services: guix-build-coordinator: Rework authentication config.

A new authentication approach has been added to the coordinator, so to better represent the options, this commit changes the configuration to accept different records, each for different authentication approaches. * gnu/services/guix.scm (guix-build-coordinator-agent-configuration-uuid, guix-build-coordinator-agent-configuration-password, guix-build-coordinator-agent-configuration-password-file): Removed procedures. (guix-build-coordinator-agent-password-auth, guix-build-coordinator-agent-password-auth?, guix-build-coordinator-agent-password-auth-uuid, guix-build-coordinator-agent-password-auth-password, guix-build-coordinator-agent-password-file-auth, guix-build-coordinator-agent-password-file-auth?, guix-build-coordinator-agent-password-file-auth-uuid, guix-build-coordinator-agent-password-file-auth-password-file): New procedures. (guix-build-coordinator-agent-shepherd-services): Adjust to handle the authentication field and it's possible record values. * doc/guix.texi (Guix Build Coordinator): Update documentation.

services: guix-build-coordinator: Rework authentication config.
7556130c · Christopher Baines · 39efda1e · 7556130c · 7556130c
Unverified Commit 7556130c authored Feb 28, 2021 by Christopher Baines
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -30962,18 +30962,9 @@ The system user to run the service as.
 @item @code{coordinator} (default: @code{"http://localhost:8745"})
 The URI to use when connecting to the coordinator.
-@item @code{uuid}
+@item @code{authentication}
-The UUID of the agent.  This should be generated by the coordinator
+Record describing how this agent should authenticate with the
-process, stored in the coordinator database, and used by the intended
+coordinator.  Possible record types are described below.
-agent.
-@item @code{password} (default: @code{#f})
-The password to use when connecting to the coordinator.  A file to read
-the password from can also be specified, and this is more secure.
-@item @code{password-file} (default: @code{#f})
-A file containing the password to use when connecting to the
-coordinator.
 @item @code{systems} (default: @code{#f})
 The systems for which this agent should fetch builds.  The agent process
@@ -30993,6 +30984,39 @@ input store items aren't already available.
 @end table
 @end deftp
+@deftp {Data Type} guix-build-coordinator-agent-password-auth
+Data type representing an agent authenticating with a coordinator via a
+UUID and password.
+@table @asis
+@item @code{uuid}
+The UUID of the agent.  This should be generated by the coordinator
+process, stored in the coordinator database, and used by the intended
+agent.
+@item @code{password}
+The password to use when connecting to the coordinator.
+@end table
+@end deftp
+@deftp {Data Type} guix-build-coordinator-agent-password-file-auth
+Data type representing an agent authenticating with a coordinator via a
+UUID and password read from a file.
+@table @asis
+@item @code{uuid}
+The UUID of the agent.  This should be generated by the coordinator
+process, stored in the coordinator database, and used by the intended
+agent.
+@item @code{password-file}
+A file containing the password to use when connecting to the
+coordinator.
+@end table
+@end deftp
 The Guix Build Coordinator package contains a script to query an
 instance of the Guix Data Service for derivations to build, and then
 submit builds for those derivations to the coordinator.  The service
--- a/gnu/services/guix.scm
+++ b/gnu/services/guix.scm
@@ -55,14 +55,22 @@ (define-module (gnu services guix)
            guix-build-coordinator-agent-configuration-package
            guix-build-coordinator-agent-configuration-user
            guix-build-coordinator-agent-configuration-coordinator
-            guix-build-coordinator-agent-configuration-uuid
+            guix-build-coordinator-agent-configuration-authentication
-            guix-build-coordinator-agent-configuration-password
-            guix-build-coordinator-agent-configuration-password-file
            guix-build-coordinator-agent-configuration-systems
            guix-build-coordinator-agent-configuration-max-parallel-builds
            guix-build-coordinator-agent-configuration-derivation-substitute-urls
            guix-build-coordinator-agent-configuration-non-derivation-substitute-urls
+            guix-build-coordinator-agent-password-auth
+            guix-build-coordinator-agent-password-auth?
+            guix-build-coordinator-agent-password-auth-uuid
+            guix-build-coordinator-agent-password-auth-password
+            guix-build-coordinator-agent-password-file-auth
+            guix-build-coordinator-agent-password-file-auth?
+            guix-build-coordinator-agent-password-file-auth-uuid
+            guix-build-coordinator-agent-password-file-auth-password-file
            guix-build-coordinator-agent-service-type
            guix-build-coordinator-queue-builds-configuration
@@ -132,11 +140,7 @@ (define-record-type* <guix-build-coordinator-agent-configuration>
                       (default "guix-build-coordinator-agent"))
  (coordinator         guix-build-coordinator-agent-configuration-coordinator
                       (default "http://localhost:8745"))
-  (uuid                guix-build-coordinator-agent-configuration-uuid)
+  (authentication      guix-build-coordinator-agent-configuration-authentication)
-  (password            guix-build-coordinator-agent-configuration-password
-                       (default #f))
-  (password-file       guix-build-coordinator-agent-configuration-password-file
-                       (default #f))
  (systems             guix-build-coordinator-agent-configuration-systems
                       (default #f))
  (max-parallel-builds
@@ -149,6 +153,21 @@ (define-record-type* <guix-build-coordinator-agent-configuration>
   guix-build-coordinator-agent-configuration-non-derivation-substitute-urls
   (default #f)))
+(define-record-type* <guix-build-coordinator-agent-password-auth>
+  guix-build-coordinator-agent-password-auth
+  make-guix-build-coordinator-agent-password-auth
+  guix-build-coordinator-agent-password-auth?
+  (uuid                guix-build-coordinator-agent-password-auth-uuid)
+  (password            guix-build-coordinator-agent-password-auth-password))
+(define-record-type* <guix-build-coordinator-agent-password-file-auth>
+  guix-build-coordinator-agent-password-file-auth
+  make-guix-build-coordinator-agent-password-file-auth
+  guix-build-coordinator-agent-password-file-auth?
+  (uuid                guix-build-coordinator-agent-password-file-auth-uuid)
+  (password-file
+   guix-build-coordinator-agent-password-file-auth-password-file))
 (define-record-type* <guix-build-coordinator-queue-builds-configuration>
  guix-build-coordinator-queue-builds-configuration
  make-guix-build-coordinator-queue-builds-configuration
@@ -326,7 +345,7 @@ (define guix-build-coordinator-service-type
 (define (guix-build-coordinator-agent-shepherd-services config)
  (match-record config <guix-build-coordinator-agent-configuration>
-    (package user coordinator uuid password password-file max-parallel-builds
+    (package user coordinator authentication max-parallel-builds
             derivation-substitute-urls non-derivation-substitute-urls
             systems)
    (list
@@ -337,13 +356,16 @@ (define (guix-build-coordinator-agent-shepherd-services config)
      (start #~(make-forkexec-constructor
                (list #$(file-append package "/bin/guix-build-coordinator-agent")
                      #$(string-append "--coordinator=" coordinator)
-                      #$(string-append "--uuid=" uuid)
+                      #$@(match authentication
-                      #$@(if password
+                           (($ <guix-build-coordinator-agent-password-auth>
-                             #~(#$(string-append "--password=" password))
+                               uuid password)
-                             #~())
+                            #~(#$(string-append "--uuid=" uuid)
-                      #$@(if password-file
+                               #$(string-append "--password=" password)))
-                             #~(#$(string-append "--password-file=" password-file))
+                           (($ <guix-build-coordinator-agent-password-file-auth>
-                             #~())
+                               uuid password-file)
+                            #~(#$(string-append "--uuid=" uuid)
+                               #$(string-append "--password-file="
+                                                password-file))))
                      #$(simple-format #f "--max-parallel-builds=~A"
                                       max-parallel-builds)
                      #$@(if derivation-substitute-urls