def extract():
d = model.root_key().get()
sec = security_config_pb2.SecurityConfig()
if d.security_config:
sec.MergeFromString(d.security_config)
return {
'auth_db_rev': d.auth_db_rev,
'oauth_client_id': d.oauth_client_id,
'security_config': sec,
}
def test_validate_security_config_bad_regexp(self):
ctx = validation.Context()
config.validate_security_config(
security_config_pb2.SecurityConfig(internal_service_regexp=['???'
], ),
ctx)
self.assertEqual(ctx.result().messages, [
validation.Message(
"internal_service_regexp: bad regexp '???' - nothing to repeat",
40),
])
def _update_security_config(root, _rev, conf):
assert ndb.in_transaction(), 'Must be called in AuthDB transaction'
assert isinstance(root, model.AuthGlobalConfig), root
# Any changes? Compare semantically, not as byte blobs, since it is not
# guaranteed that the byte blob serialization is stable.
existing = security_config_pb2.SecurityConfig()
if root.security_config:
existing.MergeFromString(root.security_config)
if existing == conf:
return False
# Note: this byte blob will be pushed to all service as is.
root.security_config = conf.SerializeToString()
return True
def sec_cfg(regexps):
return security_config_pb2.SecurityConfig(
internal_service_regexp=regexps)
def cfg(internal_service_regexp):
return security_config_pb2.SecurityConfig(
internal_service_regexp=internal_service_regexp)
def test_validate_security_config_ok(self):
ctx = validation.Context()
config.validate_security_config(security_config_pb2.SecurityConfig(),
ctx)
self.assertEqual(ctx.result().messages, [])
def security_config(regexps):
msg = security_config_pb2.SecurityConfig(internal_service_regexp=regexps)
return msg.SerializeToString()
'revision_getter': lambda: _get_authdb_config_rev_async('oauth.cfg'),
'updater': _update_oauth_config,
'use_authdb_transaction': True,
},
'settings.cfg': {
'proto_class': None, # settings are stored as text in datastore
'default': '', # it's fine if config file is not there
'revision_getter':
lambda: _get_service_config_rev_async('settings.cfg'),
'updater':
lambda _, rev, c: _update_service_config('settings.cfg', rev, c),
'use_authdb_transaction': False,
},
'security.cfg': {
'proto_class': security_config_pb2.SecurityConfig,
'default': security_config_pb2.SecurityConfig(),
'revision_getter':
lambda: _get_authdb_config_rev_async('security.cfg'),
'updater': _update_security_config,
'use_authdb_transaction': True,
},
}
@utils.memcache('auth_service:get_configs_url', time=300)
def _get_configs_url():
"""Returns URL where luci-config fetches configs from."""
url = config.get_config_set_location(config.self_config_set())
return url or 'about:blank'