| OLD | NEW |
|---|
| 1 // Copyright 2016 The LUCI Authors. All rights reserved. | 1 // Copyright 2016 The LUCI Authors. All rights reserved. |
| 2 // Use of this source code is governed under the Apache License, Version 2.0 | 2 // Use of this source code is governed under the Apache License, Version 2.0 |
| 3 // that can be found in the LICENSE file. | 3 // that can be found in the LICENSE file. |
| 4 | 4 |
| 5 package auth | 5 package auth |
| 6 | 6 |
| 7 import ( | 7 import ( |
| 8 "fmt" | 8 "fmt" |
| 9 "net/http" | 9 "net/http" |
| 10 "strings" | 10 "strings" |
| 11 "time" | 11 "time" |
| 12 | 12 |
| 13 "google.golang.org/grpc" |
| 14 |
| 13 "golang.org/x/net/context" | 15 "golang.org/x/net/context" |
| 14 | 16 |
| 15 "github.com/luci/luci-go/common/clock" | 17 "github.com/luci/luci-go/common/clock" |
| 16 "github.com/luci/luci-go/common/errors" | 18 "github.com/luci/luci-go/common/errors" |
| 17 "github.com/luci/luci-go/common/logging" | 19 "github.com/luci/luci-go/common/logging" |
| 18 "github.com/luci/luci-go/common/retry" | 20 "github.com/luci/luci-go/common/retry" |
| 19 "github.com/luci/luci-go/grpc/grpcutil" | 21 "github.com/luci/luci-go/grpc/grpcutil" |
| 20 "github.com/luci/luci-go/grpc/prpc" | 22 "github.com/luci/luci-go/grpc/prpc" |
| 21 "github.com/luci/luci-go/server/auth/delegation" | 23 "github.com/luci/luci-go/server/auth/delegation" |
| 22 "github.com/luci/luci-go/server/auth/delegation/messages" | 24 "github.com/luci/luci-go/server/auth/delegation/messages" |
| (...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 88 // | 90 // |
| 89 // Used only for logging purposes on the auth service, will be indexed.
Should | 91 // Used only for logging purposes on the auth service, will be indexed.
Should |
| 90 // be a short identifier-like string. | 92 // be a short identifier-like string. |
| 91 // | 93 // |
| 92 // Optional. | 94 // Optional. |
| 93 Intent string | 95 Intent string |
| 94 | 96 |
| 95 // rpcClient is token server RPC client to use. | 97 // rpcClient is token server RPC client to use. |
| 96 // | 98 // |
| 97 // Mocked in tests. | 99 // Mocked in tests. |
| 98 » rpcClient minter.TokenMinterClient | 100 » rpcClient tokenMinterClient |
| 101 } |
| 102 |
| 103 // tokenMinterClient is subset of minter.TokenMinterClient we use. |
| 104 type tokenMinterClient interface { |
| 105 » MintDelegationToken(context.Context, *minter.MintDelegationTokenRequest,
...grpc.CallOption) (*minter.MintDelegationTokenResponse, error) |
| 99 } | 106 } |
| 100 | 107 |
| 101 // delegationTokenCache is used to store delegation tokens in the cache. | 108 // delegationTokenCache is used to store delegation tokens in the cache. |
| 102 // | 109 // |
| 103 // The underlying token type is delegation.Token. | 110 // The underlying token type is delegation.Token. |
| 104 var delegationTokenCache = tokenCache{ | 111 var delegationTokenCache = tokenCache{ |
| 105 Kind: "delegation", | 112 Kind: "delegation", |
| 106 Version: 3, | 113 Version: 3, |
| 107 ExpRandPercent: 10, | 114 ExpRandPercent: 10, |
| 108 MinAcceptedLifetime: 5 * time.Minute, | 115 MinAcceptedLifetime: 5 * time.Minute, |
| (...skipping 171 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 280 | 287 |
| 281 if err != nil { | 288 if err != nil { |
| 282 report(err, label) | 289 report(err, label) |
| 283 return nil, err | 290 return nil, err |
| 284 } | 291 } |
| 285 | 292 |
| 286 t := cached.Token.(delegation.Token) // let it panic on type mismatch | 293 t := cached.Token.(delegation.Token) // let it panic on type mismatch |
| 287 report(nil, label) | 294 report(nil, label) |
| 288 return &t, nil | 295 return &t, nil |
| 289 } | 296 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2785973002:
token-server: Add protos for new API for generating service account tokens. (Closed)
