Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(8)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: tokenserver/appengine/impl/machinetoken/machinetoken.go

Issue 2951393002: [errors] de-specialize Transient in favor of Tags. (Closed)
Patch Set: more refactor Created 3 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« grpc/grpcutil/errors.go ('K') | « tokenserver/appengine/impl/delegation/rpc_mint_delegation_token.go ('k') | tokenserver/appengine/impl/machinetoken/rpc_inspect_machine_token.go » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The LUCI Authors. All rights reserved. 1 // Copyright 2016 The LUCI Authors. All rights reserved.
2 // Use of this source code is governed under the Apache License, Version 2.0 2 // Use of this source code is governed under the Apache License, Version 2.0
3 // that can be found in the LICENSE file. 3 // that can be found in the LICENSE file.
4 4
5 // Package machinetoken implements generation of LUCI machine tokens. 5 // Package machinetoken implements generation of LUCI machine tokens.
6 package machinetoken 6 package machinetoken
7 7
8 import ( 8 import (
9 "crypto/x509" 9 "crypto/x509"
10 "encoding/base64" 10 "encoding/base64"
11 "fmt" 11 "fmt"
12 "math" 12 "math"
13 "math/big" 13 "math/big"
14 "strings" 14 "strings"
15 "time" 15 "time"
16 16
17 "github.com/golang/protobuf/proto" 17 "github.com/golang/protobuf/proto"
18 "golang.org/x/net/context" 18 "golang.org/x/net/context"
19 19
20 "github.com/luci/luci-go/common/clock" 20 "github.com/luci/luci-go/common/clock"
21 » "github.com/luci/luci-go/common/errors" 21 » "github.com/luci/luci-go/common/retry/transient"
22 "github.com/luci/luci-go/server/auth/signing" 22 "github.com/luci/luci-go/server/auth/signing"
23 23
24 "github.com/luci/luci-go/tokenserver/api" 24 "github.com/luci/luci-go/tokenserver/api"
25 "github.com/luci/luci-go/tokenserver/api/admin/v1" 25 "github.com/luci/luci-go/tokenserver/api/admin/v1"
26 "github.com/luci/luci-go/tokenserver/appengine/impl/utils/tokensigning" 26 "github.com/luci/luci-go/tokenserver/appengine/impl/utils/tokensigning"
27 ) 27 )
28 28
29 // tokenSigningContext is used to make sure machine token is not misused in 29 // tokenSigningContext is used to make sure machine token is not misused in
30 // place of some other token. 30 // place of some other token.
31 // 31 //
(...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after
119 if len(chunks) != 2 { 119 if len(chunks) != 2 {
120 panic("impossible") // checked in Validate already 120 panic("impossible") // checked in Validate already
121 } 121 }
122 cfg := domainConfig(params.Config, chunks[1]) 122 cfg := domainConfig(params.Config, chunks[1])
123 if cfg == nil { 123 if cfg == nil {
124 panic("impossible") // checked in Validate already 124 panic("impossible") // checked in Validate already
125 } 125 }
126 126
127 srvInfo, err := params.Signer.ServiceInfo(c) 127 srvInfo, err := params.Signer.ServiceInfo(c)
128 if err != nil { 128 if err != nil {
129 » » return nil, "", errors.WrapTransient(err) 129 » » return nil, "", transient.Tag.Apply(err)
130 } 130 }
131 131
132 body := &tokenserver.MachineTokenBody{ 132 body := &tokenserver.MachineTokenBody{
133 MachineFqdn: params.FQDN, 133 MachineFqdn: params.FQDN,
134 IssuedBy: srvInfo.ServiceAccountName, 134 IssuedBy: srvInfo.ServiceAccountName,
135 IssuedAt: uint64(clock.Now(c).Unix()), 135 IssuedAt: uint64(clock.Now(c).Unix()),
136 Lifetime: uint64(cfg.MachineTokenLifetime), 136 Lifetime: uint64(cfg.MachineTokenLifetime),
137 CaId: params.Config.UniqueId, 137 CaId: params.Config.UniqueId,
138 CertSn: params.Cert.SerialNumber.Uint64(), // already valid ated, fits uint64 138 CertSn: params.Cert.SerialNumber.Uint64(), // already valid ated, fits uint64
139 } 139 }
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after
187 Lifespan: func(b proto.Message) tokensigning.Lifespan { 187 Lifespan: func(b proto.Message) tokensigning.Lifespan {
188 body := b.(*tokenserver.MachineTokenBody) 188 body := b.(*tokenserver.MachineTokenBody)
189 return tokensigning.Lifespan{ 189 return tokensigning.Lifespan{
190 NotBefore: time.Unix(int64(body.IssuedAt), 0), 190 NotBefore: time.Unix(int64(body.IssuedAt), 0),
191 NotAfter: time.Unix(int64(body.IssuedAt)+int64( body.Lifetime), 0), 191 NotAfter: time.Unix(int64(body.IssuedAt)+int64( body.Lifetime), 0),
192 } 192 }
193 }, 193 },
194 } 194 }
195 return i.InspectToken(c, tok) 195 return i.InspectToken(c, tok)
196 } 196 }
OLDNEW
« grpc/grpcutil/errors.go ('K') | « tokenserver/appengine/impl/delegation/rpc_mint_delegation_token.go ('k') | tokenserver/appengine/impl/machinetoken/rpc_inspect_machine_token.go » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698