From 7bc781949ad4079cc1cfd391b365f31f1fdf1de7 Mon Sep 17 00:00:00 2001 From: Kousik Kumar Date: Wed, 27 Apr 2022 14:52:56 -0400 Subject: [PATCH] Add a broad warning about missing LOAS creds This is to generally warn Google devs about lack of LOAS creds. Given the switch to RBE, lack of LOAS creds will start resulting in build failures, so adding a warning message ahead of time to all builds. Will convert this to a build failure after a week. We need LOAS creds to be able to even fetch the CDPush config file to determine whether to use RBE in a build a not, which is why I'm making this a broad error message across builds. Test: ran "m nothing" build with / without gcert and with / without "stubby" in $PATH and confirmed appropriate error message. Bug: b/235985591 Change-Id: I15cbaf372b0a7b79f868a06c7d5ede19b49ae687 --- cmd/soong_ui/main.go | 1 + ui/build/config.go | 30 ++++++++++++++++++++++++++++++ ui/build/rbe.go | 29 +++++++++++++++++++++++++++++ 3 files changed, 60 insertions(+) diff --git a/cmd/soong_ui/main.go b/cmd/soong_ui/main.go index a03a86a49..16f994d55 100644 --- a/cmd/soong_ui/main.go +++ b/cmd/soong_ui/main.go @@ -221,6 +221,7 @@ func main() { } defer build.UploadMetrics(buildCtx, config, c.simpleOutput, buildStarted, files...) defer met.Dump(soongMetricsFile) + defer build.CheckProdCreds(buildCtx, config) } // Read the time at the starting point. diff --git a/ui/build/config.go b/ui/build/config.go index 59b01b30e..887420904 100644 --- a/ui/build/config.go +++ b/ui/build/config.go @@ -1242,10 +1242,40 @@ func (c *configImpl) rbeSockAddr(dir string) (string, error) { return "", fmt.Errorf("cannot generate a proxy socket address shorter than the limit of %v", maxNameLen) } +// IsGooglerEnvironment returns true if the current build is running +// on a Google developer machine and false otherwise. +func (c *configImpl) IsGooglerEnvironment() bool { + cf := "ANDROID_BUILD_ENVIRONMENT_CONFIG" + if v, ok := c.environ.Get(cf); ok { + return v == "googler" + } + return false +} + +// GoogleProdCredsExist determine whether credentials exist on the +// Googler machine to use remote execution. +func (c *configImpl) GoogleProdCredsExist() bool { + if _, err := exec.Command("/usr/bin/prodcertstatus", "--simple_output", "--nocheck_loas").Output(); err != nil { + return false + } + return true +} + +// UseRemoteBuild indicates whether to use a remote build acceleration system +// to speed up the build. func (c *configImpl) UseRemoteBuild() bool { return c.UseGoma() || c.UseRBE() } +// StubbyExists checks whether the stubby binary exists on the machine running +// the build. +func (c *configImpl) StubbyExists() bool { + if _, err := exec.LookPath("stubby"); err != nil { + return false + } + return true +} + // RemoteParallel controls how many remote jobs (i.e., commands which contain // gomacc) are run in parallel. Note the parallelism of all other jobs is // still limited by Parallel() diff --git a/ui/build/rbe.go b/ui/build/rbe.go index 3e558f738..82fc15f91 100644 --- a/ui/build/rbe.go +++ b/ui/build/rbe.go @@ -19,6 +19,7 @@ import ( "os" "path/filepath" "runtime" + "strings" "android/soong/ui/metrics" ) @@ -126,6 +127,34 @@ func stopRBE(ctx Context, config Config) { } } +func prodCredsAuthType(config Config) bool { + authVar, val := config.rbeAuth() + if strings.Contains(authVar, "use_google_prod_creds") && val != "" && val != "false" { + return true + } + return false +} + +// Check whether proper auth exists for RBE builds run within a +// Google dev environment. +func CheckProdCreds(ctx Context, config Config) { + if !config.IsGooglerEnvironment() { + return + } + if !config.StubbyExists() && prodCredsAuthType(config) { + fmt.Fprintln(ctx.Writer, "") + fmt.Fprintln(ctx.Writer, fmt.Sprintf("\033[33mWARNING: %q binary not found in $PATH, follow go/build-fast#opting-out-of-loas-credentials instead for authenticating with RBE.\033[0m", "stubby")) + fmt.Fprintln(ctx.Writer, "") + return + } + if config.GoogleProdCredsExist() { + return + } + fmt.Fprintln(ctx.Writer, "") + fmt.Fprintln(ctx.Writer, "\033[33mWARNING: Missing LOAS credentials, please run `gcert`. This will result in failing builds in the future, see go/rbe-android-default-announcement.\033[0m") + fmt.Fprintln(ctx.Writer, "") +} + // DumpRBEMetrics creates a metrics protobuf file containing RBE related metrics. // The protobuf file is created if RBE is enabled and the proxy service has // started. The proxy service is shutdown in order to dump the RBE metrics to the