def extract(): d = model.root_key().get() sec = security_config_pb2.SecurityConfig() if d.security_config: sec.MergeFromString(d.security_config) return { 'auth_db_rev': d.auth_db_rev, 'oauth_client_id': d.oauth_client_id, 'security_config': sec, }
def test_validate_security_config_bad_regexp(self): ctx = validation.Context() config.validate_security_config( security_config_pb2.SecurityConfig(internal_service_regexp=['???' ], ), ctx) self.assertEqual(ctx.result().messages, [ validation.Message( "internal_service_regexp: bad regexp '???' - nothing to repeat", 40), ])
def _update_security_config(root, _rev, conf): assert ndb.in_transaction(), 'Must be called in AuthDB transaction' assert isinstance(root, model.AuthGlobalConfig), root # Any changes? Compare semantically, not as byte blobs, since it is not # guaranteed that the byte blob serialization is stable. existing = security_config_pb2.SecurityConfig() if root.security_config: existing.MergeFromString(root.security_config) if existing == conf: return False # Note: this byte blob will be pushed to all service as is. root.security_config = conf.SerializeToString() return True
def sec_cfg(regexps): return security_config_pb2.SecurityConfig( internal_service_regexp=regexps)
def cfg(internal_service_regexp): return security_config_pb2.SecurityConfig( internal_service_regexp=internal_service_regexp)
def test_validate_security_config_ok(self): ctx = validation.Context() config.validate_security_config(security_config_pb2.SecurityConfig(), ctx) self.assertEqual(ctx.result().messages, [])
def security_config(regexps): msg = security_config_pb2.SecurityConfig(internal_service_regexp=regexps) return msg.SerializeToString()
'revision_getter': lambda: _get_authdb_config_rev_async('oauth.cfg'), 'updater': _update_oauth_config, 'use_authdb_transaction': True, }, 'settings.cfg': { 'proto_class': None, # settings are stored as text in datastore 'default': '', # it's fine if config file is not there 'revision_getter': lambda: _get_service_config_rev_async('settings.cfg'), 'updater': lambda _, rev, c: _update_service_config('settings.cfg', rev, c), 'use_authdb_transaction': False, }, 'security.cfg': { 'proto_class': security_config_pb2.SecurityConfig, 'default': security_config_pb2.SecurityConfig(), 'revision_getter': lambda: _get_authdb_config_rev_async('security.cfg'), 'updater': _update_security_config, 'use_authdb_transaction': True, }, } @utils.memcache('auth_service:get_configs_url', time=300) def _get_configs_url(): """Returns URL where luci-config fetches configs from.""" url = config.get_config_set_location(config.self_config_set()) return url or 'about:blank'