From 23ce61065e267149bdf2510f87e5d472227a674d Mon Sep 17 00:00:00 2001
From: Bani Singh <banisingh@google.com>
Date: Thu, 15 Aug 2024 14:40:05 +0000
Subject: [PATCH] Remove caching from credshelper interface & SDK Import

Changelog: https://github.com/bazelbuild/remote-apis-sdks/commit/7a76f178e91cd0ecd1d8cd7eeda098a5be5045d8

Bug: b/332568410
Test: Tested with chromium build
Change-Id: I878a779cb0eaf773af851b679ab3a9d450c3be31
GitOrigin-RevId: bb6db233c6d6e44c8298edb4c5a9ca296e4137fd
---
 cmd/bootstrap/BUILD.bazel |  1 -
 cmd/bootstrap/main.go     | 30 ++----------------------------
 cmd/reproxy/main.go       | 10 +++++++---
 go.mod                    |  2 +-
 go.sum                    |  4 ++--
 5 files changed, 12 insertions(+), 35 deletions(-)

diff --git a/cmd/bootstrap/BUILD.bazel b/cmd/bootstrap/BUILD.bazel
index ecc2a5e1..da06a621 100644
--- a/cmd/bootstrap/BUILD.bazel
+++ b/cmd/bootstrap/BUILD.bazel
@@ -11,7 +11,6 @@ go_library(
         "//internal/pkg/auth",
         "//internal/pkg/bootstrap",
         "//internal/pkg/event",
-        "//internal/pkg/features",
         "//internal/pkg/logger",
         "//internal/pkg/loghttp",
         "//internal/pkg/pathtranslator",
diff --git a/cmd/bootstrap/main.go b/cmd/bootstrap/main.go
index 48cf66d0..bd420246 100644
--- a/cmd/bootstrap/main.go
+++ b/cmd/bootstrap/main.go
@@ -31,7 +31,6 @@ import (
 	"github.com/bazelbuild/reclient/internal/pkg/auth"
 	"github.com/bazelbuild/reclient/internal/pkg/bootstrap"
 	"github.com/bazelbuild/reclient/internal/pkg/event"
-	"github.com/bazelbuild/reclient/internal/pkg/features"
 	"github.com/bazelbuild/reclient/internal/pkg/logger"
 	"github.com/bazelbuild/reclient/internal/pkg/loghttp"
 	"github.com/bazelbuild/reclient/internal/pkg/pathtranslator"
@@ -136,11 +135,6 @@ func main() {
 		}
 	}
 
-	cf, err := credsFilePath()
-	if err != nil {
-		log.Exitf("Failed to determine the token cache file name: %v", err)
-	}
-	var chCreds *credshelper.Credentials
 	var ts *grpcOauth.TokenSource
 	credsArgs := []string{}
 	if !*remoteDisabled {
@@ -151,7 +145,7 @@ func main() {
 			credsArgs = append(credsArgs, fmt.Sprintf("--%v=%v", credshelper.CredshelperArgsFlag, *credentialsHelperArgs))
 		}
 		if *credentialsHelper != "" {
-			c, err := credshelper.NewExternalCredentials(*credentialsHelper, strings.Fields(*credentialsHelperArgs), cf)
+			c, err := credshelper.NewExternalCredentials(*credentialsHelper, strings.Fields(*credentialsHelperArgs))
 			if err != nil {
 				fmt.Fprintf(os.Stderr, "Credentials helper failed. Please try again or use application default credentials:%v", err)
 				os.Exit(auth.ExitCodeExternalTokenAuth)
@@ -160,8 +154,6 @@ func main() {
 			if err != nil {
 				log.Exitf("Error obtaining credentials: %v", err)
 			}
-			c.SaveToDisk()
-			chCreds = c
 			ts = c.TokenSource()
 		} else {
 			m := authMechanism()
@@ -247,7 +239,6 @@ func main() {
 			args = append(args, "--cfg="+cfg.Value.String())
 		}
 	}
-	args = append(args, "--creds_file="+cf)
 
 	if *fastLogCollection {
 		args = append(args, "--wait_for_shutdown_rpc=true")
@@ -262,8 +253,7 @@ func main() {
 	if exitCode == 0 {
 		fmt.Fprintf(os.Stderr, msg)
 	} else {
-		fmt.Fprintf(os.Stderr, "\nReproxy failed to start:%s\nCredentials cache file was deleted. Please try again. If this continues to fail, please file a bug.\n", msg)
-		chCreds.RemoveFromDisk()
+		fmt.Fprintf(os.Stderr, "\nReproxy failed to start:%s\n Please try again. If this continues to fail, please file a bug.\n", msg)
 	}
 	log.Flush()
 	os.Exit(exitCode)
@@ -356,22 +346,6 @@ func bootstrapReproxy(args []string, startTime time.Time) (string, int) {
 	return "Proxy started successfully.", 0
 }
 
-func credsFilePath() (string, error) {
-	if !features.GetConfig().EnableCredentialCache {
-		return "", nil
-	}
-	dir := os.TempDir()
-	if *cacheDir != "" {
-		dir = *cacheDir
-	}
-	cf := filepath.Join(dir, "reproxy.creds")
-	err := os.MkdirAll(filepath.Dir(cf), 0755)
-	if err != nil {
-		return "", fmt.Errorf("failed to create dir for credentials file %q: %v", cf, err)
-	}
-	return cf, nil
-}
-
 func authMechanism() auth.Mechanism {
 	if *experimentalCredentialsHelper != "" {
 		fmt.Fprintf(os.Stderr, "--experimental_credentials_helper flags are deprecated, please use --credentials_helper flags")
diff --git a/cmd/reproxy/main.go b/cmd/reproxy/main.go
index 960cd702..73ab46c3 100644
--- a/cmd/reproxy/main.go
+++ b/cmd/reproxy/main.go
@@ -130,7 +130,7 @@ var (
 
 	depsScannerAddress = flag.String("depsscanner_address", "execrel://", "If set, connects to the given address for C++ dependency scanning; a path with the prefix 'exec://' will start the target executable and connect to it. Defaults to execrel:// which looks for the `scandeps_server` binary in the same folder as reproxy. When set to \"\", the internal dependency scanner will be used.")
 
-	credsFile             = flag.String("creds_file", "", "Path to file where short-lived credentials are stored. If the file includes a token, reproxy will update the token if it refreshes it. Token refresh is only applicable if use_external_auth_token is used.")
+	credsFile             = flag.String("creds_file", "", "DEPRECATED. Path to file where short-lived credentials are stored. If the file includes a token, reproxy will update the token if it refreshes it. Token refresh is only applicable if use_external_auth_token is used.")
 	waitForShutdownRPC    = flag.Bool("wait_for_shutdown_rpc", false, "If set, will only shutdown after 3 SIGINT signals")
 	logHTTPCalls          = flag.Bool("log_http_calls", false, "Log all http requests made with the default http client.")
 	auxiliaryMetadataPath = flag.String("auxiliary_metadata_path", "", "Path to file where auxiliary_metadata.pb file is stored. Should be a absolute path or a relative path to reproxy.")
@@ -275,16 +275,20 @@ func main() {
 	ctx := context.Background()
 	var ts *grpcOauth.TokenSource
 	if !*remoteDisabled {
+		if *credsFile != "" {
+			// --creds_file flag shouldn't be set anywhere, so this shouldn't come up - since bootstrap was responsible for setting this flag based on the given cache_dir
+			fmt.Fprintf(os.Stderr, "--creds_file flag is invalid now. No credentials are cached. Please unset this flag and try again")
+			os.Exit(1)
+		}
 		chFlag := flag.Lookup(credshelper.CredshelperPathFlag)
 		credentialsHelperPath := chFlag.Value.String()
 		if credentialsHelperPath != "" {
 			credentialsHelperArgs := flag.Lookup(credshelper.CredshelperArgsFlag).Value.String()
-			c, err := credshelper.NewExternalCredentials(credentialsHelperPath, strings.Fields(credentialsHelperArgs), *credsFile)
+			c, err := credshelper.NewExternalCredentials(credentialsHelperPath, strings.Fields(credentialsHelperArgs))
 			if err != nil {
 				fmt.Fprintf(os.Stderr, "Credentials helper failed. Please try again or use application default credentials:%v", err)
 				os.Exit(auth.ExitCodeExternalTokenAuth)
 			}
-			defer c.SaveToDisk()
 			ts = c.TokenSource()
 		}
 	}
diff --git a/go.mod b/go.mod
index 39c0f5f1..feb346bf 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
 	contrib.go.opencensus.io/exporter/stackdriver v0.13.14
 	github.com/GoogleCloudPlatform/protoc-gen-bq-schema v1.1.0
 	github.com/Microsoft/go-winio v0.6.2
-	github.com/bazelbuild/remote-apis-sdks v0.0.0-20240725185642-719a5dd43ab6
+	github.com/bazelbuild/remote-apis-sdks v0.0.0-20240815141737-7a76f178e91c
 	github.com/bazelbuild/rules_go v0.48.0
 	github.com/eapache/go-resiliency v1.6.0
 	github.com/fatih/color v1.17.0
diff --git a/go.sum b/go.sum
index 1c50fa2d..b36c70fa 100644
--- a/go.sum
+++ b/go.sum
@@ -165,8 +165,8 @@ github.com/aws/aws-sdk-go v1.43.31 h1:yJZIr8nMV1hXjAvvOLUFqZRJcHV7udPQBfhJqawDzI
 github.com/aws/aws-sdk-go v1.43.31/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/bazelbuild/remote-apis v0.0.0-20230411132548-35aee1c4a425 h1:Lj8uXWW95oXyYguUSdQDvzywQb4f0jbJWsoLPQWAKTY=
 github.com/bazelbuild/remote-apis v0.0.0-20230411132548-35aee1c4a425/go.mod h1:ry8Y6CkQqCVcYsjPOlLXDX2iRVjOnjogdNwhvHmRcz8=
-github.com/bazelbuild/remote-apis-sdks v0.0.0-20240725185642-719a5dd43ab6 h1:plDS7TlvX4jDuyXyGjJI7pJdvjff4QrBSJxyrK1r5sI=
-github.com/bazelbuild/remote-apis-sdks v0.0.0-20240725185642-719a5dd43ab6/go.mod h1:xTnFpTrMb0eMa4bsueAUc3/K2MSLiTwhrTjpuDJVSSQ=
+github.com/bazelbuild/remote-apis-sdks v0.0.0-20240815141737-7a76f178e91c h1:4Yj2ooLL63JlIYMnf36686JXy4l77WEaRL69mSC2gMU=
+github.com/bazelbuild/remote-apis-sdks v0.0.0-20240815141737-7a76f178e91c/go.mod h1:SkKj81cDNRVeJ9Ba34FGlnlz9QmpLJ1d2AOushpY5L4=
 github.com/bazelbuild/rules_go v0.48.0 h1:fZgo6mCUKeL/+GQiMWy5/QU1FjNXGPnTd5bAeao1pbg=
 github.com/bazelbuild/rules_go v0.48.0/go.mod h1:Dhcz716Kqg1RHNWos+N6MlXNkjNP2EwZQ0LukRKJfMs=
 github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM=