Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(387)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: tokenserver/appengine/impl/delegation/rpc_mint_delegation_token.go

Issue 2951393002: [errors] de-specialize Transient in favor of Tags. (Closed)
Patch Set: more refactor Created 3 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« grpc/grpcutil/errors.go ('K') | « tokenserver/appengine/impl/certconfig/rpc_fetch_crl.go ('k') | tokenserver/appengine/impl/machinetoken/machinetoken.go » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The LUCI Authors. All rights reserved. 1 // Copyright 2016 The LUCI Authors. All rights reserved.
2 // Use of this source code is governed under the Apache License, Version 2.0 2 // Use of this source code is governed under the Apache License, Version 2.0
3 // that can be found in the LICENSE file. 3 // that can be found in the LICENSE file.
4 4
5 package delegation 5 package delegation
6 6
7 import ( 7 import (
8 "fmt" 8 "fmt"
9 "strings" 9 "strings"
10 "time" 10 "time"
11 11
12 "github.com/golang/protobuf/jsonpb" 12 "github.com/golang/protobuf/jsonpb"
13 "golang.org/x/net/context" 13 "golang.org/x/net/context"
14 "google.golang.org/grpc" 14 "google.golang.org/grpc"
15 "google.golang.org/grpc/codes" 15 "google.golang.org/grpc/codes"
16 16
17 "github.com/luci/gae/service/info" 17 "github.com/luci/gae/service/info"
18 "github.com/luci/luci-go/common/clock" 18 "github.com/luci/luci-go/common/clock"
19 "github.com/luci/luci-go/common/errors"
20 "github.com/luci/luci-go/common/logging" 19 "github.com/luci/luci-go/common/logging"
20 "github.com/luci/luci-go/common/retry/transient"
21 "github.com/luci/luci-go/server/auth" 21 "github.com/luci/luci-go/server/auth"
22 "github.com/luci/luci-go/server/auth/authdb" 22 "github.com/luci/luci-go/server/auth/authdb"
23 "github.com/luci/luci-go/server/auth/delegation/messages" 23 "github.com/luci/luci-go/server/auth/delegation/messages"
24 "github.com/luci/luci-go/server/auth/identity" 24 "github.com/luci/luci-go/server/auth/identity"
25 "github.com/luci/luci-go/server/auth/signing" 25 "github.com/luci/luci-go/server/auth/signing"
26 26
27 admin "github.com/luci/luci-go/tokenserver/api/admin/v1" 27 admin "github.com/luci/luci-go/tokenserver/api/admin/v1"
28 "github.com/luci/luci-go/tokenserver/api/minter/v1" 28 "github.com/luci/luci-go/tokenserver/api/minter/v1"
29 "github.com/luci/luci-go/tokenserver/appengine/impl/utils" 29 "github.com/luci/luci-go/tokenserver/appengine/impl/utils"
30 "github.com/luci/luci-go/tokenserver/appengine/impl/utils/identityset" 30 "github.com/luci/luci-go/tokenserver/appengine/impl/utils/identityset"
(...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after
118 if req.ValidityDuration < 0 { 118 if req.ValidityDuration < 0 {
119 err = fmt.Errorf("invalid 'validity_duration' (%d)", req.Validit yDuration) 119 err = fmt.Errorf("invalid 'validity_duration' (%d)", req.Validit yDuration)
120 logging.WithError(err).Errorf(c, "Bad request") 120 logging.WithError(err).Errorf(c, "Bad request")
121 return nil, grpc.Errorf(codes.InvalidArgument, "bad request - %s ", err) 121 return nil, grpc.Errorf(codes.InvalidArgument, "bad request - %s ", err)
122 } 122 }
123 123
124 // Validate and normalize the request. This may do relatively expensive calls 124 // Validate and normalize the request. This may do relatively expensive calls
125 // to resolve "https://<service-url>" entries to "service:<id>" entries. 125 // to resolve "https://<service-url>" entries to "service:<id>" entries.
126 query, err := buildRulesQuery(c, req, callerID) 126 query, err := buildRulesQuery(c, req, callerID)
127 if err != nil { 127 if err != nil {
128 » » if errors.IsTransient(err) { 128 » » if transient.Tag.In(err) {
129 logging.WithError(err).Errorf(c, "buildRulesQuery failed ") 129 logging.WithError(err).Errorf(c, "buildRulesQuery failed ")
130 return nil, grpc.Errorf(codes.Internal, "failure when re solving target service ID - %s", err) 130 return nil, grpc.Errorf(codes.Internal, "failure when re solving target service ID - %s", err)
131 } 131 }
132 logging.WithError(err).Errorf(c, "Bad request") 132 logging.WithError(err).Errorf(c, "Bad request")
133 return nil, grpc.Errorf(codes.InvalidArgument, "bad request - %s ", err) 133 return nil, grpc.Errorf(codes.InvalidArgument, "bad request - %s ", err)
134 } 134 }
135 135
136 // Consult the config to find the rule that allows this operation (if an y). 136 // Consult the config to find the rule that allows this operation (if an y).
137 rule, err := rules.FindMatchingRule(c, query) 137 rule, err := rules.FindMatchingRule(c, query)
138 if err != nil { 138 if err != nil {
139 » » if errors.IsTransient(err) { 139 » » if transient.Tag.In(err) {
140 logging.WithError(err).Errorf(c, "FindMatchingRule faile d") 140 logging.WithError(err).Errorf(c, "FindMatchingRule faile d")
141 return nil, grpc.Errorf(codes.Internal, "failure when ch ecking rules - %s", err) 141 return nil, grpc.Errorf(codes.Internal, "failure when ch ecking rules - %s", err)
142 } 142 }
143 logging.WithError(err).Errorf(c, "Didn't pass rules check") 143 logging.WithError(err).Errorf(c, "Didn't pass rules check")
144 return nil, grpc.Errorf(codes.PermissionDenied, "forbidden - %s" , err) 144 return nil, grpc.Errorf(codes.PermissionDenied, "forbidden - %s" , err)
145 } 145 }
146 logging.Infof(c, "Found the matching rule %q in the config rev %s", rule .Name, rules.ConfigRevision()) 146 logging.Infof(c, "Found the matching rule %q in the config rev %s", rule .Name, rules.ConfigRevision())
147 147
148 // Make sure the requested token lifetime is allowed by the rule. 148 // Make sure the requested token lifetime is allowed by the rule.
149 if req.ValidityDuration > rule.MaxValidityDuration { 149 if req.ValidityDuration > rule.MaxValidityDuration {
(...skipping 192 matching lines...) Expand 10 before | Expand all | Expand 10 after
342 for _, url := range urls { 342 for _, url := range urls {
343 go func(url string) { 343 go func(url string) {
344 id, err := fetchLUCIServiceIdentity(c, url) 344 id, err := fetchLUCIServiceIdentity(c, url)
345 ch <- Result{url, id, err} 345 ch <- Result{url, id, err}
346 }(url) 346 }(url)
347 } 347 }
348 348
349 for i := 0; i < len(urls); i++ { 349 for i := 0; i < len(urls); i++ {
350 result := <-ch 350 result := <-ch
351 if result.Err != nil { 351 if result.Err != nil {
352 » » » if errors.IsTransient(result.Err) { 352 » » » if transient.Tag.In(result.Err) {
353 return result.Err 353 return result.Err
354 } 354 }
355 return fmt.Errorf("could not resolve %q to service ID - %s", result.URL, result.Err) 355 return fmt.Errorf("could not resolve %q to service ID - %s", result.URL, result.Err)
356 } 356 }
357 out.AddIdentity(result.ID) 357 out.AddIdentity(result.ID)
358 } 358 }
359 359
360 return nil 360 return nil
361 } 361 }
OLDNEW
« grpc/grpcutil/errors.go ('K') | « tokenserver/appengine/impl/certconfig/rpc_fetch_crl.go ('k') | tokenserver/appengine/impl/machinetoken/machinetoken.go » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698