Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(219)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: server/auth/authdb/db.go

Issue 2873113002: auth: Remove "shared" aka "global" secrets. (Closed)
Patch Set: Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « server/auth/auth_test.go ('k') | server/auth/authdb/erroring.go » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The LUCI Authors. All rights reserved. 1 // Copyright 2016 The LUCI Authors. All rights reserved.
2 // Use of this source code is governed under the Apache License, Version 2.0 2 // Use of this source code is governed under the Apache License, Version 2.0
3 // that can be found in the LICENSE file. 3 // that can be found in the LICENSE file.
4 4
5 package authdb 5 package authdb
6 6
7 import ( 7 import (
8 "net" 8 "net"
9 9
10 "golang.org/x/net/context" 10 "golang.org/x/net/context"
11 11
12 "github.com/luci/luci-go/server/auth/identity" 12 "github.com/luci/luci-go/server/auth/identity"
13 "github.com/luci/luci-go/server/auth/signing" 13 "github.com/luci/luci-go/server/auth/signing"
14 "github.com/luci/luci-go/server/secrets"
15 ) 14 )
16 15
17 // DB is interface to access a database of authorization related information. 16 // DB is interface to access a database of authorization related information.
18 // 17 //
19 // It is static read only object that represent snapshot of auth data at some 18 // It is static read only object that represent snapshot of auth data at some
20 // moment in time. 19 // moment in time.
21 type DB interface { 20 type DB interface {
22 // IsAllowedOAuthClientID returns true if given OAuth2 client_id can be used 21 // IsAllowedOAuthClientID returns true if given OAuth2 client_id can be used
23 // to authenticate access for given email. 22 // to authenticate access for given email.
24 IsAllowedOAuthClientID(c context.Context, email, clientID string) (bool, error) 23 IsAllowedOAuthClientID(c context.Context, email, clientID string) (bool, error)
25 24
26 // IsMember returns true if the given identity belongs to any of the gro ups. 25 // IsMember returns true if the given identity belongs to any of the gro ups.
27 // 26 //
28 // Unknown groups are considered empty. May return errors if underlying 27 // Unknown groups are considered empty. May return errors if underlying
29 // datastore has issues. 28 // datastore has issues.
30 IsMember(c context.Context, id identity.Identity, groups ...string) (boo l, error) 29 IsMember(c context.Context, id identity.Identity, groups ...string) (boo l, error)
31 30
32 // SharedSecrets is secrets.Store with secrets in Auth DB.
33 //
34 // Such secrets are usually generated on central Auth Service and are kn own
35 // to all trusted services (so that they can use them to exchange data).
36 SharedSecrets(c context.Context) (secrets.Store, error)
37
38 // GetCertificates returns a bundle with certificates of a trusted signe r. 31 // GetCertificates returns a bundle with certificates of a trusted signe r.
39 // 32 //
40 // Returns (nil, nil) if the given signer is not trusted. 33 // Returns (nil, nil) if the given signer is not trusted.
41 // 34 //
42 // Returns errors (usually transient) if the bundle can't be fetched. 35 // Returns errors (usually transient) if the bundle can't be fetched.
43 GetCertificates(c context.Context, id identity.Identity) (*signing.Publi cCertificates, error) 36 GetCertificates(c context.Context, id identity.Identity) (*signing.Publi cCertificates, error)
44 37
45 // GetWhitelistForIdentity returns name of the IP whitelist to use to ch eck 38 // GetWhitelistForIdentity returns name of the IP whitelist to use to ch eck
46 // IP of requests from given `ident`. 39 // IP of requests from given `ident`.
47 // 40 //
(...skipping 14 matching lines...) Expand all
62 // Returns an error if the DB implementation is not using an auth servic e. 55 // Returns an error if the DB implementation is not using an auth servic e.
63 GetAuthServiceURL(c context.Context) (string, error) 56 GetAuthServiceURL(c context.Context) (string, error)
64 57
65 // GetTokenServiceURL returns root URL ("https://<host>") of the token s erver. 58 // GetTokenServiceURL returns root URL ("https://<host>") of the token s erver.
66 // 59 //
67 // Returns an error if the DB implementation doesn't know how to retriev e it. 60 // Returns an error if the DB implementation doesn't know how to retriev e it.
68 // 61 //
69 // Returns ("", nil) if the token server URL is not configured. 62 // Returns ("", nil) if the token server URL is not configured.
70 GetTokenServiceURL(c context.Context) (string, error) 63 GetTokenServiceURL(c context.Context) (string, error)
71 } 64 }
OLDNEW
« no previous file with comments | « server/auth/auth_test.go ('k') | server/auth/authdb/erroring.go » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698