Google Git
Sign in
chromium / external / github.com / luci / luci-py / HEAD / . / appengine / auth_service
tree: afe770558cc868d34edfaae7af87f2016aba190e [path history] [tgz]
  1. doc/
  2. proto/
  3. static/
  4. templates/
  5. test_replica_app/
  6. tools/
  7. components../components/components
  8. gae_ts_mon../third_party/gae_ts_mon
  9. test_support../components/test_support
  10. tool_support../components/tool_support
  11. acl.py
  12. app.yaml
  13. appengine_config.py
  14. config.py
  15. config_test.py
  16. cron.yaml
  17. handlers_backend.py
  18. handlers_frontend.py
  19. handlers_frontend_test.py
  20. importer.py
  21. importer_test.py
  22. index.yaml
  23. main_backend.py
  24. main_frontend.py
  25. module-backend.yaml
  26. monitoring.py
  27. OWNERS
  28. PRESUBMIT.py
  29. pubsub.py
  30. queue.yaml
  31. README.md
  32. replication.py
  33. replication_smoke_test.py
  34. test_env.py
appengine/auth_service/README.md

Authentication Service

An AppEngine service used to import and manage ACL groups. It is to be used in conjunction with the auth component to embed replicated DB.

The authentication server provides a central control panel to declare every ACL group and the whitelisted IPs. For example, which user has administrative access, which can request tasks, which IP addresses can host bots, etc.

Each service have the authencation component embedded and will use the standalone version by default. Using a central authentication service permits not having to duplicate the ACLs, which is useful for larger scale installations. For one-off experimentation, this is not strictly necessary.

Documentation

Setting up

  • Visit http://console.cloud.google.com and create a project. Replace <appid> below with your project id.
  • Visit Google Cloud Console,
    • IAM & Admin, click Add Member and add someone else so you can safely be hit by a bus.
    • IAM & Admin, change the role for App Engine default service account from Editor to Owner.
    • Pub/Sub, click Enable API.
      • Click Create a topic.
      • Name it “auth-db-changed”, click Create.
  • Upload the code with: ./tools/gae upl -x -A <appid>
    • The very first upload may fail, try a second time.
  • Visit https://<appid>.appspot.com/auth/bootstrap and click Proceed.
  • Wait up to 5 minutes.
  • Visit “https://<appid>.appspot.com” and make sure you can access the service before connecting Isolate and Swarming to this instance.
  • If you plan to use a config service,

Linking other services to auth_service

  • Make sure your app is fully working.
  • Visit https://<authid>.appspot.com where <authid> is the auth_service instance to link with.
  • Type your <appid> in GAE application id and click Generate linking URL, where <appid> is the service being linked to the auth_service.
  • Click the link in the UI.
  • Click the red Switch button, understanding that any previous ACL configuration on this instance is lost.