Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(44)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: appengine/logdog/coordinator/config/auth.go

Issue 1863973002: LogDog: Update to archival V2. (Closed) Base URL: https://github.com/luci/luci-go@grpcutil-errors
Patch Set: Fix proto comment. Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « appengine/logdog/coordinator/backend/util_test.go ('k') | appengine/logdog/coordinator/config/bigTable.go » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 package config
6
7 import (
8 "errors"
9 "fmt"
10
11 "github.com/luci/gae/service/info"
12 log "github.com/luci/luci-go/common/logging"
13 "github.com/luci/luci-go/common/proto/logdog/svcconfig"
14 "github.com/luci/luci-go/server/auth"
15 "github.com/luci/luci-go/server/auth/identity"
16 "golang.org/x/net/context"
17 )
18
19 // IsAdminUser tests whether the current user belongs to the administrative
20 // users group. It will return an error if the user does not.
21 func IsAdminUser(c context.Context) error {
22 return isMember(c, func(cfg *svcconfig.Coordinator) string {
23 return cfg.AdminAuthGroup
24 })
25 }
26
27 // IsServiceUser tests whether the current user belongs to the backend services
28 // users group. It will return an error if the user does not.
29 func IsServiceUser(c context.Context) error {
30 return isMember(c, func(cfg *svcconfig.Coordinator) string {
31 return cfg.ServiceAuthGroup
32 })
33 }
34
35 func isMember(c context.Context, groupNameFunc func(*svcconfig.Coordinator) stri ng) error {
36 cfg, err := Load(c)
37 if err != nil {
38 return err
39 }
40
41 // On dev-appserver, the superuser has implicit group membership to
42 // everything.
43 if info.Get(c).IsDevAppServer() {
44 if u := auth.CurrentUser(c); u.Superuser {
45 log.Fields{
46 "identity": u.Identity,
47 }.Infof(c, "Granting superuser implicit group membership on development server.")
48 return nil
49 }
50 }
51
52 if cfg.Coordinator == nil {
53 return errors.New("no coordinator configuration")
54 }
55
56 groupName := groupNameFunc(cfg.Coordinator)
57 if groupName == "" {
58 return errors.New("no auth group is configured")
59 }
60
61 is, err := auth.IsMember(c, groupName)
62 if err != nil {
63 return err
64 }
65 if !is {
66 return &MembershipError{
67 Identity: auth.CurrentIdentity(c),
68 Group: groupName,
69 }
70 }
71 return nil
72 }
73
74 // MembershipError is an error returned by group membership checking functions
75 // if the current identity is not a member of the requested group.
76 type MembershipError struct {
77 Identity identity.Identity
78 Group string
79 }
80
81 func (e *MembershipError) Error() string {
82 return fmt.Sprintf("user %q is not a member of group %q", e.Identity, e. Group)
83 }
84
85 // IsMembershipError returns whether a given error is a membership error.
86 func IsMembershipError(e error) bool {
87 _, ok := e.(*MembershipError)
88 return ok
89 }
OLDNEW
« no previous file with comments | « appengine/logdog/coordinator/backend/util_test.go ('k') | appengine/logdog/coordinator/config/bigTable.go » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698