luci: go.chromium.org/luci/server/auth/authdb/dump Index | Files

package dump

import "go.chromium.org/luci/server/auth/authdb/dump"

Package dump implements loading AuthDB from dumps in Google Storage.

Index

Package Files

dump.go

type Fetcher Uses

type Fetcher struct {
    StorageDumpPath    string   // GCS storage path to the dump "<bucket>/<object>"
    AuthServiceURL     string   // URL of the auth service "https://..."
    AuthServiceAccount string   // service account name that signed the blob
    OAuthScopes        []string // scopes to use when making OAuth tokens
    // contains filtered or unexported fields
}

Fetcher can fetch AuthDB snapshots from GCS dumps, requesting access through Auth Service if necessary.

It's designed not to depend on Auth Service availability at all if everything is already setup (i.e. the access to AuthDB snapshot is granted). For that reason it requires the location of GCS dump and name of Auth Service's signing account to be provided as static configuration (since we don't want to make RPCs to potentially unavailable Auth Service to discover them).

The only time Auth Service is directly hit is when GCS returns permission errors. When this happens, Fetcher tries to authorize itself through the Auth Service API call and then retries the fetch.

func (*Fetcher) FetchAuthDB Uses

func (f *Fetcher) FetchAuthDB(ctx context.Context, cur *authdb.SnapshotDB) (fresh *authdb.SnapshotDB, err error)

FetchAuthDB checks whether there's a newer version of AuthDB available in GCS and fetches it if so. If 'cur' is already up-to-date, returns it as is.

Logs and retries errors internally until the context cancellation or timeout.

Package dump imports 18 packages (graph) and is imported by 2 packages. Updated 2019-11-12. Refresh now. Tools for package owners.