Documentation

Overview

    Package dump implements loading AuthDB from dumps in Google Storage.

    Index

    Constants

    This section is empty.

    Variables

    This section is empty.

    Functions

    This section is empty.

    Types

    type Fetcher

    type Fetcher struct {
    	StorageDumpPath    string   // GCS storage path to the dump "<bucket>/<object>"
    	AuthServiceURL     string   // URL of the auth service "https://..."
    	AuthServiceAccount string   // service account name that signed the blob
    	OAuthScopes        []string // scopes to use when making OAuth tokens
    	// contains filtered or unexported fields
    }

      Fetcher can fetch AuthDB snapshots from GCS dumps, requesting access through Auth Service if necessary.

      It's designed not to depend on Auth Service availability at all if everything is already setup (i.e. the access to AuthDB snapshot is granted). For that reason it requires the location of GCS dump and name of Auth Service's signing account to be provided as static configuration (since we don't want to make RPCs to potentially unavailable Auth Service to discover them).

      The only time Auth Service is directly hit is when GCS returns permission errors. When this happens, Fetcher tries to authorize itself through the Auth Service API call and then retries the fetch.

      func (*Fetcher) FetchAuthDB

      func (f *Fetcher) FetchAuthDB(ctx context.Context, cur *authdb.SnapshotDB) (fresh *authdb.SnapshotDB, err error)

        FetchAuthDB checks whether there's a newer version of AuthDB available in GCS and fetches it if so. If 'cur' is already up-to-date, returns it as is.

        Logs and retries errors internally until the context cancellation or timeout.

        Source Files