OLD | NEW |
1 # Copyright 2016 The LUCI Authors. All rights reserved. | 1 # Copyright 2016 The LUCI Authors. All rights reserved. |
2 # Use of this source code is governed under the Apache License, Version 2.0 | 2 # Use of this source code is governed under the Apache License, Version 2.0 |
3 # that can be found in the LICENSE file. | 3 # that can be found in the LICENSE file. |
4 | 4 |
5 import base64 | 5 import base64 |
6 import logging | 6 import logging |
7 import threading | 7 import threading |
8 import time | 8 import time |
9 import traceback | 9 import traceback |
10 import urllib | 10 import urllib |
11 | 11 |
12 from utils import net | 12 from utils import net |
13 | 13 |
14 from remote_client_errors import BotCodeError | 14 from remote_client_errors import BotCodeError |
15 from remote_client_errors import InitializationError | 15 from remote_client_errors import InitializationError |
16 from remote_client_errors import InternalError | 16 from remote_client_errors import InternalError |
| 17 from remote_client_errors import MintOAuthTokenError |
17 from remote_client_errors import PollError | 18 from remote_client_errors import PollError |
18 | 19 |
19 | 20 |
20 # RemoteClient will attempt to refresh the authentication headers once they are | 21 # RemoteClient will attempt to refresh the authentication headers once they are |
21 # this close to the expiration. | 22 # this close to the expiration. |
22 # | 23 # |
23 # The total possible delay between the headers are checked and used is the sum: | 24 # The total possible delay between the headers are checked and used is the sum: |
24 # 1) FileRefresherThread update interval (15 sec). | 25 # 1) FileRefresherThread update interval (15 sec). |
25 # 2) FileReaderThread update interval (15 sec). | 26 # 2) FileReaderThread update interval (15 sec). |
26 # 3) NET_CONNECTION_TIMEOUT_SEC, when resending requests on errors (3 min). | 27 # 3) NET_CONNECTION_TIMEOUT_SEC, when resending requests on errors (3 min). |
(...skipping 247 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
274 url_path = '/swarming/api/v1/bot/bot_code/%s?bot_id=%s' % ( | 275 url_path = '/swarming/api/v1/bot/bot_code/%s?bot_id=%s' % ( |
275 bot_version, urllib.quote_plus(bot_id)) | 276 bot_version, urllib.quote_plus(bot_id)) |
276 if not self._url_retrieve(new_zip_path, url_path): | 277 if not self._url_retrieve(new_zip_path, url_path): |
277 raise BotCodeError(new_zip_path, self._server + url_path, bot_version) | 278 raise BotCodeError(new_zip_path, self._server + url_path, bot_version) |
278 | 279 |
279 def ping(self): | 280 def ping(self): |
280 """Unlike all other methods, this one isn't authenticated.""" | 281 """Unlike all other methods, this one isn't authenticated.""" |
281 resp = net.url_read(self._server + '/swarming/api/v1/bot/server_ping') | 282 resp = net.url_read(self._server + '/swarming/api/v1/bot/server_ping') |
282 if resp is None: | 283 if resp is None: |
283 logging.error('No response from server_ping') | 284 logging.error('No response from server_ping') |
| 285 |
| 286 def mint_oauth_token(self, task_id, bot_id, account_id, scopes): |
| 287 """Asks the server to generate an access token for a service account. |
| 288 |
| 289 Each task has two service accounts associated with it: 'system' and 'task'. |
| 290 Swarming server is capable of generating oauth tokens for them (if the bot |
| 291 is currently authorized to have access to them). |
| 292 |
| 293 Args: |
| 294 task_id: identifier of currently executing task. |
| 295 bot_id: name of the bot. |
| 296 account_id: logical identifier of the account (e.g 'system' or 'task'). |
| 297 scopes: list of OAuth scopes the new token should have. |
| 298 |
| 299 Returns: |
| 300 { |
| 301 'service_account': <str>, # account email or 'bot', or 'none' |
| 302 'access_token': <str> or None, # actual token, if using real account |
| 303 'expiry': <int>, # unix timestamp in seconds |
| 304 } |
| 305 |
| 306 Raises: |
| 307 InternalError if can't contact the server after many attempts or the |
| 308 server consistently replies with HTTP 5** errors. |
| 309 |
| 310 MintOAuthTokenError on fatal errors. |
| 311 """ |
| 312 resp = self._url_read_json('/swarming/api/v1/bot/oauth_token', data={ |
| 313 'account_id': account_id, |
| 314 'id': bot_id, |
| 315 'scopes': scopes, |
| 316 'task_id': task_id, |
| 317 }) |
| 318 if not resp: |
| 319 raise InternalError('Error when minting the token') |
| 320 if resp.get('error'): |
| 321 raise MintOAuthTokenError(resp['error']) |
| 322 return resp |
OLD | NEW |