From e44934cf1b4783420f5a4c6acbdbac44488d92a9 Mon Sep 17 00:00:00 2001 From: Liam Mitchell Date: Wed, 14 Jan 2026 15:34:57 -0800 Subject: Use well-known OidcToken paths or command line arguments to determine OidcToken executable path --- .../storage/projectstore/httpprojectstore.cpp | 34 ++++------------------ 1 file changed, 6 insertions(+), 28 deletions(-) (limited to 'src/zenserver/storage/projectstore/httpprojectstore.cpp') diff --git a/src/zenserver/storage/projectstore/httpprojectstore.cpp b/src/zenserver/storage/projectstore/httpprojectstore.cpp index 4e947f221..3a48ef595 100644 --- a/src/zenserver/storage/projectstore/httpprojectstore.cpp +++ b/src/zenserver/storage/projectstore/httpprojectstore.cpp @@ -23,6 +23,7 @@ #include #include #include +#include #include #include @@ -101,7 +102,6 @@ CSVWriteOp(CidStore& CidStore, ////////////////////////////////////////////////////////////////////////// namespace { - void CbWriteOp(CidStore& CidStore, bool Details, bool OpDetails, @@ -317,19 +317,9 @@ namespace { AccessToken = GetEnvVariable(AccessTokenEnvVariable); } } - std::filesystem::path OidcExePath; - if (std::string_view OidcExePathString = Cloud["oidc-exe-path"].AsString(); !OidcExePathString.empty()) - { - std::filesystem::path OidcExePathMaybe(OidcExePathString); - if (IsFile(OidcExePathMaybe)) - { - OidcExePath = std::move(OidcExePathMaybe); - } - else - { - ZEN_WARN("Path to OidcToken executable '{}' can not be reached by server", OidcExePathString); - } - } + + std::filesystem::path OidcExePath = FindOidcTokenExePath(""); + std::string_view KeyParam = Cloud["key"sv].AsString(); if (KeyParam.empty()) { @@ -435,20 +425,8 @@ namespace { AccessToken = GetEnvVariable(AccessTokenEnvVariable); } } - std::filesystem::path OidcExePath; - if (std::string_view OidcExePathString = Builds["oidc-exe-path"].AsString(); !OidcExePathString.empty()) - { - std::filesystem::path OidcExePathMaybe(OidcExePathString); - if (IsFile(OidcExePathMaybe)) - { - OidcExePath = std::move(OidcExePathMaybe); - } - else - { - ZEN_WARN("Path to OidcToken executable '{}' can not be reached by server", OidcExePathString); - } - } - std::string_view BuildIdParam = Builds["buildsid"sv].AsString(); + std::filesystem::path OidcExePath = FindOidcTokenExePath(""); + std::string_view BuildIdParam = Builds["buildsid"sv].AsString(); if (BuildIdParam.empty()) { return {nullptr, "Missing build id"}; -- cgit v1.2.3 From 95d1bf56a77ecbd158e828592110d57f5445ed5e Mon Sep 17 00:00:00 2001 From: Liam Mitchell Date: Thu, 15 Jan 2026 17:08:03 -0800 Subject: Pass command-line OidcToken option through config rather than env variables, and add lua option --- .../storage/projectstore/httpprojectstore.cpp | 29 +++++++++++++--------- 1 file changed, 17 insertions(+), 12 deletions(-) (limited to 'src/zenserver/storage/projectstore/httpprojectstore.cpp') diff --git a/src/zenserver/storage/projectstore/httpprojectstore.cpp b/src/zenserver/storage/projectstore/httpprojectstore.cpp index 3a48ef595..1e1899002 100644 --- a/src/zenserver/storage/projectstore/httpprojectstore.cpp +++ b/src/zenserver/storage/projectstore/httpprojectstore.cpp @@ -252,7 +252,8 @@ namespace { size_t MaxBlockSize, size_t MaxChunkEmbedSize, size_t MaximumInMemoryDownloadSize, - const std::filesystem::path& TempFilePath) + const std::filesystem::path& TempFilePath, + const std::filesystem::path& OidcTokenExePath) { ZEN_MEMSCOPE(GetProjectHttpTag()); @@ -318,7 +319,7 @@ namespace { } } - std::filesystem::path OidcExePath = FindOidcTokenExePath(""); + std::filesystem::path OidcExePath = FindOidcTokenExePath(OidcTokenExePath.string()); std::string_view KeyParam = Cloud["key"sv].AsString(); if (KeyParam.empty()) @@ -425,7 +426,7 @@ namespace { AccessToken = GetEnvVariable(AccessTokenEnvVariable); } } - std::filesystem::path OidcExePath = FindOidcTokenExePath(""); + std::filesystem::path OidcExePath = FindOidcTokenExePath(OidcTokenExePath.string()); std::string_view BuildIdParam = Builds["buildsid"sv].AsString(); if (BuildIdParam.empty()) { @@ -507,13 +508,14 @@ namespace { ////////////////////////////////////////////////////////////////////////// -HttpProjectService::HttpProjectService(CidStore& Store, - ProjectStore* Projects, - HttpStatusService& StatusService, - HttpStatsService& StatsService, - AuthMgr& AuthMgr, - OpenProcessCache& InOpenProcessCache, - JobQueue& InJobQueue) +HttpProjectService::HttpProjectService(CidStore& Store, + ProjectStore* Projects, + HttpStatusService& StatusService, + HttpStatsService& StatsService, + AuthMgr& AuthMgr, + OpenProcessCache& InOpenProcessCache, + JobQueue& InJobQueue, + const std::filesystem::path& InOidcTokenExePath) : m_Log(logging::Get("project")) , m_CidStore(Store) , m_ProjectStore(Projects) @@ -522,6 +524,7 @@ HttpProjectService::HttpProjectService(CidStore& Store, , m_AuthMgr(AuthMgr) , m_OpenProcessCache(InOpenProcessCache) , m_JobQueue(InJobQueue) +, m_OidcTokenExePath(InOidcTokenExePath) { ZEN_MEMSCOPE(GetProjectHttpTag()); @@ -2636,7 +2639,8 @@ HttpProjectService::HandleRpcRequest(HttpRouterRequest& Req) MaxBlockSize, MaxChunkEmbedSize, GetMaxMemoryBufferSize(MaxBlockSize, BoostWorkerMemory), - Oplog->TempPath()); + Oplog->TempPath(), + m_OidcTokenExePath); if (RemoteStoreResult.Store == nullptr) { @@ -2706,7 +2710,8 @@ HttpProjectService::HandleRpcRequest(HttpRouterRequest& Req) MaxBlockSize, MaxChunkEmbedSize, GetMaxMemoryBufferSize(MaxBlockSize, BoostWorkerMemory), - Oplog->TempPath()); + Oplog->TempPath(), + m_OidcTokenExePath); if (RemoteStoreResult.Store == nullptr) { -- cgit v1.2.3 From c852b646f456ea5ec09d875c949d4cfbae46e45a Mon Sep 17 00:00:00 2001 From: Liam Mitchell Date: Wed, 4 Mar 2026 17:31:29 -0800 Subject: Allow external OidcToken executable to be specified unless disabled via command line or config --- .../storage/projectstore/httpprojectstore.cpp | 49 +++++++++++++++++++--- 1 file changed, 43 insertions(+), 6 deletions(-) (limited to 'src/zenserver/storage/projectstore/httpprojectstore.cpp') diff --git a/src/zenserver/storage/projectstore/httpprojectstore.cpp b/src/zenserver/storage/projectstore/httpprojectstore.cpp index 1e1899002..91c0a8af1 100644 --- a/src/zenserver/storage/projectstore/httpprojectstore.cpp +++ b/src/zenserver/storage/projectstore/httpprojectstore.cpp @@ -253,7 +253,8 @@ namespace { size_t MaxChunkEmbedSize, size_t MaximumInMemoryDownloadSize, const std::filesystem::path& TempFilePath, - const std::filesystem::path& OidcTokenExePath) + const std::filesystem::path& OidcTokenExePath, + bool AllowExternalOidcTokenExe) { ZEN_MEMSCOPE(GetProjectHttpTag()); @@ -320,6 +321,21 @@ namespace { } std::filesystem::path OidcExePath = FindOidcTokenExePath(OidcTokenExePath.string()); + if (OidcExePath.empty() && AllowExternalOidcTokenExe) + { + if (std::string_view OidcExePathString = Cloud["oidc-exe-path"].AsString(); !OidcExePathString.empty()) + { + std::filesystem::path OidcExePathMaybe(OidcExePathString); + if (IsFile(OidcExePathMaybe)) + { + OidcExePath = std::move(OidcExePathMaybe); + } + else + { + ZEN_WARN("Path to OidcToken executable '{}' can not be reached by server", OidcExePathString); + } + } + } std::string_view KeyParam = Cloud["key"sv].AsString(); if (KeyParam.empty()) @@ -426,8 +442,25 @@ namespace { AccessToken = GetEnvVariable(AccessTokenEnvVariable); } } - std::filesystem::path OidcExePath = FindOidcTokenExePath(OidcTokenExePath.string()); - std::string_view BuildIdParam = Builds["buildsid"sv].AsString(); + + std::filesystem::path OidcExePath = FindOidcTokenExePath(OidcTokenExePath.string()); + if (OidcExePath.empty() && AllowExternalOidcTokenExe) + { + if (std::string_view OidcExePathString = Builds["oidc-exe-path"].AsString(); !OidcExePathString.empty()) + { + std::filesystem::path OidcExePathMaybe(OidcExePathString); + if (IsFile(OidcExePathMaybe)) + { + OidcExePath = std::move(OidcExePathMaybe); + } + else + { + ZEN_WARN("Path to OidcToken executable '{}' can not be reached by server", OidcExePathString); + } + } + } + + std::string_view BuildIdParam = Builds["buildsid"sv].AsString(); if (BuildIdParam.empty()) { return {nullptr, "Missing build id"}; @@ -515,7 +548,8 @@ HttpProjectService::HttpProjectService(CidStore& Store, AuthMgr& AuthMgr, OpenProcessCache& InOpenProcessCache, JobQueue& InJobQueue, - const std::filesystem::path& InOidcTokenExePath) + const std::filesystem::path& InOidcTokenExePath, + bool InAllowExternalOidcTokenExe) : m_Log(logging::Get("project")) , m_CidStore(Store) , m_ProjectStore(Projects) @@ -525,6 +559,7 @@ HttpProjectService::HttpProjectService(CidStore& Store, , m_OpenProcessCache(InOpenProcessCache) , m_JobQueue(InJobQueue) , m_OidcTokenExePath(InOidcTokenExePath) +, m_AllowExternalOidcTokenExe(InAllowExternalOidcTokenExe) { ZEN_MEMSCOPE(GetProjectHttpTag()); @@ -2640,7 +2675,8 @@ HttpProjectService::HandleRpcRequest(HttpRouterRequest& Req) MaxChunkEmbedSize, GetMaxMemoryBufferSize(MaxBlockSize, BoostWorkerMemory), Oplog->TempPath(), - m_OidcTokenExePath); + m_OidcTokenExePath, + m_AllowExternalOidcTokenExe); if (RemoteStoreResult.Store == nullptr) { @@ -2711,7 +2747,8 @@ HttpProjectService::HandleRpcRequest(HttpRouterRequest& Req) MaxChunkEmbedSize, GetMaxMemoryBufferSize(MaxBlockSize, BoostWorkerMemory), Oplog->TempPath(), - m_OidcTokenExePath); + m_OidcTokenExePath, + m_AllowExternalOidcTokenExe); if (RemoteStoreResult.Store == nullptr) { -- cgit v1.2.3