (!TokenProvider)
 	{
 		TokenProvider = httpclientauth::CreateFromDefaultOpenIdProvider(Options.AuthManager);
 	}
diff --git a/src/zenserver/projectstore/jupiterremoteprojectstore.h b/src/zenserver/projectstore/jupiterremoteprojectstore.h
index 27f3d9b73..8bf79d563 100644
--- a/src/zenserver/projectstore/jupiterremoteprojectstore.h
+++ b/src/zenserver/projectstore/jupiterremoteprojectstore.h
@@ -10,17 +10,18 @@ class AuthMgr;
 
 struct JupiterRemoteStoreOptions : RemoteStoreOptions
 {
-	std::string Url;
-	std::string Namespace;
-	std::string Bucket;
-	IoHash		Key;
-	IoHash		OptionalBaseKey;
-	std::string OpenIdProvider;
-	std::string AccessToken;
-	AuthMgr&	AuthManager;
-	bool		ForceDisableBlocks	   = false;
-	bool		ForceDisableTempBlocks = false;
-	bool		AssumeHttp2			   = false;
+	std::string			  Url;
+	std::string			  Namespace;
+	std::string			  Bucket;
+	IoHash				  Key;
+	IoHash				  OptionalBaseKey;
+	std::string			  OpenIdProvider;
+	std::string			  AccessToken;
+	AuthMgr&			  AuthManager;
+	std::filesystem::path OidcExePath;
+	bool				  ForceDisableBlocks	 = false;
+	bool				  ForceDisableTempBlocks = false;
+	bool				  AssumeHttp2			 = false;
 };
 
 std::shared_ptr<RemoteProjectStore> CreateJupiterRemoteStore(const JupiterRemoteStoreOptions& Options,
diff --git a/src/zenserver/projectstore/projectstore.cpp b/src/zenserver/projectstore/projectstore.cpp
index 1966eeef9..9aa800434 100644
--- a/src/zenserver/projectstore/projectstore.cpp
+++ b/src/zenserver/projectstore/projectstore.cpp
@@ -210,6 +210,16 @@ namespace {
 					AccessToken = GetEnvVariable(AccessTokenEnvVariable);
 				}
 			}
+			std::filesystem::path OidcExePath;
+			if (std::string_view OidcExePathString = Cloud["oidc-exe-path"].AsString(); !OidcExePathString.empty())
+			{
+				std::filesystem::path OidcExePathMaybe(OidcExePathString);
+				if (!IsFile(OidcExePathMaybe))
+				{
+					ZEN_WARN("Path to OidcToken executable '{}' can not be reached by server", OidcExePathString);
+					OidcExePath = std::move(OidcExePathMaybe);
+				}
+			}
 			std::string_view KeyParam = Cloud["key"sv].AsString();
 			if (KeyParam.empty())
 			{
@@ -252,6 +262,7 @@ namespace {
 												 std::string(OpenIdProvider),
 												 AccessToken,
 												 AuthManager,
+												 OidcExePath,
 												 ForceDisableBlocks,
 												 ForceDisableTempBlocks,
 												 AssumeHttp2};
@@ -307,6 +318,16 @@ namespace {
 					AccessToken = GetEnvVariable(AccessTokenEnvVariable);
 				}
 			}
+			std::filesystem::path OidcExePath;
+			if (std::string_view OidcExePathString = Builds["oidc-exe-path"].AsString(); !OidcExePathString.empty())
+			{
+				std::filesystem::path OidcExePathMaybe(OidcExePathString);
+				if (!IsFile(OidcExePathMaybe))
+				{
+					ZEN_WARN("Path to OidcToken executable '{}' can not be reached by server", OidcExePathString);
+					OidcExePath = std::move(OidcExePathMaybe);
+				}
+			}
 			std::string_view BuildIdParam = Builds["buildsid"sv].AsString();
 			if (BuildIdParam.empty())
 			{
@@ -337,6 +358,7 @@ namespace {
 												std::string(OpenIdProvider),
 												AccessToken,
 												AuthManager,
+												OidcExePath,
 												ForceDisableBlocks,
 												ForceDisableTempBlocks,
 												AssumeHttp2,
author	Dan Engelbrecht <[email protected]>	2025-04-03 14:28:15 +0200
committer	GitHub Enterprise <[email protected]>	2025-04-03 14:28:15 +0200
commit	9e138d34eda99c57c1e55ab15b1c60f4757cd99f (patch)
tree	ea9a8181061f87459f1282145555e98f4f240ce5 /src/zenserver
parent	5.6.2 (diff)
download	zen-9e138d34eda99c57c1e55ab15b1c60f4757cd99f.tar.xz zen-9e138d34eda99c57c1e55ab15b1c60f4757cd99f.zip