Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(179)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: server/auth/delegation.go

Issue 2951393002: [errors] de-specialize Transient in favor of Tags. (Closed)
Patch Set: more refactor Created 3 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« grpc/grpcutil/errors.go ('K') | « server/auth/auth_test.go ('k') | server/auth/delegation/checker.go » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The LUCI Authors. All rights reserved. 1 // Copyright 2016 The LUCI Authors. All rights reserved.
2 // Use of this source code is governed under the Apache License, Version 2.0 2 // Use of this source code is governed under the Apache License, Version 2.0
3 // that can be found in the LICENSE file. 3 // that can be found in the LICENSE file.
4 4
5 package auth 5 package auth
6 6
7 import ( 7 import (
8 "fmt" 8 "fmt"
9 "net/http" 9 "net/http"
10 "strings" 10 "strings"
11 "time" 11 "time"
12 12
13 "golang.org/x/net/context" 13 "golang.org/x/net/context"
14 14
15 "github.com/luci/luci-go/common/clock" 15 "github.com/luci/luci-go/common/clock"
16 "github.com/luci/luci-go/common/errors"
17 "github.com/luci/luci-go/common/logging" 16 "github.com/luci/luci-go/common/logging"
18 "github.com/luci/luci-go/common/retry" 17 "github.com/luci/luci-go/common/retry"
18 "github.com/luci/luci-go/common/retry/transient"
19 "github.com/luci/luci-go/grpc/grpcutil" 19 "github.com/luci/luci-go/grpc/grpcutil"
20 "github.com/luci/luci-go/grpc/prpc" 20 "github.com/luci/luci-go/grpc/prpc"
21 "github.com/luci/luci-go/server/auth/delegation" 21 "github.com/luci/luci-go/server/auth/delegation"
22 "github.com/luci/luci-go/server/auth/delegation/messages" 22 "github.com/luci/luci-go/server/auth/delegation/messages"
23 "github.com/luci/luci-go/server/auth/identity" 23 "github.com/luci/luci-go/server/auth/identity"
24 "github.com/luci/luci-go/tokenserver/api/minter/v1" 24 "github.com/luci/luci-go/tokenserver/api/minter/v1"
25 ) 25 )
26 26
27 var ( 27 var (
28 » // ErrTokenServerNotConfigured is returned by MintDelegationToken if the 28 » // ErrTokenServiceNotConfigured is returned by MintDelegationToken if th e
29 // token service URL is not configured. This usually means the correspon ding 29 // token service URL is not configured. This usually means the correspon ding
30 // auth service is not paired with a token server. 30 // auth service is not paired with a token server.
31 ErrTokenServiceNotConfigured = fmt.Errorf("auth: token service URL is no t configured") 31 ErrTokenServiceNotConfigured = fmt.Errorf("auth: token service URL is no t configured")
32 32
33 // ErrBrokenTokenService is returned by MintDelegationToken if the RPC t o the 33 // ErrBrokenTokenService is returned by MintDelegationToken if the RPC t o the
34 // token service succeeded, but response doesn't make sense. This should not 34 // token service succeeded, but response doesn't make sense. This should not
35 // generally happen. 35 // generally happen.
36 ErrBrokenTokenService = fmt.Errorf("auth: unrecognized response from the token service") 36 ErrBrokenTokenService = fmt.Errorf("auth: unrecognized response from the token service")
37 37
38 // ErrAnonymousDelegation is returned by MintDelegationToken if it is us ed in 38 // ErrAnonymousDelegation is returned by MintDelegationToken if it is us ed in
(...skipping 189 matching lines...) Expand 10 before | Expand all | Expand 10 after
228 // The actual RPC call. 228 // The actual RPC call.
229 resp, err := rpcClient.MintDelegationToken(ctx, &minter. MintDelegationTokenRequest{ 229 resp, err := rpcClient.MintDelegationToken(ctx, &minter. MintDelegationTokenRequest{
230 DelegatedIdentity: string(userID), 230 DelegatedIdentity: string(userID),
231 ValidityDuration: int64(MaxDelegationTokenTTL.S econds()), 231 ValidityDuration: int64(MaxDelegationTokenTTL.S econds()),
232 Audience: []string{"REQUESTOR"}, // mak e the token usable only by the calling service 232 Audience: []string{"REQUESTOR"}, // mak e the token usable only by the calling service
233 Services: []string{target}, 233 Services: []string{target},
234 Intent: p.Intent, 234 Intent: p.Intent,
235 }) 235 })
236 if err != nil { 236 if err != nil {
237 err = grpcutil.WrapIfTransient(err) 237 err = grpcutil.WrapIfTransient(err)
238 » » » » if errors.IsTransient(err) { 238 » » » » if transient.Tag.In(err) {
239 return nil, err, "ERROR_TRANSIENT_IN_MIN TING" 239 return nil, err, "ERROR_TRANSIENT_IN_MIN TING"
240 } 240 }
241 return nil, err, "ERROR_MINTING" 241 return nil, err, "ERROR_MINTING"
242 } 242 }
243 243
244 // Sanity checks. A correctly working token server shoul d not trigger them. 244 // Sanity checks. A correctly working token server shoul d not trigger them.
245 subtoken := resp.DelegationSubtoken 245 subtoken := resp.DelegationSubtoken
246 good := false 246 good := false
247 switch { 247 switch {
248 case subtoken == nil: 248 case subtoken == nil:
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after
280 280
281 if err != nil { 281 if err != nil {
282 report(err, label) 282 report(err, label)
283 return nil, err 283 return nil, err
284 } 284 }
285 285
286 t := cached.Token.(delegation.Token) // let it panic on type mismatch 286 t := cached.Token.(delegation.Token) // let it panic on type mismatch
287 report(nil, label) 287 report(nil, label)
288 return &t, nil 288 return &t, nil
289 } 289 }
OLDNEW
« grpc/grpcutil/errors.go ('K') | « server/auth/auth_test.go ('k') | server/auth/delegation/checker.go » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698