Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(69)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: server/auth/authdb/erroring.go

Issue 2386643003: auth: Make luci-go services trust signatures produced by the token server. (Closed)
Patch Set: add tests Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « server/auth/authdb/db.go ('k') | server/auth/authdb/snapshot.go » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The LUCI Authors. All rights reserved. 1 // Copyright 2016 The LUCI Authors. All rights reserved.
2 // Use of this source code is governed under the Apache License, Version 2.0 2 // Use of this source code is governed under the Apache License, Version 2.0
3 // that can be found in the LICENSE file. 3 // that can be found in the LICENSE file.
4 4
5 package authdb 5 package authdb
6 6
7 import ( 7 import (
8 "net" 8 "net"
9 9
10 "golang.org/x/net/context" 10 "golang.org/x/net/context"
11 11
12 "github.com/luci/luci-go/common/logging" 12 "github.com/luci/luci-go/common/logging"
13 "github.com/luci/luci-go/server/auth/identity" 13 "github.com/luci/luci-go/server/auth/identity"
14 "github.com/luci/luci-go/server/auth/signing"
14 "github.com/luci/luci-go/server/secrets" 15 "github.com/luci/luci-go/server/secrets"
15 ) 16 )
16 17
17 // ErroringDB implements DB by forbidding all access and returning errors. 18 // ErroringDB implements DB by forbidding all access and returning errors.
18 type ErroringDB struct { 19 type ErroringDB struct {
19 Error error // returned by all calls 20 Error error // returned by all calls
20 } 21 }
21 22
22 // IsAllowedOAuthClientID returns true if given OAuth2 client_id can be used 23 // IsAllowedOAuthClientID returns true if given OAuth2 client_id can be used
23 // to authenticate access for given email. 24 // to authenticate access for given email.
(...skipping 13 matching lines...) Expand all
37 38
38 // SharedSecrets is secrets.Store with secrets in Auth DB. 39 // SharedSecrets is secrets.Store with secrets in Auth DB.
39 // 40 //
40 // Such secrets are usually generated on central Auth Service and are known 41 // Such secrets are usually generated on central Auth Service and are known
41 // to all trusted services (so that they can use them to exchange data). 42 // to all trusted services (so that they can use them to exchange data).
42 func (db ErroringDB) SharedSecrets(c context.Context) (secrets.Store, error) { 43 func (db ErroringDB) SharedSecrets(c context.Context) (secrets.Store, error) {
43 logging.Errorf(c, "%s", db.Error) 44 logging.Errorf(c, "%s", db.Error)
44 return nil, db.Error 45 return nil, db.Error
45 } 46 }
46 47
48 // GetCertificates returns a bundle with certificates of a trusted signer.
49 func (db ErroringDB) GetCertificates(c context.Context, id identity.Identity) (* signing.PublicCertificates, error) {
50 logging.Errorf(c, "%s", db.Error)
51 return nil, db.Error
52 }
53
47 // GetWhitelistForIdentity returns name of the IP whitelist to use to check 54 // GetWhitelistForIdentity returns name of the IP whitelist to use to check
48 // IP of requests from given `ident`. 55 // IP of requests from given `ident`.
49 // 56 //
50 // It's used to restrict access for certain account to certain IP subnets. 57 // It's used to restrict access for certain account to certain IP subnets.
51 // 58 //
52 // Returns ("", nil) if `ident` is not IP restricted. 59 // Returns ("", nil) if `ident` is not IP restricted.
53 func (db ErroringDB) GetWhitelistForIdentity(c context.Context, ident identity.I dentity) (string, error) { 60 func (db ErroringDB) GetWhitelistForIdentity(c context.Context, ident identity.I dentity) (string, error) {
54 logging.Errorf(c, "%s", db.Error) 61 logging.Errorf(c, "%s", db.Error)
55 return "", db.Error 62 return "", db.Error
56 } 63 }
57 64
58 // IsInWhitelist returns true if IP address belongs to given named IP whitelist. 65 // IsInWhitelist returns true if IP address belongs to given named IP whitelist.
59 // 66 //
60 // IP whitelist is a set of IP subnets. Unknown IP whitelists are considered 67 // IP whitelist is a set of IP subnets. Unknown IP whitelists are considered
61 // empty. May return errors if underlying datastore has issues. 68 // empty. May return errors if underlying datastore has issues.
62 func (db ErroringDB) IsInWhitelist(c context.Context, ip net.IP, whitelist strin g) (bool, error) { 69 func (db ErroringDB) IsInWhitelist(c context.Context, ip net.IP, whitelist strin g) (bool, error) {
63 logging.Errorf(c, "%s", db.Error) 70 logging.Errorf(c, "%s", db.Error)
64 return false, db.Error 71 return false, db.Error
65 } 72 }
66 73
67 // GetAuthServiceURL returns root URL ("https://<host>") of the auth service. 74 // GetAuthServiceURL returns root URL ("https://<host>") of the auth service.
68 func (db ErroringDB) GetAuthServiceURL(c context.Context) (string, error) { 75 func (db ErroringDB) GetAuthServiceURL(c context.Context) (string, error) {
69 return "", db.Error 76 return "", db.Error
70 } 77 }
71 78
72 // GetTokenServiceURL returns root URL ("https://<host>") of the token service. 79 // GetTokenServiceURL returns root URL ("https://<host>") of the token service.
73 func (db ErroringDB) GetTokenServiceURL(c context.Context) (string, error) { 80 func (db ErroringDB) GetTokenServiceURL(c context.Context) (string, error) {
74 return "", db.Error 81 return "", db.Error
75 } 82 }
OLDNEW
« no previous file with comments | « server/auth/authdb/db.go ('k') | server/auth/authdb/snapshot.go » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698