Documentation

Overview

    Package authdbimpl implements datastore-based storage and update of AuthDB snapshots used for authorization decisions by server/auth/*.

    It uses server/auth/service to communicate with auth_service to fetch AuthDB snapshots and subscribe to PubSub notifications.

    It always uses default datastore namespace for storage, and thus auth groups are global to the service.

    Index

    Constants

    This section is empty.

    Variables

    This section is empty.

    Functions

    func ConfigureAuthService

    func ConfigureAuthService(ctx context.Context, baseURL, authServiceURL string) error

      ConfigureAuthService makes initial fetch of AuthDB snapshot from the auth service and sets up PubSub subscription.

      `baseURL` is root URL of currently running service, will be used to derive PubSub push endpoint URL.

      If `authServiceURL` is blank, disables the fetching.

      func GetAuthDBSnapshot

      func GetAuthDBSnapshot(ctx context.Context, id string) (*protocol.AuthDB, error)

        GetAuthDBSnapshot fetches, inflates and deserializes AuthDB snapshot.

        func InstallHandlers

        func InstallHandlers(r *router.Router, base router.MiddlewareChain)

          InstallHandlers installs PubSub related HTTP handlers.

          Types

          type Snapshot

          type Snapshot struct {
          	ID string `gae:"$id"`
          
          	// AuthDBDeflated is zlib-compressed serialized AuthDB protobuf message.
          	AuthDBDeflated []byte `gae:",noindex"`
          
          	CreatedAt time.Time // when it was created on Auth service
          	FetchedAt time.Time // when it was fetched and put into the datastore
          	// contains filtered or unexported fields
          }

            Snapshot is serialized deflated AuthDB blob with some minimal metadata.

            Root entity. Immutable. Key has the form "v1,<AuthServiceURL>,<Revision>", it's generated by SnapshotInfo.GetSnapshotID(). It is globally unique version identifier, since it includes URL of an auth service. AuthServiceURL should be not very long (~< 250 chars) for this too work.

            Currently does not get garbage collected.

            type SnapshotInfo

            type SnapshotInfo struct {
            	AuthServiceURL string `gae:",noindex"`
            	Rev            int64  `gae:",noindex"`
            	// contains filtered or unexported fields
            }

              SnapshotInfo identifies some concrete AuthDB snapshot.

              Singleton entity. Serves as a pointer to a blob with corresponding AuthDB proto message (stored in separate Snapshot entity).

              func GetLatestSnapshotInfo

              func GetLatestSnapshotInfo(ctx context.Context) (*SnapshotInfo, error)

                GetLatestSnapshotInfo fetches SnapshotInfo singleton entity.

                If no such entity is stored, returns (nil, nil).

                func (*SnapshotInfo) GetSnapshotID

                func (si *SnapshotInfo) GetSnapshotID() string

                  GetSnapshotID returns datastore ID of the corresponding Snapshot entity.