luci: Index | Files

package authdbimpl

import ""

Package authdbimpl implements datastore-based storage and update of AuthDB snapshots used for authorization decisions by server/auth/*.

It uses server/auth/service to communicate with auth_service to fetch AuthDB snapshots and subscribe to PubSub notifications.

It always uses default datastore namespace for storage, and thus auth groups are global to the service.


Package Files

authdb.go doc.go handlers.go helpers.go metrics.go

func ConfigureAuthService Uses

func ConfigureAuthService(ctx context.Context, baseURL, authServiceURL string) error

ConfigureAuthService makes initial fetch of AuthDB snapshot from the auth service and sets up PubSub subscription.

`baseURL` is root URL of currently running service, will be used to derive PubSub push endpoint URL.

If `authServiceURL` is blank, disables the fetching.

func GetAuthDBSnapshot Uses

func GetAuthDBSnapshot(ctx context.Context, id string) (*protocol.AuthDB, error)

GetAuthDBSnapshot fetches, inflates and deserializes AuthDB snapshot.

func InstallHandlers Uses

func InstallHandlers(r *router.Router, base router.MiddlewareChain)

InstallHandlers installs PubSub related HTTP handlers.

type Snapshot Uses

type Snapshot struct {
    ID  string `gae:"$id"`

    // AuthDBDeflated is zlib-compressed serialized AuthDB protobuf message.
    AuthDBDeflated []byte `gae:",noindex"`

    CreatedAt time.Time // when it was created on Auth service
    FetchedAt time.Time // when it was fetched and put into the datastore
    // contains filtered or unexported fields

Snapshot is serialized deflated AuthDB blob with some minimal metadata.

Root entity. Immutable. Key has the form "v1,<AuthServiceURL>,<Revision>", it's generated by SnapshotInfo.GetSnapshotID(). It is globally unique version identifier, since it includes URL of an auth service. AuthServiceURL should be not very long (~< 250 chars) for this too work.

Currently does not get garbage collected.

type SnapshotInfo Uses

type SnapshotInfo struct {
    AuthServiceURL string `gae:",noindex"`
    Rev            int64  `gae:",noindex"`
    // contains filtered or unexported fields

SnapshotInfo identifies some concrete AuthDB snapshot.

Singleton entity. Serves as a pointer to a blob with corresponding AuthDB proto message (stored in separate Snapshot entity).

func GetLatestSnapshotInfo Uses

func GetLatestSnapshotInfo(ctx context.Context) (*SnapshotInfo, error)

GetLatestSnapshotInfo fetches SnapshotInfo singleton entity.

If no such entity is stored, returns (nil, nil).

func (*SnapshotInfo) GetSnapshotID Uses

func (si *SnapshotInfo) GetSnapshotID() string

GetSnapshotID returns datastore ID of the corresponding Snapshot entity.

Package authdbimpl imports 21 packages (graph) and is imported by 2 packages. Updated 2020-12-06. Refresh now. Tools for package owners.