realmsinternals

package
v0.0.0-...-b929bca Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 17, 2025 License: Apache-2.0 Imports: 25 Imported by: 0

Documentation

Overview

Package realmsinternals contains code for converting realms to internal representation (what is sent to clients through AuthDB).

Index

Constants

View Source
const (
	// The services associated with Auth Service aka Chrome Infra Auth,
	// to get its own configs.
	Cria    = "services/chrome-infra-auth"
	CriaDev = "services/chrome-infra-auth-dev"
)

Variables

View Source
var (
	// ErrFinalized is used when the ConditionsSet has already been finalized
	// and further modifications are attempted.
	ErrFinalized = errors.New("conditions set has already been finalized")

	// ErrRoleNotFound is used when a role requested is not found in the internal permissionsDB.
	ErrRoleNotFound = errors.New("role does not exist in internal representation")

	// ErrImpossibleRole is used when there is an attempt to expand a role that is not allowed.
	ErrImpossibleRole = errors.New("role is impossible, does not include one of the approved prefixes")
)

Functions

func ExpandRealms

func ExpandRealms(ctx context.Context, db *permissions.PermissionsDB, projectID string, realmsCfg *realmsconf.RealmsCfg) (*protocol.Realms, error)

ExpandRealms expands a realmsconf.RealmsCfg into a flat protocol.Realms.

The returned protocol.Realms contains realms and permissions of a single project only. Permissions not mentioned in the project's realms are omitted. All protocol.Permission messages have names only (no metadata). api_version field is omitted.

All such protocol.Realms messages across all projects (plus a list of all defined permissions with all their metadata) are later merged together into a final universal protocol.Realms by merge() in the replication phase.

func FetchLatestRealmsConfigs

func FetchLatestRealmsConfigs(ctx context.Context) (map[string]*config.Config, error)

FetchLatestRealmsConfigs fetches the latest configs from luci-cfg concurrently.

Errors:

  • ErrNoConfig if config is not found
  • annotated error for all other errors

func IndexSetFromSlice

func IndexSetFromSlice(src []uint32) *indexSet

IndexSetFromSlice converts a given slice of indexes and returns an IndexSet from them.

Types

type ConditionsSet

type ConditionsSet struct {
	// contains filtered or unexported fields
}
ConditionsSet normalizes and dedups conditions, maps them to integers.
Assumes all incoming realmsconf.Condition are immutable and dedups
them by pointer, as well as by normalized values.
Also assumes the set of all possible *objects* ever passed to indexes(...) was
also passed to addCond(...) first (so it could build id => index map).

This makes hot indexes(...) function fast by allowing to lookup ids instead of (potentially huge) protobuf message values.

type RealmsExpander

type RealmsExpander struct {
	// contains filtered or unexported fields
}

RealmsExpander helps traverse the realm inheritance graph.

type RolesExpander

type RolesExpander struct {
	// contains filtered or unexported fields
}

RolesExpander keeps track of permissions and role -> [permission] expansions.

Permissions are represented internally as integers to speed up set operations.

Should be used only with validated realmsconf.RealmsCfg.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL