hardcoded/chromeinfra/chromeinfra.go - infra/luci/luci-go - Git at Google

 // Copyright 2017 The LUCI Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 // Package chromeinfra contains hardcoded values related to Chrome Infra.
 //
 // It is supposed to be imported only by leaf 'main' packages of various
 // binaries. All non-main packages must not hardcode any environment related
 // values and must accept them as parameters passed from 'main'.
 package chromeinfra

 import (
 	"fmt"
 	"os"
 	"path/filepath"
 	"sync"

 	homedir "github.com/mitchellh/go-homedir"
 	"go.chromium.org/luci/auth"
 )

 // TODO(vadimsh): Move the rest of hardcoded stuff here:
 //  * tsmon config file: "/etc/chrome-infra/ts-mon.json"
 //  * tsmon secrets dir: same as SecretsDir below.
 //  * tsmon network detection regexp: `^([\w-]*?-[acm]|master)(\d+)a?$`

 const (
 	// BuildbucketHost is the hostname of the Buildbucket service to connect to
 	// by default.
 	BuildbucketHost = "cr-buildbucket.appspot.com"

 	// CIPDServiceURL is URL of a CIPD backend to connect to by default.
 	CIPDServiceURL = "https://chrome-infra-packages.appspot.com"

 	// ConfigServiceHost is the default host of LUCI config service.
 	ConfigServiceHost = "luci-config.appspot.com"

 	// LogDogHost is the default host of the production LogDog service in Chrome
 	// Operations.
 	LogDogHost = "logs.chromium.org"

 	// LogDogHostAppSpot is the ".appspot.com" host equivalent of LogDogHost.
 	LogDogHostAppSpot = "luci-logdog.appspot.com"

 	// LogDogDevHost is the default host of the development LogDog service in
 	// Chrome Operations.
 	LogDogDevHost = "luci-logdog-dev.appspot.com"

 	// MachineDatabaseHost is the URL of the Machine Database.
 	MachineDatabaseHost = "machine-db.appspot.com"

 	// MachineDatabaseDevHost is the URL of the Machine Database dev instance.
 	MachineDatabaseDevHost = "machine-db-dev.appspot.com"

 	// MiloHost is the hostname of the production Milo service.
 	MiloHost = "luci-milo.appspot.com"

 	// MiloDevHost is the hostname of the development Milo service.
 	MiloDevHost = "luci-milo-dev.appspot.com"

 	// UFSProdHost is the URL of the ufs service.
 	UFSProdHost = "ufs.api.cr.dev"

 	// UFSStagingHost is the URL of the staging ufs service.
 	UFSStagingHost = "staging.ufs.api.cr.dev"

 	// ResultDBHost is the hostname of the production ResultDB service.
 	ResultDBHost = "results.api.cr.dev"

 	// ResultDBStagingHost is the hostname of the staging ResultDB service.
 	ResultDBStagingHost = "staging.results.api.cr.dev"

 	// TestSpannerInstance is the name of the Spanner instance used for testing.
 	TestSpannerInstance = "projects/chops-spanner-testing/instances/testing"

 	// TokenServerHost is the default host to use in auth.Options.TokenServerHost.
 	TokenServerHost = "luci-token-server.appspot.com"

 	// TokenServerDevHost is the host of the LUCI Token Server dev instance.
 	TokenServerDevHost = "luci-token-server-dev.appspot.com"
 )

 // DefaultAuthOptions returns auth.Options struct prefilled with chrome-infra
 // defaults.
 func DefaultAuthOptions() auth.Options {
 	// Note that ClientSecret is not really a secret since it's hardcoded into
 	// the source code (and binaries). It's totally fine, as long as it's callback
 	// URI is configured to be 'localhost'. If someone decides to reuse such
 	// ClientSecret they have to run something on user's local machine anyway
 	// to get the refresh_token.
 	return auth.Options{
 		TokenServerHost: TokenServerHost,
 		ClientID:        "446450136466-2hr92jrq8e6i4tnsa56b52vacp7t3936.apps.googleusercontent.com",
 		ClientSecret:    "uBfbay2KCy9t4QveJ-dOqHtp",
 		SecretsDir:      SecretsDir(),
 	}
 }

 // SetDefaultAuthOptions sets the chromeinfra defaults on `opts`, returning the
 // updated Options.
 func SetDefaultAuthOptions(opts auth.Options) auth.Options {
 	dflts := DefaultAuthOptions()
 	ret := opts
 	ret.TokenServerHost = TokenServerHost
 	ret.ClientID = dflts.ClientID
 	ret.ClientSecret = dflts.ClientSecret
 	ret.SecretsDir = dflts.SecretsDir
 	return ret
 }

 var secrets struct {
 	once sync.Once
 	val  string
 }

 // SecretsDir returns an absolute path to a directory (in $HOME) to keep secret
 // files in (e.g. OAuth refresh tokens) or an empty string if $HOME can't be
 // determined (happens in some degenerate cases, it just disables auth token
 // cache).
 func SecretsDir() string {
 	secrets.once.Do(func() {
 		home, err := homedir.Dir()
 		if err != nil {
 			fmt.Fprintf(os.Stderr, "Can't resolve $HOME: %s", err)
 		} else {
 			secrets.val = filepath.Join(home, ".config", "chrome_infra", "auth")
 		}
 	})
 	return secrets.val
 }
	// Copyright 2017 The LUCI Authors.
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	// Package chromeinfra contains hardcoded values related to Chrome Infra.
	//
	// It is supposed to be imported only by leaf 'main' packages of various
	// binaries. All non-main packages must not hardcode any environment related
	// values and must accept them as parameters passed from 'main'.
	package chromeinfra

	import (
	"fmt"
	"os"
	"path/filepath"
	"sync"

	homedir "github.com/mitchellh/go-homedir"
	"go.chromium.org/luci/auth"
	)

	// TODO(vadimsh): Move the rest of hardcoded stuff here:
	// * tsmon config file: "/etc/chrome-infra/ts-mon.json"
	// * tsmon secrets dir: same as SecretsDir below.
	// * tsmon network detection regexp: `^([\w-]*?-[acm]\|master)(\d+)a?$`

	const (
	// BuildbucketHost is the hostname of the Buildbucket service to connect to
	// by default.
	BuildbucketHost = "cr-buildbucket.appspot.com"

	// CIPDServiceURL is URL of a CIPD backend to connect to by default.
	CIPDServiceURL = "https://chrome-infra-packages.appspot.com"

	// ConfigServiceHost is the default host of LUCI config service.
	ConfigServiceHost = "luci-config.appspot.com"

	// LogDogHost is the default host of the production LogDog service in Chrome
	// Operations.
	LogDogHost = "logs.chromium.org"

	// LogDogHostAppSpot is the ".appspot.com" host equivalent of LogDogHost.
	LogDogHostAppSpot = "luci-logdog.appspot.com"

	// LogDogDevHost is the default host of the development LogDog service in
	// Chrome Operations.
	LogDogDevHost = "luci-logdog-dev.appspot.com"

	// MachineDatabaseHost is the URL of the Machine Database.
	MachineDatabaseHost = "machine-db.appspot.com"

	// MachineDatabaseDevHost is the URL of the Machine Database dev instance.
	MachineDatabaseDevHost = "machine-db-dev.appspot.com"

	// MiloHost is the hostname of the production Milo service.
	MiloHost = "luci-milo.appspot.com"

	// MiloDevHost is the hostname of the development Milo service.
	MiloDevHost = "luci-milo-dev.appspot.com"

	// UFSProdHost is the URL of the ufs service.
	UFSProdHost = "ufs.api.cr.dev"

	// UFSStagingHost is the URL of the staging ufs service.
	UFSStagingHost = "staging.ufs.api.cr.dev"

	// ResultDBHost is the hostname of the production ResultDB service.
	ResultDBHost = "results.api.cr.dev"

	// ResultDBStagingHost is the hostname of the staging ResultDB service.
	ResultDBStagingHost = "staging.results.api.cr.dev"

	// TestSpannerInstance is the name of the Spanner instance used for testing.
	TestSpannerInstance = "projects/chops-spanner-testing/instances/testing"

	// TokenServerHost is the default host to use in auth.Options.TokenServerHost.
	TokenServerHost = "luci-token-server.appspot.com"

	// TokenServerDevHost is the host of the LUCI Token Server dev instance.
	TokenServerDevHost = "luci-token-server-dev.appspot.com"
	)

	// DefaultAuthOptions returns auth.Options struct prefilled with chrome-infra
	// defaults.
	func DefaultAuthOptions() auth.Options {
	// Note that ClientSecret is not really a secret since it's hardcoded into
	// the source code (and binaries). It's totally fine, as long as it's callback
	// URI is configured to be 'localhost'. If someone decides to reuse such
	// ClientSecret they have to run something on user's local machine anyway
	// to get the refresh_token.
	return auth.Options{
	TokenServerHost: TokenServerHost,
	ClientID: "446450136466-2hr92jrq8e6i4tnsa56b52vacp7t3936.apps.googleusercontent.com",
	ClientSecret: "uBfbay2KCy9t4QveJ-dOqHtp",
	SecretsDir: SecretsDir(),
	}
	}

	// SetDefaultAuthOptions sets the chromeinfra defaults on `opts`, returning the
	// updated Options.
	func SetDefaultAuthOptions(opts auth.Options) auth.Options {
	dflts := DefaultAuthOptions()
	ret := opts
	ret.TokenServerHost = TokenServerHost
	ret.ClientID = dflts.ClientID
	ret.ClientSecret = dflts.ClientSecret
	ret.SecretsDir = dflts.SecretsDir
	return ret
	}

	var secrets struct {
	once sync.Once
	val string
	}

	// SecretsDir returns an absolute path to a directory (in $HOME) to keep secret
	// files in (e.g. OAuth refresh tokens) or an empty string if $HOME can't be
	// determined (happens in some degenerate cases, it just disables auth token
	// cache).
	func SecretsDir() string {
	secrets.once.Do(func() {
	home, err := homedir.Dir()
	if err != nil {
	fmt.Fprintf(os.Stderr, "Can't resolve $HOME: %s", err)
	} else {
	secrets.val = filepath.Join(home, ".config", "chrome_infra", "auth")
	}
	})
	return secrets.val
	}