| OLD | NEW |
|---|
| 1 // Copyright 2016 The LUCI Authors. All rights reserved. | 1 // Copyright 2016 The LUCI Authors. All rights reserved. |
| 2 // Use of this source code is governed under the Apache License, Version 2.0 | 2 // Use of this source code is governed under the Apache License, Version 2.0 |
| 3 // that can be found in the LICENSE file. | 3 // that can be found in the LICENSE file. |
| 4 | 4 |
| 5 package deps | 5 package deps |
| 6 | 6 |
| 7 import ( | 7 import ( |
| 8 "fmt" | |
| 9 "strings" | |
| 10 | |
| 11 "google.golang.org/grpc/codes" | |
| 12 | |
| 13 "github.com/golang/protobuf/proto" | |
| 14 "github.com/luci/gae/service/info" | |
| 15 "github.com/luci/luci-go/common/config" | |
| 16 "github.com/luci/luci-go/common/errors" | 8 "github.com/luci/luci-go/common/errors" |
| 17 "github.com/luci/luci-go/common/logging" | 9 "github.com/luci/luci-go/common/logging" |
| 18 "github.com/luci/luci-go/dm/api/acls" | 10 "github.com/luci/luci-go/dm/api/acls" |
| 19 "github.com/luci/luci-go/grpc/grpcutil" | 11 "github.com/luci/luci-go/grpc/grpcutil" |
| 12 "github.com/luci/luci-go/luci_config/server/cfgclient" |
| 13 "github.com/luci/luci-go/luci_config/server/cfgclient/textproto" |
| 20 "github.com/luci/luci-go/server/auth" | 14 "github.com/luci/luci-go/server/auth" |
| 15 |
| 21 "golang.org/x/net/context" | 16 "golang.org/x/net/context" |
| 17 "google.golang.org/grpc/codes" |
| 22 ) | 18 ) |
| 23 | 19 |
| 24 func getTrimmedAppID(c context.Context) string { | 20 func loadAcls(c context.Context) (ret *acls.Acls, err error) { |
| 25 » // custom domains show up as "foo.com:appid" | 21 » cSet := cfgclient.CurrentServiceConfigSet(c) |
| 26 » toks := strings.Split(info.AppID(c), ":") | 22 » file := "acls.cfg" |
| 27 » return toks[len(toks)-1] | |
| 28 } | |
| 29 | 23 |
| 30 func loadAcls(c context.Context) (ret *acls.Acls, err error) { | 24 » ret = &acls.Acls{} |
| 31 » aid := getTrimmedAppID(c) | 25 » if err := cfgclient.Get(c, cfgclient.AsService, cSet, file, textproto.Me
ssage(ret), nil); err != nil { |
| 32 » cSet := fmt.Sprintf("services/%s", aid) | |
| 33 » file := "acls.cfg" | |
| 34 » aclCfg, err := config.GetConfig(c, cSet, file, false) | |
| 35 » if err != nil { | |
| 36 return nil, errors.Annotate(err).Transient(). | 26 return nil, errors.Annotate(err).Transient(). |
| 37 D("cSet", cSet).D("file", file).InternalReason("loading
config").Err() | 27 D("cSet", cSet).D("file", file).InternalReason("loading
config").Err() |
| 38 } | 28 } |
| 39 | |
| 40 ret = &acls.Acls{} | |
| 41 err = proto.UnmarshalText(aclCfg.Content, ret) | |
| 42 return | 29 return |
| 43 } | 30 } |
| 44 | 31 |
| 45 func inGroups(c context.Context, groups []string) error { | 32 func inGroups(c context.Context, groups []string) error { |
| 46 for _, grp := range groups { | 33 for _, grp := range groups { |
| 47 ok, err := auth.IsMember(c, grp) | 34 ok, err := auth.IsMember(c, grp) |
| 48 if err != nil { | 35 if err != nil { |
| 49 return grpcutil.Annotate(err, codes.Internal).Reason("fa
iled group check").Err() | 36 return grpcutil.Annotate(err, codes.Internal).Reason("fa
iled group check").Err() |
| 50 } | 37 } |
| 51 if ok { | 38 if ok { |
| (...skipping 18 matching lines...) Expand all Loading... |
| 70 return | 57 return |
| 71 } | 58 } |
| 72 | 59 |
| 73 func canWrite(c context.Context) (err error) { | 60 func canWrite(c context.Context) (err error) { |
| 74 acl, err := loadAcls(c) | 61 acl, err := loadAcls(c) |
| 75 if err != nil { | 62 if err != nil { |
| 76 return | 63 return |
| 77 } | 64 } |
| 78 return inGroups(c, acl.Writers) | 65 return inGroups(c, acl.Writers) |
| 79 } | 66 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2575383002:
Add server/cache support to gaeconfig. (Closed)
