Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(80)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: appengine/gaeauth/server/db.go

Issue 2873113002: auth: Remove "shared" aka "global" secrets. (Closed)
Patch Set: Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | server/auth/auth_test.go » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The LUCI Authors. All rights reserved. 1 // Copyright 2015 The LUCI Authors. All rights reserved.
2 // Use of this source code is governed under the Apache License, Version 2.0 2 // Use of this source code is governed under the Apache License, Version 2.0
3 // that can be found in the LICENSE file. 3 // that can be found in the LICENSE file.
4 4
5 package server 5 package server
6 6
7 import ( 7 import (
8 "errors" 8 "errors"
9 "net" 9 "net"
10 10
11 "golang.org/x/net/context" 11 "golang.org/x/net/context"
12 12
13 "github.com/luci/gae/service/info" 13 "github.com/luci/gae/service/info"
14 "github.com/luci/luci-go/appengine/gaeauth/server/internal/authdbimpl" 14 "github.com/luci/luci-go/appengine/gaeauth/server/internal/authdbimpl"
15 "github.com/luci/luci-go/common/clock" 15 "github.com/luci/luci-go/common/clock"
16 "github.com/luci/luci-go/common/logging" 16 "github.com/luci/luci-go/common/logging"
17 "github.com/luci/luci-go/server/auth/authdb" 17 "github.com/luci/luci-go/server/auth/authdb"
18 "github.com/luci/luci-go/server/auth/identity" 18 "github.com/luci/luci-go/server/auth/identity"
19 "github.com/luci/luci-go/server/auth/signing" 19 "github.com/luci/luci-go/server/auth/signing"
20 "github.com/luci/luci-go/server/secrets"
21 ) 20 )
22 21
23 // errNotConfigured is returned on real GAE if auth service URL is not set. 22 // errNotConfigured is returned on real GAE if auth service URL is not set.
24 var errNotConfigured = errors.New( 23 var errNotConfigured = errors.New(
25 "Auth Service URL is not configured, you MUST configure it for apps used " + 24 "Auth Service URL is not configured, you MUST configure it for apps used " +
26 "in production, visit /admin/settings/auth_service to do so.") 25 "in production, visit /admin/settings/auth_service to do so.")
27 26
28 // GetAuthDB fetches AuthDB snapshot from the datastore and returns authdb.DB 27 // GetAuthDB fetches AuthDB snapshot from the datastore and returns authdb.DB
29 // interface wrapping it. 28 // interface wrapping it.
30 // 29 //
(...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after
91 func (devServerDB) IsMember(c context.Context, id identity.Identity, groups ...s tring) (bool, error) { 90 func (devServerDB) IsMember(c context.Context, id identity.Identity, groups ...s tring) (bool, error) {
92 if !info.IsDevAppServer(c) { 91 if !info.IsDevAppServer(c) {
93 return false, errNotConfigured 92 return false, errNotConfigured
94 } 93 }
95 if len(groups) == 0 { 94 if len(groups) == 0 {
96 return false, nil 95 return false, nil
97 } 96 }
98 return id.Kind() != identity.Anonymous, nil 97 return id.Kind() != identity.Anonymous, nil
99 } 98 }
100 99
101 func (devServerDB) SharedSecrets(c context.Context) (secrets.Store, error) {
102 return nil, errNotConfigured
103 }
104
105 func (devServerDB) GetCertificates(c context.Context, id identity.Identity) (*si gning.PublicCertificates, error) { 100 func (devServerDB) GetCertificates(c context.Context, id identity.Identity) (*si gning.PublicCertificates, error) {
106 return nil, errNotConfigured 101 return nil, errNotConfigured
107 } 102 }
108 103
109 func (devServerDB) GetWhitelistForIdentity(c context.Context, ident identity.Ide ntity) (string, error) { 104 func (devServerDB) GetWhitelistForIdentity(c context.Context, ident identity.Ide ntity) (string, error) {
110 return "", nil 105 return "", nil
111 } 106 }
112 107
113 func (devServerDB) IsInWhitelist(c context.Context, ip net.IP, whitelist string) (bool, error) { 108 func (devServerDB) IsInWhitelist(c context.Context, ip net.IP, whitelist string) (bool, error) {
114 return false, nil 109 return false, nil
115 } 110 }
116 111
117 func (devServerDB) GetAuthServiceURL(c context.Context) (string, error) { 112 func (devServerDB) GetAuthServiceURL(c context.Context) (string, error) {
118 return "", errNotConfigured 113 return "", errNotConfigured
119 } 114 }
120 115
121 func (devServerDB) GetTokenServiceURL(c context.Context) (string, error) { 116 func (devServerDB) GetTokenServiceURL(c context.Context) (string, error) {
122 return "", errNotConfigured 117 return "", errNotConfigured
123 } 118 }
OLDNEW
« no previous file with comments | « no previous file | server/auth/auth_test.go » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698