feat(bindle push): add basic auth support #407
Conversation
vdice
changed the title
vdice
force-pushed
the
feat/bindle-basic-auth
branch
from
bf17e2f
to
8761d3a
Compare
crates/publish/src/bindle_pusher.rs
Outdated
| ) -> Result<()> { | ||
| let reader = StandaloneRead::new(&path, bindle_id).await?; | ||
| reader | ||
| .push(client) | ||
| .push(&bindle_connection_info.client()?) |
There was a problem hiding this comment.
Might be good to have a context/with_context here - this can help users understand the error
There was a problem hiding this comment.
@itowlson Are you envisioning something like this?
.push(
&bindle_connection_info.client()
.context(
format!(
"Failed to create a bindle client from provided connection info '{}'",
bindle_connection_info.display()
)
)?
)
.await
.with_context(|| push_failed_msg(path, &bindle_connection_info.base_url))
(Where, if so, or if on the right track, I'd add a display() function to BindleConnectionInfo for printing)
There was a problem hiding this comment.
Yeah, that sort of thing. Though for readability I would probably pull it out into e.g.
let client = &bci.client().with_context(...);
...
.push(&client)
rather than having the massive with_context block breaking up the flow
There was a problem hiding this comment.
(I thought it best not to print the entire bci struct as it may contain sensitive info like the un/pw values for basic auth)
| Self { | ||
| base_url: base_url.into(), | ||
| allow_insecure, | ||
| token_manager: AnyAuth { |
There was a problem hiding this comment.
The get side currently uses a different idiom for this (mostly because I foolishly reinvented the wheel). Medium term - outside the scope of this PR - we should replace BindleTokenManager on the get side with AnyAuth.
There was a problem hiding this comment.
👍 Agreed. It sounds like it'll be okay to do this work in a follow-up; I've created #411
src/commands/bindle.rs
Outdated
| #[structopt( | ||
| name = BINDLE_HTTP_PASSWORD, | ||
| long = "bindle-http-password", | ||
| env = BINDLE_HTTP_PASSWORD, |
There was a problem hiding this comment.
Should this and BINDLE_HTTP_USER require each other?
src/commands/deploy.rs
Outdated
| let client = crate::create_bindle_client(true, &self.bindle_server_url)?; | ||
| let bindle_connection_info = spin_publish::BindleConnectionInfo::new( | ||
| &self.bindle_server_url, | ||
| // TODO: do we want to add insecure and http user/pw opts for this deploy cmd? |
There was a problem hiding this comment.
It should support the same things bindle push does I think, though could leave out of scope for this PR if you want.
There was a problem hiding this comment.
This should be straightforward enough to add in this PR, so I'll do so.
There was a problem hiding this comment.
Added in 633e0cd (cc @michelleN )
| @@ -81,10 +87,53 @@ mod integration_tests { | |||
| Ok(()) | |||
| } | |||
|
|
|||
| #[tokio::test] | |||
| async fn test_bindle_roundtrip_basic_auth() -> Result<()> { | |||
| // start the Bindle registry. | |||
There was a problem hiding this comment.
Love how convenient the test setup is here.
| @@ -13,6 +13,7 @@ futures = "0.3.14" | |||
| itertools = "0.10.3" | |||
| mime_guess = { version = "2.0" } | |||
| path-absolutize = "3.0.11" | |||
| reqwest = "0.11" | |||
There was a problem hiding this comment.
Is this needed? Not sure why the Bindle client doesn't handle it all for us.
There was a problem hiding this comment.
Yea, not sure... without this, I'm seeing:
$ make build
cargo build --release
Compiling spin-cli v0.1.0 (/Users/vdice/go/src/github.com/fermyon/spin)
Compiling spin-publish v0.1.0 (/Users/vdice/go/src/github.com/fermyon/spin/crates/publish)
error[E0433]: failed to resolve: use of undeclared crate or module `reqwest`
--> crates/publish/src/lib.rs:73:18
|
73 | builder: reqwest::RequestBuilder,
| ^^^^^^^ use of undeclared crate or module `reqwest`
error[E0433]: failed to resolve: use of undeclared crate or module `reqwest`
--> crates/publish/src/lib.rs:74:33
|
74 | ) -> bindle::client::Result<reqwest::RequestBuilder> {
| ^^^^^^^ use of undeclared crate or module `reqwest`
For more information about this error, try `rustc --explain E0433`.
error: could not compile `spin-publish` due to 2 previous errors
But maybe there's another way to go about this?
There was a problem hiding this comment.
Eh, I guess it's needed then grin - leave it.
src/commands/bindle.rs
Outdated
| #[structopt( | ||
| name = BINDLE_HTTP_USER, | ||
| long = "bindle-http-user", | ||
| env = BINDLE_HTTP_USER, |
There was a problem hiding this comment.
Not blocking this PR: we should make username and password environment variables consistent across commands. Like spin deploy requires a hippo user name and password and the env vars look a little diff there.
There was a problem hiding this comment.
Good point; updated in 1fe2964
Signed-off-by: Vaughn Dice <vaughn.dice@fermyon.com>
…test Signed-off-by: Vaughn Dice <vaughn.dice@fermyon.com>
Signed-off-by: Vaughn Dice <vaughn.dice@fermyon.com>
… hippo auth Signed-off-by: Vaughn Dice <vaughn.dice@fermyon.com>
Signed-off-by: Vaughn Dice <vaughn.dice@fermyon.com>
src/commands/bindle.rs
Outdated
| name = BINDLE_USERNAME, | ||
| long = "bindle-username", | ||
| env = BINDLE_USERNAME, | ||
| requires(BINDLE_PASSWORD) |
There was a problem hiding this comment.
Nit: can we not write requires = ... for consistency? I thought this worked elsewhere but could be wrong.
Signed-off-by: Vaughn Dice <vaughn.dice@fermyon.com>
Signed-off-by: Vaughn Dice <vaughn.dice@fermyon.com>
vdice
force-pushed
the
feat/bindle-basic-auth
branch
from
633e0cd
to
55c3f95
Compare
I see at least two follow-ups if we want to add support for bindle server basic auth across Spin (or, could perhaps be persuaded to tackle one or more in this effort):
1. Adding basic auth config foradded in 633e0cdspin deploy2. Updating the loader crate which still appears to use a No Auth approach (For our current tests, this still works because thus far, bindle server allows anonymous GETs even when running with basic auth). See #411
Thoughts?
Closes #305