Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(21)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: server/auth/authdb/erroring.go

Issue 2873113002: auth: Remove "shared" aka "global" secrets. (Closed)
Patch Set: Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « server/auth/authdb/db.go ('k') | server/auth/authdb/snapshot.go » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The LUCI Authors. All rights reserved. 1 // Copyright 2016 The LUCI Authors. All rights reserved.
2 // Use of this source code is governed under the Apache License, Version 2.0 2 // Use of this source code is governed under the Apache License, Version 2.0
3 // that can be found in the LICENSE file. 3 // that can be found in the LICENSE file.
4 4
5 package authdb 5 package authdb
6 6
7 import ( 7 import (
8 "net" 8 "net"
9 9
10 "golang.org/x/net/context" 10 "golang.org/x/net/context"
11 11
12 "github.com/luci/luci-go/common/logging" 12 "github.com/luci/luci-go/common/logging"
13 "github.com/luci/luci-go/server/auth/identity" 13 "github.com/luci/luci-go/server/auth/identity"
14 "github.com/luci/luci-go/server/auth/signing" 14 "github.com/luci/luci-go/server/auth/signing"
15 "github.com/luci/luci-go/server/secrets"
16 ) 15 )
17 16
18 // ErroringDB implements DB by forbidding all access and returning errors. 17 // ErroringDB implements DB by forbidding all access and returning errors.
19 type ErroringDB struct { 18 type ErroringDB struct {
20 Error error // returned by all calls 19 Error error // returned by all calls
21 } 20 }
22 21
23 // IsAllowedOAuthClientID returns true if given OAuth2 client_id can be used 22 // IsAllowedOAuthClientID returns true if given OAuth2 client_id can be used
24 // to authenticate access for given email. 23 // to authenticate access for given email.
25 func (db ErroringDB) IsAllowedOAuthClientID(c context.Context, email, clientID s tring) (bool, error) { 24 func (db ErroringDB) IsAllowedOAuthClientID(c context.Context, email, clientID s tring) (bool, error) {
26 logging.Errorf(c, "%s", db.Error) 25 logging.Errorf(c, "%s", db.Error)
27 return false, db.Error 26 return false, db.Error
28 } 27 }
29 28
30 // IsMember returns true if the given identity belongs to any of the groups. 29 // IsMember returns true if the given identity belongs to any of the groups.
31 // 30 //
32 // Unknown groups are considered empty. May return errors if underlying 31 // Unknown groups are considered empty. May return errors if underlying
33 // datastore has issues. 32 // datastore has issues.
34 func (db ErroringDB) IsMember(c context.Context, id identity.Identity, groups .. .string) (bool, error) { 33 func (db ErroringDB) IsMember(c context.Context, id identity.Identity, groups .. .string) (bool, error) {
35 logging.Errorf(c, "%s", db.Error) 34 logging.Errorf(c, "%s", db.Error)
36 return false, db.Error 35 return false, db.Error
37 } 36 }
38 37
39 // SharedSecrets is secrets.Store with secrets in Auth DB.
40 //
41 // Such secrets are usually generated on central Auth Service and are known
42 // to all trusted services (so that they can use them to exchange data).
43 func (db ErroringDB) SharedSecrets(c context.Context) (secrets.Store, error) {
44 logging.Errorf(c, "%s", db.Error)
45 return nil, db.Error
46 }
47
48 // GetCertificates returns a bundle with certificates of a trusted signer. 38 // GetCertificates returns a bundle with certificates of a trusted signer.
49 func (db ErroringDB) GetCertificates(c context.Context, id identity.Identity) (* signing.PublicCertificates, error) { 39 func (db ErroringDB) GetCertificates(c context.Context, id identity.Identity) (* signing.PublicCertificates, error) {
50 logging.Errorf(c, "%s", db.Error) 40 logging.Errorf(c, "%s", db.Error)
51 return nil, db.Error 41 return nil, db.Error
52 } 42 }
53 43
54 // GetWhitelistForIdentity returns name of the IP whitelist to use to check 44 // GetWhitelistForIdentity returns name of the IP whitelist to use to check
55 // IP of requests from given `ident`. 45 // IP of requests from given `ident`.
56 // 46 //
57 // It's used to restrict access for certain account to certain IP subnets. 47 // It's used to restrict access for certain account to certain IP subnets.
(...skipping 15 matching lines...) Expand all
73 63
74 // GetAuthServiceURL returns root URL ("https://<host>") of the auth service. 64 // GetAuthServiceURL returns root URL ("https://<host>") of the auth service.
75 func (db ErroringDB) GetAuthServiceURL(c context.Context) (string, error) { 65 func (db ErroringDB) GetAuthServiceURL(c context.Context) (string, error) {
76 return "", db.Error 66 return "", db.Error
77 } 67 }
78 68
79 // GetTokenServiceURL returns root URL ("https://<host>") of the token service. 69 // GetTokenServiceURL returns root URL ("https://<host>") of the token service.
80 func (db ErroringDB) GetTokenServiceURL(c context.Context) (string, error) { 70 func (db ErroringDB) GetTokenServiceURL(c context.Context) (string, error) {
81 return "", db.Error 71 return "", db.Error
82 } 72 }
OLDNEW
« no previous file with comments | « server/auth/authdb/db.go ('k') | server/auth/authdb/snapshot.go » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698