auth: Make luci-go services trust signatures produced by the token server.

server/auth/authtest/db.go

Index: server/auth/authtest/db.go
diff --git a/server/auth/authtest/db.go b/server/auth/authtest/db.go
index 4c16cb9128bebd8e122fabfaf164938ebf8ba74e..a3490c5b91e6daedce57a1f5643e7949b0338e0c 100644
--- a/server/auth/authtest/db.go
+++ b/server/auth/authtest/db.go
@@ -14,6 +14,7 @@ import (
 	"github.com/luci/luci-go/server/auth"
 	"github.com/luci/luci-go/server/auth/authdb"
 	"github.com/luci/luci-go/server/auth/identity"
+	"github.com/luci/luci-go/server/auth/signing"
 )
 
 // FakeDB implements user group checking part of db.DB (IsMember).
@@ -57,6 +58,11 @@ func (db FakeDB) SharedSecrets(c context.Context) (secrets.Store, error) {
 	panic("FakeDB.SharedSecrets must not be called")
 }
 
+// GetCertificates is part of authdb.DB interface. Panics.
+func (db FakeDB) GetCertificates(c context.Context, id identity.Identity) (*signing.PublicCertificates, error) {

[Vadim Sh., 2016/10/03 20:47:12]

this is a publicly usable fake in authtest/* package. It is used by various unit
tests in other packages that need to mock auth stuff. It is unusable from
auth_test.go due to module reference cycle.

+	panic("FakeDB.GetCertificates must not be called")
+}
+
 // GetWhitelistForIdentity is part of authdb.DB interface. Panics.
 func (db FakeDB) GetWhitelistForIdentity(c context.Context, ident identity.Identity) (string, error) {
 	panic("FakeDB.GetWhitelistForIdentity must not be called")