common/auth/internal/luci_ctx.go - Issue 2951553002: Extend LUCI_CONTEXT["local_auth"] protocol to understand accounts.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: common/auth/internal/luci_ctx.go

Issue 2951553002: Extend LUCI_CONTEXT["local_auth"] protocol to understand accounts. (Closed)

Patch Set: Created 3 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: common/auth/internal/luci_ctx.go

diff --git a/common/auth/internal/luci_ctx.go b/common/auth/internal/luci_ctx.go

index 720e3b6ad0ec3822f6aace7d3161a19246886b41..5816252e04d875e354a814199c9f960baac2cf9d 100644

--- a/common/auth/internal/luci_ctx.go

+++ b/common/auth/internal/luci_ctx.go

@@ -39,11 +39,18 @@ type luciContextTokenProvider struct {

// description of how to locate and contact the local auth server.

// See common/auth/localauth package for the implementation of the server.

+//

+// TODO(vadimsh): This method currently supports both "old" auth server that

Vadim Sh. 2017/06/19 20:16:28 I think we currently run cipd in a LUCI_CONTEXT pr

+// don't understand "account_id", and new servers that do. Remove support for

+// old servers once Swarming is updated to understand new protocol.

func NewLUCIContextTokenProvider(ctx context.Context, scopes []string, transport http.RoundTripper) (TokenProvider, error) {

localAuth := lucictx.GetLocalAuth(ctx)

if localAuth == nil {

return nil, fmt.Errorf(`no "local_auth" in LUCI_CONTEXT`)

}

+ if !localAuth.CanUseByDefault() {

+ return nil, fmt.Errorf(`no "default_account_id" in LUCI_CONTEXT["local_auth"]`)

iannucci 2017/06/19 20:31:28 IIUC, this would only happen if the server emits t

Vadim Sh. 2017/06/19 20:41:36 Correct. Once old servers are removed, CanUseByDef

+ }

// All authenticators share singleton in-process token cache, see

// ProcTokenCache variable in proc_cache.go.

@@ -90,8 +97,9 @@ func (p *luciContextTokenProvider) MintToken(ctx context.Context, base *oauth2.T

// should just make a single attempt, and mark an error as transient to

// trigger a retry, if necessary.

request := rpcs.GetOAuthTokenRequest{

- Scopes: p.scopes,

- Secret: p.localAuth.Secret,

+ Scopes: p.scopes,

+ Secret: p.localAuth.Secret,

+ AccountID: p.localAuth.DefaultAccountID, // note: this is "" for old servers

}

if err := request.Validate(); err != nil {

return nil, err // should not really happen