Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(226)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: server/auth/delegation.go

Issue 2951393002: [errors] de-specialize Transient in favor of Tags. (Closed)
Patch Set: copyright Created 3 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« grpc/grpcutil/errors.go ('K') | « server/auth/auth_test.go ('k') | server/auth/delegation/checker.go » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The LUCI Authors. All rights reserved. 1 // Copyright 2016 The LUCI Authors. All rights reserved.
2 // Use of this source code is governed under the Apache License, Version 2.0 2 // Use of this source code is governed under the Apache License, Version 2.0
3 // that can be found in the LICENSE file. 3 // that can be found in the LICENSE file.
4 4
5 package auth 5 package auth
6 6
7 import ( 7 import (
8 "fmt" 8 "fmt"
9 "net/http" 9 "net/http"
10 "strings" 10 "strings"
11 "time" 11 "time"
12 12
13 "golang.org/x/net/context" 13 "golang.org/x/net/context"
14 14
15 "github.com/luci/luci-go/common/clock" 15 "github.com/luci/luci-go/common/clock"
16 "github.com/luci/luci-go/common/errors"
17 "github.com/luci/luci-go/common/logging" 16 "github.com/luci/luci-go/common/logging"
18 "github.com/luci/luci-go/common/retry" 17 "github.com/luci/luci-go/common/retry"
19 "github.com/luci/luci-go/grpc/grpcutil" 18 "github.com/luci/luci-go/grpc/grpcutil"
20 "github.com/luci/luci-go/grpc/prpc" 19 "github.com/luci/luci-go/grpc/prpc"
21 "github.com/luci/luci-go/server/auth/delegation" 20 "github.com/luci/luci-go/server/auth/delegation"
22 "github.com/luci/luci-go/server/auth/delegation/messages" 21 "github.com/luci/luci-go/server/auth/delegation/messages"
23 "github.com/luci/luci-go/server/auth/identity" 22 "github.com/luci/luci-go/server/auth/identity"
24 "github.com/luci/luci-go/tokenserver/api/minter/v1" 23 "github.com/luci/luci-go/tokenserver/api/minter/v1"
25 ) 24 )
26 25
27 var ( 26 var (
28 » // ErrTokenServerNotConfigured is returned by MintDelegationToken if the 27 » // ErrTokenServiceNotConfigured is returned by MintDelegationToken if th e
29 // token service URL is not configured. This usually means the correspon ding 28 // token service URL is not configured. This usually means the correspon ding
30 // auth service is not paired with a token server. 29 // auth service is not paired with a token server.
31 ErrTokenServiceNotConfigured = fmt.Errorf("auth: token service URL is no t configured") 30 ErrTokenServiceNotConfigured = fmt.Errorf("auth: token service URL is no t configured")
32 31
33 // ErrBrokenTokenService is returned by MintDelegationToken if the RPC t o the 32 // ErrBrokenTokenService is returned by MintDelegationToken if the RPC t o the
34 // token service succeeded, but response doesn't make sense. This should not 33 // token service succeeded, but response doesn't make sense. This should not
35 // generally happen. 34 // generally happen.
36 ErrBrokenTokenService = fmt.Errorf("auth: unrecognized response from the token service") 35 ErrBrokenTokenService = fmt.Errorf("auth: unrecognized response from the token service")
37 36
38 // ErrAnonymousDelegation is returned by MintDelegationToken if it is us ed in 37 // ErrAnonymousDelegation is returned by MintDelegationToken if it is us ed in
(...skipping 189 matching lines...) Expand 10 before | Expand all | Expand 10 after
228 // The actual RPC call. 227 // The actual RPC call.
229 resp, err := rpcClient.MintDelegationToken(ctx, &minter. MintDelegationTokenRequest{ 228 resp, err := rpcClient.MintDelegationToken(ctx, &minter. MintDelegationTokenRequest{
230 DelegatedIdentity: string(userID), 229 DelegatedIdentity: string(userID),
231 ValidityDuration: int64(MaxDelegationTokenTTL.S econds()), 230 ValidityDuration: int64(MaxDelegationTokenTTL.S econds()),
232 Audience: []string{"REQUESTOR"}, // mak e the token usable only by the calling service 231 Audience: []string{"REQUESTOR"}, // mak e the token usable only by the calling service
233 Services: []string{target}, 232 Services: []string{target},
234 Intent: p.Intent, 233 Intent: p.Intent,
235 }) 234 })
236 if err != nil { 235 if err != nil {
237 err = grpcutil.WrapIfTransient(err) 236 err = grpcutil.WrapIfTransient(err)
238 » » » » if errors.IsTransient(err) { 237 » » » » if retry.Tag.In(err) {
239 return nil, err, "ERROR_TRANSIENT_IN_MIN TING" 238 return nil, err, "ERROR_TRANSIENT_IN_MIN TING"
240 } 239 }
241 return nil, err, "ERROR_MINTING" 240 return nil, err, "ERROR_MINTING"
242 } 241 }
243 242
244 // Sanity checks. A correctly working token server shoul d not trigger them. 243 // Sanity checks. A correctly working token server shoul d not trigger them.
245 subtoken := resp.DelegationSubtoken 244 subtoken := resp.DelegationSubtoken
246 good := false 245 good := false
247 switch { 246 switch {
248 case subtoken == nil: 247 case subtoken == nil:
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after
280 279
281 if err != nil { 280 if err != nil {
282 report(err, label) 281 report(err, label)
283 return nil, err 282 return nil, err
284 } 283 }
285 284
286 t := cached.Token.(delegation.Token) // let it panic on type mismatch 285 t := cached.Token.(delegation.Token) // let it panic on type mismatch
287 report(nil, label) 286 report(nil, label)
288 return &t, nil 287 return &t, nil
289 } 288 }
OLDNEW
« grpc/grpcutil/errors.go ('K') | « server/auth/auth_test.go ('k') | server/auth/delegation/checker.go » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698