Documentation

Overview

    Package localauth implements localhost HTTP server that hands out tokens to local LUCI-aware processes.

    TODO(vadimsh): Link to a doc or write one right here.

    Index

    Constants

    This section is empty.

    Variables

    This section is empty.

    Functions

    This section is empty.

    Types

    type ErrorWithCode

    type ErrorWithCode interface {
    	error
    
    	// Code returns a code to put into RPC response alongside the error message.
    	Code() int
    }

      ErrorWithCode is a fatal error that also has a numeric code.

      May be returned by TokenGenerator to trigger a response with some specific error code.

      type Server

      type Server struct {
      	// TokenGenerators produce access tokens for given account IDs.
      	TokenGenerators map[string]TokenGenerator
      
      	// DefaultAccountID is account ID subprocesses should pick by default.
      	//
      	// It is put into "local_auth" section of LUCI_CONTEXT. If empty string,
      	// subprocesses won't attempt to use any account by default (they still can
      	// pick some non-default account though).
      	DefaultAccountID string
      
      	// Port is a local TCP port to bind to or 0 to allow the OS to pick one.
      	Port int
      	// contains filtered or unexported fields
      }

        Server runs a local RPC server that hands out access tokens.

        Processes that need a token can discover location of this server by looking at "local_auth" section of LUCI_CONTEXT.

        func (*Server) Start

        func (s *Server) Start(ctx context.Context) (*lucictx.LocalAuth, error)

          Start launches background goroutine with the serving loop.

          The provided context is used as base context for request handlers and for logging.

          Returns a copy of lucictx.LocalAuth structure that specifies how to contact the server. It should be put into "local_auth" section of LUCI_CONTEXT where clients can discover it.

          The server must be eventually stopped with Stop().

          func (*Server) Stop

          func (s *Server) Stop(ctx context.Context) error

            Stop closes the listening socket, notifies pending requests to abort and stops the internal serving goroutine.

            Safe to call multiple times. Once stopped, the server cannot be started again (make a new instance of Server instead).

            Uses the given context for the deadline when waiting for the serving loop to stop.

            type TokenGenerator

            type TokenGenerator interface {
            	// GenerateOAuthToken returns an access token for a combination of scopes.
            	//
            	// It is called for each request to the local auth server. It may be called
            	// concurrently from multiple goroutines and must implement its own caching
            	// and synchronization if necessary.
            	//
            	// It is expected that the returned token lives for at least given 'lifetime'
            	// duration (which is typically on order of minutes), but it may live longer.
            	// Clients may cache the returned token for the duration of its lifetime.
            	//
            	// May return transient errors (in transient.Tag.In(err) returning true
            	// sense). Such errors result in HTTP 500 responses. This is appropriate for
            	// non-fatal errors. Clients may immediately retry requests on such errors.
            	//
            	// Any non-transient error is considered fatal and results in an RPC-level
            	// error response ({"error": ...}). Clients must treat such responses as fatal
            	// and don't retry requests.
            	//
            	// If the error implements ErrorWithCode interface, the error code returned to
            	// clients will be grabbed from the error object, otherwise the error code is
            	// set to -1.
            	GenerateOAuthToken(ctx context.Context, scopes []string, lifetime time.Duration) (*oauth2.Token, error)
            
            	// GenerateIDToken returns an ID token with the given audience in `aud` claim.
            	//
            	// All details specified in GenerateOAuthToken doc also apply to
            	// GenerateIDToken.
            	GenerateIDToken(ctx context.Context, audience string, lifetime time.Duration) (*oauth2.Token, error)
            
            	// GetEmail returns an email associated with all tokens produced by this
            	// generator or auth.ErrNoEmail if it's not available.
            	//
            	// Any other error will bubble up through Server.Start.
            	GetEmail() (string, error)
            }

              TokenGenerator produces access or ID tokens.

              The canonical implementation is &auth.TokenGenerator{}.

              Source Files

              Directories

              Path Synopsis
              Package rpcs implements request/response used to get auth token via RPCs.
              Package rpcs implements request/response used to get auth token via RPCs.