Documentation
¶
Overview ¶
Package authdbimpl implements datastore-based storage and update of AuthDB snapshots used for authorization decisions by server/auth/*.
It uses server/auth/service to communicate with auth_service to fetch AuthDB snapshots and subscribe to PubSub notifications.
It always uses default datastore namespace for storage, and thus auth groups are global to the service.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ConfigureAuthService ¶
ConfigureAuthService makes initial fetch of AuthDB snapshot from the auth service and sets up PubSub subscription.
`baseURL` is root URL of currently running service, will be used to derive PubSub push endpoint URL.
If `authServiceURL` is blank, disables the fetching.
func GetAuthDBSnapshot ¶
GetAuthDBSnapshot fetches, inflates and deserializes AuthDB snapshot.
func InstallHandlers ¶
func InstallHandlers(r *router.Router, base router.MiddlewareChain)
InstallHandlers installs PubSub related HTTP handlers.
Types ¶
type Snapshot ¶
type Snapshot struct {
ID string `gae:"$id"`
// AuthDBDeflated is zlib-compressed serialized AuthDB protobuf message.
//
// If it is too big, it is stored in a bunch of SnapshotShard entities
// referenced by ShardIDs field below.
//
// Note: if the old version of this code tries to load a new Snapshot entity
// with ShardIDs field populated, it would abort with an error because old
// code doesn't know about ShardIDs field (it is not in the old Snapshot
// entity struct). This is desirable: the new sharded data structure is not
// (and can't be made) compatible with old code, so it is good that it breaks
// as soon as possible.
AuthDBDeflated []byte `gae:",noindex"`
// ShardIDs is a list of IDs of SnapshotShard entities to fetch.
ShardIDs []string `gae:",noindex"`
CreatedAt time.Time // when it was created on Auth service
FetchedAt time.Time // when it was fetched and put into the datastore
// contains filtered or unexported fields
}
Snapshot is serialized deflated AuthDB blob with some minimal metadata.
Root entity. Immutable. Key has the form "v1,<AuthServiceURL>,<Revision>", it's generated by SnapshotInfo.GetSnapshotID(). It is globally unique version identifier, since it includes URL of an auth service. AuthServiceURL should be not very long (~< 250 chars) for this too work.
Currently does not get garbage collected.
type SnapshotInfo ¶
type SnapshotInfo struct {
AuthServiceURL string `gae:",noindex"`
Rev int64 `gae:",noindex"`
// contains filtered or unexported fields
}
SnapshotInfo identifies some concrete AuthDB snapshot.
Singleton entity. Serves as a pointer to a blob with corresponding AuthDB proto message (stored in separate Snapshot entity).
func GetLatestSnapshotInfo ¶
func GetLatestSnapshotInfo(ctx context.Context) (*SnapshotInfo, error)
GetLatestSnapshotInfo fetches SnapshotInfo singleton entity.
If no such entity is stored, returns (nil, nil).
func (*SnapshotInfo) GetSnapshotID ¶
func (si *SnapshotInfo) GetSnapshotID() string
GetSnapshotID returns datastore ID of the corresponding Snapshot entity.
type SnapshotShard ¶
type SnapshotShard struct {
// ID is "<Snapshot ID>:<shard hash>".
ID string `gae:"$id"`
// Shard is the actual data.
Shard []byte `gae:",noindex"`
// contains filtered or unexported fields
}
SnapshotShard holds a shard of a deflated AuthDB.
Source Files