Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(143)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 2952723003: token-server: Make machine token minter config apply to subdomains. (Closed)

Created:
3 years, 6 months ago by Vadim Sh.
Modified:
3 years, 6 months ago
Reviewers:
iannucci, smut
CC:
chromium-reviews, infra-reviews+luci-go_chromium.org, maruel+w_chromium.org, tandrii+luci-go_chromium.org
Target Ref:
refs/heads/master
Project:
luci-go
Visibility:
Public.

Description

token-server: Make machine token minter config apply to subdomains. Token server is configured with a list of domains it is allowed to mint machine tokens for. This list used to be matched exactly, e.g a cert with Common Name "machine.sub.example.com" can be exchanged to a machine token only if "sub.example.com" is listed in the config. This change relaxes this rule and allows configured domains to match subdomains too. Also cleanup some stale assumptions in comments and code. R=smut@google.com, iannucci@chromium.org BUG=732467 Review-Url: https://codereview.chromium.org/2952723003 Committed: https://github.com/luci/luci-go/commit/7e4835b3ee45d01e99c04376b7bcfb741c6960fb

Patch Set 1 #

Total comments: 5

Patch Set 2 : typo #

Unified diffs Side-by-side diffs Delta from patch set Stats (+1035 lines, -1018 lines) Patch
M tokenserver/api/admin/v1/config.proto View 2 chunks +6 lines, -1 line 0 comments Download
M tokenserver/api/admin/v1/config.pb.go View 2 chunks +6 lines, -1 line 0 comments Download
M tokenserver/api/admin/v1/pb.discovery.go View 1 chunk +1011 lines, -1004 lines 0 comments Download
M tokenserver/appengine/impl/machinetoken/machinetoken.go View 1 2 chunks +7 lines, -7 lines 0 comments Download
M tokenserver/appengine/impl/machinetoken/machinetoken_test.go View 2 chunks +5 lines, -5 lines 0 comments Download

Messages

Total messages: 10 (4 generated)
Vadim Sh.
PTAL https://codereview.chromium.org/2952723003/diff/1/tokenserver/api/admin/v1/config.proto File tokenserver/api/admin/v1/config.proto (left): https://codereview.chromium.org/2952723003/diff/1/tokenserver/api/admin/v1/config.proto#oldcode27 tokenserver/api/admin/v1/config.proto:27: // for generating a token with machine_id <hostname>@<token-server-url>. ...
3 years, 6 months ago (2017-06-21 00:09:02 UTC) #1
Vadim Sh.
Confirmed it works: https://screenshot.googleplex.com/8RjHQtLM06V.png
3 years, 6 months ago (2017-06-21 00:20:49 UTC) #2
smut
lgtm https://codereview.chromium.org/2952723003/diff/1/tokenserver/appengine/impl/machinetoken/machinetoken.go File tokenserver/appengine/impl/machinetoken/machinetoken.go (right): https://codereview.chromium.org/2952723003/diff/1/tokenserver/appengine/impl/machinetoken/machinetoken.go#newcode74 tokenserver/appengine/impl/machinetoken/machinetoken.go:74: domain := chunks[1] // e.g. "us-central-1a.c.project-id.internal" typo: us-central1-a, ...
3 years, 6 months ago (2017-06-21 00:27:19 UTC) #3
Vadim Sh.
https://codereview.chromium.org/2952723003/diff/1/tokenserver/appengine/impl/machinetoken/machinetoken.go File tokenserver/appengine/impl/machinetoken/machinetoken.go (right): https://codereview.chromium.org/2952723003/diff/1/tokenserver/appengine/impl/machinetoken/machinetoken.go#newcode74 tokenserver/appengine/impl/machinetoken/machinetoken.go:74: domain := chunks[1] // e.g. "us-central-1a.c.project-id.internal" On 2017/06/21 00:27:19, ...
3 years, 6 months ago (2017-06-21 00:31:56 UTC) #4
commit-bot: I haz the power
CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2952723003/20001
3 years, 6 months ago (2017-06-21 00:32:16 UTC) #7
commit-bot: I haz the power
3 years, 6 months ago (2017-06-21 00:38:12 UTC) #10
Message was sent while issue was closed. 
Committed patchset #2 (id:20001) as
https://github.com/luci/luci-go/commit/7e4835b3ee45d01e99c04376b7bcfb741c6960fb

Powered by Google App Engine
This is Rietveld 408576698