Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(560)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: milo/buildsource/buildbot/pubsub.go

Issue 2974263002: [milo] better ACL system for masters. (Closed)
Patch Set: Created 3 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« milo/buildsource/buildbot/master.go ('K') | « milo/buildsource/buildbot/master.go ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: milo/buildsource/buildbot/pubsub.go
diff --git a/milo/buildsource/buildbot/pubsub.go b/milo/buildsource/buildbot/pubsub.go
index 15814813e7e37d706a503cf05c35f82e5b82eff0..105115999c44cd8f0a9fbedb8c269a481470224c 100644
--- a/milo/buildsource/buildbot/pubsub.go
+++ b/milo/buildsource/buildbot/pubsub.go
@@ -80,6 +80,12 @@ type buildbotMasterEntry struct {
Modified time.Time
}
+// buildbotMasterPublic is a struct that exists for public builtbot masters, and
+// not for internal masters. It's used for ACL checks.
+type buildbotMasterPublic struct {
dnj 2017/07/11 18:46:34 Is there a potential problem with already-ingested
iannucci 2017/07/11 21:01:39 We'll deploy the pubsub module first and make sure
+ Name string `gae:"$id"`
+}
+
func putDSMasterJSON(
c context.Context, master *buildbotMaster, internal bool) error {
for _, builder := range master.Builders {
@@ -98,6 +104,16 @@ func putDSMasterJSON(
Internal: internal,
Modified: clock.Now(c).UTC(),
}
+ toPut := []interface{}{&entry}
Ryan Tseng 2017/07/11 18:37:16 why not []*entry{}?
dnj 2017/07/11 18:46:34 b/c this contains both a "buildbotMasterEntry" and
iannucci 2017/07/11 21:01:39 yep
+ if internal {
+ // do the deletion immediately so that the 'public' bit is removed from
+ // datastore before any internal details are actually written to datastore.
+ if err := ds.Delete(c, &buildbotMasterPublic{master.Name}); err != nil && err != ds.ErrNoSuchEntity {
dnj 2017/07/11 18:46:34 nit: declare the public variable outside of this c
iannucci 2017/07/11 21:01:39 Done.
+ return err
+ }
+ } else {
+ toPut = append(toPut, &buildbotMasterPublic{master.Name})
+ }
gzbs := bytes.Buffer{}
gsw := gzip.NewWriter(&gzbs)
cw := iotools.CountingWriter{Writer: gsw}
@@ -109,7 +125,7 @@ func putDSMasterJSON(
entry.Data = gzbs.Bytes()
logging.Debugf(c, "Length of json data: %d", cw.Count)
logging.Debugf(c, "Length of gzipped data: %d", len(entry.Data))
- return ds.Put(c, &entry)
+ return ds.Put(c, toPut)
}
// GetData returns the expanded form of Data (decoded from base64).
« milo/buildsource/buildbot/master.go ('K') | « milo/buildsource/buildbot/master.go ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698