Documentation
¶
Overview ¶
Package dump implements loading AuthDB from dumps in Google Storage.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Fetcher ¶
type Fetcher struct {
StorageDumpPath string // GCS storage path to the dump "<bucket>/<object>"
AuthServiceURL string // URL of the auth service "https://..."
AuthServiceAccount string // service account name that signed the blob
OAuthScopes []string // scopes to use when making OAuth tokens
// contains filtered or unexported fields
}
Fetcher can fetch AuthDB snapshots from GCS dumps, requesting access through Auth Service if necessary.
It's designed not to depend on Auth Service availability at all if everything is already setup (i.e. the access to AuthDB snapshot is granted). For that reason it requires the location of GCS dump and name of Auth Service's signing account to be provided as static configuration (since we don't want to make RPCs to potentially unavailable Auth Service to discover them).
The only time Auth Service is directly hit is when GCS returns permission errors. When this happens, Fetcher tries to authorize itself through the Auth Service API call and then retries the fetch.
func (*Fetcher) FetchAuthDB ¶
func (f *Fetcher) FetchAuthDB(ctx context.Context, cur *authdb.SnapshotDB) (fresh *authdb.SnapshotDB, err error)
FetchAuthDB checks whether there's a newer version of AuthDB available in GCS and fetches it if so. If 'cur' is already up-to-date, returns it as is.
Logs and retries errors internally until the context cancellation or timeout.
Source Files