Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2534)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: appengine/swarming/swarming_bot/bot_code/remote_client.py

Issue 2958413002: Add 'mint_oauth_token' method to RPC client. (Closed)
Patch Set: Add 'mint_oauth_token' method to RPC client. Created 3 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | appengine/swarming/swarming_bot/bot_code/remote_client_errors.py » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: appengine/swarming/swarming_bot/bot_code/remote_client.py
diff --git a/appengine/swarming/swarming_bot/bot_code/remote_client.py b/appengine/swarming/swarming_bot/bot_code/remote_client.py
index 9c2b62e38c5e0827162318e4b129a898dbac1d38..2d494ffe2be087bd25c8b072f72caa9ca1748a27 100644
--- a/appengine/swarming/swarming_bot/bot_code/remote_client.py
+++ b/appengine/swarming/swarming_bot/bot_code/remote_client.py
@@ -14,6 +14,7 @@ from utils import net
from remote_client_errors import BotCodeError
from remote_client_errors import InitializationError
from remote_client_errors import InternalError
+from remote_client_errors import MintOAuthTokenError
from remote_client_errors import PollError
@@ -281,3 +282,41 @@ class RemoteClientNative(object):
resp = net.url_read(self._server + '/swarming/api/v1/bot/server_ping')
if resp is None:
logging.error('No response from server_ping')
+
+ def mint_oauth_token(self, task_id, bot_id, account_id, scopes):
+ """Asks the server to generate an access token for a service account.
+
+ Each task has two service accounts associated with it: 'system' and 'task'.
+ Swarming server is capable of generating oauth tokens for them (if the bot
+ is currently authorized to have access to them).
+
+ Args:
+ task_id: identifier of currently executing task.
+ bot_id: name of the bot.
+ account_id: logical identifier of the account (e.g 'system' or 'task').
+ scopes: list of OAuth scopes the new token should have.
+
+ Returns:
+ {
+ 'service_account': <str>, # account email or 'bot', or 'none'
+ 'access_token': <str> or None, # actual token, if using real account
+ 'expiry': <int>, # unix timestamp in seconds
+ }
+
+ Raises:
+ InternalError if can't contact the server after many attempts or the
+ server consistently replies with HTTP 5** errors.
+
+ MintOAuthTokenError on fatal errors.
+ """
+ resp = self._url_read_json('/swarming/api/v1/bot/oauth_token', data={
+ 'account_id': account_id,
+ 'id': bot_id,
+ 'scopes': scopes,
+ 'task_id': task_id,
+ })
+ if not resp:
+ raise InternalError('Error when minting the token')
+ if resp.get('error'):
+ raise MintOAuthTokenError(resp['error'])
+ return resp
« no previous file with comments | « no previous file | appengine/swarming/swarming_bot/bot_code/remote_client_errors.py » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698