Documentation
¶
Overview ¶
Package realmsinternals contains code for converting realms to internal representation (what is sent to clients through AuthDB).
Index ¶
- Constants
- Variables
- func ExpandRealms(ctx context.Context, db *permissions.PermissionsDB, projectID string, ...) (*protocol.Realms, error)
- func FetchLatestRealmsConfigs(ctx context.Context) (map[string]*config.Config, error)
- func IndexSetFromSlice(src []uint32) *indexSet
- type ConditionsSet
- type RealmsExpander
- type RolesExpander
Constants ¶
const ( // The services associated with Auth Service aka Chrome Infra Auth, // to get its own configs. Cria = "services/chrome-infra-auth" CriaDev = "services/chrome-infra-auth-dev" )
Variables ¶
var ( // ErrFinalized is used when the ConditionsSet has already been finalized // and further modifications are attempted. ErrFinalized = errors.New("conditions set has already been finalized") // ErrRoleNotFound is used when a role requested is not found in the internal permissionsDB. ErrRoleNotFound = errors.New("role does not exist in internal representation") // ErrImpossibleRole is used when there is an attempt to expand a role that is not allowed. ErrImpossibleRole = errors.New("role is impossible, does not include one of the approved prefixes") )
Functions ¶
func ExpandRealms ¶
func ExpandRealms(ctx context.Context, db *permissions.PermissionsDB, projectID string, realmsCfg *realmsconf.RealmsCfg) (*protocol.Realms, error)
ExpandRealms expands a realmsconf.RealmsCfg into a flat protocol.Realms.
The returned protocol.Realms contains realms and permissions of a single project only. Permissions not mentioned in the project's realms are omitted. All protocol.Permission messages have names only (no metadata). api_version field is omitted.
All such protocol.Realms messages across all projects (plus a list of all defined permissions with all their metadata) are later merged together into a final universal protocol.Realms by merge() in the replication phase.
func FetchLatestRealmsConfigs ¶
FetchLatestRealmsConfigs fetches the latest configs from luci-cfg concurrently.
Errors:
- ErrNoConfig if config is not found
- annotated error for all other errors
func IndexSetFromSlice ¶
func IndexSetFromSlice(src []uint32) *indexSet
IndexSetFromSlice converts a given slice of indexes and returns an IndexSet from them.
Types ¶
type ConditionsSet ¶
type ConditionsSet struct {
// contains filtered or unexported fields
}
ConditionsSet normalizes and dedups conditions, maps them to integers. Assumes all incoming realmsconf.Condition are immutable and dedups them by pointer, as well as by normalized values. Also assumes the set of all possible *objects* ever passed to indexes(...) was also passed to addCond(...) first (so it could build id => index map).
This makes hot indexes(...) function fast by allowing to lookup ids instead of (potentially huge) protobuf message values.
type RealmsExpander ¶
type RealmsExpander struct {
// contains filtered or unexported fields
}
RealmsExpander helps traverse the realm inheritance graph.
type RolesExpander ¶
type RolesExpander struct {
// contains filtered or unexported fields
}
RolesExpander keeps track of permissions and role -> [permission] expansions.
Permissions are represented internally as integers to speed up set operations.
Should be used only with validated realmsconf.RealmsCfg.
Source Files