| OLD | NEW |
|---|
| 1 // Copyright 2016 The LUCI Authors. All rights reserved. | 1 // Copyright 2016 The LUCI Authors. All rights reserved. |
| 2 // Use of this source code is governed under the Apache License, Version 2.0 | 2 // Use of this source code is governed under the Apache License, Version 2.0 |
| 3 // that can be found in the LICENSE file. | 3 // that can be found in the LICENSE file. |
| 4 | 4 |
| 5 package deps | 5 package deps |
| 6 | 6 |
| 7 import ( | 7 import ( |
| 8 "github.com/luci/luci-go/common/errors" | 8 "github.com/luci/luci-go/common/errors" |
| 9 "github.com/luci/luci-go/common/logging" | 9 "github.com/luci/luci-go/common/logging" |
| 10 "github.com/luci/luci-go/common/retry/transient" |
| 10 "github.com/luci/luci-go/dm/api/acls" | 11 "github.com/luci/luci-go/dm/api/acls" |
| 11 "github.com/luci/luci-go/grpc/grpcutil" | 12 "github.com/luci/luci-go/grpc/grpcutil" |
| 12 "github.com/luci/luci-go/luci_config/server/cfgclient" | 13 "github.com/luci/luci-go/luci_config/server/cfgclient" |
| 13 "github.com/luci/luci-go/luci_config/server/cfgclient/textproto" | 14 "github.com/luci/luci-go/luci_config/server/cfgclient/textproto" |
| 14 "github.com/luci/luci-go/server/auth" | 15 "github.com/luci/luci-go/server/auth" |
| 15 | 16 |
| 16 "golang.org/x/net/context" | 17 "golang.org/x/net/context" |
| 17 "google.golang.org/grpc/codes" | 18 "google.golang.org/grpc/codes" |
| 18 ) | 19 ) |
| 19 | 20 |
| 20 func loadAcls(c context.Context) (ret *acls.Acls, err error) { | 21 func loadAcls(c context.Context) (ret *acls.Acls, err error) { |
| 21 cSet := cfgclient.CurrentServiceConfigSet(c) | 22 cSet := cfgclient.CurrentServiceConfigSet(c) |
| 22 file := "acls.cfg" | 23 file := "acls.cfg" |
| 23 | 24 |
| 24 ret = &acls.Acls{} | 25 ret = &acls.Acls{} |
| 25 if err := cfgclient.Get(c, cfgclient.AsService, cSet, file, textproto.Me
ssage(ret), nil); err != nil { | 26 if err := cfgclient.Get(c, cfgclient.AsService, cSet, file, textproto.Me
ssage(ret), nil); err != nil { |
| 26 » » return nil, errors.Annotate(err).Transient(). | 27 » » return nil, errors.Annotate(err).Tag(transient.Tag). |
| 27 D("cSet", cSet).D("file", file).InternalReason("loading
config").Err() | 28 D("cSet", cSet).D("file", file).InternalReason("loading
config").Err() |
| 28 } | 29 } |
| 29 return | 30 return |
| 30 } | 31 } |
| 31 | 32 |
| 32 func inGroups(c context.Context, groups []string) error { | 33 func inGroups(c context.Context, groups []string) error { |
| 33 for _, grp := range groups { | 34 for _, grp := range groups { |
| 34 ok, err := auth.IsMember(c, grp) | 35 ok, err := auth.IsMember(c, grp) |
| 35 if err != nil { | 36 if err != nil { |
| 36 » » » return grpcutil.Annotate(err, codes.Internal).Reason("fa
iled group check").Err() | 37 » » » return grpcAnnotate(err, codes.Internal).Reason("failed
group check").Err() |
| 37 } | 38 } |
| 38 if ok { | 39 if ok { |
| 39 return nil | 40 return nil |
| 40 } | 41 } |
| 41 } | 42 } |
| 42 logging.Fields{ | 43 logging.Fields{ |
| 43 "ident": auth.CurrentIdentity(c), | 44 "ident": auth.CurrentIdentity(c), |
| 44 "groups": groups, | 45 "groups": groups, |
| 45 }.Infof(c, "not authorized") | 46 }.Infof(c, "not authorized") |
| 46 return grpcutil.Errf(codes.PermissionDenied, "not authorized") | 47 return grpcutil.Errf(codes.PermissionDenied, "not authorized") |
| (...skipping 10 matching lines...) Expand all Loading... |
| 57 return | 58 return |
| 58 } | 59 } |
| 59 | 60 |
| 60 func canWrite(c context.Context) (err error) { | 61 func canWrite(c context.Context) (err error) { |
| 61 acl, err := loadAcls(c) | 62 acl, err := loadAcls(c) |
| 62 if err != nil { | 63 if err != nil { |
| 63 return | 64 return |
| 64 } | 65 } |
| 65 return inGroups(c, acl.Writers) | 66 return inGroups(c, acl.Writers) |
| 66 } | 67 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2951393002:
[errors] de-specialize Transient in favor of Tags. (Closed)
