[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
02/03: services: guix-build-coordinator: Rework authentication config.
|
From: |
guix-commits |
|
Subject: |
02/03: services: guix-build-coordinator: Rework authentication config. |
|
Date: |
Sun, 28 Feb 2021 16:57:16 -0500 (EST) |
cbaines pushed a commit to branch master
in repository guix.
commit 7556130c2f940c8c92ea79af633cb08c82f50cb4
Author: Christopher Baines <mail@cbaines.net>
AuthorDate: Sun Feb 28 21:11:58 2021 +0000
services: guix-build-coordinator: Rework authentication config.
A new authentication approach has been added to the coordinator, so to
better
represent the options, this commit changes the configuration to accept
different records, each for different authentication approaches.
* gnu/services/guix.scm (guix-build-coordinator-agent-configuration-uuid,
guix-build-coordinator-agent-configuration-password,
guix-build-coordinator-agent-configuration-password-file): Removed
procedures.
(guix-build-coordinator-agent-password-auth,
guix-build-coordinator-agent-password-auth?,
guix-build-coordinator-agent-password-auth-uuid,
guix-build-coordinator-agent-password-auth-password,
guix-build-coordinator-agent-password-file-auth,
guix-build-coordinator-agent-password-file-auth?,
guix-build-coordinator-agent-password-file-auth-uuid,
guix-build-coordinator-agent-password-file-auth-password-file): New
procedures.
(guix-build-coordinator-agent-shepherd-services): Adjust to handle the
authentication field and it's possible record values.
* doc/guix.texi (Guix Build Coordinator): Update documentation.
---
doc/guix.texi | 48 +++++++++++++++++++++++++++++++++------------
gnu/services/guix.scm | 54 ++++++++++++++++++++++++++++++++++++---------------
2 files changed, 74 insertions(+), 28 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 27083f1..b75fce4 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -30962,18 +30962,9 @@ The system user to run the service as.
@item @code{coordinator} (default: @code{"http://localhost:8745"})
The URI to use when connecting to the coordinator.
-@item @code{uuid}
-The UUID of the agent. This should be generated by the coordinator
-process, stored in the coordinator database, and used by the intended
-agent.
-
-@item @code{password} (default: @code{#f})
-The password to use when connecting to the coordinator. A file to read
-the password from can also be specified, and this is more secure.
-
-@item @code{password-file} (default: @code{#f})
-A file containing the password to use when connecting to the
-coordinator.
+@item @code{authentication}
+Record describing how this agent should authenticate with the
+coordinator. Possible record types are described below.
@item @code{systems} (default: @code{#f})
The systems for which this agent should fetch builds. The agent process
@@ -30993,6 +30984,39 @@ input store items aren't already available.
@end table
@end deftp
+@deftp {Data Type} guix-build-coordinator-agent-password-auth
+Data type representing an agent authenticating with a coordinator via a
+UUID and password.
+
+@table @asis
+@item @code{uuid}
+The UUID of the agent. This should be generated by the coordinator
+process, stored in the coordinator database, and used by the intended
+agent.
+
+@item @code{password}
+The password to use when connecting to the coordinator.
+
+@end table
+@end deftp
+
+@deftp {Data Type} guix-build-coordinator-agent-password-file-auth
+Data type representing an agent authenticating with a coordinator via a
+UUID and password read from a file.
+
+@table @asis
+@item @code{uuid}
+The UUID of the agent. This should be generated by the coordinator
+process, stored in the coordinator database, and used by the intended
+agent.
+
+@item @code{password-file}
+A file containing the password to use when connecting to the
+coordinator.
+
+@end table
+@end deftp
+
The Guix Build Coordinator package contains a script to query an
instance of the Guix Data Service for derivations to build, and then
submit builds for those derivations to the coordinator. The service
diff --git a/gnu/services/guix.scm b/gnu/services/guix.scm
index 88d23f7..b86e203 100644
--- a/gnu/services/guix.scm
+++ b/gnu/services/guix.scm
@@ -55,14 +55,22 @@
guix-build-coordinator-agent-configuration-package
guix-build-coordinator-agent-configuration-user
guix-build-coordinator-agent-configuration-coordinator
- guix-build-coordinator-agent-configuration-uuid
- guix-build-coordinator-agent-configuration-password
- guix-build-coordinator-agent-configuration-password-file
+ guix-build-coordinator-agent-configuration-authentication
guix-build-coordinator-agent-configuration-systems
guix-build-coordinator-agent-configuration-max-parallel-builds
guix-build-coordinator-agent-configuration-derivation-substitute-urls
guix-build-coordinator-agent-configuration-non-derivation-substitute-urls
+ guix-build-coordinator-agent-password-auth
+ guix-build-coordinator-agent-password-auth?
+ guix-build-coordinator-agent-password-auth-uuid
+ guix-build-coordinator-agent-password-auth-password
+
+ guix-build-coordinator-agent-password-file-auth
+ guix-build-coordinator-agent-password-file-auth?
+ guix-build-coordinator-agent-password-file-auth-uuid
+ guix-build-coordinator-agent-password-file-auth-password-file
+
guix-build-coordinator-agent-service-type
guix-build-coordinator-queue-builds-configuration
@@ -132,11 +140,7 @@
(default "guix-build-coordinator-agent"))
(coordinator guix-build-coordinator-agent-configuration-coordinator
(default "http://localhost:8745";))
- (uuid guix-build-coordinator-agent-configuration-uuid)
- (password guix-build-coordinator-agent-configuration-password
- (default #f))
- (password-file guix-build-coordinator-agent-configuration-password-file
- (default #f))
+ (authentication
guix-build-coordinator-agent-configuration-authentication)
(systems guix-build-coordinator-agent-configuration-systems
(default #f))
(max-parallel-builds
@@ -149,6 +153,21 @@
guix-build-coordinator-agent-configuration-non-derivation-substitute-urls
(default #f)))
+(define-record-type* <guix-build-coordinator-agent-password-auth>
+ guix-build-coordinator-agent-password-auth
+ make-guix-build-coordinator-agent-password-auth
+ guix-build-coordinator-agent-password-auth?
+ (uuid guix-build-coordinator-agent-password-auth-uuid)
+ (password guix-build-coordinator-agent-password-auth-password))
+
+(define-record-type* <guix-build-coordinator-agent-password-file-auth>
+ guix-build-coordinator-agent-password-file-auth
+ make-guix-build-coordinator-agent-password-file-auth
+ guix-build-coordinator-agent-password-file-auth?
+ (uuid guix-build-coordinator-agent-password-file-auth-uuid)
+ (password-file
+ guix-build-coordinator-agent-password-file-auth-password-file))
+
(define-record-type* <guix-build-coordinator-queue-builds-configuration>
guix-build-coordinator-queue-builds-configuration
make-guix-build-coordinator-queue-builds-configuration
@@ -326,7 +345,7 @@
(define (guix-build-coordinator-agent-shepherd-services config)
(match-record config <guix-build-coordinator-agent-configuration>
- (package user coordinator uuid password password-file max-parallel-builds
+ (package user coordinator authentication max-parallel-builds
derivation-substitute-urls non-derivation-substitute-urls
systems)
(list
@@ -337,13 +356,16 @@
(start #~(make-forkexec-constructor
(list #$(file-append package
"/bin/guix-build-coordinator-agent")
#$(string-append "--coordinator=" coordinator)
- #$(string-append "--uuid=" uuid)
- #$@(if password
- #~(#$(string-append "--password=" password))
- #~())
- #$@(if password-file
- #~(#$(string-append "--password-file="
password-file))
- #~())
+ #$@(match authentication
+ (($ <guix-build-coordinator-agent-password-auth>
+ uuid password)
+ #~(#$(string-append "--uuid=" uuid)
+ #$(string-append "--password=" password)))
+ (($
<guix-build-coordinator-agent-password-file-auth>
+ uuid password-file)
+ #~(#$(string-append "--uuid=" uuid)
+ #$(string-append "--password-file="
+ password-file))))
#$(simple-format #f "--max-parallel-builds=~A"
max-parallel-builds)
#$@(if derivation-substitute-urls