Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1149)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: server/auth/authdb/snapshot.go

Issue 2873113002: auth: Remove "shared" aka "global" secrets. (Closed)
Patch Set: Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « server/auth/authdb/erroring.go ('k') | server/auth/authdb/snapshot_test.go » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: server/auth/authdb/snapshot.go
diff --git a/server/auth/authdb/snapshot.go b/server/auth/authdb/snapshot.go
index 2963687edab671f606c277b8b686b769aa125839..2d65d2af8e96c18d9b75df81d23362983c751cf8 100644
--- a/server/auth/authdb/snapshot.go
+++ b/server/auth/authdb/snapshot.go
@@ -18,7 +18,6 @@ import (
"github.com/luci/luci-go/server/auth/identity"
"github.com/luci/luci-go/server/auth/service/protocol"
"github.com/luci/luci-go/server/auth/signing"
- "github.com/luci/luci-go/server/secrets"
)
// OAuth client_id of https://apis-explorer.appspot.com/.
@@ -36,7 +35,6 @@ type SnapshotDB struct {
clientIDs map[string]struct{} // set of allowed client IDs
groups map[string]*group // map of all known groups
- secrets secrets.StaticStore // secrets shared by all service with this DB
assignments map[identity.Identity]string // IP whitelist assignements
whitelists map[string][]net.IPNet // IP whitelists
@@ -130,25 +128,6 @@ func NewSnapshotDB(authDB *protocol.AuthDB, authServiceURL string, rev int64) (*
}
}
- // Load all shared secrets.
- db.secrets = make(secrets.StaticStore, len(authDB.GetSecrets()))
- for _, s := range authDB.GetSecrets() {
- values := s.GetValues()
- if len(values) == 0 {
- continue
- }
- secret := secrets.Secret{
- Current: secrets.NamedBlob{Blob: values[0]}, // most recent on top
- }
- if len(values) > 1 {
- secret.Previous = make([]secrets.NamedBlob, len(values)-1)
- for i := 1; i < len(values); i++ {
- secret.Previous[i-1] = secrets.NamedBlob{Blob: values[i]}
- }
- }
- db.secrets[secrets.Key(s.GetName())] = secret
- }
-
// Build map of IP whitelist assignments.
db.assignments = make(map[identity.Identity]string, len(authDB.GetIpWhitelistAssignments()))
for _, a := range authDB.GetIpWhitelistAssignments() {
@@ -287,14 +266,6 @@ func (db *SnapshotDB) isMemberImpl(c context.Context, id identity.Identity, grou
return false, nil
}
-// SharedSecrets is secrets.Store with secrets in Auth DB.
-//
-// Such secrets are usually generated on central Auth Service and are known
-// to all trusted services (so that they can use them to exchange data).
-func (db *SnapshotDB) SharedSecrets(c context.Context) (secrets.Store, error) {
- return db.secrets, nil
-}
-
// GetCertificates returns a bundle with certificates of a trusted signer.
func (db *SnapshotDB) GetCertificates(c context.Context, signerID identity.Identity) (*signing.PublicCertificates, error) {
val, err := db.certs.Get(c)
« no previous file with comments | « server/auth/authdb/erroring.go ('k') | server/auth/authdb/snapshot_test.go » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698