Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(666)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: server/auth/actor.go

Issue 2951393002: [errors] de-specialize Transient in favor of Tags. (Closed)
Patch Set: copyright Created 3 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« grpc/grpcutil/errors.go ('K') | « scheduler/appengine/task/utils/apiclient.go ('k') | server/auth/auth.go » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2017 The LUCI Authors. All rights reserved. 1 // Copyright 2017 The LUCI Authors. All rights reserved.
2 // Use of this source code is governed under the Apache License, Version 2.0 2 // Use of this source code is governed under the Apache License, Version 2.0
3 // that can be found in the LICENSE file. 3 // that can be found in the LICENSE file.
4 4
5 package auth 5 package auth
6 6
7 import ( 7 import (
8 "encoding/gob" 8 "encoding/gob"
9 "fmt" 9 "fmt"
10 "net/http" 10 "net/http"
11 "sort" 11 "sort"
12 "strings" 12 "strings"
13 "time" 13 "time"
14 14
15 "golang.org/x/net/context" 15 "golang.org/x/net/context"
16 "golang.org/x/oauth2" 16 "golang.org/x/oauth2"
17 "google.golang.org/api/googleapi" 17 "google.golang.org/api/googleapi"
18 18
19 "github.com/luci/luci-go/common/clock" 19 "github.com/luci/luci-go/common/clock"
20 "github.com/luci/luci-go/common/errors"
21 "github.com/luci/luci-go/common/gcloud/googleoauth" 20 "github.com/luci/luci-go/common/gcloud/googleoauth"
22 "github.com/luci/luci-go/common/gcloud/iam" 21 "github.com/luci/luci-go/common/gcloud/iam"
23 "github.com/luci/luci-go/common/logging" 22 "github.com/luci/luci-go/common/logging"
23 "github.com/luci/luci-go/common/retry"
24 ) 24 )
25 25
26 // MintAccessTokenParams is passed to MintAccessTokenForServiceAccount. 26 // MintAccessTokenParams is passed to MintAccessTokenForServiceAccount.
27 type MintAccessTokenParams struct { 27 type MintAccessTokenParams struct {
28 // ServiceAccount is an email of a service account to mint a token for. 28 // ServiceAccount is an email of a service account to mint a token for.
29 ServiceAccount string 29 ServiceAccount string
30 30
31 // Scopes is a list of OAuth scopes the token should have. 31 // Scopes is a list of OAuth scopes the token should have.
32 Scopes []string 32 Scopes []string
33 33
(...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after
154 Scopes: sortedScopes, 154 Scopes: sortedScopes,
155 Client: &http.Client{Transport: cfg.AnonymousTra nsport(ctx)}, 155 Client: &http.Client{Transport: cfg.AnonymousTra nsport(ctx)},
156 }) 156 })
157 157
158 // Both iam.Signer and googleoauth.GetAccessToken return googleapi.Error 158 // Both iam.Signer and googleoauth.GetAccessToken return googleapi.Error
159 // on HTTP-level responses. Recognize fatal HTTP errors. Everything else 159 // on HTTP-level responses. Recognize fatal HTTP errors. Everything else
160 // (stuff like connection timeouts, deadlines, etc) are transient errors. 160 // (stuff like connection timeouts, deadlines, etc) are transient errors.
161 if err != nil { 161 if err != nil {
162 if apiErr, ok := err.(*googleapi.Error); ok && a piErr.Code < 500 { 162 if apiErr, ok := err.(*googleapi.Error); ok && a piErr.Code < 500 {
163 return nil, err, fmt.Sprintf("ERROR_MINT ING_HTTP_%d", apiErr.Code) 163 return nil, err, fmt.Sprintf("ERROR_MINT ING_HTTP_%d", apiErr.Code)
164 } else {
165 return nil, errors.WrapTransient(err), " ERROR_TRANSIENT_IN_MINTING"
166 } 164 }
165 return nil, retry.Tag.Apply(err), "ERROR_TRANSIE NT_IN_MINTING"
167 } 166 }
168 167
169 // Log details about the new token. 168 // Log details about the new token.
170 now := clock.Now(ctx).UTC() 169 now := clock.Now(ctx).UTC()
171 logging.Fields{ 170 logging.Fields{
172 "fingerprint": tokenFingerprint(tok.AccessToken) , 171 "fingerprint": tokenFingerprint(tok.AccessToken) ,
173 "validity": tok.Expiry.Sub(now), 172 "validity": tok.Expiry.Sub(now),
174 }.Debugf(ctx, "Minted new actor OAuth token") 173 }.Debugf(ctx, "Minted new actor OAuth token")
175 174
176 return &cachedToken{ 175 return &cachedToken{
177 Token: makeCachedOAuth2Token(tok), 176 Token: makeCachedOAuth2Token(tok),
178 Created: now, 177 Created: now,
179 Expiry: tok.Expiry, 178 Expiry: tok.Expiry,
180 }, nil, "SUCCESS_CACHE_MISS" 179 }, nil, "SUCCESS_CACHE_MISS"
181 }, 180 },
182 }) 181 })
183 182
184 if err != nil { 183 if err != nil {
185 report(err, label) 184 report(err, label)
186 return nil, err 185 return nil, err
187 } 186 }
188 187
189 t := cached.Token.(cachedOAuth2Token) // let it panic on type mismatch 188 t := cached.Token.(cachedOAuth2Token) // let it panic on type mismatch
190 report(nil, label) 189 report(nil, label)
191 return t.toToken(), nil 190 return t.toToken(), nil
192 } 191 }
OLDNEW
« grpc/grpcutil/errors.go ('K') | « scheduler/appengine/task/utils/apiclient.go ('k') | server/auth/auth.go » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698