| OLD | NEW |
|---|
| 1 // Copyright 2016 The LUCI Authors. All rights reserved. | 1 // Copyright 2016 The LUCI Authors. All rights reserved. |
| 2 // Use of this source code is governed under the Apache License, Version 2.0 | 2 // Use of this source code is governed under the Apache License, Version 2.0 |
| 3 // that can be found in the LICENSE file. | 3 // that can be found in the LICENSE file. |
| 4 | 4 |
| 5 package lucictx | 5 package lucictx |
| 6 | 6 |
| 7 import ( | 7 import ( |
| 8 "fmt" | 8 "fmt" |
| 9 | 9 |
| 10 "golang.org/x/net/context" | 10 "golang.org/x/net/context" |
| 11 ) | 11 ) |
| 12 | 12 |
| 13 // LocalAuth is a struct that may be used with the "local_auth" section of | 13 // LocalAuth is a struct that may be used with the "local_auth" section of |
| 14 // LUCI_CONTEXT. | 14 // LUCI_CONTEXT. |
| 15 type LocalAuth struct { | 15 type LocalAuth struct { |
| 16 // RPCPort and Secret define how to connect to the local auth server. |
| 16 RPCPort uint32 `json:"rpc_port"` | 17 RPCPort uint32 `json:"rpc_port"` |
| 17 Secret []byte `json:"secret"` | 18 Secret []byte `json:"secret"` |
| 19 |
| 20 // Accounts and DefaultAccountID defines what access tokens are availabl
e. |
| 21 Accounts []LocalAuthAccount `json:"accounts"` |
| 22 DefaultAccountID string `json:"default_account_id"` |
| 23 } |
| 24 |
| 25 // LocalAuthAccount contains information about a service account available |
| 26 // through a local auth server. |
| 27 type LocalAuthAccount struct { |
| 28 // ID is logical identifier of the account, e.g. "system" or "task". |
| 29 ID string `json:"id"` |
| 30 } |
| 31 |
| 32 // CanUseByDefault returns true if the authentication context can be picked up |
| 33 // by default. |
| 34 // |
| 35 // TODO(vadimsh): Remove this method once all servers provide 'accounts'. |
| 36 func (la *LocalAuth) CanUseByDefault() bool { |
| 37 // Old API servers don't provide list of accounts. Instead there's singl
e |
| 38 // account that is always used by default. |
| 39 if len(la.Accounts) == 0 { |
| 40 return true |
| 41 } |
| 42 // New API servers give a list of available account and an optional defa
ult |
| 43 // account. Auth should be used only if default account is given. |
| 44 return la.DefaultAccountID != "" |
| 18 } | 45 } |
| 19 | 46 |
| 20 // GetLocalAuth calls Lookup and returns the current LocalAuth from LUCI_CONTEXT | 47 // GetLocalAuth calls Lookup and returns the current LocalAuth from LUCI_CONTEXT |
| 21 // if it was present. If no LocalAuth is in the context, this returns nil. | 48 // if it was present. If no LocalAuth is in the context, this returns nil. |
| 22 func GetLocalAuth(ctx context.Context) *LocalAuth { | 49 func GetLocalAuth(ctx context.Context) *LocalAuth { |
| 23 ret := LocalAuth{} | 50 ret := LocalAuth{} |
| 24 ok, err := Lookup(ctx, "local_auth", &ret) | 51 ok, err := Lookup(ctx, "local_auth", &ret) |
| 25 if err != nil { | 52 if err != nil { |
| 26 panic(err) | 53 panic(err) |
| 27 } | 54 } |
| 28 if !ok { | 55 if !ok { |
| 29 return nil | 56 return nil |
| 30 } | 57 } |
| 31 return &ret | 58 return &ret |
| 32 } | 59 } |
| 33 | 60 |
| 34 // SetLocalAuth Sets the LocalAuth in the LUCI_CONTEXT. | 61 // SetLocalAuth Sets the LocalAuth in the LUCI_CONTEXT. |
| 35 func SetLocalAuth(ctx context.Context, la *LocalAuth) context.Context { | 62 func SetLocalAuth(ctx context.Context, la *LocalAuth) context.Context { |
| 36 ctx, err := Set(ctx, "local_auth", la) | 63 ctx, err := Set(ctx, "local_auth", la) |
| 37 if err != nil { | 64 if err != nil { |
| 38 panic(fmt.Errorf("impossible: %s", err)) | 65 panic(fmt.Errorf("impossible: %s", err)) |
| 39 } | 66 } |
| 40 return ctx | 67 return ctx |
| 41 } | 68 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2951553002:
Extend LUCI_CONTEXT["local_auth"] protocol to understand accounts. (Closed)
