authdbimpl

package
v0.0.0-...-6116f8d Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 17, 2025 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Overview

Package authdbimpl implements datastore-based storage and update of AuthDB snapshots used for authorization decisions by server/auth/*.

It uses server/auth/service to communicate with auth_service to fetch AuthDB snapshots and subscribe to PubSub notifications.

It always uses default datastore namespace for storage, and thus auth groups are global to the service.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ConfigureAuthService

func ConfigureAuthService(ctx context.Context, baseURL, authServiceURL string) error

ConfigureAuthService makes initial fetch of AuthDB snapshot from the auth service and sets up PubSub subscription.

`baseURL` is root URL of currently running service, will be used to derive PubSub push endpoint URL.

If `authServiceURL` is blank, disables the fetching.

func GetAuthDBSnapshot

func GetAuthDBSnapshot(ctx context.Context, id string) (*protocol.AuthDB, error)

GetAuthDBSnapshot fetches, inflates and deserializes AuthDB snapshot.

func InstallHandlers

func InstallHandlers(r *router.Router, base router.MiddlewareChain)

InstallHandlers installs PubSub related HTTP handlers.

Types

type Snapshot

type Snapshot struct {
	ID string `gae:"$id"`

	// AuthDBDeflated is zlib-compressed serialized AuthDB protobuf message.
	//
	// If it is too big, it is stored in a bunch of SnapshotShard entities
	// referenced by ShardIDs field below.
	//
	// Note: if the old version of this code tries to load a new Snapshot entity
	// with ShardIDs field populated, it would abort with an error because old
	// code doesn't know about ShardIDs field (it is not in the old Snapshot
	// entity struct). This is desirable: the new sharded data structure is not
	// (and can't be made) compatible with old code, so it is good that it breaks
	// as soon as possible.
	AuthDBDeflated []byte `gae:",noindex"`

	// ShardIDs is a list of IDs of SnapshotShard entities to fetch.
	ShardIDs []string `gae:",noindex"`

	CreatedAt time.Time // when it was created on Auth service
	FetchedAt time.Time // when it was fetched and put into the datastore
	// contains filtered or unexported fields
}

Snapshot is serialized deflated AuthDB blob with some minimal metadata.

Root entity. Immutable. Key has the form "v1,<AuthServiceURL>,<Revision>", it's generated by SnapshotInfo.GetSnapshotID(). It is globally unique version identifier, since it includes URL of an auth service. AuthServiceURL should be not very long (~< 250 chars) for this too work.

Currently does not get garbage collected.

type SnapshotInfo

type SnapshotInfo struct {
	AuthServiceURL string `gae:",noindex"`
	Rev            int64  `gae:",noindex"`
	// contains filtered or unexported fields
}

SnapshotInfo identifies some concrete AuthDB snapshot.

Singleton entity. Serves as a pointer to a blob with corresponding AuthDB proto message (stored in separate Snapshot entity).

func GetLatestSnapshotInfo

func GetLatestSnapshotInfo(ctx context.Context) (*SnapshotInfo, error)

GetLatestSnapshotInfo fetches SnapshotInfo singleton entity.

If no such entity is stored, returns (nil, nil).

func (*SnapshotInfo) GetSnapshotID

func (si *SnapshotInfo) GetSnapshotID() string

GetSnapshotID returns datastore ID of the corresponding Snapshot entity.

type SnapshotShard

type SnapshotShard struct {
	// ID is "<Snapshot ID>:<shard hash>".
	ID string `gae:"$id"`
	// Shard is the actual data.
	Shard []byte `gae:",noindex"`
	// contains filtered or unexported fields
}

SnapshotShard holds a shard of a deflated AuthDB.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL