The Token Server

The token server is responsible for minting short-lived (<1 hour) stateless access tokens for Swarming bots. It uses PKI to authenticate bots.

Code layout:

  • frontend, backend - entry points for GAE service binaries.
  • devcfg - luci-config config files when running locally.
  • impl - the root package with all implementation guts.
Expand ▾ Collapse ▴


Path Synopsis
backend Binary backend implements HTTP server that handles requests to 'backend' module.
frontend Binary frontend implements HTTP server that handles requests to 'default' module.
impl Package impl holds code to initialize the server environment.
impl/certchecker Package certchecker contains implementation of CertChecker.
impl/certconfig Package certconfig contains code to work with imported CAs and their CRLs.
impl/machinetoken Package machinetoken implements generation of LUCI machine tokens.
impl/serviceaccountsv2 Package serviceaccountsv2 implements MintServiceAccountToken RPC.
impl/services/admin/adminsrv Package adminsrv implements Admin API.
impl/services/admin/certauthorities Package certauthorities implements CertificateAuthorities API.
impl/services/minter/tokenminter Package tokenminter implements TokenMinter API.
impl/utils Package utils contains a variety of small utility functions used by other tokenserver packages.
impl/utils/bq Package bq contains helpers for uploading rows to BigQuery.
impl/utils/identityset Package identityset implements a set-like structure for identity.Identity.
impl/utils/policy Package policy contains implementation of Policy parsing and querying.
impl/utils/revocation Package revocation contains utilities for implementing token revocation.
impl/utils/shards Package shards provides a low level support for implementing sharded set of []byte blobs.
impl/utils/tokensigning Package tokensigning implements utilities for RSA-signing of proto messages.