Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(507)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: appengine/findit/common/http_client_appengine.py

Issue 1960353002: [Findit] Use gerric scope instead of email scope to authorize findit to internal buildspec/ (Closed) Base URL: https://chromium.googlesource.com/infra/infra.git@master
Patch Set: Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« appengine/findit/common/auth_util.py ('K') | « appengine/findit/common/auth_util.py ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 # Copyright 2014 The Chromium Authors. All rights reserved. 1 # Copyright 2014 The Chromium Authors. All rights reserved.
2 # Use of this source code is governed by a BSD-style license that can be 2 # Use of this source code is governed by a BSD-style license that can be
3 # found in the LICENSE file. 3 # found in the LICENSE file.
4 4
5 import json 5 import json
6 import logging 6 import logging
7 7
8 from google.appengine.api import urlfetch 8 from google.appengine.api import urlfetch
9 9
10 from common import auth_util 10 from common import auth_util
11 from common.retry_http_client import RetryHttpClient 11 from common.retry_http_client import RetryHttpClient
12 12
13 13
14 #TODO(katesonia): Move this to config. 14 #TODO(katesonia): Move this to config.
15 _INTERNAL_HOSTS = ['https://chrome-internal.googlesource.com/'] 15 _INTERNAL_HOSTS_TO_SCOPES = {
16 'https://chrome-internal.googlesource.com/': (
17 'https://www.googleapis.com/auth/gerritcodereview')
18 }
16 19
17 20
18 class HttpClientAppengine(RetryHttpClient): # pragma: no cover 21 class HttpClientAppengine(RetryHttpClient): # pragma: no cover
19 """A http client for running on appengine.""" 22 """A http client for running on appengine."""
20 23
21 def _ExpandAuthorizationHeaders(self, headers): 24 def _ExpandAuthorizationHeaders(self, headers, scope):
22 headers['Authorization'] = 'Bearer ' + auth_util.GetAuthToken() 25 headers['Authorization'] = 'Bearer ' + auth_util.GetAuthToken(scope)
23 26
24 def _ShouldLogError(self, status_code): 27 def _ShouldLogError(self, status_code):
25 if not self.no_error_logging_statuses: 28 if not self.no_error_logging_statuses:
26 return True 29 return True
27 return status_code not in self.no_error_logging_statuses 30 return status_code not in self.no_error_logging_statuses
28 31
29 def _SendRequest(self, url, method, data, timeout, headers=None): 32 def _SendRequest(self, url, method, data, timeout, headers=None):
30 # We wanted to validate certificate to avoid the man in the middle. 33 # We wanted to validate certificate to avoid the man in the middle.
31 if not headers: 34 if not headers:
32 headers = {} 35 headers = {}
33 36
34 # For google internal hosts, expand Oauth2.0 token to headers to authorize 37 # For google internal hosts, expand Oauth2.0 token to headers to authorize
35 # the requests. 38 # the requests.
36 for host in _INTERNAL_HOSTS: 39 for host, scope in _INTERNAL_HOSTS_TO_SCOPES.iteritems():
37 if url.startswith(host): 40 if url.startswith(host):
38 self._ExpandAuthorizationHeaders(headers) 41 self._ExpandAuthorizationHeaders(headers, scope)
39 break 42 break
40 43
41 if method in (urlfetch.POST, urlfetch.PUT): 44 if method in (urlfetch.POST, urlfetch.PUT):
42 result = urlfetch.fetch( 45 result = urlfetch.fetch(
43 url, payload=data, method=method, 46 url, payload=data, method=method,
44 headers=headers, deadline=timeout, validate_certificate=True) 47 headers=headers, deadline=timeout, validate_certificate=True)
45 else: 48 else:
46 result = urlfetch.fetch( 49 result = urlfetch.fetch(
47 url, headers=headers, deadline=timeout, validate_certificate=True) 50 url, headers=headers, deadline=timeout, validate_certificate=True)
48 51
49 if (result.status_code != 200 and self._ShouldLogError(result.status_code)): 52 if (result.status_code != 200 and self._ShouldLogError(result.status_code)):
50 logging.error('Request to %s resulted in %d, headers:%s', url, 53 logging.error('Request to %s resulted in %d, headers:%s', url,
51 result.status_code, json.dumps(result.headers.items())) 54 result.status_code, json.dumps(result.headers.items()))
52 55
53 return result.status_code, result.content 56 return result.status_code, result.content
54 57
55 def _Get(self, url, timeout, headers): 58 def _Get(self, url, timeout, headers):
56 return self._SendRequest(url, urlfetch.GET, None, timeout, headers) 59 return self._SendRequest(url, urlfetch.GET, None, timeout, headers)
57 60
58 def _Post(self, url, data, timeout, headers): 61 def _Post(self, url, data, timeout, headers):
59 return self._SendRequest(url, urlfetch.POST, data, timeout, headers) 62 return self._SendRequest(url, urlfetch.POST, data, timeout, headers)
60 63
61 def _Put(self, url, data, timeout, headers): 64 def _Put(self, url, data, timeout, headers):
62 return self._SendRequest(url, urlfetch.PUT, data, timeout, headers) 65 return self._SendRequest(url, urlfetch.PUT, data, timeout, headers)
OLDNEW
« appengine/findit/common/auth_util.py ('K') | « appengine/findit/common/auth_util.py ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698