Verify authentication configuration is valid on start-up
Context
Currently BuildGrid starts listening for requests and doesn't verify that the authentication is properly configured before doing so, leading into authentication errors whenever a client (bot, worker) tries to talk to BuildGrid, only catching the exceptions and never terminating BuildGrid.
Please outline the background to the issue. If you are raising a bug, please summarize the bug and include:
- Expected behavior
- BuildGrid should exit right away after figuring out the config is missing a required option for the selected authentication algorithm.
- Current behavior
- BuildGrid runs and looks fine, but no client can actually communicate with it.
- Steps to reproduce:
- setup authorization using
hs256
and do not set thesecret
path - try connecting a worker (e.g.
reccworker
) to the BuildGrid server and give the worker the appropriate key and auth config. - BuildGrid will run into a
TypeError: Expecting a PEM-formatted key
, log it and keep waiting for more requests.
- setup authorization using
Task Description
Describe the steps to take / implementation plan. If it's a bug, do you know how it may be tackled?
-
Identify the sets of options required for each authentication algorithm -
On start-up, check that all the required options are set for the chosen authentication algorithm -
On start-up, check that all the referred files (e.g. secret
) are set if the algorithm requires them (this seems to be already the case forhs256
when thesecret
is set, but let's make sure it works for the other algorithms too)
Acceptance Criteria
When running BuildGrid with an invalid authentication configuration, it should exit 1 and not start listening for requests, so that we can identify the issue right away and fix the config.
Related: #133 (closed) #147 (closed)