Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(121)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: appengine/swarming/swarming_bot/bot_code/remote_client.py

Issue 2958413002: Add 'mint_oauth_token' method to RPC client. (Closed)
Patch Set: pylint Created 3 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | appengine/swarming/swarming_bot/bot_code/remote_client_errors.py » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 # Copyright 2016 The LUCI Authors. All rights reserved. 1 # Copyright 2016 The LUCI Authors. All rights reserved.
2 # Use of this source code is governed under the Apache License, Version 2.0 2 # Use of this source code is governed under the Apache License, Version 2.0
3 # that can be found in the LICENSE file. 3 # that can be found in the LICENSE file.
4 4
5 import base64 5 import base64
6 import logging 6 import logging
7 import threading 7 import threading
8 import time 8 import time
9 import traceback 9 import traceback
10 import urllib 10 import urllib
11 11
12 from utils import net 12 from utils import net
13 13
14 from remote_client_errors import BotCodeError 14 from remote_client_errors import BotCodeError
15 from remote_client_errors import InitializationError 15 from remote_client_errors import InitializationError
16 from remote_client_errors import InternalError 16 from remote_client_errors import InternalError
17 from remote_client_errors import MintOAuthTokenError
17 from remote_client_errors import PollError 18 from remote_client_errors import PollError
18 19
19 20
20 # RemoteClient will attempt to refresh the authentication headers once they are 21 # RemoteClient will attempt to refresh the authentication headers once they are
21 # this close to the expiration. 22 # this close to the expiration.
22 # 23 #
23 # The total possible delay between the headers are checked and used is the sum: 24 # The total possible delay between the headers are checked and used is the sum:
24 # 1) FileRefresherThread update interval (15 sec). 25 # 1) FileRefresherThread update interval (15 sec).
25 # 2) FileReaderThread update interval (15 sec). 26 # 2) FileReaderThread update interval (15 sec).
26 # 3) NET_CONNECTION_TIMEOUT_SEC, when resending requests on errors (3 min). 27 # 3) NET_CONNECTION_TIMEOUT_SEC, when resending requests on errors (3 min).
(...skipping 247 matching lines...) Expand 10 before | Expand all | Expand 10 after
274 url_path = '/swarming/api/v1/bot/bot_code/%s?bot_id=%s' % ( 275 url_path = '/swarming/api/v1/bot/bot_code/%s?bot_id=%s' % (
275 bot_version, urllib.quote_plus(bot_id)) 276 bot_version, urllib.quote_plus(bot_id))
276 if not self._url_retrieve(new_zip_path, url_path): 277 if not self._url_retrieve(new_zip_path, url_path):
277 raise BotCodeError(new_zip_path, self._server + url_path, bot_version) 278 raise BotCodeError(new_zip_path, self._server + url_path, bot_version)
278 279
279 def ping(self): 280 def ping(self):
280 """Unlike all other methods, this one isn't authenticated.""" 281 """Unlike all other methods, this one isn't authenticated."""
281 resp = net.url_read(self._server + '/swarming/api/v1/bot/server_ping') 282 resp = net.url_read(self._server + '/swarming/api/v1/bot/server_ping')
282 if resp is None: 283 if resp is None:
283 logging.error('No response from server_ping') 284 logging.error('No response from server_ping')
285
286 def mint_oauth_token(self, task_id, bot_id, account_id, scopes):
287 """Asks the server to generate an access token for a service accounts.
dnj 2017/06/29 16:29:27 nit: s/accounts/account/
Vadim Sh. 2017/06/29 18:20:43 Done.
288
289 Each task has two service accounts associated with it: 'system' and 'task'.
290 Swarming server is capable of generating oauth tokens for them (if the bot
291 is currently authorized to have access to them).
292
293 Args:
294 task_id: identifier of currently executing task.
295 bot_id: name of the bot.
296 account_id: logical identifier of the account (e.g 'system' or 'task').
297 scopes: list of OAuth scopes the new token should have.
298
299 Returns:
300 {
301 'service_account': <str>, # account email or 'bot', or 'none'
302 'access_token': <str> or None, # actual token, if using real account
303 'expiry': <int>, # unix timestamp in seconds
304 }
305
306 Raises:
307 InternalError if can't contact the server after many attempts or the
308 server consistently replies with HTTP 5** errors.
309
310 MintOAuthTokenError on fatal errors.
311 """
312 resp = self._url_read_json('/swarming/api/v1/bot/oauth_token', data={
313 'account_id': account_id,
314 'id': bot_id,
315 'scopes': scopes,
316 'task_id': task_id,
317 })
318 if not resp:
319 raise InternalError('Error when minting the token')
320 if resp.get('error'):
321 raise MintOAuthTokenError(resp['error'])
322 return resp
OLDNEW
« no previous file with comments | « no previous file | appengine/swarming/swarming_bot/bot_code/remote_client_errors.py » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698